{ "name": "bitdefender", "title": "BitDefender", "version": "2.9.0", "release": "ga", "source": { "license": "Elastic-2.0" }, "description": "Ingest BitDefender GravityZone logs and data", "type": "integration", "download": "/epr/bitdefender/bitdefender-2.9.0.zip", "path": "/package/bitdefender/2.9.0", "icons": [ { "src": "/img/bitdefender_gravityzone.svg", "path": "/package/bitdefender/2.9.0/img/bitdefender_gravityzone.svg", "title": "BitDefender GravityZone", "size": "64x64", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.19.2 || ^9.0.5" }, "elastic": { "subscription": "basic" } }, "owner": { "type": "community", "github": "elastic/security-service-integrations" }, "categories": [ "security", "edr_xdr" ], "signature_path": "/epr/bitdefender/bitdefender-2.9.0.zip.sig", "format_version": "3.3.2", "readme": "/package/bitdefender/2.9.0/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/bitdefender-dashboard-push-notifications.png", "path": "/package/bitdefender/2.9.0/img/bitdefender-dashboard-push-notifications.png", "title": "Push Notifications Dashboard", "size": "600x600", "type": "image/png" }, { "src": "/img/bitdefender-dashboard-push-config-and-stats.png", "path": "/package/bitdefender/2.9.0/img/bitdefender-dashboard-push-config-and-stats.png", "title": "Push Notification Configuration & Statistics Dashboard", "size": "600x600", "type": "image/png" } ], "assets": [ "/package/bitdefender/2.9.0/LICENSE.txt", "/package/bitdefender/2.9.0/changelog.yml", "/package/bitdefender/2.9.0/manifest.yml", "/package/bitdefender/2.9.0/validation.yml", "/package/bitdefender/2.9.0/docs/README.md", "/package/bitdefender/2.9.0/img/bitdefender-dashboard-push-config-and-stats.png", "/package/bitdefender/2.9.0/img/bitdefender-dashboard-push-notifications.png", "/package/bitdefender/2.9.0/img/bitdefender-gravityzone-api-key-1.png", "/package/bitdefender/2.9.0/img/bitdefender-gravityzone-api-key-2.png", "/package/bitdefender/2.9.0/img/bitdefender-gravityzone-api-key-3.png", "/package/bitdefender/2.9.0/img/bitdefender-gravityzone-api-key-4.png", "/package/bitdefender/2.9.0/img/bitdefender-integration-configuration-1.png", "/package/bitdefender/2.9.0/img/bitdefender-integration-configuration-2.png", "/package/bitdefender/2.9.0/img/bitdefender_gravityzone.svg", "/package/bitdefender/2.9.0/kibana/tags.yml", "/package/bitdefender/2.9.0/data_stream/push_configuration/manifest.yml", "/package/bitdefender/2.9.0/data_stream/push_configuration/sample_event.json", "/package/bitdefender/2.9.0/data_stream/push_notifications/manifest.yml", "/package/bitdefender/2.9.0/data_stream/push_notifications/sample_event.json", "/package/bitdefender/2.9.0/data_stream/push_statistics/manifest.yml", "/package/bitdefender/2.9.0/data_stream/push_statistics/sample_event.json", "/package/bitdefender/2.9.0/kibana/dashboard/bitdefender-2f44ead0-9317-11ed-9924-a700c5ac9877.json", "/package/bitdefender/2.9.0/kibana/dashboard/bitdefender-493d5300-9317-11ed-9924-a700c5ac9877.json", "/package/bitdefender/2.9.0/kibana/search/bitdefender-59a16d90-9d66-11ed-8a52-3f6f572faed0.json", "/package/bitdefender/2.9.0/kibana/tag/bitdefender-fleet-managed-default.json", "/package/bitdefender/2.9.0/kibana/tag/bitdefender-fleet-pkg-bitdefender-default.json", "/package/bitdefender/2.9.0/data_stream/push_configuration/fields/base-fields.yml", "/package/bitdefender/2.9.0/data_stream/push_configuration/fields/ecs.yml", "/package/bitdefender/2.9.0/data_stream/push_configuration/fields/fields.yml", "/package/bitdefender/2.9.0/data_stream/push_notifications/fields/base-fields.yml", "/package/bitdefender/2.9.0/data_stream/push_notifications/fields/ecs.yml", "/package/bitdefender/2.9.0/data_stream/push_notifications/fields/fields.yml", "/package/bitdefender/2.9.0/data_stream/push_statistics/fields/base-fields.yml", "/package/bitdefender/2.9.0/data_stream/push_statistics/fields/ecs.yml", "/package/bitdefender/2.9.0/data_stream/push_statistics/fields/fields.yml", "/package/bitdefender/2.9.0/data_stream/push_configuration/agent/stream/cel.yml.hbs", "/package/bitdefender/2.9.0/data_stream/push_configuration/elasticsearch/ingest_pipeline/default.yml", "/package/bitdefender/2.9.0/data_stream/push_notifications/agent/stream/http_endpoint.yml.hbs", "/package/bitdefender/2.9.0/data_stream/push_notifications/elasticsearch/ingest_pipeline/default.yml", "/package/bitdefender/2.9.0/data_stream/push_statistics/agent/stream/cel.yml.hbs", "/package/bitdefender/2.9.0/data_stream/push_statistics/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "bitdefender_gravityzone", "title": "BitDefender