diff --git a/packages/canva/_dev/build/build.yml b/packages/canva/_dev/build/build.yml index 2bfcfc223b0..d8553567e9c 100644 --- a/packages/canva/_dev/build/build.yml +++ b/packages/canva/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: "git@v8.11.0" + reference: "git@v8.17.0" diff --git a/packages/canva/changelog.yml b/packages/canva/changelog.yml index 64b940a79e5..3e8b061701e 100644 --- a/packages/canva/changelog.yml +++ b/packages/canva/changelog.yml @@ -1,4 +1,15 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/15298 + - description: ECS version updated to 8.17.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/15298 + - description: Fix dashboard link for Serverless Project. + type: bugfix + link: https://github.com/elastic/integrations/pull/15298 - version: "0.7.0" changes: - description: Remove redundant installation instructions. diff --git a/packages/canva/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/canva/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index da30da95f54..6fe0a0cb4f4 100644 --- a/packages/canva/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/canva/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -393,7 +393,7 @@ "id": "Ddb44" }, "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "remove_team_from_organization", @@ -476,4 +476,4 @@ } } ] -} \ No newline at end of file +} diff --git a/packages/canva/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/canva/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index e1faa9758de..0232f7ea234 100644 --- a/packages/canva/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/canva/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: - set: field: ecs.version tag: set_ecs_version - value: 8.11.0 + value: 8.17.0 - set: field: event.kind tag: set_event_kind diff --git a/packages/canva/data_stream/audit/fields/base-fields.yml b/packages/canva/data_stream/audit/fields/base-fields.yml index 80d9ec7b099..ac77e9f2f34 100644 --- a/packages/canva/data_stream/audit/fields/base-fields.yml +++ b/packages/canva/data_stream/audit/fields/base-fields.yml @@ -1,20 +1,16 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: event.module type: constant_keyword - description: Event module. value: canva + external: ecs - name: event.dataset type: constant_keyword - description: Event dataset. value: canva.audit + external: ecs - name: '@timestamp' - type: date - description: Event timestamp. + external: ecs diff --git a/packages/canva/data_stream/audit/sample_event.json b/packages/canva/data_stream/audit/sample_event.json index 23e38cd7c2e..0cf8d795248 100644 --- a/packages/canva/data_stream/audit/sample_event.json +++ b/packages/canva/data_stream/audit/sample_event.json @@ -1,17 +1,17 @@ { "@timestamp": "2024-01-01T01:00:00.123Z", "agent": { - "ephemeral_id": "10166c35-0c59-4fea-976e-8615fb6be40a", - "id": "cfee7fe4-90a0-4cc8-8f00-1699ef5c3603", - "name": "docker-fleet-agent", + "ephemeral_id": "860cd4e2-418c-4cdb-a7ab-60155067bde8", + "id": "d4ca30b3-0f86-4dea-a919-235cb2014360", + "name": "elastic-agent-19022", "type": "filebeat", - "version": "8.13.0" + "version": "8.16.5" }, "aws": { "s3": { "bucket": { - "arn": "arn:aws:s3:::elastic-package-canva-bucket-76803", - "name": "elastic-package-canva-bucket-76803" + "arn": "arn:aws:s3:::elastic-package-canva-bucket-57347", + "name": "elastic-package-canva-bucket-57347" }, "object": { "key": "audit.log" @@ -378,19 +378,19 @@ }, "data_stream": { "dataset": "canva.audit", - "namespace": "91976", + "namespace": "74807", "type": "logs" }, "device": { "id": "Ddb44" }, "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "elastic_agent": { - "id": "cfee7fe4-90a0-4cc8-8f00-1699ef5c3603", + "id": "d4ca30b3-0f86-4dea-a919-235cb2014360", "snapshot": false, - "version": "8.13.0" + "version": "8.16.5" }, "event": { "action": "remove_team_from_organization", @@ -402,7 +402,7 @@ "duration": 10540800000000000, "end": "2024-07-06T18:57:27.000Z", "id": "3849ef51-ca85-4028-bae3-1b8de3ee5738", - "ingested": "2024-08-13T15:05:32Z", + "ingested": "2025-09-11T07:12:05Z", "kind": "event", "original": "{\"id\":\"3849ef51-ca85-4028-bae3-1b8de3ee5738\",\"timestamp\":1704070800123,\"actor\":{\"type\":\"USER\",\"user\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"},\"team\":{\"id\":\"BXeFatjDhdR\",\"display_name\":\"AcmeCorporation\"},\"organization\":{\"id\":\"OXtgecafZvh\"},\"details\":{\"type\":\"SCIM\"}},\"target\":{\"target_type\":\"USER\",\"user\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"},\"team\":{\"id\":\"BXeFatjDhdR\",\"display_name\":\"AcmeCorporation\"},\"organization\":{\"id\":\"abc\"},\"owner\":{\"type\":\"USER\",\"user\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"},\"team\":{\"id\":\"BXeFatjDhdR\",\"display_name\":\"AcmeCorporation\"},\"organization\":{\"id\":\"abc\"}},\"resource_type\":\"DESIGN\",\"id\":\"abc123\",\"name\":\"abc\"},\"action\":{\"type\":\"REMOVE_TEAM_FROM_ORGANIZATION\",\"display_name\":\"Marketing\",\"first_name\":\"string\",\"last_name\":\"string\",\"email\":\"alex.doe@example.com\",\"email_verified\":true,\"phone_number\":\"string\",\"country_code\":\"string\",\"locale\":\"string\",\"managing_entity\":{\"type\":\"TEAM\",\"team\":{\"id\":\"BXeFatjDhdR\",\"display_name\":\"AcmeCorporation\"},\"organization\":{\"id\":\"Abc11233\"}},\"saml_accounts\":[{\"idp_issuer\":\"string\",\"name_id\":\"string\"}],\"oauth_accounts\":[{\"platform\":\"string\",\"external_user_id\":\"string\"}],\"totp_mfa_enabled\":true,\"sms_mfa_enabled\":true,\"reason\":{\"type\":\"SAML_JIT_PROVISIONING\"},\"changed_fields\":\"ADDRESS\",\"login_type\":\"PASSWORD\",\"oauth_platform\":\"APPLE\",\"user_scope\":\"CURRENT_USER\",\"session_scope\":\"CURRENT_SESSION\",\"app_id\":\"string\",\"app_version\":\"string\",\"app_name\":\"string\",\"permissions\":[\"DESIGN_CONTENT_READ\"],\"old_permissions\":[\"DESIGN_CONTENT_READ\"],\"new_permissions\":[\"DESIGN_CONTENT_READ\"],\"output_type\":\"PDF\",\"create_type\":\"CREATE\",\"title\":\"Myawesomedesign\",\"original_design_id\":\"DAGKs37VOUl\",\"design_type\":\"Presentation(16:9)\",\"view_type\":\"VIEW_IN_EDITOR\",\"changes\":[{\"type\":\"CREATE_DESIGN_ACCESS_INVITE\",\"token_prefix\":\"ZMrbBHL2\",\"recipient\":\"ash.doe@example.com\",\"access\":{\"read\":true,\"write\":true}},{\"type\":\"REDEEM_DESIGN_ACCESS_INVITE\",\"token_prefix\":\"ZMrbBHL2\",\"recipient\":\"ash.doe@example.com\",\"user\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"}},{\"type\":\"DELETE_DESIGN_ACCESS_INVITE\",\"token_prefix\":\"ZMrbBHL2\",\"recipient\":\"ash.doe@example.com\"},{\"type\":\"UPDATE_DESIGN_OWNER\",\"old_owner\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"},\"new_owner\":{\"id\":\"UXqwwoQDSbb\",\"display_name\":\"AshDoe\",\"email\":\"ash.doe@example.com\"}},{\"type\":\"CREATE_DESIGN_ACCESS_RESTRICTION\"},{\"type\":\"GRANT_USER_DESIGN_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"user\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"}},{\"type\":\"REVOKE_USER_DESIGN_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"user\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"}},{\"type\":\"UPDATE_USER_DESIGN_ACCESS\",\"old_access\":{\"read\":true,\"write\":false},\"new_access\":{\"read\":true,\"write\":true},\"user\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"}},{\"type\":\"GRANT_GROUP_DESIGN_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"group\":\"GADkBZ48E04\"},{\"type\":\"REVOKE_GROUP_DESIGN_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"group\":\"GADkBZ48E04\"},{\"type\":\"UPDATE_GROUP_DESIGN_ACCESS\",\"old_access\":{\"read\":true,\"write\":false},\"new_access\":{\"read\":true,\"write\":true},\"group\":\"GADkBZ48E04\"},{\"type\":\"GRANT_TEAM_DESIGN_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"team\":{\"id\":\"BXeFatjDhdR\",\"display_name\":\"AcmeCorporation\"}},{\"type\":\"REVOKE_TEAM_DESIGN_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"team\":{\"id\":\"BXeFatjDhdR\",\"display_name\":\"AcmeCorporation\"}},{\"type\":\"UPDATE_TEAM_DESIGN_ACCESS\",\"old_access\":{\"read\":true,\"write\":false},\"new_access\":{\"read\":true,\"write\":true},\"team\":{\"id\":\"BXeFatjDhdR\",\"display_name\":\"AcmeCorporation\"}},{\"type\":\"GRANT_ORGANIZATION_DESIGN_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"organization\":{\"id\":\"OXtgecafZvh\"}},{\"type\":\"REVOKE_ORGANIZATION_DESIGN_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"organization\":{\"id\":\"OXtgecafZvh\"}},{\"type\":\"UPDATE_ORGANIZATION_DESIGN_ACCESS\",\"old_access\":{\"read\":true,\"write\":false},\"new_access\":{\"read\":true,\"write\":true},\"organization\":{\"id\":\"OXtgecafZvh\"}},{\"type\":\"GRANT_DESIGN_LINK_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"owning_team_only\":true},{\"type\":\"REVOKE_DESIGN_LINK_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"owning_team_only\":true},{\"type\":\"UPDATE_DESIGN_LINK_ACCESS\",\"old_link_role\":{\"access\":{\"read\":true,\"write\":false},\"owning_team_only\":true},\"new_link_role\":{\"access\":{\"read\":true,\"write\":true},\"owning_team_only\":false}}],\"description\":\"TheAcmeCorporationmarketinggroup.\",\"old_display_name\":\"Marketing\",\"new_display_name\":\"Growth\",\"user\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"},\"role\":\"ADMIN\",\"new_role\":\"ADMIN\",\"old_role\":\"ADMIN\",\"team_address\":{\"street1\":\"110Kippaxstreet\",\"city\":\"SurryHills\",\"subdivision\":\"AU-NSW\",\"country_code\":\"AU\",\"postcode\":2010},\"approval_status\":\"PENDING\",\"emails\":[\"ash.doe@example.com\",\"alex.doe@example.com\"],\"report_type\":\"USER\",\"start_timestamp\":1709751447000,\"end_timestamp\":1720292247000,\"old_name\":\"UntitledCorporation\",\"new_name\":\"AcmeCorporation\",\"default_team_id\":\"BXeFatjDhdR\",\"default_team_policy\":\"ADMIN_AND_UP\",\"team\":{\"id\":\"BXeFatjDhdR\",\"display_name\":\"AcmeCorporation\"}},\"outcome\":{\"result\":\"PERMITTED\",\"details\":{\"type\":\"RESOURCE_CREATED\",\"resource_id\":\"DXWEBartcNg\",\"resource_type\":\"DESIGN\",\"user_id\":\"ac343\"}},\"context\":{\"ip_address\":\"81.2.69.142\",\"session\":\"abc111\",\"request_id\":\"fafas\",\"device_id\":\"Ddb44\"}}", "outcome": "success", @@ -416,7 +416,7 @@ }, "log": { "file": { - "path": "https://elastic-package-canva-bucket-76803.s3.us-east-1.amazonaws.com/audit.log" + "path": "https://elastic-package-canva-bucket-57347.s3.us-east-1.amazonaws.com/audit.log" }, "offset": 0 }, @@ -486,4 +486,4 @@ "id": "UXoqDbwwSbQ" } } -} \ No newline at end of file +} diff --git a/packages/canva/docs/README.md b/packages/canva/docs/README.md index e876b4cd919..c913f88da49 100644 --- a/packages/canva/docs/README.md +++ b/packages/canva/docs/README.md @@ -87,17 +87,17 @@ An example event for `audit` looks as following: { "@timestamp": "2024-01-01T01:00:00.123Z", "agent": { - "ephemeral_id": "10166c35-0c59-4fea-976e-8615fb6be40a", - "id": "cfee7fe4-90a0-4cc8-8f00-1699ef5c3603", - "name": "docker-fleet-agent", + "ephemeral_id": "860cd4e2-418c-4cdb-a7ab-60155067bde8", + "id": "d4ca30b3-0f86-4dea-a919-235cb2014360", + "name": "elastic-agent-19022", "type": "filebeat", - "version": "8.13.0" + "version": "8.16.5" }, "aws": { "s3": { "bucket": { - "arn": "arn:aws:s3:::elastic-package-canva-bucket-76803", - "name": "elastic-package-canva-bucket-76803" + "arn": "arn:aws:s3:::elastic-package-canva-bucket-57347", + "name": "elastic-package-canva-bucket-57347" }, "object": { "key": "audit.log" @@ -464,19 +464,19 @@ An example event for `audit` looks as following: }, "data_stream": { "dataset": "canva.audit", - "namespace": "91976", + "namespace": "74807", "type": "logs" }, "device": { "id": "Ddb44" }, "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "elastic_agent": { - "id": "cfee7fe4-90a0-4cc8-8f00-1699ef5c3603", + "id": "d4ca30b3-0f86-4dea-a919-235cb2014360", "snapshot": false, - "version": "8.13.0" + "version": "8.16.5" }, "event": { "action": "remove_team_from_organization", @@ -488,7 +488,7 @@ An example event for `audit` looks as following: "duration": 10540800000000000, "end": "2024-07-06T18:57:27.000Z", "id": "3849ef51-ca85-4028-bae3-1b8de3ee5738", - "ingested": "2024-08-13T15:05:32Z", + "ingested": "2025-09-11T07:12:05Z", "kind": "event", "original": "{\"id\":\"3849ef51-ca85-4028-bae3-1b8de3ee5738\",\"timestamp\":1704070800123,\"actor\":{\"type\":\"USER\",\"user\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"},\"team\":{\"id\":\"BXeFatjDhdR\",\"display_name\":\"AcmeCorporation\"},\"organization\":{\"id\":\"OXtgecafZvh\"},\"details\":{\"type\":\"SCIM\"}},\"target\":{\"target_type\":\"USER\",\"user\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"},\"team\":{\"id\":\"BXeFatjDhdR\",\"display_name\":\"AcmeCorporation\"},\"organization\":{\"id\":\"abc\"},\"owner\":{\"type\":\"USER\",\"user\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"},\"team\":{\"id\":\"BXeFatjDhdR\",\"display_name\":\"AcmeCorporation\"},\"organization\":{\"id\":\"abc\"}},\"resource_type\":\"DESIGN\",\"id\":\"abc123\",\"name\":\"abc\"},\"action\":{\"type\":\"REMOVE_TEAM_FROM_ORGANIZATION\",\"display_name\":\"Marketing\",\"first_name\":\"string\",\"last_name\":\"string\",\"email\":\"alex.doe@example.com\",\"email_verified\":true,\"phone_number\":\"string\",\"country_code\":\"string\",\"locale\":\"string\",\"managing_entity\":{\"type\":\"TEAM\",\"team\":{\"id\":\"BXeFatjDhdR\",\"display_name\":\"AcmeCorporation\"},\"organization\":{\"id\":\"Abc11233\"}},\"saml_accounts\":[{\"idp_issuer\":\"string\",\"name_id\":\"string\"}],\"oauth_accounts\":[{\"platform\":\"string\",\"external_user_id\":\"string\"}],\"totp_mfa_enabled\":true,\"sms_mfa_enabled\":true,\"reason\":{\"type\":\"SAML_JIT_PROVISIONING\"},\"changed_fields\":\"ADDRESS\",\"login_type\":\"PASSWORD\",\"oauth_platform\":\"APPLE\",\"user_scope\":\"CURRENT_USER\",\"session_scope\":\"CURRENT_SESSION\",\"app_id\":\"string\",\"app_version\":\"string\",\"app_name\":\"string\",\"permissions\":[\"DESIGN_CONTENT_READ\"],\"old_permissions\":[\"DESIGN_CONTENT_READ\"],\"new_permissions\":[\"DESIGN_CONTENT_READ\"],\"output_type\":\"PDF\",\"create_type\":\"CREATE\",\"title\":\"Myawesomedesign\",\"original_design_id\":\"DAGKs37VOUl\",\"design_type\":\"Presentation(16:9)\",\"view_type\":\"VIEW_IN_EDITOR\",\"changes\":[{\"type\":\"CREATE_DESIGN_ACCESS_INVITE\",\"token_prefix\":\"ZMrbBHL2\",\"recipient\":\"ash.doe@example.com\",\"access\":{\"read\":true,\"write\":true}},{\"type\":\"REDEEM_DESIGN_ACCESS_INVITE\",\"token_prefix\":\"ZMrbBHL2\",\"recipient\":\"ash.doe@example.com\",\"user\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"}},{\"type\":\"DELETE_DESIGN_ACCESS_INVITE\",\"token_prefix\":\"ZMrbBHL2\",\"recipient\":\"ash.doe@example.com\"},{\"type\":\"UPDATE_DESIGN_OWNER\",\"old_owner\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"},\"new_owner\":{\"id\":\"UXqwwoQDSbb\",\"display_name\":\"AshDoe\",\"email\":\"ash.doe@example.com\"}},{\"type\":\"CREATE_DESIGN_ACCESS_RESTRICTION\"},{\"type\":\"GRANT_USER_DESIGN_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"user\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"}},{\"type\":\"REVOKE_USER_DESIGN_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"user\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"}},{\"type\":\"UPDATE_USER_DESIGN_ACCESS\",\"old_access\":{\"read\":true,\"write\":false},\"new_access\":{\"read\":true,\"write\":true},\"user\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"}},{\"type\":\"GRANT_GROUP_DESIGN_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"group\":\"GADkBZ48E04\"},{\"type\":\"REVOKE_GROUP_DESIGN_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"group\":\"GADkBZ48E04\"},{\"type\":\"UPDATE_GROUP_DESIGN_ACCESS\",\"old_access\":{\"read\":true,\"write\":false},\"new_access\":{\"read\":true,\"write\":true},\"group\":\"GADkBZ48E04\"},{\"type\":\"GRANT_TEAM_DESIGN_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"team\":{\"id\":\"BXeFatjDhdR\",\"display_name\":\"AcmeCorporation\"}},{\"type\":\"REVOKE_TEAM_DESIGN_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"team\":{\"id\":\"BXeFatjDhdR\",\"display_name\":\"AcmeCorporation\"}},{\"type\":\"UPDATE_TEAM_DESIGN_ACCESS\",\"old_access\":{\"read\":true,\"write\":false},\"new_access\":{\"read\":true,\"write\":true},\"team\":{\"id\":\"BXeFatjDhdR\",\"display_name\":\"AcmeCorporation\"}},{\"type\":\"GRANT_ORGANIZATION_DESIGN_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"organization\":{\"id\":\"OXtgecafZvh\"}},{\"type\":\"REVOKE_ORGANIZATION_DESIGN_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"organization\":{\"id\":\"OXtgecafZvh\"}},{\"type\":\"UPDATE_ORGANIZATION_DESIGN_ACCESS\",\"old_access\":{\"read\":true,\"write\":false},\"new_access\":{\"read\":true,\"write\":true},\"organization\":{\"id\":\"OXtgecafZvh\"}},{\"type\":\"GRANT_DESIGN_LINK_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"owning_team_only\":true},{\"type\":\"REVOKE_DESIGN_LINK_ACCESS\",\"access\":{\"read\":true,\"write\":true},\"owning_team_only\":true},{\"type\":\"UPDATE_DESIGN_LINK_ACCESS\",\"old_link_role\":{\"access\":{\"read\":true,\"write\":false},\"owning_team_only\":true},\"new_link_role\":{\"access\":{\"read\":true,\"write\":true},\"owning_team_only\":false}}],\"description\":\"TheAcmeCorporationmarketinggroup.