{ "name": "eset_protect", "title": "ESET PROTECT", "version": "2.4.0", "release": "ga", "description": "Collect logs from ESET PROTECT with Elastic Agent.", "type": "integration", "download": "/epr/eset_protect/eset_protect-2.4.0.zip", "path": "/package/eset_protect/2.4.0", "icons": [ { "src": "/img/eset-protect-logo.svg", "path": "/package/eset_protect/2.4.0/img/eset-protect-logo.svg", "title": "ESET PROTECT logo", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.19.2 || ^9.0.5" }, "elastic": { "subscription": "basic" } }, "owner": { "type": "elastic", "github": "elastic/security-service-integrations" }, "categories": [ "security", "edr_xdr", "vulnerability_management" ], "signature_path": "/epr/eset_protect/eset_protect-2.4.0.zip.sig", "format_version": "3.3.2", "readme": "/package/eset_protect/2.4.0/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/eset_protect-event-dashboard.png", "path": "/package/eset_protect/2.4.0/img/eset_protect-event-dashboard.png", "title": "ESET PROTECT Event Dashboard Screenshot", "size": "600x600", "type": "image/png" }, { "src": "/img/eset_protect-detection-dashboard.png", "path": "/package/eset_protect/2.4.0/img/eset_protect-detection-dashboard.png", "title": "ESET PROTECT Detection Dashboard Screenshot", "size": "600x600", "type": "image/png" }, { "src": "/img/eset_protect-device_task-dashboard.png", "path": "/package/eset_protect/2.4.0/img/eset_protect-device_task-dashboard.png", "title": "ESET PROTECT Device Task Dashboard Screenshot", "size": "600x600", "type": "image/png" } ], "assets": [ "/package/eset_protect/2.4.0/LICENSE.txt", "/package/eset_protect/2.4.0/changelog.yml", "/package/eset_protect/2.4.0/manifest.yml", "/package/eset_protect/2.4.0/validation.yml", "/package/eset_protect/2.4.0/docs/README.md", "/package/eset_protect/2.4.0/img/eset-protect-logo.svg", "/package/eset_protect/2.4.0/img/eset_protect-detection-dashboard.png", "/package/eset_protect/2.4.0/img/eset_protect-device_task-dashboard.png", "/package/eset_protect/2.4.0/img/eset_protect-event-dashboard.png", "/package/eset_protect/2.4.0/data_stream/detection/manifest.yml", "/package/eset_protect/2.4.0/data_stream/detection/sample_event.json", "/package/eset_protect/2.4.0/data_stream/device/manifest.yml", "/package/eset_protect/2.4.0/data_stream/device/sample_event.json", "/package/eset_protect/2.4.0/data_stream/device_task/manifest.yml", "/package/eset_protect/2.4.0/data_stream/device_task/sample_event.json", "/package/eset_protect/2.4.0/data_stream/device_vulnerability/manifest.yml", "/package/eset_protect/2.4.0/data_stream/device_vulnerability/sample_event.json", "/package/eset_protect/2.4.0/data_stream/event/manifest.yml", "/package/eset_protect/2.4.0/data_stream/event/sample_event.json", "/package/eset_protect/2.4.0/kibana/dashboard/eset_protect-186ccfba-ed02-4f7a-a46d-a58ec636688a.json", "/package/eset_protect/2.4.0/kibana/dashboard/eset_protect-99f893a6-1b3d-412f-9a03-46035f2fa9d5.json", "/package/eset_protect/2.4.0/kibana/dashboard/eset_protect-dbe9ff1e-44c4-4cd9-8475-f04309279577.json", "/package/eset_protect/2.4.0/kibana/search/eset_protect-1235fac4-e101-4844-9c12-c929ae25ec08.json", "/package/eset_protect/2.4.0/kibana/search/eset_protect-c68400bb-870a-451d-b0cd-247ceb201ad5.json", "/package/eset_protect/2.4.0/kibana/search/eset_protect-f3c0f0c5-d165-48a4-aafa-6451bdda548f.json", "/package/eset_protect/2.4.0/data_stream/detection/fields/base-fields.yml", "/package/eset_protect/2.4.0/data_stream/detection/fields/beats.yml", "/package/eset_protect/2.4.0/data_stream/detection/fields/fields.yml", "/package/eset_protect/2.4.0/data_stream/device/fields/base-fields.yml", "/package/eset_protect/2.4.0/data_stream/device/fields/beats.yml", "/package/eset_protect/2.4.0/data_stream/device/fields/fields.yml", "/package/eset_protect/2.4.0/data_stream/device_task/fields/base-fields.yml", "/package/eset_protect/2.4.0/data_stream/device_task/fields/beats.yml", "/package/eset_protect/2.4.0/data_stream/device_task/fields/fields.yml", "/package/eset_protect/2.4.0/data_stream/device_vulnerability/fields/base-fields.yml", "/package/eset_protect/2.4.0/data_stream/device_vulnerability/fields/beats.yml", "/package/eset_protect/2.4.0/data_stream/device_vulnerability/fields/fields.yml", "/package/eset_protect/2.4.0/data_stream/event/fields/base-fields.yml", "/package/eset_protect/2.4.0/data_stream/event/fields/beats.yml", "/package/eset