{
  "name": "ironscales",
  "title": "IRONSCALES",
  "version": "0.2.3",
  "release": "beta",
  "description": "Collect logs from IRONSCALES with Elastic Agent.",
  "type": "integration",
  "download": "/epr/ironscales/ironscales-0.2.3.zip",
  "path": "/package/ironscales/0.2.3",
  "icons": [
    {
      "src": "/img/ironscales-logo.svg",
      "path": "/package/ironscales/0.2.3/img/ironscales-logo.svg",
      "title": "IRONSCALES logo",
      "size": "32x32",
      "type": "image/svg+xml"
    }
  ],
  "conditions": {
    "kibana": {
      "version": "^8.19.8 || ~9.1.8 || ~9.2.2 || ^9.3.0"
    },
    "elastic": {
      "subscription": "basic"
    }
  },
  "owner": {
    "type": "elastic",
    "github": "elastic/security-service-integrations"
  },
  "categories": [
    "security"
  ],
  "signature_path": "/epr/ironscales/ironscales-0.2.3.zip.sig",
  "format_version": "3.3.2",
  "readme": "/package/ironscales/0.2.3/docs/README.md",
  "license": "basic",
  "screenshots": [
    {
      "src": "/img/ironscales-incident.png",
      "path": "/package/ironscales/0.2.3/img/ironscales-incident.png",
      "title": "Incident Dashboard",
      "size": "600x600",
      "type": "image/png"
    }
  ],
  "assets": [
    "/package/ironscales/0.2.3/LICENSE.txt",
    "/package/ironscales/0.2.3/changelog.yml",
    "/package/ironscales/0.2.3/manifest.yml",
    "/package/ironscales/0.2.3/validation.yml",
    "/package/ironscales/0.2.3/docs/README.md",
    "/package/ironscales/0.2.3/img/ironscales-incident.png",
    "/package/ironscales/0.2.3/img/ironscales-logo.svg",
    "/package/ironscales/0.2.3/data_stream/incident/lifecycle.yml",
    "/package/ironscales/0.2.3/data_stream/incident/manifest.yml",
    "/package/ironscales/0.2.3/data_stream/incident/sample_event.json",
    "/package/ironscales/0.2.3/kibana/dashboard/ironscales-10c370de-4a54-41b2-bab7-0b0fdce7f399.json",
    "/package/ironscales/0.2.3/kibana/search/ironscales-21f03da1-39e9-4bc2-8df2-19c5f78bfb18.json",
    "/package/ironscales/0.2.3/kibana/search/ironscales-cf37f3c8-3e04-4f96-9f1d-05176f4a8561.json",
    "/package/ironscales/0.2.3/data_stream/incident/fields/base-fields.yml",
    "/package/ironscales/0.2.3/data_stream/incident/fields/beats.yml",
    "/package/ironscales/0.2.3/data_stream/incident/fields/ecs.yml",
    "/package/ironscales/0.2.3/data_stream/incident/fields/fields.yml",
    "/package/ironscales/0.2.3/data_stream/incident/fields/is-transform-source-true.yml",
    "/package/ironscales/0.2.3/elasticsearch/transform/latest_incident/manifest.yml",
    "/package/ironscales/0.2.3/elasticsearch/transform/latest_incident/transform.yml",
    "/package/ironscales/0.2.3/data_stream/incident/agent/stream/cel.yml.hbs",
    "/package/ironscales/0.2.3/data_stream/incident/elasticsearch/ilm/default_policy.json",
    "/package/ironscales/0.2.3/data_stream/incident/elasticsearch/ingest_pipeline/default.yml",
    "/package/ironscales/0.2.3/elasticsearch/transform/latest_incident/fields/base-fields.yml",
    "/package/ironscales/0.2.3/elasticsearch/transform/latest_incident/fields/beats.yml",
    "/package/ironscales/0.2.3/elasticsearch/transform/latest_incident/fields/ecs.yml",
    "/package/ironscales/0.2.3/elasticsearch/transform/latest_incident/fields/fields.yml",
    "/package/ironscales/0.2.3/elasticsearch/transform/latest_incident/fields/is-transform-source-false.yml"
  ],
  "policy_templates": [
    {
      "name": "ironscales",
      "title": "IRONSCALES",
      "description": "Collect logs from IRONSCALES.",
      "inputs": [
        {
          "type": "cel",
          "vars": [
            {
              "name": "url",
              "type": "url",
              "title": "URL",
              "description": "Base URL of the IRONSCALES Instance.",
              "multi": false,
              "required": true,
              "show_user": true
            },
            {
              "name": "api_token",
              "type": "password",
              "title": "API Token",
              "description": "API Token to authenticate with IRONSCALES API.",
              "multi": false,
              "required": true,
              "show_user": true
            },
            {
              "name": "company_id",
              "type": "text",
              "title": "Company ID",
              "description": "Unique identifier of the company account in IRONSCALES, required to collect data through the IRONSCALES API.",
              "multi": false,
              "required": true,
              "show_user": true
            },
            {
              "name": "proxy_url",
              "type": "text",
              "title": "Proxy URL",
              "description": "URL to proxy connections in the form of http[s]://<user>:<password>@<server name/ip>:<port>. Please ensure your username and password are in URL encoded format.",
              "multi": false,
              "required": false,
              "show_user": false
            },
            {
              "name": "ssl",
              "type": "yaml",
              "title": "SSL Configuration",
              "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.",
              "multi": false,
              "required": false,
              "show_user": false,