\",\"old_display_name\":\"Marketing\",\"new_display_name\":\"Growth\",\"user\":{\"id\":\"UXoqDbwwSbQ\",\"display_name\":\"JaneDoe\",\"email\":\"jane.doe@example.com\"},\"role\":\"ADMIN\",\"new_role\":\"ADMIN\",\"old_role\":\"ADMIN\",\"team_address\":{\"street1\":\"110Kippaxstreet\",\"city\":\"SurryHills\",\"subdivision\":\"AU-NSW\",\"country_code\":\"AU\",\"postcode\":2010},\"approval_status\":\"PENDING\",\"emails\":[\"ash.doe@example.com\",\"alex.doe@example.com\"],\"report_type\":\"USER\",\"start_timestamp\":1709751447000,\"end_timestamp\":1720292247000,\"old_name\":\"UntitledCorporation\",\"new_name\":\"AcmeCorporation\",\"default_team_id\":\"BXeFatjDhdR\",\"default_team_policy\":\"ADMIN_AND_UP\",\"team\":{\"id\":\"BXeFatjDhdR\",\"display_name\":\"AcmeCorporation\"}},\"outcome\":{\"result\":\"PERMITTED\",\"details\":{\"type\":\"RESOURCE_CREATED\",\"resource_id\":\"DXWEBartcNg\",\"resource_type\":\"DESIGN\",\"user_id\":\"ac343\"}},\"context\":{\"ip_address\":\"81.2.69.142\",\"session\":\"abc111\",\"request_id\":\"fafas\",\"device_id\":\"Ddb44\"}}", "outcome": "success", @@ -502,7 +502,7 @@ An example event for `audit` looks as following: }, "log": { "file": { - "path": "https://elastic-package-canva-bucket-76803.s3.us-east-1.amazonaws.com/audit.log" + "path": "https://elastic-package-canva-bucket-57347.s3.us-east-1.amazonaws.com/audit.log" }, "offset": 0 }, @@ -579,7 +579,7 @@ An example event for `audit` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | aws.s3.bucket.arn | The AWS S3 bucket ARN. | keyword | | aws.s3.bucket.name | The AWS S3 bucket name. | keyword | | aws.s3.object.key | The AWS S3 Object key. | keyword | @@ -710,11 +710,11 @@ An example event for `audit` looks as following: | canva.audit.target.user.email | The email address of the user. | keyword | | canva.audit.target.user.id | The user ID. | keyword | | canva.audit.timestamp | The time the event occurred, as a Unix timestamp. | date | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | -| event.dataset | Event dataset. | constant_keyword | -| event.module | Event module. | constant_keyword | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | +| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | constant_keyword | +| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | constant_keyword | | input.type | Type of filebeat input. | keyword | | log.offset | Log offset. | long | | tags | User defined tags. | keyword | diff --git a/packages/canva/img/canva-audit-dashboard.png b/packages/canva/img/canva-audit-dashboard.png index 7eefe71d250..5be7d24ec96 100644 Binary files a/packages/canva/img/canva-audit-dashboard.png and b/packages/canva/img/canva-audit-dashboard.png differ diff --git a/packages/canva/kibana/dashboard/canva-062b09b1-072e-4582-bc50-61cfb47f4dc1.json b/packages/canva/kibana/dashboard/canva-062b09b1-072e-4582-bc50-61cfb47f4dc1.json index a23baf80871..bfd54b59a7a 100644 --- a/packages/canva/kibana/dashboard/canva-062b09b1-072e-4582-bc50-61cfb47f4dc1.json +++ b/packages/canva/kibana/dashboard/canva-062b09b1-072e-4582-bc50-61cfb47f4dc1.json @@ -1,5 +1,17 @@ { "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": { + "ignoreFilters": false, + "ignoreQuery": false, + "ignoreTimerange": false, + "ignoreValidations": false + }, + "panelsJSON": {}, + "showApplySelections": false + }, "description": "", "kibanaSavedObjectMeta": { "searchSourceJSON": { @@ -43,7 +55,11 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {}, + "enhancements": { + "dynamicActions": { + "events": [] + } + }, "savedVis": { "data": { "aggs": [], @@ -59,7 +75,7 @@ "id": "", "params": { "fontSize": 12, - "markdown": "**Navigation**\n\n**Canva** \n- [**Audit (This Page)**](#/dashboard/canva-062b09b1-072e-4582-bc50-61cfb47f4dc1)\n\n**Overview**\nThis dashboard provides an overview of the Audit Event detected by the Canva.\nThis dashboard use Bar Charts to display Target name, Context IP and Top Teams across the Audit Event. Pie Chart displays the Outcome Result, Approval Status, and Actor Type distribution. The dashboard also showcase the Top 10 Actor User, Action User, and Target User Information over the Event. A Pie Chart also exist to provide information related to event by the Action Type. Line Chart displays the event distribution over time.\n\n[**Integrations Page**](/app/integrations/detail/canva/overview)", + "markdown": "**Navigation**\n\n**Canva** \n- **Audit**\n\n**Overview** \nThis dashboard provides an overview of the Audit Event detected by the Canva. \nThis dashboard use Bar Charts to display Target name, Context IP and Top Teams across the Audit Event. Pie Chart displays the Outcome Result, Approval Status, and Actor Type distribution. The dashboard also showcase the Top 10 Actor User, Action User, and Target User Information over the Event. A Pie Chart also exist to provide information related to event by the Action Type. Line Chart displays the event distribution over time.\n\n[**Integrations Page**](/app/integrations/detail/canva/overview)", "openLinksInNewTab": false }, "title": "", @@ -1545,12 +1561,11 @@ ], "timeRestore": false, "title": "[Logs Canva] Audit", - "version": 1 + "version": 2 }, "coreMigrationVersion": "8.8.0", - "created_at": "2024-08-07T10:21:30.332Z", + "created_at": "2025-09-01T12:52:23.041Z", "id": "canva-062b09b1-072e-4582-bc50-61cfb47f4dc1", - "managed": false, "references": [ { "id": "logs-*", @@ -1614,5 +1629,6 @@ } ], "type": "dashboard", - "typeMigrationVersion": "8.9.0" + "typeMigrationVersion": "10.2.0", + "updated_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" } \ No newline at end of file diff --git a/packages/canva/manifest.yml b/packages/canva/manifest.yml index 42e13564e87..367a63343b1 100644 --- a/packages/canva/manifest.yml +++ b/packages/canva/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.2.1 name: canva title: Canva -version: "0.7.0" +version: "1.0.0" description: Collect logs from Canva with Elastic Agent. type: integration categories: diff --git a/packages/claroty_xdome/changelog.yml b/packages/claroty_xdome/changelog.yml index 614a000f83d..01988715271 100644 --- a/packages/claroty_xdome/changelog.yml +++ b/packages/claroty_xdome/changelog.yml @@ -1,4 +1,12 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/15298 + - description: Fix dashboard link for Serverless Project. + type: bugfix + link: https://github.com/elastic/integrations/pull/15298 - version: "0.3.0" changes: - description: Use `terminate` processor instead of `fail` processor to handle agent errors. diff --git a/packages/claroty_xdome/data_stream/alert/fields/base-fields.yml b/packages/claroty_xdome/data_stream/alert/fields/base-fields.yml index 493a01a2365..03cc5c330aa 100644 --- a/packages/claroty_xdome/data_stream/alert/fields/base-fields.yml +++ b/packages/claroty_xdome/data_stream/alert/fields/base-fields.yml @@ -1,20 +1,16 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: event.module type: constant_keyword - description: Event module. value: claroty_xdome + external: ecs - name: event.dataset type: constant_keyword - description: Event dataset. value: claroty_xdome.alert + external: ecs - name: '@timestamp' - type: date - description: Event timestamp. + external: ecs diff --git a/packages/claroty_xdome/data_stream/event/fields/base-fields.yml b/packages/claroty_xdome/data_stream/event/fields/base-fields.yml index 343d10cf74d..d1f374a1c56 100644 --- a/packages/claroty_xdome/data_stream/event/fields/base-fields.yml +++ b/packages/claroty_xdome/data_stream/event/fields/base-fields.yml @@ -1,20 +1,16 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: event.module type: constant_keyword - description: Event module. value: claroty_xdome + external: ecs - name: event.dataset type: constant_keyword - description: Event dataset. value: claroty_xdome.event + external: ecs - name: '@timestamp' - type: date - description: Event timestamp. + external: ecs diff --git a/packages/claroty_xdome/data_stream/vulnerability/fields/base-fields.yml b/packages/claroty_xdome/data_stream/vulnerability/fields/base-fields.yml index 098efbc0f8c..2b4a523f4ea 100644 --- a/packages/claroty_xdome/data_stream/vulnerability/fields/base-fields.yml +++ b/packages/claroty_xdome/data_stream/vulnerability/fields/base-fields.yml @@ -1,20 +1,16 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: event.module type: constant_keyword - description: Event module. value: claroty_xdome + external: ecs - name: event.dataset type: constant_keyword - description: Event dataset. value: claroty_xdome.vulnerability + external: ecs - name: '@timestamp' - type: date - description: Event timestamp. + external: ecs diff --git a/packages/claroty_xdome/docs/README.md b/packages/claroty_xdome/docs/README.md index 03d6d68807c..202fb72e0af 100644 --- a/packages/claroty_xdome/docs/README.md +++ b/packages/claroty_xdome/docs/README.md @@ -408,7 +408,7 @@ An example event for `alert` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | claroty_xdome.alert.category | Alert category such as Risk or Segmentation. | keyword | | claroty_xdome.alert.class | The alert class, such as Pre-Defined Alerts and Custom Alerts. | keyword | | claroty_xdome.alert.description | The alert description, such as SMBv1 Communication was detected by 2 OT Device devices. | keyword | @@ -615,11 +615,11 @@ An example event for `alert` looks as following: | claroty_xdome.alert.type_name | An alert type such as Outdated Firmware. | keyword | | claroty_xdome.alert.unresolved_devices_count | Number of unresolved devices. | long | | claroty_xdome.alert.updated_time | Date and time of last Alert update. | date | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | -| event.dataset | Event dataset. | constant_keyword | -| event.module | Event module. | constant_keyword | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | +| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | constant_keyword | +| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | constant_keyword | | input.type | Type of Filebeat input. | keyword | | log.offset | Log offset. | long | @@ -783,7 +783,7 @@ An example event for `event` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | claroty_xdome.event.description | A description of the event. | keyword | | claroty_xdome.event.destination.asset_id | Dest. asset ID. | keyword | | claroty_xdome.event.destination.device.ip | The Device Name attribute is set automatically based on the priority of the Auto-Assigned Device attribute. You can also set it manually. The Device Name can be the device's IP, hostname, etc. | ip | @@ -809,11 +809,11 @@ An example event for `event` looks as following: | claroty_xdome.event.source.site_name | The name of the site within the organization the device is associated with. | keyword | | claroty_xdome.event.source.username | The username who performed the activity associated with the event. | keyword | | claroty_xdome.event.type | An event type such as "Configuration Upload". | keyword | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | -| event.dataset | Event dataset. | constant_keyword | -| event.module | Event module. | constant_keyword | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | +| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | constant_keyword | +| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | constant_keyword | | input.type | Type of Filebeat input. | keyword | | log.offset | Log offset. | long | @@ -1206,7 +1206,7 @@ An example event for `vulnerability` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | claroty_xdome.vulnerability.adjusted_vulnerability_score.level | The calculated Adjusted vulnerability Score (AVS) level of a vulnerability, such as "Critical", or "High". | keyword | | claroty_xdome.vulnerability.adjusted_vulnerability_score.value | The Adjusted Vulnerability Score represents the vulnerability score based on its impact and exploitability. | double | | claroty_xdome.vulnerability.affected.confirmed_devices_count | Count of affected devices with ""Confirmed"" vulnerability relevance value. | long | @@ -1431,11 +1431,11 @@ An example event for `vulnerability` looks as following: | claroty_xdome.vulnerability.sources.name | | keyword | | claroty_xdome.vulnerability.sources.url | | keyword | | claroty_xdome.vulnerability.type | Type such as "Application", "Clinical", "IoT" or "Platform". | keyword | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | -| event.dataset | Event dataset. | constant_keyword | -| event.module | Event module. | constant_keyword | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | +| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | constant_keyword | +| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | constant_keyword | | input.type | Type of Filebeat input. | keyword | | log.offset | Log offset. | long | | resource.id | | keyword | diff --git a/packages/claroty_xdome/img/claroty_xdome-alert.png b/packages/claroty_xdome/img/claroty_xdome-alert.png index 446f7e40a00..80dbfc4b818 100644 Binary files a/packages/claroty_xdome/img/claroty_xdome-alert.png and b/packages/claroty_xdome/img/claroty_xdome-alert.png differ diff --git a/packages/claroty_xdome/img/claroty_xdome-event.png b/packages/claroty_xdome/img/claroty_xdome-event.png index 9b0302c05ff..e111e7f78a3 100644 Binary files a/packages/claroty_xdome/img/claroty_xdome-event.png and b/packages/claroty_xdome/img/claroty_xdome-event.png differ diff --git a/packages/claroty_xdome/img/claroty_xdome-vulnerability.png b/packages/claroty_xdome/img/claroty_xdome-vulnerability.png index 4912bb4102b..2273d6ed384 100644 Binary files a/packages/claroty_xdome/img/claroty_xdome-vulnerability.png and b/packages/claroty_xdome/img/claroty_xdome-vulnerability.png differ diff --git a/packages/claroty_xdome/kibana/dashboard/claroty_xdome-1a6db475-9ab4-4970-9684-9a427321a765.json b/packages/claroty_xdome/kibana/dashboard/claroty_xdome-1a6db475-9ab4-4970-9684-9a427321a765.json index 00f83828d30..8e9f239a7d5 100644 --- a/packages/claroty_xdome/kibana/dashboard/claroty_xdome-1a6db475-9ab4-4970-9684-9a427321a765.json +++ b/packages/claroty_xdome/kibana/dashboard/claroty_xdome-1a6db475-9ab4-4970-9684-9a427321a765.json @@ -122,45 +122,6 @@ "useMargins": true }, "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": { - "dynamicActions": { - "events": [] - } - }, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "fontSize": 12, - "markdown": "**Navigation**\n\n[**Claroty xDome**](/app/integrations/detail/claroty_xdome/overview)\n\n- **Alert**\n- [Event](#/dashboard/claroty_xdome-9dc03d8d-e798-4bad-a368-c21468a5eeea)\n- [Vulnerability](#/dashboard/claroty_xdome-9d8a86b9-6253-4aa6-8f5c-06f4dce86a59)\n\n**Overview**\n\nThis dashboard displays key statistics and visualizations for alerts in Claroty xDome, including alert distribution by category, risk score, and device type. It provides insights into unresolved alerts, devices using insecure protocols, and network-based alert distribution. The dashboard highlights top affected devices, most impacted manufacturers, and trends in alerts over time, enabling effective monitoring and analysis of security incidents. Additionally, it portraits the essential details of devices affected by alerts.", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 29, - "i": "9d3eaa69-8d69-45f1-94a8-116d99a1346c", - "w": 10, - "x": 0, - "y": 0 - }, - "panelIndex": "9d3eaa69-8d69-45f1-94a8-116d99a1346c", - "type": "visualization" - }, { "embeddableConfig": { "attributes": { @@ -2144,6 +2105,102 @@ "panelRefName": "panel_453cbebf-611e-4381-a98b-0a6c4eb168b5", "title": "Devices Affected by Alert Essential Details [Logs Claroty xDome]", "type": "search" + }, + { + "embeddableConfig": { + "attributes": { + "layout": "vertical", + "links": [ + { + "destinationRefName": "link_b262c3ad-3516-4da4-b07b-02b015bfcf53_dashboard", + "id": "b262c3ad-3516-4da4-b07b-02b015bfcf53", + "label": "Alert", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 0, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_e8ed3be2-bd9b-4708-8638-38b9d5c5c18c_dashboard", + "id": "e8ed3be2-bd9b-4708-8638-38b9d5c5c18c", + "label": "Event", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 1, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_1e370c76-9298-4cce-ab16-dce580b63689_dashboard", + "id": "1e370c76-9298-4cce-ab16-dce580b63689", + "label": "Vulnerability", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 2, + "type": "dashboardLink" + } + ] + }, + "enhancements": {} + }, + "gridData": { + "h": 7, + "i": "211b3424-e10f-4625-ae2a-105d4e3900f4", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "211b3424-e10f-4625-ae2a-105d4e3900f4", + "title": "Navigation", + "type": "links" + }, + { + "embeddableConfig": { + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "fontSize": 12, + "markdown": "This dashboard displays key statistics and visualizations for alerts in Claroty xDome, including alert distribution by category, risk score, and device type. It provides insights into unresolved alerts, devices using insecure protocols, and network-based alert distribution. The dashboard highlights top affected devices, most impacted manufacturers, and trends in alerts over time, enabling effective monitoring and analysis of security incidents. Additionally, it portraits the essential details of devices affected by alerts.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 22, + "i": "9d3eaa69-8d69-45f1-94a8-116d99a1346c", + "w": 10, + "x": 0, + "y": 7 + }, + "panelIndex": "9d3eaa69-8d69-45f1-94a8-116d99a1346c", + "title": "Overview", + "type": "visualization" } ], "timeRestore": false, @@ -2151,9 +2208,8 @@ "version": 3 }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-04-21T07:35:22.188Z", + "created_at": "2025-09-08T07:44:07.548Z", "id": "claroty_xdome-1a6db475-9ab4-4970-9684-9a427321a765", - "managed": false, "references": [ { "id": "logs-*", @@ -2230,6 +2286,21 @@ "name": "55375892-2f5e-4a36-949d-723b4046d250:kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern" }, + { + "id": "claroty_xdome-1a6db475-9ab4-4970-9684-9a427321a765", + "name": "211b3424-e10f-4625-ae2a-105d4e3900f4:link_b262c3ad-3516-4da4-b07b-02b015bfcf53_dashboard", + "type": "dashboard" + }, + { + "id": "claroty_xdome-9dc03d8d-e798-4bad-a368-c21468a5eeea", + "name": "211b3424-e10f-4625-ae2a-105d4e3900f4:link_e8ed3be2-bd9b-4708-8638-38b9d5c5c18c_dashboard", + "type": "dashboard" + }, + { + "id": "claroty_xdome-9d8a86b9-6253-4aa6-8f5c-06f4dce86a59", + "name": "211b3424-e10f-4625-ae2a-105d4e3900f4:link_1e370c76-9298-4cce-ab16-dce580b63689_dashboard", + "type": "dashboard" + }, { "id": "logs-*", "name": "controlGroup_31f18dfe-4c6f-4827-9fac-e3efb4e4a106:optionsListDataView", diff --git a/packages/claroty_xdome/kibana/dashboard/claroty_xdome-9d8a86b9-6253-4aa6-8f5c-06f4dce86a59.json b/packages/claroty_xdome/kibana/dashboard/claroty_xdome-9d8a86b9-6253-4aa6-8f5c-06f4dce86a59.json index 1b381951708..68389681bb5 100644 --- a/packages/claroty_xdome/kibana/dashboard/claroty_xdome-9d8a86b9-6253-4aa6-8f5c-06f4dce86a59.json +++ b/packages/claroty_xdome/kibana/dashboard/claroty_xdome-9d8a86b9-6253-4aa6-8f5c-06f4dce86a59.json @@ -126,47 +126,6 @@ "useMargins": true }, "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": { - "dynamicActions": { - "events": [] - } - }, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "**Navigation**\n\n[**Claroty xDome**](/app/integrations/detail/claroty_xdome/overview)\n\n- [Alert](#/dashboard/claroty_xdome-1a6db475-9ab4-4970-9684-9a427321a765)\n- [Event](#/dashboard/claroty_xdome-9dc03d8d-e798-4bad-a368-c21468a5eeea)\n- **Vulnerability**\n\n**Overview**\n\nThis dashboard displays key statistics and visualizations for vulnerabilities in Claroty xDome, including vulnerability distribution by type, device type, and relevance. It provides insights into affected devices, operating systems, and risk scores. The dashboard also highlights top vulnerability sources, most high-risk devices, and trends of detected vulnerabilities over time, enabling effective monitoring and analysis of security risks. Additionally, it portraits the essential details of devices affected by vulnerabilities.", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 30, - "i": "d9f684ce-126c-454b-a59f-4e61e7fe4ab8", - "w": 10, - "x": 0, - "y": 0 - }, - "panelIndex": "d9f684ce-126c-454b-a59f-4e61e7fe4ab8", - "title": "Table of Content", - "type": "visualization" - }, { "embeddableConfig": { "attributes": { @@ -2138,6 +2097,103 @@ "panelRefName": "panel_9aec1dc8-200d-4d5f-bc02-d2b6178daf66", "title": "Devices Affected by Vulnerability Essential Details [Logs Claroty xDome]", "type": "search" + }, + { + "embeddableConfig": { + "attributes": { + "layout": "vertical", + "links": [ + { + "destinationRefName": "link_b262c3ad-3516-4da4-b07b-02b015bfcf53_dashboard", + "id": "b262c3ad-3516-4da4-b07b-02b015bfcf53", + "label": "Alert", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 0, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_e8ed3be2-bd9b-4708-8638-38b9d5c5c18c_dashboard", + "id": "e8ed3be2-bd9b-4708-8638-38b9d5c5c18c", + "label": "Event", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 1, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_1e370c76-9298-4cce-ab16-dce580b63689_dashboard", + "id": "1e370c76-9298-4cce-ab16-dce580b63689", + "label": "Vulnerability", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 2, + "type": "dashboardLink" + } + ] + }, + "enhancements": {} + }, + "gridData": { + "h": 7, + "i": "40055a84-ad6b-490f-b83d-b16bbd4d1601", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "40055a84-ad6b-490f-b83d-b16bbd4d1601", + "title": "Navigation", + "type": "links" + }, + { + "embeddableConfig": { + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "This dashboard displays key statistics and visualizations for vulnerabilities in Claroty xDome, including vulnerability distribution by type, device type, and relevance. It provides insights into affected devices, operating systems, and risk scores. The dashboard also highlights top vulnerability sources, most high-risk devices, and trends of detected vulnerabilities over time, enabling effective monitoring and analysis of security risks. Additionally, it portraits the essential details of devices affected by vulnerabilities.