Barracuda WAF: Add new integration

.github/CODEOWNERS

@@ -29,6 +29,7 @@
 /packages/azure_metrics @elastic/obs-cloud-monitoring
 /packages/barracuda @elastic/security-external-integrations
 /packages/barracuda_cloudgen_firewall @elastic/security-external-integrations
+/packages/barracuda_waf @elastic/security-external-integrations
 /packages/beat @elastic/infra-monitoring-ui
 /packages/bluecoat @elastic/security-external-integrations
 /packages/box_events @elastic/security-external-integrations

packages/barracuda/_dev/build/docs/README.md

@@ -1,18 +1,42 @@
-# Barracuda integration
+# Barracuda Logs
+Barracuda Web Application Firewall protects applications, APIs, and mobile app backends against a variety of attacks including the OWASP Top 10, zero-day threats, data leakage, and application-layer denial of service (DoS) attacks. By combining signature-based policies and positive security with robust anomaly-detection capabilities, Barracuda Web Application Firewall can defeat today’s most sophisticated attacks targeting your web applications.
 
-This integration is for Barracuda device's logs. It includes the following
-datasets for receiving logs over syslog or read from a file:
-- `waf` dataset: supports Barracuda Web Application Firewall logs.
-- `spamfirewall` dataset: supports Barracuda Spam Firewall logs.
 
-### Waf
+The `waf` allows you to monitor different log types namely - Web Firewall Logs , Network Firewall Logs , Access Logs.
 
-The `waf` dataset collects Barracuda Web Application Firewall logs.
+Use the Barracuda WAF integration to ingest log data. Then visualize that data in Kibana, create alerts to notify you if something goes wrong, and reference `data_stream:log` when troubleshooting an issue.
 
-{{fields "waf"}}
+The log formats are specified [here](https://campus.barracuda.com/product/webapplicationfirewall/doc/92767349/exporting-log-formats/).
 
-### Spamfirewall
+## Upgrade
 
-The `spamfirewall` dataset collects Barracuda Spam Firewall logs.
+The upgrade from `Technical preview` to a `General Available` version will have datastream `spamfirewall` not supported in this integration anymore.
 
-{{fields "spamfirewall"}}
+## Barracuda WAF Firmware version
+
+This integration is built and tested against the Barracuda Web Application Firewall version **12.1**. Earlier versions may work, but have not been tested.
+
+## Data streams
+
+ The Barracuda WAF integration collects one type of `data streams: logs`
+ **Logs** help you keep a record of events happening in Barracuda WAF.
+
+ There is a single data stream that collects different kinds of logs from the barrcuda waf service and visualizes them separately.
+
+## Requirements
+
+You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it.
+You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended, or self-manage the Elastic Stack on your own hardware.
+
+## Setup
+
+For step-by-step instructions on how to set up an integration, see the
+[Getting started](https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-observability.html) guide.
+
+## Logs
+
+The `barracuda.log` dataset provides events from the configured syslog server. All Barracuda WAF syslog specific fields are available in the `barracuda.log` field group.
+
+{{event "waf"}}
+
+{{fields "waf"}}

packages/barracuda/_dev/deploy/docker/docker-compose.yml

@@ -1,38 +1,23 @@
-version: '2.3'
+version: "2.3"
 services:
-  barracuda-spamfirewall-logfile:
-    image: alpine
+  barracuda-waf-tls:
+    image: docker.elastic.co/observability/stream:v0.8.0
     volumes:
       - ./sample_logs:/sample_logs:ro
-      - ${SERVICE_LOGS_DIR}:/var/log
-    command: /bin/sh -c "cp /sample_logs/* /var/log/"
-  barracuda-spamfirewall-udp:
-    image: akroh/stream:v0.2.0
+    command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9581 -p=tls --insecure /sample_logs/barracuda.log
+  barracuda-waf-tcp:
+    image: docker.elastic.co/observability/stream:v0.8.0
     volumes:
       - ./sample_logs:/sample_logs:ro
-    entrypoint: /bin/bash
-    command: -c "/stream log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9540 -p=udp /sample_logs/barracuda-spamfirewall-*.log"
-  barracuda-spamfirewall-tcp:
-    image: akroh/stream:v0.2.0
+    command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9580 -p=tcp /sample_logs/barracuda.log
+  barracuda-waf-udp:
+    image: docker.elastic.co/observability/stream:v0.8.0
     volumes:
       - ./sample_logs:/sample_logs:ro
-    entrypoint: /bin/bash
-    command: -c "/stream log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9540 -p=tcp /sample_logs/barracuda-spamfirewall-*.log"
+    command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9580 -p=udp /sample_logs/barracuda.log
   barracuda-waf-logfile:
     image: alpine
     volumes:
       - ./sample_logs:/sample_logs:ro
       - ${SERVICE_LOGS_DIR}:/var/log
     command: /bin/sh -c "cp /sample_logs/* /var/log/"
-  barracuda-waf-udp:
-    image: akroh/stream:v0.2.0
-    volumes:
-      - ./sample_logs:/sample_logs:ro
-    entrypoint: /bin/bash
-    command: -c "/stream log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9525 -p=udp /sample_logs/barracuda-waf-*.log"
-  barracuda-waf-tcp:
-    image: akroh/stream:v0.2.0
-    volumes:
-      - ./sample_logs:/sample_logs:ro
-    entrypoint: /bin/bash
-    command: -c "/stream log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9525 -p=tcp /sample_logs/barracuda-waf-*.log"