{ "name": "claroty_xdome", "title": "Claroty xDome", "version": "1.0.3", "release": "ga", "description": "Collect logs from Claroty xDome with Elastic Agent.", "type": "integration", "download": "/epr/claroty_xdome/claroty_xdome-1.0.3.zip", "path": "/package/claroty_xdome/1.0.3", "icons": [ { "src": "/img/claroty-xdome-logo.svg", "path": "/package/claroty_xdome/1.0.3/img/claroty-xdome-logo.svg", "title": "Claroty xDome", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.18.0 || ^9.0.0" }, "elastic": { "subscription": "basic" } }, "owner": { "type": "elastic", "github": "elastic/security-service-integrations" }, "categories": [ "security", "vulnerability_management" ], "signature_path": "/epr/claroty_xdome/claroty_xdome-1.0.3.zip.sig", "format_version": "3.3.2", "readme": "/package/claroty_xdome/1.0.3/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/claroty_xdome-alert.png", "path": "/package/claroty_xdome/1.0.3/img/claroty_xdome-alert.png", "title": "Alert Dashboard", "size": "600x600", "type": "image/png" }, { "src": "/img/claroty_xdome-event.png", "path": "/package/claroty_xdome/1.0.3/img/claroty_xdome-event.png", "title": "Event Dashboard", "size": "600x600", "type": "image/png" }, { "src": "/img/claroty_xdome-vulnerability.png", "path": "/package/claroty_xdome/1.0.3/img/claroty_xdome-vulnerability.png", "title": "Vulnerability Dashboard", "size": "600x600", "type": "image/png" } ], "assets": [ "/package/claroty_xdome/1.0.3/LICENSE.txt", "/package/claroty_xdome/1.0.3/changelog.yml", "/package/claroty_xdome/1.0.3/manifest.yml", "/package/claroty_xdome/1.0.3/validation.yml", "/package/claroty_xdome/1.0.3/docs/README.md", "/package/claroty_xdome/1.0.3/img/claroty-xdome-logo.svg", "/package/claroty_xdome/1.0.3/img/claroty_xdome-alert.png", "/package/claroty_xdome/1.0.3/img/claroty_xdome-event.png", "/package/claroty_xdome/1.0.3/img/claroty_xdome-vulnerability.png", "/package/claroty_xdome/1.0.3/data_stream/alert/manifest.yml", "/package/claroty_xdome/1.0.3/data_stream/alert/sample_event.json", "/package/claroty_xdome/1.0.3/data_stream/event/manifest.yml", "/package/claroty_xdome/1.0.3/data_stream/event/sample_event.json", "/package/claroty_xdome/1.0.3/data_stream/vulnerability/manifest.yml", "/package/claroty_xdome/1.0.3/data_stream/vulnerability/sample_event.json", "/package/claroty_xdome/1.0.3/kibana/dashboard/claroty_xdome-1a6db475-9ab4-4970-9684-9a427321a765.json", "/package/claroty_xdome/1.0.3/kibana/dashboard/claroty_xdome-9d8a86b9-6253-4aa6-8f5c-06f4dce86a59.json", "/package/claroty_xdome/1.0.3/kibana/dashboard/claroty_xdome-9dc03d8d-e798-4bad-a368-c21468a5eeea.json", "/package/claroty_xdome/1.0.3/kibana/search/claroty_xdome-135de86d-8045-480a-bc10-cb321b87dc42.json", "/package/claroty_xdome/1.0.3/kibana/search/claroty_xdome-aabe9af9-ccb6-4706-9e00-9714aefc802a.json", "/package/claroty_xdome/1.0.3/data_stream/alert/fields/base-fields.yml", "/package/claroty_xdome/1.0.3/data_stream/alert/fields/beats.yml", "/package/claroty_xdome/1.0.3/data_stream/alert/fields/fields.yml", "/package/claroty_xdome/1.0.3/data_stream/event/fields/base-fields.yml", "/package/claroty_xdome/1.0.3/data_stream/event/fields/beats.yml", "/package/claroty_xdome/1.0.3/data_stream/event/fields/fields.yml", "/package/claroty_xdome/1.0.3/data_stream/vulnerability/fields/base-fields.yml", "/package/claroty_xdome/1.0.3/data_stream/vulnerability/fields/beats.yml", "/package/claroty_xdome/1.0.3/data_stream/vulnerability/fields/fields.yml", "/package/claroty_xdome/1.0.3/data_stream/alert/agent/stream/cel.yml.hbs", "/package/claroty_xdome/1.0.3/data_stream/alert/elasticsearch/ingest_pipeline/default.yml", "/package/claroty_xdome/1.0.3/data_stream/event/agent/stream/cel.yml.hbs", "/package/claroty_xdome/1.0.3/data_stream/event/elasticsearch/ingest_pipeline/default.yml", "/package/claroty_xdome/1.0.3/data_stream/vulnerability/agent/stream/cel.yml.hbs", "/package/claroty_xdome/1.0.3/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "claroty_xdome", "title": "Claroty xDome", "description": "Collect logs from Claroty xDome.", "inputs": [ { "type": "cel", "vars": [ { "name": "url", "type": "text", "title": "URL", "description": "Base URL of Claroty xDome.", "multi": false, "required": true, "show_user": true, "default": "https://demo-api.claroty.com" }, { "name": "api_token", "type": "password", "title": "API Token", "description": "API token of Claroty xDome.", "multi": false, "required": true, "show_user": true }, { "name": "proxy_url", "type": "text", "title": "Proxy URL", "description": "proxy configuration in the form of https://:@:.", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL config for the host, i.e. certificate_authorities, supported_protocols, verification_mode etc.