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 23, + "i": "d9f684ce-126c-454b-a59f-4e61e7fe4ab8", + "w": 10, + "x": 0, + "y": 7 + }, + "panelIndex": "d9f684ce-126c-454b-a59f-4e61e7fe4ab8", + "title": "Overview", + "type": "visualization" } ], "timeRestore": false, @@ -2145,9 +2201,8 @@ "version": 3 }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-04-21T07:35:22.848Z", + "created_at": "2025-09-08T07:44:09.609Z", "id": "claroty_xdome-9d8a86b9-6253-4aa6-8f5c-06f4dce86a59", - "managed": false, "references": [ { "id": "logs-*", @@ -2214,6 +2269,21 @@ "name": "32de5df9-447c-4b70-ac03-3b47ccda672d:indexpattern-datasource-layer-889e31ad-792f-4cb4-b763-df8bf6ed8085", "type": "index-pattern" }, + { + "id": "claroty_xdome-1a6db475-9ab4-4970-9684-9a427321a765", + "name": "40055a84-ad6b-490f-b83d-b16bbd4d1601:link_b262c3ad-3516-4da4-b07b-02b015bfcf53_dashboard", + "type": "dashboard" + }, + { + "id": "claroty_xdome-9dc03d8d-e798-4bad-a368-c21468a5eeea", + "name": "40055a84-ad6b-490f-b83d-b16bbd4d1601:link_e8ed3be2-bd9b-4708-8638-38b9d5c5c18c_dashboard", + "type": "dashboard" + }, + { + "id": "claroty_xdome-9d8a86b9-6253-4aa6-8f5c-06f4dce86a59", + "name": "40055a84-ad6b-490f-b83d-b16bbd4d1601:link_1e370c76-9298-4cce-ab16-dce580b63689_dashboard", + "type": "dashboard" + }, { "id": "logs-*", "name": "controlGroup_e62d649d-f605-411d-9716-2852d6cc94b5:optionsListDataView", diff --git a/packages/claroty_xdome/kibana/dashboard/claroty_xdome-9dc03d8d-e798-4bad-a368-c21468a5eeea.json b/packages/claroty_xdome/kibana/dashboard/claroty_xdome-9dc03d8d-e798-4bad-a368-c21468a5eeea.json index 3f12f6bf5ac..c0ba2e0de98 100644 --- a/packages/claroty_xdome/kibana/dashboard/claroty_xdome-9dc03d8d-e798-4bad-a368-c21468a5eeea.json +++ b/packages/claroty_xdome/kibana/dashboard/claroty_xdome-9dc03d8d-e798-4bad-a368-c21468a5eeea.json @@ -20,7 +20,6 @@ "hideExclude": null, "hideExists": null, "hideSort": null, - "id": "6eb12ad0-75ed-4ff7-8a11-6d13834f2724", "placeholder": null, "runPastTimeout": null, "searchTechnique": "prefix", @@ -47,7 +46,6 @@ "hideExclude": null, "hideExists": null, "hideSort": null, - "id": "8949603f-7c01-433a-85ad-3f7c782a9908", "placeholder": null, "runPastTimeout": null, "searchTechnique": "prefix", @@ -74,7 +72,6 @@ "hideExclude": null, "hideExists": null, "hideSort": null, - "id": "9e04e4ce-1408-4d75-a611-cd75e8687153", "placeholder": null, "runPastTimeout": null, "searchTechnique": "prefix", @@ -135,46 +132,6 @@ "useMargins": true }, "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": { - "dynamicActions": { - "events": [] - } - }, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "fontSize": 12, - "markdown": "**Navigation**\n\n[**Claroty xDome**](/app/integrations/detail/claroty_xdome/overview)\n\n- [Alert](#/dashboard/claroty_xdome-1a6db475-9ab4-4970-9684-9a427321a765)\n- **Event**\n- [Vulnerability](#/dashboard/claroty_xdome-9d8a86b9-6253-4aa6-8f5c-06f4dce86a59)\n\n**Overview**\n\nThis dashboard displays key statistics and visualizations for events in Claroty xDome, including event distribution by type, protocol, and IP protocol, as well as insights into destination and source device details. It provides an overview of event trends over time, reports categorized by mode, and highlights top source users, enabling effective monitoring and analysis of network security events.", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 30, - "i": "72f64144-3285-4534-8fcc-e1cd52948703", - "w": 10, - "x": 0, - "y": 0 - }, - "panelIndex": "72f64144-3285-4534-8fcc-e1cd52948703", - "title": "Table of Content", - "type": "visualization" - }, { "embeddableConfig": { "attributes": { @@ -296,7 +253,19 @@ "type": "lens", "visualizationType": "lnsXY" }, - "enhancements": {} + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false }, "gridData": { "h": 15, @@ -423,7 +392,19 @@ "type": "lens", "visualizationType": "lnsDatatable" }, - "enhancements": {} + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false }, "gridData": { "h": 15, @@ -584,7 +565,19 @@ "type": "lens", "visualizationType": "lnsXY" }, - "enhancements": {} + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false }, "gridData": { "h": 15, @@ -720,7 +713,19 @@ "type": "lens", "visualizationType": "lnsPie" }, - "enhancements": {} + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false }, "gridData": { "h": 16, @@ -897,7 +902,19 @@ "type": "lens", "visualizationType": "lnsXY" }, - "enhancements": {} + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false }, "gridData": { "h": 16, @@ -1033,7 +1050,19 @@ "type": "lens", "visualizationType": "lnsPie" }, - "enhancements": {} + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false }, "gridData": { "h": 16, @@ -1169,7 +1198,19 @@ "type": "lens", "visualizationType": "lnsPie" }, - "enhancements": {} + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false }, "gridData": { "h": 16, @@ -1333,6 +1374,102 @@ "panelIndex": "842753cd-b04e-4d09-93ad-5cda158219c6", "title": "Source Device Details [Logs Claroty xDome]", "type": "search" + }, + { + "embeddableConfig": { + "attributes": { + "layout": "vertical", + "links": [ + { + "destinationRefName": "link_b262c3ad-3516-4da4-b07b-02b015bfcf53_dashboard", + "id": "b262c3ad-3516-4da4-b07b-02b015bfcf53", + "label": "Alert", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 0, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_e8ed3be2-bd9b-4708-8638-38b9d5c5c18c_dashboard", + "id": "e8ed3be2-bd9b-4708-8638-38b9d5c5c18c", + "label": "Event", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 1, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_1e370c76-9298-4cce-ab16-dce580b63689_dashboard", + "id": "1e370c76-9298-4cce-ab16-dce580b63689", + "label": "Vulnerability", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 2, + "type": "dashboardLink" + } + ] + }, + "enhancements": {} + }, + "gridData": { + "h": 7, + "i": "b35fdef4-c1b8-478d-a9d3-17989c7d7da5", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "b35fdef4-c1b8-478d-a9d3-17989c7d7da5", + "title": "Navigation", + "type": "links" + }, + { + "embeddableConfig": { + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "fontSize": 12, + "markdown": "This dashboard displays key statistics and visualizations for events in Claroty xDome, including event distribution by type, protocol, and IP protocol, as well as insights into destination and source device details. It provides an overview of event trends over time, reports categorized by mode, and highlights top source users, enabling effective monitoring and analysis of network security events.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 23, + "i": "72f64144-3285-4534-8fcc-e1cd52948703", + "w": 10, + "x": 0, + "y": 7 + }, + "panelIndex": "72f64144-3285-4534-8fcc-e1cd52948703", + "title": "Overview", + "type": "visualization" } ], "timeRestore": false, @@ -1340,9 +1477,8 @@ "version": 3 }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-04-16T07:23:19.634Z", + "created_at": "2025-09-08T07:44:08.601Z", "id": "claroty_xdome-9dc03d8d-e798-4bad-a368-c21468a5eeea", - "managed": true, "references": [ { "id": "logs-*", @@ -1394,22 +1530,43 @@ "name": "842753cd-b04e-4d09-93ad-5cda158219c6:kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern" }, + { + "id": "claroty_xdome-1a6db475-9ab4-4970-9684-9a427321a765", + "name": "b35fdef4-c1b8-478d-a9d3-17989c7d7da5:link_b262c3ad-3516-4da4-b07b-02b015bfcf53_dashboard", + "type": "dashboard" + }, + { + "id": "claroty_xdome-9dc03d8d-e798-4bad-a368-c21468a5eeea", + "name": "b35fdef4-c1b8-478d-a9d3-17989c7d7da5:link_e8ed3be2-bd9b-4708-8638-38b9d5c5c18c_dashboard", + "type": "dashboard" + }, + { + "id": "claroty_xdome-9d8a86b9-6253-4aa6-8f5c-06f4dce86a59", + "name": "b35fdef4-c1b8-478d-a9d3-17989c7d7da5:link_1e370c76-9298-4cce-ab16-dce580b63689_dashboard", + "type": "dashboard" + }, { "id": "logs-*", - "name": "controlGroup_01590b95-d5b8-44d8-abda-d92a3b5dd29a:optionsListDataView", + "name": "controlGroup_8949603f-7c01-433a-85ad-3f7c782a9908:optionsListDataView", "type": "index-pattern" }, { "id": "logs-*", - "name": "controlGroup_f07e2515-ce3f-4c81-9642-e68a072fce29:optionsListDataView", + "name": "controlGroup_9e04e4ce-1408-4d75-a611-cd75e8687153:optionsListDataView", "type": "index-pattern" }, { "id": "logs-*", - "name": "controlGroup_5c7e8aec-a042-4c8e-8712-0b252b33c83f:optionsListDataView", + "name": "controlGroup_6eb12ad0-75ed-4ff7-8a11-6d13834f2724:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern" } ], "type": "dashboard", - "typeMigrationVersion": "10.2.0" + "typeMigrationVersion": "10.2.0", + "updated_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" } \ No newline at end of file diff --git a/packages/claroty_xdome/kibana/search/claroty_xdome-135de86d-8045-480a-bc10-cb321b87dc42.json b/packages/claroty_xdome/kibana/search/claroty_xdome-135de86d-8045-480a-bc10-cb321b87dc42.json index abc739afe85..051df2e2820 100644 --- a/packages/claroty_xdome/kibana/search/claroty_xdome-135de86d-8045-480a-bc10-cb321b87dc42.json +++ b/packages/claroty_xdome/kibana/search/claroty_xdome-135de86d-8045-480a-bc10-cb321b87dc42.json @@ -33,10 +33,8 @@ "title": "Devices Affected by Alert Essential Details [Logs Claroty xDome]" }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-04-21T09:02:55.899Z", - "created_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0", + "created_at": "2025-09-08T07:43:54.844Z", "id": "claroty_xdome-135de86d-8045-480a-bc10-cb321b87dc42", - "managed": false, "references": [ { "id": "logs-*", @@ -45,6 +43,5 @@ } ], "type": "search", - "typeMigrationVersion": "10.5.0", - "updated_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" + "typeMigrationVersion": "10.5.0" } \ No newline at end of file diff --git a/packages/claroty_xdome/kibana/search/claroty_xdome-aabe9af9-ccb6-4706-9e00-9714aefc802a.json b/packages/claroty_xdome/kibana/search/claroty_xdome-aabe9af9-ccb6-4706-9e00-9714aefc802a.json index 1c80d85d340..deb2c0a45c5 100644 --- a/packages/claroty_xdome/kibana/search/claroty_xdome-aabe9af9-ccb6-4706-9e00-9714aefc802a.json +++ b/packages/claroty_xdome/kibana/search/claroty_xdome-aabe9af9-ccb6-4706-9e00-9714aefc802a.json @@ -32,10 +32,8 @@ "title": "Devices Affected by Vulnerability Essential Details [Logs Claroty xDome]" }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-04-21T08:57:48.009Z", - "created_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0", + "created_at": "2025-09-08T07:43:54.844Z", "id": "claroty_xdome-aabe9af9-ccb6-4706-9e00-9714aefc802a", - "managed": false, "references": [ { "id": "logs-*", @@ -44,6 +42,5 @@ } ], "type": "search", - "typeMigrationVersion": "10.5.0", - "updated_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" + "typeMigrationVersion": "10.5.0" } \ No newline at end of file diff --git a/packages/claroty_xdome/manifest.yml b/packages/claroty_xdome/manifest.yml index f5fb6b4fe9c..a9b725f2eef 100644 --- a/packages/claroty_xdome/manifest.yml +++ b/packages/claroty_xdome/manifest.yml @@ -1,6 +1,6 @@ name: claroty_xdome title: "Claroty xDome" -version: 0.3.0 +version: 1.0.0 description: "Collect logs from Claroty xDome with Elastic Agent." type: integration format_version: 3.4.0 diff --git a/packages/jamf_pro/_dev/build/build.yml b/packages/jamf_pro/_dev/build/build.yml index e2b012548e0..97fc8aa10cd 100644 --- a/packages/jamf_pro/_dev/build/build.yml +++ b/packages/jamf_pro/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.11.0 + reference: git@v8.17.0 diff --git a/packages/jamf_pro/changelog.yml b/packages/jamf_pro/changelog.yml index 6047689277b..1fdf58687ae 100644 --- a/packages/jamf_pro/changelog.yml +++ b/packages/jamf_pro/changelog.yml @@ -1,4 +1,12 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/15298 + - description: ECS version updated to 8.17.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/15298 - version: "0.7.0" changes: - description: Use the standard request trace file name. diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-added.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-added.json-expected.json index feb6b5cdb2d..e8ece18b0be 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-added.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-added.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "ComputerAdded", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-check-in.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-check-in.json-expected.json index 753ada2e9ae..0e97f69a15f 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-check-in.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-check-in.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "ComputerCheckIn", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-inventory-completed.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-inventory-completed.json-expected.json index 12506f6b8d4..05d93a4a234 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-inventory-completed.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-inventory-completed.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "ComputerInventoryCompleted", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-patch-policy-completed.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-patch-policy-completed.json-expected.json index 3ef139957ed..faffe32e370 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-patch-policy-completed.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-patch-policy-completed.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "ComputerPatchPolicyCompleted", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-policy-finished.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-policy-finished.json-expected.json index b9c4f7c7787..e24d4b8e2ca 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-policy-finished.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-policy-finished.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "ComputerPolicyFinished", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-push-capability-changed.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-push-capability-changed.json-expected.json index 5ec9d6c5f96..0672cdff027 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-push-capability-changed.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-computer-push-capability-changed.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "ComputerPushCapabilityChanged", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-device-added-to-dep.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-device-added-to-dep.json-expected.json index b05293152c8..e013be533f8 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-device-added-to-dep.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-device-added-to-dep.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "DeviceAddedToDEP", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-jss-shutdown.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-jss-shutdown.json-expected.json index a38ca4beaf4..c46b8d290a2 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-jss-shutdown.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-jss-shutdown.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "JSSShutdown", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-jss-startup.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-jss-startup.json-expected.json index ecd70c2e6bb..7a5fbdd8cdb 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-jss-startup.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-jss-startup.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "JSSStartup", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-check-in.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-check-in.json-expected.json index 797449ca0a6..8d1f8395c6e 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-check-in.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-check-in.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "MobileDeviceCheckIn", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-command-completed.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-command-completed.json-expected.json index 51c6971033d..10984b6e802 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-command-completed.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-command-completed.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "MobileDeviceCommandCompleted", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-enrolled.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-enrolled.json-expected.json index 8b26928ea57..8df395c2d69 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-enrolled.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-enrolled.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "MobileDeviceEnrolled", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-inventory-completed.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-inventory-completed.json-expected.json index e44fec2e188..fd532fc97d7 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-inventory-completed.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-inventory-completed.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "MobileDeviceInventoryCompleted", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-push-sent.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-push-sent.json-expected.json index 502d8df94e8..c6a425149be 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-push-sent.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-push-sent.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "MobileDevicePushSent", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-unenrolled.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-unenrolled.json-expected.json index 632ac527ac1..8b07b0a392e 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-unenrolled.