              "default": "#certificate_authorities:\n#  - |\n#    -----BEGIN CERTIFICATE-----\n#    MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n#    ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n#    MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n#    BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n#    fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n#    94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n#    /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n#    PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n#    CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n#    BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n#    8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n#    874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n#    3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n#    H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n#    8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n#    yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n#    sxSmbIUfc2SGJGCJD4I=\n#    -----END CERTIFICATE-----\n"
            }
          ],
          "title": "Collect logs from IRONSCALES API",
          "description": "Collecting logs via IRONSCALES API."
        }
      ],
      "multiple": true,
      "deployment_modes": {
        "default": {
          "enabled": true
        },
        "agentless": {
          "enabled": true
        }
      }
    }
  ],
  "data_streams": [
    {
      "type": "logs",
      "dataset": "ironscales.incident",
      "ilm_policy": "logs-ironscales.incident-default_policy",
      "title": "Collect Incidents from IRONSCALES.",
      "release": "beta",
      "ingest_pipeline": "default",
      "streams": [
        {
          "input": "cel",
          "vars": [
            {
              "name": "interval",
              "type": "text",
              "title": "Interval",
              "description": "Duration between requests to the IRONSCALES API. Supported units for this parameter are h/m/s.",
              "multi": false,
              "required": true,
              "show_user": true,
              "default": "24h"
            },
            {
              "name": "page_size",
              "type": "integer",
              "title": "Page Size",
              "description": "Page size for the response of the IRONSCALES API.",
              "multi": false,
              "required": true,
              "show_user": false,
              "default": 100
            },
            {
              "name": "enable_request_tracer",
              "type": "bool",
              "title": "Enable request tracing",
              "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. Disabling the request tracer will delete any stored traces. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_enable) for details.",
              "multi": false,
              "required": false,
              "show_user": false,
              "default": false
            },
            {
              "name": "preserve_original_event",
              "type": "bool",
              "title": "Preserve original event",
              "description": "Preserves a raw copy of the original event, added to the field event.original.",
              "multi": false,
              "required": false,
              "show_user": true,
              "default": false
            },
            {
              "name": "tags",
              "type": "text",
              "title": "Tags",
              "description": "Tags for the data-stream.",
              "multi": true,
              "required": true,
              "show_user": false,
              "default": [
                "forwarded",
                "ironscales-incident"
              ]
            },
            {
              "name": "http_client_timeout",
              "type": "text",
              "title": "HTTP Client Timeout",
              "description": "Duration before declaring that the HTTP client connection has timed out. Supported time units are ns, us, ms, s, m, h.",
              "multi": false,
              "required": true,
              "show_user": false,
              "default": "30s"
            },
            {
              "name": "max_executions",
              "type": "integer",
              "title": "Maximum Incidents per Interval",
              "description": "Maximum Incidents per Interval is the maximum number of Incidents that can be collected at each interval.",
              "multi": false,
              "required": false,
              "show_user": false,
              "default": 1000
            },
            {
              "name": "preserve_duplicate_custom_fields",
              "type": "bool",
              "title": "Preserve duplicate custom fields",
              "description": "Preserve ironscales.incident.* fields that were copied to Elastic Common Schema (ECS) fields.",
              "multi": false,
              "required": false,
              "show_user": false,
              "default": false
            },
            {
              "name": "processors",
              "type": "yaml",
              "title": "Processors",
              "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed.",
              "multi": false,
              "required": false,
              "show_user": false
            }
          ],
          "template_path": "cel.yml.hbs",
          "title": "IRONSCALES Incidents",
          "description": "Collect IRONSCALES Incidents.",
          "enabled": true,
          "ingestion_method": "API"
        }
      ],
      "package": "ironscales",
      "path": "incident"
    }
  ]
}