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" } ], "title": "Collect Claroty xDome logs via API", "description": "Collecting Claroty xDome logs via API." } ], "multiple": true, "deployment_modes": { "default": { "enabled": true }, "agentless": { "enabled": true } } } ], "data_streams": [ { "type": "logs", "dataset": "claroty_xdome.alert", "title": "Collect Alert logs from Claroty xDome", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "How far back to pull the logs from Claroty xDome. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the Claroty xDome API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "5m" }, { "name": "batch_size", "type": "integer", "title": "Batch Size", "description": "Batch size for the response of the Claroty xDome API. The maximum batch size supported for alert is 5000.", "multi": false, "required": true, "show_user": false, "default": 5000 }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Supported time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details.", "multi": false, "required": false, "show_user": false }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": false, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve claroty_xdome.alert fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "claroty_xdome-alert" ] }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "Alert logs", "description": "Collect Alert logs from Claroty xDome.", "enabled": true, "ingestion_method": "API" } ], "package": "claroty_xdome", "path": "alert" }, { "type": "logs", "dataset": "claroty_xdome.event", "title": "Collect Event logs from Claroty xDome", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "How far back to pull the logs from Claroty xDome. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the Claroty xDome API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "5m" }, { "name": "batch_size", "type": "integer", "title": "Batch Size", "description": "Batch size for the response of the Claroty xDome API. The maximum batch size supported for event is 5000.", "multi": false, "required": true, "show_user": false, "default": 5000 }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Supported time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details.", "multi": false, "required": false, "show_user": false }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": false, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve claroty_xdome.event fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "claroty_xdome-event" ] }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "Event logs", "description": "Collect Event logs from Claroty xDome.", "enabled": true, "ingestion_method": "API" } ], "package": "claroty_xdome", "path": "event" }, { "type": "logs", "dataset": "claroty_xdome.vulnerability", "title": "Collect Vulnerability logs from Claroty xDome", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "How far back to pull the logs from Claroty xDome. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the Claroty xDome API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "5m" }, { "name": "batch_size", "type": "integer", "title": "Batch Size", "description": "Batch size for the response of the Claroty xDome API. The maximum batch size supported is 5000.", "multi": false, "required": true, "show_user": false, "default": 5000 }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Supported time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details.", "multi": false, "required": false, "show_user": false }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": false, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve claroty_xdome.vulnerability fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "claroty_xdome-vulnerability" ] }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "Vulnerability logs", "description": "Collect Vulnerability logs from Claroty xDome.", "enabled": true, "ingestion_method": "API" } ], "package": "claroty_xdome", "path": "vulnerability" } ] }