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-mobile-device-unenrolled.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "MobileDeviceUnEnrolled", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-patch-software-title-updated.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-patch-software-title-updated.json-expected.json index ffccda69771..a2e076bdb15 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-patch-software-title-updated.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-patch-software-title-updated.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "PatchSoftwareTitleUpdated", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-push-sent.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-push-sent.json-expected.json index 0e0d8ec7486..02b7cf0b157 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-push-sent.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-push-sent.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "PushSent", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-rest-api-operation.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-rest-api-operation.json-expected.json index 758448095af..9b19b063566 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-rest-api-operation.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-rest-api-operation.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "RestAPIOperation", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-scep-challenge.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-scep-challenge.json-expected.json index 62bafe8531f..97959b0c726 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-scep-challenge.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-scep-challenge.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "SCEPChallenge", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-smart-group-computer-membership-change.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-smart-group-computer-membership-change.json-expected.json index c80ec9d6e0b..e12f346726b 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-smart-group-computer-membership-change.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-smart-group-computer-membership-change.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "SmartGroupComputerMembershipChange", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-smart-group-mobile-device-membership-change.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-smart-group-mobile-device-membership-change.json-expected.json index 7eea67b204f..ff026170e59 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-smart-group-mobile-device-membership-change.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-smart-group-mobile-device-membership-change.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "SmartGroupMobileDeviceMembershipChange", diff --git a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-smart-group-user-membership-change.json-expected.json b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-smart-group-user-membership-change.json-expected.json index 1aaa6539c45..8cd500f0bc9 100644 --- a/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-smart-group-user-membership-change.json-expected.json +++ b/packages/jamf_pro/data_stream/events/_dev/test/pipeline/test-smart-group-user-membership-change.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "action": "SmartGroupUserMembershipChange", diff --git a/packages/jamf_pro/data_stream/events/elasticsearch/ingest_pipeline/default.yml b/packages/jamf_pro/data_stream/events/elasticsearch/ingest_pipeline/default.yml index 2b6e13f0a19..ba5f90bae83 100644 --- a/packages/jamf_pro/data_stream/events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/jamf_pro/data_stream/events/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: - set: field: ecs.version - value: '8.11.0' + value: '8.17.0' - rename: field: json diff --git a/packages/jamf_pro/data_stream/events/fields/base-fields.yml b/packages/jamf_pro/data_stream/events/fields/base-fields.yml index 8fe52b213b5..8a26d70c6ed 100644 --- a/packages/jamf_pro/data_stream/events/fields/base-fields.yml +++ b/packages/jamf_pro/data_stream/events/fields/base-fields.yml @@ -1,15 +1,11 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: '@timestamp' - type: date - description: Event timestamp. + external: ecs - name: input.type type: keyword - name: event.dataset diff --git a/packages/jamf_pro/data_stream/events/sample_event.json b/packages/jamf_pro/data_stream/events/sample_event.json index 6082e20f07d..dcc3ba4034d 100644 --- a/packages/jamf_pro/data_stream/events/sample_event.json +++ b/packages/jamf_pro/data_stream/events/sample_event.json @@ -1,30 +1,30 @@ { - "@timestamp": "2025-05-27T14:10:23.470Z", + "@timestamp": "2025-09-11T06:28:04.746Z", "agent": { - "ephemeral_id": "05a484da-a7b8-4044-95c7-faae1b7cffb6", - "id": "15f5630f-b7fd-4c63-b4af-730817ddff2d", - "name": "elastic-agent-32235", + "ephemeral_id": "b5b7849d-c31a-41a6-ad84-82249703023b", + "id": "2c65c370-55d1-42f5-a8bb-b4146b13e120", + "name": "elastic-agent-66011", "type": "filebeat", - "version": "8.13.4" + "version": "8.15.0" }, "data_stream": { "dataset": "jamf_pro.events", - "namespace": "11652", + "namespace": "78830", "type": "logs" }, "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "elastic_agent": { - "id": "15f5630f-b7fd-4c63-b4af-730817ddff2d", + "id": "2c65c370-55d1-42f5-a8bb-b4146b13e120", "snapshot": false, - "version": "8.13.4" + "version": "8.15.0" }, "event": { "action": "ComputerAdded", "agent_id_status": "verified", "dataset": "jamf_pro.events", - "ingested": "2025-05-27T14:10:24Z", + "ingested": "2025-09-11T06:28:05Z", "kind": "event", "original": "{\"event\":{\"alternateMacAddress\":\"be:aa:e5:54:94:db\",\"building\":\"1S8NPV\",\"department\":\"XDO4C5\",\"deviceName\":\"VPNYC\",\"emailAddress\":\"kghrqq@email.com\",\"ipAddress\":\"89.160.20.156\",\"jssID\":\"1500747557\",\"macAddress\":\"be:aa:e5:54:94:db\",\"managementId\":\"6319330669\",\"model\":\"LJ68RT\",\"osBuild\":\"26.6913\",\"osVersion\":\"92.5786\",\"phone\":\"2183546\",\"position\":\"B64JIO\",\"realName\":\"CPK79\",\"reportedIpAddress\":\"89.160.20.156\",\"room\":\"HQC6S9\",\"serialNumber\":\"7967177\",\"udid\":\"7265694772\",\"userDirectory_id\":\"0389771137\",\"username\":\"John Doe\"},\"webhook\":{\"eventTimestamp\":1725443872001,\"id\":\"8131946016\",\"name\":\"PU17M\",\"webhookEvent\":\"ComputerAdded\"}}" }, diff --git a/packages/jamf_pro/data_stream/inventory/_dev/test/pipeline/test-inventory-groups-memberships.json-expected.json b/packages/jamf_pro/data_stream/inventory/_dev/test/pipeline/test-inventory-groups-memberships.json-expected.json index faebae60f2d..97646ee7b47 100644 --- a/packages/jamf_pro/data_stream/inventory/_dev/test/pipeline/test-inventory-groups-memberships.json-expected.json +++ b/packages/jamf_pro/data_stream/inventory/_dev/test/pipeline/test-inventory-groups-memberships.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "kind": "asset" @@ -33,7 +33,7 @@ }, { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "kind": "asset" diff --git a/packages/jamf_pro/data_stream/inventory/_dev/test/pipeline/test-inventory.json-expected.json b/packages/jamf_pro/data_stream/inventory/_dev/test/pipeline/test-inventory.json-expected.json index 784bd0778d9..db56a979209 100644 --- a/packages/jamf_pro/data_stream/inventory/_dev/test/pipeline/test-inventory.json-expected.json +++ b/packages/jamf_pro/data_stream/inventory/_dev/test/pipeline/test-inventory.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "kind": "asset" @@ -71,7 +71,7 @@ }, { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "kind": "asset", @@ -121,7 +121,7 @@ }, { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "kind": "asset" @@ -210,7 +210,7 @@ }, { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "kind": "asset" @@ -307,7 +307,7 @@ }, { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "kind": "asset", @@ -417,7 +417,7 @@ }, { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "kind": "asset" @@ -456,7 +456,7 @@ }, { "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "kind": "asset" diff --git a/packages/jamf_pro/data_stream/inventory/elasticsearch/ingest_pipeline/default.yml b/packages/jamf_pro/data_stream/inventory/elasticsearch/ingest_pipeline/default.yml index a6fefd0d25f..a584a36ad63 100644 --- a/packages/jamf_pro/data_stream/inventory/elasticsearch/ingest_pipeline/default.yml +++ b/packages/jamf_pro/data_stream/inventory/elasticsearch/ingest_pipeline/default.yml @@ -69,7 +69,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.11.0' + value: '8.17.0' ############## # ECS compat # diff --git a/packages/jamf_pro/data_stream/inventory/fields/base-fields.yml b/packages/jamf_pro/data_stream/inventory/fields/base-fields.yml index 28e7e54cd07..d65db18148d 100644 --- a/packages/jamf_pro/data_stream/inventory/fields/base-fields.yml +++ b/packages/jamf_pro/data_stream/inventory/fields/base-fields.yml @@ -1,15 +1,11 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: '@timestamp' - type: date - description: Event timestamp. + external: ecs - name: input.type type: keyword description: Input type diff --git a/packages/jamf_pro/data_stream/inventory/sample_event.json b/packages/jamf_pro/data_stream/inventory/sample_event.json index 82e318ad533..5db82ff770e 100644 --- a/packages/jamf_pro/data_stream/inventory/sample_event.json +++ b/packages/jamf_pro/data_stream/inventory/sample_event.json @@ -1,29 +1,29 @@ { - "@timestamp": "2025-05-27T14:11:07.015Z", + "@timestamp": "2025-09-11T06:28:58.396Z", "agent": { - "ephemeral_id": "dab976fe-f898-4ec6-92c6-84b21b4c379a", - "id": "16c644f3-4469-4b8d-8ed7-20ccd22185f5", - "name": "elastic-agent-58306", + "ephemeral_id": "69860cc1-6d27-47ce-9f09-fee5748b03d8", + "id": "cb6bd8dd-e2fb-46d0-9849-66f25eb830d9", + "name": "elastic-agent-79227", "type": "filebeat", - "version": "8.13.4" + "version": "8.15.0" }, "data_stream": { "dataset": "jamf_pro.inventory", - "namespace": "42032", + "namespace": "47676", "type": "logs" }, "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "elastic_agent": { - "id": "16c644f3-4469-4b8d-8ed7-20ccd22185f5", + "id": "cb6bd8dd-e2fb-46d0-9849-66f25eb830d9", "snapshot": false, - "version": "8.13.4" + "version": "8.15.0" }, "event": { "agent_id_status": "verified", "dataset": "jamf_pro.inventory", - "ingested": "2025-05-27T14:11:10Z", + "ingested": "2025-09-11T06:29:01Z", "kind": "asset" }, "host": { diff --git a/packages/jamf_pro/docs/README.md b/packages/jamf_pro/docs/README.md index 523c023214b..18de6f69e8b 100644 --- a/packages/jamf_pro/docs/README.md +++ b/packages/jamf_pro/docs/README.md @@ -104,31 +104,31 @@ An example event for `inventory` looks as following: ```json { - "@timestamp": "2025-05-27T14:11:07.015Z", + "@timestamp": "2025-09-11T06:28:58.396Z", "agent": { - "ephemeral_id": "dab976fe-f898-4ec6-92c6-84b21b4c379a", - "id": "16c644f3-4469-4b8d-8ed7-20ccd22185f5", - "name": "elastic-agent-58306", + "ephemeral_id": "69860cc1-6d27-47ce-9f09-fee5748b03d8", + "id": "cb6bd8dd-e2fb-46d0-9849-66f25eb830d9", + "name": "elastic-agent-79227", "type": "filebeat", - "version": "8.13.4" + "version": "8.15.0" }, "data_stream": { "dataset": "jamf_pro.inventory", - "namespace": "42032", + "namespace": "47676", "type": "logs" }, "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "elastic_agent": { - "id": "16c644f3-4469-4b8d-8ed7-20ccd22185f5", + "id": "cb6bd8dd-e2fb-46d0-9849-66f25eb830d9", "snapshot": false, - "version": "8.13.4" + "version": "8.15.0" }, "event": { "agent_id_status": "verified", "dataset": "jamf_pro.inventory", - "ingested": "2025-05-27T14:11:10Z", + "ingested": "2025-09-11T06:29:01Z", "kind": "asset" }, "host": { @@ -196,10 +196,10 @@ The following non-ECS fields are used in inventory documents: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | | event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | constant_keyword | | event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | constant_keyword | | input.type | Input type | keyword | @@ -384,32 +384,32 @@ An example event for `events` looks as following: ```json { - "@timestamp": "2025-05-27T14:10:23.470Z", + "@timestamp": "2025-09-11T06:28:04.746Z", "agent": { - "ephemeral_id": "05a484da-a7b8-4044-95c7-faae1b7cffb6", - "id": "15f5630f-b7fd-4c63-b4af-730817ddff2d", - "name": "elastic-agent-32235", + "ephemeral_id": "b5b7849d-c31a-41a6-ad84-82249703023b", + "id": "2c65c370-55d1-42f5-a8bb-b4146b13e120", + "name": "elastic-agent-66011", "type": "filebeat", - "version": "8.13.4" + "version": "8.15.0" }, "data_stream": { "dataset": "jamf_pro.events", - "namespace": "11652", + "namespace": "78830", "type": "logs" }, "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "elastic_agent": { - "id": "15f5630f-b7fd-4c63-b4af-730817ddff2d", + "id": "2c65c370-55d1-42f5-a8bb-b4146b13e120", "snapshot": false, - "version": "8.13.4" + "version": "8.15.0" }, "event": { "action": "ComputerAdded", "agent_id_status": "verified", "dataset": "jamf_pro.events", - "ingested": "2025-05-27T14:10:24Z", + "ingested": "2025-09-11T06:28:05Z", "kind": "event", "original": "{\"event\":{\"alternateMacAddress\":\"be:aa:e5:54:94:db\",\"building\":\"1S8NPV\",\"department\":\"XDO4C5\",\"deviceName\":\"VPNYC\",\"emailAddress\":\"kghrqq@email.com\",\"ipAddress\":\"89.160.20.156\",\"jssID\":\"1500747557\",\"macAddress\":\"be:aa:e5:54:94:db\",\"managementId\":\"6319330669\",\"model\":\"LJ68RT\",\"osBuild\":\"26.6913\",\"osVersion\":\"92.5786\",\"phone\":\"2183546\",\"position\":\"B64JIO\",\"realName\":\"CPK79\",\"reportedIpAddress\":\"89.160.20.156\",\"room\":\"HQC6S9\",\"serialNumber\":\"7967177\",\"udid\":\"7265694772\",\"userDirectory_id\":\"0389771137\",\"username\":\"John Doe\"},\"webhook\":{\"eventTimestamp\":1725443872001,\"id\":\"8131946016\",\"name\":\"PU17M\",\"webhookEvent\":\"ComputerAdded\"}}" }, @@ -497,10 +497,10 @@ The following non-ECS fields are used in real-time event documents: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | | event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | constant_keyword | | event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | constant_keyword | | input.type | | keyword | diff --git a/packages/jamf_pro/img/image.png b/packages/jamf_pro/img/image.png index a2f487b68c6..7b0919e1ff0 100644 Binary files a/packages/jamf_pro/img/image.png and b/packages/jamf_pro/img/image.png differ diff --git a/packages/jamf_pro/img/image_1.png b/packages/jamf_pro/img/image_1.png index d266a2140a4..da8be069ad5 100644 Binary files a/packages/jamf_pro/img/image_1.png and b/packages/jamf_pro/img/image_1.png differ diff --git a/packages/jamf_pro/img/image_2.png b/packages/jamf_pro/img/image_2.png index b9799e12aec..44636019d25 100644 Binary files a/packages/jamf_pro/img/image_2.png and b/packages/jamf_pro/img/image_2.png differ diff --git a/packages/jamf_pro/img/image_3.png b/packages/jamf_pro/img/image_3.png index bab86ed0b1c..a6e39084f09 100644 Binary files a/packages/jamf_pro/img/image_3.png and b/packages/jamf_pro/img/image_3.png differ diff --git a/packages/jamf_pro/img/jamf_pro_real_time_dashboard.png b/packages/jamf_pro/img/jamf_pro_real_time_dashboard.png new file mode 100644 index 00000000000..1425a92ea6f Binary files /dev/null and b/packages/jamf_pro/img/jamf_pro_real_time_dashboard.png differ diff --git a/packages/jamf_pro/kibana/dashboard/jamf_pro-31386f22-bc6a-49da-8d55-ec33cb0ad728.json b/packages/jamf_pro/kibana/dashboard/jamf_pro-31386f22-bc6a-49da-8d55-ec33cb0ad728.json index 5bdb03de588..7270cd6b107 100644 --- a/packages/jamf_pro/kibana/dashboard/jamf_pro-31386f22-bc6a-49da-8d55-ec33cb0ad728.json +++ b/packages/jamf_pro/kibana/dashboard/jamf_pro-31386f22-bc6a-49da-8d55-ec33cb0ad728.json @@ -70,7 +70,8 @@ "type": "optionsListControl", "width": "medium" } - } + }, + "showApplySelections": false }, "description": "Dashboard for Locations Information", "kibanaSavedObjectMeta": { @@ -109,7 +110,7 @@ "id": "", "params": { "fontSize": 12, - "markdown": "**Navigation**\n\n**Inventory**\n\n[Overview](#/dashboard/jamf_pro-dce729cf-07cc-4e62-a3e3-bc6e233c3ad1) \n[Remote Status](#/dashboard/jamf_pro-81cc13af-7134-45d3-b43f-d50f63071759) \n[Hardware Information](#/dashboard/jamf_pro-90cf12f3-9a11-466b-8c28-5a07a85bc038) \n[**Locations**](#/dashboard/jamf_pro-31386f22-bc6a-49da-8d55-ec33cb0ad728) \n\n**Real time**\n\n[Events](#/dashboard/jamf_pro-a6cf6d1d-b2a7-4a59-9fdf-51d1c7b1706e)\n\n\n**Overview**\n\nThis dashboard provides a view of remote status of all computers monitored by Jamf Pro.\n", + "markdown": "This dashboard provides a view of remote status of all computers monitored by Jamf Pro.