{ "name": "watchguard_firebox", "title": "WatchGuard Firebox", "version": "1.6.4", "release": "ga", "description": "Collect logs from WatchGuard Firebox with Elastic Agent.", "type": "integration", "download": "/epr/watchguard_firebox/watchguard_firebox-1.6.4.zip", "path": "/package/watchguard_firebox/1.6.4", "icons": [ { "src": "/img/watchguard-logo.svg", "path": "/package/watchguard_firebox/1.6.4/img/watchguard-logo.svg", "title": "WatchGuard Firebox logo", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.13.0 || ^9.0.0" }, "elastic": { "subscription": "basic" } }, "owner": { "type": "elastic", "github": "elastic/integration-experience" }, "categories": [ "security", "network", "firewall_security", "siem" ], "signature_path": "/epr/watchguard_firebox/watchguard_firebox-1.6.4.zip.sig", "format_version": "3.1.4", "readme": "/package/watchguard_firebox/1.6.4/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/watchguard-firebox-log-dashboard-1.png", "path": "/package/watchguard_firebox/1.6.4/img/watchguard-firebox-log-dashboard-1.png", "title": "WatchGuard Firebox Overview Dashboard-1", "size": "600x600", "type": "image/png" }, { "src": "/img/watchguard-firebox-log-dashboard-2.png", "path": "/package/watchguard_firebox/1.6.4/img/watchguard-firebox-log-dashboard-2.png", "title": "WatchGuard Firebox Overview Dashboard-2", "size": "600x600", "type": "image/png" }, { "src": "/img/watchguard-firebox-log-dashboard-3.png", "path": "/package/watchguard_firebox/1.6.4/img/watchguard-firebox-log-dashboard-3.png", "title": "WatchGuard Firebox Overview Dashboard-3", "size": "600x600", "type": "image/png" }, { "src": "/img/watchguard-firebox-log-dashboard-4.png", "path": "/package/watchguard_firebox/1.6.4/img/watchguard-firebox-log-dashboard-4.png", "title": "WatchGuard Firebox Overview Dashboard-4", "size": "600x600", "type": "image/png" } ], "assets": [ "/package/watchguard_firebox/1.6.4/LICENSE.txt", "/package/watchguard_firebox/1.6.4/changelog.yml", "/package/watchguard_firebox/1.6.4/manifest.yml", "/package/watchguard_firebox/1.6.4/validation.yml", "/package/watchguard_firebox/1.6.4/docs/README.md", "/package/watchguard_firebox/1.6.4/img/watchguard-firebox-log-dashboard-1.png", "/package/watchguard_firebox/1.6.4/img/watchguard-firebox-log-dashboard-2.png", "/package/watchguard_firebox/1.6.4/img/watchguard-firebox-log-dashboard-3.png", "/package/watchguard_firebox/1.6.4/img/watchguard-firebox-log-dashboard-4.png", "/package/watchguard_firebox/1.6.4/img/watchguard-logo.svg", "/package/watchguard_firebox/1.6.4/kibana/tags.yml", "/package/watchguard_firebox/1.6.4/data_stream/log/manifest.yml", "/package/watchguard_firebox/1.6.4/data_stream/log/sample_event.json", "/package/watchguard_firebox/1.6.4/docs/knowledge_base/service_info.md", "/package/watchguard_firebox/1.6.4/kibana/dashboard/watchguard_firebox-5fb58f2b-8720-4b57-89b6-0f727f0d260f.json", "/package/watchguard_firebox/1.6.4/kibana/search/watchguard_firebox-0c03afcf-e39d-484a-8575-0630b7bb892a.json", "/package/watchguard_firebox/1.6.4/kibana/search/watchguard_firebox-19e90429-51c9-4f47-8889-baf56bdc7735.json", "/package/watchguard_firebox/1.6.4/kibana/search/watchguard_firebox-5cbe635b-9d2e-4d14-b2d4-e7146c421eaf.json", "/package/watchguard_firebox/1.6.4/kibana/search/watchguard_firebox-9173ff94-4af2-4f6d-86bc-7123d0f335f5.json", "/package/watchguard_firebox/1.6.4/data_stream/log/fields/base-fields.yml", "/package/watchguard_firebox/1.6.4/data_stream/log/fields/beats.yml", "/package/watchguard_firebox/1.6.4/data_stream/log/fields/fields.yml", "/package/watchguard_firebox/1.6.4/data_stream/log/agent/stream/udp.yml.hbs", "/package/watchguard_firebox/1.6.4/data_stream/log/elasticsearch/ingest_pipeline/default.yml", "/package/watchguard_firebox/1.6.4/data_stream/log/elasticsearch/ingest_pipeline/pipeline_alarm.yml", "/package/watchguard_firebox/1.6.4/data_stream/log/elasticsearch/ingest_pipeline/pipeline_diagnostic.yml", "/package/watchguard_firebox/1.6.4/data_stream/log/elasticsearch/ingest_pipeline/pipeline_event.yml", "/package/watchguard_firebox/1.6.4/data_stream/log/elasticsearch/ingest_pipeline/pipeline_traffic.yml" ], "policy_templates": [ { "name": "watchguard_firebox", "title": "WatchGuard Firebox logs", "description": "Collect WatchGuard Firebox logs.", "inputs": [ { "type": "udp", "title": "Collect WatchGuard Firebox logs via UDP input", "description": "Collecting logs from WatchGuard Firebox via UDP input." } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "watchguard_firebox.log", "title": "WatchGuard Firebox logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "udp", "vars": [ { "name": "listen_address", "type": "text", "title": "Listen Address", "description": "The bind address to listen for udp connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "listen_port", "type": "integer", "title": "Listen Port", "description": "The UDP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 9528 }, { "name": "udp_options", "type": "yaml", "title": "Custom UDP Options", "description": "Specify custom configuration options for the UDP input.", "multi": false, "required": false, "show_user": false, "default": "#max_message_size: 50KiB\n#timeout: 300s\n" }, { "name": "tz_offset", "type": "text", "title": "Timezone Offset", "description": "When interpreting syslog timestamps without a time zone, use this timezone offset. Datetimes recorded in logs are by default interpreted in relation to the timezone set up on the host where the agent is operating. Use this parameter to adjust the timezone offset when importing logs from a host in a different timezone so that datetimes are appropriately interpreted. Both a canonical ID (such as \"Europe/Amsterdam\") and an HH:mm differential (such as \"-05:00\") are acceptable timezone formats.", "multi": false, "required": true, "show_user": true, "default": "UTC" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "watchguard_firebox-log" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve watchguard firebox fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "udp.yml.hbs", "title": "WatchGuard Firebox logs", "description": "Collecting logs via syslog over UDP.", "enabled": true, "ingestion_method": "Network Protocol" } ], "package": "watchguard_firebox", "path": "log" } ] }