microsoft-sentinel-logstash-output 1.2.0 → 1.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f3314cd9fbec5bd71add1de243e0474739dfe43aa1bd7a498c316066681306d8
-  data.tar.gz: 8ddab05b2acceb5d15a051b5134ccb7ea12b6efb22fb1712192d1a00bfac60ff
+  metadata.gz: cad996478d4637e6932cebb26d5eb53f856b86f1f28af2c6cd1d220268761874
+  data.tar.gz: 0d409801000d3cf5d7e26f52b0e33c482634d153d830317c24709686c7851697
 SHA512:
-  metadata.gz: efafed55777a2757fb3c1416b8bbf6e4e8653fd45cd08a26bda22d997a7dd9aac4624b7d5854df24e4de9f50deed4d1d1c8cadf69aab9e4197d8219615416db6
-  data.tar.gz: 0b75c805e3e640df6cfcdcdc6646ee2e158b9c2c5c0c5caa1b24f2823270d70b0e148df76207d94508440f0877aa5b6c2a9111a6a8a79b7a3e166eab94106661
+  metadata.gz: 3296be47a7a4984e242a4e32d5d78e93d43566aea43d46d5377d28c3b3cfaa4f786d44f22ad5e3b7f3294134b9de0b5dc480f35b636e04318b2e3b33fb9974fe
+  data.tar.gz: 8ab1dbdc506a498c877176eb88202b523dbf1ffeaacdc0d1ed5a59163a074db2a2202929d07b3c181a1381f541b6ca5900bc2ee6bd74e58d8081c483daf85c56

data/CHANGELOG.md

@@ -1,17 +1,18 @@
 ## 1.0.0
 * Initial release for output plugin for logstash to Microsoft Sentinel. This is done with the Log Analytics DCR based API.
 
-## 1.1.0 
+## 1.1.0
 * Increase timeout for read/open connections to 120 seconds.
 * Add error handling for when connection timeout occurs.
 * Upgrade the rest-client dependency minimum version to 2.1.0.
 * Allow setting different proxy values for api connections.
 * Upgrade version for ingestion api to 2023-01-01.
-* Rename the plugin to microsoft-sentinel-log-analytics-logstash-output-plugin.
+* Rename the plugin to microsoft-sentinel-logstash-output-plugin.
 
 ## 1.1.1
 * Support China and US Government Azure sovereign clouds.
 * Increase timeout for read/open connections to 240 seconds.
 
 ## 1.2.0
-* Added support for Managed Identity authentication on both Azure VMs and Azure Arc connected machines.
+* Added support for Managed Identity authentication on both Azure VMs and Azure Arc connected machines.
+* * Rename the plugin to microsoft-sentinel-logstash-output

data/README.md

@@ -38,10 +38,10 @@ sudo apt-mark hold logstash
 
 Please note that when using Logstash 8, it is recommended to disable ECS in the pipeline. For more information refer to [Logstash documentation.](<https://www.elastic.co/guide/en/logstash/8.4/ecs-ls.html>)
 
-To install the microsoft-sentinel-log-analytics-logstash-output-plugin, you can make use of the published gem at rubygems.com:
+To install the microsoft-sentinel-logstash-output, you can make use of the published gem at rubygems.com:
 
 ```
-sudo /usr/share/logstash/bin/logstash-plugin install microsoft-sentinel-log-analytics-logstash-output-plugin
+sudo /usr/share/logstash/bin/logstash-plugin install microsoft-sentinel-logstash-output
 ```
 
 If your machine doesn't has an active Internet connection, or you want to install the plugin manually, you can download the plugin files and perform an 'offline' installation. [Logstash Offline Plugin Management instruction](<https://www.elastic.co/guide/en/logstash/current/offline-plugins.html>).
@@ -49,7 +49,7 @@ If your machine doesn't has an active Internet connection, or you want to instal
 If you already have the plugin installed, you can check which version you have by running:
 
 ```
-sudo /usr/share/logstash/bin/logstash-plugin list --verbose microsoft-sentinel-log-analytics-logstash-output-plugin
+sudo /usr/share/logstash/bin/logstash-plugin list --verbose microsoft-sentinel-logstash-output
 ```
 
 ## 2. Create a sample file
@@ -57,7 +57,7 @@ To create a sample file, follow the following steps:
 1)	Copy the output plugin configuration below to your Logstash configuration file:
 ```
 output {
-    microsoft-sentinel-log-analytics-logstash-output-plugin {
+    microsoft-sentinel-logstash-output {
         create_sample_file => true
         sample_file_path => "<enter the path to the file in which the sample data will be written>" #for example: "c:\\temp" (for windows) or "/var/log" for Linux.
     }
@@ -84,7 +84,7 @@ input {
 }
 
 output {
-    microsoft-sentinel-log-analytics-logstash-output-plugin {
+    microsoft-sentinel-logstash-output {
         create_sample_file => true
         sample_file_path => "<enter the path to the file in which the sample data will be written>" #for example: "c:\\temp" (for windows) or "/var/log" for Linux.
     }
@@ -127,7 +127,7 @@ Here is an example for the output plugin configuration section:
 
