diff --git a/packages/network_traffic/_dev/build/docs/README.md b/packages/network_traffic/_dev/build/docs/README.md index 09639d8191a..bc1a459fc98 100644 --- a/packages/network_traffic/_dev/build/docs/README.md +++ b/packages/network_traffic/_dev/build/docs/README.md @@ -53,6 +53,13 @@ filter, very little CPU is required to discard the packet. Network Packet Captur also uses the ports specified here to determine which parser to use for each packet. +#### `monitor_processes` + +If this option is enabled then network traffic events will be enriched +with information about the process associated with the events. + +The default value is false. + #### `send_request` If this option is enabled, the raw message of the request (`request` diff --git a/packages/network_traffic/changelog.yml b/packages/network_traffic/changelog.yml index 9e9d88dd7b5..21cb64a16dd 100644 --- a/packages/network_traffic/changelog.yml +++ b/packages/network_traffic/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Add option to monitor processes. + type: enhancement + link: https://github.com/elastic/integrations/pull/3456 - version: "1.1.0" changes: - description: Add configuration documentation. diff --git a/packages/network_traffic/data_stream/amqp/agent/stream/amqp.yml.hbs b/packages/network_traffic/data_stream/amqp/agent/stream/amqp.yml.hbs index 22fb1883a07..e22e20e7742 100644 --- a/packages/network_traffic/data_stream/amqp/agent/stream/amqp.yml.hbs +++ b/packages/network_traffic/data_stream/amqp/agent/stream/amqp.yml.hbs @@ -39,6 +39,10 @@ tags: - {{tag}} {{/each}} {{/if}} +{{#if monitor_processes}} +procs: + enabled: true +{{/if}} {{#if interface}} interface: {{#if (contains ".pcap" interface)}} diff --git a/packages/network_traffic/data_stream/amqp/manifest.yml b/packages/network_traffic/data_stream/amqp/manifest.yml index 392448511ad..a94af8b08b5 100644 --- a/packages/network_traffic/data_stream/amqp/manifest.yml +++ b/packages/network_traffic/data_stream/amqp/manifest.yml @@ -14,6 +14,15 @@ streams: required: true show_user: true default: [5672] + - name: monitor_processes + type: bool + title: Monitor Processes + description: |- + If this option is enabled then network traffic events will be enriched + with information about the process associated with the events. + show_user: true + multi: false + required: false - name: max_body_length type: integer title: Max Body Length diff --git a/packages/network_traffic/data_stream/cassandra/agent/stream/cassandra.yml.hbs b/packages/network_traffic/data_stream/cassandra/agent/stream/cassandra.yml.hbs index 9c4ec167d10..112bc832e83 100644 --- a/packages/network_traffic/data_stream/cassandra/agent/stream/cassandra.yml.hbs +++ b/packages/network_traffic/data_stream/cassandra/agent/stream/cassandra.yml.hbs @@ -39,6 +39,10 @@ tags: - {{tag}} {{/each}} {{/if}} +{{#if monitor_processes}} +procs: + enabled: true +{{/if}} {{#if interface}} interface: {{#if (contains ".pcap" interface)}} diff --git a/packages/network_traffic/data_stream/cassandra/manifest.yml b/packages/network_traffic/data_stream/cassandra/manifest.yml index b05f2d1e4ed..1af2f7ff383 100644 --- a/packages/network_traffic/data_stream/cassandra/manifest.yml +++ b/packages/network_traffic/data_stream/cassandra/manifest.yml @@ -14,6 +14,15 @@ streams: required: true show_user: true default: [9042] + - name: monitor_processes + type: bool + title: Monitor Processes + description: |- + If this option is enabled then network traffic events will be enriched + with information about the process associated with the events. + show_user: true + multi: false + required: false - name: send_request type: bool title: Send