From 1e5abbe8eeb198a62b9ef43179db3124fc6c7a1b Mon Sep 17 00:00:00 2001 From: Marius Iversen Date: Tue, 21 Jan 2025 16:46:44 +0100 Subject: [PATCH] [Rule Migration] Add PackageClient to fetch integrations (#207197) ## Summary Awaiting the changes to the EPR API to include datasets we temporarily included a JSON file to simulate the expected outcome so we could move forward while waiting. Since the changes is now done, the calls to https://epr.elastic.co/search? now returns data_streams in their responses so this PR replaces the temp JSON with the proper PackageClient implementation. Tested a few migrations with both prebuilt rule matches and without, and seems to be working as intended. The integration count also seems to be consistent with what to be expected. --- .../rules/data/integrations_temp.json | 6881 ----------------- ...ule_migrations_data_integrations_client.ts | 73 +- .../rules/data/rule_migrations_field_maps.ts | 2 +- .../task/retrievers/integration_retriever.ts | 3 +- .../rules/task/rule_migrations_task_client.ts | 6 +- 5 files changed, 49 insertions(+), 6916 deletions(-) delete mode 100644 x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/data/integrations_temp.json diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/data/integrations_temp.json b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/data/integrations_temp.json deleted file mode 100644 index 9c312bb38e3d6..0000000000000 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/data/integrations_temp.json +++ /dev/null @@ -1,6881 +0,0 @@ -[ - { - "title": "Containerd", - "id": "containerd", - "description": "Collect metrics from containerd containers.", - "data_streams": [ - { - "dataset": "memory", - "index_pattern": "logs-containerd.memory-*", - "title": "Containerd memory metrics" - }, - { - "dataset": "blkio", - "index_pattern": "logs-containerd.blkio-*", - "title": "Containerd blkio metrics" - }, - { - "dataset": "cpu", - "index_pattern": "logs-containerd.cpu-*", - "title": "Containerd cpu metrics" - } - ], - "elser_embedding": "Containerd - Collect metrics from containerd containers. - Containerd memory metrics Containerd blkio metrics Containerd cpu metrics" - }, - { - "title": "Google Santa", - "id": "santa", - "description": "Collect logs from Google Santa with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-santa.log-*", - "title": "Google Santa log logs" - } - ], - "elser_embedding": "Google Santa - Collect logs from Google Santa with Elastic Agent. - Google Santa log logs" - }, - { - "title": "Keycloak", - "id": "keycloak", - "description": "Collect logs from Keycloak with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-keycloak.log-*", - "title": "Keycloak" - } - ], - "elser_embedding": "Keycloak - Collect logs from Keycloak with Elastic Agent. - Keycloak" - }, - { - "title": "Infoblox NIOS", - "id": "infoblox_nios", - "description": "Collect logs from Infoblox NIOS with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-infoblox_nios.log-*", - "title": "Infoblox NIOS logs" - } - ], - "elser_embedding": "Infoblox NIOS - Collect logs from Infoblox NIOS with Elastic Agent. - Infoblox NIOS logs" - }, - { - "title": "LastPass", - "id": "lastpass", - "description": "Collect logs from LastPass with Elastic Agent.", - "data_streams": [ - { - "dataset": "detailed_shared_folder", - "index_pattern": "logs-lastpass.detailed_shared_folder-*", - "title": "Collect Detailed Shared Folder logs from LastPass" - }, - { - "dataset": "user", - "index_pattern": "logs-lastpass.user-*", - "title": "Collect User logs from LastPass" - }, - { - "dataset": "event_report", - "index_pattern": "logs-lastpass.event_report-*", - "title": "Collect Event Report logs from LastPass" - } - ], - "elser_embedding": "LastPass - Collect logs from LastPass with Elastic Agent. - Collect Detailed Shared Folder logs from LastPass Collect User logs from LastPass Collect Event Report logs from LastPass" - }, - { - "title": "IBM MQ", - "id": "ibmmq", - "description": "Collect logs and metrics from IBM MQ with Elastic Agent.", - "data_streams": [ - { - "dataset": "qmgr", - "index_pattern": "logs-ibmmq.qmgr-*", - "title": "IBM MQ Queue Manager performance metrics" - }, - { - "dataset": "errorlog", - "index_pattern": "logs-ibmmq.errorlog-*", - "title": "IBM MQ Error logs" - } - ], - "elser_embedding": "IBM MQ - Collect logs and metrics from IBM MQ with Elastic Agent. - IBM MQ Queue Manager performance metrics IBM MQ Error logs" - }, - { - "title": "Jamf Protect", - "id": "jamf_protect", - "description": "Receives events from Jamf Protect with Elastic Agent.", - "data_streams": [ - { - "dataset": "web_traffic_events", - "index_pattern": "logs-jamf_protect.web_traffic_events-*", - "title": "Receives Web Traffic Events from Jamf Protect with Elastic Agent." - }, - { - "dataset": "telemetry_legacy", - "index_pattern": "logs-jamf_protect.telemetry_legacy-*", - "title": "Jamf Protect Telemetry (Legacy)." - }, - { - "dataset": "web_threat_events", - "index_pattern": "logs-jamf_protect.web_threat_events-*", - "title": "Receives Web Threat Events from Jamf Protect with Elastic Agent." - }, - { - "dataset": "telemetry", - "index_pattern": "logs-jamf_protect.telemetry-*", - "title": "Receives Telemetry from Jamf Protect with Elastic Agent." - }, - { - "dataset": "alerts", - "index_pattern": "logs-jamf_protect.alerts-*", - "title": "Receives Alerts from Jamf Protect with Elastic Agent." - } - ], - "elser_embedding": "Jamf Protect - Receives events from Jamf Protect with Elastic Agent. - Receives Web Traffic Events from Jamf Protect with Elastic Agent. Jamf Protect Telemetry (Legacy). Receives Web Threat Events from Jamf Protect with Elastic Agent. Receives Telemetry from Jamf Protect with Elastic Agent. Receives Alerts from Jamf Protect with Elastic Agent." - }, - { - "title": "Sysmon for Linux", - "id": "sysmon_linux", - "description": "Collect Sysmon Linux logs with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-sysmon_linux.log-*", - "title": "Sysmon for Linux logs" - } - ], - "elser_embedding": "Sysmon for Linux - Collect Sysmon Linux logs with Elastic Agent. - Sysmon for Linux logs" - }, - { - "title": "Trend Micro Deep Security", - "id": "trendmicro", - "description": "Collect logs from Trend Micro Deep Security with Elastic Agent.", - "data_streams": [ - { - "dataset": "deep_security", - "index_pattern": "logs-trendmicro.deep_security-*", - "title": "Collect logs from Trend Micro Deep Security" - } - ], - "elser_embedding": "Trend Micro Deep Security - Collect logs from Trend Micro Deep Security with Elastic Agent. - Collect logs from Trend Micro Deep Security" - }, - { - "title": "HAProxy", - "id": "haproxy", - "description": "Collect logs and metrics from HAProxy servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "info", - "index_pattern": "logs-haproxy.info-*", - "title": "HAProxy info metrics" - }, - { - "dataset": "stat", - "index_pattern": "logs-haproxy.stat-*", - "title": "HAProxy stat metrics" - }, - { - "dataset": "log", - "index_pattern": "logs-haproxy.log-*", - "title": "HAProxy logs" - } - ], - "elser_embedding": "HAProxy - Collect logs and metrics from HAProxy servers with Elastic Agent. - HAProxy info metrics HAProxy stat metrics HAProxy logs" - }, - { - "title": "ESET Threat Intelligence", - "id": "ti_eset", - "description": "Ingest threat intelligence indicators from ESET Threat Intelligence with Elastic Agent.", - "data_streams": [ - { - "dataset": "cc", - "index_pattern": "logs-ti_eset.cc-*", - "title": "Botnet C&C" - }, - { - "dataset": "url", - "index_pattern": "logs-ti_eset.url-*", - "title": "URL" - }, - { - "dataset": "domains", - "index_pattern": "logs-ti_eset.domains-*", - "title": "Domain" - }, - { - "dataset": "files", - "index_pattern": "logs-ti_eset.files-*", - "title": "Malicious files" - }, - { - "dataset": "apt", - "index_pattern": "logs-ti_eset.apt-*", - "title": "APT" - }, - { - "dataset": "ip", - "index_pattern": "logs-ti_eset.ip-*", - "title": "IP" - }, - { - "dataset": "botnet", - "index_pattern": "logs-ti_eset.botnet-*", - "title": "Botnet" - } - ], - "elser_embedding": "ESET Threat Intelligence - Ingest threat intelligence indicators from ESET Threat Intelligence with Elastic Agent. - Botnet C&C URL Domain Malicious files APT IP Botnet" - }, - { - "title": "Lyve Cloud", - "id": "lyve_cloud", - "description": "Collect S3 API audit log from Lyve Cloud with Elastic Agent.", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-lyve_cloud.audit-*", - "title": "Lyve Cloud logs" - } - ], - "elser_embedding": "Lyve Cloud - Collect S3 API audit log from Lyve Cloud with Elastic Agent. - Lyve Cloud logs" - }, - { - "title": "Tanium", - "id": "tanium", - "description": "This Elastic integration collects logs from Tanium with Elastic Agent.", - "data_streams": [ - { - "dataset": "discover", - "index_pattern": "logs-tanium.discover-*", - "title": "Collect Tanium Discover logs from Tanium" - }, - { - "dataset": "threat_response", - "index_pattern": "logs-tanium.threat_response-*", - "title": "Collect Threat Response logs from Tanium." - }, - { - "dataset": "client_status", - "index_pattern": "logs-tanium.client_status-*", - "title": "Client Status" - }, - { - "dataset": "reporting", - "index_pattern": "logs-tanium.reporting-*", - "title": "Reporting" - }, - { - "dataset": "action_history", - "index_pattern": "logs-tanium.action_history-*", - "title": "Collect Action History logs from Tanium." - }, - { - "dataset": "endpoint_config", - "index_pattern": "logs-tanium.endpoint_config-*", - "title": "Collect Endpoint Config logs from Tanium" - } - ], - "elser_embedding": "Tanium - This Elastic integration collects logs from Tanium with Elastic Agent. - Collect Tanium Discover logs from Tanium Collect Threat Response logs from Tanium. Client Status Reporting Collect Action History logs from Tanium. Collect Endpoint Config logs from Tanium" - }, - { - "title": "SonicWall Firewall", - "id": "sonicwall_firewall", - "description": "Integration for SonicWall firewall logs", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-sonicwall_firewall.log-*", - "title": "SonicWall Firewall logs" - } - ], - "elser_embedding": "SonicWall Firewall - Integration for SonicWall firewall logs - SonicWall Firewall logs" - }, - { - "title": "STAN", - "id": "stan", - "description": "Collect logs and metrics from STAN servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "stats", - "index_pattern": "logs-stan.stats-*", - "title": "Stan stats metrics" - }, - { - "dataset": "subscriptions", - "index_pattern": "logs-stan.subscriptions-*", - "title": "Stan subscriptions metrics" - }, - { - "dataset": "channels", - "index_pattern": "logs-stan.channels-*", - "title": "Stan channels metrics" - }, - { - "dataset": "log", - "index_pattern": "logs-stan.log-*", - "title": "STAN logs" - } - ], - "elser_embedding": "STAN - Collect logs and metrics from STAN servers with Elastic Agent. - Stan stats metrics Stan subscriptions metrics Stan channels metrics STAN logs" - }, - { - "title": "Amazon Bedrock", - "id": "aws_bedrock", - "description": "Collect Amazon Bedrock model invocation logs and runtime metrics with Elastic Agent.", - "data_streams": [ - { - "dataset": "runtime", - "index_pattern": "logs-aws_bedrock.runtime-*", - "title": "Amazon Bedrock Runtime Metrics" - }, - { - "dataset": "invocation", - "index_pattern": "logs-aws_bedrock.invocation-*", - "title": "Amazon Bedrock model invocation logs" - } - ], - "elser_embedding": "Amazon Bedrock - Collect Amazon Bedrock model invocation logs and runtime metrics with Elastic Agent. - Amazon Bedrock Runtime Metrics Amazon Bedrock model invocation logs" - }, - { - "title": "Microsoft M365 Defender", - "id": "m365_defender", - "description": "Collect logs from Microsoft M365 Defender with Elastic Agent.", - "data_streams": [ - { - "dataset": "alert", - "index_pattern": "logs-m365_defender.alert-*", - "title": "Collect Alert logs from Microsoft 365 Defender" - }, - { - "dataset": "log", - "index_pattern": "logs-m365_defender.log-*", - "title": "M365 Defender Logs" - }, - { - "dataset": "incident", - "index_pattern": "logs-m365_defender.incident-*", - "title": "Collect Incident logs from Microsoft 365 Defender" - }, - { - "dataset": "event", - "index_pattern": "logs-m365_defender.event-*", - "title": "Collect Event logs from Microsoft 365 Defender." - } - ], - "elser_embedding": "Microsoft M365 Defender - Collect logs from Microsoft M365 Defender with Elastic Agent. - Collect Alert logs from Microsoft 365 Defender M365 Defender Logs Collect Incident logs from Microsoft 365 Defender Collect Event logs from Microsoft 365 Defender." - }, - { - "title": "NATS", - "id": "nats", - "description": "Collect logs and metrics from NATS servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "stats", - "index_pattern": "logs-nats.stats-*", - "title": "NATS stats metrics" - }, - { - "dataset": "route", - "index_pattern": "logs-nats.route-*", - "title": "NATS route metrics" - }, - { - "dataset": "connection", - "index_pattern": "logs-nats.connection-*", - "title": "NATS connection metrics" - }, - { - "dataset": "subscriptions", - "index_pattern": "logs-nats.subscriptions-*", - "title": "NATS subscriptions metrics" - }, - { - "dataset": "log", - "index_pattern": "logs-nats.log-*", - "title": "NATS logs" - }, - { - "dataset": "routes", - "index_pattern": "logs-nats.routes-*", - "title": "NATS routes metrics" - }, - { - "dataset": "connections", - "index_pattern": "logs-nats.connections-*", - "title": "NATS connections metrics" - } - ], - "elser_embedding": "NATS - Collect logs and metrics from NATS servers with Elastic Agent. - NATS stats metrics NATS route metrics NATS connection metrics NATS subscriptions metrics NATS logs NATS routes metrics NATS connections metrics" - }, - { - "title": "GoFlow2 logs", - "id": "goflow2", - "description": "Collect logs from goflow2 with Elastic Agent.", - "data_streams": [ - { - "dataset": "sflow", - "index_pattern": "logs-goflow2.sflow-*", - "title": "Goflow2 sFlow" - } - ], - "elser_embedding": "GoFlow2 logs - Collect logs from goflow2 with Elastic Agent. - Goflow2 sFlow" - }, - { - "title": "Microsoft Defender for Cloud", - "id": "microsoft_defender_cloud", - "description": "Collect logs from Microsoft Defender for Cloud with Elastic Agent.", - "data_streams": [ - { - "dataset": "event", - "index_pattern": "logs-microsoft_defender_cloud.event-*", - "title": "Collect Event(Alert and Recommendation) logs from Microsoft Defender for Cloud." - } - ], - "elser_embedding": "Microsoft Defender for Cloud - Collect logs from Microsoft Defender for Cloud with Elastic Agent. - Collect Event(Alert and Recommendation) logs from Microsoft Defender for Cloud." - }, - { - "title": "RabbitMQ Logs and Metrics", - "id": "rabbitmq", - "description": "Collect and parse logs from RabbitMQ servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "queue", - "index_pattern": "logs-rabbitmq.queue-*", - "title": "RabbitMQ queue metrics" - }, - { - "dataset": "exchange", - "index_pattern": "logs-rabbitmq.exchange-*", - "title": "RabbitMQ exchange metrics" - }, - { - "dataset": "connection", - "index_pattern": "logs-rabbitmq.connection-*", - "title": "RabbitMQ connection metrics" - }, - { - "dataset": "log", - "index_pattern": "logs-rabbitmq.log-*", - "title": "RabbitMQ application logs" - }, - { - "dataset": "node", - "index_pattern": "logs-rabbitmq.node-*", - "title": "RabbitMQ node metrics" - } - ], - "elser_embedding": "RabbitMQ Logs and Metrics - Collect and parse logs from RabbitMQ servers with Elastic Agent. - RabbitMQ queue metrics RabbitMQ exchange metrics RabbitMQ connection metrics RabbitMQ application logs RabbitMQ node metrics" - }, - { - "title": "Apache Tomcat", - "id": "apache_tomcat", - "description": "Collect and parse logs and metrics from Apache Tomcat servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "catalina", - "index_pattern": "logs-apache_tomcat.catalina-*", - "title": "Apache Tomcat Catalina logs" - }, - { - "dataset": "memory", - "index_pattern": "logs-apache_tomcat.memory-*", - "title": "Apache Tomcat Memory metrics" - }, - { - "dataset": "access", - "index_pattern": "logs-apache_tomcat.access-*", - "title": "Apache Tomcat Access logs" - }, - { - "dataset": "cache", - "index_pattern": "logs-apache_tomcat.cache-*", - "title": "Apache Tomcat Cache metrics" - }, - { - "dataset": "request", - "index_pattern": "logs-apache_tomcat.request-*", - "title": "Apache Tomcat Request metrics" - }, - { - "dataset": "session", - "index_pattern": "logs-apache_tomcat.session-*", - "title": "Apache Tomcat Session metrics" - }, - { - "dataset": "localhost", - "index_pattern": "logs-apache_tomcat.localhost-*", - "title": "Apache Tomcat Localhost logs" - }, - { - "dataset": "connection_pool", - "index_pattern": "logs-apache_tomcat.connection_pool-*", - "title": "Apache Tomcat Connection Pool metrics" - }, - { - "dataset": "thread_pool", - "index_pattern": "logs-apache_tomcat.thread_pool-*", - "title": "Apache Tomcat Thread Pool metrics" - } - ], - "elser_embedding": "Apache Tomcat - Collect and parse logs and metrics from Apache Tomcat servers with Elastic Agent. - Apache Tomcat Catalina logs Apache Tomcat Memory metrics Apache Tomcat Access logs Apache Tomcat Cache metrics Apache Tomcat Request metrics Apache Tomcat Session metrics Apache Tomcat Localhost logs Apache Tomcat Connection Pool metrics Apache Tomcat Thread Pool metrics" - }, - { - "title": "CylanceProtect Logs", - "id": "cylance", - "description": "Collect logs from CylanceProtect devices with Elastic Agent.", - "data_streams": [ - { - "dataset": "protect", - "index_pattern": "logs-cylance.protect-*", - "title": "CylanceProtect logs" - } - ], - "elser_embedding": "CylanceProtect Logs - Collect logs from CylanceProtect devices with Elastic Agent. - CylanceProtect logs" - }, - { - "title": "Rapid7 InsightVM", - "id": "rapid7_insightvm", - "description": "Collect logs from Rapid7 InsightVM with Elastic Agent.", - "data_streams": [ - { - "dataset": "vulnerability", - "index_pattern": "logs-rapid7_insightvm.vulnerability-*", - "title": "Collect Vulnerability logs from Rapid7 InsightVM" - }, - { - "dataset": "asset", - "index_pattern": "logs-rapid7_insightvm.asset-*", - "title": "Collect Asset logs from Rapid7 InsightVM" - } - ], - "elser_embedding": "Rapid7 InsightVM - Collect logs from Rapid7 InsightVM with Elastic Agent. - Collect Vulnerability logs from Rapid7 InsightVM Collect Asset logs from Rapid7 InsightVM" - }, - { - "title": "Symantec EDR Cloud", - "id": "symantec_edr_cloud", - "description": "Collect logs from Symantec EDR Cloud with Elastic Agent.", - "data_streams": [ - { - "dataset": "incident", - "index_pattern": "logs-symantec_edr_cloud.incident-*", - "title": "Collect Incident logs from Symantec EDR Cloud" - } - ], - "elser_embedding": "Symantec EDR Cloud - Collect logs from Symantec EDR Cloud with Elastic Agent. - Collect Incident logs from Symantec EDR Cloud" - }, - { - "title": "Nginx Ingress Controller OpenTelemetry Logs", - "id": "nginx_ingress_controller_otel", - "description": "Collect Nginx Ingress Controller logs using the OpenTelemetry collector.", - "data_streams": [], - "elser_embedding": "Nginx Ingress Controller OpenTelemetry Logs - Collect Nginx Ingress Controller logs using the OpenTelemetry collector. - " - }, - { - "title": "OpenCTI", - "id": "ti_opencti", - "description": "Ingest threat intelligence indicators from OpenCTI with Elastic Agent.", - "data_streams": [ - { - "dataset": "indicator", - "index_pattern": "logs-ti_opencti.indicator-*", - "title": "Indicator" - } - ], - "elser_embedding": "OpenCTI - Ingest threat intelligence indicators from OpenCTI with Elastic Agent. - Indicator" - }, - { - "title": "Windows", - "id": "windows", - "description": "Collect logs and metrics from Windows OS and services with Elastic Agent.", - "data_streams": [ - { - "dataset": "applocker_packaged_app_deployment", - "index_pattern": "logs-windows.applocker_packaged_app_deployment-*", - "title": "Windows AppLocker/Packaged app-Deployment logs" - }, - { - "dataset": "applocker_msi_and_script", - "index_pattern": "logs-windows.applocker_msi_and_script-*", - "title": "Windows AppLocker/MSI and Script logs" - }, - { - "dataset": "powershell_operational", - "index_pattern": "logs-windows.powershell_operational-*", - "title": "Windows Powershell/Operational logs" - }, - { - "dataset": "perfmon", - "index_pattern": "logs-windows.perfmon-*", - "title": "Windows perfmon metrics" - }, - { - "dataset": "windows_defender", - "index_pattern": "logs-windows.windows_defender-*", - "title": "Windows Defender logs" - }, - { - "dataset": "sysmon_operational", - "index_pattern": "logs-windows.sysmon_operational-*", - "title": "Windows Sysmon/Operational events" - }, - { - "dataset": "service", - "index_pattern": "logs-windows.service-*", - "title": "Windows service metrics" - }, - { - "dataset": "forwarded", - "index_pattern": "logs-windows.forwarded-*", - "title": "Windows forwarded events" - }, - { - "dataset": "powershell", - "index_pattern": "logs-windows.powershell-*", - "title": "Windows Powershell logs" - }, - { - "dataset": "applocker_exe_and_dll", - "index_pattern": "logs-windows.applocker_exe_and_dll-*", - "title": "Windows AppLocker/EXE and DLL logs" - }, - { - "dataset": "applocker_packaged_app_execution", - "index_pattern": "logs-windows.applocker_packaged_app_execution-*", - "title": "Windows AppLocker/Packaged app-Execution logs" - } - ], - "elser_embedding": "Windows - Collect logs and metrics from Windows OS and services with Elastic Agent. - Windows AppLocker/Packaged app-Deployment logs Windows AppLocker/MSI and Script logs Windows Powershell/Operational logs Windows perfmon metrics Windows Defender logs Windows Sysmon/Operational events Windows service metrics Windows forwarded events Windows Powershell logs Windows AppLocker/EXE and DLL logs Windows AppLocker/Packaged app-Execution logs" - }, - { - "title": "CouchDB", - "id": "couchdb", - "description": "Collect metrics from CouchDB with Elastic Agent.", - "data_streams": [ - { - "dataset": "server", - "index_pattern": "logs-couchdb.server-*", - "title": "Server" - } - ], - "elser_embedding": "CouchDB - Collect metrics from CouchDB with Elastic Agent. - Server" - }, - { - "title": "Custom UDP Logs", - "id": "udp", - "description": "Collect raw UDP data from listening UDP port with Elastic Agent.", - "data_streams": [ - { - "dataset": "generic", - "index_pattern": "logs-udp.generic-*", - "title": "Custom UDP Logs" - } - ], - "elser_embedding": "Custom UDP Logs - Collect raw UDP data from listening UDP port with Elastic Agent. - Custom UDP Logs" - }, - { - "title": "Cassandra", - "id": "cassandra", - "description": "This Elastic integration collects logs and metrics from cassandra.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-cassandra.log-*", - "title": "Cassandra System Logs" - }, - { - "dataset": "metrics", - "index_pattern": "logs-cassandra.metrics-*", - "title": "Metrics" - } - ], - "elser_embedding": "Cassandra - This Elastic integration collects logs and metrics from cassandra. - Cassandra System Logs Metrics" - }, - { - "title": "Gigamon", - "id": "gigamon", - "description": "Collect logs from Gigamon with Elastic Agent.", - "data_streams": [ - { - "dataset": "ami", - "index_pattern": "logs-gigamon.ami-*", - "title": "Gigamon Application Metadata Intelligence (AMI) Logs" - } - ], - "elser_embedding": "Gigamon - Collect logs from Gigamon with Elastic Agent. - Gigamon Application Metadata Intelligence (AMI) Logs" - }, - { - "title": "Hashicorp Vault", - "id": "hashicorp_vault", - "description": "Collect logs and metrics from Hashicorp Vault with Elastic Agent.", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-hashicorp_vault.audit-*", - "title": "Hashicorp Vault Audit Logs" - }, - { - "dataset": "log", - "index_pattern": "logs-hashicorp_vault.log-*", - "title": "Hashicorp Vault Operational Logs" - }, - { - "dataset": "metrics", - "index_pattern": "logs-hashicorp_vault.metrics-*", - "title": "Hashicorp Vault Metrics" - } - ], - "elser_embedding": "Hashicorp Vault - Collect logs and metrics from Hashicorp Vault with Elastic Agent. - Hashicorp Vault Audit Logs Hashicorp Vault Operational Logs Hashicorp Vault Metrics" - }, - { - "title": "Okta", - "id": "okta", - "description": "Collect and parse event logs from Okta API with Elastic Agent.", - "data_streams": [ - { - "dataset": "system", - "index_pattern": "logs-okta.system-*", - "title": "Okta system logs" - } - ], - "elser_embedding": "Okta - Collect and parse event logs from Okta API with Elastic Agent. - Okta system logs" - }, - { - "title": "Recorded Future", - "id": "ti_recordedfuture", - "description": "Ingest threat intelligence indicators from Recorded Future risk lists with Elastic Agent.", - "data_streams": [ - { - "dataset": "threat", - "index_pattern": "logs-ti_recordedfuture.threat-*", - "title": "Recorded Future" - } - ], - "elser_embedding": "Recorded Future - Ingest threat intelligence indicators from Recorded Future risk lists with Elastic Agent. - Recorded Future" - }, - { - "title": "IIS", - "id": "iis", - "description": "Collect logs and metrics from Internet Information Services (IIS) servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "access", - "index_pattern": "logs-iis.access-*", - "title": "IIS access logs" - }, - { - "dataset": "webserver", - "index_pattern": "logs-iis.webserver-*", - "title": "IIS web server metrics" - }, - { - "dataset": "error", - "index_pattern": "logs-iis.error-*", - "title": "IIS error logs" - }, - { - "dataset": "website", - "index_pattern": "logs-iis.website-*", - "title": "IIS website metrics" - }, - { - "dataset": "application_pool", - "index_pattern": "logs-iis.application_pool-*", - "title": "IIS application_pool metrics" - } - ], - "elser_embedding": "IIS - Collect logs and metrics from Internet Information Services (IIS) servers with Elastic Agent. - IIS access logs IIS web server metrics IIS error logs IIS website metrics IIS application_pool metrics" - }, - { - "title": "Golang", - "id": "golang", - "description": "This Elastic integration collects metrics from Golang applications.", - "data_streams": [ - { - "dataset": "heap", - "index_pattern": "logs-golang.heap-*", - "title": "Golang Heap metrics" - }, - { - "dataset": "expvar", - "index_pattern": "logs-golang.expvar-*", - "title": "Golang expvar metrics" - } - ], - "elser_embedding": "Golang - This Elastic integration collects metrics from Golang applications. - Golang Heap metrics Golang expvar metrics" - }, - { - "title": "MongoDB", - "id": "mongodb", - "description": "Collect logs and metrics from MongoDB instances with Elastic Agent.", - "data_streams": [ - { - "dataset": "replstatus", - "index_pattern": "logs-mongodb.replstatus-*", - "title": "MongoDB replstatus metrics" - }, - { - "dataset": "log", - "index_pattern": "logs-mongodb.log-*", - "title": "mongodb log logs" - }, - { - "dataset": "metrics", - "index_pattern": "logs-mongodb.metrics-*", - "title": "MongoDB metrics" - }, - { - "dataset": "status", - "index_pattern": "logs-mongodb.status-*", - "title": "MongoDB status metrics" - }, - { - "dataset": "dbstats", - "index_pattern": "logs-mongodb.dbstats-*", - "title": "MongoDB dbstats metrics" - }, - { - "dataset": "collstats", - "index_pattern": "logs-mongodb.collstats-*", - "title": "MongoDB collstats metrics" - } - ], - "elser_embedding": "MongoDB - Collect logs and metrics from MongoDB instances with Elastic Agent. - MongoDB replstatus metrics mongodb log logs MongoDB metrics MongoDB status metrics MongoDB dbstats metrics MongoDB collstats metrics" - }, - { - "title": "Sublime