Skip to content

[ti_abusech] Add Support for New Dashboards and Update Deprecated Visualizations #15344

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

[ti_abusech] Add Support for New Dashboards and Update Deprecated Visualizations #15344

wants to merge 4 commits into from

Conversation

mohitjha-elastic
Copy link
Collaborator

@mohitjha-elastic mohitjha-elastic commented Sep 16, 2025
edited by efd6
Loading

Proposed commit message

ti_abusech: add support for new dashboards and update deprecated visualizations

Added support for the 'Domain and IP Addresses' dashboard and
the 'Software and x509 Certificates' dashboard to enhance coverage and
visibility of threat indicators. 

Updated deprecated visualization charts and applied best practices
across the existing Overview, Files, and URLs dashboards to improve
performance, maintainability, and consistency.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/ti_abusech directory.
  • Run the following command to run tests.

elastic-package test -v

Related Issue

@mohitjha-elastic mohitjha-elastic self-assigned this Sep 16, 2025
@mohitjha-elastic mohitjha-elastic added enhancement New feature or request dashboard Relates to a Kibana dashboard bug, enhancement, or modification. Integration:ti_abusech abuse.ch Category: Integration quality Category: Quality used for SI planning Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Sep 16, 2025
@mohitjha-elastic mohitjha-elastic marked this pull request as ready for review September 16, 2025 13:42
@mohitjha-elastic mohitjha-elastic requested a review from a team as a code owner September 16, 2025 13:42
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

efd6
efd6 reviewed Sep 16, 2025
View reviewed changes
packages/ti_abusech/kibana/dashboard/ti_abusech-2457fb50-3bc3-11ec-ae8c-7d00429ad420.json Outdated
"params": {
"fontSize": 12,
"markdown": "**Navigation**\n\n[abuse.ch Overview](/app/dashboards#/view/ti_abusech-c0d8d1f0-3b20-11ec-ae50-2fdf1e96c6a6) \n[abuse.ch Files](/app/dashboards#/view/ti_abusech-6a90c980-3b32-11ec-ae50-2fdf1e96c6a6) \n**abuse.ch URLs** \n\n[Integrations Page](/app/integrations/detail/ti_abusech/overview)\n\n\n**Overview**\n\nThis dashboard is an overview of the different threat intelligence indicators with a **threat.indicator.type: url**. \n\nThe dashboard is made to provide general statistics and show the health of your indicators like popular domains, file extensions, statistics about how many unique indicators are ingested and other relevant information.",
"markdown": "**Navigation**\n\n[abuse.ch Domain and IP Addresses](/app/dashboards#/view/ti_abusech-d11a94be-9b9f-42f8-9fed-d5e89005f24d) \n[abuse.ch Files](/app/dashboards#/view/ti_abusech-6a90c980-3b32-11ec-ae50-2fdf1e96c6a6) \n[abuse.ch Overview](/app/dashboards#/view/ti_abusech-c0d8d1f0-3b20-11ec-ae50-2fdf1e96c6a6) \n[abuse.ch Software and x509 Certificates](/app/dashboards#/view/ti_abusech-68ac01ad-dddf-476c-9a54-8c33c1047e53) \n**abuse.ch URLs**\n\n**[Integrations Page](/app/integrations/detail/ti_abusech/overview)**\n\n\n**Overview**\n\nThis dashboard is an overview of the different threat intelligence indicators with a **threat.indicator.type: url**. \n\nThe dashboard is made to provide general statistics and show the health of your indicators like popular domains, file extensions, statistics about how many unique indicators are ingested and other relevant information.",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we migrate to links panels instead?

packages/ti_abusech/img/abusech-softwares.png
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's disconcerting that the abuse.ch text gets linkified. If we can't avoid that, perhaps it should be removed.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Removed the text and added links panels.

efd6
efd6 reviewed Sep 18, 2025
View reviewed changes
packages/ti_abusech/kibana/links/ti_abusech-1bc63d46-478e-4a7b-b888-f9294909fd89.json Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like package spec does not know about this. Where did it come from?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I created the link panels and saved them to the library, intending to reuse them across other dashboards, similar to how we do it for saved searches. However, it seems the Elastic package doesn’t support this approach, and the check is failing.

For now, I’ve removed the links folder and added the links directly to each dashboard individually.

Ideally, this should work as expected since we should be able to save navigations to the library and reuse them.
WDYT?

@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

Package ti_abusech 👍(5) 💚(2) 💔(5)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
url 10449.32 7874.02 -2575.3 (-24.65%) 💔
ja3_fingerprints 23809.52 7955.45 -15854.07 (-66.59%) 💔
malware 16129.03 7530.12 -8598.91 (-53.31%) 💔
malwarebazaar 15151.52 12315.27 -2836.25 (-18.72%) 💔
sslblacklist 20533.88 16420.36 -4113.52 (-20.03%) 💔

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

History

cc @mohitjha-elastic

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
99.9% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 Awaiting requested review from efd6

At least 1 approving review is required to merge this pull request.

Assignees

@mohitjha-elastic mohitjha-elastic

Labels
Category: Integration quality Category: Quality used for SI planning dashboard Relates to a Kibana dashboard bug, enhancement, or modification. enhancement New feature or request Integration:ti_abusech abuse.ch Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ti_abusech: Dashboard Improvements
3 participants
@mohitjha-elastic @elasticmachine @efd6