Skip to content

[sentinel_one_cloud_funnel] Add Support for Azure Blob Storage Input #14124

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jun 18, 2025
Merged

[sentinel_one_cloud_funnel] Add Support for Azure Blob Storage Input #14124

merged 5 commits into from
Jun 18, 2025
+415 −7

Conversation

mohitjha-elastic
Copy link
Collaborator

@mohitjha-elastic mohitjha-elastic commented Jun 3, 2025
edited
Loading

Proposed Commit Message

sentinel_one_cloud_funnel: add support for azure blob storage input.

Previously, azure blob storage input was not supported in the sentinel_one_cloud_funnel event data stream. 
This update adds support for azure blob storage input.

Testing has been performed using log samples available in the test folder, which were accessed via an
azure blob storage container to validate the input functionality.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

To test sentinel_one_cloud_funnel integration

Clone integrations repo.
Install the elastic package locally.
Start the elastic stack using the elastic package.
Move to integrations/packages/sentinel_one_cloud_funnel directory.
Run the following command to run tests.
elastic-package test -v

Related issues

@mohitjha-elastic mohitjha-elastic self-assigned this Jun 3, 2025
@mohitjha-elastic mohitjha-elastic requested a review from a team as a code owner June 3, 2025 10:38
@mohitjha-elastic mohitjha-elastic added enhancement New feature or request Integration:sentinel_one_cloud_funnel SentinelOne Cloud Funnel Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Jun 3, 2025
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

efd6
efd6 reviewed Jun 5, 2025
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What testing has been done for this change?

@mohitjha-elastic
Copy link
Collaborator Author

mohitjha-elastic commented Jun 5, 2025
edited
Loading

What testing has been done for this change?

@efd6
System test is not possible in this case since one already exists for the REST API. Additionally, testing has been performed using log samples available in the test folder, which were accessed via an Azure Blob Storage container to validate the input functionality.

This has also been included in the commit message.

@mohitjha-elastic mohitjha-elastic requested a review from efd6 June 5, 2025 06:00
@ShourieG
Copy link
Contributor

ShourieG commented Jun 6, 2025

@mohitjha-elastic, let's attach a screen recording of the live testing with an actual blob storage for future context.

@mohitjha-elastic
Copy link
Collaborator Author

@ShourieG Please find the attached recording here:

s1-event-recording.mp4

@efd6
Copy link
Contributor

efd6 commented Jun 10, 2025
edited
Loading

@mohitjha-elastic Yes, I understand that testing can't be included in the package, but I'd like to know whether this was tested against a real endpoint.

I think this is answered by:

testing has been performed using log samples available in the test folder, which were accessed via an Azure Blob Storage container to validate the input functionality.

Am I interpreting that correctly? The video above suggests that I am.

efd6
efd6 approved these changes Jun 10, 2025
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but I'd like a second from @ShourieG.

@ShourieG
Copy link
Contributor

ShourieG commented Jun 11, 2025
edited
Loading

Hi @mohitjha-elastic, since we are adding fresh support for azure blob storage, lets also add the RBAC oauth2 config options introduced in this PR as an optional auth config. We need to keep min stack version of 8.16 for this.

@mohitjha-elastic
Add OAuth2 Support.
204aaea 
Add options to fetch data using azure RBAC OAuth2 authentication.
@mohitjha-elastic
Copy link
Collaborator Author

@ShourieG
Added the RBAC oauth2 config options in the azure input.
Please find attached test recordings below:

Recording:
https://github.com/user-attachments/assets/1714a5be-a394-498e-a0e0-276b041db455

Screenshot:

rbac-ss

@mohitjha-elastic
Update readme.
9e11c3f 
Add role description in readme
ShourieG
ShourieG reviewed Jun 17, 2025
View reviewed changes
ShourieG
ShourieG reviewed Jun 17, 2025
View reviewed changes
ShourieG
ShourieG reviewed Jun 17, 2025
View reviewed changes
ShourieG
ShourieG reviewed Jun 17, 2025
View reviewed changes
ShourieG
ShourieG reviewed Jun 17, 2025
View reviewed changes
ShourieG
ShourieG reviewed Jun 17, 2025
View reviewed changes
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

💚 Build Succeeded

History

cc @mohitjha-elastic

ShourieG
ShourieG approved these changes Jun 18, 2025
View reviewed changes
Copy link
Contributor

@ShourieG ShourieG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ShourieG ShourieG merged commit ea8e987 into elastic:main Jun 18, 2025
7 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package sentinel_one_cloud_funnel - 1.13.0 containing this change is available at https://epr.elastic.co/package/sentinel_one_cloud_funnel/1.13.0/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

@ShourieG ShourieG ShourieG approved these changes

Assignees

@mohitjha-elastic mohitjha-elastic

Labels
enhancement New feature or request Integration:sentinel_one_cloud_funnel SentinelOne Cloud Funnel Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[SentinelOne Cloud Funnel] Azure Blob Storage Input
4 participants
@mohitjha-elastic @elasticmachine @ShourieG @efd6