{ "name": "tenable_ot_security", "title": "Tenable OT Security", "version": "2.0.0", "release": "ga", "source": { "license": "Elastic-2.0" }, "description": "Tenable OT Security", "type": "integration", "download": "/epr/tenable_ot_security/tenable_ot_security-2.0.0.zip", "path": "/package/tenable_ot_security/2.0.0", "icons": [ { "src": "/img/logo.svg", "path": "/package/tenable_ot_security/2.0.0/img/logo.svg", "title": "Logo", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.16.1 || ^9.1.4" }, "elastic": { "subscription": "basic" } }, "owner": { "type": "elastic", "github": "elastic/security-service-integrations" }, "categories": [ "security" ], "signature_path": "/epr/tenable_ot_security/tenable_ot_security-2.0.0.zip.sig", "format_version": "3.3.0", "readme": "/package/tenable_ot_security/2.0.0/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/screenshot1.png", "path": "/package/tenable_ot_security/2.0.0/img/screenshot1.png", "title": "Overview", "size": "600x600", "type": "image/png" }, { "src": "/img/screenshot2.png", "path": "/package/tenable_ot_security/2.0.0/img/screenshot2.png", "title": "Events", "size": "600x600", "type": "image/png" } ], "assets": [ "/package/tenable_ot_security/2.0.0/LICENSE.txt", "/package/tenable_ot_security/2.0.0/changelog.yml", "/package/tenable_ot_security/2.0.0/manifest.yml", "/package/tenable_ot_security/2.0.0/docs/README.md", "/package/tenable_ot_security/2.0.0/img/logo.svg", "/package/tenable_ot_security/2.0.0/img/screenshot1.png", "/package/tenable_ot_security/2.0.0/img/screenshot2.png", "/package/tenable_ot_security/2.0.0/data_stream/assets/manifest.yml", "/package/tenable_ot_security/2.0.0/data_stream/assets/sample_event.json", "/package/tenable_ot_security/2.0.0/data_stream/events/manifest.yml", "/package/tenable_ot_security/2.0.0/data_stream/events/sample_event.json", "/package/tenable_ot_security/2.0.0/data_stream/system_log/manifest.yml", "/package/tenable_ot_security/2.0.0/data_stream/system_log/sample_event.json", "/package/tenable_ot_security/2.0.0/kibana/dashboard/tenable_ot_security-83d09d64-36df-46a1-8790-9f3dfe02e153.json", "/package/tenable_ot_security/2.0.0/kibana/dashboard/tenable_ot_security-c6423a0a-fd80-489b-8302-17ba2024f345.json", "/package/tenable_ot_security/2.0.0/data_stream/assets/fields/base-fields.yml", "/package/tenable_ot_security/2.0.0/data_stream/assets/fields/tenable-assets-fields.yml", "/package/tenable_ot_security/2.0.0/data_stream/events/fields/base-fields.yml", "/package/tenable_ot_security/2.0.0/data_stream/events/fields/tenable-events-fields.yml", "/package/tenable_ot_security/2.0.0/data_stream/system_log/fields/base-fields.yml", "/package/tenable_ot_security/2.0.0/data_stream/system_log/fields/tenable-system_log-fields.yml", "/package/tenable_ot_security/2.0.0/data_stream/assets/agent/stream/cel.yml.hbs", "/package/tenable_ot_security/2.0.0/data_stream/assets/elasticsearch/ingest_pipeline/default.yml", "/package/tenable_ot_security/2.0.0/data_stream/events/agent/stream/cel.yml.hbs", "/package/tenable_ot_security/2.0.0/data_stream/events/elasticsearch/ingest_pipeline/default.yml", "/package/tenable_ot_security/2.0.0/data_stream/system_log/agent/stream/cel.yml.hbs", "/package/tenable_ot_security/2.0.0/data_stream/system_log/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "tenable_ot_security_cloud", "title": "Tenable OT Security Cloud Events", "description": "Collect events from Tenable OT Security Cloud event reporting.", "inputs": [ { "type": "cel", "vars": [ { "name": "api_host", "type": "text", "title": "URL", "description": "Enter the URL of the Tenable OT Security Cloud API server, e.g., https://cloud.tenable.com.", "multi": false, "required": true, "show_user": true }, { "name": "key", "type": "text", "title": "API Key", "description": "Enter the API key created on Tenable OT Security Cloud.", "multi": false, "required": true, "show_user": true }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable Request Tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. Disabling the request tracer will delete any stored traces. