Adding fireeye nx package

[emnp]

What does this PR do?

Adds FireEye NX package.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• If I'm introducing a new feature, I have modified the Kibana version constraint in my package's manifest.yml file to point to the latest Elastic stack release (e.g. ^7.13.0).

Author's Checklist

• Data Stream Added
• Kibana Visualizations & Dahsboards

How to test this PR locally

# cd integrations/packages/fireeye
# elastic-package build
# elastic-package stack up -d -v
# eval "$(elastic-package stack shellinit)"
# elastic-package test  -v

Related issues

Screenshots

[cla-checker-service]

💚 CLA has been signed

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2021-10-27T10:18:20.313+0000

• Duration: 15 min 24 sec

• Commit: 784e198

Test stats 🧪

Test	Results
Failed	0
Passed	7
Skipped	0
Total	7

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[emnp]

/test

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[P1llus]

Thank you very much for this integration @emnp It is looking awesome already 👍

There is some comments below, but they are all super small, so no need to worry!

[P1llus]

/test

[P1llus]

Thanks for the updates @emnp .

It seems that the CI just has some small formatting issues left.

Could you run these two commands in the folder of the specific package:
elastic-package build
elastic-package format && elastic-package lint && elastic-package check

It will fix any formatting issues that you can commit, or point out what is missing.

[emnp]

Thanks for the updates @emnp .

It seems that the CI just has some small formatting issues left.

Could you run these two commands in the folder of the specific package: elastic-package build elastic-package format && elastic-package lint && elastic-package check

It will fix any formatting issues that you can commit, or point out what is missing.

@P1llus I check with these commands and formatting issues are clear now. And also all tests are working well. Could you please check the updates that I pushed?

[P1llus]

/test

[P1llus]

@emnp Seems like it is still complaining about integrations/packages/fireeye/data_stream/nx/manifest.yml. Could you run the second command again and push the changes it does? Might be a missing whitespace or something

[P1llus]

/test

[P1llus]

If the build doesn't pass now I might try to fix it and commit it to this PR if it is okay?

[emnp]

If the build doesn't pass now I might try to fix it and commit it to this PR if it is okay?

Sorry, @P1llus. I missed your comment. Did the build pass or did you try to fix it?

[P1llus]

I added a few small changes that would be nice to have, while we wait for the CI to pass @emnp

[P1llus]

Currently waiting for this to finish before triggering CI again: #2017

Thanks for fixing the last few comments :)

[P1llus]

/test

[P1llus]

Did you run one last format/lint/package build afterwards? If not I can do it as well of course @emnp .

[emnp]

Did you run one last format/lint/package build afterwards? If not I can do it as well of course @emnp .

Yes, @P1llus I did run these commands before pushing to git.

[P1llus]

Hey again @emnp 👋
I went through it, and the issue was that since we moved the observer fields to an ingest pipeline, the output of the pipeline test files was slightly different, so just had to regenerate those.

I also added some minor changes in capitalization of letters, and since all the required pipeline and system tests are available, I moved it from experimental to GA.
Would you be able to look through my changes and see if you agree? Feel free to comment on anything I did change.

[P1llus]

/test

[emnp]

Hey @P1llus, yes we moved the observer fields to ingest pipeline and I forgot to regenerate again :(.
And also this is my first experience. Thanks for correcting me.

[P1llus]

Hey @P1llus, yes we moved the observer fields to ingest pipeline and I forgot to regenerate again :(. And also this is my first experience. Thanks for correcting me.

No problem at all, we greatly appreciate it! :) So are you also okay with the changes that I performed @emnp?

[emnp]

Hey @P1llus, yes we moved the observer fields to ingest pipeline and I forgot to regenerate again :(. And also this is my first experience. Thanks for correcting me.

No problem at all, we greatly appreciate it! :) So are you also okay with the changes that I performed @emnp?

Yes, it's okay.

[marc-gr]

As a suggestion, could be interesting to add a community_id processor (https://www.elastic.co/guide/en/elasticsearch/reference/master/community-id-processor.html) using the available fields. Other that that and the couple of comments, it looks good 👍

[P1llus]

Adding the small fixes now

[P1llus]

Thank you very much for the contribution @emnp :) It is now merged and will be published with the rest of the 7.16 packages. Hope to work with you again in the future 👍