GravityZone", "description": "Collect push notification events and related data from BitDefender GravityZone", "inputs": [ { "type": "http_endpoint", "vars": [ { "name": "push_notification_configuration_id", "type": "text", "title": "BitDefender GravityZone Push Notification ID", "description": "Used locally to tie together all push notification elements", "multi": false, "required": true, "show_user": true, "default": 1 }, { "name": "tenants", "type": "text", "title": "Company ID to company name mapping", "multi": true, "required": true, "show_user": true, "default": [ "623c18fb12fb8700396d6375: test_events" ] } ], "title": "Receive Push Notifications Events", "description": "Receives push notifications as JSON via HTTP POST" }, { "type": "cel", "vars": [ { "name": "push_notification_configuration_id", "type": "text", "title": "BitDefender GravityZone Push Notification ID", "description": "Used locally to tie together all push notification elements", "multi": false, "required": true, "show_user": true, "default": 1 }, { "name": "url", "type": "text", "title": "URL of BitDefender GravityZone API push endpoint", "description": "i.e. scheme://host:port/path", "multi": false, "required": true, "show_user": true, "default": "https://cloud.gravityzone.bitdefender.com/api/v1.0/jsonrpc/push" }, { "name": "api_key", "type": "password", "title": "BitDefender GravityZone API Key", "multi": false, "required": true, "show_user": true }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename) for details.", "multi": false, "required": false, "show_user": false, "default": false } ], "title": "Poll Push Notification Information", "description": "Collects BitDefender GravityZone Push Notification Configuration State & Statistics" } ], "multiple": true, "deployment_modes": { "default": { "enabled": true }, "agentless": { "enabled": true } } } ], "data_streams": [ { "type": "logs", "dataset": "bitdefender.push_configuration", "title": "BitDefender GravityZone Push Notification Configuration", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": false, "default": "1h" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "Push Notification Configuration", "description": "Collect Push Notification Configuration Information, including current status", "enabled": false, "ingestion_method": "API" } ], "package": "bitdefender", "path": "push_configuration" }, { "type": "logs", "dataset": "bitdefender.push_notifications", "title": "BitDefender GravityZone Push Notifications", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "http_endpoint", "vars": [ { "name": "listen_address", "type": "text", "title": "Listen Address", "description": "Bind address for the listener. Use 0.0.0.0 to listen on all interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "listen_port", "type": "integer", "title": "Listen Port", "multi": false, "required": true, "show_user": true, "default": 8080 }, { "name": "url", "type": "text", "title": "Webhook path", "description": "URL path where the webhook will accept requests.", "multi": false, "required": true, "show_user": false, "default": "/bitdefender/push/notification" }, { "name": "authorization_value", "type": "password", "title": "Authorization Value", "description": "Authorization header value", "multi": false, "required": false, "show_user": true }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "enabled: false\ncertificate: \"/etc/pki/client/cert.pem\"\nkey: \"/etc/pki/client/cert.key\"\n" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve bitdefender.push.event fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": true, "show_user": false, "default": true }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "http_endpoint.yml.hbs", "title": "BitDefender GravityZone Push Notifications", "description": "Receives push notifications from BitDefender GravityZone", "enabled": true, "ingestion_method": "Webhook" } ], "package": "bitdefender", "path": "push_notifications" }, { "type": "logs", "dataset": "bitdefender.push_statistics", "title": "BitDefender GravityZone Push Notification Statistics", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": false, "default": "1h" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "Push Notification Statistics", "description": "Collect Push Notification Configuration Statistics", "enabled": false, "ingestion_method": "API" } ], "package": "bitdefender", "path": "push_statistics" } ] }