{ "name": "nextron_thor_apt_scanner", "title": "Nextron Thor APT Scanner", "version": "0.2.0", "release": "beta", "source": { "license": "Elastic-2.0" }, "description": "Integration for Nextron Thor APT Scanner", "type": "integration", "download": "/epr/nextron_thor_apt_scanner/nextron_thor_apt_scanner-0.2.0.zip", "path": "/package/nextron_thor_apt_scanner/0.2.0", "icons": [ { "src": "/img/thor-logo.svg", "path": "/package/nextron_thor_apt_scanner/0.2.0/img/thor-logo.svg", "title": "Thor logo", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^9.2.0" }, "elastic": { "subscription": "basic" } }, "owner": { "type": "elastic", "github": "elastic/security-service-integrations" }, "categories": [ "security" ], "signature_path": "/epr/nextron_thor_apt_scanner/nextron_thor_apt_scanner-0.2.0.zip.sig", "format_version": "3.5.0", "readme": "/package/nextron_thor_apt_scanner/0.2.0/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/overview_dashboard.png", "path": "/package/nextron_thor_apt_scanner/0.2.0/img/overview_dashboard.png", "title": "Nextron Thor Overview Dashboard Screenshot", "size": "600x600", "type": "image/png" } ], "assets": [ "/package/nextron_thor_apt_scanner/0.2.0/LICENSE.txt", "/package/nextron_thor_apt_scanner/0.2.0/changelog.yml", "/package/nextron_thor_apt_scanner/0.2.0/manifest.yml", "/package/nextron_thor_apt_scanner/0.2.0/docs/README.md", "/package/nextron_thor_apt_scanner/0.2.0/img/overview_dashboard.png", "/package/nextron_thor_apt_scanner/0.2.0/img/thor-logo.svg", "/package/nextron_thor_apt_scanner/0.2.0/data_stream/thor_forwarding/manifest.yml", "/package/nextron_thor_apt_scanner/0.2.0/data_stream/thor_forwarding/sample_event.json", "/package/nextron_thor_apt_scanner/0.2.0/kibana/dashboard/nextron_thor_apt_scanner-22101230-bfc3-4133-b4a8-dc79d477c174.json", "/package/nextron_thor_apt_scanner/0.2.0/data_stream/thor_forwarding/fields/base-fields.yml", "/package/nextron_thor_apt_scanner/0.2.0/data_stream/thor_forwarding/fields/ecs.yml", "/package/nextron_thor_apt_scanner/0.2.0/data_stream/thor_forwarding/fields/fields.yml", "/package/nextron_thor_apt_scanner/0.2.0/data_stream/thor_forwarding/agent/stream/cel.yml.hbs", "/package/nextron_thor_apt_scanner/0.2.0/data_stream/thor_forwarding/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "nextron_thor_apt_scanner", "title": "Thor Cloud Log Forwarding", "description": "Collect Thor Cloud logs", "inputs": [ { "type": "cel", "title": "Collect Thor Cloud logs", "description": "Collect Thor Cloud logs via API" } ], "multiple": true, "deployment_modes": { "default": { "enabled": true }, "agentless": { "enabled": true } } } ], "data_streams": [ { "type": "logs", "dataset": "nextron_thor_apt_scanner.thor_forwarding", "title": "Thor Forwarding", "release": "beta", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "How far back to pull the scan logs. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "url", "type": "text", "title": "API url", "multi": false, "required": true, "show_user": true, "default": "https://thor-cloud.nextron-services.com/api" }, { "name": "api_key", "type": "password", "title": "API Key", "description": "API Key of the THOR Cloud API.", "multi": false, "required": true, "show_user": true }, { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "5m" }, { "name": "batch_size", "type": "integer", "title": "batch_size", "description": "Batch size for the response of the API.", "multi": false, "required": true, "show_user": false, "default": 100 }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "max_executions", "type": "integer", "title": "Maximum Pages Per Interval", "description": "Maximum Pages Per Interval is the maximum number of pages that can be collected at each interval.", "multi": false, "required": false, "show_user": false, "default": 1000 }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. Disabling the request tracer will delete any stored traces. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_enable) for details.", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve wiz.issue fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "API log input", "description": "Collect logs with API", "enabled": true, "ingestion_method": "API" } ], "package": "nextron_thor_apt_scanner", "path": "thor_forwarding" } ] }