-
Notifications
You must be signed in to change notification settings - Fork 378
/
manifest.yml
127 lines (127 loc) · 4.89 KB
/
manifest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
name: crowdstrike
title: CrowdStrike
version: "1.32.1"
description: Collect logs from Crowdstrike with Elastic Agent.
type: integration
format_version: "3.0.0"
categories: [security, edr_xdr]
conditions:
kibana:
version: "^8.12.0"
icons:
- src: /img/logo-integrations-crowdstrike.svg
title: CrowdStrike
size: 216x216
type: image/svg+xml
screenshots:
- src: /img/siem-alerts-cs.jpg
title: CrowdStrike SIEM Alerts
size: 3360x1776
type: image/jpg
- src: /img/siem-events-cs.jpg
title: CrowdStrike SIEM Events
size: 3360x1776
type: image/jpg
- src: /img/cs-fdr1.png
title: CrowdStrike FDR Overview
size: 1535x626
type: image/png
- src: /img/cs-falcon1.png
title: CrowdStrike Falcon Overview
size: 1535x626
type: image/png
- src: /img/cs-overview1.png
title: CrowdStrike Overview
size: 1535x626
type: image/png
- src: /img/crowdstrike-alert-dashboard.png
title: CrowdStrike Alert
size: 1535x626
type: image/png
- src: /img/crowdstrike-host-dashboard.png
title: CrowdStrike Host
size: 1535x626
type: image/png
policy_templates:
- name: crowdstrike
title: CrowdStrike
description: Collect logs from CrowdStrike Falcon and FDR
inputs:
- type: logfile
title: "Collect CrowdStrike Falcon and FDR logs (input: logfile)"
description: "Collecting logs from CrowdStrike Falcon and FDR (input: logfile)"
- type: aws-s3
title: "Collect CrowdStrike Falcon Data Replicator logs (input: aws-s3)"
description: "Collecting logs from CrowdStrike Falcon Data Replicator (input: aws-s3)"
- type: cel
title: Collect CrowdStrike logs via API
description: Collecting CrowdStrike logs via API.
vars:
- name: client_id
type: text
title: Client ID
description: Client ID for the CrowdStrike.
multi: false
required: true
show_user: true
- name: client_secret
type: password
title: Client Secret
description: Client Secret for the CrowdStrike.
multi: false
required: true
show_user: true
secret: true
- name: url
type: text
title: URL
description: Base URL of the CrowdStrike API. Defaults to https://api.crowdstrike.com
default: https://api.crowdstrike.com
required: true
show_user: true
- name: token_url
type: text
title: Token URL
description: Token URL of CrowdStrike.
default: https://api.crowdstrike.com/oauth2/token
required: true
show_user: false
- name: proxy_url
type: text
title: Proxy URL
multi: false
required: false
show_user: false
description: URL to proxy connections in the form of http[s]://<user>:<password>@<server name/ip>:<port>. Please ensure your username and password are in URL encoded format.
- name: ssl
type: yaml
title: SSL Configuration
description: i.e. certificate_authorities, supported_protocols, verification_mode etc.
multi: false
required: false
show_user: false
default: |
#certificate_authorities:
# - |
# -----BEGIN CERTIFICATE-----
# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF
# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2
# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB
# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n
# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl
# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t
# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP
# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41
# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O
# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux
# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D
# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw
# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA
# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu
# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0
# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk
# sxSmbIUfc2SGJGCJD4I=
# -----END CERTIFICATE-----
owner:
github: elastic/security-service-integrations
type: elastic