{ "name": "doppel", "title": "Doppel", "version": "0.1.1", "release": "beta", "source": { "license": "Elastic-2.0" }, "description": "Collects Doppel alerts and sends them to Elastic", "type": "integration", "download": "/epr/doppel/doppel-0.1.1.zip", "path": "/package/doppel/0.1.1", "icons": [ { "src": "/img/doppel-logo.svg", "path": "/package/doppel/0.1.1/img/doppel-logo.svg", "title": "Doppel", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.19.14 || ^9.3.3" }, "elastic": { "subscription": "basic" } }, "owner": { "type": "partner", "github": "elastic/security-service-integrations" }, "categories": [ "security" ], "signature_path": "/epr/doppel/doppel-0.1.1.zip.sig", "format_version": "3.5.7", "readme": "/package/doppel/0.1.1/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/doppel-screenshot-dashboard-New-1.png", "path": "/package/doppel/0.1.1/img/doppel-screenshot-dashboard-New-1.png", "title": "Doppel Alerts - Security Overview", "size": "1918x875", "type": "image/png" } ], "assets": [ "/package/doppel/0.1.1/LICENSE.txt", "/package/doppel/0.1.1/changelog.yml", "/package/doppel/0.1.1/manifest.yml", "/package/doppel/0.1.1/docs/README.md", "/package/doppel/0.1.1/img/doppel-logo.svg", "/package/doppel/0.1.1/img/doppel-screenshot-dashboard-New-1.png", "/package/doppel/0.1.1/data_stream/alerts/manifest.yml", "/package/doppel/0.1.1/data_stream/alerts/sample_event.json", "/package/doppel/0.1.1/kibana/dashboard/doppel-security-overview.json", "/package/doppel/0.1.1/kibana/index_pattern/doppel-alerts-index-pattern.json", "/package/doppel/0.1.1/data_stream/alerts/fields/base-fields.yml", "/package/doppel/0.1.1/data_stream/alerts/fields/ecs.yml", "/package/doppel/0.1.1/data_stream/alerts/fields/fields.yml", "/package/doppel/0.1.1/data_stream/alerts/agent/stream/stream.yml.hbs", "/package/doppel/0.1.1/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "doppel_alerts", "title": "Doppel Alerts", "description": "Collect alerts directly from the Doppel API.", "inputs": [ { "type": "cel", "title": "Doppel API Poller", "description": "Periodically polls the Doppel API for new alerts." } ], "multiple": true, "deployment_modes": { "default": { "enabled": true }, "agentless": { "enabled": true } } } ], "data_streams": [ { "type": "logs", "dataset": "doppel.alerts", "title": "Doppel Alerts", "release": "beta", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "url", "type": "text", "title": "Doppel API URL", "description": "Base URL of the Doppel API.", "multi": false, "required": true, "show_user": true, "default": "https://api.doppel.com" }, { "name": "api_key", "type": "password", "title": "Doppel API Key", "description": "Doppel API Key for authentication.", "multi": false, "required": true, "show_user": false }, { "name": "x_user_api_key", "type": "password", "title": "Doppel User API Key", "description": "Doppel User API Key for authentication.", "multi": false, "required": false, "show_user": true }, { "name": "organization_code", "type": "text", "title": "Organization Code", "description": "Organisation code for authentication if the user is part of multiple organisations.", "multi": false, "required": false, "show_user": true }, { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "How far back to fetch alerts on the first sync when no cursor exists. Supported units are h, m, s.", "multi": false, "required": false, "show_user": true, "default": "720h" }, { "name": "page_size", "type": "integer", "title": "Page Size", "description": "Number of alerts to request per API page.", "multi": false, "required": false, "show_user": false, "default": 200 }, { "name": "interval", "type": "text", "title": "Polling Interval", "description": "How often to poll for new alerts.", "multi": false, "required": false, "show_user": true, "default": "5m" }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserve the raw API response in event.original.", "multi": false, "required": false, "show_user": false, "default": true }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_enabled) for details.", "multi": false, "required": false, "show_user": false, "default": false } ], "template_path": "stream.yml.hbs", "title": "Doppel API Poller", "description": "Periodically polls the Doppel API for new alerts.", "enabled": true, "ingestion_method": "API" } ], "package": "doppel", "path": "alerts" } ] }