AlienVault OTX,https://docs.elastic.co/integrations/ti_otx,"{""@timestamp"": ""2022-12-21T09:24:01.501Z"", ""agent"": {""ephemeral_id"": ""32ac7970-c892-46ef-baf2-d8a0ce377748"", ""id"": ""a7d83bcb-0b6d-41f4-8edf-aa29923f67ec"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.3.3""}, ""data_stream"": {""dataset"": ""ti_otx.threat"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""a7d83bcb-0b6d-41f4-8edf-aa29923f67ec"", ""snapshot"": false, ""version"": ""8.3.3""}, ""event"": {""agent_id_status"": ""verified"", ""category"": ""threat"", ""created"": ""2022-12-21T09:24:01.501Z"", ""dataset"": ""ti_otx.threat"", ""ingested"": ""2022-12-21T09:24:02Z"", ""kind"": ""enrichment"", ""original"": ""{\""count\"":40359,\""next\"":\""https://otx.alienvault.com/api/v1/indicators/export?types=domain%2CIPv4%2Chostname%2Curl%2CFileHash-SHA256\\u0026modified_since=2020-11-29T01%3A10%3A00+00%3A00\\u0026page=2\"",\""previous\"":null,\""results\"":{\""content\"":\""\"",\""description\"":null,\""id\"":1251,\""indicator\"":\""info.3000uc.com\"",\""title\"":null,\""type\"":\""hostname\""}}"", ""type"": ""indicator""}, ""input"": {""type"": ""httpjson""}, ""otx"": {}, ""tags"": [""preserve_original_event"", ""forwarded"", ""otx-threat""], ""threat"": {""indicator"": {""type"": ""domain-name"", ""url"": {""domain"": ""info.3000uc.com""}}}}"
Amazon ECS,https://docs.elastic.co/integrations/aws/ecs,"{""agent"": {""name"": ""4b4f1fd6f3ff"", ""id"": ""8c424f1d-e9b1-4aab-8ce5-77dceb4becfb"", ""type"": ""metricbeat"", ""ephemeral_id"": ""0c23896b-0bfe-469f-bf76-7203a2d52568"", ""version"": ""8.1.0""}, ""elastic_agent"": {""id"": ""8c424f1d-e9b1-4aab-8ce5-77dceb4becfb"", ""version"": ""8.1.0"", ""snapshot"": false}, ""cloud"": {""provider"": ""aws"", ""region"": ""eu-west-1"", ""account"": {""name"": ""elastic-observability"", ""id"": ""627286350134""}}, ""@timestamp"": ""2022-07-26T08:59:00.000Z"", ""ecs"": {""version"": ""8.0.0""}, ""service"": {""type"": ""aws""}, ""data_stream"": {""namespace"": ""default"", ""type"": ""metrics"", ""dataset"": ""aws.ecs_metrics""}, ""host"": {""hostname"": ""4b4f1fd6f3ff"", ""os"": {""kernel"": ""5.10.104-linuxkit"", ""codename"": ""focal"", ""name"": ""Ubuntu"", ""family"": ""debian"", ""type"": ""linux"", ""version"": ""20.04.3 LTS (Focal Fossa)"", ""platform"": ""ubuntu""}, ""containerized"": false, ""ip"": [""172.19.0.4""], ""name"": ""4b4f1fd6f3ff"", ""mac"": [""02:42:ac:13:00:04""], ""architecture"": ""aarch64""}, ""metricset"": {""period"": 300000, ""name"": ""cloudwatch""}, ""aws"": {""ecs"": {""metrics"": {""CPUUtilization"": {""avg"": 100.040084913373}, ""MemoryUtilization"": {""avg"": 9.195963541666666}}}, ""cloudwatch"": {""namespace"": ""AWS/ECS""}, ""dimensions"": {""ServiceName"": ""integration-service-1"", ""ClusterName"": ""integration-cluster-1""}}, ""event"": {""duration"": 1862196584, ""agent_id_status"": ""verified"", ""ingested"": ""2022-07-26T09:04:12Z"", ""module"": ""aws"", ""dataset"": ""aws.ecs_metrics""}}"