Request diff --git a/packages/network_traffic/data_stream/dhcpv4/agent/stream/dhcpv4.yml.hbs b/packages/network_traffic/data_stream/dhcpv4/agent/stream/dhcpv4.yml.hbs index 2c566382552..d29d14891c8 100644 --- a/packages/network_traffic/data_stream/dhcpv4/agent/stream/dhcpv4.yml.hbs +++ b/packages/network_traffic/data_stream/dhcpv4/agent/stream/dhcpv4.yml.hbs @@ -18,6 +18,10 @@ tags: - {{tag}} {{/each}} {{/if}} +{{#if monitor_processes}} +procs: + enabled: true +{{/if}} {{#if interface}} interface: {{#if (contains ".pcap" interface)}} diff --git a/packages/network_traffic/data_stream/dhcpv4/manifest.yml b/packages/network_traffic/data_stream/dhcpv4/manifest.yml index fc09a927815..164d86ca2f4 100644 --- a/packages/network_traffic/data_stream/dhcpv4/manifest.yml +++ b/packages/network_traffic/data_stream/dhcpv4/manifest.yml @@ -14,6 +14,15 @@ streams: required: true show_user: true default: [67, 68] + - name: monitor_processes + type: bool + title: Monitor Processes + description: |- + If this option is enabled then network traffic events will be enriched + with information about the process associated with the events. + show_user: true + multi: false + required: false - name: keep_null type: bool title: Keep Null diff --git a/packages/network_traffic/data_stream/dns/agent/stream/dns.yml.hbs b/packages/network_traffic/data_stream/dns/agent/stream/dns.yml.hbs index e68885b2f8f..1c81667ce1c 100644 --- a/packages/network_traffic/data_stream/dns/agent/stream/dns.yml.hbs +++ b/packages/network_traffic/data_stream/dns/agent/stream/dns.yml.hbs @@ -33,6 +33,10 @@ tags: - {{tag}} {{/each}} {{/if}} +{{#if monitor_processes}} +procs: + enabled: true +{{/if}} {{#if interface}} interface: {{#if (contains ".pcap" interface)}} diff --git a/packages/network_traffic/data_stream/dns/manifest.yml b/packages/network_traffic/data_stream/dns/manifest.yml index cc5476bfad0..4cbea720ebd 100644 --- a/packages/network_traffic/data_stream/dns/manifest.yml +++ b/packages/network_traffic/data_stream/dns/manifest.yml @@ -14,6 +14,15 @@ streams: required: true show_user: true default: [53] + - name: monitor_processes + type: bool + title: Monitor Processes + description: |- + If this option is enabled then network traffic events will be enriched + with information about the process associated with the events. + show_user: true + multi: false + required: false - name: include_authorities type: bool title: Include Authorities diff --git a/packages/network_traffic/data_stream/flow/agent/stream/flow.yml.hbs b/packages/network_traffic/data_stream/flow/agent/stream/flow.yml.hbs index 8759e465b3a..80893220704 100644 --- a/packages/network_traffic/data_stream/flow/agent/stream/flow.yml.hbs +++ b/packages/network_traffic/data_stream/flow/agent/stream/flow.yml.hbs @@ -5,6 +5,10 @@ flows.timeout: '{{timeout}}' {{#if period}} flows.period: '{{period}}' {{/if}} +{{#if monitor_processes}} +procs: + enabled: true +{{/if}} {{#if interface}} interface: {{#if (contains ".pcap" interface)}} diff --git a/packages/network_traffic/data_stream/flow/manifest.yml b/packages/network_traffic/data_stream/flow/manifest.yml index 4f455c6f258..88301fa55bb 100644 --- a/packages/network_traffic/data_stream/flow/manifest.yml +++ b/packages/network_traffic/data_stream/flow/manifest.yml @@ -7,6 +7,15 @@ streams: description: Track Network Flows template_path: flow.yml.hbs vars: + - name: monitor_processes + type: bool + title: Monitor Processes + description: |- + If this option is enabled then network traffic events will be enriched + with information about the process associated with the events. + show_user: true + multi: false + required: false - name: