{ "name": "fortinet_fortiedr", "title": "Fortinet FortiEDR Logs", "version": "1.21.0", "release": "ga", "description": "Collect logs from Fortinet FortiEDR instances with Elastic Agent.", "type": "integration", "download": "/epr/fortinet_fortiedr/fortinet_fortiedr-1.21.0.zip", "path": "/package/fortinet_fortiedr/1.21.0", "icons": [ { "src": "/img/fortinet-logo.svg", "path": "/package/fortinet_fortiedr/1.21.0/img/fortinet-logo.svg", "title": "Fortinet", "size": "216x216", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.11.0 || ^9.0.0" } }, "owner": { "type": "elastic", "github": "elastic/integration-experience" }, "categories": [ "security", "edr_xdr" ], "signature_path": "/epr/fortinet_fortiedr/fortinet_fortiedr-1.21.0.zip.sig", "format_version": "3.0.3", "readme": "/package/fortinet_fortiedr/1.21.0/docs/README.md", "license": "basic", "assets": [ "/package/fortinet_fortiedr/1.21.0/LICENSE.txt", "/package/fortinet_fortiedr/1.21.0/changelog.yml", "/package/fortinet_fortiedr/1.21.0/manifest.yml", "/package/fortinet_fortiedr/1.21.0/validation.yml", "/package/fortinet_fortiedr/1.21.0/docs/README.md", "/package/fortinet_fortiedr/1.21.0/img/fortinet-logo.svg", "/package/fortinet_fortiedr/1.21.0/kibana/tags.yml", "/package/fortinet_fortiedr/1.21.0/data_stream/log/manifest.yml", "/package/fortinet_fortiedr/1.21.0/data_stream/log/sample_event.json", "/package/fortinet_fortiedr/1.21.0/docs/knowledge_base/service_info.md", "/package/fortinet_fortiedr/1.21.0/data_stream/log/fields/agent.yml", "/package/fortinet_fortiedr/1.21.0/data_stream/log/fields/base-fields.yml", "/package/fortinet_fortiedr/1.21.0/data_stream/log/fields/ecs.yml", "/package/fortinet_fortiedr/1.21.0/data_stream/log/fields/fields.yml", "/package/fortinet_fortiedr/1.21.0/data_stream/log/agent/stream/log.yml.hbs", "/package/fortinet_fortiedr/1.21.0/data_stream/log/agent/stream/tcp.yml.hbs", "/package/fortinet_fortiedr/1.21.0/data_stream/log/agent/stream/udp.yml.hbs", "/package/fortinet_fortiedr/1.21.0/data_stream/log/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "fortinet", "title": "Fortinet FortiEDR logs", "description": "Collect logs from Fortinet FortiEDR instances", "inputs": [ { "type": "logfile", "title": "Collect Fortinet FortiEDR logs (input: logfile)", "description": "Collecting logs from Fortinet FortiEDR instances (input: logfile)" }, { "type": "tcp", "title": "Collect Fortinet FortiEDR logs (input: tcp)", "description": "Collecting logs from Fortinet FortiEDR instances (input: tcp)" }, { "type": "udp", "title": "Collect Fortinet FortiEDR logs (input: udp)", "description": "Collecting logs from Fortinet FortiEDR instances (input: udp)" } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "fortinet_fortiedr.log", "title": "Fortinet FortiEDR Endpoint Detection and Response logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "udp", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "fortinet-fortiedr", "forwarded" ] }, { "name": "udp_host", "type": "text", "title": "Listen Address", "description": "The bind address to listen for UDP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "udp_port", "type": "integer", "title": "Listen Port", "description": "The UDP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 9509 }, { "name": "tz_offset", "type": "text", "title": "Timezone offset (+HH:mm format)", "multi": false, "required": false, "show_user": true, "default": "local" }, { "name": "rsa_fields", "type": "bool", "title": "Add non-ECS fields", "multi": false, "required": false, "show_user": true, "default": true }, { "name": "keep_raw_fields", "type": "bool", "title": "Keep raw parser fields", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "debug", "type": "bool", "title": "Enable debug logging", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "udp_options", "type": "yaml", "title": "Custom UDP Options", "description": "Specify custom configuration options for the UDP input.", "multi": false, "required": false, "show_user": false, "default": "#read_buffer: 100MiB\n#max_message_size: 50KiB\n#timeout: 300s\n" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "udp.yml.hbs", "title": "Fortinet FortiEDR Endpoint Detection and Response logs", "description": "Collect Fortinet FortiEDR Endpoint Detection and Response logs", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "tcp", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "fortinet-fortiedr", "forwarded" ] }, { "name": "tcp_host", "type": "text", "title": "Listen Address", "description": "The bind address to listen for TCP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "tcp_port", "type": "integer", "title": "Listen Port", "description": "The TCP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 9509 }, { "name": "tz_offset", "type": "text", "title": "Timezone offset (+HH:mm format)", "multi": false, "required": false, "show_user": true, "default": "local" }, { "name": "rsa_fields", "type": "bool", "title": "Add non-ECS fields", "multi": false, "required": false, "show_user": true, "default": true }, { "name": "keep_raw_fields", "type": "bool", "title": "Keep raw parser fields", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "debug", "type": "bool", "title": "Enable debug logging", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "tcp.yml.hbs", "title": "Fortinet FortiEDR Endpoint Detection and Response logs", "description": "Collect Fortinet FortiEDR Endpoint Detection and Response logs", "enabled": false, "ingestion_method": "Network Protocol" }, { "input": "logfile", "vars": [ { "name": "paths", "type": "text", "title": "Paths", "multi": true, "required": true, "show_user": false, "default": [ "/var/log/fortinet-edr.log" ] }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "fortinet-fortiedr", "forwarded" ] }, { "name": "tz_offset", "type": "text", "title": "Timezone offset (+HH:mm format)", "multi": false, "required": false, "show_user": true, "default": "local" }, { "name": "debug", "type": "bool", "title": "Enable debug logging", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "log.yml.hbs", "title": "Fortinet FortiEDR Endpoint Detection and Response logs", "description": "Collect Fortinet FortiEDR Endpoint Detection and Response logs from file", "enabled": false, "ingestion_method": "File" } ], "package": "fortinet_fortiedr", "path": "log" } ] }