Skip to content

[New Integration] SonicWall Secure Mobile Access (SMA)#18877

Draft
IOITI wants to merge 6 commits intoelastic:mainfrom
IOITI:feat/sonicwall_sma
Draft

[New Integration] SonicWall Secure Mobile Access (SMA)#18877
IOITI wants to merge 6 commits intoelastic:mainfrom
IOITI:feat/sonicwall_sma

Conversation

@IOITI
Copy link
Copy Markdown

@IOITI IOITI commented May 7, 2026

CHEOPS Cyberdéfense give you this SonicWall Secure Mobile Access (SMA) Integration.

Proposed commit message

Add the SonicWall Secure Mobile Access (SMA) integration to ingest SMA syslog events into Elastic and normalize them to ECS.

This change introduces a new SonicWall SMA package with a log data stream, generated documentation, package metadata, and ingest pipelines that parse the main SonicWall SMA event families.

The ingest architecture uses a common entry pipeline to normalize the syslog header, preserve the original event, extract the SonicWall SMA application, and route events to dedicated sub-pipelines per event family. Each family pipeline then parses the message body with native ingest processors, maps supported values to ECS fields.

The goal is to make SonicWall Secure Mobile Access logs usable out of the box for security monitoring and investigation.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • Review expected pipeline fixtures and sample event output one last time before merge.
  • Confirm the generated README content matches the final field model and supported log families.

How to test this PR locally

  1. From the repository root, change into packages/sonicwall_sma.
  2. Run elastic-package test.
  3. Run elastic-package build.
  4. Review the generated package artifact under build/packages/.
  5. Tests already send representative SonicWall SMA syslog samples covering multiple kinds of logs, you can confirm the resulting documents populate ECS fields such as event.action, user.name, source.ip, destination.address, process.command_line, log.syslog.appname, and log.syslog.procid.

Related issues

N/A

Screenshots

N/A

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented May 7, 2026

Reviewers

Buildkite won't run for external contributors automatically; you need to add a comment:

  • /test : will kick off a build in Buildkite.

NOTE: https://github.com/elastic/integrations/blob/main/.buildkite/pull-requests.json contains all those details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@IOITI