forked from elastic/integrations
/
manifest.yml
98 lines (97 loc) · 3.45 KB
/
manifest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
type: logs
title: Cybersixgill Darkfeed Logs
streams:
- input: httpjson
vars:
- name: username
type: text
title: Cybersixgill Darkfeed Client ID
multi: false
required: true
show_user: true
- name: password
type: password
title: Cybersixgill Darkfeed Client Secret
multi: false
required: true
show_user: true
secret: true
- name: enable_request_tracer
type: bool
title: Enable request tracing
multi: false
required: false
show_user: false
description: The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename) for details.
- name: url
type: text
title: Cybersixgill Darkfeed URL
multi: false
required: true
show_user: false
default: https://api.cybersixgill.com/taxii/sixgill-taxii/collections/102/objects
- name: http_client_timeout
type: text
title: HTTP Client Timeout
description: Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h.
multi: false
required: false
show_user: false
default: 30s
- name: proxy_url
type: text
title: Proxy URL
multi: false
required: false
show_user: false
description: URL to proxy connections in the form of http\[s\]://<user>:<password>@<server name/ip>:<port>
- name: interval
type: text
title: Interval
description: Interval at which the logs will be pulled. Supported units for this parameter are h/m/s.
multi: false
required: true
show_user: true
default: 10m
- name: initial_interval
type: text
title: Initial Interval
multi: false
required: true
show_user: false
default: 2160h
description: How far back to look for indicators the first time the agent is started. Supported units for this parameter are h/m/s.
- name: ssl
type: yaml
title: SSL
multi: false
required: false
show_user: false
- name: tags
type: text
title: Tags
multi: true
required: true
show_user: false
default:
- forwarded
- ti_cybersixgill
- name: preserve_original_event
required: true
show_user: true
title: Preserve original event
description: Preserves a raw copy of the original event, added to the field `event.original`
type: bool
multi: false
default: false
- name: processors
type: yaml
title: Processors
multi: false
required: false
show_user: false
description: >
Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
template_path: httpjson.yml.hbs
title: Cybersixgill Darkfeed Logs
description: Collect Cybersixgill Darkfeed Logs