_protect/2.4.0/data_stream/event/fields/ecs.yml", "/package/eset_protect/2.4.0/data_stream/event/fields/fields.yml", "/package/eset_protect/2.4.0/elasticsearch/transform/latest_cdr_vuln/transform.yml", "/package/eset_protect/2.4.0/data_stream/detection/agent/stream/cel.yml.hbs", "/package/eset_protect/2.4.0/data_stream/detection/elasticsearch/ingest_pipeline/default.yml", "/package/eset_protect/2.4.0/data_stream/device/agent/stream/cel.yml.hbs", "/package/eset_protect/2.4.0/data_stream/device/elasticsearch/ingest_pipeline/default.yml", "/package/eset_protect/2.4.0/data_stream/device_task/agent/stream/cel.yml.hbs", "/package/eset_protect/2.4.0/data_stream/device_task/elasticsearch/ingest_pipeline/default.yml", "/package/eset_protect/2.4.0/data_stream/device_vulnerability/agent/stream/cel.yml.hbs", "/package/eset_protect/2.4.0/data_stream/device_vulnerability/elasticsearch/ingest_pipeline/default.yml", "/package/eset_protect/2.4.0/data_stream/event/agent/stream/tcp.yml.hbs", "/package/eset_protect/2.4.0/data_stream/event/elasticsearch/ingest_pipeline/default.yml", "/package/eset_protect/2.4.0/elasticsearch/transform/latest_cdr_vuln/fields/base-fields.yml", "/package/eset_protect/2.4.0/elasticsearch/transform/latest_cdr_vuln/fields/ecs.yml", "/package/eset_protect/2.4.0/elasticsearch/transform/latest_cdr_vuln/fields/fields.yml", "/package/eset_protect/2.4.0/elasticsearch/transform/latest_cdr_vuln/fields/package.yml", "/package/eset_protect/2.4.0/elasticsearch/transform/latest_cdr_vuln/fields/resource.yml", "/package/eset_protect/2.4.0/elasticsearch/transform/latest_cdr_vuln/fields/vulnerability.yml" ], "policy_templates": [ { "name": "eset_protect", "title": "ESET PROTECT logs", "description": "Collect logs from ESET PROTECT.", "inputs": [ { "type": "tcp", "title": "Collect ESET PROTECT logs via TCP input", "description": "Collecting logs from ESET PROTECT via TCP input." }, { "type": "cel", "vars": [ { "name": "region", "type": "text", "title": "Region", "description": "Region to use in the base URL.", "multi": false, "required": true, "show_user": true }, { "name": "username", "type": "text", "title": "User Name", "description": "Name of the API User Account.", "multi": false, "required": true, "show_user": true }, { "name": "password", "type": "password", "title": "Password", "description": "Password for the API User Account.", "multi": false, "required": true, "show_user": true }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details.", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "proxy_url", "type": "text", "title": "Proxy URL", "description": "URL to proxy connections in the form of http[s]://:@:. Please ensure your username and password are in URL encoded format.", "multi": false, "required": false, "show_user": false } ], "title": "Collect ESET PROTECT logs via API", "description": "Collecting ESET PROTECT via API." } ], "multiple": true, "deployment_modes": { "default": { "enabled": true }, "agentless": { "enabled": true } } } ], "data_streams": [ { "type": "logs", "dataset": "eset_protect.detection", "title": "Collect Detection logs from ESET PROTECT", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "How far back to pull the Detection logs from ESET Connect API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the ESET Connect API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "1m" }, { "name": "batch_size", "type": "integer", "title": "Batch Size", "description": "Batch size for the response of the ESET Connect API. The maximum supported batch size value is 1000.", "multi": false, "required": true, "show_user": false, "default": 1000 }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Supported time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "120s" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "eset_protect-detection" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve eset_protect.detection fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" } ], "template_path": "cel.yml.hbs", "title": "Detection Logs", "description": "Collect Detection logs from ESET PROTECT.", "enabled": false, "ingestion_method": "API" } ], "package": "eset_protect", "path": "detection" }, { "type": "logs", "dataset": "eset_protect.device", "title": "Collect Device logs from ESET PROTECT", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the ESET Connect