Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Barracuda WAF: Add new integration #5493

Merged
merged 29 commits into from
Mar 29, 2023
Merged

Barracuda WAF: Add new integration #5493

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
a15cbed
Add new integration
bhapas Mar 9, 2023
98b7788
Add network firewall log
bhapas Mar 10, 2023
e26248b
Add access log
bhapas Mar 10, 2023
4fe9103
Merge branch 'main' into 1302-barracuda-waf
bhapas Mar 20, 2023
0fb05c4
Merge branch 'elastic:main' into 1302-barracuda-waf
bhapas Mar 20, 2023
f60ddca
Merge remote-tracking branch 'refs/remotes/origin/1302-barracuda-waf'…
bhapas Mar 20, 2023
06f2361
Fix access logs
bhapas Mar 21, 2023
b33defc
Add access log
bhapas Mar 21, 2023
5e8291a
Add dashboards
bhapas Mar 23, 2023
4cf8bdc
Fix dashboards
bhapas Mar 23, 2023
45534cc
Fix dashboards
bhapas Mar 24, 2023
a1f09c1
Add documentation
bhapas Mar 24, 2023
a743fc1
Document firmware version support
bhapas Mar 24, 2023
09d86e6
Fix PR comments
bhapas Mar 27, 2023
7ba3dab
Make this GA package
bhapas Mar 27, 2023
3554321
Update packages/barracuda_waf/_dev/build/docs/README.md
bhapas Mar 27, 2023
1ecf01f
Update packages/barracuda_waf/_dev/build/docs/README.md
bhapas Mar 27, 2023
25564bd
Update packages/barracuda_waf/_dev/build/docs/README.md
bhapas Mar 27, 2023
f707c08
fix readme
bhapas Mar 27, 2023
a1c6ade
preserve original event for pipeline tests
bhapas Mar 28, 2023
a01a002
Upgrade Barracuda Logs integration
bhapas Mar 28, 2023
200cef3
Fix stream script
bhapas Mar 28, 2023
3d83dd2
Fix PR comments
bhapas Mar 29, 2023
0559430
Fix mappings and dashboards and readme headers
bhapas Mar 29, 2023
39e1a61
Fix pipeline
bhapas Mar 29, 2023
7b7e765
fix codeowners
bhapas Mar 29, 2023
f5b0d3f
Make readme latest
bhapas Mar 29, 2023
6c21891
Add suggestion
bhapas Mar 29, 2023
6fc340e
Fix
bhapas Mar 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
32 changes: 25 additions & 7 deletions packages/barracuda/_dev/build/docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,35 @@

This integration is for Barracuda device's logs. It includes the following
datasets for receiving logs over syslog or read from a file:

- `waf` dataset: supports Barracuda Web Application Firewall logs.
- `spamfirewall` dataset: supports Barracuda Spam Firewall logs.

### Waf
Use the Barracuda WAF data stream to ingest log data. Then visualize that data in Kibana, create alerts to notify you if something goes wrong, and reference `data_stream.dataset:barracuda.waf` when troubleshooting an issue.

The `waf` dataset collects Barracuda Web Application Firewall logs.
## Upgrade
bhapas marked this conversation as resolved.
Show resolved Hide resolved

{{fields "waf"}}
The Technical preview `spamfirewall` data stream has been deprecated and removed, as of v1.0 of this integration. As we work on a replacement for the Spam Firewall integration, you can continue to use the [Spam Firewall filebeat module](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-barracuda.html).

## WAF

Barracuda Web Application Firewall protects applications, APIs, and mobile app backends against a variety of attacks including the OWASP Top 10, zero-day threats, data leakage, and application-layer denial of service (DoS) attacks. By combining signature-based policies and positive security with robust anomaly-detection capabilities, Barracuda Web Application Firewall can defeat today’s most sophisticated attacks targeting your web applications.

### Requirements

This integration is built and tested against the Barracuda Web Application Firewall version **12.1**. Earlier versions may work, but have not been tested.

### Spamfirewall
You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it.
You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended, or self-manage the Elastic Stack on your own hardware.

The `spamfirewall` dataset collects Barracuda Spam Firewall logs.
### Setup

{{fields "spamfirewall"}}
For step-by-step instructions on how to set up an integration, see the
[Getting started](https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-observability.html) guide.

### WAF Events

The `barracuda.waf` dataset provides events from the configured syslog server. All Barracuda WAF syslog specific fields are available in the `barracuda.waf` field group.

{{event "waf"}}

{{fields "waf"}}
35 changes: 10 additions & 25 deletions packages/barracuda/_dev/deploy/docker/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,38 +1,23 @@
version: '2.3'
version: "2.3"
services:
barracuda-spamfirewall-logfile:
image: alpine
barracuda-waf-tls:
image: docker.elastic.co/observability/stream:v0.8.0
volumes:
- ./sample_logs:/sample_logs:ro
- ${SERVICE_LOGS_DIR}:/var/log
command: /bin/sh -c "cp /sample_logs/* /var/log/"
barracuda-spamfirewall-udp:
image: akroh/stream:v0.2.0
command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9581 -p=tls --insecure /sample_logs/barracuda.log
barracuda-waf-tcp:
image: docker.elastic.co/observability/stream:v0.8.0
volumes:
- ./sample_logs:/sample_logs:ro
entrypoint: /bin/bash
command: -c "/stream log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9540 -p=udp /sample_logs/barracuda-spamfirewall-*.log"
barracuda-spamfirewall-tcp:
image: akroh/stream:v0.2.0
command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9580 -p=tcp /sample_logs/barracuda.log
barracuda-waf-udp:
image: docker.elastic.co/observability/stream:v0.8.0
volumes:
- ./sample_logs:/sample_logs:ro
entrypoint: /bin/bash
command: -c "/stream log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9540 -p=tcp /sample_logs/barracuda-spamfirewall-*.log"
command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9580 -p=udp /sample_logs/barracuda.log
barracuda-waf-logfile:
image: alpine
volumes:
- ./sample_logs:/sample_logs:ro
- ${SERVICE_LOGS_DIR}:/var/log
command: /bin/sh -c "cp /sample_logs/* /var/log/"
barracuda-waf-udp:
image: akroh/stream:v0.2.0
volumes:
- ./sample_logs:/sample_logs:ro
entrypoint: /bin/bash
command: -c "/stream log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9525 -p=udp /sample_logs/barracuda-waf-*.log"
barracuda-waf-tcp:
image: akroh/stream:v0.2.0
volumes:
- ./sample_logs:/sample_logs:ro
entrypoint: /bin/bash
command: -c "/stream log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9525 -p=tcp /sample_logs/barracuda-waf-*.log"
100 changes: 0 additions & 100 deletions packages/barracuda/_dev/deploy/docker/sample_logs/barracuda-spamfirewall-generated.log
View file
Open in desktop

This file was deleted.

100 changes: 0 additions & 100 deletions packages/barracuda/_dev/deploy/docker/sample_logs/barracuda-waf-generated.log
View file
Open in desktop

This file was deleted.