\n", "openLinksInNewTab": false }, "title": "Jamf Pro Dashboards [Overview]", @@ -118,14 +119,14 @@ } }, "gridData": { - "h": 30, + "h": 18, "i": "2e6140c7-02f7-49ce-b908-59332c4569e1", - "w": 5, + "w": 7, "x": 0, - "y": 0 + "y": 12 }, "panelIndex": "2e6140c7-02f7-49ce-b908-59332c4569e1", - "title": "Table of contents", + "title": "Overview", "type": "visualization" }, { @@ -349,11 +350,15 @@ "openTOCDetails": [] } }, - "enhancements": {}, + "enhancements": { + "dynamicActions": { + "events": [] + } + }, "hiddenLayers": [], "isLayerTOCOpen": true, "mapBuffer": { - "maxLat": 66.51326, + "maxLat": 85.05113, "maxLon": 180, "minLat": -66.51326, "minLon": -180 @@ -368,13 +373,91 @@ "gridData": { "h": 30, "i": "9607a3f1-5f81-4e34-ad86-7bd64463af00", - "w": 43, - "x": 5, + "w": 41, + "x": 7, "y": 0 }, "panelIndex": "9607a3f1-5f81-4e34-ad86-7bd64463af00", "title": "Locations", "type": "map" + }, + { + "embeddableConfig": { + "attributes": { + "layout": "vertical", + "links": [ + { + "destinationRefName": "link_52aa06d4-9165-4335-8a90-bc9d8152118c_dashboard", + "id": "52aa06d4-9165-4335-8a90-bc9d8152118c", + "label": "Hardware Information", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 0, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_3c589ea8-8f12-4ab2-b101-d62d2f9d11b1_dashboard", + "id": "3c589ea8-8f12-4ab2-b101-d62d2f9d11b1", + "label": "Locations", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 1, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_9af3e03c-1dbc-421f-b87d-75d126fcf138_dashboard", + "id": "9af3e03c-1dbc-421f-b87d-75d126fcf138", + "label": "Overview", + "order": 2, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_0eed761b-53ec-4db7-a461-877a9eff7a7f_dashboard", + "id": "0eed761b-53ec-4db7-a461-877a9eff7a7f", + "label": "Real time ", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 3, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_68996685-6b7c-4973-b7bc-f300b546a05c_dashboard", + "id": "68996685-6b7c-4973-b7bc-f300b546a05c", + "label": "Remote Status", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 4, + "type": "dashboardLink" + } + ] + }, + "disabledActions": [ + "OPEN_FLYOUT_ADD_DRILLDOWN" + ], + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "24df5741-618e-4f0a-95d9-b5bc95c68e64", + "w": 7, + "x": 0, + "y": 0 + }, + "panelIndex": "24df5741-618e-4f0a-95d9-b5bc95c68e64", + "title": "Navigation", + "type": "links" } ], "timeRestore": false, @@ -382,14 +465,33 @@ "version": 2 }, "coreMigrationVersion": "8.8.0", - "created_at": "2024-09-05T05:58:44.986Z", + "created_at": "2025-09-05T10:59:46.355Z", "id": "jamf_pro-31386f22-bc6a-49da-8d55-ec33cb0ad728", - "managed": false, "references": [ { - "id": "logs-*", - "name": "9607a3f1-5f81-4e34-ad86-7bd64463af00:layer_1_source_index_pattern", - "type": "index-pattern" + "id": "jamf_pro-90cf12f3-9a11-466b-8c28-5a07a85bc038", + "name": "24df5741-618e-4f0a-95d9-b5bc95c68e64:link_52aa06d4-9165-4335-8a90-bc9d8152118c_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-31386f22-bc6a-49da-8d55-ec33cb0ad728", + "name": "24df5741-618e-4f0a-95d9-b5bc95c68e64:link_3c589ea8-8f12-4ab2-b101-d62d2f9d11b1_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-dce729cf-07cc-4e62-a3e3-bc6e233c3ad1", + "name": "24df5741-618e-4f0a-95d9-b5bc95c68e64:link_9af3e03c-1dbc-421f-b87d-75d126fcf138_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-a6cf6d1d-b2a7-4a59-9fdf-51d1c7b1706e", + "name": "24df5741-618e-4f0a-95d9-b5bc95c68e64:link_0eed761b-53ec-4db7-a461-877a9eff7a7f_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-81cc13af-7134-45d3-b43f-d50f63071759", + "name": "24df5741-618e-4f0a-95d9-b5bc95c68e64:link_68996685-6b7c-4973-b7bc-f300b546a05c_dashboard", + "type": "dashboard" }, { "id": "logs-*", @@ -410,8 +512,14 @@ "id": "logs-*", "name": "controlGroup_fa03219d-f2a0-4ff2-91d4-6ebe89836b8c:optionsListDataView", "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9607a3f1-5f81-4e34-ad86-7bd64463af00:layer_1_source_index_pattern", + "type": "index-pattern" } ], "type": "dashboard", - "typeMigrationVersion": "8.9.0" + "typeMigrationVersion": "10.2.0", + "updated_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" } \ No newline at end of file diff --git a/packages/jamf_pro/kibana/dashboard/jamf_pro-81cc13af-7134-45d3-b43f-d50f63071759.json b/packages/jamf_pro/kibana/dashboard/jamf_pro-81cc13af-7134-45d3-b43f-d50f63071759.json index 8da3a7b5962..5fb8ca1d0df 100644 --- a/packages/jamf_pro/kibana/dashboard/jamf_pro-81cc13af-7134-45d3-b43f-d50f63071759.json +++ b/packages/jamf_pro/kibana/dashboard/jamf_pro-81cc13af-7134-45d3-b43f-d50f63071759.json @@ -57,7 +57,8 @@ "type": "optionsListControl", "width": "medium" } - } + }, + "showApplySelections": false }, "description": "Remote status", "kibanaSavedObjectMeta": { @@ -79,41 +80,81 @@ "panelsJSON": [ { "embeddableConfig": { - "description": "", - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } + "attributes": { + "layout": "vertical", + "links": [ + { + "destinationRefName": "link_52aa06d4-9165-4335-8a90-bc9d8152118c_dashboard", + "id": "52aa06d4-9165-4335-8a90-bc9d8152118c", + "label": "Hardware Information", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 0, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_3c589ea8-8f12-4ab2-b101-d62d2f9d11b1_dashboard", + "id": "3c589ea8-8f12-4ab2-b101-d62d2f9d11b1", + "label": "Locations", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 1, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_9af3e03c-1dbc-421f-b87d-75d126fcf138_dashboard", + "id": "9af3e03c-1dbc-421f-b87d-75d126fcf138", + "label": "Overview", + "order": 2, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_0eed761b-53ec-4db7-a461-877a9eff7a7f_dashboard", + "id": "0eed761b-53ec-4db7-a461-877a9eff7a7f", + "label": "Real time ", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 3, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_68996685-6b7c-4973-b7bc-f300b546a05c_dashboard", + "id": "68996685-6b7c-4973-b7bc-f300b546a05c", + "label": "Remote Status", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 4, + "type": "dashboardLink" } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "**Navigation**\n\n**Inventory**\n\n[Overview](#/dashboard/jamf_pro-dce729cf-07cc-4e62-a3e3-bc6e233c3ad1) \n[**Remote Status**](#/dashboard/jamf_pro-81cc13af-7134-45d3-b43f-d50f63071759) \n[Hardware Information](#/dashboard/jamf_pro-90cf12f3-9a11-466b-8c28-5a07a85bc038) \n[Locations](#/dashboard/jamf_pro-31386f22-bc6a-49da-8d55-ec33cb0ad728) \n\n**Real time**\n\n[Events](#/dashboard/jamf_pro-a6cf6d1d-b2a7-4a59-9fdf-51d1c7b1706e)\n\n\n**Overview**\n\nThis dashboard provides a view of remote status of all computers monitored by Jamf Pro.\n", - "openLinksInNewTab": false - }, - "title": "Jamf Pro Dashboards [Overview]", - "type": "markdown", - "uiState": {} - } + ] + }, + "disabledActions": [ + "OPEN_FLYOUT_ADD_DRILLDOWN" + ], + "enhancements": {} }, "gridData": { - "h": 30, - "i": "025d064b-4075-485d-a881-d2cc54c14750", - "w": 5, + "h": 9, + "i": "38bafa1d-aa97-4a5e-a169-d79660629b55", + "w": 7, "x": 0, "y": 0 }, - "panelIndex": "025d064b-4075-485d-a881-d2cc54c14750", - "title": "Table of contents", - "type": "visualization" + "panelIndex": "38bafa1d-aa97-4a5e-a169-d79660629b55", + "title": "Navigation", + "type": "links" }, { "embeddableConfig": { @@ -408,10 +449,10 @@ "enhancements": {} }, "gridData": { - "h": 15, + "h": 16, "i": "4366deef-155a-4fe5-856e-b4a96599e5c9", - "w": 21, - "x": 5, + "w": 20, + "x": 7, "y": 0 }, "panelIndex": "4366deef-155a-4fe5-856e-b4a96599e5c9", @@ -570,16 +611,54 @@ "enhancements": {} }, "gridData": { - "h": 15, + "h": 16, "i": "69163213-1048-4971-8e62-bbc87e52bc89", - "w": 22, - "x": 26, + "w": 21, + "x": 27, "y": 0 }, "panelIndex": "69163213-1048-4971-8e62-bbc87e52bc89", "title": "Jamf Agent Version", "type": "lens" }, + { + "embeddableConfig": { + "description": "", + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "This dashboard provides a view of remote status of all computers monitored by Jamf Pro.\n", + "openLinksInNewTab": false + }, + "title": "Jamf Pro Dashboards [Overview]", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 7, + "i": "025d064b-4075-485d-a881-d2cc54c14750", + "w": 7, + "x": 0, + "y": 9 + }, + "panelIndex": "025d064b-4075-485d-a881-d2cc54c14750", + "title": "Overview", + "type": "visualization" + }, { "embeddableConfig": { "attributes": { @@ -728,9 +807,9 @@ "gridData": { "h": 15, "i": "1b06590e-a3e1-4461-bf7d-e8608c7b397e", - "w": 10, - "x": 5, - "y": 15 + "w": 13, + "x": 0, + "y": 16 }, "panelIndex": "1b06590e-a3e1-4461-bf7d-e8608c7b397e", "title": "Last Enrollment Details", @@ -994,9 +1073,9 @@ "gridData": { "h": 15, "i": "c67bc543-7cf9-48b6-90bf-e39f531167e6", - "w": 17, - "x": 15, - "y": 15 + "w": 18, + "x": 13, + "y": 16 }, "panelIndex": "c67bc543-7cf9-48b6-90bf-e39f531167e6", "title": "Last Contact Time", @@ -1196,9 +1275,9 @@ "gridData": { "h": 15, "i": "de3ebf6b-4549-4b24-9177-cb6a8789aabb", - "w": 16, - "x": 32, - "y": 15 + "w": 17, + "x": 31, + "y": 16 }, "panelIndex": "de3ebf6b-4549-4b24-9177-cb6a8789aabb", "title": "Last IP Address details", @@ -1207,13 +1286,37 @@ ], "timeRestore": false, "title": "[Jamf Pro] Remote Status", - "version": 1 + "version": 2 }, "coreMigrationVersion": "8.8.0", - "created_at": "2024-09-02T12:46:25.079Z", + "created_at": "2025-09-05T10:59:48.389Z", "id": "jamf_pro-81cc13af-7134-45d3-b43f-d50f63071759", - "managed": false, "references": [ + { + "id": "jamf_pro-90cf12f3-9a11-466b-8c28-5a07a85bc038", + "name": "38bafa1d-aa97-4a5e-a169-d79660629b55:link_52aa06d4-9165-4335-8a90-bc9d8152118c_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-31386f22-bc6a-49da-8d55-ec33cb0ad728", + "name": "38bafa1d-aa97-4a5e-a169-d79660629b55:link_3c589ea8-8f12-4ab2-b101-d62d2f9d11b1_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-dce729cf-07cc-4e62-a3e3-bc6e233c3ad1", + "name": "38bafa1d-aa97-4a5e-a169-d79660629b55:link_9af3e03c-1dbc-421f-b87d-75d126fcf138_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-a6cf6d1d-b2a7-4a59-9fdf-51d1c7b1706e", + "name": "38bafa1d-aa97-4a5e-a169-d79660629b55:link_0eed761b-53ec-4db7-a461-877a9eff7a7f_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-81cc13af-7134-45d3-b43f-d50f63071759", + "name": "38bafa1d-aa97-4a5e-a169-d79660629b55:link_68996685-6b7c-4973-b7bc-f300b546a05c_dashboard", + "type": "dashboard" + }, { "id": "logs-*", "name": "4366deef-155a-4fe5-856e-b4a96599e5c9:indexpattern-datasource-layer-fb57e08d-29be-422a-8393-f0dc32a163b0", @@ -1281,5 +1384,6 @@ } ], "type": "dashboard", - "typeMigrationVersion": "8.9.0" + "typeMigrationVersion": "10.2.0", + "updated_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" } \ No newline at end of file diff --git a/packages/jamf_pro/kibana/dashboard/jamf_pro-90cf12f3-9a11-466b-8c28-5a07a85bc038.json b/packages/jamf_pro/kibana/dashboard/jamf_pro-90cf12f3-9a11-466b-8c28-5a07a85bc038.json index 1e4dd497071..e6002f834ff 100644 --- a/packages/jamf_pro/kibana/dashboard/jamf_pro-90cf12f3-9a11-466b-8c28-5a07a85bc038.json +++ b/packages/jamf_pro/kibana/dashboard/jamf_pro-90cf12f3-9a11-466b-8c28-5a07a85bc038.json @@ -70,7 +70,8 @@ "type": "optionsListControl", "width": "medium" } - } + }, + "showApplySelections": false }, "description": "Dashboard for hardware information", "kibanaSavedObjectMeta": { @@ -92,41 +93,81 @@ "panelsJSON": [ { "embeddableConfig": { - "description": "", - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } + "attributes": { + "layout": "vertical", + "links": [ + { + "destinationRefName": "link_52aa06d4-9165-4335-8a90-bc9d8152118c_dashboard", + "id": "52aa06d4-9165-4335-8a90-bc9d8152118c", + "label": "Hardware Information", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 0, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_3c589ea8-8f12-4ab2-b101-d62d2f9d11b1_dashboard", + "id": "3c589ea8-8f12-4ab2-b101-d62d2f9d11b1", + "label": "Locations", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 1, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_9af3e03c-1dbc-421f-b87d-75d126fcf138_dashboard", + "id": "9af3e03c-1dbc-421f-b87d-75d126fcf138", + "label": "Overview", + "order": 2, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_0eed761b-53ec-4db7-a461-877a9eff7a7f_dashboard", + "id": "0eed761b-53ec-4db7-a461-877a9eff7a7f", + "label": "Real time ", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 3, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_68996685-6b7c-4973-b7bc-f300b546a05c_dashboard", + "id": "68996685-6b7c-4973-b7bc-f300b546a05c", + "label": "Remote Status", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 4, + "type": "dashboardLink" } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "**Navigation**\n\n**Inventory**\n\n[Overview](#/dashboard/jamf_pro-dce729cf-07cc-4e62-a3e3-bc6e233c3ad1) \n[Remote Status](#/dashboard/jamf_pro-81cc13af-7134-45d3-b43f-d50f63071759) \n[**Hardware Information**](#/dashboard/jamf_pro-90cf12f3-9a11-466b-8c28-5a07a85bc038) \n[Locations](#/dashboard/jamf_pro-31386f22-bc6a-49da-8d55-ec33cb0ad728) \n\n**Real time**\n\n[Events](#/dashboard/jamf_pro-a6cf6d1d-b2a7-4a59-9fdf-51d1c7b1706e)\n\n\n**Overview**\n\nThis dashboard provides a view of remote status of all computers monitored by Jamf Pro.\n", - "openLinksInNewTab": false - }, - "title": "Jamf Pro Dashboards [Overview]", - "type": "markdown", - "uiState": {} - } + ] + }, + "disabledActions": [ + "OPEN_FLYOUT_ADD_DRILLDOWN" + ], + "enhancements": {} }, "gridData": { - "h": 30, - "i": "70886ad1-65eb-416e-bc20-68de28ad78af", - "w": 5, + "h": 9, + "i": "3e18d1ad-da19-45df-9ea4-de2e025c1903", + "w": 7, "x": 0, "y": 0 }, - "panelIndex": "70886ad1-65eb-416e-bc20-68de28ad78af", - "title": "Table of coontents", - "type": "visualization" + "panelIndex": "3e18d1ad-da19-45df-9ea4-de2e025c1903", + "title": "Navigation", + "type": "links" }, { "embeddableConfig": { @@ -278,10 +319,10 @@ "enhancements": {} }, "gridData": { - "h": 15, + "h": 16, "i": "dbd8b8b5-36e9-4118-9d00-3000fec1fb9e", - "w": 19, - "x": 5, + "w": 18, + "x": 7, "y": 0 }, "panelIndex": "dbd8b8b5-36e9-4118-9d00-3000fec1fb9e", @@ -481,16 +522,54 @@ "enhancements": {} }, "gridData": { - "h": 15, + "h": 16, "i": "c6b91b26-559f-4ef8-bbbe-6f551109182c", - "w": 24, - "x": 24, + "w": 23, + "x": 25, "y": 0 }, "panelIndex": "c6b91b26-559f-4ef8-bbbe-6f551109182c", "title": "Mac Addresses", "type": "lens" }, + { + "embeddableConfig": { + "description": "", + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "This dashboard provides a view of remote status of all computers monitored by Jamf Pro.\n", + "openLinksInNewTab": false + }, + "title": "Jamf Pro Dashboards [Overview]", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 7, + "i": "70886ad1-65eb-416e-bc20-68de28ad78af", + "w": 7, + "x": 0, + "y": 9 + }, + "panelIndex": "70886ad1-65eb-416e-bc20-68de28ad78af", + "title": "Overview", + "type": "visualization" + }, { "embeddableConfig": { "attributes": { @@ -692,9 +771,9 @@ "gridData": { "h": 15, "i": "9d3cb51a-f29f-492e-a96e-603c3966a8d8", - "w": 19, - "x": 5, - "y": 15 + "w": 22, + "x": 0, + "y": 16 }, "panelIndex": "9d3cb51a-f29f-492e-a96e-603c3966a8d8", "title": "Processor Type Information", @@ -859,9 +938,9 @@ "gridData": { "h": 15, "i": "9f7b6404-55f0-4a98-9959-60a8a4caa9df", - "w": 24, - "x": 24, - "y": 15 + "w": 26, + "x": 22, + "y": 16 }, "panelIndex": "9f7b6404-55f0-4a98-9959-60a8a4caa9df", "title": "CPU Cores Information", @@ -873,10 +952,34 @@ "version": 2 }, "coreMigrationVersion": "8.8.0", - "created_at": "2024-09-05T05:57:58.573Z", + "created_at": "2025-09-05T10:59:45.125Z", "id": "jamf_pro-90cf12f3-9a11-466b-8c28-5a07a85bc038", - "managed": false, "references": [ + { + "id": "jamf_pro-90cf12f3-9a11-466b-8c28-5a07a85bc038", + "name": "3e18d1ad-da19-45df-9ea4-de2e025c1903:link_52aa06d4-9165-4335-8a90-bc9d8152118c_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-31386f22-bc6a-49da-8d55-ec33cb0ad728", + "name": "3e18d1ad-da19-45df-9ea4-de2e025c1903:link_3c589ea8-8f12-4ab2-b101-d62d2f9d11b1_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-dce729cf-07cc-4e62-a3e3-bc6e233c3ad1", + "name": "3e18d1ad-da19-45df-9ea4-de2e025c1903:link_9af3e03c-1dbc-421f-b87d-75d126fcf138_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-a6cf6d1d-b2a7-4a59-9fdf-51d1c7b1706e", + "name": "3e18d1ad-da19-45df-9ea4-de2e025c1903:link_0eed761b-53ec-4db7-a461-877a9eff7a7f_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-81cc13af-7134-45d3-b43f-d50f63071759", + "name": "3e18d1ad-da19-45df-9ea4-de2e025c1903:link_68996685-6b7c-4973-b7bc-f300b546a05c_dashboard", + "type": "dashboard" + }, { "id": "logs-*", "name": "dbd8b8b5-36e9-4118-9d00-3000fec1fb9e:indexpattern-datasource-layer-aa8cd56d-8754-4cc8-8c49-5a8346698cc7", @@ -939,5 +1042,6 @@ } ], "type": "dashboard", - "typeMigrationVersion": "8.9.0" + "typeMigrationVersion": "10.2.0", + "updated_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" } \ No newline at end of file diff --git a/packages/jamf_pro/kibana/dashboard/jamf_pro-a6cf6d1d-b2a7-4a59-9fdf-51d1c7b1706e.json b/packages/jamf_pro/kibana/dashboard/jamf_pro-a6cf6d1d-b2a7-4a59-9fdf-51d1c7b1706e.json index 2e1afe1b320..82a88237ba8 100644 --- a/packages/jamf_pro/kibana/dashboard/jamf_pro-a6cf6d1d-b2a7-4a59-9fdf-51d1c7b1706e.json +++ b/packages/jamf_pro/kibana/dashboard/jamf_pro-a6cf6d1d-b2a7-4a59-9fdf-51d1c7b1706e.json @@ -55,7 +55,8 @@ "type": "optionsListControl", "width": "medium" } - } + }, + "showApplySelections": false }, "description": "Dashboard for Jamf Pro events", "kibanaSavedObjectMeta": { @@ -96,41 +97,81 @@ "panelsJSON": [ { "embeddableConfig": { - "description": "", - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } + "attributes": { + "layout": "vertical", + "links": [ + { + "destinationRefName": "link_52aa06d4-9165-4335-8a90-bc9d8152118c_dashboard", + "id": "52aa06d4-9165-4335-8a90-bc9d8152118c", + "label": "Hardware Information", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 0, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_3c589ea8-8f12-4ab2-b101-d62d2f9d11b1_dashboard", + "id": "3c589ea8-8f12-4ab2-b101-d62d2f9d11b1", + "label": "Locations", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 1, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_9af3e03c-1dbc-421f-b87d-75d126fcf138_dashboard", + "id": "9af3e03c-1dbc-421f-b87d-75d126fcf138", + "label": "Overview", + "order": 2, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_0eed761b-53ec-4db7-a461-877a9eff7a7f_dashboard", + "id": "0eed761b-53ec-4db7-a461-877a9eff7a7f", + "label": "Real time ", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 3, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_68996685-6b7c-4973-b7bc-f300b546a05c_dashboard", + "id": "68996685-6b7c-4973-b7bc-f300b546a05c", + "label": "Remote Status", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 4, + "type": "dashboardLink" } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "**Navigation**\n\n**Inventory**\n\n[Overview](#/dashboard/jamf_pro-dce729cf-07cc-4e62-a3e3-bc6e233c3ad1) \n[Remote Status](#/dashboard/jamf_pro-81cc13af-7134-45d3-b43f-d50f63071759) \n[Hardware Information](#/dashboard/jamf_pro-90cf12f3-9a11-466b-8c28-5a07a85bc038) \n[Locations](#/dashboard/jamf_pro-31386f22-bc6a-49da-8d55-ec33cb0ad728) \n\n**Real time**\n\n[**Events**](#/dashboard/jamf_pro-a6cf6d1d-b2a7-4a59-9fdf-51d1c7b1706e)\n\n**Overview**\n\nThis dashboard provides an output for real-time consumed data.\n\n", - "openLinksInNewTab": false - }, - "title": "Jamf Pro Dashboards [Overview]", - "type": "markdown", - "uiState": {} - } + ] + }, + "disabledActions": [ + "OPEN_FLYOUT_ADD_DRILLDOWN" + ], + "enhancements": {} }, "gridData": { - "h": 26, - "i": "def486f0-ec6d-4dea-86f9-a88c5afded45", - "w": 5, + "h": 13, + "i": "be3cbd29-15ce-42db-8ee4-ac55a055c9c0", + "w": 7, "x": 0, "y": 0 }, - "panelIndex": "def486f0-ec6d-4dea-86f9-a88c5afded45", - "title": "Table of contents", - "type": "visualization" + "panelIndex": "be3cbd29-15ce-42db-8ee4-ac55a055c9c0", + "title": "Navigation", + "type": "links" }, { "embeddableConfig": { @@ -201,8 +242,8 @@ "gridData": { "h": 13, "i": "63567129-62c2-4a93-b627-74f26be33f91", - "w": 8, - "x": 5, + "w": 7, + "x": 7, "y": 0 }, "panelIndex": "63567129-62c2-4a93-b627-74f26be33f91", @@ -359,7 +400,7 @@ "h": 13, "i": "9376cb74-74cd-45a2-a605-9ba31ce6df6b", "w": 13, - "x": 13, + "x": 14, "y": 0 }, "panelIndex": "9376cb74-74cd-45a2-a605-9ba31ce6df6b", @@ -546,14 +587,52 @@ "gridData": { "h": 13, "i": "b90f2bd5-7ce4-4666-b01a-1218f4686fcb", - "w": 22, - "x": 26, + "w": 21, + "x": 27, "y": 0 }, "panelIndex": "b90f2bd5-7ce4-4666-b01a-1218f4686fcb", "title": "Check-ins", "type": "lens" }, + { + "embeddableConfig": { + "description": "", + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "This dashboard provides an output for real-time consumed data.