diff --git a/packages/axonius/_dev/build/docs/README.md b/packages/axonius/_dev/build/docs/README.md index f30b1b445bb..935357a2522 100644 --- a/packages/axonius/_dev/build/docs/README.md +++ b/packages/axonius/_dev/build/docs/README.md @@ -19,13 +19,15 @@ This integration collects log messages of the following type: - `User`: Collect details of all users (endpoint: `/api/v2/users`). +- `Gateway`: Collect details of all Gateway (endpoint: `/api/v2/gateway`). + ### Supported use cases -Integrating the Axonius Adapter and User Data streams with Elastic SIEM provides centralized visibility into both data-collection health and user identity context across the environment. Together, these data streams help analysts understand how data is being ingested through adapters and how that data maps to user identities and access posture. +Integrating the Axonius Adapter, User, and Gateway data streams with Elastic SIEM provides centralized visibility into data ingestion health, user identity context, and gateway configuration across the environment. Together, these data streams help analysts understand how data flows into the platform, how it maps to user access and roles, and how gateways operate within the network. -The dashboards highlight overall adapter status and connection behavior, making it easy to identify healthy integrations, failing plugins, and error-prone connections that may impact asset visibility. At the same time, user-focused views surface role distribution and essential identity attributes, helping analysts quickly assess access patterns and identify high-privileged or unusual user activity. Consolidated user details and source information provide clarity on where identity data originates and whether coverage gaps exist. +The dashboards surface key insights into adapter and gateway status, connection behavior, and routing context, making it easy to identify failing integrations, misconfigurations, or irregular network behavior. At the same time, user-focused views highlight role distribution and essential identity attributes, supporting quick assessment of access posture and detection of unusual or high-privileged activity. -By combining adapter health insights with user identity visibility, security teams can ensure reliable data ingestion, detect identity-related anomalies, reduce blind spots, and streamline investigations that depend on accurate, end-to-end context from both integrations and users. +By correlating integration health, identity context, and gateway configuration, security teams can reduce blind spots, detect anomalies more effectively, and streamline investigations with accurate, end-to-end operational and security context. ## What do I need to use this integration? @@ -126,6 +128,16 @@ The `user` data stream provides user events from axonius. {{ event "user" }} +### Gateway + +The `gateway` data stream provides gateway events from axonius. + +#### gateway fields + +{{ fields "gateway" }} + +{{ event "gateway" }} + ### Inputs used {{/* All inputs used by this package will be automatically listed here. */}} {{ inputDocs }} @@ -136,7 +148,8 @@ These APIs are used with this integration: * Adapter (endpoint: `/api/v2/adapters`) * User (endpoint: `/api/v2/users`) +* Gateway (endpoint: `/api/v2/gateway`) ### ILM Policy -To facilitate adapter and user data, source data stream-backed indices `.ds-logs-axonius.adapter-*` and `.ds-logs-axonius.user-*` respectively are allowed to contain duplicates from each polling interval. ILM policies `logs-axonius.adapter-default_policy` and `logs-axonius.user-default_policy` are added to these source indices, so it doesn't lead to unbounded growth. This means that in these source indices data will be deleted after `30 days` from ingested date. +To facilitate adapter, user and gateway data, source data stream-backed indices `.ds-logs-axonius.adapter-*`, `.ds-logs-axonius.user-*` and `.ds-logs-axonius.gateway-*` respectively are allowed to contain duplicates from each polling interval. ILM policies `logs-axonius.adapter-default_policy`, `logs-axonius.user-default_policy` amd `logs-axonius.gateway-default_policy` are added to these source indices, so it doesn't lead to unbounded growth. This means that in these source indices data will be deleted after `30 days` from ingested date. diff --git a/packages/axonius/_dev/deploy/docker/files/config.yml b/packages/axonius/_dev/deploy/docker/files/config.yml index cf0145e8086..18e05b3075f 100644 --- a/packages/axonius/_dev/deploy/docker/files/config.yml +++ b/packages/axonius/_dev/deploy/docker/files/config.yml @@ -154,4 +154,66 @@ rules: } ] } + `}} + - path: /api/v2/gateways + methods: ['GET'] + request_headers: + Accept: application/json + api-key: xxxx + api-secret: xxxx + responses: + - status_code: 200 + headers: + Content-Type: + - 'application/json' + body: |- + {{ minify_json ` + { + "gateways": [ + { + "name": "Gateway_1", + "default": false, + "dns_server": "1.128.0.0", + "email_when_connected": false, + "email_when_disconnected": false, + "email_recipients": [ + "john.doe@example.com" + ], + "backup_ids": [ + "backup1", + "backup2" + ], + "tunnel_proxy_settings": { + "enabled": false, + "tunnel_proxy_addr": "addr", + "tunnel_proxy_port": 8080, + "tunnel_proxy_user": "tunnel-proxy-01" + }, + "id": "tunnel3", + "status": "pending" + }, + { + "name": "Gateway_3", + "default": false, + "dns_server": "216.160.83.56", + "email_when_connected": false, + "email_when_disconnected": false, + "email_recipients": [ + "alias.doe@example.com" + ], + "backup_ids": [ + "backup1", + "backup2" + ], + "tunnel_proxy_settings": { + "enabled": false, + "tunnel_proxy_addr": "addr1", + "tunnel_proxy_port": 8081, + "tunnel_proxy_user": "tunnel-proxy-02" + }, + "id": "tunnel2", + "status": "error" + } + ] + } `}} \ No newline at end of file diff --git a/packages/axonius/changelog.yml b/packages/axonius/changelog.yml index 23fd698480f..581073081c8 100644 --- a/packages/axonius/changelog.yml +++ b/packages/axonius/changelog.yml @@ -3,4 +3,4 @@ changes: - description: Initial release. type: enhancement - link: https://github.com/elastic/integrations/pull/16142 + link: https://github.com/elastic/integrations/pull/16169 diff --git a/packages/axonius/data_stream/gateway/_dev/test/pipeline/test-common-config.yml b/packages/axonius/data_stream/gateway/_dev/test/pipeline/test-common-config.yml new file mode 100644 index 00000000000..37e8fa225fd --- /dev/null +++ b/packages/axonius/data_stream/gateway/_dev/test/pipeline/test-common-config.yml @@ -0,0 +1,3 @@ +fields: + tags: + - preserve_duplicate_custom_fields diff --git a/packages/axonius/data_stream/gateway/_dev/test/pipeline/test-gateway.log b/packages/axonius/data_stream/gateway/_dev/test/pipeline/test-gateway.log new file mode 100644 index 00000000000..621234a4634 --- /dev/null +++ b/packages/axonius/data_stream/gateway/_dev/test/pipeline/test-gateway.log @@ -0,0 +1,3 @@ +{"name":"Gateway_1","default":false,"dns_server":"1.128.0.0","email_when_connected":false,"email_when_disconnected":false,"email_recipients":["john.doe@example.com"],"backup_ids":["backup1","backup2"],"tunnel_proxy_settings":{"enabled":false,"tunnel_proxy_addr":"addr","tunnel_proxy_port":8080,"tunnel_proxy_user":"tunnel-proxy-01"},"id":"tunnel3","status":"pending"} +{"name":"Gateway_3","default":false,"dns_server":"216.160.83.56","email_when_connected":false,"email_when_disconnected":false,"email_recipients":["alias.doe@example.com"],"backup_ids":["backup1","backup2"],"tunnel_proxy_settings":{"enabled":false,"tunnel_proxy_addr":"addr1","tunnel_proxy_port":8081,"tunnel_proxy_user":"tunnel-proxy-02"},"id":"tunnel2","status":"error"} +{"name":"Gateway_2","default":true,"dns_server":"89.160.20.128","email_when_connected":false,"email_when_disconnected":false,"email_recipients":["john.martin@example.com"],"backup_ids":["backup1","backup2"],"tunnel_proxy_settings":{"enabled":false,"tunnel_proxy_addr":"addr2","tunnel_proxy_port":8082,"tunnel_proxy_user":"tunnel-proxy-03"},"id":"tunnel1","status":"success"} diff --git a/packages/axonius/data_stream/gateway/_dev/test/pipeline/test-gateway.log-expected.json b/packages/axonius/data_stream/gateway/_dev/test/pipeline/test-gateway.log-expected.json new file mode 100644 index 00000000000..9a45ed4a7d3 --- /dev/null +++ b/packages/axonius/data_stream/gateway/_dev/test/pipeline/test-gateway.log-expected.json @@ -0,0 +1,162 @@ +{ + "expected": [ + { + "axonius": { + "gateway": { + "backup_ids": [ + "backup1", + "backup2" + ], + "default": false, + "dns_server": "1.128.0.0", + "email_recipients": [ + "john.doe@example.com" + ], + "email_when_connected": false, + "email_when_disconnected": false, + "id": "tunnel3", + "name": "Gateway_1", + "status": "pending", + "tunnel_proxy_settings": { + "enabled": false, + "tunnel_proxy_addr": "addr", + "tunnel_proxy_port": "8080", + "tunnel_proxy_user": "tunnel-proxy-01" + } + } + }, + "ecs": { + "version": "9.2.0" + }, + "email": { + "to": { + "address": [ + "john.doe@example.com" + ] + } + }, + "event": { + "id": "tunnel3", + "kind": "event", + "original": "{\"name\":\"Gateway_1\",\"default\":false,\"dns_server\":\"1.128.0.0\",\"email_when_connected\":false,\"email_when_disconnected\":false,\"email_recipients\":[\"john.doe@example.com\"],\"backup_ids\":[\"backup1\",\"backup2\"],\"tunnel_proxy_settings\":{\"enabled\":false,\"tunnel_proxy_addr\":\"addr\",\"tunnel_proxy_port\":8080,\"tunnel_proxy_user\":\"tunnel-proxy-01\"},\"id\":\"tunnel3\",\"status\":\"pending\"}" + }, + "related": { + "ip": [ + "1.128.0.0" + ], + "user": [ + "tunnel-proxy-01" + ] + }, + "tags": [ + "preserve_duplicate_custom_fields" + ] + }, + { + "axonius": { + "gateway": { + "backup_ids": [ + "backup1", + "backup2" + ], + "default": false, + "dns_server": "216.160.83.56", + "email_recipients": [ + "alias.doe@example.com" + ], + "email_when_connected": false, + "email_when_disconnected": false, + "id": "tunnel2", + "name": "Gateway_3", + "status": "error", + "tunnel_proxy_settings": { + "enabled": false, + "tunnel_proxy_addr": "addr1", + "tunnel_proxy_port": "8081", + "tunnel_proxy_user": "tunnel-proxy-02" + } + } + }, + "ecs": { + "version": "9.2.0" + }, + "email": { + "to": { + "address": [ + "alias.doe@example.com" + ] + } + }, + "event": { + "id": "tunnel2", + "kind": "event", + "original": "{\"name\":\"Gateway_3\",\"default\":false,\"dns_server\":\"216.160.83.56\",\"email_when_connected\":false,\"email_when_disconnected\":false,\"email_recipients\":[\"alias.doe@example.com\"],\"backup_ids\":[\"backup1\",\"backup2\"],\"tunnel_proxy_settings\":{\"enabled\":false,\"tunnel_proxy_addr\":\"addr1\",\"tunnel_proxy_port\":8081,\"tunnel_proxy_user\":\"tunnel-proxy-02\"},\"id\":\"tunnel2\",\"status\":\"error\"}", + "outcome": "failure" + }, + "related": { + "ip": [ + "216.160.83.56" + ], + "user": [ + "tunnel-proxy-02" + ] + }, + "tags": [ + "preserve_duplicate_custom_fields" + ] + }, + { + "axonius": { + "gateway": { + "backup_ids": [ + "backup1", + "backup2" + ], + "default": true, + "dns_server": "89.160.20.128", + "email_recipients": [ + "john.martin@example.com" + ], + "email_when_connected": false, + "email_when_disconnected": false, + "id": "tunnel1", + "name": "Gateway_2", + "status": "success", + "tunnel_proxy_settings": { + "enabled": false, + "tunnel_proxy_addr": "addr2", + "tunnel_proxy_port": "8082", + "tunnel_proxy_user": "tunnel-proxy-03" + } + } + }, + "ecs": { + "version": "9.2.0" + }, + "email": { + "to": { + "address": [ + "john.martin@example.com" + ] + } + }, + "event": { + "id": "tunnel1", + "kind": "event", + "original": "{\"name\":\"Gateway_2\",\"default\":true,\"dns_server\":\"89.160.20.128\",\"email_when_connected\":false,\"email_when_disconnected\":false,\"email_recipients\":[\"john.martin@example.com\"],\"backup_ids\":[\"backup1\",\"backup2\"],\"tunnel_proxy_settings\":{\"enabled\":false,\"tunnel_proxy_addr\":\"addr2\",\"tunnel_proxy_port\":8082,\"tunnel_proxy_user\":\"tunnel-proxy-03\"},\"id\":\"tunnel1\",\"status\":\"success\"}", + "outcome": "success" + }, + "related": { + "ip": [ + "89.160.20.128" + ], + "user": [ + "tunnel-proxy-03" + ] + }, + "tags": [ + "preserve_duplicate_custom_fields" + ] + } + ] +} diff --git a/packages/axonius/data_stream/gateway/_dev/test/system/test-default-config.yml b/packages/axonius/data_stream/gateway/_dev/test/system/test-default-config.yml new file mode 100644 index 00000000000..456301a9199 --- /dev/null +++ b/packages/axonius/data_stream/gateway/_dev/test/system/test-default-config.yml @@ -0,0 +1,12 @@ +input: cel +service: axonius +vars: + url: http://{{Hostname}}:{{Port}} + api_key: xxxx + secret_key: xxxx +data_stream: + vars: + preserve_original_event: true + preserve_duplicate_custom_fields: true +assert: + hit_count: 2 diff --git a/packages/axonius/data_stream/gateway/agent/stream/cel.yml.hbs b/packages/axonius/data_stream/gateway/agent/stream/cel.yml.hbs new file mode 100644 index 00000000000..3980d1c2458 --- /dev/null +++ b/packages/axonius/data_stream/gateway/agent/stream/cel.yml.hbs @@ -0,0 +1,79 @@ +config_version: 2 +interval: {{interval}} +resource.tracer: + enabled: {{enable_request_tracer}} + filename: "../../logs/cel/http-request-trace-*.ndjson" + maxbackups: 5 +{{#if proxy_url}} +resource.proxy_url: {{proxy_url}} +{{/if}} +{{#if ssl}} +resource.ssl: {{ssl}} +{{/if}} +{{#if http_client_timeout}} +resource.timeout: {{http_client_timeout}} +{{/if}} +resource.url: {{url}} + +state: + api_key: {{api_key}} + secret_key: {{secret_key}} +redact: + fields: + - api_key + - secret_key +program: | + request( + "GET", + state.url.trim_right("/") + "/api/v2/gateways" + ).with({ + "Header":{ + "Accept": ["application/json"], + "api-key": [state.api_key], + "api-secret": [state.secret_key], + } + }).do_request().as(resp, resp.StatusCode == 200 ? + resp.Body.decode_json().as(body, + { + "events": body.?gateways.orValue([]).map(e, { + "message": e.encode_json(), + }), + "api_key": state.api_key, + "secret_key": state.secret_key, + } + ) + : + { + "events": { + "error": { + "code": string(resp.StatusCode), + "id": string(resp.Status), + "message": "GET" + state.url.trim_right("/") + "/api/v2/gateways/: " + ( + size(resp.Body) != 0 ? + string(resp.Body) + : + string(resp.Status) + ' (' + string(resp.StatusCode) + ')' + ), + }, + }, + "api_key": state.api_key, + "secret_key": state.secret_key, + } + ) +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#if preserve_duplicate_custom_fields}} + - preserve_duplicate_custom_fields +{{/if}} +{{#each tags as |tag|}} + - {{tag}} +{{/each}} +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} +{{#if