Security", - "id": "sublime_security", - "description": "Collect logs from Sublime Security with Elastic Agent.", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-sublime_security.audit-*", - "title": "Sublime Security Audit logs" - }, - { - "dataset": "email_message", - "index_pattern": "logs-sublime_security.email_message-*", - "title": "Sublime Security Email Message logs" - }, - { - "dataset": "message_event", - "index_pattern": "logs-sublime_security.message_event-*", - "title": "Sublime Security Message Event logs" - } - ], - "elser_embedding": "Sublime Security - Collect logs from Sublime Security with Elastic Agent. - Sublime Security Audit logs Sublime Security Email Message logs Sublime Security Message Event logs" - }, - { - "title": "Nginx", - "id": "nginx", - "description": "Collect logs and metrics from Nginx HTTP servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "access", - "index_pattern": "logs-nginx.access-*", - "title": "Nginx access logs" - }, - { - "dataset": "error", - "index_pattern": "logs-nginx.error-*", - "title": "Nginx error logs" - }, - { - "dataset": "stubstatus", - "index_pattern": "logs-nginx.stubstatus-*", - "title": "Nginx stubstatus metrics" - } - ], - "elser_embedding": "Nginx - Collect logs and metrics from Nginx HTTP servers with Elastic Agent. - Nginx access logs Nginx error logs Nginx stubstatus metrics" - }, - { - "title": "Apache Spark", - "id": "apache_spark", - "description": "Collect metrics from Apache Spark with Elastic Agent.", - "data_streams": [ - { - "dataset": "driver", - "index_pattern": "logs-apache_spark.driver-*", - "title": "Apache Spark driver metrics" - }, - { - "dataset": "application", - "index_pattern": "logs-apache_spark.application-*", - "title": "Apache Spark application metrics" - }, - { - "dataset": "node", - "index_pattern": "logs-apache_spark.node-*", - "title": "Apache Spark node metrics" - }, - { - "dataset": "executor", - "index_pattern": "logs-apache_spark.executor-*", - "title": "Apache Spark executor metrics" - } - ], - "elser_embedding": "Apache Spark - Collect metrics from Apache Spark with Elastic Agent. - Apache Spark driver metrics Apache Spark application metrics Apache Spark node metrics Apache Spark executor metrics" - }, - { - "title": "Rapid7 Threat Command", - "id": "ti_rapid7_threat_command", - "description": "Collect threat intelligence from Threat Command API with Elastic Agent.", - "data_streams": [ - { - "dataset": "ioc", - "index_pattern": "logs-ti_rapid7_threat_command.ioc-*", - "title": "Rapid7 Threat Command IOCs" - }, - { - "dataset": "vulnerability", - "index_pattern": "logs-ti_rapid7_threat_command.vulnerability-*", - "title": "Rapid7 Threat Command Vulnerability" - }, - { - "dataset": "alert", - "index_pattern": "logs-ti_rapid7_threat_command.alert-*", - "title": "Rapid7 Threat Command Alerts" - } - ], - "elser_embedding": "Rapid7 Threat Command - Collect threat intelligence from Threat Command API with Elastic Agent. - Rapid7 Threat Command IOCs Rapid7 Threat Command Vulnerability Rapid7 Threat Command Alerts" - }, - { - "title": "Fortinet FortiEDR Logs", - "id": "fortinet_fortiedr", - "description": "Collect logs from Fortinet FortiEDR instances with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-fortinet_fortiedr.log-*", - "title": "Fortinet FortEDR Endpoint Detection and Response logs" - } - ], - "elser_embedding": "Fortinet FortiEDR Logs - Collect logs from Fortinet FortiEDR instances with Elastic Agent. - Fortinet FortEDR Endpoint Detection and Response logs" - }, - { - "title": "ThreatQuotient", - "id": "ti_threatq", - "description": "Ingest threat intelligence indicators from ThreatQuotient with Elastic Agent.", - "data_streams": [ - { - "dataset": "threat", - "index_pattern": "logs-ti_threatq.threat-*", - "title": "ThreatQ" - } - ], - "elser_embedding": "ThreatQuotient - Ingest threat intelligence indicators from ThreatQuotient with Elastic Agent. - ThreatQ" - }, - { - "title": "BBOT (Bighuge BLS OSINT Tool)", - "id": "bbot", - "description": "BBOT is a recursive internet scanner inspired by Spiderfoot, but designed to be faster, more reliable, and friendlier to pentesters, bug bounty hunters, and developers. ", - "data_streams": [ - { - "dataset": "asm_intel", - "index_pattern": "logs-bbot.asm_intel-*", - "title": "BBOT-Data-Ingest" - } - ], - "elser_embedding": "BBOT (Bighuge BLS OSINT Tool) - BBOT is a recursive internet scanner inspired by Spiderfoot, but designed to be faster, more reliable, and friendlier to pentesters, bug bounty hunters, and developers. - BBOT-Data-Ingest" - }, - { - "title": "Microsoft SQL Server", - "id": "microsoft_sqlserver", - "description": "Collect events from Microsoft SQL Server with Elastic Agent", - "data_streams": [ - { - "dataset": "performance", - "index_pattern": "logs-microsoft_sqlserver.performance-*", - "title": "Microsoft SQL Server performance metrics" - }, - { - "dataset": "audit", - "index_pattern": "logs-microsoft_sqlserver.audit-*", - "title": "SQL Server audit events" - }, - { - "dataset": "log", - "index_pattern": "logs-microsoft_sqlserver.log-*", - "title": "Microsoft SQL Server error logs" - }, - { - "dataset": "transaction_log", - "index_pattern": "logs-microsoft_sqlserver.transaction_log-*", - "title": "Microsoft SQL Server transaction_log metrics" - } - ], - "elser_embedding": "Microsoft SQL Server - Collect events from Microsoft SQL Server with Elastic Agent - Microsoft SQL Server performance metrics SQL Server audit events Microsoft SQL Server error logs Microsoft SQL Server transaction_log metrics" - }, - { - "title": "Claroty CTD", - "id": "claroty_ctd", - "description": "Collect logs from Claroty CTD using Elastic Agent.", - "data_streams": [ - { - "dataset": "baseline", - "index_pattern": "logs-claroty_ctd.baseline-*", - "title": "Baseline logs" - }, - { - "dataset": "event", - "index_pattern": "logs-claroty_ctd.event-*", - "title": "Event logs" - }, - { - "dataset": "asset", - "index_pattern": "logs-claroty_ctd.asset-*", - "title": "Asset logs" - } - ], - "elser_embedding": "Claroty CTD - Collect logs from Claroty CTD using Elastic Agent. - Baseline logs Event logs Asset logs" - }, - { - "title": "ZeroFox", - "id": "zerofox", - "description": "Collect logs from ZeroFox with Elastic Agent.", - "data_streams": [ - { - "dataset": "alerts", - "index_pattern": "logs-zerofox.alerts-*", - "title": "Alerts" - } - ], - "elser_embedding": "ZeroFox - Collect logs from ZeroFox with Elastic Agent. - Alerts" - }, - { - "title": "Darktrace", - "id": "darktrace", - "description": "Collect logs from Darktrace with Elastic Agent.", - "data_streams": [ - { - "dataset": "system_status_alert", - "index_pattern": "logs-darktrace.system_status_alert-*", - "title": "Collect System Status Alert logs from Darktrace" - }, - { - "dataset": "model_breach_alert", - "index_pattern": "logs-darktrace.model_breach_alert-*", - "title": "Collect Model Breach Alert logs from Darktrace" - }, - { - "dataset": "ai_analyst_alert", - "index_pattern": "logs-darktrace.ai_analyst_alert-*", - "title": "Collect AI Analyst Alert logs from Darktrace" - } - ], - "elser_embedding": "Darktrace - Collect logs from Darktrace with Elastic Agent. - Collect System Status Alert logs from Darktrace Collect Model Breach Alert logs from Darktrace Collect AI Analyst Alert logs from Darktrace" - }, - { - "title": "Cybersixgill", - "id": "ti_cybersixgill", - "description": "Ingest threat intelligence indicators from Cybersixgill with Elastic Agent.", - "data_streams": [ - { - "dataset": "threat", - "index_pattern": "logs-ti_cybersixgill.threat-*", - "title": "Cybersixgill Darkfeed Logs" - } - ], - "elser_embedding": "Cybersixgill - Ingest threat intelligence indicators from Cybersixgill with Elastic Agent. - Cybersixgill Darkfeed Logs" - }, - { - "title": "Trend Micro Vision One", - "id": "trend_micro_vision_one", - "description": "Collect logs from Trend Micro Vision One with Elastic Agent.", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-trend_micro_vision_one.audit-*", - "title": "Collect Audit logs from Trend Micro Vision One." - }, - { - "dataset": "alert", - "index_pattern": "logs-trend_micro_vision_one.alert-*", - "title": "Collect Alert logs from Trend Micro Vision One." - }, - { - "dataset": "detection", - "index_pattern": "logs-trend_micro_vision_one.detection-*", - "title": "Collect Detection logs from Trend Micro Vision One." - } - ], - "elser_embedding": "Trend Micro Vision One - Collect logs from Trend Micro Vision One with Elastic Agent. - Collect Audit logs from Trend Micro Vision One. Collect Alert logs from Trend Micro Vision One. Collect Detection logs from Trend Micro Vision One." - }, - { - "title": "Traefik", - "id": "traefik", - "description": "Collect logs from Traefik servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "access", - "index_pattern": "logs-traefik.access-*", - "title": "Traefik access logs" - }, - { - "dataset": "health", - "index_pattern": "logs-traefik.health-*", - "title": "Traefik health metrics" - } - ], - "elser_embedding": "Traefik - Collect logs from Traefik servers with Elastic Agent. - Traefik access logs Traefik health metrics" - }, - { - "title": "F5 BIG-IP", - "id": "f5_bigip", - "description": "Collect logs from F5 BIG-IP with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-f5_bigip.log-*", - "title": "Collect logs from F5 BIG-IP" - } - ], - "elser_embedding": "F5 BIG-IP - Collect logs from F5 BIG-IP with Elastic Agent. - Collect logs from F5 BIG-IP" - }, - { - "title": "Custom Kafka Logs", - "id": "kafka_log", - "description": "Collect data from kafka topic with Elastic Agent.", - "data_streams": [ - { - "dataset": "generic", - "index_pattern": "logs-kafka_log.generic-*", - "title": "Custom Kafka Logs" - } - ], - "elser_embedding": "Custom Kafka Logs - Collect data from kafka topic with Elastic Agent. - Custom Kafka Logs" - }, - { - "title": "CyberArk Privileged Access Security", - "id": "cyberarkpas", - "description": "Collect logs from CyberArk Privileged Access Security with Elastic Agent.", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-cyberarkpas.audit-*", - "title": "CyberArk PAS audit logs" - }, - { - "dataset": "monitor", - "index_pattern": "logs-cyberarkpas.monitor-*", - "title": "CyberArk PAS monitor Events" - } - ], - "elser_embedding": "CyberArk Privileged Access Security - Collect logs from CyberArk Privileged Access Security with Elastic Agent. - CyberArk PAS audit logs CyberArk PAS monitor Events" - }, - { - "title": "Palo Alto Prisma Cloud", - "id": "prisma_cloud", - "description": "Collect logs from Prisma Cloud with Elastic Agent.", - "data_streams": [ - { - "dataset": "host_profile", - "index_pattern": "logs-prisma_cloud.host_profile-*", - "title": "Collect Host Profile logs from Prisma Cloud Workload Protection." - }, - { - "dataset": "host", - "index_pattern": "logs-prisma_cloud.host-*", - "title": "Collect Host logs from Prisma Cloud Workload Protection." - }, - { - "dataset": "audit", - "index_pattern": "logs-prisma_cloud.audit-*", - "title": "Collect Audit logs from Prisma Cloud Security Posture Management." - }, - { - "dataset": "alert", - "index_pattern": "logs-prisma_cloud.alert-*", - "title": "Collect Alert logs from Prisma Cloud Security Posture Management." - }, - { - "dataset": "incident_audit", - "index_pattern": "logs-prisma_cloud.incident_audit-*", - "title": "Collect Incident Audit logs from Prisma Cloud Workload Protection." - } - ], - "elser_embedding": "Palo Alto Prisma Cloud - Collect logs from Prisma Cloud with Elastic Agent. - Collect Host Profile logs from Prisma Cloud Workload Protection. Collect Host logs from Prisma Cloud Workload Protection. Collect Audit logs from Prisma Cloud Security Posture Management. Collect Alert logs from Prisma Cloud Security Posture Management. Collect Incident Audit logs from Prisma Cloud Workload Protection." - }, - { - "title": "Cilium Tetragon", - "id": "cilium_tetragon", - "description": "Collect Cilium Tetragon logs from Kubernetes environments.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-cilium_tetragon.log-*", - "title": "log\n" - } - ], - "elser_embedding": "Cilium Tetragon - Collect Cilium Tetragon logs from Kubernetes environments. - log\n" - }, - { - "title": "Qualys VMDR", - "id": "qualys_vmdr", - "description": "Collect data from Qualys VMDR platform with Elastic Agent.", - "data_streams": [ - { - "dataset": "knowledge_base", - "index_pattern": "logs-qualys_vmdr.knowledge_base-*", - "title": "Collect Knowledge Base data from Qualys VMDR platform." - }, - { - "dataset": "user_activity", - "index_pattern": "logs-qualys_vmdr.user_activity-*", - "title": "Collect User Activity Log data from Qualys VMDR platform." - }, - { - "dataset": "asset_host_detection", - "index_pattern": "logs-qualys_vmdr.asset_host_detection-*", - "title": "Collect Asset Host Detection data from Qualys VMDR platform." - } - ], - "elser_embedding": "Qualys VMDR - Collect data from Qualys VMDR platform with Elastic Agent. - Collect Knowledge Base data from Qualys VMDR platform. Collect User Activity Log data from Qualys VMDR platform. Collect Asset Host Detection data from Qualys VMDR platform." - }, - { - "title": "Elastic Agent", - "id": "elastic_agent", - "description": "Collect logs and metrics from Elastic Agents.", - "data_streams": [ - { - "dataset": "fleet_server_logs", - "index_pattern": "logs-elastic_agent.fleet_server_logs-*", - "title": "Elastic Agent" - }, - { - "dataset": "endpoint_security_metrics", - "index_pattern": "logs-elastic_agent.endpoint_security_metrics-*", - "title": "Elastic Agent" - }, - { - "dataset": "apm_server_logs", - "index_pattern": "logs-elastic_agent.apm_server_logs-*", - "title": "Elastic Agent" - }, - { - "dataset": "osquerybeat_logs", - "index_pattern": "logs-elastic_agent.osquerybeat_logs-*", - "title": "Elastic Agent" - }, - { - "dataset": "heartbeat_logs", - "index_pattern": "logs-elastic_agent.heartbeat_logs-*", - "title": "Elastic Agent" - }, - { - "dataset": "metricbeat_logs", - "index_pattern": "logs-elastic_agent.metricbeat_logs-*", - "title": "Elastic Agent" - }, - { - "dataset": "elastic_agent_metrics", - "index_pattern": "logs-elastic_agent.elastic_agent_metrics-*", - "title": "Elastic Agent" - }, - { - "dataset": "auditbeat_metrics", - "index_pattern": "logs-elastic_agent.auditbeat_metrics-*", - "title": "Elastic Agent Auditbeat Metrics" - }, - { - "dataset": "pf_elastic_symbolizer", - "index_pattern": "logs-elastic_agent.pf_elastic_symbolizer-*", - "title": "Elastic Agent" - }, - { - "dataset": "cloud_defend_logs", - "index_pattern": "logs-elastic_agent.cloud_defend_logs-*", - "title": "Elastic Agent" - }, - { - "dataset": "endpoint_sercurity_logs", - "index_pattern": "logs-elastic_agent.endpoint_sercurity_logs-*", - "title": "Elastic Agent" - }, - { - "dataset": "filebeat_input_metrics", - "index_pattern": "logs-elastic_agent.filebeat_input_metrics-*", - "title": "Elastic Agent" - }, - { - "dataset": "metricbeat_metrics", - "index_pattern": "logs-elastic_agent.metricbeat_metrics-*", - "title": "Elastic Agent" - }, - { - "dataset": "packetbeat_metrics", - "index_pattern": "logs-elastic_agent.packetbeat_metrics-*", - "title": "Elastic Agent" - }, - { - "dataset": "apm_server_metrics", - "index_pattern": "logs-elastic_agent.apm_server_metrics-*", - "title": "Elastic Agent" - }, - { - "dataset": "filebeat_input_logs", - "index_pattern": "logs-elastic_agent.filebeat_input_logs-*", - "title": "Elastic Agent" - }, - { - "dataset": "elastic_agent_logs", - "index_pattern": "logs-elastic_agent.elastic_agent_logs-*", - "title": "Elastic Agent" - }, - { - "dataset": "auditbeat_logs", - "index_pattern": "logs-elastic_agent.auditbeat_logs-*", - "title": "Elastic Agent" - }, - { - "dataset": "filebeat_logs", - "index_pattern": "logs-elastic_agent.filebeat_logs-*", - "title": "Elastic Agent" - }, - { - "dataset": "pf_host_agent_logs", - "index_pattern": "logs-elastic_agent.pf_host_agent_logs-*", - "title": "Elastic Agent" - }, - { - "dataset": "cloudbeat_logs", - "index_pattern": "logs-elastic_agent.cloudbeat_logs-*", - "title": "Elastic Agent" - }, - { - "dataset": "heartbeat_metrics", - "index_pattern": "logs-elastic_agent.heartbeat_metrics-*", - "title": "Elastic Agent" - }, - { - "dataset": "cloudbeat_metrics", - "index_pattern": "logs-elastic_agent.cloudbeat_metrics-*", - "title": "Elastic Agent" - }, - { - "dataset": "fleet_server_metrics", - "index_pattern": "logs-elastic_agent.fleet_server_metrics-*", - "title": "Elastic Agent" - }, - { - "dataset": "packetbeat_logs", - "index_pattern": "logs-elastic_agent.packetbeat_logs-*", - "title": "Elastic Agent" - }, - { - "dataset": "osquerybeat_metrics", - "index_pattern": "logs-elastic_agent.osquerybeat_metrics-*", - "title": "Elastic Agent" - }, - { - "dataset": "pf_elastic_collector", - "index_pattern": "logs-elastic_agent.pf_elastic_collector-*", - "title": "Elastic Agent" - }, - { - "dataset": "filebeat_metrics", - "index_pattern": "logs-elastic_agent.filebeat_metrics-*", - "title": "Elastic Agent" - } - ], - "elser_embedding": "Elastic Agent - Collect logs and metrics from Elastic Agents. - Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Auditbeat Metrics Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent Elastic Agent" - }, - { - "title": "Custom Filestream Logs", - "id": "filestream", - "description": "Collect log data using filestream with Elastic Agent.", - "data_streams": [ - { - "dataset": "generic", - "index_pattern": "logs-filestream.generic-*", - "title": "Custom Filestream Logs" - } - ], - "elser_embedding": "Custom Filestream Logs - Collect log data using filestream with Elastic Agent. - Custom Filestream Logs" - }, - { - "title": "OpenCanary", - "id": "opencanary", - "description": "This integration collects and parses logs from OpenCanary honeypots.", - "data_streams": [ - { - "dataset": "events", - "index_pattern": "logs-opencanary.events-*", - "title": "OpenCanary HoneyPot Events" - } - ], - "elser_embedding": "OpenCanary - This integration collects and parses logs from OpenCanary honeypots. - OpenCanary HoneyPot Events" - }, - { - "title": "Palo Alto Cortex XDR", - "id": "panw_cortex_xdr", - "description": "Collect logs from Palo Alto Cortex XDR with Elastic Agent.", - "data_streams": [ - { - "dataset": "incidents", - "index_pattern": "logs-panw_cortex_xdr.incidents-*", - "title": "Palo Alto Cortex XDR Incidents API" - }, - { - "dataset": "alerts", - "index_pattern": "logs-panw_cortex_xdr.alerts-*", - "title": "Palo Alto Cortex XDR Alerts API" - } - ], - "elser_embedding": "Palo Alto Cortex XDR - Collect logs from Palo Alto Cortex XDR with Elastic Agent. - Palo Alto Cortex XDR Incidents API Palo Alto Cortex XDR Alerts API" - }, - { - "title": "Cisco Nexus", - "id": "cisco_nexus", - "description": "Collect logs from Cisco Nexus with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-cisco_nexus.log-*", - "title": "Collect logs from Cisco Nexus" - } - ], - "elser_embedding": "Cisco Nexus - Collect logs from Cisco Nexus with Elastic Agent. - Collect logs from Cisco Nexus" - }, - { - "title": "JumpCloud", - "id": "jumpcloud", - "description": "Collect logs from JumpCloud Directory as a Service", - "data_streams": [ - { - "dataset": "events", - "index_pattern": "logs-jumpcloud.events-*", - "title": "JumpCloud Directory as a Service Events" - } - ], - "elser_embedding": "JumpCloud - Collect logs from JumpCloud Directory as a Service - JumpCloud Directory as a Service Events" - }, - { - "title": "Microsoft Defender for Endpoint", - "id": "microsoft_defender_endpoint", - "description": "Collect logs from Microsoft Defender for Endpoint with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-microsoft_defender_endpoint.log-*", - "title": "Microsoft Defender for Endpoint logs" - } - ], - "elser_embedding": "Microsoft Defender for Endpoint - Collect logs from Microsoft Defender for Endpoint with Elastic Agent. - Microsoft Defender for Endpoint logs" - }, - { - "title": "ActiveMQ", - "id": "activemq", - "description": "Collect logs and metrics from ActiveMQ instances with Elastic Agent.", - "data_streams": [ - { - "dataset": "broker", - "index_pattern": "logs-activemq.broker-*", - "title": "ActiveMQ broker metrics" - }, - { - "dataset": "queue", - "index_pattern": "logs-activemq.queue-*", - "title": "ActiveMQ queue metrics" - }, - { - "dataset": "audit", - "index_pattern": "logs-activemq.audit-*", - "title": "ActiveMQ audit logs" - }, - { - "dataset": "log", - "index_pattern": "logs-activemq.log-*", - "title": "ActiveMQ log logs" - }, - { - "dataset": "topic", - "index_pattern": "logs-activemq.topic-*", - "title": "ActiveMQ topic metrics" - } - ], - "elser_embedding": "ActiveMQ - Collect logs and metrics from ActiveMQ instances with Elastic Agent. - ActiveMQ broker metrics ActiveMQ queue metrics ActiveMQ audit logs ActiveMQ log logs ActiveMQ topic metrics" - }, - { - "title": "AbuseCH", - "id": "ti_abusech", - "description": "Ingest threat intelligence indicators from URL Haus, Malware Bazaar, and Threat Fox feeds with Elastic Agent.", - "data_streams": [ - { - "dataset": "threatfox", - "index_pattern": "logs-ti_abusech.threatfox-*", - "title": "AbuseCH Threat Fox indicators" - }, - { - "dataset": "url", - "index_pattern": "logs-ti_abusech.url-*", - "title": "AbuseCH URL logs" - }, - { - "dataset": "malware", - "index_pattern": "logs-ti_abusech.malware-*", - "title": "AbuseCH Malware payloads" - }, - { - "dataset": "malwarebazaar", - "index_pattern": "logs-ti_abusech.malwarebazaar-*", - "title": "AbuseCH MalwareBazaar payloads" - } - ], - "elser_embedding": "AbuseCH - Ingest threat intelligence indicators from URL Haus, Malware Bazaar, and Threat Fox feeds with Elastic Agent. - AbuseCH Threat Fox indicators AbuseCH URL logs AbuseCH Malware payloads AbuseCH MalwareBazaar payloads" - }, - { - "title": "Infoblox BloxOne DDI", - "id": "infoblox_bloxone_ddi", - "description": "Collect logs from Infoblox BloxOne DDI with Elastic Agent.", - "data_streams": [ - { - "dataset": "dns_data", - "index_pattern": "logs-infoblox_bloxone_ddi.dns_data-*", - "title": "Collect DNS Data logs from Infoblox BloxOne DDI" - }, - { - "dataset": "dns_config", - "index_pattern": "logs-infoblox_bloxone_ddi.dns_config-*", - "title": "Collect DNS Config logs from Infoblox BloxOne DDI" - }, - { - "dataset": "dhcp_lease", - "index_pattern": "logs-infoblox_bloxone_ddi.dhcp_lease-*", - "title": "Collect DHCP Lease logs from Infoblox BloxOne DDI" - } - ], - "elser_embedding": "Infoblox BloxOne DDI - Collect logs from Infoblox BloxOne DDI with Elastic Agent. - Collect DNS Data logs from Infoblox BloxOne DDI Collect DNS Config logs from Infoblox BloxOne DDI Collect DHCP Lease logs from Infoblox BloxOne DDI" - }, - { - "title": "Google Security Command Center", - "id": "google_scc", - "description": "Collect logs from Google Security Command Center with Elastic Agent.", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-google_scc.audit-*", - "title": "Collect Audit logs from Google Security Command Center." - }, - { - "dataset": "finding", - "index_pattern": "logs-google_scc.finding-*", - "title": "Collect Finding logs from Google Security Command Center." - }, - { - "dataset": "asset", - "index_pattern": "logs-google_scc.asset-*", - "title": "Collect Asset logs from Google Security Command Center." - }, - { - "dataset": "source", - "index_pattern": "logs-google_scc.source-*", - "title": "Collect Source logs from Google Security Command Center." - } - ], - "elser_embedding": "Google Security Command Center - Collect logs from Google Security Command Center with Elastic Agent. - Collect Audit logs from Google Security Command Center. Collect Finding logs from Google Security Command Center. Collect Asset logs from Google Security Command Center. Collect Source logs from Google Security Command Center." - }, - { - "title": "CoreDNS", - "id": "coredns", - "description": "Collect logs from CoreDNS instances with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-coredns.log-*", - "title": "CoreDNS logs" - } - ], - "elser_embedding": "CoreDNS - Collect logs from CoreDNS instances with Elastic Agent. - CoreDNS logs" - }, - { - "title": "NetFlow Records", - "id": "netflow", - "description": "Collect flow records from NetFlow and IPFIX exporters with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-netflow.log-*", - "title": "NetFlow logs" - } - ], - "elser_embedding": "NetFlow Records - Collect flow records from NetFlow and IPFIX exporters with Elastic Agent. - NetFlow logs" - }, - { - "title": "Forcepoint Web Security", - "id": "forcepoint_web", - "description": "Forcepoint Web Security", - "data_streams": [ - { - "dataset": "logs", - "index_pattern": "logs-forcepoint_web.logs-*", - "title": "Forcepoint Web Security Logs" - } - ], - "elser_embedding": "Forcepoint Web Security - Forcepoint Web Security - Forcepoint Web Security Logs" - }, - { - "title": "Trellix EDR Cloud", - "id": "trellix_edr_cloud", - "description": "Collect logs from Trellix EDR Cloud with Elastic Agent.", - "data_streams": [ - { - "dataset": "event", - "index_pattern": "logs-trellix_edr_cloud.event-*", - "title": "Collect Event logs from Trellix EDR Cloud." - } - ], - "elser_embedding": "Trellix EDR Cloud - Collect logs from Trellix EDR Cloud with Elastic Agent. - Collect Event logs from Trellix EDR Cloud." - }, - { - "title": "Slack Logs", - "id": "slack", - "description": "Slack Logs Integration", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-slack.audit-*", - "title": "Slack Audit Logs" - } - ], - "elser_embedding": "Slack Logs - Slack Logs Integration - Slack Audit Logs" - }, - { - "title": "Cisco FTD", - "id": "cisco_ftd", - "description": "Collect logs from Cisco FTD with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-cisco_ftd.log-*", - "title": "Cisco FTD logs" - } - ], - "elser_embedding": "Cisco FTD - Collect logs from Cisco FTD with Elastic Agent. - Cisco FTD logs" - }, - { - "title": "Microsoft DNS Server", - "id": "microsoft_dnsserver", - "description": "Collect logs from Microsoft DNS Server with Elastic Agent.", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-microsoft_dnsserver.audit-*", - "title": "Collect DNS Server Audit logs" - }, - { - "dataset": "analytical", - "index_pattern": "logs-microsoft_dnsserver.analytical-*", - "title": "Collect DNS Server Analytical logs" - } - ], - "elser_embedding": "Microsoft DNS Server - Collect logs from Microsoft DNS Server with Elastic Agent. - Collect DNS Server Audit logs Collect DNS Server Analytical logs" - }, - { - "title": "Mandiant Advantage", - "id": "ti_mandiant_advantage", - "description": "Collect Threat Intelligence from products within the Mandiant Advantage platform.", - "data_streams": [ - { - "dataset": "threat_intelligence", - "index_pattern": "logs-ti_mandiant_advantage.threat_intelligence-*", - "title": "Mandiant Threat Intelligence" - } - ], - "elser_embedding": "Mandiant Advantage - Collect Threat Intelligence from products within the Mandiant Advantage platform. - Mandiant Threat Intelligence" - }, - { - "title": "Fortinet FortiClient Logs", - "id": "fortinet_forticlient", - "description": "Collect logs from Fortinet FortiClient instances with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-fortinet_forticlient.log-*", - "title": "Fortinet FortiClient Endpoint Security logs" - } - ], - "elser_embedding": "Fortinet FortiClient Logs - Collect logs from Fortinet FortiClient instances with Elastic Agent. - Fortinet FortiClient Endpoint Security logs" - }, - { - "title": "AWS Fargate (for ECS clusters)", - "id": "awsfargate", - "description": "Collects metrics from containers and tasks running on Amazon ECS clusters with Elastic