{ "name": "snyk", "title": "Snyk", "version": "3.4.2", "release": "ga", "description": "Collect logs from Snyk with Elastic Agent.", "type": "integration", "download": "/epr/snyk/snyk-3.4.2.zip", "path": "/package/snyk/3.4.2", "icons": [ { "src": "/img/snyk-logo.svg", "path": "/package/snyk/3.4.2/img/snyk-logo.svg", "title": "Snyk logo", "size": "382x625", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^9.3.0" } }, "owner": { "type": "elastic", "github": "elastic/security-service-integrations" }, "categories": [ "security", "cloudsecurity_cdr", "vulnerability_management" ], "signature_path": "/epr/snyk/snyk-3.4.2.zip.sig", "format_version": "3.3.2", "readme": "/package/snyk/3.4.2/docs/README.md", "license": "basic", "assets": [ "/package/snyk/3.4.2/LICENSE.txt", "/package/snyk/3.4.2/changelog.yml", "/package/snyk/3.4.2/manifest.yml", "/package/snyk/3.4.2/validation.yml", "/package/snyk/3.4.2/docs/README.md", "/package/snyk/3.4.2/img/snyk-logo.svg", "/package/snyk/3.4.2/kibana/tags.yml", "/package/snyk/3.4.2/data_stream/audit_logs/manifest.yml", "/package/snyk/3.4.2/data_stream/audit_logs/sample_event.json", "/package/snyk/3.4.2/data_stream/issues/manifest.yml", "/package/snyk/3.4.2/data_stream/issues/sample_event.json", "/package/snyk/3.4.2/data_stream/audit_logs/fields/agent.yml", "/package/snyk/3.4.2/data_stream/audit_logs/fields/base-fields.yml", "/package/snyk/3.4.2/data_stream/audit_logs/fields/beats.yml", "/package/snyk/3.4.2/data_stream/audit_logs/fields/fields.yml", "/package/snyk/3.4.2/data_stream/audit_logs/fields/package-fields.yml", "/package/snyk/3.4.2/data_stream/issues/fields/agent.yml", "/package/snyk/3.4.2/data_stream/issues/fields/base-fields.yml", "/package/snyk/3.4.2/data_stream/issues/fields/beats.yml", "/package/snyk/3.4.2/data_stream/issues/fields/fields.yml", "/package/snyk/3.4.2/data_stream/issues/fields/is-transform-source-false.yml", "/package/snyk/3.4.2/data_stream/issues/fields/package-fields.yml", "/package/snyk/3.4.2/elasticsearch/transform/latest_issues/manifest.yml", "/package/snyk/3.4.2/elasticsearch/transform/latest_issues/transform.yml", "/package/snyk/3.4.2/data_stream/audit_logs/agent/stream/cel.yml.hbs", "/package/snyk/3.4.2/data_stream/audit_logs/elasticsearch/ingest_pipeline/default.yml", "/package/snyk/3.4.2/data_stream/issues/agent/stream/cel.yml.hbs", "/package/snyk/3.4.2/data_stream/issues/elasticsearch/ingest_pipeline/default.yml", "/package/snyk/3.4.2/elasticsearch/transform/latest_issues/fields/agent.yml", "/package/snyk/3.4.2/elasticsearch/transform/latest_issues/fields/base-fields.yml", "/package/snyk/3.4.2/elasticsearch/transform/latest_issues/fields/beats.yml", "/package/snyk/3.4.2/elasticsearch/transform/latest_issues/fields/ecs.yml", "/package/snyk/3.4.2/elasticsearch/transform/latest_issues/fields/fields.yml", "/package/snyk/3.4.2/elasticsearch/transform/latest_issues/fields/is-transform-source-false.yml", "/package/snyk/3.4.2/elasticsearch/transform/latest_issues/fields/package-fields.yml" ], "policy_templates": [ { "name": "snyk", "title": "Snyk Events", "description": "Collect data from Snyk API", "inputs": [ { "type": "cel", "vars": [ { "name": "oauth_enable", "type": "bool", "title": "Enable OAuth2", "description": "Enable OAuth2 authentication. Client ID and client secret are required.", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "client_id", "type": "text", "title": "Client ID", "description": "Client ID for OAuth2 authentication. Required if Enable OAuth2 toggle is on.", "multi": false, "required": false, "show_user": false }, { "name": "client_secret", "type": "password", "title": "Client secret", "description": "Client secret for OAuth2 authentication. Required if Enable OAuth2 toggle is on.", "multi": false, "required": false, "show_user": false }, { "name": "url", "type": "text", "title": "Base URL of Snyk API Server", "description": "The base URL as found [here](https://apidocs.snyk.io/?version=2024-04-29#overview).", "multi": false, "required": true, "show_user": false, "default": "https://api.snyk.io/" }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename) for details.", "multi": false, "required": false, "show_user": false }, { "name": "api_token", "type": "password", "title": "Snyk API Token", "description": "API token for authentication. Required if Enable OAuth2 toggle is off.", "multi": false, "required": false, "show_user": true }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h.", "multi": false, "required": false, "show_user": true }, { "name": "proxy_url", "type": "text", "title": "Proxy URL", "description": "URL to proxy connections in the form of http\\[s\\]://:@:", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false } ], "title": "Collect data from Snyk API", "description": "Collect Audit Logs and Issues data from the Snyk REST API" } ], "multiple": true, "deployment_modes": { "default": { "enabled": true }, "agentless": { "enabled": true } } } ], "data_streams": [ { "type": "logs", "dataset": "snyk.audit_logs", "title": "Collect Snyk Audit Logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "audit_type", "type": "select", "title": "Audit Log Type", "description": "Type of Audit logs.", "multi": false, "required": true, "show_user": true, "default": "/rest/orgs/" }, { "name": "audit_id", "type": "text", "title": "Group/Organization ID", "description": "The ID of the Snyk group or organization. For Organization audit logs, this may be \"ALL\", in