\n\n", + "openLinksInNewTab": false + }, + "title": "Jamf Pro Dashboards [Overview]", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 13, + "i": "def486f0-ec6d-4dea-86f9-a88c5afded45", + "w": 7, + "x": 0, + "y": 13 + }, + "panelIndex": "def486f0-ec6d-4dea-86f9-a88c5afded45", + "title": "Overview", + "type": "visualization" + }, { "embeddableConfig": { "attributes": { @@ -690,7 +769,7 @@ "h": 13, "i": "8df81dbc-2da6-47c3-b030-6be149248724", "w": 21, - "x": 5, + "x": 7, "y": 13 }, "panelIndex": "8df81dbc-2da6-47c3-b030-6be149248724", @@ -703,15 +782,39 @@ "version": 2 }, "coreMigrationVersion": "8.8.0", - "created_at": "2024-09-05T05:57:10.315Z", + "created_at": "2025-09-05T10:59:47.385Z", "id": "jamf_pro-a6cf6d1d-b2a7-4a59-9fdf-51d1c7b1706e", - "managed": false, "references": [ { "id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern" }, + { + "id": "jamf_pro-90cf12f3-9a11-466b-8c28-5a07a85bc038", + "name": "be3cbd29-15ce-42db-8ee4-ac55a055c9c0:link_52aa06d4-9165-4335-8a90-bc9d8152118c_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-31386f22-bc6a-49da-8d55-ec33cb0ad728", + "name": "be3cbd29-15ce-42db-8ee4-ac55a055c9c0:link_3c589ea8-8f12-4ab2-b101-d62d2f9d11b1_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-dce729cf-07cc-4e62-a3e3-bc6e233c3ad1", + "name": "be3cbd29-15ce-42db-8ee4-ac55a055c9c0:link_9af3e03c-1dbc-421f-b87d-75d126fcf138_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-a6cf6d1d-b2a7-4a59-9fdf-51d1c7b1706e", + "name": "be3cbd29-15ce-42db-8ee4-ac55a055c9c0:link_0eed761b-53ec-4db7-a461-877a9eff7a7f_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-81cc13af-7134-45d3-b43f-d50f63071759", + "name": "be3cbd29-15ce-42db-8ee4-ac55a055c9c0:link_68996685-6b7c-4973-b7bc-f300b546a05c_dashboard", + "type": "dashboard" + }, { "id": "logs-*", "name": "63567129-62c2-4a93-b627-74f26be33f91:indexpattern-datasource-layer-63530254-da87-4caf-8f5b-3e5b790e1135", @@ -754,5 +857,6 @@ } ], "type": "dashboard", - "typeMigrationVersion": "8.9.0" + "typeMigrationVersion": "10.2.0", + "updated_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" } \ No newline at end of file diff --git a/packages/jamf_pro/kibana/dashboard/jamf_pro-dce729cf-07cc-4e62-a3e3-bc6e233c3ad1.json b/packages/jamf_pro/kibana/dashboard/jamf_pro-dce729cf-07cc-4e62-a3e3-bc6e233c3ad1.json index dfdfd60e4d4..23fab103500 100644 --- a/packages/jamf_pro/kibana/dashboard/jamf_pro-dce729cf-07cc-4e62-a3e3-bc6e233c3ad1.json +++ b/packages/jamf_pro/kibana/dashboard/jamf_pro-dce729cf-07cc-4e62-a3e3-bc6e233c3ad1.json @@ -70,7 +70,8 @@ "type": "optionsListControl", "width": "medium" } - } + }, + "showApplySelections": false }, "description": "Dashboard for Jamf Pro data", "kibanaSavedObjectMeta": { @@ -92,41 +93,81 @@ "panelsJSON": [ { "embeddableConfig": { - "description": "", - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } + "attributes": { + "layout": "vertical", + "links": [ + { + "destinationRefName": "link_52aa06d4-9165-4335-8a90-bc9d8152118c_dashboard", + "id": "52aa06d4-9165-4335-8a90-bc9d8152118c", + "label": "Hardware Information", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 0, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_3c589ea8-8f12-4ab2-b101-d62d2f9d11b1_dashboard", + "id": "3c589ea8-8f12-4ab2-b101-d62d2f9d11b1", + "label": "Locations", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 1, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_9af3e03c-1dbc-421f-b87d-75d126fcf138_dashboard", + "id": "9af3e03c-1dbc-421f-b87d-75d126fcf138", + "label": "Overview", + "order": 2, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_0eed761b-53ec-4db7-a461-877a9eff7a7f_dashboard", + "id": "0eed761b-53ec-4db7-a461-877a9eff7a7f", + "label": "Real time ", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 3, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_68996685-6b7c-4973-b7bc-f300b546a05c_dashboard", + "id": "68996685-6b7c-4973-b7bc-f300b546a05c", + "label": "Remote Status", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 4, + "type": "dashboardLink" } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "**Navigation**\n\n**Inventory**\n\n[**Overview**](#/dashboard/jamf_pro-dce729cf-07cc-4e62-a3e3-bc6e233c3ad1) \n[Remote Status](#/dashboard/jamf_pro-81cc13af-7134-45d3-b43f-d50f63071759) \n[Hardware Information](#/dashboard/jamf_pro-90cf12f3-9a11-466b-8c28-5a07a85bc038) \n[Locations](#/dashboard/jamf_pro-31386f22-bc6a-49da-8d55-ec33cb0ad728) \n\n**Real time**\n\n[Events](#/dashboard/jamf_pro-dce729cf-07cc-4e62-a3e3-bc6e233c3ad1)\n\n**Overview**\n\nThis dashboard provides a concise view of all computers monitored by Jamf Pro, featuring key metrics and visualisations.\n\n\n", - "openLinksInNewTab": false - }, - "title": "Jamf Pro Dashboards [Overview]", - "type": "markdown", - "uiState": {} - } + ] + }, + "disabledActions": [ + "OPEN_FLYOUT_ADD_DRILLDOWN" + ], + "enhancements": {} }, "gridData": { - "h": 30, - "i": "013e277b-6f6c-4e79-b942-6ef71b0c2b52", - "w": 5, + "h": 9, + "i": "e999e796-2fb5-42b7-b808-1f9a38668a59", + "w": 7, "x": 0, "y": 0 }, - "panelIndex": "013e277b-6f6c-4e79-b942-6ef71b0c2b52", - "title": "Table of contents", - "type": "visualization" + "panelIndex": "e999e796-2fb5-42b7-b808-1f9a38668a59", + "title": "Navigation", + "type": "links" }, { "embeddableConfig": { @@ -330,10 +371,10 @@ "enhancements": {} }, "gridData": { - "h": 13, + "h": 14, "i": "35ff74ad-3948-468f-bee9-20a09d30b8f2", - "w": 14, - "x": 5, + "w": 13, + "x": 7, "y": 0 }, "panelIndex": "35ff74ad-3948-468f-bee9-20a09d30b8f2", @@ -482,10 +523,10 @@ "hidePanelTitles": true }, "gridData": { - "h": 13, + "h": 14, "i": "3ee43940-f7b8-4d25-a0a9-bae5b86f6c1a", "w": 11, - "x": 19, + "x": 20, "y": 0 }, "panelIndex": "3ee43940-f7b8-4d25-a0a9-bae5b86f6c1a", @@ -642,16 +683,54 @@ "enhancements": {} }, "gridData": { - "h": 13, + "h": 14, "i": "f0d185d9-9ef0-41dc-ac25-6c667f418f39", - "w": 18, - "x": 30, + "w": 17, + "x": 31, "y": 0 }, "panelIndex": "f0d185d9-9ef0-41dc-ac25-6c667f418f39", "title": "Number of macOS Computers by Hardware Model", "type": "lens" }, + { + "embeddableConfig": { + "description": "", + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "This dashboard provides a concise view of all computers monitored by Jamf Pro, featuring key metrics and visualisations.\n\n\n", + "openLinksInNewTab": false + }, + "title": "Jamf Pro Dashboards [Overview]", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 18, + "i": "013e277b-6f6c-4e79-b942-6ef71b0c2b52", + "w": 7, + "x": 0, + "y": 9 + }, + "panelIndex": "013e277b-6f6c-4e79-b942-6ef71b0c2b52", + "title": "Overview", + "type": "visualization" + }, { "embeddableConfig": { "attributes": { @@ -801,8 +880,8 @@ "h": 13, "i": "671e38ef-fddf-4c2a-8994-1421eb977477", "w": 10, - "x": 5, - "y": 13 + "x": 7, + "y": 14 }, "panelIndex": "671e38ef-fddf-4c2a-8994-1421eb977477", "title": "MDM Capable", @@ -985,9 +1064,9 @@ "gridData": { "h": 13, "i": "c2617376-336a-49e4-994b-757d3477616b", - "w": 23, - "x": 15, - "y": 13 + "w": 22, + "x": 17, + "y": 14 }, "panelIndex": "c2617376-336a-49e4-994b-757d3477616b", "title": "Last Enrollment Details", @@ -1146,9 +1225,9 @@ "gridData": { "h": 13, "i": "06876334-7fd5-4d66-8deb-f32be74f0062", - "w": 10, - "x": 38, - "y": 13 + "w": 9, + "x": 39, + "y": 14 }, "panelIndex": "06876334-7fd5-4d66-8deb-f32be74f0062", "title": "Automated Enrollment", @@ -1304,9 +1383,9 @@ "gridData": { "h": 13, "i": "47a20483-eb01-4934-a64d-eaaea1dc19f3", - "w": 10, - "x": 5, - "y": 26 + "w": 12, + "x": 0, + "y": 27 }, "panelIndex": "47a20483-eb01-4934-a64d-eaaea1dc19f3", "title": "Remote Mangement Enabled", @@ -1607,9 +1686,9 @@ "gridData": { "h": 13, "i": "15e24945-9bac-4d65-8e51-bc5b187287f8", - "w": 23, - "x": 15, - "y": 26 + "w": 24, + "x": 12, + "y": 27 }, "panelIndex": "15e24945-9bac-4d65-8e51-bc5b187287f8", "title": "Days since Last Checkin", @@ -1765,9 +1844,9 @@ "gridData": { "h": 13, "i": "1edd84bb-3358-4760-ac49-02d4fd5ef6d4", - "w": 10, - "x": 38, - "y": 26 + "w": 12, + "x": 36, + "y": 27 }, "panelIndex": "1edd84bb-3358-4760-ac49-02d4fd5ef6d4", "title": "Supervised", @@ -1779,10 +1858,34 @@ "version": 2 }, "coreMigrationVersion": "8.8.0", - "created_at": "2024-09-02T12:36:14.663Z", + "created_at": "2025-09-05T10:59:45.342Z", "id": "jamf_pro-dce729cf-07cc-4e62-a3e3-bc6e233c3ad1", - "managed": false, "references": [ + { + "id": "jamf_pro-90cf12f3-9a11-466b-8c28-5a07a85bc038", + "name": "e999e796-2fb5-42b7-b808-1f9a38668a59:link_52aa06d4-9165-4335-8a90-bc9d8152118c_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-31386f22-bc6a-49da-8d55-ec33cb0ad728", + "name": "e999e796-2fb5-42b7-b808-1f9a38668a59:link_3c589ea8-8f12-4ab2-b101-d62d2f9d11b1_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-dce729cf-07cc-4e62-a3e3-bc6e233c3ad1", + "name": "e999e796-2fb5-42b7-b808-1f9a38668a59:link_9af3e03c-1dbc-421f-b87d-75d126fcf138_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-a6cf6d1d-b2a7-4a59-9fdf-51d1c7b1706e", + "name": "e999e796-2fb5-42b7-b808-1f9a38668a59:link_0eed761b-53ec-4db7-a461-877a9eff7a7f_dashboard", + "type": "dashboard" + }, + { + "id": "jamf_pro-81cc13af-7134-45d3-b43f-d50f63071759", + "name": "e999e796-2fb5-42b7-b808-1f9a38668a59:link_68996685-6b7c-4973-b7bc-f300b546a05c_dashboard", + "type": "dashboard" + }, { "id": "logs-*", "name": "35ff74ad-3948-468f-bee9-20a09d30b8f2:indexpattern-datasource-layer-94c09426-4944-4ee2-8e81-99c436245646", @@ -1875,5 +1978,6 @@ } ], "type": "dashboard", - "typeMigrationVersion": "8.9.0" + "typeMigrationVersion": "10.2.0", + "updated_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" } \ No newline at end of file diff --git a/packages/jamf_pro/manifest.yml b/packages/jamf_pro/manifest.yml index 87b73e5c07e..49a3217e22d 100644 --- a/packages/jamf_pro/manifest.yml +++ b/packages/jamf_pro/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.1.5 name: jamf_pro title: "Jamf Pro" -version: "0.7.0" +version: "1.0.0" source: license: "Elastic-2.0" description: "Collect logs and inventory data from Jamf Pro with Elastic Agent" @@ -31,6 +31,10 @@ screenshots: title: Map size: 3012x1360 type: image/png + - src: /img/jamf_pro_real_time_dashboard.png + title: Real time dashboard + size: 600x600 + type: image/png icons: - src: /img/logo.png title: Jamf Pro logo diff --git a/packages/miniflux/changelog.yml b/packages/miniflux/changelog.yml index 437493149e8..2a0fb0043c7 100644 --- a/packages/miniflux/changelog.yml +++ b/packages/miniflux/changelog.yml @@ -1,4 +1,12 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/15298 + - description: Add dashboard. + type: enhancement + link: https://github.com/elastic/integrations/pull/15298 - version: "0.3.0" changes: - description: Use `terminate` processor instead of `fail` processor to handle agent errors. diff --git a/packages/miniflux/data_stream/feed_entry/fields/base-fields.yml b/packages/miniflux/data_stream/feed_entry/fields/base-fields.yml index 7c798f4534c..14017be5fb2 100644 --- a/packages/miniflux/data_stream/feed_entry/fields/base-fields.yml +++ b/packages/miniflux/data_stream/feed_entry/fields/base-fields.yml @@ -1,12 +1,8 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: '@timestamp' - type: date - description: Event timestamp. + external: ecs diff --git a/packages/miniflux/docs/README.md b/packages/miniflux/docs/README.md index 6fbd26c4c19..3135450acb4 100644 --- a/packages/miniflux/docs/README.md +++ b/packages/miniflux/docs/README.md @@ -144,10 +144,10 @@ An example event for `feed_entry` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | | input.type | Type of filebeat input. | keyword | | miniflux.author | Author of the feed entry | keyword | | miniflux.changed_at | | date | diff --git a/packages/miniflux/img/miniflux-overview-dashboard.png b/packages/miniflux/img/miniflux-overview-dashboard.png new file mode 100644 index 00000000000..7e23829a060 Binary files /dev/null and b/packages/miniflux/img/miniflux-overview-dashboard.png differ diff --git a/packages/miniflux/kibana/dashboard/miniflux-c31e3493-1f45-4e5f-bf5c-08aebc8fcbf8.json b/packages/miniflux/kibana/dashboard/miniflux-c31e3493-1f45-4e5f-bf5c-08aebc8fcbf8.json new file mode 100644 index 00000000000..b0e3ddb9f7f --- /dev/null +++ b/packages/miniflux/kibana/dashboard/miniflux-c31e3493-1f45-4e5f-bf5c-08aebc8fcbf8.json @@ -0,0 +1,610 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": { + "ignoreFilters": false, + "ignoreQuery": false, + "ignoreTimerange": false, + "ignoreValidations": false + }, + "panelsJSON": { + "5ca0e3a9-6d99-4e00-a475-c203e5246a98": { + "explicitInput": { + "dataViewId": "logs-*", + "fieldName": "miniflux.status", + "id": "5ca0e3a9-6d99-4e00-a475-c203e5246a98", + "searchTechnique": "prefix", + "selectedOptions": [], + "sort": { + "by": "_count", + "direction": "desc" + }, + "title": "Status" + }, + "grow": true, + "order": 1, + "type": "optionsListControl", + "width": "medium" + }, + "8457a593-fb20-4ebe-b0b0-23f8d744bee1": { + "explicitInput": { + "dataViewId": "logs-*", + "fieldName": "miniflux.feed.category.title", + "id": "8457a593-fb20-4ebe-b0b0-23f8d744bee1", + "searchTechnique": "prefix", + "selectedOptions": [], + "sort": { + "by": "_count", + "direction": "desc" + }, + "title": "Feed Category" + }, + "grow": true, + "order": 0, + "type": "optionsListControl", + "width": "medium" + } + }, + "showApplySelections": false + }, + "description": "This dashboard shows logs collected by the Miniflux integration.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "miniflux.feed_entry" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "miniflux.feed_entry" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "This dashboard shows logs collected by the Miniflux integration. \n\nThe dashboard includes feed by status (read, unread, removed), category distribution, tag distribution, and feed details for deeper insights.\n\nRefer to the [integration documentation](/app/integrations/detail/miniflux/overview).", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 13, + "i": "1fa23fc1-499b-464f-ba3f-29d04bc6d994", + "w": 11, + "x": 0, + "y": 0 + }, + "panelIndex": "1fa23fc1-499b-464f-ba3f-29d04bc6d994", + "title": "Overview", + "type": "visualization" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b7139ef4-6f1c-4074-bd98-bfe45a3b2868", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "currentIndexPatternId": "logs-*", + "layers": { + "b7139ef4-6f1c-4074-bd98-bfe45a3b2868": { + "columnOrder": [ + "98c34efd-0e97-4453-845c-1f856e03279f", + "ac0dc9a3-7bff-4164-8d10-2ce770ec93f2" + ], + "columns": { + "98c34efd-0e97-4453-845c-1f856e03279f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Status", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "ac0dc9a3-7bff-4164-8d10-2ce770ec93f2", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 3 + }, + "scale": "ordinal", + "sourceField": "miniflux.status" + }, + "ac0dc9a3-7bff-4164-8d10-2ce770ec93f2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Feed", + "operationType": "unique_count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "miniflux.feed.id" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "logs-*", + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "98c34efd-0e97-4453-845c-1f856e03279f", + "color": "#6092C0", + "layerId": "b7139ef4-6f1c-4074-bd98-bfe45a3b2868", + "layerType": "data", + "maxCols": 3, + "metricAccessor": "ac0dc9a3-7bff-4164-8d10-2ce770ec93f2", + "showBar": false + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "81de129c-0deb-4777-936c-9af5247babaa", + "w": 15, + "x": 11, + "y": 0 + }, + "panelIndex": "81de129c-0deb-4777-936c-9af5247babaa", + "title": "Feed by Status [Logs Miniflux]", + "type": "lens" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-91a75189-3176-4038-87b2-56510b34db4f", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "91a75189-3176-4038-87b2-56510b34db4f": { + "columnOrder": [ + "5a049f3c-3ef6-4201-853c-5cc58bf4477f", + "1e40265a-9890-4454-9cde-233dbf54f335" + ], + "columns": { + "1e40265a-9890-4454-9cde-233dbf54f335": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "miniflux.feed.id" + }, + "5a049f3c-3ef6-4201-853c-5cc58bf4477f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Category", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1e40265a-9890-4454-9cde-233dbf54f335", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "miniflux.feed.category.title" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "colorMapping": { + "assignments": [], + "colorMode": { + "type": "categorical" + }, + "paletteId": "eui_amsterdam_color_blind", + "specialAssignments": [ + { + "color": { + "type": "loop" + }, + "rule": { + "type": "other" + }, + "touched": false + } + ] + }, + "layerId": "91a75189-3176-4038-87b2-56510b34db4f", + "layerType": "data", + "legendDisplay": "show", + "metrics": [ + "1e40265a-9890-4454-9cde-233dbf54f335" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "5a049f3c-3ef6-4201-853c-5cc58bf4477f" + ], + "truncateLegend": false + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "de0ac0d8-142d-4dfa-b740-34ccff4b497f", + "w": 22, + "x": 26, + "y": 0 + }, + "panelIndex": "de0ac0d8-142d-4dfa-b740-34ccff4b497f", + "title": "Feed by Category [Logs Miniflux]", + "type": "lens" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6064a9f7-b247-4434-acea-8c5423e70432", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "currentIndexPatternId": "logs-*", + "layers": { + "6064a9f7-b247-4434-acea-8c5423e70432": { + "columnOrder": [ + "2428259f-3575-439a-b95d-76481ea20f3e", + "3f372b0d-4859-4ae7-a6b2-12a791a9bce0" + ], + "columns": { + "2428259f-3575-439a-b95d-76481ea20f3e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Tags", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "3f372b0d-4859-4ae7-a6b2-12a791a9bce0", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "miniflux.tags" + }, + "3f372b0d-4859-4ae7-a6b2-12a791a9bce0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "miniflux.feed.id" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "logs-*", + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "3f372b0d-4859-4ae7-a6b2-12a791a9bce0" + ], + "colorMapping": { + "assignments": [], + "colorMode": { + "type": "categorical" + }, + "paletteId": "eui_amsterdam_color_blind", + "specialAssignments": [ + { + "color": { + "type": "loop" + }, + "rule": { + "type": "other" + }, + "touched": false + } + ] + }, + "layerId": "6064a9f7-b247-4434-acea-8c5423e70432", + "layerType": "data", + "position": "top", + "seriesType": "bar", + "showGridlines": false, + "xAccessor": "2428259f-3575-439a-b95d-76481ea20f3e" + } + ], + "legend": { + "isVisible": true, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": false + }, + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "ae09eb17-ea14-4858-a708-d3b65799f69c", + "w": 48, + "x": 0, + "y": 13 + }, + "panelIndex": "ae09eb17-ea14-4858-a708-d3b65799f69c", + "title": "Feed by Tags [Logs Miniflux]", + "type": "lens" + }, + { + "embeddableConfig": { + "description": "", + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "grid": { + "columns": { + "miniflux.feed.category.title": { + "width": 231 + }, + "miniflux.reading_time": { + "width": 207 + }, + "miniflux.status": { + "width": 165 + }, + "miniflux.title": { + "width": 341 + } + } + } + }, + "gridData": { + "h": 17, + "i": "c4bb23b5-46aa-4104-824d-cac04380cd55", + "w": 48, + "x": 0, + "y": 28 + }, + "panelIndex": "c4bb23b5-46aa-4104-824d-cac04380cd55", + "panelRefName": "panel_c4bb23b5-46aa-4104-824d-cac04380cd55", + "title": "Feed Details [Logs Miniflux]", + "type": "search" + } + ], + "timeRestore": false, + "title": "[Logs Miniflux] Overview", + "version": 3 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2025-09-02T07:23:04.673Z", + "created_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0", + "id": "miniflux-c31e3493-1f45-4e5f-bf5c-08aebc8fcbf8", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "81de129c-0deb-4777-936c-9af5247babaa:indexpattern-datasource-layer-b7139ef4-6f1c-4074-bd98-bfe45a3b2868", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "de0ac0d8-142d-4dfa-b740-34ccff4b497f:indexpattern-datasource-layer-91a75189-3176-4038-87b2-56510b34db4f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae09eb17-ea14-4858-a708-d3b65799f69c:indexpattern-datasource-layer-6064a9f7-b247-4434-acea-8c5423e70432", + "type": "index-pattern" + }, + { + "id": "miniflux-7c09e6fa-a4ea-4db5-8039-d285e38b7a3b", + "name": "c4bb23b5-46aa-4104-824d-cac04380cd55:panel_c4bb23b5-46aa-4104-824d-cac04380cd55", + "type": "search" + }, + { + "id": "logs-*", + "name": "controlGroup_2891c379-8e82-4236-8ff6-fb7ac616ef4e:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_60c2ac8e-daa7-44be-8048-7486ac8fab07:optionsListDataView", + "type": "index-pattern" + } + ], + "type": "dashboard", + "typeMigrationVersion": "10.2.0", + "updated_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" +} \ No newline at end of file diff --git a/packages/miniflux/kibana/search/miniflux-7c09e6fa-a4ea-4db5-8039-d285e38b7a3b.json b/packages/miniflux/kibana/search/miniflux-7c09e6fa-a4ea-4db5-8039-d285e38b7a3b.json new file mode 100644 index 00000000000..99dfe45cb16 --- /dev/null +++ b/packages/miniflux/kibana/search/miniflux-7c09e6fa-a4ea-4db5-8039-d285e38b7a3b.