Agent.", - "data_streams": [ - { - "dataset": "task_stats", - "index_pattern": "logs-awsfargate.task_stats-*", - "title": "AWS Fargate task_stats metrics" - } - ], - "elser_embedding": "AWS Fargate (for ECS clusters) - Collects metrics from containers and tasks running on Amazon ECS clusters with Elastic Agent. - AWS Fargate task_stats metrics" - }, - { - "title": "Azure Network Watcher VNet", - "id": "azure_network_watcher_vnet", - "description": "Collect logs from Azure Network Watcher VNet with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-azure_network_watcher_vnet.log-*", - "title": "Collect VNet logs from Azure Network Watcher" - } - ], - "elser_embedding": "Azure Network Watcher VNet - Collect logs from Azure Network Watcher VNet with Elastic Agent. - Collect VNet logs from Azure Network Watcher" - }, - { - "title": "Osquery Logs", - "id": "osquery", - "description": "Collect logs from Osquery with Elastic Agent.", - "data_streams": [ - { - "dataset": "result", - "index_pattern": "logs-osquery.result-*", - "title": "Osquery result logs" - } - ], - "elser_embedding": "Osquery Logs - Collect logs from Osquery with Elastic Agent. - Osquery result logs" - }, - { - "title": "Pleasant Password Server", - "id": "pps", - "description": "Integration for Pleasant Password Server Syslog Messages", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-pps.log-*", - "title": "Pleasant Password Server logs" - } - ], - "elser_embedding": "Pleasant Password Server - Integration for Pleasant Password Server Syslog Messages - Pleasant Password Server logs" - }, - { - "title": "Bravura Monitor", - "id": "hid_bravura_monitor", - "description": "Collect logs from Bravura Security Fabric with Elastic Agent.", - "data_streams": [ - { - "dataset": "winlog", - "index_pattern": "logs-hid_bravura_monitor.winlog-*", - "title": "Bravura Security Fabric logs" - }, - { - "dataset": "log", - "index_pattern": "logs-hid_bravura_monitor.log-*", - "title": "Bravura Monitor" - } - ], - "elser_embedding": "Bravura Monitor - Collect logs from Bravura Security Fabric with Elastic Agent. - Bravura Security Fabric logs Bravura Monitor" - }, - { - "title": "MISP", - "id": "ti_misp", - "description": "Ingest threat intelligence indicators from MISP platform with Elastic Agent.", - "data_streams": [ - { - "dataset": "threat", - "index_pattern": "logs-ti_misp.threat-*", - "title": "MISP" - }, - { - "dataset": "threat_attributes", - "index_pattern": "logs-ti_misp.threat_attributes-*", - "title": "MISP" - } - ], - "elser_embedding": "MISP - Ingest threat intelligence indicators from MISP platform with Elastic Agent. - MISP MISP" - }, - { - "title": "Redis Enterprise", - "id": "redisenterprise", - "description": "Collect metrics from Redis Enterprise Cluster", - "data_streams": [ - { - "dataset": "node", - "index_pattern": "logs-redisenterprise.node-*", - "title": "node" - }, - { - "dataset": "proxy", - "index_pattern": "logs-redisenterprise.proxy-*", - "title": "proxy" - } - ], - "elser_embedding": "Redis Enterprise - Collect metrics from Redis Enterprise Cluster - node proxy" - }, - { - "title": "Network Packet Capture", - "id": "network_traffic", - "description": "Capture and analyze network traffic from a host with Elastic Agent.", - "data_streams": [ - { - "dataset": "nfs", - "index_pattern": "logs-network_traffic.nfs-*", - "title": "NFS" - }, - { - "dataset": "tls", - "index_pattern": "logs-network_traffic.tls-*", - "title": "TLS" - }, - { - "dataset": "icmp", - "index_pattern": "logs-network_traffic.icmp-*", - "title": "ICMP" - }, - { - "dataset": "cassandra", - "index_pattern": "logs-network_traffic.cassandra-*", - "title": "Cassandra" - }, - { - "dataset": "mongodb", - "index_pattern": "logs-network_traffic.mongodb-*", - "title": "MongoDB" - }, - { - "dataset": "thrift", - "index_pattern": "logs-network_traffic.thrift-*", - "title": "Thrift" - }, - { - "dataset": "flow", - "index_pattern": "logs-network_traffic.flow-*", - "title": "Flows" - }, - { - "dataset": "dhcpv4", - "index_pattern": "logs-network_traffic.dhcpv4-*", - "title": "DHCP" - }, - { - "dataset": "pgsql", - "index_pattern": "logs-network_traffic.pgsql-*", - "title": "PostgreSQL" - }, - { - "dataset": "redis", - "index_pattern": "logs-network_traffic.redis-*", - "title": "Redis" - }, - { - "dataset": "dns", - "index_pattern": "logs-network_traffic.dns-*", - "title": "DNS" - }, - { - "dataset": "sip", - "index_pattern": "logs-network_traffic.sip-*", - "title": "SIP" - }, - { - "dataset": "mysql", - "index_pattern": "logs-network_traffic.mysql-*", - "title": "MySQL" - }, - { - "dataset": "amqp", - "index_pattern": "logs-network_traffic.amqp-*", - "title": "AMQP" - }, - { - "dataset": "http", - "index_pattern": "logs-network_traffic.http-*", - "title": "HTTP" - }, - { - "dataset": "memcached", - "index_pattern": "logs-network_traffic.memcached-*", - "title": "Memcached" - } - ], - "elser_embedding": "Network Packet Capture - Capture and analyze network traffic from a host with Elastic Agent. - NFS TLS ICMP Cassandra MongoDB Thrift Flows DHCP PostgreSQL Redis DNS SIP MySQL AMQP HTTP Memcached" - }, - { - "title": "MySQL Enterprise", - "id": "mysql_enterprise", - "description": "Collect audit logs from MySQL Enterprise with Elastic Agent.", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-mysql_enterprise.audit-*", - "title": "MySQL Enterprise Audit Log" - } - ], - "elser_embedding": "MySQL Enterprise - Collect audit logs from MySQL Enterprise with Elastic Agent. - MySQL Enterprise Audit Log" - }, - { - "title": "GitHub", - "id": "github", - "description": "Collect logs from GitHub with Elastic Agent.", - "data_streams": [ - { - "dataset": "dependabot", - "index_pattern": "logs-github.dependabot-*", - "title": "GHAS Dependabot" - }, - { - "dataset": "issues", - "index_pattern": "logs-github.issues-*", - "title": "Github Issue" - }, - { - "dataset": "secret_scanning", - "index_pattern": "logs-github.secret_scanning-*", - "title": "GHAS Secret Scanning" - }, - { - "dataset": "audit", - "index_pattern": "logs-github.audit-*", - "title": "GitHub Audit Logs" - }, - { - "dataset": "code_scanning", - "index_pattern": "logs-github.code_scanning-*", - "title": "GHAS Code Scanning" - } - ], - "elser_embedding": "GitHub - Collect logs from GitHub with Elastic Agent. - GHAS Dependabot Github Issue GHAS Secret Scanning GitHub Audit Logs GHAS Code Scanning" - }, - { - "title": "Microsoft Entra ID Entity Analytics", - "id": "entityanalytics_entra_id", - "description": "Collect identities from Microsoft Entra ID (formerly Azure Active Directory) with Elastic Agent.", - "data_streams": [ - { - "dataset": "device", - "index_pattern": "logs-entityanalytics_entra_id.device-*", - "title": "Microsoft Entra ID Entity Analytics Device Events" - }, - { - "dataset": "user", - "index_pattern": "logs-entityanalytics_entra_id.user-*", - "title": "Microsoft Entra ID Entity Analytics User Events" - }, - { - "dataset": "entity", - "index_pattern": "logs-entityanalytics_entra_id.entity-*", - "title": "Identities" - } - ], - "elser_embedding": "Microsoft Entra ID Entity Analytics - Collect identities from Microsoft Entra ID (formerly Azure Active Directory) with Elastic Agent. - Microsoft Entra ID Entity Analytics Device Events Microsoft Entra ID Entity Analytics User Events Identities" - }, - { - "title": "ThreatConnect", - "id": "ti_threatconnect", - "description": "Collects Indicators from ThreatConnect using the Elastic Agent and saves them as logs inside Elastic", - "data_streams": [ - { - "dataset": "indicator", - "index_pattern": "logs-ti_threatconnect.indicator-*", - "title": "Collect Indicators from ThreatConnect." - } - ], - "elser_embedding": "ThreatConnect - Collects Indicators from ThreatConnect using the Elastic Agent and saves them as logs inside Elastic - Collect Indicators from ThreatConnect." - }, - { - "title": "Microsoft Sentinel", - "id": "microsoft_sentinel", - "description": "Collect logs from Microsoft Sentinel with Elastic Agent.", - "data_streams": [ - { - "dataset": "alert", - "index_pattern": "logs-microsoft_sentinel.alert-*", - "title": "Microsoft Sentinel Alert logs" - }, - { - "dataset": "incident", - "index_pattern": "logs-microsoft_sentinel.incident-*", - "title": "Microsoft Sentinel Incident logs" - }, - { - "dataset": "event", - "index_pattern": "logs-microsoft_sentinel.event-*", - "title": "Collect Events from Microsoft Sentinel." - } - ], - "elser_embedding": "Microsoft Sentinel - Collect logs from Microsoft Sentinel with Elastic Agent. - Microsoft Sentinel Alert logs Microsoft Sentinel Incident logs Collect Events from Microsoft Sentinel." - }, - { - "title": "Check Point", - "id": "checkpoint", - "description": "Collect logs from Check Point with Elastic Agent.", - "data_streams": [ - { - "dataset": "firewall", - "index_pattern": "logs-checkpoint.firewall-*", - "title": "Check Point firewall logs" - } - ], - "elser_embedding": "Check Point - Collect logs from Check Point with Elastic Agent. - Check Point firewall logs" - }, - { - "title": "WatchGuard Firebox", - "id": "watchguard_firebox", - "description": "Collect logs from WatchGuard Firebox with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-watchguard_firebox.log-*", - "title": "WatchGuard Firebox logs" - } - ], - "elser_embedding": "WatchGuard Firebox - Collect logs from WatchGuard Firebox with Elastic Agent. - WatchGuard Firebox logs" - }, - { - "title": "Nagios XI", - "id": "nagios_xi", - "description": "Collect Logs and Metrics from Nagios XI with Elastic Agent.", - "data_streams": [ - { - "dataset": "host", - "index_pattern": "logs-nagios_xi.host-*", - "title": "Host" - }, - { - "dataset": "events", - "index_pattern": "logs-nagios_xi.events-*", - "title": "Events" - }, - { - "dataset": "service", - "index_pattern": "logs-nagios_xi.service-*", - "title": "Service" - } - ], - "elser_embedding": "Nagios XI - Collect Logs and Metrics from Nagios XI with Elastic Agent. - Host Events Service" - }, - { - "title": "Atlassian Jira", - "id": "atlassian_jira", - "description": "Collect logs from Atlassian Jira with Elastic Agent.", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-atlassian_jira.audit-*", - "title": "Jira Audit Logs" - } - ], - "elser_embedding": "Atlassian Jira - Collect logs from Atlassian Jira with Elastic Agent. - Jira Audit Logs" - }, - { - "title": "Snyk", - "id": "snyk", - "description": "Collect logs from Snyk with Elastic Agent.", - "data_streams": [ - { - "dataset": "issues", - "index_pattern": "logs-snyk.issues-*", - "title": "Collect Snyk Issues Data" - }, - { - "dataset": "audit", - "index_pattern": "logs-snyk.audit-*", - "title": "Collect Snyk Audit Logs" - }, - { - "dataset": "audit_logs", - "index_pattern": "logs-snyk.audit_logs-*", - "title": "Collect Snyk Audit Logs" - }, - { - "dataset": "vulnerabilities", - "index_pattern": "logs-snyk.vulnerabilities-*", - "title": "Collect Snyk Vulnerability Data" - } - ], - "elser_embedding": "Snyk - Collect logs from Snyk with Elastic Agent. - Collect Snyk Issues Data Collect Snyk Audit Logs Collect Snyk Audit Logs Collect Snyk Vulnerability Data" - }, - { - "title": "Google Cloud Platform", - "id": "gcp", - "description": "Collect logs and metrics from Google Cloud Platform with Elastic Agent.", - "data_streams": [ - { - "dataset": "compute", - "index_pattern": "logs-gcp.compute-*", - "title": "GCP Compute Metrics" - }, - { - "dataset": "pubsub", - "index_pattern": "logs-gcp.pubsub-*", - "title": "GCP PubSub Metrics" - }, - { - "dataset": "cloudsql_postgresql", - "index_pattern": "logs-gcp.cloudsql_postgresql-*", - "title": "GCP CloudSQL PostgreSQL Metrics" - }, - { - "dataset": "billing", - "index_pattern": "logs-gcp.billing-*", - "title": "GCP Billing Metrics" - }, - { - "dataset": "loadbalancing_metrics", - "index_pattern": "logs-gcp.loadbalancing_metrics-*", - "title": "GCP Load Balancing Metrics" - }, - { - "dataset": "cloudrun_metrics", - "index_pattern": "logs-gcp.cloudrun_metrics-*", - "title": "GCP Cloud Run Metrics" - }, - { - "dataset": "audit", - "index_pattern": "logs-gcp.audit-*", - "title": "Google Cloud Platform (GCP) audit logs" - }, - { - "dataset": "dataproc", - "index_pattern": "logs-gcp.dataproc-*", - "title": "GCP Dataproc Metrics" - }, - { - "dataset": "redis", - "index_pattern": "logs-gcp.redis-*", - "title": "GCP Redis Metrics" - }, - { - "dataset": "cloudsql_mysql", - "index_pattern": "logs-gcp.cloudsql_mysql-*", - "title": "GCP CloudSQL MySQL Metrics" - }, - { - "dataset": "dns", - "index_pattern": "logs-gcp.dns-*", - "title": "Google Cloud Platform (GCP) DNS logs" - }, - { - "dataset": "cloudsql_sqlserver", - "index_pattern": "logs-gcp.cloudsql_sqlserver-*", - "title": "GCP CloudSQL SQL Server Metrics" - }, - { - "dataset": "storage", - "index_pattern": "logs-gcp.storage-*", - "title": "GCP Storage Metrics" - }, - { - "dataset": "gke", - "index_pattern": "logs-gcp.gke-*", - "title": "GCP GKE Metrics" - }, - { - "dataset": "vpcflow", - "index_pattern": "logs-gcp.vpcflow-*", - "title": "Google Cloud Platform (GCP) vpcflow logs" - }, - { - "dataset": "loadbalancing_logs", - "index_pattern": "logs-gcp.loadbalancing_logs-*", - "title": "Google Cloud Platform (GCP) Load Balancing logs" - }, - { - "dataset": "firestore", - "index_pattern": "logs-gcp.firestore-*", - "title": "GCP Firestore Metrics" - }, - { - "dataset": "firewall", - "index_pattern": "logs-gcp.firewall-*", - "title": "Google Cloud Platform (GCP) firewall logs" - } - ], - "elser_embedding": "Google Cloud Platform - Collect logs and metrics from Google Cloud Platform with Elastic Agent. - GCP Compute Metrics GCP PubSub Metrics GCP CloudSQL PostgreSQL Metrics GCP Billing Metrics GCP Load Balancing Metrics GCP Cloud Run Metrics Google Cloud Platform (GCP) audit logs GCP Dataproc Metrics GCP Redis Metrics GCP CloudSQL MySQL Metrics Google Cloud Platform (GCP) DNS logs GCP CloudSQL SQL Server Metrics GCP Storage Metrics GCP GKE Metrics Google Cloud Platform (GCP) vpcflow logs Google Cloud Platform (GCP) Load Balancing logs GCP Firestore Metrics Google Cloud Platform (GCP) firewall logs" - }, - { - "title": "Logstash", - "id": "logstash", - "description": "Collect logs and metrics from Logstash with Elastic Agent.", - "data_streams": [ - { - "dataset": "node_cel", - "index_pattern": "logs-logstash.node_cel-*", - "title": "Logstash Node Stats" - }, - { - "dataset": "pipeline", - "index_pattern": "logs-logstash.pipeline-*", - "title": "Logstash pipeline" - }, - { - "dataset": "plugins", - "index_pattern": "logs-logstash.plugins-*", - "title": "Logstash plugins" - }, - { - "dataset": "node_stats", - "index_pattern": "logs-logstash.node_stats-*", - "title": "Logstash node_stats metrics" - }, - { - "dataset": "slowlog", - "index_pattern": "logs-logstash.slowlog-*", - "title": "logstash slowlog logs" - }, - { - "dataset": "log", - "index_pattern": "logs-logstash.log-*", - "title": "Logstash logs" - }, - { - "dataset": "node", - "index_pattern": "logs-logstash.node-*", - "title": "Logstash node metrics" - } - ], - "elser_embedding": "Logstash - Collect logs and metrics from Logstash with Elastic Agent. - Logstash Node Stats Logstash pipeline Logstash plugins Logstash node_stats metrics logstash slowlog logs Logstash logs Logstash node metrics" - }, - { - "title": "Palo Alto Prisma Access", - "id": "prisma_access", - "description": "Collect logs from Palo Alto Prisma Access with Elastic Agent.", - "data_streams": [ - { - "dataset": "event", - "index_pattern": "logs-prisma_access.event-*", - "title": "Collect Events from Palo Alto Prisma Access" - } - ], - "elser_embedding": "Palo Alto Prisma Access - Collect logs from Palo Alto Prisma Access with Elastic Agent. - Collect Events from Palo Alto Prisma Access" - }, - { - "title": "Barracuda CloudGen Firewall Logs", - "id": "barracuda_cloudgen_firewall", - "description": "Collect logs from Barracuda CloudGen Firewall devices with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-barracuda_cloudgen_firewall.log-*", - "title": "Barracuda CloudGen Firewall Logs" - } - ], - "elser_embedding": "Barracuda CloudGen Firewall Logs - Collect logs from Barracuda CloudGen Firewall devices with Elastic Agent. - Barracuda CloudGen Firewall Logs" - }, - { - "title": "Jamf Pro", - "id": "jamf_pro", - "description": "Collect logs and inventory data from Jamf Pro with Elastic Agent", - "data_streams": [ - { - "dataset": "inventory", - "index_pattern": "logs-jamf_pro.inventory-*", - "title": "Inventory data" - }, - { - "dataset": "events", - "index_pattern": "logs-jamf_pro.events-*", - "title": "Jamf Pro Events" - } - ], - "elser_embedding": "Jamf Pro - Collect logs and inventory data from Jamf Pro with Elastic Agent - Inventory data Jamf Pro Events" - }, - { - "title": "Fortinet FortiManager Logs", - "id": "fortinet_fortimanager", - "description": "Collect logs from Fortinet FortiManager instances with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-fortinet_fortimanager.log-*", - "title": "Collect logs from Fortinet FortiManager" - } - ], - "elser_embedding": "Fortinet FortiManager Logs - Collect logs from Fortinet FortiManager instances with Elastic Agent. - Collect logs from Fortinet FortiManager" - }, - { - "title": "Elastic APM", - "id": "apm", - "description": "Monitor, detect, and diagnose complex application performance issues.", - "data_streams": [], - "elser_embedding": "Elastic APM - Monitor, detect, and diagnose complex application performance issues. - " - }, - { - "title": "AlienVault OTX", - "id": "ti_otx", - "description": "Ingest threat intelligence indicators from AlienVault Open Threat Exchange (OTX) with Elastic Agent.", - "data_streams": [ - { - "dataset": "pulses_subscribed", - "index_pattern": "logs-ti_otx.pulses_subscribed-*", - "title": "Alienvault OTX Subcribed Pulses" - }, - { - "dataset": "threat", - "index_pattern": "logs-ti_otx.threat-*", - "title": "Alienvault OTX logs" - } - ], - "elser_embedding": "AlienVault OTX - Ingest threat intelligence indicators from AlienVault Open Threat Exchange (OTX) with Elastic Agent. - Alienvault OTX Subcribed Pulses Alienvault OTX logs" - }, - { - "title": "Check Point", - "id": "checkpoint", - "description": "Collect logs from Check Point with Elastic Agent.", - "data_streams": [ - { - "dataset": "firewall", - "index_pattern": "logs-checkpoint.firewall-*", - "title": "Check Point firewall logs" - } - ], - "elser_embedding": "Check Point - Collect logs from Check Point with Elastic Agent. - Check Point firewall logs" - }, - { - "title": "Kubernetes OpenTelemetry Assets", - "id": "kubernetes_otel", - "description": "Utilise the pre-built dashboard for OTel-native metrics and events collected from a Kubernetes cluster", - "data_streams": [], - "elser_embedding": "Kubernetes OpenTelemetry Assets - Utilise the pre-built dashboard for OTel-native metrics and events collected from a Kubernetes cluster - " - }, - { - "title": "EclecticIQ", - "id": "ti_eclecticiq", - "description": "Ingest threat intelligence from EclecticIQ with Elastic Agent", - "data_streams": [ - { - "dataset": "threat", - "index_pattern": "logs-ti_eclecticiq.threat-*", - "title": "Poll Outgoing feed" - } - ], - "elser_embedding": "EclecticIQ - Ingest threat intelligence from EclecticIQ with Elastic Agent - Poll Outgoing feed" - }, - { - "title": "Lumos", - "id": "lumos", - "description": "An integration with Lumos to ship your Activity logs to your Elastic instance.", - "data_streams": [ - { - "dataset": "activity_logs", - "index_pattern": "logs-lumos.activity_logs-*", - "title": "Lumos Activity Logs" - } - ], - "elser_embedding": "Lumos - An integration with Lumos to ship your Activity logs to your Elastic instance. - Lumos Activity Logs" - }, - { - "title": "Anomali", - "id": "ti_anomali", - "description": "Ingest threat intelligence indicators from Anomali with Elastic Agent.", - "data_streams": [ - { - "dataset": "threatstream", - "index_pattern": "logs-ti_anomali.threatstream-*", - "title": "Anomali ThreatStream" - }, - { - "dataset": "intelligence", - "index_pattern": "logs-ti_anomali.intelligence-*", - "title": "Anomali ThreatStream" - } - ], - "elser_embedding": "Anomali - Ingest threat intelligence indicators from Anomali with Elastic Agent. - Anomali ThreatStream Anomali ThreatStream" - }, - { - "title": "Jolokia Input", - "id": "jolokia", - "description": "Collects Metrics from Jolokia Agents", - "data_streams": [], - "elser_embedding": "Jolokia Input - Collects Metrics from Jolokia Agents - " - }, - { - "title": "Sysdig", - "id": "sysdig", - "description": "Collect alerts from Sysdig using Elastic Agent.", - "data_streams": [ - { - "dataset": "alerts", - "index_pattern": "logs-sysdig.alerts-*", - "title": "Sysdig" - } - ], - "elser_embedding": "Sysdig - Collect alerts from Sysdig using Elastic Agent. - Sysdig" - }, - { - "title": "Pulse Connect Secure", - "id": "pulse_connect_secure", - "description": "Collect logs from Pulse Connect Secure with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-pulse_connect_secure.log-*", - "title": "Pulse Connect Secure" - } - ], - "elser_embedding": "Pulse Connect Secure - Collect logs from Pulse Connect Secure with Elastic Agent. - Pulse Connect Secure" - }, - { - "title": "Zeek", - "id": "zeek", - "description": "Collect logs from Zeek with Elastic Agent.", - "data_streams": [ - { - "dataset": "x509", - "index_pattern": "logs-zeek.x509-*", - "title": "Zeek x509 logs" - }, - { - "dataset": "software", - "index_pattern": "logs-zeek.software-*", - "title": "Zeek software logs" - }, - { - "dataset": "traceroute", - "index_pattern": "logs-zeek.traceroute-*", - "title": "Zeek traceroute logs" - }, - { - "dataset": "capture_loss", - "index_pattern": "logs-zeek.capture_loss-*", - "title": "Zeek capture_loss logs" - }, - { - "dataset": "smb_cmd", - "index_pattern": "logs-zeek.smb_cmd-*", - "title": "Zeek smb_cmd logs" - }, - { - "dataset": "snmp", - "index_pattern": "logs-zeek.snmp-*", - "title": "Zeek snmp logs" - }, - { - "dataset": "irc", - "index_pattern": "logs-zeek.irc-*", - "title": "Zeek irc logs" - }, - { - "dataset": "intel", - "index_pattern": "logs-zeek.intel-*", - "title": "Zeek intel logs" - }, - { - "dataset": "pe", - "index_pattern": "logs-zeek.pe-*", - "title": "Zeek pe logs" - }, - { - "dataset": "known_services", - "index_pattern": "logs-zeek.known_services-*", - "title": "Zeek Known Services logs" - }, - { - "dataset": "radius", - "index_pattern": "logs-zeek.radius-*", - "title": "Zeek radius logs" - }, - { - "dataset": "modbus", - "index_pattern": "logs-zeek.modbus-*", - "title": "Zeek modbus logs" - }, - { - "dataset": "tunnel", - "index_pattern": "logs-zeek.tunnel-*", - "title": "Zeek tunnel logs" - }, - { - "dataset": "stats", - "index_pattern": "logs-zeek.stats-*", - "title": "Zeek stats logs" - }, - { - "dataset": "smb_files", - "index_pattern": "logs-zeek.smb_files-*", - "title": "Zeek smb_files logs" - }, - { - "dataset": "ocsp", - "index_pattern": "logs-zeek.ocsp-*", - "title": "Zeek ocsp logs" - }, - { - "dataset": "connection", - "index_pattern": "logs-zeek.connection-*", - "title": "Zeek connection logs" - }, - { - "dataset": "kerberos", - "index_pattern": "logs-zeek.kerberos-*", - "title": "Zeek kerberos logs" - }, - { - "dataset": "weird", - "index_pattern": "logs-zeek.weird-*", - "title": "Zeek weird logs" - }, - { - "dataset": "smb_mapping", - "index_pattern": "logs-zeek.smb_mapping-*", - "title": "Zeek smb_mapping logs" - }, - { - "dataset": "signature", - "index_pattern": "logs-zeek.signature-*", - "title": "Zeek signature logs" - }, - { - "dataset": "ntp", - "index_pattern": "logs-zeek.ntp-*", - "title": "Zeek ntp logs" - }, - { - "dataset": "dns", - "index_pattern": "logs-zeek.dns-*", - "title": "Zeek dns logs" - }, - { - "dataset": "dpd", - "index_pattern": "logs-zeek.dpd-*", - "title": "Zeek dpd logs" - }, - { - "dataset": "dhcp", - "index_pattern": "logs-zeek.dhcp-*", - "title": "Zeek dhcp logs" - }, - { - "dataset": "notice", - "index_pattern": "logs-zeek.notice-*", - "title": "Zeek notice logs" - }, - { - "dataset": "files", - "index_pattern": "logs-zeek.files-*", - "title": "Zeek files logs" - }, - { - "dataset": "ntlm", - "index_pattern": "logs-zeek.ntlm-*", - "title": "Zeek ntlm logs" - }, - { - "dataset": "known_certs", - "index_pattern": "logs-zeek.known_certs-*", - "title": "Zeek Known Certs logs" - }, - { - "dataset": "sip", - "index_pattern": "logs-zeek.sip-*", - "title": "Zeek sip logs" - }, - { - "dataset": "rdp", - "index_pattern": "logs-zeek.rdp-*", - "title": "Zeek rdp logs" - }, - { - "dataset": "mysql", - "index_pattern": "logs-zeek.mysql-*", - "title": "Zeek mysql logs" - }, - { - "dataset": "rfb", - "index_pattern": "logs-zeek.rfb-*", - "title": "Zeek rfb logs" - }, - { - "dataset": "ssh", - "index_pattern": "logs-zeek.ssh-*", - "title": "Zeek ssh logs" - }, - { - "dataset": "syslog", - "index_pattern": "logs-zeek.syslog-*", - "title": "Zeek syslog logs" - }, - { - "dataset": "http", - "index_pattern": "logs-zeek.http-*", - "title": "Zeek http logs" - }, - { - "dataset": "ssl", - "index_pattern": "logs-zeek.ssl-*", - "title": "Zeek ssl logs" - }, - { - "dataset": "socks", - "index_pattern": "logs-zeek.socks-*", - "title": "Zeek socks logs" - }, - { - "dataset": "smtp", - "index_pattern": "logs-zeek.smtp-*", - "title": "Zeek smtp logs" - }, - { - "dataset": "ftp", - "index_pattern": "logs-zeek.ftp-*", - "title": "Zeek ftp logs" - }, - { - "dataset": "known_hosts", - "index_pattern": "logs-zeek.known_hosts-*", - "title": "Zeek Known Hosts logs" - }, - { - "dataset": "dnp3", - "index_pattern": "logs-zeek.dnp3-*", - "title": "Zeek dnp3 logs" - }, - { - "dataset": "dce_rpc", - "index_pattern": "logs-zeek.dce_rpc-*", - "title": "Zeek dce_rpc logs" - } - ], - "elser_embedding": "Zeek - Collect logs from Zeek with Elastic Agent. - Zeek x509 logs Zeek software logs Zeek traceroute logs Zeek capture_loss logs Zeek smb_cmd logs Zeek snmp logs Zeek irc logs Zeek intel logs Zeek pe logs Zeek Known Services logs Zeek radius logs Zeek modbus logs Zeek tunnel logs Zeek stats logs Zeek smb_files logs Zeek ocsp logs Zeek connection logs Zeek kerberos logs Zeek weird logs Zeek smb_mapping logs Zeek signature logs Zeek ntp logs Zeek dns logs Zeek dpd logs Zeek dhcp logs Zeek notice logs Zeek files logs Zeek ntlm logs Zeek Known Certs logs Zeek sip logs Zeek rdp logs Zeek mysql logs Zeek rfb logs Zeek ssh logs Zeek syslog logs Zeek http logs Zeek ssl logs Zeek socks logs Zeek smtp logs Zeek ftp logs Zeek Known Hosts logs Zeek dnp3 logs Zeek dce_rpc logs" - }, - { - "title": "CrowdStrike", - "id": "crowdstrike", - "description": "Collect logs from Crowdstrike with Elastic Agent.", - "data_streams": [ - { - "dataset": "fdr", - "index_pattern": "logs-crowdstrike.fdr-*", - "title": "Falcon Data Replicator" - }, - { - "dataset": "host", - "index_pattern": "logs-crowdstrike.host-*", - "title": "Collect Host logs from CrowdStrike." - }, - { - "dataset": "alert", - "index_pattern": "logs-crowdstrike.alert-*", - "title": "Collect Alert logs from CrowdStrike." - }, - { - "dataset": "falcon", - "index_pattern": "logs-crowdstrike.falcon-*", - "title": "Crowdstrike falcon logs" - } - ], - "elser_embedding": "CrowdStrike - Collect logs from Crowdstrike with Elastic Agent. - Falcon Data Replicator Collect Host logs from CrowdStrike. Collect Alert logs from CrowdStrike. Crowdstrike falcon logs" - }, - { - "title": "Fortinet FortiGate Firewall Logs", - "id": "fortinet_fortigate", - "description": "Collect logs from Fortinet FortiGate firewalls with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-fortinet_fortigate.log-*", - "title": "Fortinet FortiGate logs" - } - ], - "elser_embedding": "Fortinet FortiGate Firewall Logs - Collect logs from Fortinet FortiGate firewalls with Elastic Agent. - Fortinet FortiGate logs" - }, - { - "title": "Active Directory Entity Analytics", - "id": "entityanalytics_ad", - "description": "Collect User Identities from Active Directory Entity with Elastic Agent.", - "data_streams": [ - { - "dataset": "user", - "index_pattern": "logs-entityanalytics_ad.user-*", - "title": "Collect User Identities logs from Active Directory" - } - ], - "elser_embedding": "Active Directory Entity Analytics - Collect User Identities from Active Directory Entity with Elastic Agent. - Collect User Identities logs from Active Directory" - }, - { - "title": "Arista NG Firewall", - "id": "arista_ngfw", - "description": "Collect logs and metrics from Arista NG Firewall.