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_enable) for details.", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Specifies the duration to wait before declaring a timeout. Valid units are ns, us, ms, s, m, h.", "multi": false, "required": false, "show_user": false }, { "name": "proxy_url", "type": "text", "title": "Proxy URL", "description": "Enter the URL for proxy connections in the format\\\":\\\" http[s]://:@:.", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "Configuration for certificate authorities, supported protocols, verification modes, etc.", "multi": false, "required": false, "show_user": false } ], "title": "Collect Events from the Tenable OT Security Cloud Events API", "description": "Extract all events from Tenable OT Security Cloud via the API." } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "tenable_ot_security.assets", "title": "Assets", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "Specifies how far back to retrieve assets. Supported units are h, m, and s.", "multi": false, "required": true, "show_user": true, "default": "2160h" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Specifies how often data for all managed accounts will be re-fetched.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "limit", "type": "integer", "title": "Limit", "description": "Defines the number of assets to fetch per request.", "multi": false, "required": true, "show_user": true, "default": 1000 }, { "name": "tags", "type": "text", "title": "Tags", "description": "Tags to apply to assets, such as 'forwarded'.", "multi": true, "required": false, "show_user": false, "default": [ "forwarded", "tenable_ot_security" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve Original Event", "description": "If enabled, retains a raw copy of the original event in the `event.original` field.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors modify assets by reducing fields or adding metadata. This occurs within the agent before logs are parsed.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "Tenable OT Security Assets", "description": "Request settings for Tenable OT Security.", "enabled": true, "ingestion_method": "API" } ], "package": "tenable_ot_security", "path": "assets" }, { "type": "logs", "dataset": "tenable_ot_security.events", "title": "Events", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "Specifies how far back to retrieve security event logs. Supported units\\\":\\\" h (hours), m (minutes), s (seconds).", "multi": false, "required": true, "show_user": true, "default": "2160h" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Specifies how often data for all managed accounts will be re-fetched.", "multi": false, "required": true, "show_user": true, "default": "60s" }, { "name": "limit", "type": "integer", "title": "Limit", "description": "Defines the number of events to fetch per request.", "multi": false, "required": true, "show_user": true, "default": 1000 }, { "name": "tags", "type": "text", "title": "Tags", "description": "Tags to apply to events, such as 'forwarded'.", "multi": true, "required": false, "show_user": false, "default": [ "forwarded", "tenable_ot_security" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve Original Event", "description": "If enabled, retains a raw copy of the original event in the `event.original` field.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors modify events by reducing fields or adding metadata. This occurs within the agent before logs are parsed.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "Tenable OT Security Events", "description": "Request settings for Tenable OT Security Cloud.", "enabled": true, "ingestion_method": "API" } ], "package": "tenable_ot_security", "path": "events" }, { "type": "logs", "dataset": "tenable_ot_security.system_log", "title": "System Log", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "Specifies how far back to pull system logs. Supported units are h, m, and s.", "multi": false, "required": true, "show_user": true, "default": "2160h" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Specifies how often data for all managed accounts will be re-fetched.", "multi": false, "required": true, "show_user": true, "default": "60s" }, { "name": "limit", "type": "integer", "title": "Limit", "description": "Defines the number of events to fetch per request.", "multi": false, "required": true, "show_user": true, "default": 1000 }, { "name": "tags", "type": "text", "title": "Tags", "description": "Tags to apply to events, such as 'forwarded'.", "multi": true, "required": false, "show_user": false, "default": [ "forwarded", "tenable_ot_security" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve Original Event", "description": "When enabled, retains a raw copy of the original event in the `event.original` field.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors can modify events by reducing fields or adding metadata. Processing occurs in the agent before logs are parsed.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "Tenable OT Security System Logs", "description": "Request settings for Tenable OT Security Cloud.", "enabled": true, "ingestion_method": "API" } ], "package": "tenable_ot_security", "path": "system_log" } ] }