{ "name": "stormshield", "title": "StormShield SNS", "version": "1.5.2", "release": "ga", "source": { "license": "Elastic-2.0" }, "description": "Stormshield SNS integration.", "type": "integration", "download": "/epr/stormshield/stormshield-1.5.2.zip", "path": "/package/stormshield/1.5.2", "icons": [ { "src": "/img/stormshield_logo.png", "path": "/package/stormshield/1.5.2/img/stormshield_logo.png", "title": "Stormshield logo", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.11.4 || ^9.0.0" }, "elastic": { "subscription": "basic" } }, "owner": { "type": "elastic", "github": "elastic/integration-experience" }, "categories": [ "network", "security", "firewall_security", "network_security" ], "signature_path": "/epr/stormshield/stormshield-1.5.2.zip.sig", "format_version": "3.1.1", "readme": "/package/stormshield/1.5.2/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/add-integration.png", "path": "/package/stormshield/1.5.2/img/add-integration.png", "title": "SNS Configuration", "size": "1078x5614", "type": "image/png" }, { "src": "/img/configuration-syslog.png", "path": "/package/stormshield/1.5.2/img/configuration-syslog.png", "title": "SNS Configuration Syslog", "size": "1296x717", "type": "image/png" }, { "src": "/img/dashboard.png", "path": "/package/stormshield/1.5.2/img/dashboard.png", "title": "SNS dashboard Overview", "size": "1078x1441", "type": "image/png" } ], "assets": [ "/package/stormshield/1.5.2/LICENSE.txt", "/package/stormshield/1.5.2/changelog.yml", "/package/stormshield/1.5.2/manifest.yml", "/package/stormshield/1.5.2/validation.yml", "/package/stormshield/1.5.2/docs/README.md", "/package/stormshield/1.5.2/img/add-integration.png", "/package/stormshield/1.5.2/img/configuration-syslog.png", "/package/stormshield/1.5.2/img/dashboard.png", "/package/stormshield/1.5.2/img/stormshield_logo.png", "/package/stormshield/1.5.2/kibana/tags.yml", "/package/stormshield/1.5.2/data_stream/log/manifest.yml", "/package/stormshield/1.5.2/data_stream/log/sample_event.json", "/package/stormshield/1.5.2/docs/knowledge_base/service_info.md", "/package/stormshield/1.5.2/kibana/dashboard/stormshield-5be8e340-235b-11ef-8b33-572717a2fc0b.json", "/package/stormshield/1.5.2/data_stream/log/fields/base-fields.yml", "/package/stormshield/1.5.2/data_stream/log/fields/ecs.yml", "/package/stormshield/1.5.2/data_stream/log/fields/fields.yml", "/package/stormshield/1.5.2/data_stream/log/agent/stream/tcp.yml.hbs", "/package/stormshield/1.5.2/data_stream/log/agent/stream/udp.yml.hbs", "/package/stormshield/1.5.2/data_stream/log/elasticsearch/ingest_pipeline/count.yml", "/package/stormshield/1.5.2/data_stream/log/elasticsearch/ingest_pipeline/default.yml", "/package/stormshield/1.5.2/data_stream/log/elasticsearch/ingest_pipeline/filterstat.yml", "/package/stormshield/1.5.2/data_stream/log/elasticsearch/ingest_pipeline/monitor.yml" ], "policy_templates": [ { "name": "stormshield_sns", "title": "Stormshield SNS logs", "description": "Collect logs from Stormshield SNS instances", "inputs": [ { "type": "udp", "title": "Collect logs from Stormshield SNS via UDP", "description": "Collecting logs from Stormshield SNS via UDP" }, { "type": "tcp", "title": "Collect logs from Stormshield SNS via TCP", "description": "Collecting logs from Stormshield SNS via TCP" } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "stormshield.log", "title": "StormShield SNS logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "udp", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded" ] }, { "name": "udp_host", "type": "text", "title": "Listen Address", "description": "The bind address to listen for UDP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "udp_port", "type": "integer", "title": "Listen Port", "description": "The UDP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 514 }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "udp_options", "type": "yaml", "title": "Custom UDP Options", "description": "Specify custom configuration options for the UDP input.", "multi": false, "required": false, "show_user": false, "default": "#read_buffer: 100MiB\n#max_message_size: 50KiB\n#timeout: 300s\n" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "udp.yml.hbs", "title": "Stormshield logs (via UDP)", "description": "Collect Stormshield logs (via UDP)", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "tcp", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded" ] }, { "name": "tcp_host", "type": "text", "title": "Listen Address", "description": "The bind address to listen for TCP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "tcp_port", "type": "integer", "title": "Listen Port", "description": "The TCP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 601 }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "tcp_options", "type": "yaml", "title": "Custom TCP Options", "description": "Specify custom configuration options for the TCP input.", "multi": false, "required": false, "show_user": false, "default": "framing: rfc6587\n" }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate: \"/etc/server/cert.pem\"\n#key: \"/etc/server/key.pem\"\n" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "tcp.yml.hbs", "title": "Stormshield logs (via TCP)", "description": "Collect Stormshield logs (via TCP)", "enabled": true, "ingestion_method": "Network Protocol" } ], "package": "stormshield", "path": "log" } ] }