API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "1h" }, { "name": "batch_size", "type": "integer", "title": "Batch Size", "description": "Batch size for the response of the ESET Connect API. The maximum supported batch size value is 1000.", "multi": false, "required": true, "show_user": false, "default": 1000 }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Supported time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "120s" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "eset_protect-device" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKqhkiG9w0B\n# -----END CERTIFICATE-----\n" } ], "template_path": "cel.yml.hbs", "title": "Device Logs", "description": "Collect Device logs from ESET PROTECT.", "enabled": false, "ingestion_method": "API" } ], "package": "eset_protect", "path": "device" }, { "type": "logs", "dataset": "eset_protect.device_task", "title": "Collect Device Task logs from ESET PROTECT", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the ESET Connect API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "1h" }, { "name": "batch_size", "type": "integer", "title": "Batch Size", "description": "Batch size for the response of the ESET Connect API. The maximum supported batch size value is 1000.", "multi": false, "required": true, "show_user": false, "default": 1000 }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Supported time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "120s" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "eset_protect-device_task" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve eset_protect.device_task fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" } ], "template_path": "cel.yml.hbs", "title": "Device Task Logs", "description": "Collect Device Task logs from ESET PROTECT.", "enabled": false, "ingestion_method": "API" } ], "package": "eset_protect", "path": "device_task" }, { "type": "logs", "dataset": "eset_protect.device_vulnerability", "title": "Collect Device Vulnerability logs from ESET PROTECT", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the ESET Connect API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "1h" }, { "name": "batch_size", "type": "integer", "title": "Batch Size", "description": "Batch size for the response of the ESET Connect API. The maximum supported batch size value is 1000.", "multi": false, "required": true, "show_user": false, "default": 1000 }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Supported time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "120s" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "eset_protect-device_vulnerability" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKqhkiG9w0B\n# -----END CERTIFICATE-----\n" } ], "template_path": "cel.yml.hbs", "title": "Device Vulnerability Logs", "description": "Collect Device Vulnerability logs from ESET PROTECT.", "enabled": false, "ingestion_method": "API" } ], "package": "eset_protect", "path": "device_vulnerability" }, { "type": "logs", "dataset": "eset_protect.event", "title": "Collect Event logs from ESET PROTECT", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "tcp", "vars": [ { "name": "listen_address", "type": "text", "title": "Listen Address", "description": "The bind address to listen for TCP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "listen_port", "type": "integer", "title": "Listen Port", "description": "The TCP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 6514 }, { "name": "tcp_options", "type": "yaml", "title": "Custom TCP Options", "description": "Specify custom configuration options for the TCP input.", "multi": false, "required": false, "show_user": false, "default": "max_message_size: 50KiB\n#max_connections: 1\n" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "eset_protect-event" ] }, { "name": "drop_heartbeat_message", "type": "bool", "title": "Drop HEARTBEAT message", "description": "Enable this toggle to drop HEARTBEAT messages. Disable it to retain HEARTBEAT messages in the data stream.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve eset_protect.event fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": true, "show_user": true, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" } ], "template_path": "tcp.yml.hbs", "title": "Event logs", "description": "Collect Event logs from ESET PROTECT.", "enabled": false, "ingestion_method": "Network Protocol" } ], "package": "eset_protect", "path": "event" } ] }