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-arista_ngfw.log-*", - "title": "Firewall Event" - } - ], - "elser_embedding": "Arista NG Firewall - Collect logs and metrics from Arista NG Firewall. - Firewall Event" - }, - { - "title": "Proofpoint TAP", - "id": "proofpoint_tap", - "description": "Collect logs from Proofpoint TAP with Elastic Agent.", - "data_streams": [ - { - "dataset": "message_blocked", - "index_pattern": "logs-proofpoint_tap.message_blocked-*", - "title": "Message Blocked" - }, - { - "dataset": "clicks_blocked", - "index_pattern": "logs-proofpoint_tap.clicks_blocked-*", - "title": "Clicks Blocked" - }, - { - "dataset": "clicks_permitted", - "index_pattern": "logs-proofpoint_tap.clicks_permitted-*", - "title": "Clicks Permitted" - }, - { - "dataset": "message_delivered", - "index_pattern": "logs-proofpoint_tap.message_delivered-*", - "title": "Message Delivered" - } - ], - "elser_embedding": "Proofpoint TAP - Collect logs from Proofpoint TAP with Elastic Agent. - Message Blocked Clicks Blocked Clicks Permitted Message Delivered" - }, - { - "title": "BitDefender", - "id": "bitdefender", - "description": "Ingest BitDefender GravityZone logs and data", - "data_streams": [ - { - "dataset": "push_statistics", - "index_pattern": "logs-bitdefender.push_statistics-*", - "title": "BitDefender GravityZone Push Notification Statistics" - }, - { - "dataset": "push_configuration", - "index_pattern": "logs-bitdefender.push_configuration-*", - "title": "BitDefender GravityZone Push Notification Configuration" - }, - { - "dataset": "push_notifications", - "index_pattern": "logs-bitdefender.push_notifications-*", - "title": "BitDefender GravityZone Push Notifications" - } - ], - "elser_embedding": "BitDefender - Ingest BitDefender GravityZone logs and data - BitDefender GravityZone Push Notification Statistics BitDefender GravityZone Push Notification Configuration BitDefender GravityZone Push Notifications" - }, - { - "title": "Redis", - "id": "redis", - "description": "Collect logs and metrics from Redis servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "keyspace", - "index_pattern": "logs-redis.keyspace-*", - "title": "Redis keyspace metrics" - }, - { - "dataset": "key", - "index_pattern": "logs-redis.key-*", - "title": "Redis key metrics" - }, - { - "dataset": "info", - "index_pattern": "logs-redis.info-*", - "title": "Redis info metrics" - }, - { - "dataset": "slowlog", - "index_pattern": "logs-redis.slowlog-*", - "title": "Redis slow logs" - }, - { - "dataset": "log", - "index_pattern": "logs-redis.log-*", - "title": "Redis application logs" - } - ], - "elser_embedding": "Redis - Collect logs and metrics from Redis servers with Elastic Agent. - Redis keyspace metrics Redis key metrics Redis info metrics Redis slow logs Redis application logs" - }, - { - "title": "Cisco Duo", - "id": "cisco_duo", - "description": "Collect logs from Cisco Duo with Elastic Agent.", - "data_streams": [ - { - "dataset": "summary", - "index_pattern": "logs-cisco_duo.summary-*", - "title": "Cisco Duo summary logs" - }, - { - "dataset": "admin", - "index_pattern": "logs-cisco_duo.admin-*", - "title": "Cisco Duo administrator logs" - }, - { - "dataset": "telephony", - "index_pattern": "logs-cisco_duo.telephony-*", - "title": "Cisco Duo telephony logs (legacy)" - }, - { - "dataset": "telephony_v2", - "index_pattern": "logs-cisco_duo.telephony_v2-*", - "title": "Cisco Duo telephony logs" - }, - { - "dataset": "auth", - "index_pattern": "logs-cisco_duo.auth-*", - "title": "Cisco Duo authentication logs" - }, - { - "dataset": "trust_monitor", - "index_pattern": "logs-cisco_duo.trust_monitor-*", - "title": "Cisco Duo trust monitor logs" - }, - { - "dataset": "activity", - "index_pattern": "logs-cisco_duo.activity-*", - "title": "Cisco Duo activity logs" - }, - { - "dataset": "offline_enrollment", - "index_pattern": "logs-cisco_duo.offline_enrollment-*", - "title": "Cisco Duo offline enrollment logs" - } - ], - "elser_embedding": "Cisco Duo - Collect logs from Cisco Duo with Elastic Agent. - Cisco Duo summary logs Cisco Duo administrator logs Cisco Duo telephony logs (legacy) Cisco Duo telephony logs Cisco Duo authentication logs Cisco Duo trust monitor logs Cisco Duo activity logs Cisco Duo offline enrollment logs" - }, - { - "title": "Elasticsearch", - "id": "elasticsearch", - "description": "Elasticsearch Integration", - "data_streams": [ - { - "dataset": "index_recovery", - "index_pattern": "logs-elasticsearch.index_recovery-*", - "title": "Elasticsearch index_recovery metrics" - }, - { - "dataset": "shard", - "index_pattern": "logs-elasticsearch.shard-*", - "title": "Elasticsearch shard metrics" - }, - { - "dataset": "ingest_pipeline", - "index_pattern": "logs-elasticsearch.ingest_pipeline-*", - "title": "Elasticsearch ingest metrics" - }, - { - "dataset": "enrich", - "index_pattern": "logs-elasticsearch.enrich-*", - "title": "Elasticsearch enrich metrics" - }, - { - "dataset": "audit", - "index_pattern": "logs-elasticsearch.audit-*", - "title": "Elasticsearch audit logs" - }, - { - "dataset": "server", - "index_pattern": "logs-elasticsearch.server-*", - "title": "Elasticsearch server logs" - }, - { - "dataset": "node_stats", - "index_pattern": "logs-elasticsearch.node_stats-*", - "title": "Elasticsearch node_stats metrics" - }, - { - "dataset": "index_summary", - "index_pattern": "logs-elasticsearch.index_summary-*", - "title": "Elasticsearch index_summary metrics" - }, - { - "dataset": "deprecation", - "index_pattern": "logs-elasticsearch.deprecation-*", - "title": "Elasticsearch deprecation logs" - }, - { - "dataset": "index", - "index_pattern": "logs-elasticsearch.index-*", - "title": "Elasticsearch index metrics" - }, - { - "dataset": "slowlog", - "index_pattern": "logs-elasticsearch.slowlog-*", - "title": "Elasticsearch slowlog logs" - }, - { - "dataset": "pending_tasks", - "index_pattern": "logs-elasticsearch.pending_tasks-*", - "title": "Elasticsearch pending_tasks metrics" - }, - { - "dataset": "ccr", - "index_pattern": "logs-elasticsearch.ccr-*", - "title": "Elasticsearch ccr metrics" - }, - { - "dataset": "node", - "index_pattern": "logs-elasticsearch.node-*", - "title": "Elasticsearch node metrics" - }, - { - "dataset": "cluster_stats", - "index_pattern": "logs-elasticsearch.cluster_stats-*", - "title": "Elasticsearch cluster_stats metrics" - }, - { - "dataset": "gc", - "index_pattern": "logs-elasticsearch.gc-*", - "title": "Elasticsearch gc logs" - }, - { - "dataset": "ml_job", - "index_pattern": "logs-elasticsearch.ml_job-*", - "title": "Elasticsearch ml_job metrics" - } - ], - "elser_embedding": "Elasticsearch - Elasticsearch Integration - Elasticsearch index_recovery metrics Elasticsearch shard metrics Elasticsearch ingest metrics Elasticsearch enrich metrics Elasticsearch audit logs Elasticsearch server logs Elasticsearch node_stats metrics Elasticsearch index_summary metrics Elasticsearch deprecation logs Elasticsearch index metrics Elasticsearch slowlog logs Elasticsearch pending_tasks metrics Elasticsearch ccr metrics Elasticsearch node metrics Elasticsearch cluster_stats metrics Elasticsearch gc logs Elasticsearch ml_job metrics" - }, - { - "title": "Universal Profiling Agent", - "id": "profiler_agent", - "description": "Fleet-wide, whole-system, continuous profiling with zero instrumentation.", - "data_streams": [], - "elser_embedding": "Universal Profiling Agent - Fleet-wide, whole-system, continuous profiling with zero instrumentation. - " - }, - { - "title": "Check Point Harmony Email & Collaboration", - "id": "checkpoint_email", - "description": "Collect logs from Check Point Harmony Email & Collaboration with Elastic Agent.", - "data_streams": [ - { - "dataset": "event", - "index_pattern": "logs-checkpoint_email.event-*", - "title": "Check Point Harmony Email & Collaboration Event logs" - } - ], - "elser_embedding": "Check Point Harmony Email & Collaboration - Collect logs from Check Point Harmony Email & Collaboration with Elastic Agent. - Check Point Harmony Email & Collaboration Event logs" - }, - { - "title": "Apache HTTP Server", - "id": "apache", - "description": "Collect logs and metrics from Apache servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "access", - "index_pattern": "logs-apache.access-*", - "title": "Apache access logs" - }, - { - "dataset": "error", - "index_pattern": "logs-apache.error-*", - "title": "Apache error logs" - }, - { - "dataset": "status", - "index_pattern": "logs-apache.status-*", - "title": "Apache status metrics" - } - ], - "elser_embedding": "Apache HTTP Server - Collect logs and metrics from Apache servers with Elastic Agent. - Apache access logs Apache error logs Apache status metrics" - }, - { - "title": "Istio", - "id": "istio", - "description": "Collect logs and metrics from the service mesh Istio with Elastic Agent.", - "data_streams": [ - { - "dataset": "access_logs", - "index_pattern": "logs-istio.access_logs-*", - "title": "Istio access logs" - }, - { - "dataset": "proxy_metrics", - "index_pattern": "logs-istio.proxy_metrics-*", - "title": "Istio Proxy Metrics" - }, - { - "dataset": "istiod_metrics", - "index_pattern": "logs-istio.istiod_metrics-*", - "title": "Istiod Metrics" - } - ], - "elser_embedding": "Istio - Collect logs and metrics from the service mesh Istio with Elastic Agent. - Istio access logs Istio Proxy Metrics Istiod Metrics" - }, - { - "title": "GCP Metrics Input", - "id": "gcp_metrics", - "description": "GCP Metrics Input", - "data_streams": [], - "elser_embedding": "GCP Metrics Input - GCP Metrics Input - " - }, - { - "title": "Fortinet FortiMail", - "id": "fortinet_fortimail", - "description": "Collect logs from Fortinet FortiMail instances with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-fortinet_fortimail.log-*", - "title": "Collect logs from Fortinet FortiMail" - } - ], - "elser_embedding": "Fortinet FortiMail - Collect logs from Fortinet FortiMail instances with Elastic Agent. - Collect logs from Fortinet FortiMail" - }, - { - "title": "Spring Boot", - "id": "spring_boot", - "description": "This Elastic integration collects logs and metrics from Spring Boot integration.", - "data_streams": [ - { - "dataset": "memory", - "index_pattern": "logs-spring_boot.memory-*", - "title": "Memory Metrics" - }, - { - "dataset": "http_trace", - "index_pattern": "logs-spring_boot.http_trace-*", - "title": "HTTP Trace Metrics" - }, - { - "dataset": "gc", - "index_pattern": "logs-spring_boot.gc-*", - "title": "Garbage Collector (GC) Metrics" - }, - { - "dataset": "threading", - "index_pattern": "logs-spring_boot.threading-*", - "title": "Threading Metrics" - }, - { - "dataset": "audit_events", - "index_pattern": "logs-spring_boot.audit_events-*", - "title": "Audit Events" - } - ], - "elser_embedding": "Spring Boot - This Elastic integration collects logs and metrics from Spring Boot integration. - Memory Metrics HTTP Trace Metrics Garbage Collector (GC) Metrics Threading Metrics Audit Events" - }, - { - "title": "Jamf Compliance Reporter", - "id": "jamf_compliance_reporter", - "description": "Collect logs from Jamf Compliance Reporter with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-jamf_compliance_reporter.log-*", - "title": "Jamf Compliance Reporter logs" - } - ], - "elser_embedding": "Jamf Compliance Reporter - Collect logs from Jamf Compliance Reporter with Elastic Agent. - Jamf Compliance Reporter logs" - }, - { - "title": "SentinelOne", - "id": "sentinel_one", - "description": "Collect logs from SentinelOne with Elastic Agent.", - "data_streams": [ - { - "dataset": "group", - "index_pattern": "logs-sentinel_one.group-*", - "title": "Collect Group logs from SentinelOne" - }, - { - "dataset": "threat", - "index_pattern": "logs-sentinel_one.threat-*", - "title": "Collect Threat logs from SentinelOne" - }, - { - "dataset": "alert", - "index_pattern": "logs-sentinel_one.alert-*", - "title": "Collect Alert logs from SentinelOne" - }, - { - "dataset": "agent", - "index_pattern": "logs-sentinel_one.agent-*", - "title": "Collect Agent logs from SentinelOne" - }, - { - "dataset": "activity", - "index_pattern": "logs-sentinel_one.activity-*", - "title": "Collect Activity logs from SentinelOne" - } - ], - "elser_embedding": "SentinelOne - Collect logs from SentinelOne with Elastic Agent. - Collect Group logs from SentinelOne Collect Threat logs from SentinelOne Collect Alert logs from SentinelOne Collect Agent logs from SentinelOne Collect Activity logs from SentinelOne" - }, - { - "title": "Enterprise Search", - "id": "enterprisesearch", - "description": "Enterprise Search Integration", - "data_streams": [ - { - "dataset": "stats", - "index_pattern": "logs-enterprisesearch.stats-*", - "title": "Enterprise Search stats metrics" - }, - { - "dataset": "health", - "index_pattern": "logs-enterprisesearch.health-*", - "title": "Enterprise Search health metrics" - } - ], - "elser_embedding": "Enterprise Search - Enterprise Search Integration - Enterprise Search stats metrics Enterprise Search health metrics" - }, - { - "title": "Microsoft Exchange Online Message Trace", - "id": "microsoft_exchange_online_message_trace", - "description": "Microsoft Exchange Online Message Trace Integration", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-microsoft_exchange_online_message_trace.log-*", - "title": "Microsoft Exchange Online Message Trace logs" - } - ], - "elser_embedding": "Microsoft Exchange Online Message Trace - Microsoft Exchange Online Message Trace Integration - Microsoft Exchange Online Message Trace logs" - }, - { - "title": "CrowdStrike Falcon Intelligence", - "id": "ti_crowdstrike", - "description": "Collect logs from CrowdStrike Falcon Intelligence with Elastic Agent.", - "data_streams": [ - { - "dataset": "intel", - "index_pattern": "logs-ti_crowdstrike.intel-*", - "title": "Collect Intel logs from CrowdStrike Falcon Intelligence." - }, - { - "dataset": "ioc", - "index_pattern": "logs-ti_crowdstrike.ioc-*", - "title": "Collect IOC logs from CrowdStrike Falcon Intelligence." - } - ], - "elser_embedding": "CrowdStrike Falcon Intelligence - Collect logs from CrowdStrike Falcon Intelligence with Elastic Agent. - Collect Intel logs from CrowdStrike Falcon Intelligence. Collect IOC logs from CrowdStrike Falcon Intelligence." - }, - { - "title": "Auditd Manager", - "id": "auditd_manager", - "description": "The Auditd Manager Integration receives audit events from the Linux Audit Framework that is a part of the Linux kernel.", - "data_streams": [ - { - "dataset": "auditd", - "index_pattern": "logs-auditd_manager.auditd-*", - "title": "Auditd Manager" - } - ], - "elser_embedding": "Auditd Manager - The Auditd Manager Integration receives audit events from the Linux Audit Framework that is a part of the Linux kernel. - Auditd Manager" - }, - { - "title": "Oracle", - "id": "oracle", - "description": "Collect Oracle Audit Log, Performance metrics, Tablespace metrics, Sysmetrics metrics, System statistics metrics, memory metrics from Oracle database.", - "data_streams": [ - { - "dataset": "memory", - "index_pattern": "logs-oracle.memory-*", - "title": "Memory metrics" - }, - { - "dataset": "performance", - "index_pattern": "logs-oracle.performance-*", - "title": "Oracle performance metrics" - }, - { - "dataset": "database_audit", - "index_pattern": "logs-oracle.database_audit-*", - "title": "Oracle Audit Log" - }, - { - "dataset": "sysmetric", - "index_pattern": "logs-oracle.sysmetric-*", - "title": "Sysmetric related metrics." - }, - { - "dataset": "system_statistics", - "index_pattern": "logs-oracle.system_statistics-*", - "title": "System Statistics" - }, - { - "dataset": "tablespace", - "index_pattern": "logs-oracle.tablespace-*", - "title": "Oracle tablespace metrics" - } - ], - "elser_embedding": "Oracle - Collect Oracle Audit Log, Performance metrics, Tablespace metrics, Sysmetrics metrics, System statistics metrics, memory metrics from Oracle database. - Memory metrics Oracle performance metrics Oracle Audit Log Sysmetric related metrics. System Statistics Oracle tablespace metrics" - }, - { - "title": "Akamai", - "id": "akamai", - "description": "Collect logs from Akamai with Elastic Agent.", - "data_streams": [ - { - "dataset": "siem", - "index_pattern": "logs-akamai.siem-*", - "title": "Akamai SIEM Logs" - } - ], - "elser_embedding": "Akamai - Collect logs from Akamai with Elastic Agent. - Akamai SIEM Logs" - }, - { - "title": "Custom Journald logs", - "id": "journald", - "description": "Collect logs from journald with Elastic Agent.", - "data_streams": [], - "elser_embedding": "Custom Journald logs - Collect logs from journald with Elastic Agent. - " - }, - { - "title": "Universal Profiling Collector", - "id": "profiler_collector", - "description": "Fleet-wide, whole-system, continuous profiling with zero instrumentation.", - "data_streams": [], - "elser_embedding": "Universal Profiling Collector - Fleet-wide, whole-system, continuous profiling with zero instrumentation. - " - }, - { - "title": "Custom API using Common Expression Language", - "id": "cel", - "description": "Collect custom events from an API with Elastic agent", - "data_streams": [], - "elser_embedding": "Custom API using Common Expression Language - Collect custom events from an API with Elastic agent - " - }, - { - "title": "etcd", - "id": "etcd", - "description": "Collect metrics from etcd instances with Elastic Agent.", - "data_streams": [ - { - "dataset": "self", - "index_pattern": "logs-etcd.self-*", - "title": "etcd self metrics" - }, - { - "dataset": "leader", - "index_pattern": "logs-etcd.leader-*", - "title": "etcd leader metrics" - }, - { - "dataset": "store", - "index_pattern": "logs-etcd.store-*", - "title": "etcd store metrics" - }, - { - "dataset": "metrics", - "index_pattern": "logs-etcd.metrics-*", - "title": "etcd v3 metrics" - } - ], - "elser_embedding": "etcd - Collect metrics from etcd instances with Elastic Agent. - etcd self metrics etcd leader metrics etcd store metrics etcd v3 metrics" - }, - { - "title": "Citrix Web App Firewall", - "id": "citrix_waf", - "description": "Ingest events from Citrix Systems Web App Firewall.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-citrix_waf.log-*", - "title": "Cisco ASA logs" - } - ], - "elser_embedding": "Citrix Web App Firewall - Ingest events from Citrix Systems Web App Firewall. - Cisco ASA logs" - }, - { - "title": "Azure OpenAI", - "id": "azure_openai", - "description": "Collects Azure OpenAI Logs and Metrics", - "data_streams": [ - { - "dataset": "logs", - "index_pattern": "logs-azure_openai.logs-*", - "title": "Collect Azure OpenAI logs" - }, - { - "dataset": "metrics", - "index_pattern": "logs-azure_openai.metrics-*", - "title": "Collect OpenAI metrics" - } - ], - "elser_embedding": "Azure OpenAI - Collects Azure OpenAI Logs and Metrics - Collect Azure OpenAI logs Collect OpenAI metrics" - }, - { - "title": "Cisco ISE", - "id": "cisco_ise", - "description": "Collect logs from Cisco ISE with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-cisco_ise.log-*", - "title": "Cisco ISE logs" - } - ], - "elser_embedding": "Cisco ISE - Collect logs from Cisco ISE with Elastic Agent. - Cisco ISE logs" - }, - { - "title": "Citrix ADC", - "id": "citrix_adc", - "description": "This Elastic integration collects logs and metrics from Citrix ADC product.", - "data_streams": [ - { - "dataset": "vpn", - "index_pattern": "logs-citrix_adc.vpn-*", - "title": "VPN metrics" - }, - { - "dataset": "log", - "index_pattern": "logs-citrix_adc.log-*", - "title": "Citrix ADC logs" - }, - { - "dataset": "service", - "index_pattern": "logs-citrix_adc.service-*", - "title": "Citrix ADC Service metrics" - }, - { - "dataset": "system", - "index_pattern": "logs-citrix_adc.system-*", - "title": "System metrics" - }, - { - "dataset": "interface", - "index_pattern": "logs-citrix_adc.interface-*", - "title": "Interface metrics" - }, - { - "dataset": "lbvserver", - "index_pattern": "logs-citrix_adc.lbvserver-*", - "title": "Load Balancing Virtual Server metrics" - } - ], - "elser_embedding": "Citrix ADC - This Elastic integration collects logs and metrics from Citrix ADC product. - VPN metrics Citrix ADC logs Citrix ADC Service metrics System metrics Interface metrics Load Balancing Virtual Server metrics" - }, - { - "title": "Box Events", - "id": "box_events", - "description": "Collect logs from Box with Elastic Agent", - "data_streams": [ - { - "dataset": "events", - "index_pattern": "logs-box_events.events-*", - "title": "List user and enterprise events" - } - ], - "elser_embedding": "Box Events - Collect logs from Box with Elastic Agent - List user and enterprise events" - }, - { - "title": "Prometheus", - "id": "prometheus", - "description": "Collect metrics from Prometheus servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "query", - "index_pattern": "logs-prometheus.query-*", - "title": "Prometheus query metrics" - }, - { - "dataset": "remote_write", - "index_pattern": "logs-prometheus.remote_write-*", - "title": "Prometheus remote_write metrics" - }, - { - "dataset": "collector", - "index_pattern": "logs-prometheus.collector-*", - "title": "Prometheus collector metrics" - } - ], - "elser_embedding": "Prometheus - Collect metrics from Prometheus servers with Elastic Agent. - Prometheus query metrics Prometheus remote_write metrics Prometheus collector metrics" - }, - { - "title": "Kubernetes", - "id": "kubernetes", - "description": "Collect logs and metrics from Kubernetes clusters with Elastic Agent.", - "data_streams": [ - { - "dataset": "state_resourcequota", - "index_pattern": "logs-kubernetes.state_resourcequota-*", - "title": "Kubernetes ResourceQuota metrics" - }, - { - "dataset": "state_storageclass", - "index_pattern": "logs-kubernetes.state_storageclass-*", - "title": "Kubernetes StorageClass metrics" - }, - { - "dataset": "state_persistentvolume", - "index_pattern": "logs-kubernetes.state_persistentvolume-*", - "title": "Kubernetes PersistentVolume metrics" - }, - { - "dataset": "pod", - "index_pattern": "logs-kubernetes.pod-*", - "title": "Kubernetes Pod metrics" - }, - { - "dataset": "state_container", - "index_pattern": "logs-kubernetes.state_container-*", - "title": "Kubernetes Container metrics" - }, - { - "dataset": "state_service", - "index_pattern": "logs-kubernetes.state_service-*", - "title": "Kubernetes Service metrics" - }, - { - "dataset": "state_replicaset", - "index_pattern": "logs-kubernetes.state_replicaset-*", - "title": "Kubernetes state_replicaset metrics" - }, - { - "dataset": "state_deployment", - "index_pattern": "logs-kubernetes.state_deployment-*", - "title": "Kubernetes Deployment metrics" - }, - { - "dataset": "container", - "index_pattern": "logs-kubernetes.container-*", - "title": "Kubernetes Container metrics" - }, - { - "dataset": "state_cronjob", - "index_pattern": "logs-kubernetes.state_cronjob-*", - "title": "Kubernetes Cronjob metrics" - }, - { - "dataset": "state_persistentvolumeclaim", - "index_pattern": "logs-kubernetes.state_persistentvolumeclaim-*", - "title": "Kubernetes PersistentVolumeClaim metrics" - }, - { - "dataset": "apiserver", - "index_pattern": "logs-kubernetes.apiserver-*", - "title": "Kubernetes API Server metrics" - }, - { - "dataset": "audit_logs", - "index_pattern": "logs-kubernetes.audit_logs-*", - "title": "Kubernetes audit logs" - }, - { - "dataset": "container_logs", - "index_pattern": "logs-kubernetes.container_logs-*", - "title": "Kubernetes container logs" - }, - { - "dataset": "state_namespace", - "index_pattern": "logs-kubernetes.state_namespace-*", - "title": "Kubernetes Namespace metrics" - }, - { - "dataset": "controllermanager", - "index_pattern": "logs-kubernetes.controllermanager-*", - "title": "Kubernetes Controller Manager metrics" - }, - { - "dataset": "state_statefulset", - "index_pattern": "logs-kubernetes.state_statefulset-*", - "title": "Kubernetes StatefulSet metrics" - }, - { - "dataset": "state_pod", - "index_pattern": "logs-kubernetes.state_pod-*", - "title": "Kubernetes Pod metrics" - }, - { - "dataset": "event", - "index_pattern": "logs-kubernetes.event-*", - "title": "Kubernetes Event metrics" - }, - { - "dataset": "node", - "index_pattern": "logs-kubernetes.node-*", - "title": "Kubernetes Node metrics" - }, - { - "dataset": "scheduler", - "index_pattern": "logs-kubernetes.scheduler-*", - "title": "Kubernetes Scheduler metrics" - }, - { - "dataset": "system", - "index_pattern": "logs-kubernetes.system-*", - "title": "Kubernetes System metrics" - }, - { - "dataset": "proxy", - "index_pattern": "logs-kubernetes.proxy-*", - "title": "Kubernetes Proxy metrics" - }, - { - "dataset": "state_node", - "index_pattern": "logs-kubernetes.state_node-*", - "title": "Kubernetes Node metrics" - }, - { - "dataset": "volume", - "index_pattern": "logs-kubernetes.volume-*", - "title": "Kubernetes Volume metrics" - }, - { - "dataset": "state_job", - "index_pattern": "logs-kubernetes.state_job-*", - "title": "Kubernetes Job metrics" - }, - { - "dataset": "state_daemonset", - "index_pattern": "logs-kubernetes.state_daemonset-*", - "title": "Kubernetes Deamonset metrics" - } - ], - "elser_embedding": "Kubernetes - Collect logs and metrics from Kubernetes clusters with Elastic Agent. - Kubernetes ResourceQuota metrics Kubernetes StorageClass metrics Kubernetes PersistentVolume metrics Kubernetes Pod metrics Kubernetes Container metrics Kubernetes Service metrics Kubernetes state_replicaset metrics Kubernetes Deployment metrics Kubernetes Container metrics Kubernetes Cronjob metrics Kubernetes PersistentVolumeClaim metrics Kubernetes API Server metrics Kubernetes audit logs Kubernetes container logs Kubernetes Namespace metrics Kubernetes Controller Manager metrics Kubernetes StatefulSet metrics Kubernetes Pod metrics Kubernetes Event metrics Kubernetes Node metrics Kubernetes Scheduler metrics Kubernetes System metrics Kubernetes Proxy metrics Kubernetes Node metrics Kubernetes Volume metrics Kubernetes Job metrics Kubernetes Deamonset metrics" - }, - { - "title": "Okta Entity Analytics", - "id": "entityanalytics_okta", - "description": "Collect User Identities from Okta with Elastic Agent.", - "data_streams": [ - { - "dataset": "user", - "index_pattern": "logs-entityanalytics_okta.user-*", - "title": "Collect User Identities logs from Okta" - } - ], - "elser_embedding": "Okta Entity Analytics - Collect User Identities from Okta with Elastic Agent. - Collect User Identities logs from Okta" - }, - { - "title": "GCP Vertex AI", - "id": "gcp_vertexai", - "description": "Collect GCP Vertex AI metrics with Elastic Agent", - "data_streams": [ - { - "dataset": "metrics", - "index_pattern": "logs-gcp_vertexai.metrics-*", - "title": "GCP Vertex AI Metrics" - } - ], - "elser_embedding": "GCP Vertex AI - Collect GCP Vertex AI metrics with Elastic Agent - GCP Vertex AI Metrics" - }, - { - "title": "First EPSS", - "id": "first_epss", - "description": "Collect exploit prediction score data from the First EPSS API with Elastic