{ "name": "citrix_waf", "title": "Citrix Web App Firewall", "version": "1.20.1", "release": "ga", "description": "Ingest events from Citrix Systems Web App Firewall.", "type": "integration", "download": "/epr/citrix_waf/citrix_waf-1.20.1.zip", "path": "/package/citrix_waf/1.20.1", "icons": [ { "src": "/img/Citrix_Systems_logo.svg", "path": "/package/citrix_waf/1.20.1/img/Citrix_Systems_logo.svg", "title": "Citrix Systems", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.11.0 || ^9.0.0" } }, "owner": { "type": "elastic", "github": "elastic/integration-experience" }, "categories": [ "network", "security", "web_application_firewall" ], "signature_path": "/epr/citrix_waf/citrix_waf-1.20.1.zip.sig", "format_version": "3.0.3", "readme": "/package/citrix_waf/1.20.1/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/dashboard.png", "path": "/package/citrix_waf/1.20.1/img/dashboard.png", "title": "Citrix WAF Overview", "size": "3352x3206", "type": "image/png" } ], "assets": [ "/package/citrix_waf/1.20.1/LICENSE.txt", "/package/citrix_waf/1.20.1/changelog.yml", "/package/citrix_waf/1.20.1/manifest.yml", "/package/citrix_waf/1.20.1/validation.yml", "/package/citrix_waf/1.20.1/docs/README.md", "/package/citrix_waf/1.20.1/img/Citrix_Systems_logo.svg", "/package/citrix_waf/1.20.1/img/dashboard.png", "/package/citrix_waf/1.20.1/kibana/tags.yml", "/package/citrix_waf/1.20.1/data_stream/log/manifest.yml", "/package/citrix_waf/1.20.1/data_stream/log/sample_event.json", "/package/citrix_waf/1.20.1/docs/knowledge_base/service_info.md", "/package/citrix_waf/1.20.1/kibana/dashboard/citrix_waf-4b27aee0-0893-11ed-aba8-a72ea09ca7ef.json", "/package/citrix_waf/1.20.1/data_stream/log/fields/agent.yml", "/package/citrix_waf/1.20.1/data_stream/log/fields/base-fields.yml", "/package/citrix_waf/1.20.1/data_stream/log/fields/ecs.yml", "/package/citrix_waf/1.20.1/data_stream/log/fields/fields.yml", "/package/citrix_waf/1.20.1/data_stream/log/agent/stream/stream.yml.hbs", "/package/citrix_waf/1.20.1/data_stream/log/agent/stream/tcp.yml.hbs", "/package/citrix_waf/1.20.1/data_stream/log/agent/stream/udp.yml.hbs", "/package/citrix_waf/1.20.1/data_stream/log/elasticsearch/ingest_pipeline/cef.yml", "/package/citrix_waf/1.20.1/data_stream/log/elasticsearch/ingest_pipeline/default.yml", "/package/citrix_waf/1.20.1/data_stream/log/elasticsearch/ingest_pipeline/native.yml" ], "policy_templates": [ { "name": "citrix_waf", "title": "Citrix Web App Firewall logs", "description": "Collect logs from Citrix Web App Firewall instances", "inputs": [ { "type": "tcp", "title": "Collect logs from Citrix Web App Firewall via TCP", "description": "Collecting logs from Citrix Web App Firewall via TCP" }, { "type": "udp", "title": "Collect logs from Citrix Web App Firewall via UDP", "description": "Collecting logs from Citrix Web App Firewall via UDP" }, { "type": "logfile", "title": "Collect logs from Citrix Web App Firewall via file", "description": "Collecting logs from Citrix Web App Firewall via file" } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "citrix_waf.log", "title": "Citrix WAF logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "udp", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "citrix_waf", "forwarded" ] }, { "name": "udp_host", "type": "text", "title": "Listen Address", "description": "The bind address to listen for UDP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "udp_port", "type": "integer", "title": "Listen Port", "description": "The UDP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 9001 }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "udp_options", "type": "yaml", "title": "Custom UDP Options", "description": "Specify custom configuration options for the UDP input.", "multi": false, "required": false, "show_user": false, "default": "max_message_size: 10KiB\n#read_buffer: 100KiB\n" }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": false, "show_user": false, "default": "UTC" } ], "template_path": "udp.yml.hbs", "title": "Citrix WAF logs", "description": "Collect Citrix WAF logs (via Syslog)", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "tcp", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "citrix_waf", "forwarded" ] }, { "name": "tcp_host", "type": "text", "title": "Listen Address", "description": "The bind address to listen for TCP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "tcp_port", "type": "integer", "title": "Listen Port", "description": "The TCP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 9001 }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" }, { "name": "tcp_options", "type": "yaml", "title": "Custom TCP Options", "description": "Specify custom configuration options for the TCP input.", "multi": false, "required": false, "show_user": false, "default": "max_message_size: 10KiB\n#max_connections: 1\n#framing: delimitier\n#line_delimiter: \"\\n\"\n" }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": false, "show_user": false, "default": "UTC" } ], "template_path": "tcp.yml.hbs", "title": "Citrix WAF logs", "description": "Collect Citrix WAF logs (via Syslog)", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "logfile", "vars": [ { "name": "paths", "type": "text", "title": "Paths", "multi": true, "required": true, "show_user": true, "default": [ "/var/log/citrix-waf.log" ] }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "citrix_waf", "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": false, "show_user": false, "default": "UTC" } ], "template_path": "stream.yml.hbs", "title": "Citrix WAF logs", "description": "Collect Citrix WAF logs", "enabled": false, "ingestion_method": "File" } ], "package": "citrix_waf", "path": "log" } ] }