processors}} +processors: +{{processors}} +{{/if}} diff --git a/packages/axonius/data_stream/gateway/elasticsearch/ilm/default_policy.json b/packages/axonius/data_stream/gateway/elasticsearch/ilm/default_policy.json new file mode 100644 index 00000000000..24bbfc79405 --- /dev/null +++ b/packages/axonius/data_stream/gateway/elasticsearch/ilm/default_policy.json @@ -0,0 +1,20 @@ +{ + "policy": { + "phases": { + "hot": { + "actions": { + "rollover": { + "max_age": "30d", + "max_primary_shard_size": "50gb" + } + } + }, + "delete": { + "min_age": "30d", + "actions": { + "delete": {} + } + } + } + } +} diff --git a/packages/axonius/data_stream/gateway/elasticsearch/ingest_pipeline/default.yml b/packages/axonius/data_stream/gateway/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..d1a779900fa --- /dev/null +++ b/packages/axonius/data_stream/gateway/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,231 @@ +--- +description: Pipeline for processing gateway logs. +processors: + - set: + tag: set_ecs_version_to_9_2_0_3273339c + field: ecs.version + value: 9.2.0 + - terminate: + description: error message set and no data to process. + tag: terminate_data_collection_error_4c75f12b + if: ctx.error?.message != null && ctx.message == null && ctx.event?.original == null + + # remove agentless metadata + - remove: + description: Removes the fields added by Agentless as metadata, as they can collide with ECS fields. + tag: remove_agentless_tags_44eed408 + if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String + field: + - organization + - division + - team + ignore_missing: true + + # parse the event JSON + - rename: + description: Renames the original `message` field to `event.original` to store a copy of the original message. The `event.original` field is not touched if the document already has one; it may happen when Logstash sends the document. + tag: rename_message_to_event_original_c74b1d7e + if: ctx.event?.original == null + field: message + target_field: event.original + ignore_missing: true + - remove: + description: The `message` field is no longer required if the document has an `event.original` field. + tag: remove_message_84808ee4 + if: ctx.event?.original != null + field: message + ignore_missing: true + - json: + tag: json_event_original_into_axonius_gateway_a21ccdc5 + field: event.original + target_field: axonius.gateway + + # Set event.* fields + - set: + tag: set_event_kind_to_event_de80643c + field: event.kind + value: event + + # Convert to Boolean + - convert: + tag: convert_axonius_gateway_default_to_boolean_c2d04259 + field: axonius.gateway.default + type: boolean + ignore_missing: true + on_failure: + - remove: + tag: remove_axonius_gateway_default_c11a59d9 + field: + - axonius.gateway.default + - append: + tag: append_error_message_3ae1ed0f + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - convert: + tag: convert_axonius_gateway_email_when_connected_to_boolean_26cb764f + field: axonius.gateway.email_when_connected + type: boolean + ignore_missing: true + on_failure: + - remove: + tag: remove_axonius_gateway_email_when_connected_05521d15 + field: + - axonius.gateway.email_when_connected + - append: + tag: append_error_message_455312cd + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - convert: + tag: convert_axonius_gateway_email_when_disconnected_to_boolean_297af2e9 + field: axonius.gateway.email_when_disconnected + type: boolean + ignore_missing: true + on_failure: + - remove: + tag: remove_axonius_gateway_email_when_disconnected_7b3d2d85 + field: + - axonius.gateway.email_when_disconnected + - append: + tag: append_error_message_b15a6a5f + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - convert: + tag: convert_axonius_gateway_tunnel_proxy_settings_enabled_to_boolean_1b5ece04 + field: axonius.gateway.tunnel_proxy_settings.enabled + type: boolean + ignore_missing: true + on_failure: + - remove: + tag: remove_axonius_gateway_tunnel_proxy_settings_enabled_adef553b + field: + - axonius.gateway.tunnel_proxy_settings.enabled + - append: + tag: append_error_message_1588e954 + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + + # Convert to String + - convert: + tag: convert_axonius_gateway_tunnel_proxy_settings_tunnel_proxy_port_to_string_a7280139 + field: axonius.gateway.tunnel_proxy_settings.tunnel_proxy_port + type: string + ignore_missing: true + + # Convert to IP + - convert: + tag: convert_axonius_gateway_dns_server_to_ip_33adc7e4 + if: ctx.axonius?.gateway?.dns_server != '' + field: axonius.gateway.dns_server + type: ip + ignore_missing: true + on_failure: + - remove: + tag: remove_axonius_gateway_dns_server_98b169c0 + field: + - axonius.gateway.dns_server + - append: + tag: append_error_message_1d7c45b4 + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + + # Map custom fields to corresponding ECS and related fields. + - set: + tag: set_event_id_from_axonius_gateway_id_fd338e40 + field: event.id + copy_from: axonius.gateway.id + ignore_empty_value: true + - foreach: + tag: foreach_of_axonius_gateway_email_recipients_3ad233a3 + if: ctx.axonius?.gateway?.email_recipients instanceof List + field: axonius.gateway.email_recipients + processor: + append: + tag: append_email_to_address_c3eb569b + field: email.to.address + value: '{{{_ingest._value}}}' + allow_duplicates: false + - set: + tag: set_event_outcome_to_success_fa577fb7 + if: ctx.axonius?.gateway?.status != null && ctx.axonius.gateway.status.toLowerCase() == 'success' + field: event.outcome + value: success + - set: + tag: set_event_outcome_to_failure_d21a5175 + if: ctx.axonius?.gateway?.status != null && ctx.axonius.gateway.status.toLowerCase() == 'error' + field: event.outcome + value: failure + - append: + tag: append_related_user_from_axonius_gateway_tunnel_proxy_settings_tunnel_proxy_user_dead949b + if: ctx.axonius?.gateway?.tunnel_proxy_settings?.tunnel_proxy_user != null + field: related.user + value: '{{{axonius.gateway.tunnel_proxy_settings.tunnel_proxy_user}}}' + allow_duplicates: false + - append: + tag: append_related_ip_from_axonius_gateway_dns_server_4242e772 + if: ctx.axonius?.gateway?.dns_server != null + field: related.ip + value: '{{{axonius.gateway.dns_server}}}' + allow_duplicates: false + + # Remove duplicate custom fields if preserve_duplicate_custom_fields are not enabled + - remove: + tag: remove_custom_duplicate_fields_7e246e5f + if: ctx.tags == null || !ctx.tags.contains('preserve_duplicate_custom_fields') + field: + - axonius.gateway.dns_server + - axonius.gateway.email_recipients + - axonius.gateway.id + ignore_missing: true + + # Cleanup + - script: + description: This script processor iterates over the whole document to remove fields with null values. + tag: script_to_drop_null_values_8360f3de + lang: painless + source: |- + void handleMap(Map map) { + map.values().removeIf(v -> { + if (v instanceof Map) { + handleMap(v); + } else if (v instanceof List) { + handleList(v); + } + return v == null || v == '' || (v instanceof Map && v.size() == 0) || (v instanceof List && v.size() == 0) + }); + } + void handleList(List list) { + list.removeIf(v -> { + if (v instanceof Map) { + handleMap(v); + } else if (v instanceof List) { + handleList(v); + } + return v == null || v == '' || (v instanceof Map && v.size() == 0) || (v instanceof List && v.size() == 