Agent.", - "data_streams": [ - { - "dataset": "vulnerability", - "index_pattern": "logs-first_epss.vulnerability-*", - "title": "Collect EPSS data from First API." - } - ], - "elser_embedding": "First EPSS - Collect exploit prediction score data from the First EPSS API with Elastic Agent. - Collect EPSS data from First API." - }, - { - "title": "Snort", - "id": "snort", - "description": "Collect logs from Snort with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-snort.log-*", - "title": "Snort" - } - ], - "elser_embedding": "Snort - Collect logs from Snort with Elastic Agent. - Snort" - }, - { - "title": "Azure Functions", - "id": "azure_functions", - "description": "Get metrics and logs from Azure Functions", - "data_streams": [ - { - "dataset": "functionapplogs", - "index_pattern": "logs-azure_functions.functionapplogs-*", - "title": "Collect Azure Functions logs" - }, - { - "dataset": "metrics", - "index_pattern": "logs-azure_functions.metrics-*", - "title": "Azure Functions App Metrics" - } - ], - "elser_embedding": "Azure Functions - Get metrics and logs from Azure Functions - Collect Azure Functions logs Azure Functions App Metrics" - }, - { - "title": "SentinelOne Cloud Funnel", - "id": "sentinel_one_cloud_funnel", - "description": "Collect logs from SentinelOne Cloud Funnel with Elastic Agent.", - "data_streams": [ - { - "dataset": "threat_intelligence_indicators", - "index_pattern": "logs-sentinel_one_cloud_funnel.threat_intelligence_indicators-*", - "title": "SentinelOne Cloud Funnel Threat Intelligence Indicator Events" - }, - { - "dataset": "scheduled_task", - "index_pattern": "logs-sentinel_one_cloud_funnel.scheduled_task-*", - "title": "SentinelOne Cloud Funnel Scheduled Task Events" - }, - { - "dataset": "cross_process", - "index_pattern": "logs-sentinel_one_cloud_funnel.cross_process-*", - "title": "SentinelOne Cloud Funnel cross_process Events" - }, - { - "dataset": "url", - "index_pattern": "logs-sentinel_one_cloud_funnel.url-*", - "title": "SentinelOne Cloud Funnel URL Events" - }, - { - "dataset": "file", - "index_pattern": "logs-sentinel_one_cloud_funnel.file-*", - "title": "SentinelOne Cloud Funnel File Events" - }, - { - "dataset": "module", - "index_pattern": "logs-sentinel_one_cloud_funnel.module-*", - "title": "SentinelOne Cloud Funnel Module Events" - }, - { - "dataset": "process", - "index_pattern": "logs-sentinel_one_cloud_funnel.process-*", - "title": "SentinelOne Cloud Funnel Process Events" - }, - { - "dataset": "dns", - "index_pattern": "logs-sentinel_one_cloud_funnel.dns-*", - "title": "SentinelOne Cloud Funnel dns Events" - }, - { - "dataset": "logins", - "index_pattern": "logs-sentinel_one_cloud_funnel.logins-*", - "title": "SentinelOne Cloud Funnel Logins Events" - }, - { - "dataset": "command_script", - "index_pattern": "logs-sentinel_one_cloud_funnel.command_script-*", - "title": "SentinelOne Cloud Funnel command_script Events" - }, - { - "dataset": "indicators", - "index_pattern": "logs-sentinel_one_cloud_funnel.indicators-*", - "title": "SentinelOne Cloud Funnel Indicator Events" - }, - { - "dataset": "event", - "index_pattern": "logs-sentinel_one_cloud_funnel.event-*", - "title": "Collect Event logs from SentinelOne Cloud Funnel." - }, - { - "dataset": "ip", - "index_pattern": "logs-sentinel_one_cloud_funnel.ip-*", - "title": "SentinelOne Cloud Funnel IP Events" - }, - { - "dataset": "registry", - "index_pattern": "logs-sentinel_one_cloud_funnel.registry-*", - "title": "SentinelOne Cloud Funnel Registry Events" - } - ], - "elser_embedding": "SentinelOne Cloud Funnel - Collect logs from SentinelOne Cloud Funnel with Elastic Agent. - SentinelOne Cloud Funnel Threat Intelligence Indicator Events SentinelOne Cloud Funnel Scheduled Task Events SentinelOne Cloud Funnel cross_process Events SentinelOne Cloud Funnel URL Events SentinelOne Cloud Funnel File Events SentinelOne Cloud Funnel Module Events SentinelOne Cloud Funnel Process Events SentinelOne Cloud Funnel dns Events SentinelOne Cloud Funnel Logins Events SentinelOne Cloud Funnel command_script Events SentinelOne Cloud Funnel Indicator Events Collect Event logs from SentinelOne Cloud Funnel. SentinelOne Cloud Funnel IP Events SentinelOne Cloud Funnel Registry Events" - }, - { - "title": "Cisco Meraki", - "id": "cisco_meraki", - "description": "Collect logs from Cisco Meraki with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-cisco_meraki.log-*", - "title": "Cisco Meraki logs (via Syslog)" - }, - { - "dataset": "events", - "index_pattern": "logs-cisco_meraki.events-*", - "title": "Cisco Meraki webhook events" - } - ], - "elser_embedding": "Cisco Meraki - Collect logs from Cisco Meraki with Elastic Agent. - Cisco Meraki logs (via Syslog) Cisco Meraki webhook events" - }, - { - "title": "Osquery Manager", - "id": "osquery_manager", - "description": "Deploy Osquery with Elastic Agent, then run and schedule queries in Kibana", - "data_streams": [ - { - "dataset": "result", - "index_pattern": "logs-osquery_manager.result-*", - "title": "Osquery Manager queries" - }, - { - "dataset": "action_responses", - "index_pattern": "logs-osquery_manager.action_responses-*", - "title": "Osquery Manager queries" - } - ], - "elser_embedding": "Osquery Manager - Deploy Osquery with Elastic Agent, then run and schedule queries in Kibana - Osquery Manager queries Osquery Manager queries" - }, - { - "title": "ModSecurity Audit", - "id": "modsecurity", - "description": "Collect logs from ModSecurity with Elastic Agent", - "data_streams": [ - { - "dataset": "auditlog", - "index_pattern": "logs-modsecurity.auditlog-*", - "title": "Modsecurity Audit Log" - } - ], - "elser_embedding": "ModSecurity Audit - Collect logs from ModSecurity with Elastic Agent - Modsecurity Audit Log" - }, - { - "title": "pfSense", - "id": "pfsense", - "description": "Collect logs from pfSense and OPNsense with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-pfsense.log-*", - "title": "pfSense log logs" - } - ], - "elser_embedding": "pfSense - Collect logs from pfSense and OPNsense with Elastic Agent. - pfSense log logs" - }, - { - "title": "Ceph", - "id": "ceph", - "description": "This Elastic integration collects metrics from Ceph instance.", - "data_streams": [ - { - "dataset": "cluster_disk", - "index_pattern": "logs-ceph.cluster_disk-*", - "title": "Cluster Disk metrics" - }, - { - "dataset": "osd_pool_stats", - "index_pattern": "logs-ceph.osd_pool_stats-*", - "title": "OSD Pool Stats" - }, - { - "dataset": "cluster_status", - "index_pattern": "logs-ceph.cluster_status-*", - "title": "Cluster Status metrics" - }, - { - "dataset": "pool_disk", - "index_pattern": "logs-ceph.pool_disk-*", - "title": "Pool Disk metrics" - }, - { - "dataset": "osd_tree", - "index_pattern": "logs-ceph.osd_tree-*", - "title": "OSD Tree metrics" - }, - { - "dataset": "osd_performance", - "index_pattern": "logs-ceph.osd_performance-*", - "title": "OSD Performance metrics" - }, - { - "dataset": "cluster_health", - "index_pattern": "logs-ceph.cluster_health-*", - "title": "Cluster Health metrics" - } - ], - "elser_embedding": "Ceph - This Elastic integration collects metrics from Ceph instance. - Cluster Disk metrics OSD Pool Stats Cluster Status metrics Pool Disk metrics OSD Tree metrics OSD Performance metrics Cluster Health metrics" - }, - { - "title": "Maltiverse", - "id": "ti_maltiverse", - "description": "Ingest threat intelligence indicators from Maltiverse feeds with Elastic Agent", - "data_streams": [ - { - "dataset": "indicator", - "index_pattern": "logs-ti_maltiverse.indicator-*", - "title": "Maltiverse indicator" - } - ], - "elser_embedding": "Maltiverse - Ingest threat intelligence indicators from Maltiverse feeds with Elastic Agent - Maltiverse indicator" - }, - { - "title": "Imperva", - "id": "imperva", - "description": "Collect logs from Imperva devices with Elastic Agent.", - "data_streams": [ - { - "dataset": "securesphere", - "index_pattern": "logs-imperva.securesphere-*", - "title": "Collect logs from Imperva SecureSphere" - } - ], - "elser_embedding": "Imperva - Collect logs from Imperva devices with Elastic Agent. - Collect logs from Imperva SecureSphere" - }, - { - "title": "Linux Metrics", - "id": "linux", - "description": "Collect metrics from Linux servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "memory", - "index_pattern": "logs-linux.memory-*", - "title": "Linux-only memory metrics" - }, - { - "dataset": "socket", - "index_pattern": "logs-linux.socket-*", - "title": "System socket metrics" - }, - { - "dataset": "ksm", - "index_pattern": "logs-linux.ksm-*", - "title": "Kernel Samepage merging metrics" - }, - { - "dataset": "raid", - "index_pattern": "logs-linux.raid-*", - "title": "System raid metrics" - }, - { - "dataset": "conntrack", - "index_pattern": "logs-linux.conntrack-*", - "title": "System conntrack metrics" - }, - { - "dataset": "network_summary", - "index_pattern": "logs-linux.network_summary-*", - "title": "System network_summary metrics" - }, - { - "dataset": "users", - "index_pattern": "logs-linux.users-*", - "title": "System users metrics" - }, - { - "dataset": "service", - "index_pattern": "logs-linux.service-*", - "title": "System service metrics" - }, - { - "dataset": "pageinfo", - "index_pattern": "logs-linux.pageinfo-*", - "title": "System page info metrics" - }, - { - "dataset": "iostat", - "index_pattern": "logs-linux.iostat-*", - "title": "Linux disk iostat metrics" - }, - { - "dataset": "entropy", - "index_pattern": "logs-linux.entropy-*", - "title": "System entropy metrics" - } - ], - "elser_embedding": "Linux Metrics - Collect metrics from Linux servers with Elastic Agent. - Linux-only memory metrics System socket metrics Kernel Samepage merging metrics System raid metrics System conntrack metrics System network_summary metrics System users metrics System service metrics System page info metrics Linux disk iostat metrics System entropy metrics" - }, - { - "title": "Cybereason", - "id": "cybereason", - "description": "Collect logs from Cybereason with Elastic Agent.", - "data_streams": [ - { - "dataset": "logon_session", - "index_pattern": "logs-cybereason.logon_session-*", - "title": "Collect Logon Session logs from Cybereason." - }, - { - "dataset": "poll_malop", - "index_pattern": "logs-cybereason.poll_malop-*", - "title": "Collect Poll Malop logs from Cybereason." - }, - { - "dataset": "suspicions_process", - "index_pattern": "logs-cybereason.suspicions_process-*", - "title": "Collect Suspicions Process logs from Cybereason." - }, - { - "dataset": "malop_process", - "index_pattern": "logs-cybereason.malop_process-*", - "title": "Collect Malop Process logs from Cybereason." - }, - { - "dataset": "malop_connection", - "index_pattern": "logs-cybereason.malop_connection-*", - "title": "Collect Malop Connection logs from Cybereason." - }, - { - "dataset": "malware", - "index_pattern": "logs-cybereason.malware-*", - "title": "Collect Malware logs from Cybereason." - } - ], - "elser_embedding": "Cybereason - Collect logs from Cybereason with Elastic Agent. - Collect Logon Session logs from Cybereason. Collect Poll Malop logs from Cybereason. Collect Suspicions Process logs from Cybereason. Collect Malop Process logs from Cybereason. Collect Malop Connection logs from Cybereason. Collect Malware logs from Cybereason." - }, - { - "title": "Kafka", - "id": "kafka", - "description": "Collect logs and metrics from Kafka servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "broker", - "index_pattern": "logs-kafka.broker-*", - "title": "Kafka broker metrics" - }, - { - "dataset": "consumergroup", - "index_pattern": "logs-kafka.consumergroup-*", - "title": "Kafka consumergroup metrics" - }, - { - "dataset": "partition", - "index_pattern": "logs-kafka.partition-*", - "title": "Kafka partition metrics" - }, - { - "dataset": "log", - "index_pattern": "logs-kafka.log-*", - "title": "Kafka log logs" - } - ], - "elser_embedding": "Kafka - Collect logs and metrics from Kafka servers with Elastic Agent. - Kafka broker metrics Kafka consumergroup metrics Kafka partition metrics Kafka log logs" - }, - { - "title": "Sophos Central", - "id": "sophos_central", - "description": "This Elastic integration collects logs from Sophos Central with Elastic Agent.", - "data_streams": [ - { - "dataset": "alert", - "index_pattern": "logs-sophos_central.alert-*", - "title": "Collect Sophos Central SIEM Alert logs" - }, - { - "dataset": "event", - "index_pattern": "logs-sophos_central.event-*", - "title": "Collect Sophos Central SIEM Events logs" - } - ], - "elser_embedding": "Sophos Central - This Elastic integration collects logs from Sophos Central with Elastic Agent. - Collect Sophos Central SIEM Alert logs Collect Sophos Central SIEM Events logs" - }, - { - "title": "PostgreSQL", - "id": "postgresql", - "description": "Collect logs and metrics from PostgreSQL servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "bgwriter", - "index_pattern": "logs-postgresql.bgwriter-*", - "title": "PostgreSQL bgwriter metrics" - }, - { - "dataset": "database", - "index_pattern": "logs-postgresql.database-*", - "title": "PostgreSQL database metrics" - }, - { - "dataset": "log", - "index_pattern": "logs-postgresql.log-*", - "title": "PostgreSQL logs" - }, - { - "dataset": "statement", - "index_pattern": "logs-postgresql.statement-*", - "title": "PostgreSQL statement metrics" - }, - { - "dataset": "activity", - "index_pattern": "logs-postgresql.activity-*", - "title": "PostgreSQL activity metrics" - } - ], - "elser_embedding": "PostgreSQL - Collect logs and metrics from PostgreSQL servers with Elastic Agent. - PostgreSQL bgwriter metrics PostgreSQL database metrics PostgreSQL logs PostgreSQL statement metrics PostgreSQL activity metrics" - }, - { - "title": "Corelight", - "id": "corelight", - "description": "Collect logs from Corelight with Elastic Agent.", - "data_streams": [], - "elser_embedding": "Corelight - Collect logs from Corelight with Elastic Agent. - " - }, - { - "title": "Threat Intelligence Utilities", - "id": "ti_util", - "description": "Prebuilt Threat Intelligence dashboard for Elastic Security", - "data_streams": [], - "elser_embedding": "Threat Intelligence Utilities - Prebuilt Threat Intelligence dashboard for Elastic Security - " - }, - { - "title": "Imperva Cloud WAF", - "id": "imperva_cloud_waf", - "description": "Collect logs from Imperva Cloud WAF with Elastic Agent.", - "data_streams": [ - { - "dataset": "event", - "index_pattern": "logs-imperva_cloud_waf.event-*", - "title": "Collect Imperva Cloud WAF Events" - } - ], - "elser_embedding": "Imperva Cloud WAF - Collect logs from Imperva Cloud WAF with Elastic Agent. - Collect Imperva Cloud WAF Events" - }, - { - "title": "File Integrity Monitoring", - "id": "fim", - "description": "The File Integrity Monitoring integration reports filesystem changes in real time.", - "data_streams": [ - { - "dataset": "event", - "index_pattern": "logs-fim.event-*", - "title": "Filesystem events" - } - ], - "elser_embedding": "File Integrity Monitoring - The File Integrity Monitoring integration reports filesystem changes in real time. - Filesystem events" - }, - { - "title": "Custom Websocket logs", - "id": "websocket", - "description": "Collect custom events from a socket server with Elastic agent.", - "data_streams": [], - "elser_embedding": "Custom Websocket logs - Collect custom events from a socket server with Elastic agent. - " - }, - { - "title": "SpyCloud Enterprise Protection", - "id": "spycloud", - "description": "Collect data from SpyCloud Enterprise Protection with Elastic Agent.", - "data_streams": [ - { - "dataset": "compass", - "index_pattern": "logs-spycloud.compass-*", - "title": "Collect Compass logs from SpyCloud Enterprise Protection." - }, - { - "dataset": "breach_record", - "index_pattern": "logs-spycloud.breach_record-*", - "title": "Collect Breach Record logs from SpyCloud Enterprise Protection." - }, - { - "dataset": "breach_catalog", - "index_pattern": "logs-spycloud.breach_catalog-*", - "title": "Collect Breach Catalog logs from SpyCloud Enterprise Protection." - } - ], - "elser_embedding": "SpyCloud Enterprise Protection - Collect data from SpyCloud Enterprise Protection with Elastic Agent. - Collect Compass logs from SpyCloud Enterprise Protection. Collect Breach Record logs from SpyCloud Enterprise Protection. Collect Breach Catalog logs from SpyCloud Enterprise Protection." - }, - { - "title": "Canva", - "id": "canva", - "description": "Collect logs from Canva with Elastic Agent.", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-canva.audit-*", - "title": "Collect Audit Logs from Canva" - } - ], - "elser_embedding": "Canva - Collect logs from Canva with Elastic Agent. - Collect Audit Logs from Canva" - }, - { - "title": "Microsoft Office 365", - "id": "o365", - "description": "Collect logs from Microsoft Office 365 with Elastic Agent.", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-o365.audit-*", - "title": "Microsoft Office 365 audit logs" - } - ], - "elser_embedding": "Microsoft Office 365 - Collect logs from Microsoft Office 365 with Elastic Agent. - Microsoft Office 365 audit logs" - }, - { - "title": "AWS", - "id": "aws", - "description": "Collect logs and metrics from Amazon Web Services (AWS) with Elastic Agent.", - "data_streams": [ - { - "dataset": "ec2_metrics", - "index_pattern": "logs-aws.ec2_metrics-*", - "title": "AWS EC2 metrics" - }, - { - "dataset": "apigateway_metrics", - "index_pattern": "logs-aws.apigateway_metrics-*", - "title": "AWS API Gateway metrics" - }, - { - "dataset": "ec2_logs", - "index_pattern": "logs-aws.ec2_logs-*", - "title": "AWS EC2 logs" - }, - { - "dataset": "cloudwatch_logs", - "index_pattern": "logs-aws.cloudwatch_logs-*", - "title": "AWS CloudWatch logs" - }, - { - "dataset": "billing", - "index_pattern": "logs-aws.billing-*", - "title": "AWS Billing Metrics" - }, - { - "dataset": "ebs", - "index_pattern": "logs-aws.ebs-*", - "title": "AWS EBS metrics" - }, - { - "dataset": "awshealth", - "index_pattern": "logs-aws.awshealth-*", - "title": "AWS Health" - }, - { - "dataset": "transitgateway", - "index_pattern": "logs-aws.transitgateway-*", - "title": "AWS Transit Gateway metrics" - }, - { - "dataset": "cloudtrail", - "index_pattern": "logs-aws.cloudtrail-*", - "title": "AWS CloudTrail Logs" - }, - { - "dataset": "vpn", - "index_pattern": "logs-aws.vpn-*", - "title": "AWS VPN metrics" - }, - { - "dataset": "sns", - "index_pattern": "logs-aws.sns-*", - "title": "AWS SNS metrics" - }, - { - "dataset": "firewall_metrics", - "index_pattern": "logs-aws.firewall_metrics-*", - "title": "AWS Network Firewall metrics" - }, - { - "dataset": "waf", - "index_pattern": "logs-aws.waf-*", - "title": "AWS WAF logs" - }, - { - "dataset": "emr_metrics", - "index_pattern": "logs-aws.emr_metrics-*", - "title": "AWS EMR metrics" - }, - { - "dataset": "firewall_logs", - "index_pattern": "logs-aws.firewall_logs-*", - "title": "AWS Network Firewall logs" - }, - { - "dataset": "lambda", - "index_pattern": "logs-aws.lambda-*", - "title": "AWS Lambda metrics" - }, - { - "dataset": "securityhub_insights", - "index_pattern": "logs-aws.securityhub_insights-*", - "title": "Collect AWS Security Hub Insights logs from AWS" - }, - { - "dataset": "redshift", - "index_pattern": "logs-aws.redshift-*", - "title": "Amazon Redshift metrics" - }, - { - "dataset": "inspector", - "index_pattern": "logs-aws.inspector-*", - "title": "Collect AWS Inspector logs from AWS" - }, - { - "dataset": "route53_resolver_logs", - "index_pattern": "logs-aws.route53_resolver_logs-*", - "title": "AWS Route 53 Resolver Query Logs" - }, - { - "dataset": "emr_logs", - "index_pattern": "logs-aws.emr_logs-*", - "title": "AWS EMR logs" - }, - { - "dataset": "elb_metrics", - "index_pattern": "logs-aws.elb_metrics-*", - "title": "AWS ELB metrics" - }, - { - "dataset": "s3access", - "index_pattern": "logs-aws.s3access-*", - "title": "AWS s3access logs" - }, - { - "dataset": "securityhub_findings", - "index_pattern": "logs-aws.securityhub_findings-*", - "title": "Collect AWS Security Hub Findings logs from AWS" - }, - { - "dataset": "vpcflow", - "index_pattern": "logs-aws.vpcflow-*", - "title": "AWS vpcflow logs" - }, - { - "dataset": "elb_logs", - "index_pattern": "logs-aws.elb_logs-*", - "title": "AWS ELB logs" - }, - { - "dataset": "kafka_metrics", - "index_pattern": "logs-aws.kafka_metrics-*", - "title": "AWS Kafka metrics" - }, - { - "dataset": "kinesis", - "index_pattern": "logs-aws.kinesis-*", - "title": "AWS Kinesis Data Stream metrics" - }, - { - "dataset": "cloudwatch_metrics", - "index_pattern": "logs-aws.cloudwatch_metrics-*", - "title": "AWS CloudWatch metrics" - }, - { - "dataset": "s3_daily_storage", - "index_pattern": "logs-aws.s3_daily_storage-*", - "title": "AWS S3 daily storage metrics" - }, - { - "dataset": "guardduty", - "index_pattern": "logs-aws.guardduty-*", - "title": "Collect Amazon GuardDuty Findings logs from AWS" - }, - { - "dataset": "rds", - "index_pattern": "logs-aws.rds-*", - "title": "AWS RDS metrics" - }, - { - "dataset": "ecs_metrics", - "index_pattern": "logs-aws.ecs_metrics-*", - "title": "AWS ECS metrics" - }, - { - "dataset": "s3_storage_lens", - "index_pattern": "logs-aws.s3_storage_lens-*", - "title": "AWS S3 Storage Lens metrics" - }, - { - "dataset": "route53_public_logs", - "index_pattern": "logs-aws.route53_public_logs-*", - "title": "AWS Route 53 Public Zone Logs" - }, - { - "dataset": "cloudfront_logs", - "index_pattern": "logs-aws.cloudfront_logs-*", - "title": "AWS CloudFront logs" - }, - { - "dataset": "usage", - "index_pattern": "logs-aws.usage-*", - "title": "AWS usage metrics" - }, - { - "dataset": "dynamodb", - "index_pattern": "logs-aws.dynamodb-*", - "title": "AWS DynamoDB metrics" - }, - { - "dataset": "apigateway_logs", - "index_pattern": "logs-aws.apigateway_logs-*", - "title": "AWS API Gateway logs" - }, - { - "dataset": "s3_request", - "index_pattern": "logs-aws.s3_request-*", - "title": "AWS S3 request metrics" - }, - { - "dataset": "sqs", - "index_pattern": "logs-aws.sqs-*", - "title": "AWS SQS metrics" - }, - { - "dataset": "natgateway", - "index_pattern": "logs-aws.natgateway-*", - "title": "AWS NAT gateway metrics" - } - ], - "elser_embedding": "AWS - Collect logs and metrics from Amazon Web Services (AWS) with Elastic Agent. - AWS EC2 metrics AWS API Gateway metrics AWS EC2 logs AWS CloudWatch logs AWS Billing Metrics AWS EBS metrics AWS Health AWS Transit Gateway metrics AWS CloudTrail Logs AWS VPN metrics AWS SNS metrics AWS Network Firewall metrics AWS WAF logs AWS EMR metrics AWS Network Firewall logs AWS Lambda metrics Collect AWS Security Hub Insights logs from AWS Amazon Redshift metrics Collect AWS Inspector logs from AWS AWS Route 53 Resolver Query Logs AWS EMR logs AWS ELB metrics AWS s3access logs Collect AWS Security Hub Findings logs from AWS AWS vpcflow logs AWS ELB logs AWS Kafka metrics AWS Kinesis Data Stream metrics AWS CloudWatch metrics AWS S3 daily storage metrics Collect Amazon GuardDuty Findings logs from AWS AWS RDS metrics AWS ECS metrics AWS S3 Storage Lens metrics AWS Route 53 Public Zone Logs AWS CloudFront logs AWS usage metrics AWS DynamoDB metrics AWS API Gateway logs AWS S3 request metrics AWS SQS metrics AWS NAT gateway metrics" - }, - { - "title": "Nginx Ingress Controller Logs", - "id": "nginx_ingress_controller", - "description": "Collect Nginx Ingress Controller logs.", - "data_streams": [ - { - "dataset": "access", - "index_pattern": "logs-nginx_ingress_controller.access-*", - "title": "Nginx Ingress Controller access logs" - }, - { - "dataset": "error", - "index_pattern": "logs-nginx_ingress_controller.error-*", - "title": "Nginx Ingress Controller error logs" - } - ], - "elser_embedding": "Nginx Ingress Controller Logs - Collect Nginx Ingress Controller logs. - Nginx Ingress Controller access logs Nginx Ingress Controller error logs" - }, - { - "title": "Cisco Umbrella", - "id": "cisco_umbrella", - "description": "Collect logs from Cisco Umbrella with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-cisco_umbrella.log-*", - "title": "Cisco Umbrella logs" - } - ], - "elser_embedding": "Cisco Umbrella - Collect logs from Cisco Umbrella with Elastic Agent. - Cisco Umbrella logs" - }, - { - "title": "Cloudflare Logpush", - "id": "cloudflare_logpush", - "description": "Collect and parse logs from Cloudflare API with Elastic Agent.", - "data_streams": [ - { - "dataset": "http_request", - "index_pattern": "logs-cloudflare_logpush.http_request-*", - "title": "Collect HTTP Request logs from Cloudflare" - }, - { - "dataset": "access_request", - "index_pattern": "logs-cloudflare_logpush.access_request-*", - "title": "Collect Access Request logs from Cloudflare" - }, - { - "dataset": "network_session", - "index_pattern": "logs-cloudflare_logpush.network_session-*", - "title": "Collect Zero Trust Network Session logs from Cloudflare" - }, - { - "dataset": "spectrum_event", - "index_pattern": "logs-cloudflare_logpush.spectrum_event-*", - "title": "Collect Spectrum Event logs from Cloudflare" - }, - { - "dataset": "gateway_http", - "index_pattern": "logs-cloudflare_logpush.gateway_http-*", - "title": "Collect Gateway HTTP logs from Cloudflare" - }, - { - "dataset": "casb", - "index_pattern": "logs-cloudflare_logpush.casb-*", - "title": "Collect CASB Findings logs from Cloudflare" - }, - { - "dataset": "magic_ids", - "index_pattern": "logs-cloudflare_logpush.magic_ids-*", - "title": "Collect Magic IDS logs from Cloudflare" - }, - { - "dataset": "workers_trace", - "index_pattern": "logs-cloudflare_logpush.workers_trace-*", - "title": "Collect Workers Trace Event logs from Cloudflare" - }, - { - "dataset": "audit", - "index_pattern": "logs-cloudflare_logpush.audit-*", - "title": "Collect Audit logs from Cloudflare" - }, - { - "dataset": "nel_report", - "index_pattern": "logs-cloudflare_logpush.nel_report-*", - "title": "Collect NEL Report logs from Cloudflare" - }, - { - "dataset": "network_analytics", - "index_pattern": "logs-cloudflare_logpush.network_analytics-*", - "title": "Collect Network Analytics logs from Cloudflare" - }, - { - "dataset": "dns", - "index_pattern": "logs-cloudflare_logpush.dns-*", - "title": "Collect DNS logs from Cloudflare" - }, - { - "dataset": "device_posture", - "index_pattern": "logs-cloudflare_logpush.device_posture-*", - "title": "Collect Device Posture Results logs from Cloudflare" - }, - { - "dataset": "gateway_dns", - "index_pattern": "logs-cloudflare_logpush.gateway_dns-*", - "title": "Collect Gateway DNS logs from Cloudflare" - }, - { - "dataset": "dns_firewall", - "index_pattern": "logs-cloudflare_logpush.dns_firewall-*", - "title": "Collect DNS Firewall logs from Cloudflare" - }, - { - "dataset": "sinkhole_http", - "index_pattern": "logs-cloudflare_logpush.sinkhole_http-*", - "title": "Collect Sinkhole HTTP logs from Cloudflare" - }, - { - "dataset": "firewall_event", - "index_pattern": "logs-cloudflare_logpush.firewall_event-*", - "title": "Collect Firewall Event logs from Cloudflare" - }, - { - "dataset": "gateway_network", - "index_pattern": "logs-cloudflare_logpush.gateway_network-*", - "title": "Collect Gateway Network logs from Cloudflare" - } - ], - "elser_embedding": "Cloudflare Logpush - Collect and parse logs from Cloudflare API with Elastic Agent. - Collect HTTP Request logs from Cloudflare Collect Access Request logs from Cloudflare Collect Zero Trust Network Session logs from Cloudflare Collect Spectrum Event logs from Cloudflare Collect Gateway HTTP logs from Cloudflare Collect CASB Findings logs from Cloudflare Collect Magic IDS logs from Cloudflare Collect Workers Trace Event logs from Cloudflare Collect Audit logs from Cloudflare Collect NEL Report