 ```
 output {
-    microsoft-sentinel-log-analytics-logstash-output-plugin {
+    microsoft-sentinel-logstash-output {
         client_app_Id => "<enter your client_app_id value here>"
         client_app_secret => "<enter your client_app_secret value here>"
         tenant_id => "<enter your tenant id here>"
@@ -160,7 +160,7 @@ Here is an example for the output plugin configuration section using a Managed I
 
 ```
 output {
-    microsoft-sentinel-log-analytics-logstash-output-plugin {
+    microsoft-sentinel-logstash-output {
         managed_identity => true
         data_collection_endpoint => "<enter your DCE logsIngestion URI here>"
         dcr_immutable_id => "<enter your DCR immutableId here>"
@@ -192,7 +192,7 @@ input {
  filter {
 }
 output {
-    microsoft-sentinel-log-analytics-logstash-output-plugin {
+    microsoft-sentinel-logstash-output {
       client_app_Id => "619c1731-15ca-4403-9c61-xxxxxxxxxxxx"
       client_app_secret => "xxxxxxxxxxxxxxxx"
       tenant_id => "72f988bf-86f1-41af-91ab-xxxxxxxxxxxx"
@@ -216,7 +216,7 @@ input {
  filter {
 }
 output {
-    microsoft-sentinel-log-analytics-logstash-output-plugin {
+    microsoft-sentinel-logstash-output {
       client_app_Id => "619c1731-15ca-4403-9c61-xxxxxxxxxxxx"
       client_app_secret => "xxxxxxxxxxxxxxxx"
       tenant_id => "72f988bf-86f1-41af-91ab-xxxxxxxxxxxx"
@@ -236,7 +236,7 @@ input {
 }
 
 output {
-    microsoft-sentinel-log-analytics-logstash-output-plugin {
+    microsoft-sentinel-logstash-output {
       client_app_Id => "${CLIENT_APP_ID}"
       client_app_secret => "${CLIENT_APP_SECRET}"
       tenant_id => "${TENANT_ID}"

data/SECURITY.md

@@ -0,0 +1,32 @@
+# Security Policy
+
+## Supported Versions
+
+The following versions are currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.2.0   | :white_check_mark: |
+| < 1.2.0  | :x:                |
+
+## Reporting a Vulnerability
+
+We take security very seriously. If you have discovered a security vulnerability in our project, we appreciate your help in disclosing it to us in a responsible manner.
+
+**Here's how you can report a vulnerability:**
+
+1. Send an email to our security team at [security@xxx.com](mailto:security@xxx.com). If possible, please use a descriptive subject line.
+
+2. Include as much information as possible about the vulnerability. This may include the steps to reproduce, the potential impact, and any proposed fixes or workarounds.
+
+3. Do not disclose the vulnerability publicly until we've had a chance to address it.
+
+**What to expect after reporting a vulnerability:**
+
+1. Confirmation of receipt: Within 3 business days of your report, we aim to acknowledge that we've received your report. We'll also attempt to confirm the vulnerability if it's not immediately obvious.
+
+2. Regular updates: Every 5 business days, we'll send you an email updating you on the status of your report. This may include confirmation of the vulnerability, details of any fixes or workarounds, and an estimated timeline for a fix.
+
+3. Public disclosure: Once we've addressed the vulnerability, we'll make a public announcement. If you wish, we can acknowledge your contribution in this announcement.
+
+Please note that we will respect your privacy and will only use your personal information to correspond with you about this report.

data/lib/logstash/outputs/microsoft-sentinel-log-analytics-logstash-output-plugin.rb

@@ -8,7 +8,7 @@ require "logstash/sentinel_la/logsSender"
 
 class LogStash::Outputs::MicrosoftSentinelOutput < LogStash::Outputs::Base
 
-  config_name "microsoft-sentinel-log-analytics-logstash-output-plugin"
+  config_name "microsoft-sentinel-logstash-output"
 
   # Stating that the output plugin will run in concurrent mode
   concurrency :shared

data/lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb

@@ -92,9 +92,9 @@ class LogstashLoganalyticsOutputConfiguration
 
 
     def print_missing_parameter_message_and_raise(param_name)
-        @logger.error("Missing a required setting for the microsoft-sentinel-log-analytics-logstash-output-plugin output plugin:
+        @logger.error("Missing a required setting for the microsoft-sentinel-logstash-output output plugin:
     output {
-        microsoft-sentinel-log-analytics-logstash-output-plugin {
+        microsoft-sentinel-logstash-output {
             #{param_name} => # SETTING MISSING
             ...
         }

data/lib/logstash/sentinel_la/version.rb

@@ -1,10 +1,10 @@
 module LogStash; module Outputs;
 class MicrosoftSentinelOutputInternal
-  VERSION_INFO = [1, 2, 0].freeze
+  VERSION_INFO = [1, 2, 2].freeze
   VERSION = VERSION_INFO.map(&:to_s).join('.').freeze
 
   def self.version
     VERSION
   end
 end
-end;end
+end;end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: microsoft-sentinel-logstash-output
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.2.2
 platform: ruby
 authors:
 - Pouyan & Koos
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-04-12 00:00:00.000000000 Z
+date: 2024-04-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -84,6 +84,7 @@ files:
 - Gemfile
 - LICENSE
 - README.md
+- SECURITY.md
 - code_of_conduct.md
 - lib/logstash/outputs/microsoft-sentinel-log-analytics-logstash-output-plugin.rb
 - lib/logstash/sentinel_la/customSizeBasedBuffer.rb
@@ -99,7 +100,7 @@ files:
 - lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb
 - lib/logstash/sentinel_la/sampleFileCreator.rb
 - lib/logstash/sentinel_la/version.rb
-- microsoft-sentinel-log-analytics-logstash-output-plugin.gemspec
+- microsoft-sentinel-logstash-output.gemspec
 homepage: https://github.com/pkhabazi/microsoft-sentinel-logstash-output
 licenses:
 - MIT