period type: text title: Period diff --git a/packages/network_traffic/data_stream/http/agent/stream/http.yml.hbs b/packages/network_traffic/data_stream/http/agent/stream/http.yml.hbs index 4c2aecad102..a9fc16e4880 100644 --- a/packages/network_traffic/data_stream/http/agent/stream/http.yml.hbs +++ b/packages/network_traffic/data_stream/http/agent/stream/http.yml.hbs @@ -75,6 +75,10 @@ tags: - {{tag}} {{/each}} {{/if}} +{{#if monitor_processes}} +procs: + enabled: true +{{/if}} {{#if interface}} interface: {{#if (contains ".pcap" interface)}} diff --git a/packages/network_traffic/data_stream/http/manifest.yml b/packages/network_traffic/data_stream/http/manifest.yml index f16188331c1..e7f68c99df9 100644 --- a/packages/network_traffic/data_stream/http/manifest.yml +++ b/packages/network_traffic/data_stream/http/manifest.yml @@ -14,6 +14,15 @@ streams: required: true show_user: true default: [80, 8080, 8000, 5000, 8002] + - name: monitor_processes + type: bool + title: Monitor Processes + description: |- + If this option is enabled then network traffic events will be enriched + with information about the process associated with the events. + show_user: true + multi: false + required: false - name: hide_keywords type: text title: Hide Keywords diff --git a/packages/network_traffic/data_stream/icmp/agent/stream/icmp.yml.hbs b/packages/network_traffic/data_stream/icmp/agent/stream/icmp.yml.hbs index f550ca79fa5..2c27e9ec06e 100644 --- a/packages/network_traffic/data_stream/icmp/agent/stream/icmp.yml.hbs +++ b/packages/network_traffic/data_stream/icmp/agent/stream/icmp.yml.hbs @@ -12,6 +12,10 @@ tags: - {{tag}} {{/each}} {{/if}} +{{#if monitor_processes}} +procs: + enabled: true +{{/if}} {{#if interface}} interface: {{#if (contains ".pcap" interface)}} diff --git a/packages/network_traffic/data_stream/icmp/manifest.yml b/packages/network_traffic/data_stream/icmp/manifest.yml index ca911dc8e07..65389d2e139 100644 --- a/packages/network_traffic/data_stream/icmp/manifest.yml +++ b/packages/network_traffic/data_stream/icmp/manifest.yml @@ -7,6 +7,15 @@ streams: description: Capture ICMP Traffic template_path: icmp.yml.hbs vars: + - name: monitor_processes + type: bool + title: Monitor Processes + description: |- + If this option is enabled then network traffic events will be enriched + with information about the process associated with the events. + show_user: true + multi: false + required: false - name: keep_null type: bool title: Keep Null diff --git a/packages/network_traffic/data_stream/memcached/agent/stream/memcached.yml.hbs b/packages/network_traffic/data_stream/memcached/agent/stream/memcached.yml.hbs index 136c8ad8779..fb53ef747c9 100644 --- a/packages/network_traffic/data_stream/memcached/agent/stream/memcached.yml.hbs +++ b/packages/network_traffic/data_stream/memcached/agent/stream/memcached.yml.hbs @@ -39,6 +39,10 @@ tags: - {{tag}} {{/each}} {{/if}} +{{#if monitor_processes}} +procs: + enabled: true +{{/if}} {{#if interface}} interface: {{#if (contains ".pcap" interface)}} diff --git a/packages/network_traffic/data_stream/memcached/manifest.yml b/packages/network_traffic/data_stream/memcached/manifest.yml index 9120331b9d9..a40b7e1c777 100644 --- a/packages/network_traffic/data_stream/memcached/manifest.yml +++ b/packages/network_traffic/data_stream/memcached/manifest.yml @@ -14,6 +14,15 @@ streams: required: true show_user: true default: [11211] + - name: monitor_processes + type: bool + title: Monitor Processes + description: |- + If this option is enabled then network traffic events will be enriched + with information about the process associated with the events. + show_user: true + multi: false + required: false - name: parseunknown type: bool title: Parseunknown diff --git a/packages/network_traffic/data_stream/mongodb/agent/stream/mongodb.yml.hbs b/packages/network_traffic/data_stream/mongodb/agent/stream/mongodb.yml.hbs index fe92042bcc6..c640e075232 100644 --- a/packages/network_traffic/data_stream/mongodb/agent/stream/mongodb.yml.hbs +++ b/packages/network_traffic/data_stream/mongodb/agent/stream/mongodb.yml.hbs @@ -33,6 +33,10 @@ tags: - {{tag}} {{/each}} {{/if}} +{{#if monitor_processes}} +procs: + enabled: true +{{/if}} {{#if interface}} interface: {{#if (contains ".pcap" interface)}} diff --git a/packages/network_traffic/data_stream/mongodb/manifest.yml b/packages/network_traffic/data_stream/mongodb/manifest.yml index 0ff11578a24..67dbb005f54 100644 --- a/packages/network_traffic/data_stream/mongodb/manifest.yml +++ b/packages/network_traffic/data_stream/mongodb/manifest.yml @@ -14,6 +14,15 @@ streams: required: true show_user: true default: [27017] + - name: monitor_processes + type: bool + title: Monitor Processes + description: |- + If this option is enabled then network traffic events will be enriched + with information about the process associated with the events. + show_user: true + multi: false + required: false - name: max_docs type: integer title: Max Docs diff --git a/packages/network_traffic/data_stream/mysql/agent/stream/mysql.yml.hbs b/packages/network_traffic/data_stream/mysql/agent/stream/mysql.yml.hbs index 85b82a47b39..ded52aaee1e 100644 --- a/packages/network_traffic/data_stream/mysql/agent/stream/mysql.yml.hbs +++ b/packages/network_traffic/data_stream/mysql/agent/stream/mysql.yml.hbs @@ -27,6 +27,10 @@ tags: - {{tag}} {{/each}} {{/if}} +{{#if monitor_processes}} +procs: + enabled: true +{{/if}} {{#if interface}} interface: {{#if (contains ".pcap" interface)}} diff --git a/packages/network_traffic/data_stream/mysql/manifest.yml b/packages/network_traffic/data_stream/mysql/manifest.yml index c4655854f09..1f206a34a66 100644 --- a/packages/network_traffic/data_stream/mysql/manifest.yml +++ b/packages/network_traffic/data_stream/mysql/manifest.yml @@ -14,6 +14,15 @@ streams: required: true show_user: true default: [3306, 3307] + - name: monitor_processes + type: bool + title: Monitor Processes + description: |- + If this option is enabled then network traffic events will be enriched + with information about the process associated with the events. + show_user: true + multi: false + required: false - name: send_request type: bool title: Send Request diff --git a/packages/network_traffic/data_stream/nfs/agent/stream/nfs.yml.hbs b/packages/network_traffic/data_stream/nfs/agent/stream/nfs.yml.hbs index c8349a7bcb5..8212b36930b 100644 --- a/packages/network_traffic/data_stream/nfs/agent/stream/nfs.yml.hbs +++ b/packages/network_traffic/data_stream/nfs/agent/stream/nfs.yml.hbs @@ -27,6 +27,10 @@ tags: - {{tag}} {{/each}} {{/if}} +{{#if monitor_processes}} +procs: + enabled: true +{{/if}} {{#if interface}} interface: {{#if (contains ".pcap" interface)}} diff --git a/packages/network_traffic/data_stream/nfs/manifest.yml b/packages/network_traffic/data_stream/nfs/manifest.yml index 4e5323fa1e1..2d98b08dc85 100644 --- a/packages/network_traffic/data_stream/nfs/manifest.yml +++ b/packages/network_traffic/data_stream/nfs/manifest.yml @@ -14,6 +14,15 @@ streams: required: true show_user: true default: [2049] + - name: monitor_processes + type: bool + title: Monitor Processes + description: |- + If this option is enabled then network traffic events will be enriched + with information about the process associated with the events. + show_user: true + multi: false + required: false - name: send_request type: bool title: Send Request diff --git a/packages/network_traffic/data_stream/pgsql/agent/stream/pgsql.yml.hbs b/packages/network_traffic/data_stream/pgsql/agent/stream/pgsql.yml.hbs index 8680c36b1a0..1b9acf9a22c 100644 --- a/packages/network_traffic/data_stream/pgsql/agent/stream/pgsql.yml.hbs +++ b/packages/network_traffic/data_stream/pgsql/agent/stream/pgsql.yml.hbs @@ -27,6 +27,10 @@ tags: - {{tag}} {{/each}} {{/if}} +{{#if monitor_processes}} +procs: + enabled: true +{{/if}} {{#if interface}} interface: {{#if (contains ".pcap" interface)}} diff --git a/packages/network_traffic/data_stream/pgsql/manifest.yml b/packages/network_traffic/data_stream/pgsql/manifest.yml index eb205cd8376..721877d6c75 100644 --- a/packages/network_traffic/data_stream/pgsql/manifest.yml +++ b/packages/network_traffic/data_stream/pgsql/manifest.yml @@ -14,6 +14,15 @@ streams: required: true show_user: true default: [5432] + - name: monitor_processes + type: bool + title: Monitor Processes + description: |- + If this option is enabled then network traffic events will be enriched + with information about the process associated with the events. + show_user: true + multi: false + required: false - name: send_request type: bool title: Send Request diff --git a/packages/network_traffic/data_stream/redis/agent/stream/redis.yml.hbs b/packages/network_traffic/data_stream/redis/agent/stream/redis.yml.hbs index f357ca3a6d1..c611b9e05d9 100644 --- a/packages/network_traffic/data_stream/redis/agent/stream/redis.yml.hbs +++ b/packages/network_traffic/data_stream/redis/agent/stream/redis.yml.hbs @@ -33,6 +33,10 @@ tags: - {{tag}} {{/each}} {{/if}} +{{#if monitor_processes}} +procs: + enabled: true +{{/if}} {{#if interface}} interface: {{#if (contains ".pcap" interface)}} diff --git a/packages/network_traffic/data_stream/redis/manifest.yml b/packages/network_traffic/data_stream/redis/manifest.yml index 9fe0ce4e18e..4260d9a6a75 100644 --- a/packages/network_traffic/data_stream/redis/manifest.yml +++ b/packages/network_traffic/data_stream/redis/manifest.yml @@ -14,6 +14,15 @@ streams: required: true show_user: true default: [6379] + - name: monitor_processes + type: bool + title: Monitor Processes + description: |- + If this option is enabled then network traffic events will be enriched + with information about the process associated with the events. + show_user: true + multi: false + required: false - name: send_request type: bool title: Send Request diff --git a/packages/network_traffic/data_stream/sip/agent/stream/sip.yml.hbs b/packages/network_traffic/data_stream/sip/agent/stream/sip.yml.hbs index 935ea011ee1..01ce8f54709 100644 --- a/packages/network_traffic/data_stream/sip/agent/stream/sip.yml.hbs +++ b/packages/network_traffic/data_stream/sip/agent/stream/sip.yml.hbs @@ -24,6 +24,10 @@ tags: - {{tag}} {{/each}} {{/if}} +{{#if monitor_processes}} +procs: + enabled: true +{{/if}} {{#if interface}} interface: {{#if (contains ".pcap" interface)}} diff --git a/packages/network_traffic/data_stream/sip/manifest.yml b/packages/network_traffic/data_stream/sip/manifest.yml index 79dd27ea524..325149aad57 100644 --- a/packages/network_traffic/data_stream/sip/manifest.yml +++ b/packages/network_traffic/data_stream/sip/manifest.yml @@ -14,6 +14,15 @@ streams: required: true show_user: true default: [5060] + - name: monitor_processes + type: bool + title: Monitor Processes + description: |- + If this option is enabled then network traffic events will be enriched + with information about the process associated with the events. + show_user: true + multi: false + required: false - name: parse_authorization type: bool title: Parse Authorization diff --git a/packages/network_traffic/data_stream/thrift/agent/stream/thrift.yml.hbs b/packages/network_traffic/data_stream/thrift/agent/stream/thrift.yml.hbs index d6d96042535..5437c4f132d 100644 --- a/packages/network_traffic/data_stream/thrift/agent/stream/thrift.yml.hbs +++ b/packages/network_traffic/data_stream/thrift/agent/stream/thrift.yml.hbs @@ -54,6 +54,10 @@ tags: - {{tag}} {{/each}} {{/if}} +{{#if monitor_processes}} +procs: + enabled: true +{{/if}} {{#if interface}} interface: {{#if (contains ".pcap" interface)}} diff --git a/packages/network_traffic/data_stream/thrift/manifest.yml b/packages/network_traffic/data_stream/thrift/manifest.yml index 29eabbeb193..4429f535676 100644 --- a/packages/network_traffic/data_stream/thrift/manifest.yml +++ b/packages/network_traffic/data_stream/thrift/manifest.yml @@ -14,6 +14,15 @@ streams: required: true show_user: true default: [9090] + - name: monitor_processes + type: bool + title: Monitor Processes + description: |- + If this option is enabled then network traffic events will be enriched + with information about the process associated with the events. + show_user: true + multi: false + required: false - name: transport_type type: text title: Transport Type diff --git a/packages/network_traffic/data_stream/tls/agent/stream/tls.yml.hbs b/packages/network_traffic/data_stream/tls/agent/stream/tls.yml.hbs index 877a553bfd0..b4e8f496fcb 100644 --- a/packages/network_traffic/data_stream/tls/agent/stream/tls.yml.hbs +++ b/packages/network_traffic/data_stream/tls/agent/stream/tls.yml.hbs @@ -30,6 +30,10 @@ tags: - {{tag}} {{/each}} {{/if}} +{{#if monitor_processes}} +procs: + enabled: true +{{/if}} {{#if interface}} interface: {{#if (contains ".pcap" interface)}} diff --git a/packages/network_traffic/data_stream/tls/manifest.yml b/packages/network_traffic/data_stream/tls/manifest.yml index d2b8f403da6..1a5c6706845 100644 --- a/packages/network_traffic/data_stream/tls/manifest.yml +++ b/packages/network_traffic/data_stream/tls/manifest.yml @@ -14,6 +14,15 @@ streams: required: true show_user: true default: [443, 993, 995, 5223, 8443, 8883, 9243] + - name: monitor_processes + type: bool + title: Monitor Processes + description: |- + If this option is enabled then network traffic events will be enriched + with information about the process associated with the events. + show_user: true + multi: false + required: false - name: fingerprints type: text title: Fingerprints diff --git a/packages/network_traffic/docs/README.md b/packages/network_traffic/docs/README.md index f446dfef902..1d726b438fe 100644 --- a/packages/network_traffic/docs/README.md +++ b/packages/network_traffic/docs/README.md @@ -53,6 +53,13 @@ filter, very little CPU is required to discard the packet. Network Packet Captur also uses the ports specified here to determine which parser to use for each packet. +#### `monitor_processes` + +If this option is enabled then network traffic events will be enriched +with information about the process associated with the events. + +The default value is false. + #### `send_request` If this option is enabled, the raw message of the request (`request` diff --git a/packages/network_traffic/manifest.yml b/packages/network_traffic/manifest.yml index b7131f66f36..984817a8432 100644 --- a/packages/network_traffic/manifest.yml +++ b/packages/network_traffic/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: network_traffic title: Network Packet Capture -version: 1.1.0 +version: 1.2.0 license: basic description: Capture and analyze network traffic from a host with Elastic Agent. type: integration