0) + }); + } + handleMap(ctx); + - set: + tag: set_event_kind_to_pipeline_error_92954dfa + if: ctx.error?.message != null + field: event.kind + value: pipeline_error + - append: + tag: append_tags_9fe66b2c + if: ctx.error?.message != null + field: tags + value: preserve_original_event + allow_duplicates: false +on_failure: + - append: + tag: append_error_message_e0c9bd63 + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - set: + tag: set_event_kind_to_pipeline_error_f51b77ad + field: event.kind + value: pipeline_error + - append: + tag: append_tags_d762b9c5 + field: tags + value: preserve_original_event + allow_duplicates: false diff --git a/packages/axonius/data_stream/gateway/fields/base-fields.yml b/packages/axonius/data_stream/gateway/fields/base-fields.yml new file mode 100644 index 00000000000..56772b01084 --- /dev/null +++ b/packages/axonius/data_stream/gateway/fields/base-fields.yml @@ -0,0 +1,16 @@ +- name: data_stream.dataset + external: ecs +- name: data_stream.namespace + external: ecs +- name: data_stream.type + external: ecs +- name: event.dataset + type: constant_keyword + external: ecs + value: axonius.gateway +- name: event.module + type: constant_keyword + external: ecs + value: axonius +- name: '@timestamp' + external: ecs diff --git a/packages/axonius/data_stream/gateway/fields/beats.yml b/packages/axonius/data_stream/gateway/fields/beats.yml new file mode 100644 index 00000000000..4084f1dc7f5 --- /dev/null +++ b/packages/axonius/data_stream/gateway/fields/beats.yml @@ -0,0 +1,6 @@ +- name: input.type + type: keyword + description: Type of filebeat input. +- name: log.offset + type: long + description: Log offset. diff --git a/packages/axonius/data_stream/gateway/fields/ecs.yml b/packages/axonius/data_stream/gateway/fields/ecs.yml new file mode 100644 index 00000000000..e1d89be8ab4 --- /dev/null +++ b/packages/axonius/data_stream/gateway/fields/ecs.yml @@ -0,0 +1,5 @@ +# Define ECS constant fields as constant_keyword +- name: observer.vendor + external: ecs + type: constant_keyword + value: Axonius diff --git a/packages/axonius/data_stream/gateway/fields/fields.yml b/packages/axonius/data_stream/gateway/fields/fields.yml new file mode 100644 index 00000000000..7c80eef1dfe --- /dev/null +++ b/packages/axonius/data_stream/gateway/fields/fields.yml @@ -0,0 +1,44 @@ +- name: axonius + type: group + fields: + - name: gateway + type: group + fields: + - name: backup_ids + type: keyword + description: A list of backup gateway IDs. + - name: default + type: boolean + description: Indicates if this gateway is the default gateway connection. + - name: dns_server + type: ip + description: The IP of the DNS server. + - name: email_recipients + type: keyword + description: A list of recipient email addresses. + - name: email_when_connected + type: boolean + description: Notify by email when gateway is connected. + - name: email_when_disconnected + type: boolean + description: Notify by email when gateway is disconnected. + - name: id + type: keyword + description: Gateway ID. + - name: name + type: keyword + description: Gateway name. + - name: status + type: keyword + description: The gateway's connection status. + - name: tunnel_proxy_settings + type: group + fields: + - name: enabled + type: boolean + - name: tunnel_proxy_addr + type: keyword + - name: tunnel_proxy_port + type: keyword + - name: tunnel_proxy_user + type: keyword diff --git a/packages/axonius/data_stream/gateway/fields/is-transform-source-true.yml b/packages/axonius/data_stream/gateway/fields/is-transform-source-true.yml new file mode 100644 index 00000000000..cfa55c688b5 --- /dev/null +++ b/packages/axonius/data_stream/gateway/fields/is-transform-source-true.yml @@ -0,0 +1,4 @@ +- name: labels.is_transform_source + type: constant_keyword + value: 'true' + description: Indicates whether a gateway is in the raw source data stream, or in the latest destination index. diff --git a/packages/axonius/data_stream/gateway/lifecycle.yml b/packages/axonius/data_stream/gateway/lifecycle.yml new file mode 100644 index 00000000000..f7b0d98d5aa --- /dev/null +++ b/packages/axonius/data_stream/gateway/lifecycle.yml @@ -0,0 +1 @@ +data_retention: '30d' diff --git a/packages/axonius/data_stream/gateway/manifest.yml b/packages/axonius/data_stream/gateway/manifest.yml new file mode 100644 index 00000000000..bb7092b8bdc --- /dev/null +++ b/packages/axonius/data_stream/gateway/manifest.yml @@ -0,0 +1,72 @@ +title: Gateway +type: logs +ilm_policy: logs-axonius.gateway-default_policy +streams: + - input: cel + title: Gateway + description: Collect Gateway logs from Axonius. + template_path: cel.yml.hbs + vars: + - name: interval + type: text + title: Interval + description: Duration between requests to the Axonius API. Supported units for this parameter are h/m/s. + multi: false + required: true + show_user: true + default: 24h + - name: enable_request_tracer + type: bool + title: Enable request tracing + multi: false + default: false + required: false + show_user: false + description: >- + The request tracer logs requests and responses to the agent's local file-system for debugging configurations. + Enabling this request tracing compromises security and should only be used for debugging. Disabling the request + tracer will delete any stored traces. + See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_enable) + for details. + - name: preserve_original_event + type: bool + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field event.original. + multi: false + required: false + show_user: true + default: false + - name: tags + type: text + title: Tags + description: Tags for the data-stream. + multi: true + required: true + show_user: false + default: + - forwarded + - axonius-gateway + - name: http_client_timeout + type: text + title: HTTP Client Timeout + description: Duration before declaring that the HTTP client connection has timed out. Supported time units are ns, us, ms, s, m, h. + multi: false + required: true + show_user: false + default: 30s + - name: preserve_duplicate_custom_fields + required: false + title: Preserve duplicate custom fields + description: Preserve axonius.gateway.* fields that were copied to Elastic Common Schema (ECS) fields. + type: bool + multi: false + show_user: false + default: false + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: >- + Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. diff --git a/packages/axonius/data_stream/gateway/sample_event.json b/packages/axonius/data_stream/gateway/sample_event.json new file mode 100644 index 00000000000..e6126cc0dba --- /dev/null +++ b/packages/axonius/data_stream/gateway/sample_event.json @@ -0,0 +1,79 @@ +{ + "@timestamp": "2026-01-08T06:38:18.036Z", + "agent": { + "ephemeral_id": "e272fa8a-259e-402a-a60b-a70cd1e2daef", + "id": "08ff75a2-4f86-4772-9dae-093f237744d1", + "name": "elastic-agent-30491", + "type": "filebeat", + "version": "8.18.0" + }, + "axonius": { + "gateway": { + "backup_ids": [ + "backup1", + "backup2" + ], + "default": false, + "dns_server": "1.128.0.0", + "email_recipients": [ + "john.doe@example.com" + ], + "email_when_connected": false, + "email_when_disconnected": false, + "id": "tunnel3", + "name": "Gateway_1", + "status": "pending", + "tunnel_proxy_settings": { + "enabled": false, + "tunnel_proxy_addr": "addr", + "tunnel_proxy_port": "8080", + "tunnel_proxy_user": "tunnel-proxy-01" + } + } + }, + "data_stream": { + "dataset": "axonius.gateway", + "namespace": "28244", + "type": "logs" + }, + "ecs": { + "version": "9.2.0" + }, + "elastic_agent": { + "id": "08ff75a2-4f86-4772-9dae-093f237744d1", + "snapshot": false, + "version": "8.18.0" + }, + "email": { + "to": { + "address": [ + "john.doe@example.com" + ] + } + }, + "event": { + "agent_id_status": "verified", + "dataset": "axonius.gateway", + "id": "tunnel3", + "ingested": "2026-01-08T06:38:20Z", + "kind": "event", + "original": "{\"backup_ids\":[\"backup1\",\"backup2\"],\"default\":false,\"dns_server\":\"1.128.0.0\",\"email_recipients\":[\"john.doe@example.com\"],\"email_when_connected\":false,\"email_when_disconnected\":false,\"id\":\"tunnel3\",\"name\":\"Gateway_1\",\"status\":\"pending\",\"tunnel_proxy_settings\":{\"enabled\":false,\"tunnel_proxy_addr\":\"addr\",\"tunnel_proxy_port\":8080,\"tunnel_proxy_user\":\"tunnel-proxy-01\"}}" + }, + "input": { + "type": "cel" + }, + "related": { + "ip": [ + "1.128.0.0" + ], + "user": [ + "tunnel-proxy-01" + ] + }, + "tags": [ + "preserve_original_event", + "preserve_duplicate_custom_fields", + "forwarded", + "axonius-gateway" + ] +} diff --git a/packages/axonius/docs/README.md b/packages/axonius/docs/README.md index 6d4f4fa8dc8..1f14678496f 100644 --- a/packages/axonius/docs/README.md +++ b/packages/axonius/docs/README.md @@ -19,13 +19,15 @@ This integration collects log messages of the following type: - `User`: Collect details of all users (endpoint: `/api/v2/users`). +- `Gateway`: Collect details of all Gateway (endpoint: `/api/v2/gateway`). + ### Supported use cases -Integrating the Axonius Adapter and User Data streams with Elastic SIEM provides centralized visibility into both data-collection health and user identity context across the environment. Together, these data streams help analysts understand how data is being ingested through adapters and how that data maps to user identities and access posture. +Integrating the Axonius Adapter, User, and Gateway data streams with Elastic SIEM provides centralized visibility into data ingestion health, user identity context, and gateway configuration across the environment. Together, these data streams help analysts understand how data flows into the platform, how it maps to user access and roles, and how gateways operate within the network. -The dashboards highlight overall adapter status and connection behavior, making it easy to identify healthy integrations, failing plugins, and error-prone connections that may impact asset visibility. At the same time, user-focused views surface role distribution and essential identity attributes, helping analysts quickly assess access patterns and identify high-privileged or unusual user activity. Consolidated user details and source information provide clarity on where identity data originates and whether coverage gaps exist. +The dashboards surface key insights into adapter and gateway status, connection behavior, and routing context, making it easy to identify failing integrations, misconfigurations, or irregular network behavior. At the same time, user-focused views highlight role distribution and essential identity attributes, supporting quick assessment of access posture and detection of unusual or high-privileged activity. -By combining adapter health insights with user identity visibility, security teams can ensure reliable data ingestion, detect identity-related anomalies, reduce blind spots, and streamline investigations that depend on accurate, end-to-end context from both integrations and users. +By correlating integration health, identity context, and gateway configuration, security teams can reduce blind spots, detect anomalies more effectively, and streamline investigations with accurate, end-to-end operational and security context. ## What do I need to use this integration? @@ -361,6 +363,125 @@ An example event for `user` looks as following: } ``` +### Gateway + +The `gateway` data stream provides gateway events from axonius. + +#### gateway fields + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| axonius.gateway.backup_ids | A list of backup gateway IDs. | keyword | +| axonius.gateway.default | Indicates if this gateway is the default gateway connection. | boolean | +| axonius.gateway.dns_server | The IP of the DNS server. | ip | +| axonius.gateway.email_recipients | A list of recipient email addresses. | keyword | +| axonius.gateway.email_when_connected | Notify by email when gateway is connected. | boolean | +| axonius.gateway.email_when_disconnected | Notify by email when gateway is disconnected. | boolean | +| axonius.gateway.id | Gateway ID. | keyword | +| axonius.gateway.name | Gateway name. | keyword | +| axonius.gateway.status | The gateway's connection status. | keyword | +| axonius.gateway.tunnel_proxy_settings.enabled | | boolean | +| axonius.gateway.tunnel_proxy_settings.tunnel_proxy_addr | | keyword | +| axonius.gateway.tunnel_proxy_settings.tunnel_proxy_port | | keyword | +| axonius.gateway.tunnel_proxy_settings.tunnel_proxy_user | | keyword | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | +| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | constant_keyword | +| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | constant_keyword | +| input.type | Type of filebeat input. | keyword | +| labels.is_transform_source | Indicates whether a gateway is in the raw source data stream, or in the latest destination index. | constant_keyword | +| log.offset | Log offset. | long | +| observer.vendor | Vendor name of the observer. | constant_keyword | + + +An example event for `gateway` looks as following: + +```json +{ + "@timestamp": "2026-01-08T06:38:18.036Z", + "agent": { + "ephemeral_id": "e272fa8a-259e-402a-a60b-a70cd1e2daef", + "id": "08ff75a2-4f86-4772-9dae-093f237744d1", + "name": "elastic-agent-30491", + "type": "filebeat", + "version": "8.18.0" + }, + "axonius": { + "gateway": { + "backup_ids": [ + "backup1", + "backup2" + ], + "default": false, + "dns_server": "1.128.0.0", + "email_recipients": [ + "john.doe@example.com" + ], + "email_when_connected": false, + "email_when_disconnected": false, + "id": "tunnel3", + "name": "Gateway_1", + "status": "pending", + "tunnel_proxy_settings": { + "enabled": false, + "tunnel_proxy_addr": "addr", + "tunnel_proxy_port": "8080", + "tunnel_proxy_user": "tunnel-proxy-01" + } + } + }, + "data_stream": { + "dataset": "axonius.gateway", + "namespace": "28244", + "type": "logs" + }, + "ecs": { + "version": "9.2.0" + }, + "elastic_agent": { + "id": "08ff75a2-4f86-4772-9dae-093f237744d1", + "snapshot": false, + "version": "8.18.0" + }, + "email": { + "to": { + "address": [ + "john.doe@example.com" + ] + } + }, + "event": { + "agent_id_status": "verified", + "dataset": "axonius.gateway", + "id": "tunnel3", + "ingested": "2026-01-08T06:38:20Z", + "kind": "event", + "original": "{\"backup_ids\":[\"backup1\",\"backup2\"],\"default\":false,\"dns_server\":\"1.128.0.0\",\"email_recipients\":[\"john.doe@example.com\"],\"email_when_connected\":false,\"email_when_disconnected\":false,\"id\":\"tunnel3\",\"name\":\"Gateway_1\",\"status\":\"pending\",\"tunnel_proxy_settings\":{\"enabled\":false,\"tunnel_proxy_addr\":\"addr\",\"tunnel_proxy_port\":8080,\"tunnel_proxy_user\":\"tunnel-proxy-01\"}}" + }, + "input": { + "type": "cel" + }, + "related": { + "ip": [ + "1.128.0.0" + ], + "user": [ + "tunnel-proxy-01" + ] + }, + "tags": [ + "preserve_original_event", + "preserve_duplicate_custom_fields", + "forwarded", + "axonius-gateway" + ] +} +``` + ### Inputs used These inputs can be used with this integration: @@ -396,7 +517,8 @@ These APIs are used with this integration: * Adapter (endpoint: `/api/v2/adapters`) * User (endpoint: `/api/v2/users`) +* Gateway (endpoint: `/api/v2/gateway`) ### ILM Policy -To facilitate adapter and user data, source data stream-backed indices `.ds-logs-axonius.adapter-*` and `.ds-logs-axonius.user-*` respectively are allowed to contain duplicates from each polling interval. ILM policies `logs-axonius.adapter-default_policy` and `logs-axonius.user-default_policy` are added to these source indices, so it doesn't lead to unbounded growth. This means that in these source indices data will be deleted after `30 days` from ingested date. +To facilitate adapter, user and gateway data, source data stream-backed indices `.ds-logs-axonius.adapter-*`, `.ds-logs-axonius.user-*` and `.ds-logs-axonius.gateway-*` respectively are allowed to contain duplicates from each polling interval. ILM policies `logs-axonius.adapter-default_policy`, `logs-axonius.user-default_policy` amd `logs-axonius.gateway-default_policy` are added to these source indices, so it doesn't lead to unbounded growth. This means that in these source indices data will be deleted after `30 days` from ingested date. diff --git a/packages/axonius/elasticsearch/transform/latest_gateway/fields/base-fields.yml b/packages/axonius/elasticsearch/transform/latest_gateway/fields/base-fields.yml new file mode 100644 index 00000000000..56772b01084 --- /dev/null +++ b/packages/axonius/elasticsearch/transform/latest_gateway/fields/base-fields.yml @@ -0,0 +1,16 @@ +- name: data_stream.dataset + external: ecs +- name: data_stream.namespace + external: ecs +- name: data_stream.type + external: ecs +- name: event.dataset + type: constant_keyword + external: ecs + value: axonius.gateway +- name: event.module + type: constant_keyword + external: ecs + value: axonius +- name: '@timestamp' + external: ecs diff --git a/packages/axonius/elasticsearch/transform/latest_gateway/fields/beats.yml b/packages/axonius/elasticsearch/transform/latest_gateway/fields/beats.yml new file mode 100644 index 00000000000..4084f1dc7f5 --- /dev/null +++ b/packages/axonius/elasticsearch/transform/latest_gateway/fields/beats.yml @@ -0,0 +1,6 @@ +- name: input.type + type: keyword + description: Type of filebeat input. +- name: log.offset + type: long + description: Log offset. diff --git a/packages/axonius/elasticsearch/transform/latest_gateway/fields/ecs.yml b/packages/axonius/elasticsearch/transform/latest_gateway/fields/ecs.yml new file mode 100644 index 00000000000..cbc974f28fe --- /dev/null +++ b/packages/axonius/elasticsearch/transform/latest_gateway/fields/ecs.yml @@ -0,0 +1,39 @@ +- external: ecs + name: agent.ephemeral_id +- external: ecs + name: agent.id +- external: ecs + name: agent.name +- external: ecs + name: agent.type +- external: ecs + name: agent.version +- external: ecs + name: ecs.version +- external: ecs + name: email.to.address +- external: ecs + name: error.code +- external: ecs + name: error.id +- external: ecs + name: error.message +- external: ecs + name: event.agent_id_status +- external: ecs + name: event.id +- external: ecs + name: event.ingested + type: date +- external: ecs + name: event.kind +- external: ecs + name: event.outcome +- external: ecs + name: observer.vendor + type: constant_keyword + value: Axonius +- external: ecs + name: related.ip +- external: ecs + name: related.user diff --git a/packages/axonius/elasticsearch/transform/latest_gateway/fields/fields.yml b/packages/axonius/elasticsearch/transform/latest_gateway/fields/fields.yml new file mode 100644 index 00000000000..7c80eef1dfe --- /dev/null +++ b/packages/axonius/elasticsearch/transform/latest_gateway/fields/fields.yml @@ -0,0 +1,44 @@ +- name: axonius + type: group + fields: + - name: gateway + type: group + fields: + - name: backup_ids + type: keyword + description: A list of backup gateway IDs. + - name: default + type: boolean + description: Indicates if this gateway is the default gateway connection. + - name: dns_server + type: ip + description: The IP of the DNS server. + - name: email_recipients + type: keyword + description: A list of recipient email addresses. + - name: email_when_connected + type: boolean + description: Notify by email when gateway is connected. + - name: email_when_disconnected + type: boolean + description: Notify by email when gateway is disconnected. + - name: id + type: keyword + description: Gateway ID. + - name: name + type: keyword + description: Gateway name. + - name: status + type: keyword + description: The gateway's connection status. + - name: tunnel_proxy_settings + type: group + fields: + - name: enabled + type: boolean + - name: tunnel_proxy_addr + type: keyword + - name: tunnel_proxy_port + type: keyword + - name: tunnel_proxy_user + type: keyword diff --git a/packages/axonius/elasticsearch/transform/latest_gateway/fields/is-transform-source-false.yml b/packages/axonius/elasticsearch/transform/latest_gateway/fields/is-transform-source-false.yml new file mode 100644 index 00000000000..029721f1cbd --- /dev/null +++ b/packages/axonius/elasticsearch/transform/latest_gateway/fields/is-transform-source-false.yml @@ -0,0 +1,4 @@ +- name: labels.is_transform_source + type: constant_keyword + value: 'false' + description: Indicates whether a gateway is in the raw source data stream, or in the latest destination index. diff --git a/packages/axonius/elasticsearch/transform/latest_gateway/manifest.yml b/packages/axonius/elasticsearch/transform/latest_gateway/manifest.yml new file mode 100644 index 00000000000..1d35e28177e --- /dev/null +++ b/packages/axonius/elasticsearch/transform/latest_gateway/manifest.yml @@ -0,0 +1,18 @@ +start: true +destination_index_template: + settings: + index: + sort: + field: + - '@timestamp' + order: + - desc + mappings: + dynamic: true + dynamic_templates: + - strings_as_keyword: + match_mapping_type: string + mapping: + ignore_above: 1024 + type: keyword + date_detection: true diff --git a/packages/axonius/elasticsearch/transform/latest_gateway/transform.yml b/packages/axonius/elasticsearch/transform/latest_gateway/transform.yml new file mode 100644 index 00000000000..a2eb00f3df4 --- /dev/null +++ b/packages/axonius/elasticsearch/transform/latest_gateway/transform.yml @@ -0,0 +1,37 @@ +# Use of "*" to use all namespaces defined. +source: + index: + - "logs-axonius.gateway-*" +dest: + index: "logs-axonius_latest.dest_gateway-1" + aliases: + - alias: "logs-axonius_latest.gateway" + move_on_creation: true +latest: + unique_key: + - event.dataset + - event.id + sort: "@timestamp" +description: >- + Latest Gateways from Axonius. As gateways get updated, this transform stores only the latest state of each gateway inside the destination index. Thus the transform's destination index contains only the latest state of the gateway. +frequency: 30s +settings: + # This is required to prevent the transform from