{ "name": "menlo", "title": "Menlo Security", "version": "1.7.2", "release": "ga", "source": { "license": "Elastic-2.0" }, "description": "Collect logs from Menlo Security products with Elastic Agent", "type": "integration", "download": "/epr/menlo/menlo-1.7.2.zip", "path": "/package/menlo/1.7.2", "icons": [ { "src": "/img/logo.png", "path": "/package/menlo/1.7.2/img/logo.png", "title": "Menlo Security logo", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.19.0 || ^9.1.0" }, "elastic": { "subscription": "basic", "capabilities": [ "security" ] } }, "owner": { "type": "elastic", "github": "elastic/security-service-integrations" }, "categories": [ "monitoring", "network", "observability", "security" ], "signature_path": "/epr/menlo/menlo-1.7.2.zip.sig", "format_version": "3.0.2", "readme": "/package/menlo/1.7.2/docs/README.md", "license": "basic", "assets": [ "/package/menlo/1.7.2/LICENSE.txt", "/package/menlo/1.7.2/changelog.yml", "/package/menlo/1.7.2/manifest.yml", "/package/menlo/1.7.2/docs/README.md", "/package/menlo/1.7.2/img/logo.png", "/package/menlo/1.7.2/data_stream/dlp/manifest.yml", "/package/menlo/1.7.2/data_stream/dlp/sample_event.json", "/package/menlo/1.7.2/data_stream/web/manifest.yml", "/package/menlo/1.7.2/data_stream/web/sample_event.json", "/package/menlo/1.7.2/data_stream/dlp/fields/agent.yml", "/package/menlo/1.7.2/data_stream/dlp/fields/base-fields.yml", "/package/menlo/1.7.2/data_stream/dlp/fields/fields.yml", "/package/menlo/1.7.2/data_stream/web/fields/agent.yml", "/package/menlo/1.7.2/data_stream/web/fields/base-fields.yml", "/package/menlo/1.7.2/data_stream/web/fields/fields.yml", "/package/menlo/1.7.2/data_stream/dlp/agent/stream/input.yml.hbs", "/package/menlo/1.7.2/data_stream/dlp/elasticsearch/ingest_pipeline/default.yml", "/package/menlo/1.7.2/data_stream/web/agent/stream/input.yml.hbs", "/package/menlo/1.7.2/data_stream/web/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "menlo", "title": "Menlo Security Logs", "description": "Collect Menlo Security logs", "inputs": [ { "type": "cel", "vars": [ { "name": "url", "type": "text", "title": "URL", "description": "URL for the Menlo Security API (Add https:// before the url).", "multi": false, "required": true, "show_user": true, "default": "https://logs.menlosecurity.com/api/rep/v1/fetch/client_select" }, { "name": "token", "type": "password", "title": "API key", "description": "API key for the Menlo Security API.", "multi": false, "required": true, "show_user": false }, { "name": "proxy_url", "type": "text", "title": "Proxy URL", "description": "URL to proxy connections in the form of http[s]://:@:. Please ensure your username and password are in URL encoded format.", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ39BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" } ], "title": "Collect event from Menlo API", "description": "Collect Menlo Security logs via the Menlo Log API" } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "menlo.dlp", "title": "Collect Menlo DLP from Menlo Security API", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "batch_size", "type": "integer", "title": "Batch Size", "description": "Batch size for the response of the Menlo Security API.", "multi": false, "required": true, "show_user": false, "default": 1000 }, { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "How far back to pull the events from Menlo Security API. NOTE: Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the Menlo Security API. NOTE: Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "1m" }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename) for details.", "multi": false, "required": false, "show_user": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "menlo", "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve menlo.dlp fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": true, "show_user": false, "default": false } ], "template_path": "input.yml.hbs", "title": "Menlo DLP Logs", "description": "Collect Menlo DLP logs", "enabled": true, "ingestion_method": "API" } ], "package": "menlo", "path": "dlp" }, { "type": "logs", "dataset": "menlo.web", "title": "Collect Menlo Web from Menlo Security API", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "batch_size", "type": "integer", "title": "Batch Size", "description": "Batch size for the response of the Menlo Security API.", "multi": false, "required": true, "show_user": false, "default": 1000 }, { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "How far back to pull the events from Menlo Security API. NOTE: Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the Menlo Security API. NOTE: Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "1m" }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename) for details.", "multi": false, "required": false, "show_user": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "menlo", "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve menlo.web fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": true, "show_user": false, "default": false } ], "template_path": "input.yml.hbs", "title": "Menlo Web Logs", "description": "Collect Menlo Web logs", "enabled": true, "ingestion_method": "API" } ], "package": "menlo", "path": "web" } ] }