logs from Cloudflare Collect Network Analytics logs from Cloudflare Collect DNS logs from Cloudflare Collect Device Posture Results logs from Cloudflare Collect Gateway DNS logs from Cloudflare Collect DNS Firewall logs from Cloudflare Collect Sinkhole HTTP logs from Cloudflare Collect Firewall Event logs from Cloudflare Collect Gateway Network logs from Cloudflare" - }, - { - "title": "Microsoft DHCP", - "id": "microsoft_dhcp", - "description": "Collect logs from Microsoft DHCP with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-microsoft_dhcp.log-*", - "title": "Microsoft DHCP Logs" - } - ], - "elser_embedding": "Microsoft DHCP - Collect logs from Microsoft DHCP with Elastic Agent. - Microsoft DHCP Logs" - }, - { - "title": "Netskope", - "id": "netskope", - "description": "Collect logs from Netskope with Elastic Agent.", - "data_streams": [ - { - "dataset": "alerts", - "index_pattern": "logs-netskope.alerts-*", - "title": "Alerts" - }, - { - "dataset": "events", - "index_pattern": "logs-netskope.events-*", - "title": "Events" - } - ], - "elser_embedding": "Netskope - Collect logs from Netskope with Elastic Agent. - Alerts Events" - }, - { - "title": "Suricata", - "id": "suricata", - "description": "Collect logs from Suricata with Elastic Agent.", - "data_streams": [ - { - "dataset": "eve", - "index_pattern": "logs-suricata.eve-*", - "title": "Suricata eve logs" - } - ], - "elser_embedding": "Suricata - Collect logs from Suricata with Elastic Agent. - Suricata eve logs" - }, - { - "title": "Custom Azure Logs", - "id": "azure_logs", - "description": "Collect log events from Azure Event Hubs with Elastic Agent", - "data_streams": [], - "elser_embedding": "Custom Azure Logs - Collect log events from Azure Event Hubs with Elastic Agent - " - }, - { - "title": "Zscaler Private Access", - "id": "zscaler_zpa", - "description": "Collect logs from Zscaler Private Access (ZPA) with Elastic Agent.", - "data_streams": [ - { - "dataset": "browser_access", - "index_pattern": "logs-zscaler_zpa.browser_access-*", - "title": "Browser Access Logs" - }, - { - "dataset": "app_connector_status", - "index_pattern": "logs-zscaler_zpa.app_connector_status-*", - "title": "App Connector Status Logs" - }, - { - "dataset": "user_status", - "index_pattern": "logs-zscaler_zpa.user_status-*", - "title": "User Status Logs" - }, - { - "dataset": "audit", - "index_pattern": "logs-zscaler_zpa.audit-*", - "title": "Audit Logs" - }, - { - "dataset": "user_activity", - "index_pattern": "logs-zscaler_zpa.user_activity-*", - "title": "User Activity Logs" - } - ], - "elser_embedding": "Zscaler Private Access - Collect logs from Zscaler Private Access (ZPA) with Elastic Agent. - Browser Access Logs App Connector Status Logs User Status Logs Audit Logs User Activity Logs" - }, - { - "title": "Cisco Aironet", - "id": "cisco_aironet", - "description": "Integration for Cisco Aironet WLC Logs", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-cisco_aironet.log-*", - "title": "Cisco Aironet logs" - } - ], - "elser_embedding": "Cisco Aironet - Integration for Cisco Aironet WLC Logs - Cisco Aironet logs" - }, - { - "title": "Collective Intelligence Framework v3", - "id": "ti_cif3", - "description": "Ingest threat indicators from a Collective Intelligence Framework v3 instance with Elastic Agent.", - "data_streams": [ - { - "dataset": "feed", - "index_pattern": "logs-ti_cif3.feed-*", - "title": "CIFv3 Feed" - } - ], - "elser_embedding": "Collective Intelligence Framework v3 - Ingest threat indicators from a Collective Intelligence Framework v3 instance with Elastic Agent. - CIFv3 Feed" - }, - { - "title": "Bitwarden", - "id": "bitwarden", - "description": "Collect logs from Bitwarden with Elastic Agent.", - "data_streams": [ - { - "dataset": "group", - "index_pattern": "logs-bitwarden.group-*", - "title": "Collect Group logs from Bitwarden" - }, - { - "dataset": "policy", - "index_pattern": "logs-bitwarden.policy-*", - "title": "Collect Policy logs from Bitwarden" - }, - { - "dataset": "member", - "index_pattern": "logs-bitwarden.member-*", - "title": "Collect Member logs from Bitwarden" - }, - { - "dataset": "event", - "index_pattern": "logs-bitwarden.event-*", - "title": "Collect Event logs from Bitwarden" - }, - { - "dataset": "collection", - "index_pattern": "logs-bitwarden.collection-*", - "title": "Collect Collection logs from Bitwarden" - } - ], - "elser_embedding": "Bitwarden - Collect logs from Bitwarden with Elastic Agent. - Collect Group logs from Bitwarden Collect Policy logs from Bitwarden Collect Member logs from Bitwarden Collect Event logs from Bitwarden Collect Collection logs from Bitwarden" - }, - { - "title": "Kibana", - "id": "kibana", - "description": "Collect logs and metrics from Kibana with Elastic Agent.", - "data_streams": [ - { - "dataset": "node_actions", - "index_pattern": "logs-kibana.node_actions-*", - "title": "Kibana node_actions metrics" - }, - { - "dataset": "stats", - "index_pattern": "logs-kibana.stats-*", - "title": "Kibana stats metrics" - }, - { - "dataset": "audit", - "index_pattern": "logs-kibana.audit-*", - "title": "kibana audit logs" - }, - { - "dataset": "task_manager_metrics", - "index_pattern": "logs-kibana.task_manager_metrics-*", - "title": "Kibana task manager metrics" - }, - { - "dataset": "cluster_rules", - "index_pattern": "logs-kibana.cluster_rules-*", - "title": "Kibana cluster_rules metrics" - }, - { - "dataset": "background_task_utilization", - "index_pattern": "logs-kibana.background_task_utilization-*", - "title": "Kibana background task utilization metrics" - }, - { - "dataset": "log", - "index_pattern": "logs-kibana.log-*", - "title": "Kibana logs" - }, - { - "dataset": "node_rules", - "index_pattern": "logs-kibana.node_rules-*", - "title": "Kibana node_rules metrics" - }, - { - "dataset": "status", - "index_pattern": "logs-kibana.status-*", - "title": "Kibana status metrics" - }, - { - "dataset": "cluster_actions", - "index_pattern": "logs-kibana.cluster_actions-*", - "title": "Kibana cluster_actions metrics" - } - ], - "elser_embedding": "Kibana - Collect logs and metrics from Kibana with Elastic Agent. - Kibana node_actions metrics Kibana stats metrics kibana audit logs Kibana task manager metrics Kibana cluster_rules metrics Kibana background task utilization metrics Kibana logs Kibana node_rules metrics Kibana status metrics Kibana cluster_actions metrics" - }, - { - "title": "Digital Guardian", - "id": "digital_guardian", - "description": "Collect logs from Digital Guardian with Elastic Agent.", - "data_streams": [ - { - "dataset": "arc", - "index_pattern": "logs-digital_guardian.arc-*", - "title": "Digital Guardian ARC Logs" - } - ], - "elser_embedding": "Digital Guardian - Collect logs from Digital Guardian with Elastic Agent. - Digital Guardian ARC Logs" - }, - { - "title": "MySQL", - "id": "mysql", - "description": "Collect logs and metrics from MySQL servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "performance", - "index_pattern": "logs-mysql.performance-*", - "title": "MySQL performance metrics" - }, - { - "dataset": "error", - "index_pattern": "logs-mysql.error-*", - "title": "MySQL error logs" - }, - { - "dataset": "slowlog", - "index_pattern": "logs-mysql.slowlog-*", - "title": "MySQL slowlog logs" - }, - { - "dataset": "galera_status", - "index_pattern": "logs-mysql.galera_status-*", - "title": "MySQL galera_status metrics" - }, - { - "dataset": "replica_status", - "index_pattern": "logs-mysql.replica_status-*", - "title": "Collect replica status metrics from mysql" - }, - { - "dataset": "status", - "index_pattern": "logs-mysql.status-*", - "title": "MySQL status metrics" - } - ], - "elser_embedding": "MySQL - Collect logs and metrics from MySQL servers with Elastic Agent. - MySQL performance metrics MySQL error logs MySQL slowlog logs MySQL galera_status metrics Collect replica status metrics from mysql MySQL status metrics" - }, - { - "title": "CISA Known Exploited Vulnerabilities", - "id": "cisa_kevs", - "description": "This package allows the ingest of known exploited vulnerabilities according to the Cybersecurity and Infrastructure Security Agency of the United States of America. This information could be used to enrich or track exisiting vulnerabilities that are known to be exploited in the wild.", - "data_streams": [ - { - "dataset": "vulnerability", - "index_pattern": "logs-cisa_kevs.vulnerability-*", - "title": "CISA Known Exploited Vulnerabilities List" - } - ], - "elser_embedding": "CISA Known Exploited Vulnerabilities - This package allows the ingest of known exploited vulnerabilities according to the Cybersecurity and Infrastructure Security Agency of the United States of America. This information could be used to enrich or track exisiting vulnerabilities that are known to be exploited in the wild. - CISA Known Exploited Vulnerabilities List" - }, - { - "title": "StormShield SNS", - "id": "stormshield", - "description": "Stormshield SNS integration.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-stormshield.log-*", - "title": "StormShield SNS logs" - } - ], - "elser_embedding": "StormShield SNS - Stormshield SNS integration. - StormShield SNS logs" - }, - { - "title": "1Password", - "id": "1password", - "description": "Collect logs from 1Password with Elastic Agent.", - "data_streams": [ - { - "dataset": "item_usages", - "index_pattern": "logs-1password.item_usages-*", - "title": "Collect 1Password item usages events" - }, - { - "dataset": "signin_attempts", - "index_pattern": "logs-1password.signin_attempts-*", - "title": "1Password sign-in attempt events" - }, - { - "dataset": "audit_events", - "index_pattern": "logs-1password.audit_events-*", - "title": "Collect 1Password audit events" - } - ], - "elser_embedding": "1Password - Collect logs from 1Password with Elastic Agent. - Collect 1Password item usages events 1Password sign-in attempt events Collect 1Password audit events" - }, - { - "title": "Azure Network Watcher NSG", - "id": "azure_network_watcher_nsg", - "description": "Collect logs from Azure Network Watcher NSG with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-azure_network_watcher_nsg.log-*", - "title": "Collect NSG logs from Azure Network Watcher" - } - ], - "elser_embedding": "Azure Network Watcher NSG - Collect logs from Azure Network Watcher NSG with Elastic Agent. - Collect NSG logs from Azure Network Watcher" - }, - { - "title": "WebSphere Application Server", - "id": "websphere_application_server", - "description": "Collects metrics from IBM WebSphere Application Server with Elastic Agent.", - "data_streams": [ - { - "dataset": "threadpool", - "index_pattern": "logs-websphere_application_server.threadpool-*", - "title": "ThreadPool metrics" - }, - { - "dataset": "servlet", - "index_pattern": "logs-websphere_application_server.servlet-*", - "title": "Servlet metrics" - }, - { - "dataset": "session_manager", - "index_pattern": "logs-websphere_application_server.session_manager-*", - "title": "Session Manager metrics" - }, - { - "dataset": "jdbc", - "index_pattern": "logs-websphere_application_server.jdbc-*", - "title": "JDBC metrics" - } - ], - "elser_embedding": "WebSphere Application Server - Collects metrics from IBM WebSphere Application Server with Elastic Agent. - ThreadPool metrics Servlet metrics Session Manager metrics JDBC metrics" - }, - { - "title": "GitLab", - "id": "gitlab", - "description": "Collect logs from GitLab with Elastic Agent.", - "data_streams": [ - { - "dataset": "sidekiq", - "index_pattern": "logs-gitlab.sidekiq-*", - "title": "GitLab Sidekiq logs" - }, - { - "dataset": "audit", - "index_pattern": "logs-gitlab.audit-*", - "title": "Audit" - }, - { - "dataset": "auth", - "index_pattern": "logs-gitlab.auth-*", - "title": "Auth" - }, - { - "dataset": "application", - "index_pattern": "logs-gitlab.application-*", - "title": "Application" - }, - { - "dataset": "pages", - "index_pattern": "logs-gitlab.pages-*", - "title": "GitLab Pages logs" - }, - { - "dataset": "production", - "index_pattern": "logs-gitlab.production-*", - "title": "GitLab Production logs" - }, - { - "dataset": "api", - "index_pattern": "logs-gitlab.api-*", - "title": "GitLab API logs" - } - ], - "elser_embedding": "GitLab - Collect logs from GitLab with Elastic Agent. - GitLab Sidekiq logs Audit Auth Application GitLab Pages logs GitLab Production logs GitLab API logs" - }, - { - "title": "Custom Logs", - "id": "log", - "description": "Collect custom logs with Elastic Agent.", - "data_streams": [], - "elser_embedding": "Custom Logs - Collect custom logs with Elastic Agent. - " - }, - { - "title": "Tenable Vulnerability Management", - "id": "tenable_io", - "description": "Collect logs from Tenable Vulnerability Management with Elastic Agent.", - "data_streams": [ - { - "dataset": "plugin", - "index_pattern": "logs-tenable_io.plugin-*", - "title": "Collect Plugin logs from Tenable Vulnerability Management" - }, - { - "dataset": "vulnerability", - "index_pattern": "logs-tenable_io.vulnerability-*", - "title": "Collect Vulnerability logs from Tenable Vulnerability Management" - }, - { - "dataset": "scan", - "index_pattern": "logs-tenable_io.scan-*", - "title": "Collect Scan logs from Tenable Vulnerability Management" - }, - { - "dataset": "asset", - "index_pattern": "logs-tenable_io.asset-*", - "title": "Collect Asset data from Tenable Vulnerability Management" - } - ], - "elser_embedding": "Tenable Vulnerability Management - Collect logs from Tenable Vulnerability Management with Elastic Agent. - Collect Plugin logs from Tenable Vulnerability Management Collect Vulnerability logs from Tenable Vulnerability Management Collect Scan logs from Tenable Vulnerability Management Collect Asset data from Tenable Vulnerability Management" - }, - { - "title": "Falco", - "id": "falco", - "description": "Collect events and alerts from Falco using Elastic Agent", - "data_streams": [ - { - "dataset": "alerts", - "index_pattern": "logs-falco.alerts-*", - "title": "Falco Alerts" - } - ], - "elser_embedding": "Falco - Collect events and alerts from Falco using Elastic Agent - Falco Alerts" - }, - { - "title": "Docker", - "id": "docker", - "description": "Collect metrics and logs from Docker instances with Elastic Agent.", - "data_streams": [ - { - "dataset": "memory", - "index_pattern": "logs-docker.memory-*", - "title": "Docker memory metrics" - }, - { - "dataset": "network", - "index_pattern": "logs-docker.network-*", - "title": "Docker network metrics" - }, - { - "dataset": "image", - "index_pattern": "logs-docker.image-*", - "title": "Docker image metrics" - }, - { - "dataset": "container", - "index_pattern": "logs-docker.container-*", - "title": "Docker container metrics" - }, - { - "dataset": "info", - "index_pattern": "logs-docker.info-*", - "title": "Docker info metrics" - }, - { - "dataset": "container_logs", - "index_pattern": "logs-docker.container_logs-*", - "title": "Docker container logs" - }, - { - "dataset": "diskio", - "index_pattern": "logs-docker.diskio-*", - "title": "Docker diskio metrics" - }, - { - "dataset": "event", - "index_pattern": "logs-docker.event-*", - "title": "Docker event metrics" - }, - { - "dataset": "healthcheck", - "index_pattern": "logs-docker.healthcheck-*", - "title": "Docker healthcheck metrics" - }, - { - "dataset": "cpu", - "index_pattern": "logs-docker.cpu-*", - "title": "Docker cpu metrics" - } - ], - "elser_embedding": "Docker - Collect metrics and logs from Docker instances with Elastic Agent. - Docker memory metrics Docker network metrics Docker image metrics Docker container metrics Docker info metrics Docker container logs Docker diskio metrics Docker event metrics Docker healthcheck metrics Docker cpu metrics" - }, - { - "title": "Elastic Synthetics Dashboards", - "id": "synthetics_dashboards", - "description": "Explore Elastic Synthetics metrics with these dashboards.", - "data_streams": [], - "elser_embedding": "Elastic Synthetics Dashboards - Explore Elastic Synthetics metrics with these dashboards. - " - }, - { - "title": "Azure Billing Metrics", - "id": "azure_billing", - "description": "Collect billing metrics with Elastic Agent.", - "data_streams": [ - { - "dataset": "billing", - "index_pattern": "logs-azure_billing.billing-*", - "title": "Azure Billing Metrics" - } - ], - "elser_embedding": "Azure Billing Metrics - Collect billing metrics with Elastic Agent. - Azure Billing Metrics" - }, - { - "title": "Couchbase", - "id": "couchbase", - "description": "Collect metrics from Couchbase databases with Elastic Agent.", - "data_streams": [ - { - "dataset": "cache", - "index_pattern": "logs-couchbase.cache-*", - "title": "Couchbase Sync Gateway Cache metrics." - }, - { - "dataset": "cbl_replication", - "index_pattern": "logs-couchbase.cbl_replication-*", - "title": "Couchbase Sync Gateway CBL Replications metrics" - }, - { - "dataset": "query_index", - "index_pattern": "logs-couchbase.query_index-*", - "title": "Query Index metrics" - }, - { - "dataset": "xdcr", - "index_pattern": "logs-couchbase.xdcr-*", - "title": "Couchbase XDCR Metrics" - }, - { - "dataset": "miscellaneous", - "index_pattern": "logs-couchbase.miscellaneous-*", - "title": "Couchbase Sync Gateway Delta Sync, Import, Security and GSI views metrics." - }, - { - "dataset": "node", - "index_pattern": "logs-couchbase.node-*", - "title": "Node metrics" - }, - { - "dataset": "resource", - "index_pattern": "logs-couchbase.resource-*", - "title": "Couchbase Sync Gateway Resource Utilization metrics." - }, - { - "dataset": "bucket", - "index_pattern": "logs-couchbase.bucket-*", - "title": "Couchbase bucket metrics" - }, - { - "dataset": "cluster", - "index_pattern": "logs-couchbase.cluster-*", - "title": "Couchbase cluster metrics" - }, - { - "dataset": "database_stats", - "index_pattern": "logs-couchbase.database_stats-*", - "title": "Couchbase Sync Gateway Database Stats metrics." - } - ], - "elser_embedding": "Couchbase - Collect metrics from Couchbase databases with Elastic Agent. - Couchbase Sync Gateway Cache metrics. Couchbase Sync Gateway CBL Replications metrics Query Index metrics Couchbase XDCR Metrics Couchbase Sync Gateway Delta Sync, Import, Security and GSI views metrics. Node metrics Couchbase Sync Gateway Resource Utilization metrics. Couchbase bucket metrics Couchbase cluster metrics Couchbase Sync Gateway Database Stats metrics." - }, - { - "title": "VMware Carbon Black Cloud", - "id": "carbon_black_cloud", - "description": "Collect logs from VMWare Carbon Black Cloud with Elastic Agent.", - "data_streams": [ - { - "dataset": "watchlist_hit", - "index_pattern": "logs-carbon_black_cloud.watchlist_hit-*", - "title": "Watchlist Hit" - }, - { - "dataset": "asset_vulnerability_summary", - "index_pattern": "logs-carbon_black_cloud.asset_vulnerability_summary-*", - "title": "Asset Vulnerability Summary" - }, - { - "dataset": "endpoint_event", - "index_pattern": "logs-carbon_black_cloud.endpoint_event-*", - "title": "Endpoint Event" - }, - { - "dataset": "audit", - "index_pattern": "logs-carbon_black_cloud.audit-*", - "title": "Audit" - }, - { - "dataset": "alert", - "index_pattern": "logs-carbon_black_cloud.alert-*", - "title": "Alert" - }, - { - "dataset": "alert_v7", - "index_pattern": "logs-carbon_black_cloud.alert_v7-*", - "title": "Alert V7" - } - ], - "elser_embedding": "VMware Carbon Black Cloud - Collect logs from VMWare Carbon Black Cloud with Elastic Agent. - Watchlist Hit Asset Vulnerability Summary Endpoint Event Audit Alert Alert V7" - }, - { - "title": "Universal Profiling Symbolizer", - "id": "profiler_symbolizer", - "description": "Fleet-wide, whole-system, continuous profiling with zero instrumentation.", - "data_streams": [], - "elser_embedding": "Universal Profiling Symbolizer - Fleet-wide, whole-system, continuous profiling with zero instrumentation. - " - }, - { - "title": "Fortinet FortiProxy", - "id": "fortinet_fortiproxy", - "description": "Collect logs from Fortinet FortiProxy with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-fortinet_fortiproxy.log-*", - "title": "Collect logs from Fortinet FortiProxy" - } - ], - "elser_embedding": "Fortinet FortiProxy - Collect logs from Fortinet FortiProxy with Elastic Agent. - Collect logs from Fortinet FortiProxy" - }, - { - "title": "MongoDB Atlas", - "id": "mongodb_atlas", - "description": "This Elastic integration collects logs and metrics from MongoDB Atlas instance.", - "data_streams": [ - { - "dataset": "mongod_database", - "index_pattern": "logs-mongodb_atlas.mongod_database-*", - "title": "Collect Mongod Database logs from MongoDB Atlas" - }, - { - "dataset": "disk", - "index_pattern": "logs-mongodb_atlas.disk-*", - "title": "Collect Disk metrics from MongoDB Atlas" - }, - { - "dataset": "project", - "index_pattern": "logs-mongodb_atlas.project-*", - "title": "Collect Project logs from MongoDB Atlas" - }, - { - "dataset": "process", - "index_pattern": "logs-mongodb_atlas.process-*", - "title": "Collect Process metrics from MongoDB Atlas" - }, - { - "dataset": "alert", - "index_pattern": "logs-mongodb_atlas.alert-*", - "title": "Collect Alert logs from MongoDB Atlas" - }, - { - "dataset": "mongod_audit", - "index_pattern": "logs-mongodb_atlas.mongod_audit-*", - "title": "Collect Mongod Audit logs from MongoDB Atlas" - }, - { - "dataset": "organization", - "index_pattern": "logs-mongodb_atlas.organization-*", - "title": "Collect Organization logs from MongoDB Atlas" - }, - { - "dataset": "hardware", - "index_pattern": "logs-mongodb_atlas.hardware-*", - "title": "Collect Hardware metrics from MongoDB Atlas" - } - ], - "elser_embedding": "MongoDB Atlas - This Elastic integration collects logs and metrics from MongoDB Atlas instance. - Collect Mongod Database logs from MongoDB Atlas Collect Disk metrics from MongoDB Atlas Collect Project logs from MongoDB Atlas Collect Process metrics from MongoDB Atlas Collect Alert logs from MongoDB Atlas Collect Mongod Audit logs from MongoDB Atlas Collect Organization logs from MongoDB Atlas Collect Hardware metrics from MongoDB Atlas" - }, - { - "title": "Zero Networks", - "id": "zeronetworks", - "description": "Zero Networks Logs integration", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-zeronetworks.audit-*", - "title": "Zero Networks Audit Logs" - } - ], - "elser_embedding": "Zero Networks - Zero Networks Logs integration - Zero Networks Audit Logs" - }, - { - "title": "CockroachDB Metrics", - "id": "cockroachdb", - "description": "Collect metrics from CockroachDB servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "status", - "index_pattern": "logs-cockroachdb.status-*", - "title": "Status" - } - ], - "elser_embedding": "CockroachDB Metrics - Collect metrics from CockroachDB servers with Elastic Agent. - Status" - }, - { - "title": "Microsoft Exchange Server", - "id": "microsoft_exchange_server", - "description": "Collect logs from Microsoft Exchange Server with Elastic Agent.", - "data_streams": [ - { - "dataset": "imap4_pop3", - "index_pattern": "logs-microsoft_exchange_server.imap4_pop3-*", - "title": "Exchange Server IMAP4 POP3" - }, - { - "dataset": "httpproxy", - "index_pattern": "logs-microsoft_exchange_server.httpproxy-*", - "title": "Exchange HTTPProxy" - }, - { - "dataset": "smtp", - "index_pattern": "logs-microsoft_exchange_server.smtp-*", - "title": "Exchange SMTP" - }, - { - "dataset": "messagetracking", - "index_pattern": "logs-microsoft_exchange_server.messagetracking-*", - "title": "Exchange Messagetracking" - } - ], - "elser_embedding": "Microsoft Exchange Server - Collect logs from Microsoft Exchange Server with Elastic Agent. - Exchange Server IMAP4 POP3 Exchange HTTPProxy Exchange SMTP Exchange Messagetracking" - }, - { - "title": "Cisco Secure Email Gateway", - "id": "cisco_secure_email_gateway", - "description": "Collect logs from Cisco Secure Email Gateway with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-cisco_secure_email_gateway.log-*", - "title": "Cisco Secure Email Gateway logs" - } - ], - "elser_embedding": "Cisco Secure Email Gateway - Collect logs from Cisco Secure Email Gateway with Elastic Agent. - Cisco Secure Email Gateway logs" - }, - { - "title": "Prometheus Input", - "id": "prometheus_input", - "description": "Collects metrics from Prometheus exporter.", - "data_streams": [], - "elser_embedding": "Prometheus Input - Collects metrics from Prometheus exporter. - " - }, - { - "title": "PingOne", - "id": "ping_one", - "description": "Collect logs from PingOne with Elastic-Agent.", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-ping_one.audit-*", - "title": "Collect Audit logs from PingOne" - } - ], - "elser_embedding": "PingOne - Collect logs from PingOne with Elastic-Agent. - Collect Audit logs from PingOne" - }, - { - "title": "Squid Proxy", - "id": "squid", - "description": "Collect and parse logs from Squid devices with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-squid.log-*", - "title": "Squid logs" - } - ], - "elser_embedding": "Squid Proxy - Collect and parse logs from Squid devices with Elastic Agent. - Squid logs" - }, - { - "title": "Zoom", - "id": "zoom", - "description": "Collect logs from Zoom with Elastic Agent.", - "data_streams": [ - { - "dataset": "webhook", - "index_pattern": "logs-zoom.webhook-*", - "title": "Zoom webhook logs" - } - ], - "elser_embedding": "Zoom - Collect logs from Zoom with Elastic Agent. - Zoom webhook logs" - }, - { - "title": "Auth0", - "id": "auth0", - "description": "Collect logs from Auth0 with Elastic Agent.", - "data_streams": [ - { - "dataset": "logs", - "index_pattern": "logs-auth0.logs-*", - "title": "Auth0 logs" - } - ], - "elser_embedding": "Auth0 - Collect logs from Auth0 with Elastic Agent. - Auth0 logs" - }, - { - "title": "Tomcat NetWitness Logs", - "id": "tomcat", - "description": "Collect and parse logs from Apache Tomcat servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-tomcat.log-*", - "title": "Apache Tomcat logs" - } - ], - "elser_embedding": "Tomcat NetWitness Logs - Collect and parse logs from Apache Tomcat servers with Elastic Agent. - Apache Tomcat logs" - }, - { - "title": "Auditd Logs", - "id": "auditd", - "description": "Collect logs from Linux audit daemon with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-auditd.log-*", - "title": "Auditd logs" - } - ], - "elser_embedding": "Auditd Logs - Collect logs from Linux audit daemon with Elastic Agent. - Auditd logs" - }, - { - "title": "SQL Input", - "id": "sql", - "description": "Collects Metrics by Quering on SQL Databases", - "data_streams": [], - "elser_embedding": "SQL Input - Collects Metrics by Quering on SQL Databases - " - }, - { - "title": "Azure Frontdoor", - "id": "azure_frontdoor", - "description": "This Elastic integration collects logs from Azure Frontdoor.", - "data_streams": [ - { - "dataset": "access", - "index_pattern": "logs-azure_frontdoor.access-*", - "title": "FrontDoor Access" - }, - { - "dataset": "waf", - "index_pattern": "logs-azure_frontdoor.waf-*", - "title": "FrontDoor WAF" - } - ], - "elser_embedding": "Azure Frontdoor - This Elastic integration collects logs from Azure Frontdoor. - FrontDoor Access FrontDoor WAF" - }, - { - "title": "Amazon Data Firehose", - "id": "awsfirehose", - "description": "Stream logs and metrics from Amazon Data Firehose into Elastic Cloud.", - "data_streams": [ - { - "dataset": "logs", - "index_pattern": "logs-awsfirehose.logs-*", - "title": "Logs from Amazon Data Firehose" - }, - { - "dataset": "metrics", - "index_pattern": "logs-awsfirehose.metrics-*", - "title": "Metrics ingested from Amazon Data Firehose" - } - ], - "elser_embedding": "Amazon Data Firehose - Stream logs and metrics from Amazon Data Firehose into Elastic Cloud. - Logs from Amazon Data Firehose Metrics