which case logs from all organizations visible to the user will be collected. This number of organizations in this case is limited to 100 and if more than that number of organizations are visible, only the first 100 will be collected.", "multi": false, "required": true, "show_user": true }, { "name": "user_id", "type": "text", "title": "User ID Filter", "description": "User ID on which to filter events.", "multi": false, "required": false, "show_user": true }, { "name": "event", "type": "text", "title": "Event Type Filter", "description": "Event types on which to filter events.", "multi": true, "required": false, "show_user": true }, { "name": "project_id", "type": "text", "title": "Project ID Filter", "description": "Project ID on which to filter events.", "multi": false, "required": false, "show_user": true }, { "name": "interval", "type": "text", "title": "Interval to query Snyk Events API.", "description": "Go Duration syntax (eg. 10s)", "multi": false, "required": true, "show_user": false, "default": "10s" }, { "name": "first_interval", "type": "text", "title": "Initial interval to query Snyk Events API.", "description": "Go Duration syntax (eg. 10s)", "multi": false, "required": false, "show_user": false }, { "name": "batch_size", "type": "integer", "title": "Batch Size", "description": "Batch size for the response of the Snyk API. It must be between 1 - 100 if present.", "multi": false, "required": false, "show_user": false }, { "name": "max_executions", "type": "integer", "title": "Maximum Pages Per Interval", "description": "Maximum Pages Per Interval is the maximum number of pages that can be collected at each interval.", "multi": false, "required": false, "show_user": false, "default": 1000 }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": false, "show_user": false, "default": [ "forwarded", "snyk-audit-logs" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "Collect Snyk Audit Logs", "description": "Collect Snyk Audit Logs via the Snyk REST API", "enabled": true, "ingestion_method": "API" } ], "package": "snyk", "path": "audit_logs" }, { "type": "logs", "dataset": "snyk.issues", "title": "Collect Snyk Issues Data", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "issues_type", "type": "select", "title": "Audit Log Type", "description": "Type of Audit logs.", "multi": false, "required": true, "show_user": true, "default": "/rest/orgs/" }, { "name": "issues_id", "type": "text", "title": "Group/Organization ID", "description": "The ID of the Snyk group or organization.", "multi": false, "required": true, "show_user": true }, { "name": "effective_severity_level", "type": "text", "title": "Effective Severity Level", "description": "One or more effective severity levels to filter issues.", "multi": true, "required": false, "show_user": true, "default": [ "critical", "high", "medium", "low", "info" ] }, { "name": "status", "type": "text", "title": "Status", "description": "An issue's status", "multi": true, "required": false, "show_user": true, "default": [ "open", "resolved" ] }, { "name": "ignored", "type": "select", "title": "Ignored", "description": "Filter on whether an issue is ignored or not.", "multi": false, "required": true, "show_user": true, "default": "" }, { "name": "type_selection", "type": "select", "title": "Types", "description": "The type of issues to filter the results by.", "multi": false, "required": false, "show_user": true, "default": "" }, { "name": "scan_item_id", "type": "text", "title": "Scan Item", "description": "A scan item id to filter issues through their scan item relationship. Requires Scan Item Type to be set.", "multi": false, "required": false, "show_user": true }, { "name": "scan_item_type_selection", "type": "select", "title": "Scan Item Type", "description": "The scan item type of issues to filter the results by. Requires Scan Item to be set.", "multi": false, "required": false, "show_user": true, "default": "" }, { "name": "interval", "type": "text", "title": "Interval to query Snyk Events API", "description": "Go Duration syntax (eg. 10s)", "multi": false, "required": true, "show_user": false, "default": "24h" }, { "name": "first_interval", "type": "text", "title": "Initial interval to query Snyk Events API.", "description": "Go Duration syntax (eg. 10s)", "multi": false, "required": false, "show_user": false }, { "name": "batch_size", "type": "integer", "title": "Batch Size", "description": "Batch size for the response of the Snyk API. It must be between 1 - 100 if present.", "multi": false, "required": false, "show_user": false }, { "name": "fetch_related_projects", "type": "bool", "title": "Fetch Related Projects", "description": "If the scan item is a project, make an additional request to fetch its full details.", "multi": false, "required": true, "show_user": false, "default": true }, { "name": "max_executions", "type": "integer", "title": "Maximum Pages Per Interval", "description": "Maximum Pages Per Interval is the maximum number of pages that can be collected at each interval.", "multi": false, "required": false, "show_user": false, "default": 1000 }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": false, "show_user": false, "default": [ "forwarded", "snyk-issues" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "Collect Snyk Issues Data", "description": "Collect Snyk Issues data via the Snyk API", "enabled": false, "ingestion_method": "API" } ], "package": "snyk", "path": "issues" } ] }