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "columns": [ + "miniflux.title", + "miniflux.status", + "miniflux.reading_time", + "miniflux.url" + ], + "description": "", + "grid": { + "columns": { + "miniflux.feed.category.title": { + "width": 231 + }, + "miniflux.reading_time": { + "width": 207 + }, + "miniflux.status": { + "width": 165 + } + } + }, + "hideChart": false, + "isTextBasedQuery": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "miniflux.feed_entry" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "miniflux.feed_entry" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "timeRestore": false, + "title": "Feed Details [Logs Miniflux]" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2025-09-03T06:00:47.655Z", + "created_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0", + "id": "miniflux-7c09e6fa-a4ea-4db5-8039-d285e38b7a3b", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "typeMigrationVersion": "10.5.0", + "updated_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" +} \ No newline at end of file diff --git a/packages/miniflux/manifest.yml b/packages/miniflux/manifest.yml index ddc09e2cd9a..8fee1ca7ada 100644 --- a/packages/miniflux/manifest.yml +++ b/packages/miniflux/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.3.5 name: miniflux title: "Miniflux RSS reader" -version: 0.3.0 +version: 1.0.0 source: license: "Elastic-2.0" description: Collect RSS feed content from the Miniflux API with Elastic Agent. @@ -23,6 +23,10 @@ icons: title: Miniflux logo size: 32x32 type: image/svg+xml + - src: /img/miniflux-overview-dashboard.png + title: GitHub user overview + size: 600x600 + type: image/png policy_templates: - name: miniflux title: Miniflux data diff --git a/packages/miniflux/validation.yml b/packages/miniflux/validation.yml new file mode 100644 index 00000000000..1189aa63c89 --- /dev/null +++ b/packages/miniflux/validation.yml @@ -0,0 +1,3 @@ +errors: + exclude_checks: + - SVR00004 # References in dashboards. diff --git a/packages/proofpoint_itm/changelog.yml b/packages/proofpoint_itm/changelog.yml index 71eb9763334..57b11a76e5c 100644 --- a/packages/proofpoint_itm/changelog.yml +++ b/packages/proofpoint_itm/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/15298 - version: "0.3.0" changes: - description: Use `terminate` processor instead of `fail` processor to handle agent errors. diff --git a/packages/proofpoint_itm/data_stream/report/fields/base-fields.yml b/packages/proofpoint_itm/data_stream/report/fields/base-fields.yml index 6b5c1da0d94..18f57e9b614 100644 --- a/packages/proofpoint_itm/data_stream/report/fields/base-fields.yml +++ b/packages/proofpoint_itm/data_stream/report/fields/base-fields.yml @@ -1,20 +1,16 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: event.module type: constant_keyword - description: Event module. value: proofpoint_itm + external: ecs - name: event.dataset type: constant_keyword - description: Event dataset. value: proofpoint_itm.report + external: ecs - name: '@timestamp' - type: date - description: Event timestamp. + external: ecs diff --git a/packages/proofpoint_itm/docs/README.md b/packages/proofpoint_itm/docs/README.md index c8dc381ce02..b29e45a8d52 100644 --- a/packages/proofpoint_itm/docs/README.md +++ b/packages/proofpoint_itm/docs/README.md @@ -238,12 +238,12 @@ An example event for `report` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | -| event.dataset | Event dataset. | constant_keyword | -| event.module | Event module. | constant_keyword | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | +| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | constant_keyword | +| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | constant_keyword | | input.type | Type of Filebeat input. | keyword | | log.offset | Log offset. | long | | proofpoint_itm.report._time | | date | diff --git a/packages/proofpoint_itm/manifest.yml b/packages/proofpoint_itm/manifest.yml index 69e2b396abe..fc3368b98c4 100644 --- a/packages/proofpoint_itm/manifest.yml +++ b/packages/proofpoint_itm/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.4.0 name: proofpoint_itm title: Proofpoint ITM -version: "0.3.0" +version: "1.0.0" description: Collect logs from Proofpoint ITM using Elastic Agent. type: integration categories: diff --git a/packages/splunk/changelog.yml b/packages/splunk/changelog.yml index b8b07e33382..3f546a5bf4a 100644 --- a/packages/splunk/changelog.yml +++ b/packages/splunk/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/15298 - version: "0.7.0" changes: - description: Add `search` data stream. diff --git a/packages/splunk/manifest.yml b/packages/splunk/manifest.yml index 65c60a8fea4..0c1ab621b6f 100644 --- a/packages/splunk/manifest.yml +++ b/packages/splunk/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.4.0 name: splunk title: Splunk -version: "0.7.0" +version: "1.0.0" source: license: "Elastic-2.0" description: Collect logs from Splunk with Elastic Agent. diff --git a/packages/tenable_ot_security/changelog.yml b/packages/tenable_ot_security/changelog.yml index 8ad94793ae7..0d1b8d7cc35 100644 --- a/packages/tenable_ot_security/changelog.yml +++ b/packages/tenable_ot_security/changelog.yml @@ -1,3 +1,14 @@ +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/15298 + - description: ECS version updated to 8.17.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/15298 + - description: Fix dashboard link for Serverless Project. + type: bugfix + link: https://github.com/elastic/integrations/pull/15298 - version: "0.4.0" changes: - description: Update Kibana constraint to support 9.0.0. diff --git a/packages/tenable_ot_security/data_stream/assets/_dev/test/pipeline/test-assets.json-expected.json b/packages/tenable_ot_security/data_stream/assets/_dev/test/pipeline/test-assets.json-expected.json index c3b58b1c429..c254959fdac 100644 --- a/packages/tenable_ot_security/data_stream/assets/_dev/test/pipeline/test-assets.json-expected.json +++ b/packages/tenable_ot_security/data_stream/assets/_dev/test/pipeline/test-assets.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2024-06-25T17:38:44.422095Z", "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "category": [ diff --git a/packages/tenable_ot_security/data_stream/assets/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_ot_security/data_stream/assets/elasticsearch/ingest_pipeline/default.yml index 3ba37633766..e82ccf1a931 100644 --- a/packages/tenable_ot_security/data_stream/assets/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_ot_security/data_stream/assets/elasticsearch/ingest_pipeline/default.yml @@ -109,7 +109,7 @@ processors: - set: field: ecs.version - value: "8.11.0" + value: "8.17.0" - append: field: event.category diff --git a/packages/tenable_ot_security/data_stream/assets/fields/base-fields.yml b/packages/tenable_ot_security/data_stream/assets/fields/base-fields.yml index 3500f7ce8c2..428a316f868 100644 --- a/packages/tenable_ot_security/data_stream/assets/fields/base-fields.yml +++ b/packages/tenable_ot_security/data_stream/assets/fields/base-fields.yml @@ -1,15 +1,11 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: input.type type: keyword description: Input type. - name: '@timestamp' - type: date - description: Event timestamp. + external: ecs diff --git a/packages/tenable_ot_security/data_stream/events/_dev/test/pipeline/test-events.json-expected.json b/packages/tenable_ot_security/data_stream/events/_dev/test/pipeline/test-events.json-expected.json index 4d3005203cc..38086b0efae 100644 --- a/packages/tenable_ot_security/data_stream/events/_dev/test/pipeline/test-events.json-expected.json +++ b/packages/tenable_ot_security/data_stream/events/_dev/test/pipeline/test-events.json-expected.json @@ -11,7 +11,7 @@ ] }, "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "category": [ diff --git a/packages/tenable_ot_security/data_stream/events/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_ot_security/data_stream/events/elasticsearch/ingest_pipeline/default.yml index b123e4d9b4a..3a2de223baf 100644 --- a/packages/tenable_ot_security/data_stream/events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_ot_security/data_stream/events/elasticsearch/ingest_pipeline/default.yml @@ -109,7 +109,7 @@ processors: - set: field: ecs.version - value: "8.11.0" + value: "8.17.0" - append: field: event.category diff --git a/packages/tenable_ot_security/data_stream/events/fields/base-fields.yml b/packages/tenable_ot_security/data_stream/events/fields/base-fields.yml index 3500f7ce8c2..428a316f868 100644 --- a/packages/tenable_ot_security/data_stream/events/fields/base-fields.yml +++ b/packages/tenable_ot_security/data_stream/events/fields/base-fields.yml @@ -1,15 +1,11 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: input.type type: keyword description: Input type. - name: '@timestamp' - type: date - description: Event timestamp. + external: ecs diff --git a/packages/tenable_ot_security/data_stream/system_log/_dev/test/pipeline/test-event-system-log.json-expected.json b/packages/tenable_ot_security/data_stream/system_log/_dev/test/pipeline/test-event-system-log.json-expected.json index 685d18ce122..bb8ddb650c3 100644 --- a/packages/tenable_ot_security/data_stream/system_log/_dev/test/pipeline/test-event-system-log.json-expected.json +++ b/packages/tenable_ot_security/data_stream/system_log/_dev/test/pipeline/test-event-system-log.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2024-06-24T22:03:49.025419Z", "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "event": { "category": [ diff --git a/packages/tenable_ot_security/data_stream/system_log/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_ot_security/data_stream/system_log/elasticsearch/ingest_pipeline/default.yml index 81a641a3bf3..024dfa6c718 100644 --- a/packages/tenable_ot_security/data_stream/system_log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_ot_security/data_stream/system_log/elasticsearch/ingest_pipeline/default.yml @@ -74,7 +74,7 @@ processors: - set: field: ecs.version - value: "8.11.0" + value: "8.17.0" - append: field: event.category diff --git a/packages/tenable_ot_security/data_stream/system_log/fields/base-fields.yml b/packages/tenable_ot_security/data_stream/system_log/fields/base-fields.yml index cd16ccceb3f..de841e641d1 100644 --- a/packages/tenable_ot_security/data_stream/system_log/fields/base-fields.yml +++ b/packages/tenable_ot_security/data_stream/system_log/fields/base-fields.yml @@ -1,20 +1,15 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: input.type type: keyword description: Input type. - name: '@timestamp' - type: date - description: Event timestamp. + external: ecs - name: message external: ecs - name: user.name - type: keyword - description: The username in the log. + external: ecs diff --git a/packages/tenable_ot_security/docs/README.md b/packages/tenable_ot_security/docs/README.md index 85d0190943c..3091f00c454 100644 --- a/packages/tenable_ot_security/docs/README.md +++ b/packages/tenable_ot_security/docs/README.md @@ -140,10 +140,10 @@ The following non-ECS fields are used in assets documents: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | | input.type | Input type. | keyword | | tenable_ot_security.assets.category | The category of the asset. | keyword | | tenable_ot_security.assets.criticality | The criticality level of the asset. | keyword | @@ -378,10 +378,10 @@ The following non-ECS fields are used in events documents: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | | input.type | Input type. | keyword | | tenable_ot_security.events.category | Category classification of the event. | keyword | | tenable_ot_security.events.comment | Comments or notes related to the event. | text | @@ -672,14 +672,15 @@ The following non-ECS fields are used in system log documents: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | | input.type | Input type. | keyword | | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | tenable_ot_security.system_log.message | The detailed message of the log. | keyword | | tenable_ot_security.system_log.time_stamp | The timestamp of the log. | date | | tenable_ot_security.system_log.user_name | The username in the log. | keyword | -| user.name | The username in the log. | keyword | +| user.name | Short name or login of the user. | keyword | +| user.name.text | Multi-field of `user.name`. | match_only_text | diff --git a/packages/tenable_ot_security/img/screenshot1.png b/packages/tenable_ot_security/img/screenshot1.png index 1ad3fd738e6..7165726fca1 100644 Binary files a/packages/tenable_ot_security/img/screenshot1.png and b/packages/tenable_ot_security/img/screenshot1.png differ diff --git a/packages/tenable_ot_security/img/screenshot2.png b/packages/tenable_ot_security/img/screenshot2.png index 1300afcdea7..e4d001b1bd5 100644 Binary files a/packages/tenable_ot_security/img/screenshot2.png and b/packages/tenable_ot_security/img/screenshot2.png differ diff --git a/packages/tenable_ot_security/kibana/dashboard/tenable_ot_security-83d09d64-36df-46a1-8790-9f3dfe02e153.json b/packages/tenable_ot_security/kibana/dashboard/tenable_ot_security-83d09d64-36df-46a1-8790-9f3dfe02e153.json index 4178593f5cc..ef85e6d23cf 100644 --- a/packages/tenable_ot_security/kibana/dashboard/tenable_ot_security-83d09d64-36df-46a1-8790-9f3dfe02e153.json +++ b/packages/tenable_ot_security/kibana/dashboard/tenable_ot_security-83d09d64-36df-46a1-8790-9f3dfe02e153.json @@ -1,5 +1,17 @@ { "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": { + "ignoreFilters": false, + "ignoreQuery": false, + "ignoreTimerange": false, + "ignoreValidations": false + }, + "panelsJSON": {}, + "showApplySelections": false + }, "description": "", "kibanaSavedObjectMeta": { "searchSourceJSON": { @@ -21,8 +33,12 @@ { "embeddableConfig": { "description": "", - "enhancements": {}, - "hidePanelTitles": true, + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "hidePanelTitles": false, "savedVis": { "data": { "aggs": [], @@ -38,7 +54,7 @@ "id": "", "params": { "fontSize": 12, - "markdown": "**Navigation**\n\n**Tenable OT Security** \n\n[Overview](#/dashboard/tenable_ot_security-c6423a0a-fd80-489b-8302-17ba2024f345) \n**[Events](#/dashboard/tenable_ot_security-83d09d64-36df-46a1-8790-9f3dfe02e153)** \n\n\n**Overview**\n\nThis dashboards visualizes the statistics and overall metrics of all the Tenable OT Security Events.\n\n", + "markdown": "This dashboards visualizes the statistics and overall metrics of all the Tenable OT Security Events.\n\n", "openLinksInNewTab": false }, "title": "", @@ -47,14 +63,14 @@ } }, "gridData": { - "h": 45, + "h": 39, "i": "44171f47-c64f-4017-a0c1-ecade6747e8e", "w": 10, "x": 0, - "y": 0 + "y": 6 }, "panelIndex": "44171f47-c64f-4017-a0c1-ecade6747e8e", - "title": "", + "title": "Overview", "type": "visualization" }, { @@ -925,6 +941,50 @@ "panelIndex": "97f93c5f-24cb-410a-8134-59c5750cfc44", "title": "Events By Geo Locations", "type": "map" + }, + { + "embeddableConfig": { + "attributes": { + "layout": "vertical", + "links": [ + { + "destinationRefName": "link_94ceab4d-1086-47fe-b4b3-f0d28f1a52dc_dashboard", + "id": "94ceab4d-1086-47fe-b4b3-f0d28f1a52dc", + "label": "Overview", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 0, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_9a55d24f-893c-42cc-a22d-d25d1b66a257_dashboard", + "id": "9a55d24f-893c-42cc-a22d-d25d1b66a257", + "label": "Events", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 1, + "type": "dashboardLink" + } + ] + }, + "enhancements": {} + }, + "gridData": { + "h": 6, + "i": "f2476b50-27fc-4de0-8991-06be7a72ed45", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "f2476b50-27fc-4de0-8991-06be7a72ed45", + "title": "Navigation", + "type": "links" } ], "timeRestore": false, @@ -932,10 +992,8 @@ "version": 2 }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-03-20T10:12:57.789Z", - "created_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0", + "created_at": "2025-09-10T05:36:28.014Z", "id": "tenable_ot_security-83d09d64-36df-46a1-8790-9f3dfe02e153", - "managed": false, "references": [ { "id": "logs-*", @@ -966,6 +1024,16 @@ "id": "logs-*", "name": "97f93c5f-24cb-410a-8134-59c5750cfc44:layer_2_join_0_index_pattern", "type": "index-pattern" + }, + { + "id": "tenable_ot_security-c6423a0a-fd80-489b-8302-17ba2024f345", + "name": "f2476b50-27fc-4de0-8991-06be7a72ed45:link_94ceab4d-1086-47fe-b4b3-f0d28f1a52dc_dashboard", + "type": "dashboard" + }, + { + "id": "tenable_ot_security-83d09d64-36df-46a1-8790-9f3dfe02e153", + "name": "f2476b50-27fc-4de0-8991-06be7a72ed45:link_9a55d24f-893c-42cc-a22d-d25d1b66a257_dashboard", + "type": "dashboard" } ], "type": "dashboard", diff --git a/packages/tenable_ot_security/kibana/dashboard/tenable_ot_security-c6423a0a-fd80-489b-8302-17ba2024f345.json b/packages/tenable_ot_security/kibana/dashboard/tenable_ot_security-c6423a0a-fd80-489b-8302-17ba2024f345.json index 9efecc9e0bb..3f08e617a91 100644 --- a/packages/tenable_ot_security/kibana/dashboard/tenable_ot_security-c6423a0a-fd80-489b-8302-17ba2024f345.json +++ b/packages/tenable_ot_security/kibana/dashboard/tenable_ot_security-c6423a0a-fd80-489b-8302-17ba2024f345.json @@ -38,7 +38,7 @@ "events": [] } }, - "hidePanelTitles": true, + "hidePanelTitles": false, "savedVis": { "data": { "aggs": [], @@ -54,7 +54,7 @@ "id": "", "params": { "fontSize": 12, - "markdown": "**Navigation**\n\n**Tenable OT Security** \n\n**[Overview](#/dashboard/tenable_ot_security-c6423a0a-fd80-489b-8302-17ba2024f345)** \n[Events](#/dashboard/tenable_ot_security-83d09d64-36df-46a1-8790-9f3dfe02e153) \n\n\n**Overview**\n\nThis dashboards visualizes the statistics and overall metrics of all the Tenable OT Security Overview, Assets and System Logs.