ingested from Amazon Data Firehose" - }, - { - "title": "Zscaler Internet Access", - "id": "zscaler_zia", - "description": "Collect logs from Zscaler Internet Access (ZIA) with Elastic Agent.", - "data_streams": [ - { - "dataset": "sandbox_report", - "index_pattern": "logs-zscaler_zia.sandbox_report-*", - "title": "Sandbox Report Logs" - }, - { - "dataset": "tunnel", - "index_pattern": "logs-zscaler_zia.tunnel-*", - "title": "Tunnel Logs" - }, - { - "dataset": "audit", - "index_pattern": "logs-zscaler_zia.audit-*", - "title": "Audit Logs" - }, - { - "dataset": "dns", - "index_pattern": "logs-zscaler_zia.dns-*", - "title": "DNS logs" - }, - { - "dataset": "web", - "index_pattern": "logs-zscaler_zia.web-*", - "title": "Web Logs" - }, - { - "dataset": "endpoint_dlp", - "index_pattern": "logs-zscaler_zia.endpoint_dlp-*", - "title": "Endpoint DLP Logs" - }, - { - "dataset": "alerts", - "index_pattern": "logs-zscaler_zia.alerts-*", - "title": "Alerts" - }, - { - "dataset": "firewall", - "index_pattern": "logs-zscaler_zia.firewall-*", - "title": "Firewall Logs" - } - ], - "elser_embedding": "Zscaler Internet Access - Collect logs from Zscaler Internet Access (ZIA) with Elastic Agent. - Sandbox Report Logs Tunnel Logs Audit Logs DNS logs Web Logs Endpoint DLP Logs Alerts Firewall Logs" - }, - { - "title": "Broadcom ProxySG", - "id": "proxysg", - "description": "Collect access logs from Broadcom ProxySG with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-proxysg.log-*", - "title": "ProxySG Access Logs" - } - ], - "elser_embedding": "Broadcom ProxySG - Collect access logs from Broadcom ProxySG with Elastic Agent. - ProxySG Access Logs" - }, - { - "title": "Juniper SRX", - "id": "juniper_srx", - "description": "Collect logs from Juniper SRX devices with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-juniper_srx.log-*", - "title": "Juniper SRX logs" - } - ], - "elser_embedding": "Juniper SRX - Collect logs from Juniper SRX devices with Elastic Agent. - Juniper SRX logs" - }, - { - "title": "ServiceNow", - "id": "servicenow", - "description": "Collect logs from ServiceNow with Elastic Agent.", - "data_streams": [ - { - "dataset": "event", - "index_pattern": "logs-servicenow.event-*", - "title": "Event" - } - ], - "elser_embedding": "ServiceNow - Collect logs from ServiceNow with Elastic Agent. - Event" - }, - { - "title": "Defend for Containers", - "id": "cloud_defend", - "description": "Elastic Defend for Containers (BETA) provides cloud-native runtime protections for containerized environments.", - "data_streams": [ - { - "dataset": "heartbeat", - "index_pattern": "logs-cloud_defend.heartbeat-*", - "title": "Cloud Defend Liveness Heartbeat" - }, - { - "dataset": "file", - "index_pattern": "logs-cloud_defend.file-*", - "title": "File telemetry" - }, - { - "dataset": "process", - "index_pattern": "logs-cloud_defend.process-*", - "title": "Process telemetry" - }, - { - "dataset": "metrics", - "index_pattern": "logs-cloud_defend.metrics-*", - "title": "Cloud defend metrics" - }, - { - "dataset": "alerts", - "index_pattern": "logs-cloud_defend.alerts-*", - "title": "alerts" - } - ], - "elser_embedding": "Defend for Containers - Elastic Defend for Containers (BETA) provides cloud-native runtime protections for containerized environments. - Cloud Defend Liveness Heartbeat File telemetry Process telemetry Cloud defend metrics alerts" - }, - { - "title": "authentik", - "id": "authentik", - "description": "Collect logs from authentik with Elastic Agent.", - "data_streams": [ - { - "dataset": "group", - "index_pattern": "logs-authentik.group-*", - "title": "authentik group logs" - }, - { - "dataset": "event", - "index_pattern": "logs-authentik.event-*", - "title": "authentik event logs" - }, - { - "dataset": "user", - "index_pattern": "logs-authentik.user-*", - "title": "authentik user logs" - } - ], - "elser_embedding": "authentik - Collect logs from authentik with Elastic Agent. - authentik group logs authentik event logs authentik user logs" - }, - { - "title": "Wiz", - "id": "wiz", - "description": "Collect logs from Wiz with Elastic Agent.", - "data_streams": [ - { - "dataset": "issue", - "index_pattern": "logs-wiz.issue-*", - "title": "Collect Issue logs from Wiz." - }, - { - "dataset": "vulnerability", - "index_pattern": "logs-wiz.vulnerability-*", - "title": "Collect Vulnerability logs from Wiz." - }, - { - "dataset": "audit", - "index_pattern": "logs-wiz.audit-*", - "title": "Collect Audit logs from Wiz." - }, - { - "dataset": "cloud_configuration_finding", - "index_pattern": "logs-wiz.cloud_configuration_finding-*", - "title": "Collet Cloud Configuration Finding logs from Wiz." - } - ], - "elser_embedding": "Wiz - Collect logs from Wiz with Elastic Agent. - Collect Issue logs from Wiz. Collect Vulnerability logs from Wiz. Collect Audit logs from Wiz. Collet Cloud Configuration Finding logs from Wiz." - }, - { - "title": "Mattermost", - "id": "mattermost", - "description": "Collect logs from Mattermost with Elastic Agent.", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-mattermost.audit-*", - "title": "Audit Logs" - } - ], - "elser_embedding": "Mattermost - Collect logs from Mattermost with Elastic Agent. - Audit Logs" - }, - { - "title": "Teleport", - "id": "teleport", - "description": "Collect logs from Teleport with Elastic Agent.", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-teleport.audit-*", - "title": "Teleport audit logs" - } - ], - "elser_embedding": "Teleport - Collect logs from Teleport with Elastic Agent. - Teleport audit logs" - }, - { - "title": "Fleet Server", - "id": "fleet_server", - "description": "Centrally manage Elastic Agents with the Fleet Server integration.", - "data_streams": [ - { - "dataset": "agent_versions_metrics", - "index_pattern": "logs-fleet_server.agent_versions_metrics-*", - "title": "Fleet Agent Versions" - }, - { - "dataset": "agent_status_metrics", - "index_pattern": "logs-fleet_server.agent_status_metrics-*", - "title": "Fleet Agent Status" - }, - { - "dataset": "output_health_logs", - "index_pattern": "logs-fleet_server.output_health_logs-*", - "title": "Output Health" - } - ], - "elser_embedding": "Fleet Server - Centrally manage Elastic Agents with the Fleet Server integration. - Fleet Agent Versions Fleet Agent Status Output Health" - }, - { - "title": "Cisco Secure Endpoint", - "id": "cisco_secure_endpoint", - "description": "Collect logs from Cisco Secure Endpoint (AMP) with Elastic Agent.", - "data_streams": [ - { - "dataset": "event", - "index_pattern": "logs-cisco_secure_endpoint.event-*", - "title": "Cisco Secure Endpoint logs" - } - ], - "elser_embedding": "Cisco Secure Endpoint - Collect logs from Cisco Secure Endpoint (AMP) with Elastic Agent. - Cisco Secure Endpoint logs" - }, - { - "title": "Iptables", - "id": "iptables", - "description": "Collect logs from Iptables with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-iptables.log-*", - "title": "Iptables log logs" - } - ], - "elser_embedding": "Iptables - Collect logs from Iptables with Elastic Agent. - Iptables log logs" - }, - { - "title": "Google Workspace", - "id": "google_workspace", - "description": "Collect logs from Google Workspace with Elastic Agent.", - "data_streams": [ - { - "dataset": "user_accounts", - "index_pattern": "logs-google_workspace.user_accounts-*", - "title": "User accounts logs" - }, - { - "dataset": "device", - "index_pattern": "logs-google_workspace.device-*", - "title": "Device logs" - }, - { - "dataset": "admin", - "index_pattern": "logs-google_workspace.admin-*", - "title": "Admin logs" - }, - { - "dataset": "gcp", - "index_pattern": "logs-google_workspace.gcp-*", - "title": "GCP logs" - }, - { - "dataset": "group_enterprise", - "index_pattern": "logs-google_workspace.group_enterprise-*", - "title": "Group Enterprise logs" - }, - { - "dataset": "login", - "index_pattern": "logs-google_workspace.login-*", - "title": "Login logs" - }, - { - "dataset": "access_transparency", - "index_pattern": "logs-google_workspace.access_transparency-*", - "title": "Access Transparency logs" - }, - { - "dataset": "alert", - "index_pattern": "logs-google_workspace.alert-*", - "title": "Collect Alert logs from Google Workspace" - }, - { - "dataset": "context_aware_access", - "index_pattern": "logs-google_workspace.context_aware_access-*", - "title": "Context Aware Access logs" - }, - { - "dataset": "token", - "index_pattern": "logs-google_workspace.token-*", - "title": "Token logs" - }, - { - "dataset": "drive", - "index_pattern": "logs-google_workspace.drive-*", - "title": "Drive logs" - }, - { - "dataset": "groups", - "index_pattern": "logs-google_workspace.groups-*", - "title": "Groups logs" - }, - { - "dataset": "saml", - "index_pattern": "logs-google_workspace.saml-*", - "title": "SAML logs" - }, - { - "dataset": "rules", - "index_pattern": "logs-google_workspace.rules-*", - "title": "Rules logs" - } - ], - "elser_embedding": "Google Workspace - Collect logs from Google Workspace with Elastic Agent. - User accounts logs Device logs Admin logs GCP logs Group Enterprise logs Login logs Access Transparency logs Collect Alert logs from Google Workspace Context Aware Access logs Token logs Drive logs Groups logs SAML logs Rules logs" - }, - { - "title": "VMware Carbon Black EDR", - "id": "carbonblack_edr", - "description": "Collect logs from VMware Carbon Black EDR with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-carbonblack_edr.log-*", - "title": "Carbon Black EDR logs" - } - ], - "elser_embedding": "VMware Carbon Black EDR - Collect logs from VMware Carbon Black EDR with Elastic Agent. - Carbon Black EDR logs" - }, - { - "title": "Mimecast", - "id": "mimecast", - "description": "Collect logs from Mimecast with Elastic Agent.", - "data_streams": [ - { - "dataset": "dlp_logs", - "index_pattern": "logs-mimecast.dlp_logs-*", - "title": "DLP Mimecast Logs" - }, - { - "dataset": "ttp_url_logs", - "index_pattern": "logs-mimecast.ttp_url_logs-*", - "title": "TTP URL Logs" - }, - { - "dataset": "siem_logs", - "index_pattern": "logs-mimecast.siem_logs-*", - "title": "SIEM Mimecast Logs" - }, - { - "dataset": "message_release_logs", - "index_pattern": "logs-mimecast.message_release_logs-*", - "title": "Mimecast Message Release" - }, - { - "dataset": "ttp_ip_logs", - "index_pattern": "logs-mimecast.ttp_ip_logs-*", - "title": "TTP Impersonation Mimecast Logs" - }, - { - "dataset": "audit_events", - "index_pattern": "logs-mimecast.audit_events-*", - "title": "Audit Events Mimecast Logs" - }, - { - "dataset": "ttp_ap_logs", - "index_pattern": "logs-mimecast.ttp_ap_logs-*", - "title": "TTP Attachment Logs" - }, - { - "dataset": "archive_search_logs", - "index_pattern": "logs-mimecast.archive_search_logs-*", - "title": "Archive Search Mimecast Logs" - }, - { - "dataset": "threat_intel_malware_grid", - "index_pattern": "logs-mimecast.threat_intel_malware_grid-*", - "title": "Threat Intel Feed - Malware Grid" - }, - { - "dataset": "threat_intel_malware_customer", - "index_pattern": "logs-mimecast.threat_intel_malware_customer-*", - "title": "Threat Intel Feed - Malware Customer" - } - ], - "elser_embedding": "Mimecast - Collect logs from Mimecast with Elastic Agent. - DLP Mimecast Logs TTP URL Logs SIEM Mimecast Logs Mimecast Message Release TTP Impersonation Mimecast Logs Audit Events Mimecast Logs TTP Attachment Logs Archive Search Mimecast Logs Threat Intel Feed - Malware Grid Threat Intel Feed - Malware Customer" - }, - { - "title": "Oracle WebLogic", - "id": "oracle_weblogic", - "description": "Collect logs and metrics from Oracle WebLogic with Elastic Agent.", - "data_streams": [ - { - "dataset": "managed_server", - "index_pattern": "logs-oracle_weblogic.managed_server-*", - "title": "Managed Server logs" - }, - { - "dataset": "access", - "index_pattern": "logs-oracle_weblogic.access-*", - "title": "Access logs" - }, - { - "dataset": "threadpool", - "index_pattern": "logs-oracle_weblogic.threadpool-*", - "title": "Collect Oracle WebLogic ThreadPool metrics" - }, - { - "dataset": "deployed_application", - "index_pattern": "logs-oracle_weblogic.deployed_application-*", - "title": "Collect Oracle WebLogic Deployed Application metrics" - }, - { - "dataset": "admin_server", - "index_pattern": "logs-oracle_weblogic.admin_server-*", - "title": "Admin Server logs" - }, - { - "dataset": "domain", - "index_pattern": "logs-oracle_weblogic.domain-*", - "title": "Domain logs" - } - ], - "elser_embedding": "Oracle WebLogic - Collect logs and metrics from Oracle WebLogic with Elastic Agent. - Managed Server logs Access logs Collect Oracle WebLogic ThreadPool metrics Collect Oracle WebLogic Deployed Application metrics Admin Server logs Domain logs" - }, - { - "title": "System Audit", - "id": "system_audit", - "description": "Collect various logs & metrics from System Audit modules with Elastic Agent.", - "data_streams": [ - { - "dataset": "package", - "index_pattern": "logs-system_audit.package-*", - "title": "System Audit - [Package]" - } - ], - "elser_embedding": "System Audit - Collect various logs & metrics from System Audit modules with Elastic Agent. - System Audit - [Package]" - }, - { - "title": "Salesforce", - "id": "salesforce", - "description": "Collect logs from Salesforce instances using the Elastic Agent. This integration enables monitoring and analysis of various Salesforce logs, including Login, Logout, Setup Audit Trail, and Apex execution logs. Gain insights into user activity, security events, and application performance.\n", - "data_streams": [ - { - "dataset": "setupaudittrail", - "index_pattern": "logs-salesforce.setupaudittrail-*", - "title": "Salesforce setupaudittrail logs" - }, - { - "dataset": "login", - "index_pattern": "logs-salesforce.login-*", - "title": "Salesforce login logs" - }, - { - "dataset": "logout", - "index_pattern": "logs-salesforce.logout-*", - "title": "Salesforce logout logs" - }, - { - "dataset": "apex", - "index_pattern": "logs-salesforce.apex-*", - "title": "Salesforce Apex logs" - } - ], - "elser_embedding": "Salesforce - Collect logs from Salesforce instances using the Elastic Agent. This integration enables monitoring and analysis of various Salesforce logs, including Login, Logout, Setup Audit Trail, and Apex execution logs. Gain insights into user activity, security events, and application performance.\n - Salesforce setupaudittrail logs Salesforce login logs Salesforce logout logs Salesforce Apex logs" - }, - { - "title": "Azure Application Insights Metrics Overview", - "id": "azure_application_insights", - "description": "Collect application insights metrics from Azure Monitor with Elastic Agent.", - "data_streams": [ - { - "dataset": "app_insights", - "index_pattern": "logs-azure_application_insights.app_insights-*", - "title": "Azure Application Insights" - }, - { - "dataset": "app_state", - "index_pattern": "logs-azure_application_insights.app_state-*", - "title": "Azure Application State" - } - ], - "elser_embedding": "Azure Application Insights Metrics Overview - Collect application insights metrics from Azure Monitor with Elastic Agent. - Azure Application Insights Azure Application State" - }, - { - "title": "ForgeRock", - "id": "forgerock", - "description": "Collect audit logs from ForgeRock with Elastic Agent.", - "data_streams": [ - { - "dataset": "idm_sync", - "index_pattern": "logs-forgerock.idm_sync-*", - "title": "IDM-Sync audit logs" - }, - { - "dataset": "idm_core", - "index_pattern": "logs-forgerock.idm_core-*", - "title": "IDM-Core debug logs" - }, - { - "dataset": "am_access", - "index_pattern": "logs-forgerock.am_access-*", - "title": "AM-Access audit logs" - }, - { - "dataset": "idm_activity", - "index_pattern": "logs-forgerock.idm_activity-*", - "title": "IDM-Activity audit logs" - }, - { - "dataset": "idm_config", - "index_pattern": "logs-forgerock.idm_config-*", - "title": "IDM-Config audit logs" - }, - { - "dataset": "am_config", - "index_pattern": "logs-forgerock.am_config-*", - "title": "AM-Config audit logs" - }, - { - "dataset": "am_activity", - "index_pattern": "logs-forgerock.am_activity-*", - "title": "AM-Activity audit logs" - }, - { - "dataset": "am_authentication", - "index_pattern": "logs-forgerock.am_authentication-*", - "title": "AM-Authentication audit logs" - }, - { - "dataset": "idm_authentication", - "index_pattern": "logs-forgerock.idm_authentication-*", - "title": "IDM-Authentication audit logs" - }, - { - "dataset": "idm_access", - "index_pattern": "logs-forgerock.idm_access-*", - "title": "IDM-Access audit logs" - }, - { - "dataset": "am_core", - "index_pattern": "logs-forgerock.am_core-*", - "title": "AM-Core debug logs" - } - ], - "elser_embedding": "ForgeRock - Collect audit logs from ForgeRock with Elastic Agent. - IDM-Sync audit logs IDM-Core debug logs AM-Access audit logs IDM-Activity audit logs IDM-Config audit logs AM-Config audit logs AM-Activity audit logs AM-Authentication audit logs IDM-Authentication audit logs IDM-Access audit logs AM-Core debug logs" - }, - { - "title": "Tenable.sc", - "id": "tenable_sc", - "description": "Collect logs from Tenable.sc with Elastic Agent.\n", - "data_streams": [ - { - "dataset": "plugin", - "index_pattern": "logs-tenable_sc.plugin-*", - "title": "Tenable.sc plugin logs" - }, - { - "dataset": "vulnerability", - "index_pattern": "logs-tenable_sc.vulnerability-*", - "title": "Tenable.sc vulnerability logs" - }, - { - "dataset": "asset", - "index_pattern": "logs-tenable_sc.asset-*", - "title": "Tenable.sc asset logs" - } - ], - "elser_embedding": "Tenable.sc - Collect logs from Tenable.sc with Elastic Agent.\n - Tenable.sc plugin logs Tenable.sc vulnerability logs Tenable.sc asset logs" - }, - { - "title": "Cisco IOS", - "id": "cisco_ios", - "description": "Collect logs from Cisco IOS with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-cisco_ios.log-*", - "title": "Cisco IOS logs" - } - ], - "elser_embedding": "Cisco IOS - Collect logs from Cisco IOS with Elastic Agent. - Cisco IOS logs" - }, - { - "title": "ZooKeeper Metrics", - "id": "zookeeper", - "description": "Collect metrics from ZooKeeper service with Elastic Agent.", - "data_streams": [ - { - "dataset": "connection", - "index_pattern": "logs-zookeeper.connection-*", - "title": "ZooKeeper connection metrics" - }, - { - "dataset": "mntr", - "index_pattern": "logs-zookeeper.mntr-*", - "title": "ZooKeeper mntr metrics" - }, - { - "dataset": "server", - "index_pattern": "logs-zookeeper.server-*", - "title": "ZooKeeper server metrics" - } - ], - "elser_embedding": "ZooKeeper Metrics - Collect metrics from ZooKeeper service with Elastic Agent. - ZooKeeper connection metrics ZooKeeper mntr metrics ZooKeeper server metrics" - }, - { - "title": "Palo Alto Next-Gen Firewall", - "id": "panw", - "description": "Collect logs from Palo Alto next-gen firewalls with Elastic Agent.", - "data_streams": [ - { - "dataset": "panos", - "index_pattern": "logs-panw.panos-*", - "title": "Palo Alto Networks PAN-OS firewall logs" - } - ], - "elser_embedding": "Palo Alto Next-Gen Firewall - Collect logs from Palo Alto next-gen firewalls with Elastic Agent. - Palo Alto Networks PAN-OS firewall logs" - }, - { - "title": "Hadoop", - "id": "hadoop", - "description": "Collect metrics from Apache Hadoop with Elastic Agent.", - "data_streams": [ - { - "dataset": "namenode", - "index_pattern": "logs-hadoop.namenode-*", - "title": "NameNode Metrics" - }, - { - "dataset": "datanode", - "index_pattern": "logs-hadoop.datanode-*", - "title": "DataNode metrics" - }, - { - "dataset": "node_manager", - "index_pattern": "logs-hadoop.node_manager-*", - "title": "Node Manager metrics" - }, - { - "dataset": "application", - "index_pattern": "logs-hadoop.application-*", - "title": "Application metrics" - }, - { - "dataset": "cluster", - "index_pattern": "logs-hadoop.cluster-*", - "title": "Cluster metrics" - } - ], - "elser_embedding": "Hadoop - Collect metrics from Apache Hadoop with Elastic Agent. - NameNode Metrics DataNode metrics Node Manager metrics Application metrics Cluster metrics" - }, - { - "title": "InfluxDb", - "id": "influxdb", - "description": "Collect metrics from Influxdb database", - "data_streams": [ - { - "dataset": "advstatus", - "index_pattern": "logs-influxdb.advstatus-*", - "title": "InfluxDB database advanced status metrics" - }, - { - "dataset": "status", - "index_pattern": "logs-influxdb.status-*", - "title": "InfluxDB database status metrics" - } - ], - "elser_embedding": "InfluxDb - Collect metrics from Influxdb database - InfluxDB database advanced status metrics InfluxDB database status metrics" - }, - { - "title": "Sophos", - "id": "sophos", - "description": "Collect logs from Sophos with Elastic Agent.", - "data_streams": [ - { - "dataset": "xg", - "index_pattern": "logs-sophos.xg-*", - "title": "Sophos XG logs" - }, - { - "dataset": "utm", - "index_pattern": "logs-sophos.utm-*", - "title": "Sophos UTM logs" - } - ], - "elser_embedding": "Sophos - Collect logs from Sophos with Elastic Agent. - Sophos XG logs Sophos UTM logs" - }, - { - "title": "Menlo Security", - "id": "menlo", - "description": "Collect logs from Menlo Security products with Elastic Agent", - "data_streams": [ - { - "dataset": "dlp", - "index_pattern": "logs-menlo.dlp-*", - "title": "Collect Menlo DLP from Menlo Security API" - }, - { - "dataset": "web", - "index_pattern": "logs-menlo.web-*", - "title": "Collect Menlo Web from Menlo Security API" - } - ], - "elser_embedding": "Menlo Security - Collect logs from Menlo Security products with Elastic Agent - Collect Menlo DLP from Menlo Security API Collect Menlo Web from Menlo Security API" - }, - { - "title": "Barracuda Web Application Firewall", - "id": "barracuda", - "description": "Collect logs from Barracuda Web Application Firewall with Elastic Agent.", - "data_streams": [ - { - "dataset": "waf", - "index_pattern": "logs-barracuda.waf-*", - "title": "Barracuda WAF Logs" - } - ], - "elser_embedding": "Barracuda Web Application Firewall - Collect logs from Barracuda Web Application Firewall with Elastic Agent. - Barracuda WAF Logs" - }, - { - "title": "FireEye Network Security", - "id": "fireeye", - "description": "Collect logs from FireEye NX with Elastic Agent.", - "data_streams": [ - { - "dataset": "nx", - "index_pattern": "logs-fireeye.nx-*", - "title": "Fireeye NX" - } - ], - "elser_embedding": "FireEye Network Security - Collect logs from FireEye NX with Elastic Agent. - Fireeye NX" - }, - { - "title": "Tines", - "id": "tines", - "description": "Tines Logs & Time Saved Reports", - "data_streams": [ - { - "dataset": "time_saved", - "index_pattern": "logs-tines.time_saved-*", - "title": "Tines Time Saved Reports" - }, - { - "dataset": "audit_logs", - "index_pattern": "logs-tines.audit_logs-*", - "title": "Tines Audit Logs" - } - ], - "elser_embedding": "Tines - Tines Logs & Time Saved Reports - Tines Time Saved Reports Tines Audit Logs" - }, - { - "title": "Cisco Meraki Metrics", - "id": "cisco_meraki_metrics", - "description": "Collect metrics from Cisco Meraki with Elastic Agent.", - "data_streams": [ - { - "dataset": "device_health", - "index_pattern": "logs-cisco_meraki_metrics.device_health-*", - "title": "Cisco Meraki Device Health Metrics" - } - ], - "elser_embedding": "Cisco Meraki Metrics - Collect metrics from Cisco Meraki with Elastic Agent. - Cisco Meraki Device Health Metrics" - }, - { - "title": "VMware vSphere", - "id": "vsphere", - "description": "This Elastic integration collects metrics and logs from vSphere/vCenter servers", - "data_streams": [ - { - "dataset": "network", - "index_pattern": "logs-vsphere.network-*", - "title": "vSphere network metrics" - }, - { - "dataset": "resourcepool", - "index_pattern": "logs-vsphere.resourcepool-*", - "title": "vSphere resourcepool metrics" - }, - { - "dataset": "datastore", - "index_pattern": "logs-vsphere.datastore-*", - "title": "vSphere datastore metrics" - }, - { - "dataset": "virtualmachine", - "index_pattern": "logs-vsphere.virtualmachine-*", - "title": "vSphere virtual machine metrics" - }, - { - "dataset": "host", - "index_pattern": "logs-vsphere.host-*", - "title": "vSphere host metrics" - }, - { - "dataset": "datastorecluster", - "index_pattern": "logs-vsphere.datastorecluster-*", - "title": "vSphere DatastoreCluster metrics" - }, - { - "dataset": "log", - "index_pattern": "logs-vsphere.log-*", - "title": "vSphere Logs" - }, - { - "dataset": "cluster", - "index_pattern": "logs-vsphere.cluster-*", - "title": "vSphere cluster metrics" - } - ], - "elser_embedding": "VMware vSphere - This Elastic integration collects metrics and logs from vSphere/vCenter servers - vSphere network metrics vSphere resourcepool metrics vSphere datastore metrics vSphere virtual machine metrics vSphere host metrics vSphere DatastoreCluster metrics vSphere Logs vSphere cluster metrics" - }, - { - "title": "Platform Observability", - "id": "platform_observability", - "description": "Collect stack component logs with Elastic Agent", - "data_streams": [ - { - "dataset": "kibana_audit", - "index_pattern": "logs-platform_observability.kibana_audit-*", - "title": "Platform Observability Kibana audit logs" - }, - { - "dataset": "kibana_log", - "index_pattern": "logs-platform_observability.kibana_log-*", - "title": "Platform Observability Kibana logs" - } - ], - "elser_embedding": "Platform Observability - Collect stack component logs with Elastic Agent - Platform Observability Kibana audit logs Platform Observability Kibana logs" - }, - { - "title": "System", - "id": "system", - "description": "Collect system logs and metrics from your servers with Elastic Agent.", - "data_streams": [ - { - "dataset": "memory", - "index_pattern": "logs-system.memory-*", - "title": "System memory metrics" - }, - { - "dataset": "network", - "index_pattern": "logs-system.network-*", - "title": "System network metrics" - }, - { - "dataset": "uptime", - "index_pattern": "logs-system.uptime-*", - "title": "System uptime metrics" - }, - { - "dataset": "socket_summary", - "index_pattern": "logs-system.socket_summary-*", - "title": "System socket_summary metrics" - }, - { - "dataset": "auth", - "index_pattern": "logs-system.auth-*", - "title": "System auth logs" - }, - { - "dataset": "process", - "index_pattern": "logs-system.process-*", - "title": "System process metrics" - }, - { - "dataset": "load", - "index_pattern": "logs-system.load-*", - "title": "System load metrics" - }, - { - "dataset": "application", - "index_pattern": "logs-system.application-*", - "title": "Windows Application Events" - }, - { - "dataset": "diskio", - "index_pattern": "logs-system.diskio-*", - "title": "System diskio metrics" - }, - { - "dataset": "syslog", - "index_pattern": "logs-system.syslog-*", - "title": "System syslog logs" - }, - { - "dataset": "filesystem", - "index_pattern": "logs-system.filesystem-*", - "title": "System filesystem metrics" - }, - { - "dataset": "fsstat", - "index_pattern": "logs-system.fsstat-*", - "title": "System fsstat metrics" - }, - { - "dataset": "core", - "index_pattern": "logs-system.core-*", - "title": "System core metrics" - }, - { - "dataset": "cpu", - "index_pattern": "logs-system.cpu-*", - "title": "System cpu metrics" - }, - { - "dataset": "process_summary", - "index_pattern": "logs-system.process_summary-*", - "title": "System process_summary metrics" - }, - { - "dataset": "system", - "index_pattern": "logs-system.system-*", - "title": "Windows System Events" - }, - { - "dataset": "security", - "index_pattern": "logs-system.security-*", - "title": "Security logs" - } - ], - "elser_embedding": "System - Collect system logs and metrics from your servers with Elastic Agent. - System memory metrics System network metrics System uptime metrics System