Skip to content

Remove Security Category Tag from Non-Security Packages #15611

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Remove Security Category Tag from Non-Security Packages #15611

wants to merge 7 commits into from
+0 −11

Conversation

JDKurma
Copy link

@JDKurma JDKurma commented Oct 9, 2025
edited
Loading

Proposed commit message

The following packages are categorized as security despite not being semantically related to security nor having security related datastreams:

[
  "cisco_meraki_metrics",
  "miniflux",
  "mongodb",
  "mysql"
]

Datastreams:

[
  {
    "package": "cisco_meraki_metrics",
    "datastream": "cisco_meraki_metrics.device_health"
  },
  {
    "package": "miniflux",
    "datastream": "miniflux.feed_entry"
  },
  {
    "package": "mongodb",
    "datastream": "mongodb.collstats"
  },
  {
    "package": "mongodb",
    "datastream": "mongodb.dbstats"
  },
  {
    "package": "mongodb",
    "datastream": "mongodb.log"
  },
  {
    "package": "mongodb",
    "datastream": "mongodb.metrics"
  },
  {
    "package": "mongodb",
    "datastream": "mongodb.replstatus"
  },
  {
    "package": "mongodb",
    "datastream": "mongodb.status"
  },
  {
    "package": "mysql",
    "datastream": "mysql.error"
  },
  {
    "package": "mysql",
    "datastream": "mysql.galera_status"
  },
  {
    "package": "mysql",
    "datastream": "mysql.performance"
  },
  {
    "package": "mysql",
    "datastream": "mysql.replica_status"
  },
  {
    "package": "mysql",
    "datastream": "mysql.slowlog"
  },
  {
    "package": "mysql",
    "datastream": "mysql.status"
  }
]

I've removed the security tag for the above mentioned packages to accurately categorize them.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@JDKurma JDKurma self-assigned this Oct 9, 2025
@JDKurma JDKurma added the bugfix Pull request that fixes a bug issue label Oct 9, 2025
@JDKurma JDKurma requested a review from trisch-me October 9, 2025 05:49
@JDKurma JDKurma marked this pull request as ready for review October 9, 2025 15:40
@JDKurma JDKurma requested review from a team as code owners October 9, 2025 15:40
@andrewkroh andrewkroh added Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Oct 9, 2025
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

efd6
efd6 reviewed Oct 9, 2025
View reviewed changes
packages/miniflux/manifest.yml
Comment on lines -12 to -13
# Added security category as Miniflux integration is assigned to security team
- security
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@clement-fouque Do you recall why this was added as a security integration?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we had a discussion but I don't remember why we added it. We can remove it.

packages/aws_bedrock/manifest.yml
- aws
- cloud
- observability
- security
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Mikaayenson What's your view on whether the bedrock integration is a security product?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do have prebuilt security detection rules that leverage this integration.

This is the same case for azure_openai.

Note: We have some PRs in the work to further codify security related genai fields. See:

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reverted the changes for those!

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Oct 10, 2025
edited
Loading

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@muthu-mps
Copy link
Contributor

  • azure_app_service logs include the AppServiceIPSecAuditLogs, AppServiceAuditLogs and AppServiceHTTPLogs categories. This integration can be tagged with security category.
  • Azure AI Foundry is an enhanced version of Azure OpenAI that currently enables monitoring of both third-party models and Azure OpenAI models. @Mikaayenson - Do you think the threat detection rule implementation can be done for AI Foundry similar to Azure OpenAI? If yes, Then this integration can get tagged with security category similar to Azure OpenAI.

@Mikaayenson
Copy link
Contributor

  • azure_app_service logs include the AppServiceIPSecAuditLogs, AppServiceAuditLogs and AppServiceHTTPLogs categories. This integration can be tagged with security category.
  • Azure AI Foundry is an enhanced version of Azure OpenAI that currently enables monitoring of both third-party models and Azure OpenAI models. @Mikaayenson - Do you think the threat detection rule implementation can be done for AI Foundry similar to Azure OpenAI? If yes, Then this integration can get tagged with security category similar to Azure OpenAI.

Yes, we just do not yet have any prebuilt rules for this integration. And if we ever get a gemini integration that would too.

@JDKurma JDKurma removed the Integration:azure_app_service Azure App Service label Oct 14, 2025
@JDKurma JDKurma removed the Integration:azure_ai_foundry Azure AI Foundry label Oct 14, 2025
@JDKurma
Copy link
Author

JDKurma commented Oct 14, 2025

@muthu-mps removed both!

@andrewkroh andrewkroh added the Integration:azure_app_service Azure App Service label Oct 14, 2025
@JDKurma JDKurma removed the Integration:azure_app_service Azure App Service label Oct 14, 2025
@elasticmachine
Copy link

💚 Build Succeeded

History

cc @JDKurma

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mikaayenson Mikaayenson Mikaayenson left review comments

@clement-fouque clement-fouque clement-fouque left review comments

@efd6 efd6 efd6 approved these changes

@trisch-me trisch-me Awaiting requested review from trisch-me

At least 1 approving review is required to merge this pull request.

Assignees

@JDKurma JDKurma

Labels

bugfix Pull request that fixes a bug issue Integration:cisco_meraki_metrics Cisco Meraki Metrics Integration:miniflux Miniflux RSS reader Integration:mongodb MongoDB Integration:mysql MySQL Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@JDKurma @elasticmachine @muthu-mps @Mikaayenson @clement-fouque @efd6 @andrewkroh