\n\n", + "markdown": "This dashboards visualizes the statistics and overall metrics of all the Tenable OT Security Overview, Assets and System Logs.\n\n", "openLinksInNewTab": false }, "title": "", @@ -63,14 +63,14 @@ } }, "gridData": { - "h": 83, + "h": 77, "i": "ca4a9fe4-3cd2-4237-901b-acf3627525fc", "w": 10, "x": 0, - "y": 0 + "y": 6 }, "panelIndex": "ca4a9fe4-3cd2-4237-901b-acf3627525fc", - "title": "", + "title": "Overview", "type": "visualization" }, { @@ -1737,6 +1737,50 @@ "panelIndex": "e9592370-e9d4-403c-89ff-88dae3c6abc6", "title": "User by Week", "type": "lens" + }, + { + "embeddableConfig": { + "attributes": { + "layout": "vertical", + "links": [ + { + "destinationRefName": "link_94ceab4d-1086-47fe-b4b3-f0d28f1a52dc_dashboard", + "id": "94ceab4d-1086-47fe-b4b3-f0d28f1a52dc", + "label": "Overview", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 0, + "type": "dashboardLink" + }, + { + "destinationRefName": "link_9a55d24f-893c-42cc-a22d-d25d1b66a257_dashboard", + "id": "9a55d24f-893c-42cc-a22d-d25d1b66a257", + "label": "Events", + "options": { + "openInNewTab": false, + "useCurrentDateRange": false, + "useCurrentFilters": false + }, + "order": 1, + "type": "dashboardLink" + } + ] + }, + "enhancements": {} + }, + "gridData": { + "h": 6, + "i": "5bcff441-8893-4b3e-bfcb-ca85fb04466c", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "5bcff441-8893-4b3e-bfcb-ca85fb04466c", + "title": "Navigation", + "type": "links" } ], "timeRestore": false, @@ -1744,9 +1788,8 @@ "version": 2 }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-05-02T04:58:16.078Z", + "created_at": "2025-09-10T05:36:29.044Z", "id": "tenable_ot_security-c6423a0a-fd80-489b-8302-17ba2024f345", - "managed": false, "references": [ { "id": "logs-*", @@ -1802,6 +1845,16 @@ "id": "logs-*", "name": "31b81caa-b99b-4d45-8125-cd91f8cd0e41:layer_2_join_0_index_pattern", "type": "index-pattern" + }, + { + "id": "tenable_ot_security-c6423a0a-fd80-489b-8302-17ba2024f345", + "name": "5bcff441-8893-4b3e-bfcb-ca85fb04466c:link_94ceab4d-1086-47fe-b4b3-f0d28f1a52dc_dashboard", + "type": "dashboard" + }, + { + "id": "tenable_ot_security-83d09d64-36df-46a1-8790-9f3dfe02e153", + "name": "5bcff441-8893-4b3e-bfcb-ca85fb04466c:link_9a55d24f-893c-42cc-a22d-d25d1b66a257_dashboard", + "type": "dashboard" } ], "type": "dashboard", diff --git a/packages/tenable_ot_security/manifest.yml b/packages/tenable_ot_security/manifest.yml index 9b23b15715d..76cd14ff193 100644 --- a/packages/tenable_ot_security/manifest.yml +++ b/packages/tenable_ot_security/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.3.0 name: tenable_ot_security title: Tenable OT Security -version: 0.4.0 +version: 1.0.0 source: license: "Elastic-2.0" description: Tenable OT Security diff --git a/packages/varonis/_dev/build/build.yml b/packages/varonis/_dev/build/build.yml index e2b012548e0..97fc8aa10cd 100644 --- a/packages/varonis/_dev/build/build.yml +++ b/packages/varonis/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.11.0 + reference: git@v8.17.0 diff --git a/packages/varonis/changelog.yml b/packages/varonis/changelog.yml index a75dc832a38..e0720728c11 100644 --- a/packages/varonis/changelog.yml +++ b/packages/varonis/changelog.yml @@ -1,3 +1,11 @@ +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/15298 + - description: ECS version updated to 8.17.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/15298 - version: "0.2.0" changes: - description: Add preprocessors config option, to allow running processors before CEF messages are decoded. diff --git a/packages/varonis/data_stream/logs/_dev/test/pipeline/test-logs.json-expected.json b/packages/varonis/data_stream/logs/_dev/test/pipeline/test-logs.json-expected.json index 0f01fcdc457..2af13bc6bf4 100644 --- a/packages/varonis/data_stream/logs/_dev/test/pipeline/test-logs.json-expected.json +++ b/packages/varonis/data_stream/logs/_dev/test/pipeline/test-logs.json-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "elastic_agent": { "id": "133cc4b0-c5cd-4ed8-a808-1e0016872fdb", @@ -100,7 +100,7 @@ } }, "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "elastic_agent": { "id": "133cc4b0-c5cd-4ed8-a808-1e0016872fdb", diff --git a/packages/varonis/data_stream/logs/elasticsearch/ingest_pipeline/default.yml b/packages/varonis/data_stream/logs/elasticsearch/ingest_pipeline/default.yml index 82de5a0e9b2..5c9b7a0abbb 100644 --- a/packages/varonis/data_stream/logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/varonis/data_stream/logs/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: ############ - set: field: ecs.version - value: '8.11.0' + value: '8.17.0' - set: field: event.kind diff --git a/packages/varonis/data_stream/logs/fields/base-fields.yml b/packages/varonis/data_stream/logs/fields/base-fields.yml index 0795beabfcc..73580a494c5 100644 --- a/packages/varonis/data_stream/logs/fields/base-fields.yml +++ b/packages/varonis/data_stream/logs/fields/base-fields.yml @@ -1,21 +1,19 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: '@timestamp' - type: date - description: Event timestamp. + external: ecs - name: input.type type: keyword description: Input type - name: event.dataset type: constant_keyword + external: ecs - name: event.module type: constant_keyword + external: ecs - name: event.severity_label type: keyword diff --git a/packages/varonis/data_stream/logs/sample_event.json b/packages/varonis/data_stream/logs/sample_event.json index 7d3a486ac0d..28b04a9dc93 100644 --- a/packages/varonis/data_stream/logs/sample_event.json +++ b/packages/varonis/data_stream/logs/sample_event.json @@ -1,73 +1,69 @@ { - "@timestamp": "2024-11-22T16:19:09.000Z", + "@timestamp": "2025-04-28T15:01:42.000Z", "agent": { - "ephemeral_id": "97d1a7b2-9413-428f-8969-4f5f62d5432f", - "id": "d1133e80-f6c0-4944-b3c2-426cddf483b7", - "name": "elastic-agent-18048", + "ephemeral_id": "505a3770-450a-4300-b325-f9e2c6caa79e", + "id": "1fa84ff2-0b52-47f7-80a0-edbc73168926", + "name": "elastic-agent-78603", "type": "filebeat", "version": "8.15.3" }, "data_stream": { "dataset": "varonis.logs", - "namespace": "72531", + "namespace": "57343", "type": "logs" }, "destination": { - "domain": "10.100.20.12", + "domain": "AD-contosofoo.com", "user": { "group": { - "name": "Everyone" + "name": "contosofoo.com\\Group Admins-Region_200" }, - "name": "zta.local\\Dani Lulli (ADMIN)" + "name": "contosofoo.com\\Bourne Jr., Jason" } }, "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "elastic_agent": { - "id": "d1133e80-f6c0-4944-b3c2-426cddf483b7", + "id": "1fa84ff2-0b52-47f7-80a0-edbc73168926", "snapshot": false, "version": "8.15.3" }, "event": { - "action": "Folder permissions added", + "action": "DS object permission added", "agent_id_status": "verified", "category": [ "configuration" ], - "code": "6000", + "code": "5015", "dataset": "varonis.logs", - "end": "2024-11-22T16:19:05.000Z", - "ingested": "2025-03-28T17:00:05Z", + "end": "2025-04-28T14:53:02.000Z", + "ingested": "2025-09-11T06:42:47Z", "kind": "event", "module": "varonis", - "original": "CEF:0|Varonis Inc.|DatAdvantage|8.6.51|6000|Folder permissions added|3|rt=Nov 22 2024 16:19:09 cat=Alert cs2=Permissions granted to Global Access Groups cs2Label=RuleName cn1=132 cn1Label=RuleID end=Nov 22 2024 16:19:05 duser=zta.local\\\\Dani Lulli (ADMIN) dhost=10.100.20.12 filePath=E:\\\\Share\\\\Share\\\\Finance fname=Finance act=Folder permissions added dvchost= outcome=Success msg=Read & Execute permissions for This folder, subfolders and files (not inherited) was added to Everyone on E:\\\\Share\\\\Share\\\\Finance cs3= cs3Label=AttachmentName cs4=test cs4Label=ClientAccessType deviceCustomDate1= fileType=csv cs1=admin@test.com cs1Label=MailRecipient suser=Admin cs5=test cs5Label=MailboxAccessType cnt=10 cs6=Read & Execute cs6Label=ChangedPermissions oldFilePermission=Read filePermission=Read & Execute dpriv=Everyone start=", + "original": "<14>Apr 28 15:59:01 VARONISSRVR1 CEF:0|Varonis Inc.|DatAdvantage|8.7.1|5015|DS object permission added|3|rt=Apr 28 2025 15:01:42 cat=Alert cs2=Permission changes on OU cs2Label=RuleName cn1=142 cn1Label=RuleID end=Apr 28 2025 14:53:02 duser=contosofoo.com\\Bourne Jr., Jason dhost=AD-contosofoo.com filePath=contosofoo.com\\Home Office Site\\Computers\\Containered fname=Containered act=DS object permission added dvchost=Compute outcome=Success msg=Permissions were added to \"Containered\" for group \"contosofoo.com\\Group Admins-Region_200\" cs3= cs3Label=AttachmentName cs4= cs4Label=ClientAccessType deviceCustomDate1= fileType= cs1= cs1Label=MailRecipient suser= cs5= cs5Label=MailboxAccessType cnt= cs6= cs6Label=ChangedPermissions oldFilePermission= filePermission=Write dpriv=contosofoo.com\\Group Admins-Region_200 start=Apr 28 2025 14:53:02", "outcome": "success", "severity": 3, "severity_label": "error", + "start": "2025-04-28T14:53:02.000Z", "type": [ "info" ] }, "file": { - "group": "Read & Execute", - "name": "Finance", - "path": "E:\\Share\\Share\\Finance", - "type": "csv" + "group": "Write", + "name": "Containered", + "path": "contosofoo.com\\Home Office Site\\Computers\\Containered" }, "input": { "type": "udp" }, - "message": "Read & Execute permissions for This folder, subfolders and files (not inherited) was added to Everyone on E:\\Share\\Share\\Finance", + "message": "Permissions were added to \"Containered\" for group \"contosofoo.com\\Group Admins-Region_200\"", "observer": { + "hostname": "Compute", "product": "DatAdvantage", "vendor": "Varonis Inc.", - "version": "8.6.51" - }, - "source": { - "user": { - "name": "Admin" - } + "version": "8.7.1" }, "tags": [ "preserve_original_event", @@ -75,15 +71,10 @@ ], "varonis": { "logs": { - "base_event_count": 10, - "changed_permissions": "Read & Execute", - "client_access_type": "test", "device_event_category": "Alert", - "mail_recipient": "admin@test.com", - "mailbox_access_type": "test", - "old_file_permission": "Read", - "rule_id": 132, - "rule_name": "Permissions granted to Global Access Groups" + "device_host_name": "Compute", + "rule_id": 142, + "rule_name": "Permission changes on OU" } } } diff --git a/packages/varonis/docs/README.md b/packages/varonis/docs/README.md index f3a261ca0a7..9cf4d6757cc 100644 --- a/packages/varonis/docs/README.md +++ b/packages/varonis/docs/README.md @@ -49,75 +49,71 @@ An example event for `logs` looks as following: ```json { - "@timestamp": "2024-11-22T16:19:09.000Z", + "@timestamp": "2025-04-28T15:01:42.000Z", "agent": { - "ephemeral_id": "97d1a7b2-9413-428f-8969-4f5f62d5432f", - "id": "d1133e80-f6c0-4944-b3c2-426cddf483b7", - "name": "elastic-agent-18048", + "ephemeral_id": "505a3770-450a-4300-b325-f9e2c6caa79e", + "id": "1fa84ff2-0b52-47f7-80a0-edbc73168926", + "name": "elastic-agent-78603", "type": "filebeat", "version": "8.15.3" }, "data_stream": { "dataset": "varonis.logs", - "namespace": "72531", + "namespace": "57343", "type": "logs" }, "destination": { - "domain": "10.100.20.12", + "domain": "AD-contosofoo.com", "user": { "group": { - "name": "Everyone" + "name": "contosofoo.com\\Group Admins-Region_200" }, - "name": "zta.local\\Dani Lulli (ADMIN)" + "name": "contosofoo.com\\Bourne Jr., Jason" } }, "ecs": { - "version": "8.11.0" + "version": "8.17.0" }, "elastic_agent": { - "id": "d1133e80-f6c0-4944-b3c2-426cddf483b7", + "id": "1fa84ff2-0b52-47f7-80a0-edbc73168926", "snapshot": false, "version": "8.15.3" }, "event": { - "action": "Folder permissions added", + "action": "DS object permission added", "agent_id_status": "verified", "category": [ "configuration" ], - "code": "6000", + "code": "5015", "dataset": "varonis.logs", - "end": "2024-11-22T16:19:05.000Z", - "ingested": "2025-03-28T17:00:05Z", + "end": "2025-04-28T14:53:02.000Z", + "ingested": "2025-09-11T06:42:47Z", "kind": "event", "module": "varonis", - "original": "CEF:0|Varonis Inc.|DatAdvantage|8.6.51|6000|Folder permissions added|3|rt=Nov 22 2024 16:19:09 cat=Alert cs2=Permissions granted to Global Access Groups cs2Label=RuleName cn1=132 cn1Label=RuleID end=Nov 22 2024 16:19:05 duser=zta.local\\\\Dani Lulli (ADMIN) dhost=10.100.20.12 filePath=E:\\\\Share\\\\Share\\\\Finance fname=Finance act=Folder permissions added dvchost= outcome=Success msg=Read & Execute permissions for This folder, subfolders and files (not inherited) was added to Everyone on E:\\\\Share\\\\Share\\\\Finance cs3= cs3Label=AttachmentName cs4=test cs4Label=ClientAccessType deviceCustomDate1= fileType=csv cs1=admin@test.com cs1Label=MailRecipient suser=Admin cs5=test cs5Label=MailboxAccessType cnt=10 cs6=Read & Execute cs6Label=ChangedPermissions oldFilePermission=Read filePermission=Read & Execute dpriv=Everyone start=", + "original": "<14>Apr 28 15:59:01 VARONISSRVR1 CEF:0|Varonis Inc.|DatAdvantage|8.7.1|5015|DS object permission added|3|rt=Apr 28 2025 15:01:42 cat=Alert cs2=Permission changes on OU cs2Label=RuleName cn1=142 cn1Label=RuleID end=Apr 28 2025 14:53:02 duser=contosofoo.com\\Bourne Jr., Jason dhost=AD-contosofoo.com filePath=contosofoo.com\\Home Office Site\\Computers\\Containered fname=Containered act=DS object permission added dvchost=Compute outcome=Success msg=Permissions were added to \"Containered\" for group \"contosofoo.com\\Group Admins-Region_200\" cs3= cs3Label=AttachmentName cs4= cs4Label=ClientAccessType deviceCustomDate1= fileType= cs1= cs1Label=MailRecipient suser= cs5= cs5Label=MailboxAccessType cnt= cs6= cs6Label=ChangedPermissions oldFilePermission= filePermission=Write dpriv=contosofoo.com\\Group Admins-Region_200 start=Apr 28 2025 14:53:02", "outcome": "success", "severity": 3, "severity_label": "error", + "start": "2025-04-28T14:53:02.000Z", "type": [ "info" ] }, "file": { - "group": "Read & Execute", - "name": "Finance", - "path": "E:\\Share\\Share\\Finance", - "type": "csv" + "group": "Write", + "name": "Containered", + "path": "contosofoo.com\\Home Office Site\\Computers\\Containered" }, "input": { "type": "udp" }, - "message": "Read & Execute permissions for This folder, subfolders and files (not inherited) was added to Everyone on E:\\Share\\Share\\Finance", + "message": "Permissions were added to \"Containered\" for group \"contosofoo.com\\Group Admins-Region_200\"", "observer": { + "hostname": "Compute", "product": "DatAdvantage", "vendor": "Varonis Inc.", - "version": "8.6.51" - }, - "source": { - "user": { - "name": "Admin" - } + "version": "8.7.1" }, "tags": [ "preserve_original_event", @@ -125,15 +121,10 @@ An example event for `logs` looks as following: ], "varonis": { "logs": { - "base_event_count": 10, - "changed_permissions": "Read & Execute", - "client_access_type": "test", "device_event_category": "Alert", - "mail_recipient": "admin@test.com", - "mailbox_access_type": "test", - "old_file_permission": "Read", - "rule_id": 132, - "rule_name": "Permissions granted to Global Access Groups" + "device_host_name": "Compute", + "rule_id": 142, + "rule_name": "Permission changes on OU" } } } @@ -150,12 +141,12 @@ The following non-ECS fields are used in events documents: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | -| event.dataset | | constant_keyword | -| event.module | | constant_keyword | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | +| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | constant_keyword | +| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | constant_keyword | | event.severity_label | | keyword | | input.type | Input type | keyword | | varonis.logs.attachment_name | The name of the attachment involved in the event. | keyword | diff --git a/packages/varonis/manifest.yml b/packages/varonis/manifest.yml index 9adeb4c1034..5c39f362c32 100644 --- a/packages/varonis/manifest.yml +++ b/packages/varonis/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.3.0 name: varonis title: Varonis -version: 0.2.0 +version: 1.0.0 source: license: "Elastic-2.0" description: Collect Varonis syslog alerts using TCP/UDP input. diff --git a/packages/websocket/_dev/build/build.yml b/packages/websocket/_dev/build/build.yml index 1f4fa988f6e..dd0bfe313fc 100644 --- a/packages/websocket/_dev/build/build.yml +++ b/packages/websocket/_dev/build/build.yml @@ -1,4 +1,4 @@ dependencies: ecs: - reference: git@v8.11.0 + reference: git@v8.17.0 import_mappings: true diff --git a/packages/websocket/changelog.yml b/packages/websocket/changelog.yml index dfff2d376ea..3d9a1526114 100644 --- a/packages/websocket/changelog.yml +++ b/packages/websocket/changelog.yml @@ -1,4 +1,12 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/15298 + - description: ECS version updated to 8.17.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/15298 - version: "0.3.0" changes: - description: Added support for retry configuration options. diff --git a/packages/websocket/fields/base-fields.yml b/packages/websocket/fields/base-fields.yml index 3ca883eb577..854aa942c1a 100644 --- a/packages/websocket/fields/base-fields.yml +++ b/packages/websocket/fields/base-fields.yml @@ -1,16 +1,12 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: event.module type: constant_keyword - description: Event module. + external: ecs value: websocket - name: '@timestamp' - type: date - description: Event timestamp. + external: ecs diff --git a/packages/websocket/manifest.yml b/packages/websocket/manifest.yml index cf75a1afefa..58348cc4304 100644 --- a/packages/websocket/manifest.yml +++ b/packages/websocket/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.2 name: websocket title: Custom Websocket logs -version: "0.3.0" +version: "1.0.0" description: Collect custom events from a socket server with Elastic agent. type: input categories: diff --git a/packages/websocket/sample_event.json b/packages/websocket/sample_event.json index 9043ab73452..5aa76e3f951 100644 --- a/packages/websocket/sample_event.json +++ b/packages/websocket/sample_event.json @@ -1,35 +1,35 @@ { - "@timestamp": "2024-07-08T09:25:41.330Z", + "@timestamp": "2025-09-11T06:55:43.543Z", "agent": { - "ephemeral_id": "1fdf894d-9ddc-4c11-bf25-1970712a0bd9", - "id": "d9b59d61-0816-4bba-a760-819d10d05da0", - "name": "docker-fleet-agent", + "ephemeral_id": "6902384c-c24d-4f6a-ac57-9a3ee186a4d1", + "id": "26871689-b9ad-4a6b-8395-c82857bc962f", + "name": "elastic-agent-48435", "type": "filebeat", - "version": "8.13.0" + "version": "8.16.3" }, "data_stream": { "dataset": "websocket.websocket", - "namespace": "ep", + "namespace": "99650", "type": "logs" }, "ecs": { "version": "8.0.0" }, "elastic_agent": { - "id": "d9b59d61-0816-4bba-a760-819d10d05da0", + "id": "26871689-b9ad-4a6b-8395-c82857bc962f", "snapshot": false, - "version": "8.13.0" + "version": "8.16.3" }, "event": { "agent_id_status": "verified", "dataset": "websocket.websocket", - "ingested": "2024-07-08T09:25:53Z" + "ingested": "2025-09-11T06:55:46Z" }, "input": { - "type": "websocket" + "type": "streaming" }, "message": "{\"data\":\"testdata1\",\"id\":\"test1234567891\",\"ts\":\"2024-01-01T01:00:00.000000-00:00\"}", "tags": [ "forwarded" ] -} \ No newline at end of file +}