clobbering the Fleet-managed mappings. + deduce_mappings: false + unattended: true +sync: + time: + field: "event.ingested" + # Updated to 120s because of refresh delay in Serverless. With default 60s, + # sometimes transform wouldn't process all documents. + delay: 120s +retention_policy: + time: + field: "event.ingested" + max_age: 24h +_meta: + managed: false + # Bump this version to delete, reinstall, and restart the transform during + # package installation. + fleet_transform_version: 0.1.0 + run_as_kibana_system: false diff --git a/packages/axonius/img/axonius-gateway.png b/packages/axonius/img/axonius-gateway.png new file mode 100644 index 00000000000..9995d8afd6f Binary files /dev/null and b/packages/axonius/img/axonius-gateway.png differ diff --git a/packages/axonius/kibana/dashboard/axonius-428b4f4d-be94-4840-8dc2-8f03a38f97db.json b/packages/axonius/kibana/dashboard/axonius-428b4f4d-be94-4840-8dc2-8f03a38f97db.json new file mode 100644 index 00000000000..7f9ceef6bf9 --- /dev/null +++ b/packages/axonius/kibana/dashboard/axonius-428b4f4d-be94-4840-8dc2-8f03a38f97db.json @@ -0,0 +1,813 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": { + "ignoreFilters": false, + "ignoreQuery": false, + "ignoreTimerange": false, + "ignoreValidations": false + }, + "panelsJSON": {}, + "showApplySelections": false + }, + "description": "This dashboard shows Gateways collected by the Axonius Integration.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "axonius.gateway" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "axonius.gateway" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2ad92fb8-c4d3-4602-a4a4-acf22d9fbcab", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "2ad92fb8-c4d3-4602-a4a4-acf22d9fbcab": { + "columnOrder": [ + "0bae39de-31cc-4a3e-a331-c0bc8a993210", + "dd4f6544-5f34-4ecc-b7fd-2e4f52436609" + ], + "columns": { + "0bae39de-31cc-4a3e-a331-c0bc8a993210": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Status", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "dd4f6544-5f34-4ecc-b7fd-2e4f52436609", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "axonius.gateway.status" + }, + "dd4f6544-5f34-4ecc-b7fd-2e4f52436609": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Gateway", + "operationType": "count", + "params": { + "emptyAsNull": false, + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "event.id" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "colorMapping": { + "assignments": [], + "colorMode": { + "type": "categorical" + }, + "paletteId": "eui_amsterdam_color_blind", + "specialAssignments": [ + { + "color": { + "type": "loop" + }, + "rule": { + "type": "other" + }, + "touched": false + } + ] + }, + "layerId": "2ad92fb8-c4d3-4602-a4a4-acf22d9fbcab", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "dd4f6544-5f34-4ecc-b7fd-2e4f52436609" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "0bae39de-31cc-4a3e-a331-c0bc8a993210" + ] + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false + }, + "gridData": { + "h": 15, + "i": "8a5b6486-5f13-4315-9d73-f480ce680be7", + "w": 24, + "x": 0, + "y": 14 + }, + "panelIndex": "8a5b6486-5f13-4315-9d73-f480ce680be7", + "title": "Gateway by Status", + "type": "lens" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8da0867e-0890-4726-99cb-ae04d540356e", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "8da0867e-0890-4726-99cb-ae04d540356e": { + "columnOrder": [ + "556928e5-edb2-4e94-9c37-2206ca1b86d1", + "18cad723-c9b8-4050-a86a-9437b1c30654" + ], + "columns": { + "18cad723-c9b8-4050-a86a-9437b1c30654": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": false, + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "event.id" + }, + "556928e5-edb2-4e94-9c37-2206ca1b86d1": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "DNS Servers", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "18cad723-c9b8-4050-a86a-9437b1c30654", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "dns.resolved_ip" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "556928e5-edb2-4e94-9c37-2206ca1b86d1" + }, + { + "columnId": "18cad723-c9b8-4050-a86a-9437b1c30654" + } + ], + "layerId": "8da0867e-0890-4726-99cb-ae04d540356e", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false + }, + "gridData": { + "h": 15, + "i": "019abf75-6c61-4664-b1c9-90416703e17a", + "w": 24, + "x": 24, + "y": 14 + }, + "panelIndex": "019abf75-6c61-4664-b1c9-90416703e17a", + "title": "Top DNS Servers", + "type": "lens" + }, + { + "embeddableConfig": { + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "This dashboard provides a focused view of gateway-related information from Axonius.\n\nIt includes a Gateway by Status pie chart to quickly show the distribution of gateway statuses. Key metrics highlight the counts of Default Gateways and Non-Default Gateways. A saved search displays Email Essential Details, while a table lists the Top DNS Servers for better visibility into network configuration. Additional gateway attributes are available through the Tunnel Proxy Details saved search.\n\n**[Integration Page](/app/integrations/detail/axonius)**", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 14, + "i": "290ec43b-a503-4016-b5ac-3c03f5fb68d6", + "w": 20, + "x": 0, + "y": 0 + }, + "panelIndex": "290ec43b-a503-4016-b5ac-3c03f5fb68d6", + "title": "Overview", + "type": "visualization" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-09002b6f-afd7-4ecb-8714-ac1c56787448", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "80fe1ea6-314b-4544-8ee7-ae46a1adbede", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "09002b6f-afd7-4ecb-8714-ac1c56787448": { + "columnOrder": [ + "7de2a515-ac3b-40c8-84b9-7a83d39e3c7a" + ], + "columns": { + "7de2a515-ac3b-40c8-84b9-7a83d39e3c7a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Default Gateways", + "operationType": "count", + "params": { + "emptyAsNull": false, + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "axonius.gateway.default" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "axonius.gateway.default", + "index": "80fe1ea6-314b-4544-8ee7-ae46a1adbede", + "key": "axonius.gateway.default", + "negate": false, + "params": { + "query": true + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "axonius.gateway.default": true + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "color": "#6092C0", + "layerId": "09002b6f-afd7-4ecb-8714-ac1c56787448", + "layerType": "data", + "metricAccessor": "7de2a515-ac3b-40c8-84b9-7a83d39e3c7a" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "axonius.gateway.default", + "index": "logs-*", + "key": "axonius.gateway.default", + "negate": false, + "params": { + "query": true + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "axonius.gateway.default": true + } + } + } + ], + "hidePanelTitles": true, + "query": { + "language": "kuery", + "query": "" + }, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false + }, + "gridData": { + "h": 14, + "i": "71aa4fa9-378a-4e0b-8a78-69b7a93c15b5", + "w": 14, + "x": 20, + "y": 0 + }, + "panelIndex": "71aa4fa9-378a-4e0b-8a78-69b7a93c15b5", + "title": "", + "type": "lens" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-09002b6f-afd7-4ecb-8714-ac1c56787448", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "57d89613-5c9c-421b-807d-e7a00b34d5af", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "09002b6f-afd7-4ecb-8714-ac1c56787448": { + "columnOrder": [ + "7de2a515-ac3b-40c8-84b9-7a83d39e3c7a" + ], + "columns": { + "7de2a515-ac3b-40c8-84b9-7a83d39e3c7a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Non-Default Gateways", + "operationType": "count", + "params": { + "emptyAsNull": false, + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "axonius.gateway.default" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "axonius.gateway.default", + "index": "57d89613-5c9c-421b-807d-e7a00b34d5af", + "key": "axonius.gateway.default", + "negate": false, + "params": { + "query": false + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "axonius.gateway.default": false + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "color": "#6092C0", + "layerId": "09002b6f-afd7-4ecb-8714-ac1c56787448", + "layerType": "data", + "metricAccessor": "7de2a515-ac3b-40c8-84b9-7a83d39e3c7a" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "axonius.gateway.default", + "index": "logs-*", + "key": "axonius.gateway.default", + "negate": false, + "params": { + "query": false + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "axonius.gateway.default": false + } + } + } + ], + "hidePanelTitles": true, + "query": { + "language": "kuery", + "query": "" + }, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false + }, + "gridData": { + "h": 14, + "i": "d81baf96-d81c-447e-bdbb-5a485a9f73a4", + "w": 14, + "x": 34, + "y": 0 + }, + "panelIndex": "d81baf96-d81c-447e-bdbb-5a485a9f73a4", + "title": "", + "type": "lens" + }, + { + "embeddableConfig": { + "columns": [ + "axonius.gateway.tunnel_proxy_settings.tunnel_proxy_addr", + "axonius.gateway.tunnel_proxy_settings.tunnel_proxy_port", + "axonius.gateway.tunnel_proxy_settings.tunnel_proxy_user" + ], + "description": "", + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "grid": {}, + "sort": [ + [ + "@timestamp", + "desc" + ] + ] + }, + "gridData": { + "h": 14, + "i": "62a4c85f-6eee-4836-bc63-a2f41352b7f2", + "w": 48, + "x": 0, + "y": 29 + }, + "panelIndex": "62a4c85f-6eee-4836-bc63-a2f41352b7f2", + "panelRefName": "panel_62a4c85f-6eee-4836-bc63-a2f41352b7f2", + "title": "[Logs Axonius] Tunnel Proxy Details", + "type": "search" + }, + { + "embeddableConfig": { + "description": "", + "enhancements": { + "dynamicActions": { + "events": [] + } + } + }, + "gridData": { + "h": 15, + "i": "8cc371ce-30fd-4c0f-a86a-8e86695ce5de", + "w": 48, + "x": 0, + "y": 43 + }, + "panelIndex": "8cc371ce-30fd-4c0f-a86a-8e86695ce5de", + "panelRefName": "panel_8cc371ce-30fd-4c0f-a86a-8e86695ce5de", + "title": "[Logs Axonius] Email Essential Details", + "type": "search" + } + ], + "timeRestore": false, + "title": "[Logs Axonius] Gateway", + "version": 3 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2025-12-15T13:08:03.618Z", + "id": "axonius-428b4f4d-be94-4840-8dc2-8f03a38f97db", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "axonius-c047813e-9a26-40e8-b036-d40b5a98394a", + "name": "62a4c85f-6eee-4836-bc63-a2f41352b7f2:panel_62a4c85f-6eee-4836-bc63-a2f41352b7f2", + "type": "search" + }, + { + "id": "axonius-99de67e1-3d38-4d0f-9ec1-4e03e811a2b3", + "name": "8cc371ce-30fd-4c0f-a86a-8e86695ce5de:panel_8cc371ce-30fd-4c0f-a86a-8e86695ce5de", + "type": "search" + }, + { + "id": "logs-*", + "name": "8a5b6486-5f13-4315-9d73-f480ce680be7:indexpattern-datasource-layer-2ad92fb8-c4d3-4602-a4a4-acf22d9fbcab", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "019abf75-6c61-4664-b1c9-90416703e17a:indexpattern-datasource-layer-8da0867e-0890-4726-99cb-ae04d540356e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "71aa4fa9-378a-4e0b-8a78-69b7a93c15b5:indexpattern-datasource-layer-09002b6f-afd7-4ecb-8714-ac1c56787448", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "71aa4fa9-378a-4e0b-8a78-69b7a93c15b5:80fe1ea6-314b-4544-8ee7-ae46a1adbede", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d81baf96-d81c-447e-bdbb-5a485a9f73a4:indexpattern-datasource-layer-09002b6f-afd7-4ecb-8714-ac1c56787448", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d81baf96-d81c-447e-bdbb-5a485a9f73a4:57d89613-5c9c-421b-807d-e7a00b34d5af", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "dashboard", + "typeMigrationVersion": "10.2.0", + "updated_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" +} \ No newline at end of file diff --git a/packages/axonius/kibana/search/axonius-99de67e1-3d38-4d0f-9ec1-4e03e811a2b3.json b/packages/axonius/kibana/search/axonius-99de67e1-3d38-4d0f-9ec1-4e03e811a2b3.json new file mode 100644 index 00000000000..e6d4cebf804 --- /dev/null +++ b/packages/axonius/kibana/search/axonius-99de67e1-3d38-4d0f-9ec1-4e03e811a2b3.json @@ -0,0 +1,101 @@ +{ + "attributes": { + "columns": [ + "axonius.gateway.name", + "email.to.address", + "axonius.gateway.email_when_connected", + "axonius.gateway.email_when_disconnected" + ], + "description": "", + "grid": {}, + "hideChart": false, + "isTextBasedQuery": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "axonius.gateway" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "axonius.gateway" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "timeRestore": false, + "title": "[Logs Axonius] Email Essential Details" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2025-12-16T04:45:54.179Z", + "created_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0", + "id": "axonius-99de67e1-3d38-4d0f-9ec1-4e03e811a2b3", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "typeMigrationVersion": "10.5.0", + "updated_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" +} \ No newline at end of file diff --git a/packages/axonius/kibana/search/axonius-c047813e-9a26-40e8-b036-d40b5a98394a.json b/packages/axonius/kibana/search/axonius-c047813e-9a26-40e8-b036-d40b5a98394a.json new file mode 100644 index 00000000000..0904564952b --- /dev/null +++ b/packages/axonius/kibana/search/axonius-c047813e-9a26-40e8-b036-d40b5a98394a.json @@ -0,0 +1,100 @@ +{ + "attributes": { + "columns": [ + "axonius.gateway.tunnel_proxy_settings.tunnel_proxy_addr", + "axonius.gateway.tunnel_proxy_settings.tunnel_proxy_port", + "axonius.gateway.tunnel_proxy_settings.tunnel_proxy_user" + ], + "description": "", + "grid": {}, + "hideChart": false, + "isTextBasedQuery": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "axonius.gateway" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "axonius.gateway" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "timeRestore": false, + "title": "[Logs Axonius] Tunnel Proxy Details" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2025-12-16T04:43:52.501Z", + "created_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0", + "id": "axonius-c047813e-9a26-40e8-b036-d40b5a98394a", + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "typeMigrationVersion": "10.5.0", + "updated_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" +} \ No newline at end of file diff --git a/packages/axonius/manifest.yml b/packages/axonius/manifest.yml index 5f3d86eb61c..4870cc8a05d 100644 --- a/packages/axonius/manifest.yml +++ b/packages/axonius/manifest.yml @@ -20,6 +20,10 @@ screenshots: title: User Dashboard size: 600x600 type: image/png + - src: /img/axonius-gateway.png + title: Gateway Dashboard + size: 600x600 + type: image/png icons: - src: /img/axonius-logo.svg title: Axonius Logo