{ "name": "cisco_ftd", "title": "Cisco FTD", "version": "3.9.1", "release": "ga", "description": "Collect logs from Cisco FTD with Elastic Agent.", "type": "integration", "download": "/epr/cisco_ftd/cisco_ftd-3.9.1.zip", "path": "/package/cisco_ftd/3.9.1", "icons": [ { "src": "/img/cisco.svg", "path": "/package/cisco_ftd/3.9.1/img/cisco.svg", "title": "cisco", "size": "216x216", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.11.0 || ^9.0.0" } }, "owner": { "type": "elastic", "github": "elastic/sec-deployment-and-devices" }, "categories": [ "network", "security", "firewall_security" ], "signature_path": "/epr/cisco_ftd/cisco_ftd-3.9.1.zip.sig", "format_version": "3.0.3", "readme": "/package/cisco_ftd/3.9.1/docs/README.md", "license": "basic", "assets": [ "/package/cisco_ftd/3.9.1/LICENSE.txt", "/package/cisco_ftd/3.9.1/changelog.yml", "/package/cisco_ftd/3.9.1/manifest.yml", "/package/cisco_ftd/3.9.1/validation.yml", "/package/cisco_ftd/3.9.1/docs/README.md", "/package/cisco_ftd/3.9.1/img/cisco.svg", "/package/cisco_ftd/3.9.1/kibana/tags.yml", "/package/cisco_ftd/3.9.1/data_stream/log/manifest.yml", "/package/cisco_ftd/3.9.1/data_stream/log/sample_event.json", "/package/cisco_ftd/3.9.1/data_stream/log/fields/agent.yml", "/package/cisco_ftd/3.9.1/data_stream/log/fields/base-fields.yml", "/package/cisco_ftd/3.9.1/data_stream/log/fields/ecs.yml", "/package/cisco_ftd/3.9.1/data_stream/log/fields/fields.yml", "/package/cisco_ftd/3.9.1/data_stream/log/agent/stream/stream.yml.hbs", "/package/cisco_ftd/3.9.1/data_stream/log/agent/stream/tcp.yml.hbs", "/package/cisco_ftd/3.9.1/data_stream/log/agent/stream/udp.yml.hbs", "/package/cisco_ftd/3.9.1/data_stream/log/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "cisco_ftd", "title": "Cisco FTD logs", "description": "Collect logs from Cisco FTD instances", "inputs": [ { "type": "tcp", "title": "Collect logs from Cisco FTD via TCP", "description": "Collecting logs from Cisco FTD via TCP" }, { "type": "udp", "title": "Collect logs from Cisco FTD via UDP", "description": "Collecting logs from Cisco FTD via UDP" }, { "type": "logfile", "title": "Collect logs from Cisco FTD via file", "description": "Collecting logs from Cisco FTD via file" } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "cisco_ftd.log", "title": "Cisco FTD logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "udp", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "cisco-ftd", "forwarded" ] }, { "name": "udp_host", "type": "text", "title": "UDP host to listen on", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "udp_port", "type": "integer", "title": "UDP Port to listen on", "multi": false, "required": true, "show_user": true, "default": 9003 }, { "name": "internal_zones", "type": "text", "title": "Internal Zones", "multi": true, "required": false, "show_user": false }, { "name": "external_zones", "type": "text", "title": "External Zones", "multi": true, "required": false, "show_user": false }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "private_is_internal", "type": "bool", "title": "Consider private networks as internal", "description": "Assumes CIDR ranges `10.0.0.0/8`, `172.16.0.0/12`, and `192.168.0.0/16` are internal networks. If used in conjunction with Internal and External Zone lists, private CIDR ranges are used as a fallback resolve direction if not resolved by zone.", "multi": false, "required": true, "show_user": true, "default": true }, { "name": "udp_options", "type": "yaml", "title": "Custom UDP Options", "description": "Specify custom configuration options for the UDP input.", "multi": false, "required": false, "show_user": false, "default": "#read_buffer: 100MiB\n#max_message_size: 50KiB\n#timeout: 300s\n" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": false, "show_user": false, "default": "UTC" } ], "template_path": "udp.yml.hbs", "title": "Cisco FTD logs", "description": "Collect Cisco FTD logs", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "tcp", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "cisco-ftd", "forwarded" ] }, { "name": "tcp_host", "type": "text", "title": "TCP host to listen on", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "tcp_port", "type": "integer", "title": "TCP Port to listen on", "multi": false, "required": true, "show_user": true, "default": 9003 }, { "name": "internal_zones", "type": "text", "title": "Internal Zones", "multi": true, "required": false, "show_user": false }, { "name": "external_zones", "type": "text", "title": "External Zones", "multi": true, "required": false, "show_user": false }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "private_is_internal", "type": "bool", "title": "Consider private networks as internal", "description": "Assumes CIDR ranges `10.0.0.0/8`, `172.16.0.0/12`, and `192.168.0.0/16` are internal networks. If used in conjunction with Internal and External Zone lists, private CIDR ranges are used as a fallback resolve direction if not resolved by zone.", "multi": false, "required": true, "show_user": true, "default": true }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate: \"/etc/server/cert.pem\"\n#key: \"/etc/server/key.pem\"\n" }, { "name": "tcp_options", "type": "yaml", "title": "Custom TCP Options", "description": "Specify custom configuration options for the TCP input. See [TCP](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-tcp.html) for details.", "multi": false, "required": false, "show_user": false, "default": "#max_connections: 1\n#framing: delimiter\n#line_delimiter: \"\\n\"\n" }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": false, "show_user": false, "default": "UTC" } ], "template_path": "tcp.yml.hbs", "title": "Cisco FTD logs", "description": "Collect Cisco FTD logs", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "logfile", "vars": [ { "name": "paths", "type": "text", "title": "Paths", "multi": true, "required": true, "show_user": true, "default": [ "/var/log/cisco-ftd.log" ] }, { "name": "internal_zones", "type": "text", "title": "Internal Zones", "multi": true, "required": false, "show_user": false, "default": [ "trust" ] }, { "name": "external_zones", "type": "text", "title": "External Zones", "multi": true, "required": false, "show_user": false, "default": [ "untrust" ] }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "cisco-ftd", "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "private_is_internal", "type": "bool", "title": "Consider private networks as internal", "description": "Assumes CIDR ranges `10.0.0.0/8`, `172.16.0.0/12`, and `192.168.0.0/16` are internal networks. If used in conjunction with Internal and External Zone lists, private CIDR ranges are used as a fallback resolve direction if not resolved by zone.", "multi": false, "required": true, "show_user": true, "default": true }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": false, "show_user": false, "default": "UTC" } ], "template_path": "stream.yml.hbs", "title": "Cisco FTD logs", "description": "Collect Cisco FTD logs from file", "enabled": false, "ingestion_method": "File" } ], "package": "cisco_ftd", "path": "log" } ] }