socket_summary metrics System auth logs System process metrics System load metrics Windows Application Events System diskio metrics System syslog logs System filesystem metrics System fsstat metrics System core metrics System cpu metrics System process_summary metrics Windows System Events Security logs" - }, - { - "title": "Airflow", - "id": "airflow", - "description": "Airflow Integration.", - "data_streams": [ - { - "dataset": "statsd", - "index_pattern": "logs-airflow.statsd-*", - "title": "Airflow metrics" - } - ], - "elser_embedding": "Airflow - Airflow Integration. - Airflow metrics" - }, - { - "title": "Custom Google Pub/Sub Logs", - "id": "gcp_pubsub", - "description": "Collect Logs from Google Pub/Sub topics", - "data_streams": [], - "elser_embedding": "Custom Google Pub/Sub Logs - Collect Logs from Google Pub/Sub topics - " - }, - { - "title": "Beat", - "id": "beat", - "description": "Beat Integration", - "data_streams": [], - "elser_embedding": "Beat - Beat Integration - " - }, - { - "title": "Cyberark Privileged Threat Analytics", - "id": "cyberark_pta", - "description": "Collect security logs from Cyberark PTA integration.", - "data_streams": [ - { - "dataset": "events", - "index_pattern": "logs-cyberark_pta.events-*", - "title": "CyberArk PTA logs" - } - ], - "elser_embedding": "Cyberark Privileged Threat Analytics - Collect security logs from Cyberark PTA integration. - CyberArk PTA logs" - }, - { - "title": "Trellix ePO Cloud", - "id": "trellix_epo_cloud", - "description": "Collect logs from Trellix ePO Cloud with Elastic Agent.", - "data_streams": [ - { - "dataset": "device", - "index_pattern": "logs-trellix_epo_cloud.device-*", - "title": "Collect Device logs from Trellix ePO Cloud." - }, - { - "dataset": "group", - "index_pattern": "logs-trellix_epo_cloud.group-*", - "title": "Collect Group logs from Trellix ePO Cloud." - }, - { - "dataset": "event", - "index_pattern": "logs-trellix_epo_cloud.event-*", - "title": "Collect Event logs from Trellix ePO Cloud." - } - ], - "elser_embedding": "Trellix ePO Cloud - Collect logs from Trellix ePO Cloud with Elastic Agent. - Collect Device logs from Trellix ePO Cloud. Collect Group logs from Trellix ePO Cloud. Collect Event logs from Trellix ePO Cloud." - }, - { - "title": "Vectra Detect", - "id": "vectra_detect", - "description": "Collect logs from Vectra Detect with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-vectra_detect.log-*", - "title": "Collect logs from Vectra Detect" - } - ], - "elser_embedding": "Vectra Detect - Collect logs from Vectra Detect with Elastic Agent. - Collect logs from Vectra Detect" - }, - { - "title": "Atlassian Confluence", - "id": "atlassian_confluence", - "description": "Collect logs from Atlassian Confluence with Elastic Agent.", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-atlassian_confluence.audit-*", - "title": "Confluence Audit Logs" - } - ], - "elser_embedding": "Atlassian Confluence - Collect logs from Atlassian Confluence with Elastic Agent. - Confluence Audit Logs" - }, - { - "title": "QNAP NAS", - "id": "qnap_nas", - "description": "Collect logs from QNAP NAS devices with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-qnap_nas.log-*", - "title": "QNAP NAS logs" - } - ], - "elser_embedding": "QNAP NAS - Collect logs from QNAP NAS devices with Elastic Agent. - QNAP NAS logs" - }, - { - "title": "Memcached", - "id": "memcached", - "description": "Memcached Integration", - "data_streams": [ - { - "dataset": "stats", - "index_pattern": "logs-memcached.stats-*", - "title": "Memcached stats metrics" - } - ], - "elser_embedding": "Memcached - Memcached Integration - Memcached stats metrics" - }, - { - "title": "Azure Resource Metrics", - "id": "azure_metrics", - "description": "Collect metrics from Azure resources with Elastic Agent.", - "data_streams": [ - { - "dataset": "container_service", - "index_pattern": "logs-azure_metrics.container_service-*", - "title": "Container Service" - }, - { - "dataset": "container_instance", - "index_pattern": "logs-azure_metrics.container_instance-*", - "title": "Container Instance" - }, - { - "dataset": "compute_vm", - "index_pattern": "logs-azure_metrics.compute_vm-*", - "title": "Compute VM" - }, - { - "dataset": "monitor", - "index_pattern": "logs-azure_metrics.monitor-*", - "title": "Monitor" - }, - { - "dataset": "storage_account", - "index_pattern": "logs-azure_metrics.storage_account-*", - "title": "Storage Account" - }, - { - "dataset": "compute_vm_scaleset", - "index_pattern": "logs-azure_metrics.compute_vm_scaleset-*", - "title": "Compute VM Scaleset" - }, - { - "dataset": "database_account", - "index_pattern": "logs-azure_metrics.database_account-*", - "title": "Database Account" - }, - { - "dataset": "container_registry", - "index_pattern": "logs-azure_metrics.container_registry-*", - "title": "Container Registry" - } - ], - "elser_embedding": "Azure Resource Metrics - Collect metrics from Azure resources with Elastic Agent. - Container Service Container Instance Compute VM Monitor Storage Account Compute VM Scaleset Database Account Container Registry" - }, - { - "title": "Elastic Connectors", - "id": "elastic_connectors", - "description": "Sync data from source to the Elasticsearch index.", - "data_streams": [], - "elser_embedding": "Elastic Connectors - Sync data from source to the Elasticsearch index. - " - }, - { - "title": "StatsD Input", - "id": "statsd_input", - "description": "StatsD Input Package", - "data_streams": [], - "elser_embedding": "StatsD Input - StatsD Input Package - " - }, - { - "title": "Cloudflare", - "id": "cloudflare", - "description": "Collect logs from Cloudflare with Elastic Agent.", - "data_streams": [ - { - "dataset": "logpull", - "index_pattern": "logs-cloudflare.logpull-*", - "title": "Cloudflare Logpull" - }, - { - "dataset": "audit", - "index_pattern": "logs-cloudflare.audit-*", - "title": "Cloudflare Audit Logs" - } - ], - "elser_embedding": "Cloudflare - Collect logs from Cloudflare with Elastic Agent. - Cloudflare Logpull Cloudflare Audit Logs" - }, - { - "title": "Cribl", - "id": "cribl", - "description": "Stream logs from Cribl into Elastic.", - "data_streams": [ - { - "dataset": "logs", - "index_pattern": "logs-cribl.logs-*", - "title": "Logs" - } - ], - "elser_embedding": "Cribl - Stream logs from Cribl into Elastic. - Logs" - }, - { - "title": "PHP-FPM", - "id": "php_fpm", - "description": "This Elastic integration collects metrics from PHP-FPM.", - "data_streams": [ - { - "dataset": "process", - "index_pattern": "logs-php_fpm.process-*", - "title": "Process metrics" - }, - { - "dataset": "pool", - "index_pattern": "logs-php_fpm.pool-*", - "title": "Pool metrics" - } - ], - "elser_embedding": "PHP-FPM - This Elastic integration collects metrics from PHP-FPM. - Process metrics Pool metrics" - }, - { - "title": "Azure Logs", - "id": "azure", - "description": "This Elastic integration collects logs from Azure", - "data_streams": [ - { - "dataset": "platformlogs", - "index_pattern": "logs-azure.platformlogs-*", - "title": "Azure Platform Logs" - }, - { - "dataset": "auditlogs", - "index_pattern": "logs-azure.auditlogs-*", - "title": "Azure Audit Logs" - }, - { - "dataset": "springcloudlogs", - "index_pattern": "logs-azure.springcloudlogs-*", - "title": "Azure Spring Apps Logs" - }, - { - "dataset": "signinlogs", - "index_pattern": "logs-azure.signinlogs-*", - "title": "Azure Signin Logs" - }, - { - "dataset": "firewall_logs", - "index_pattern": "logs-azure.firewall_logs-*", - "title": "Collect Network rule logs from Azure Firewall" - }, - { - "dataset": "graphactivitylogs", - "index_pattern": "logs-azure.graphactivitylogs-*", - "title": "Microsoft Graph Activity Logs" - }, - { - "dataset": "application_gateway", - "index_pattern": "logs-azure.application_gateway-*", - "title": "Azure Application Gateway logs" - }, - { - "dataset": "eventhub", - "index_pattern": "logs-azure.eventhub-*", - "title": "Azure Event Hub Input" - }, - { - "dataset": "provisioning", - "index_pattern": "logs-azure.provisioning-*", - "title": "Microsoft Entra ID Provisioning Logs" - }, - { - "dataset": "activitylogs", - "index_pattern": "logs-azure.activitylogs-*", - "title": "Azure Activity Logs" - }, - { - "dataset": "identity_protection", - "index_pattern": "logs-azure.identity_protection-*", - "title": "Microsoft Entra ID Identity Protection Logs" - } - ], - "elser_embedding": "Azure Logs - This Elastic integration collects logs from Azure - Azure Platform Logs Azure Audit Logs Azure Spring Apps Logs Azure Signin Logs Collect Network rule logs from Azure Firewall Microsoft Graph Activity Logs Azure Application Gateway logs Azure Event Hub Input Microsoft Entra ID Provisioning Logs Azure Activity Logs Microsoft Entra ID Identity Protection Logs" - }, - { - "title": "Palo Alto Networks Metrics", - "id": "panw_metrics", - "description": "Collect metrics from Palo Alto Networks with Elastic Agent.", - "data_streams": [ - { - "dataset": "vpn", - "index_pattern": "logs-panw_metrics.vpn-*", - "title": "Palo Alto Networks VPN metrics" - }, - { - "dataset": "interfaces", - "index_pattern": "logs-panw_metrics.interfaces-*", - "title": "Palo Alto Networks Interfaces metrics" - }, - { - "dataset": "system", - "index_pattern": "logs-panw_metrics.system-*", - "title": "Palo Alto Networks System metrics" - }, - { - "dataset": "routing", - "index_pattern": "logs-panw_metrics.routing-*", - "title": "Palo Alto Networks Routing metrics" - } - ], - "elser_embedding": "Palo Alto Networks Metrics - Collect metrics from Palo Alto Networks with Elastic Agent. - Palo Alto Networks VPN metrics Palo Alto Networks Interfaces metrics Palo Alto Networks System metrics Palo Alto Networks Routing metrics" - }, - { - "title": "Custom Threat Intelligence", - "id": "ti_custom", - "description": "Ingest threat intelligence data in STIX 2.1 format with Elastic Agent", - "data_streams": [ - { - "dataset": "indicator", - "index_pattern": "logs-ti_custom.indicator-*", - "title": "STIX 2.1 indicators" - } - ], - "elser_embedding": "Custom Threat Intelligence - Ingest threat intelligence data in STIX 2.1 format with Elastic Agent - STIX 2.1 indicators" - }, - { - "title": "Check Point Harmony Endpoint", - "id": "checkpoint_harmony_endpoint", - "description": "Collect logs from Check Point Harmony Endpoint", - "data_streams": [ - { - "dataset": "urlfiltering", - "index_pattern": "logs-checkpoint_harmony_endpoint.urlfiltering-*", - "title": "URL Filtering" - }, - { - "dataset": "forensics", - "index_pattern": "logs-checkpoint_harmony_endpoint.forensics-*", - "title": "Forensics" - }, - { - "dataset": "antibot", - "index_pattern": "logs-checkpoint_harmony_endpoint.antibot-*", - "title": "Anti-Bot" - }, - { - "dataset": "threatemulation", - "index_pattern": "logs-checkpoint_harmony_endpoint.threatemulation-*", - "title": "Threat Emulation" - }, - { - "dataset": "threatextraction", - "index_pattern": "logs-checkpoint_harmony_endpoint.threatextraction-*", - "title": "Threat Extraction" - }, - { - "dataset": "zerophishing", - "index_pattern": "logs-checkpoint_harmony_endpoint.zerophishing-*", - "title": "Zero Phishing" - }, - { - "dataset": "antimalware", - "index_pattern": "logs-checkpoint_harmony_endpoint.antimalware-*", - "title": "Anti-Malware" - } - ], - "elser_embedding": "Check Point Harmony Endpoint - Collect logs from Check Point Harmony Endpoint - URL Filtering Forensics Anti-Bot Threat Emulation Threat Extraction Zero Phishing Anti-Malware" - }, - { - "title": "Thycotic Secret Server", - "id": "thycotic_ss", - "description": "Thycotic Secret Server logs", - "data_streams": [ - { - "dataset": "logs", - "index_pattern": "logs-thycotic_ss.logs-*", - "title": "Thycotic Secret Server Logs" - } - ], - "elser_embedding": "Thycotic Secret Server - Thycotic Secret Server logs - Thycotic Secret Server Logs" - }, - { - "title": "Custom HTTP Endpoint Logs", - "id": "http_endpoint", - "description": "Collect JSON data from listening HTTP port with Elastic Agent.", - "data_streams": [], - "elser_embedding": "Custom HTTP Endpoint Logs - Collect JSON data from listening HTTP port with Elastic Agent. - " - }, - { - "title": "Atlassian Bitbucket", - "id": "atlassian_bitbucket", - "description": "Collect logs from Atlassian Bitbucket with Elastic Agent.", - "data_streams": [ - { - "dataset": "audit", - "index_pattern": "logs-atlassian_bitbucket.audit-*", - "title": "Bitbucket Audit Logs" - } - ], - "elser_embedding": "Atlassian Bitbucket - Collect logs from Atlassian Bitbucket with Elastic Agent. - Bitbucket Audit Logs" - }, - { - "title": "TYCHON Agentless", - "id": "tychon", - "description": "Collect complete master endpoint datasets including vulnerability and STIG to comply with DISA endpoint requirements and C2C without adding services to your endpoints.", - "data_streams": [ - { - "dataset": "systemcerts", - "index_pattern": "logs-tychon.systemcerts-*", - "title": "System Certificates" - }, - { - "dataset": "stig", - "index_pattern": "logs-tychon.stig-*", - "title": "Endpoint STIG Results" - }, - { - "dataset": "softwareinventory", - "index_pattern": "logs-tychon.softwareinventory-*", - "title": "Endpoint Software Inventory Info" - }, - { - "dataset": "coams", - "index_pattern": "logs-tychon.coams-*", - "title": "Endpoint Operational Attributes (Requires DATT)" - }, - { - "dataset": "harddrive", - "index_pattern": "logs-tychon.harddrive-*", - "title": "Endpoint Harddrive Info" - }, - { - "dataset": "host", - "index_pattern": "logs-tychon.host-*", - "title": "Host Operating System Info" - }, - { - "dataset": "cve", - "index_pattern": "logs-tychon.cve-*", - "title": "Vulnerabilites" - }, - { - "dataset": "externaldevicecontrol", - "index_pattern": "logs-tychon.externaldevicecontrol-*", - "title": "Endpoint External Device Control" - }, - { - "dataset": "cmrs", - "index_pattern": "logs-tychon.cmrs-*", - "title": "DISA Continuous Monitoring and Risk Scoring Data" - }, - { - "dataset": "arp", - "index_pattern": "logs-tychon.arp-*", - "title": "Endpoint Arp Table Information" - }, - { - "dataset": "ciphers", - "index_pattern": "logs-tychon.ciphers-*", - "title": "Certificate Ciphers" - }, - { - "dataset": "features", - "index_pattern": "logs-tychon.features-*", - "title": "Features Info" - }, - { - "dataset": "epp", - "index_pattern": "logs-tychon.epp-*", - "title": "Endpoint Protection Platform Info" - }, - { - "dataset": "cpu", - "index_pattern": "logs-tychon.cpu-*", - "title": "Endpoint CPU Info" - }, - { - "dataset": "browser", - "index_pattern": "logs-tychon.browser-*", - "title": "Endpoint Browser Configurations" - }, - { - "dataset": "exposedservice", - "index_pattern": "logs-tychon.exposedservice-*", - "title": "Endpoint Exposed Services" - }, - { - "dataset": "volume", - "index_pattern": "logs-tychon.volume-*", - "title": "Endpoint Volumes Info" - }, - { - "dataset": "hardware", - "index_pattern": "logs-tychon.hardware-*", - "title": "Hardware Info" - }, - { - "dataset": "networkadapter", - "index_pattern": "logs-tychon.networkadapter-*", - "title": "Network Adapters" - } - ], - "elser_embedding": "TYCHON Agentless - Collect complete master endpoint datasets including vulnerability and STIG to comply with DISA endpoint requirements and C2C without adding services to your endpoints. - System Certificates Endpoint STIG Results Endpoint Software Inventory Info Endpoint Operational Attributes (Requires DATT) Endpoint Harddrive Info Host Operating System Info Vulnerabilites Endpoint External Device Control DISA Continuous Monitoring and Risk Scoring Data Endpoint Arp Table Information Certificate Ciphers Features Info Endpoint Protection Platform Info Endpoint CPU Info Endpoint Browser Configurations Endpoint Exposed Services Endpoint Volumes Info Hardware Info Network Adapters" - }, - { - "title": "Proofpoint On Demand", - "id": "proofpoint_on_demand", - "description": "Collect logs from Proofpoint On Demand with Elastic Agent.", - "data_streams": [ - { - "dataset": "message", - "index_pattern": "logs-proofpoint_on_demand.message-*", - "title": "Proofpoint On Demand Message logs" - }, - { - "dataset": "audit", - "index_pattern": "logs-proofpoint_on_demand.audit-*", - "title": "Proofpoint On Demand Audit logs" - }, - { - "dataset": "mail", - "index_pattern": "logs-proofpoint_on_demand.mail-*", - "title": "Proofpoint On Demand Mail logs" - } - ], - "elser_embedding": "Proofpoint On Demand - Collect logs from Proofpoint On Demand with Elastic Agent. - Proofpoint On Demand Message logs Proofpoint On Demand Audit logs Proofpoint On Demand Mail logs" - }, - { - "title": "Cisco ASA", - "id": "cisco_asa", - "description": "Collect logs from Cisco ASA with Elastic Agent.", - "data_streams": [ - { - "dataset": "log", - "index_pattern": "logs-cisco_asa.log-*", - "title": "Cisco ASA logs" - } - ], - "elser_embedding": "Cisco ASA - Collect logs from Cisco ASA with Elastic Agent. - Cisco ASA logs" - }, - { - "title": "Amazon Security Lake", - "id": "amazon_security_lake", - "description": "Collect logs from Amazon Security Lake with Elastic Agent.", - "data_streams": [ - { - "dataset": "network_activity", - "index_pattern": "logs-amazon_security_lake.network_activity-*", - "title": "Amazon Security Lake Network Activity Events" - }, - { - "dataset": "application_activity", - "index_pattern": "logs-amazon_security_lake.application_activity-*", - "title": "Amazon Security Lake Application Activity Events" - }, - { - "dataset": "discovery", - "index_pattern": "logs-amazon_security_lake.discovery-*", - "title": "Amazon Security Lake Discovery Events" - }, - { - "dataset": "findings", - "index_pattern": "logs-amazon_security_lake.findings-*", - "title": "Amazon Security Lake Findings Events" - }, - { - "dataset": "system_activity", - "index_pattern": "logs-amazon_security_lake.system_activity-*", - "title": "Amazon Security Lake System Activity Events" - }, - { - "dataset": "event", - "index_pattern": "logs-amazon_security_lake.event-*", - "title": "Collect Amazon Security Lake Events" - }, - { - "dataset": "iam", - "index_pattern": "logs-amazon_security_lake.iam-*", - "title": "Amazon Security Lake Identity and Access Management Events" - } - ], - "elser_embedding": "Amazon Security Lake - Collect logs from Amazon Security Lake with Elastic Agent. - Amazon Security Lake Network Activity Events Amazon Security Lake Application Activity Events Amazon Security Lake Discovery Events Amazon Security Lake Findings Events Amazon Security Lake System Activity Events Collect Amazon Security Lake Events Amazon Security Lake Identity and Access Management Events" - }, - { - "title": "Azure App Service", - "id": "azure_app_service", - "description": "Collect logs from Azure App Service with Elastic Agent.", - "data_streams": [ - { - "dataset": "app_service_logs", - "index_pattern": "logs-azure_app_service.app_service_logs-*", - "title": "Collect App Service logs from Azure" - } - ], - "elser_embedding": "Azure App Service - Collect logs from Azure App Service with Elastic Agent. - Collect App Service logs from Azure" - }, - { - "title": "ESET PROTECT", - "id": "eset_protect", - "description": "Collect logs from ESET PROTECT with Elastic Agent.", - "data_streams": [ - { - "dataset": "device_task", - "index_pattern": "logs-eset_protect.device_task-*", - "title": "Collect Device Task logs from ESET PROTECT" - }, - { - "dataset": "detection", - "index_pattern": "logs-eset_protect.detection-*", - "title": "Collect Detection logs from ESET PROTECT" - }, - { - "dataset": "event", - "index_pattern": "logs-eset_protect.event-*", - "title": "Collect Event logs from ESET PROTECT" - } - ], - "elser_embedding": "ESET PROTECT - Collect logs from ESET PROTECT with Elastic Agent. - Collect Device Task logs from ESET PROTECT Collect Detection logs from ESET PROTECT Collect Event logs from ESET PROTECT" - }, - { - "id": "endpoint", - "title": "Elastic Defend", - "description": "windows linux osx dns network process suspicious user registry host host-based endpoint analysis commandline cli command exfiltration ransomware detection system os operating traffic prevention file user modification integrity obfuscation powershell anomaly edr xdr", - "data_streams": [ - { - "dataset": "endpoint.events.api", - "title": "Endpoint API Events", - "index_pattern": "logs-endpoint.events.api-*" - }, - { - "dataset": "endpoint.events.file", - "title": "Endpoint File Events", - "index_pattern": "logs-endpoint.events.file-*" - }, - { - "dataset": "endpoint.events.library", - "title": "Endpoint Library and Driver Events", - "index_pattern": "logs-endpoint.events.library-*" - }, - { - "dataset": "endpoint.events.network", - "title": "Endpoint Network Events", - "index_pattern": "logs-endpoint.events.network-*" - }, - { - "dataset": "endpoint.events.process", - "title": "Endpoint Process Events", - "index_pattern": "logs-endpoint.events.process-*" - }, - { - "dataset": "endpoint.events.registry", - "title": "Endpoint Registry Events", - "index_pattern": "logs-endpoint.events.registry-*" - }, - { - "dataset": "endpoint.events.security", - "title": "Endpoint Security Events", - "index_pattern": "logs-endpoint.events.security-*" - } - ], - "elser_embedding": "Elastic Defend - windows linux osx dns network process suspicious user registry host host-based endpoint analysis commandline cli command exfiltration ransomware detection system os operating traffic prevention file user modification integrity obfuscation powershell anomaly edr xdr - Endpoint API Events Endpoint File Events Endpoint Library and Driver Events Endpoint Network Events Endpoint Process Events Endpoint Registry Events Endpoint Security Events" - } -] \ No newline at end of file diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/data/rule_migrations_data_integrations_client.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/data/rule_migrations_data_integrations_client.ts index 77b0624316732..b9d5516d1d9d0 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/data/rule_migrations_data_integrations_client.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/data/rule_migrations_data_integrations_client.ts @@ -9,16 +9,11 @@ import type { PackageList } from '@kbn/fleet-plugin/common'; import type { RuleMigrationIntegration } from '../types'; import { RuleMigrationsDataBaseClient } from './rule_migrations_data_base_client'; -/* This will be removed once the package registry changes is performed */ -import integrationsFile from './integrations_temp.json'; - /* The minimum score required for a integration to be considered correct, might need to change this later */ const MIN_SCORE = 40 as const; /* The number of integrations the RAG will return, sorted by score */ const RETURNED_INTEGRATIONS = 5 as const; -/* This is a temp implementation to allow further development until https://github.com/elastic/package-registry/issues/1252 */ -const INTEGRATIONS = integrationsFile as RuleMigrationIntegration[]; /* BULK_MAX_SIZE defines the number to break down the bulk operations by. * The 500 number was chosen as a reasonable number to avoid large payloads. It can be adjusted if needed. */ @@ -28,32 +23,52 @@ export class RuleMigrationsDataIntegrationsClient extends RuleMigrationsDataBase } /** Indexes an array of integrations to be used with ELSER semantic search queries */ - async create(): Promise { + async populate(): Promise { const index = await this.getIndexName(); - await this.esClient - .bulk( - { - refresh: 'wait_for', - operations: INTEGRATIONS.flatMap((integration) => [ - { update: { _index: index, _id: integration.id } }, - { - doc: { - title: integration.title, - description: integration.description, - data_streams: integration.data_streams, - elser_embedding: integration.elser_embedding, - '@timestamp': new Date().toISOString(), + const packages = await this.dependencies.packageService?.asInternalUser.getPackages(); + if (packages) { + const ragIntegrations = packages.map((pkg) => ({ + title: pkg.title, + id: pkg.name, + description: pkg?.description || '', + data_streams: + pkg.data_streams?.map((stream) => ({ + dataset: stream.dataset, + index_pattern: `${stream.type}-${stream.dataset}-*`, + title: stream.title, + })) || [], + elser_embedding: [ + pkg.title, + pkg.description, + ...(pkg.data_streams?.map((stream) => stream.title) || []), + ].join(' - '), + })); + await this.esClient + .bulk( + { + refresh: 'wait_for', + operations: ragIntegrations.flatMap((integration) => [ + { update: { _index: index, _id: integration.id } }, + { + doc: { + title: integration.title, + description: integration.description, + data_streams: integration.data_streams, + elser_embedding: integration.elser_embedding, + }, + doc_as_upsert: true, }, - doc_as_upsert: true, - }, - ]), - }, - { requestTimeout: 10 * 60 * 1000 } - ) - .catch((error) => { - this.logger.error(`Error preparing integrations for SIEM migration ${error.message}`); - throw error; - }); + ]), + }, + { requestTimeout: 10 * 60 * 1000 } + ) + .catch((error) => { + this.logger.error(`Error populating integrations for migration ${error.message}`); + throw error; + }); + } else { + this.logger.warn('Package service not available, not able not populate integrations index'); + } } /** Based on a LLM generated semantic string, returns the 5 best results with a score above 40 */ diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/data/rule_migrations_field_maps.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/data/rule_migrations_field_maps.ts index 12a10f38a7e12..0ea2913d3ebd6 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/data/rule_migrations_field_maps.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/data/rule_migrations_field_maps.ts @@ -58,7 +58,7 @@ export const integrationsFieldMap: FieldMap { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/task/rule_migrations_task_client.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/task/rule_migrations_task_client.ts index 0d839ac808952..83f41d503bfa9 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/task/rule_migrations_task_client.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/task/rule_migrations_task_client.ts @@ -8,12 +8,12 @@ import type { AuthenticatedUser, Logger } from '@kbn/core/server'; import { AbortError, abortSignalToPromise } from '@kbn/kibana-utils-plugin/server'; import type { RunnableConfig } from '@langchain/core/runnables'; -import type { RuleMigrationFilters } from '../../../../../common/siem_migrations/types'; import { SiemMigrationStatus, SiemMigrationTaskStatus, } from '../../../../../common/siem_migrations/constants'; import type { RuleMigrationTaskStats } from '../../../../../common/siem_migrations/model/rule_migration.gen'; +import type { RuleMigrationFilters } from '../../../../../common/siem_migrations/types'; import type { RuleMigrationsDataClient } from '../data/rule_migrations_data_client'; import type { RuleMigrationDataStats } from '../data/rule_migrations_data_rules_client'; import type { SiemRuleMigrationsClientDependencies } from '../types'; @@ -22,8 +22,8 @@ import type { MigrateRuleState } from './agent/types'; import { RuleMigrationsRetriever } from './retrievers'; import type { MigrationAgent, - RuleMigrationTaskStartParams, RuleMigrationTaskCreateAgentParams, + RuleMigrationTaskStartParams, RuleMigrationTaskStartResult, RuleMigrationTaskStopResult, } from './types'; @@ -169,7 +169,7 @@ export class RuleMigrationsTaskClient { this.logger.info(`Abort signal received, stopping migration ID:${migrationId}`); return; } else { - this.logger.error(`Error processing migration ID:${migrationId}`, error); + this.logger.error(`Error processing migration ID:${migrationId} ${error}`); } } finally { this.migrationsRunning.delete(migrationId);