Amazon Redshift,https://docs.elastic.co/integrations/aws/redshift,"{""@timestamp"": ""2022-06-27T11:58:00.000Z"", ""agent"": {""ephemeral_id"": ""a94b780f-b5b5-49b1-88cd-b7a7835f2996"", ""id"": ""d745bccd-73a3-41b4-9fd0-4d9bac14f77b"", ""name"": ""docker-fleet-agent"", ""type"": ""metricbeat"", ""version"": ""8.2.0""}, ""aws"": {""cloudwatch"": {""namespace"": ""AWS/Redshift""}, ""dimensions"": {""ClusterIdentifier"": ""test""}, ""redshift"": {""metrics"": {""CPUUtilization"": {""avg"": 2.43551912568288}, ""CommitQueueLength"": {""avg"": 0}, ""ConcurrencyScalingActiveClusters"": {""avg"": 0}, ""DatabaseConnections"": {""avg"": 0}, ""HealthStatus"": {""avg"": 1}, ""MaintenanceMode"": {""avg"": 0}, ""MaxConfiguredConcurrencyScalingClusters"": {""avg"": 1}, ""NetworkReceiveThroughput"": {""avg"": 2585.956001900078}, ""NetworkTransmitThroughput"": {""avg"": 23262.257531749852}, ""NumExceededSchemaQuotas"": {""avg"": 0}, ""PercentageDiskSpaceUsed"": {""avg"": 0.2197265625}, ""ReadIOPS"": {""avg"": 0}, ""ReadLatency"": {""avg"": 0}, ""ReadThroughput"": {""avg"": 0}, ""TotalTableCount"": {""avg"": 7}, ""WriteIOPS"": {""avg"": 0}, ""WriteLatency"": {""avg"": 0}, ""WriteThroughput"": {""avg"": 0}}}}, ""cloud"": {""account"": {""id"": ""627286350134"", ""name"": ""elastic-observability""}, ""provider"": ""aws"", ""region"": ""us-east-1""}, ""data_stream"": {""dataset"": ""aws.redshift"", ""namespace"": ""ep"", ""type"": ""metrics""}, ""ecs"": {""version"": ""8.0.0""}, ""elastic_agent"": {""id"": ""d745bccd-73a3-41b4-9fd0-4d9bac14f77b"", ""snapshot"": false, ""version"": ""8.2.0""}, ""event"": {""agent_id_status"": ""verified"", ""dataset"": ""aws.redshift"", ""duration"": 12571706173, ""ingested"": ""2022-06-27T12:13:13Z"", ""module"": ""aws""}, ""host"": {""architecture"": ""x86_64"", ""containerized"": false, ""hostname"": ""docker-fleet-agent"", ""ip"": [""192.168.112.7""], ""mac"": [""02:42:c0:a8:70:07""], ""name"": ""docker-fleet-agent"", ""os"": {""codename"": ""focal"", ""family"": ""debian"", ""kernel"": ""5.10.104-linuxkit"", ""name"": ""Ubuntu"", ""platform"": ""ubuntu"", ""type"": ""linux"", ""version"": ""20.04.4 LTS (Focal Fossa)""}}, ""metricset"": {""name"": ""cloudwatch"", ""period"": 300000}, ""service"": {""type"": ""aws""}}"
Amazon S3 Storage Lens,https://docs.elastic.co/integrations/aws/s3_storage_lens,"{""@timestamp"": ""2021-11-07T20:38:00.000Z"", ""ecs"": {""version"": ""8.0.0""}, ""data_stream"": {""namespace"": ""default"", ""type"": ""metrics"", ""dataset"": ""aws.s3_storage_lens""}, ""service"": {""type"": ""aws""}, ""cloud"": {""provider"": ""aws"", ""region"": ""us-east-1"", ""account"": {""name"": ""elastic-beats"", ""id"": ""428152502467""}}, ""metricset"": {""period"": 86400000, ""name"": ""cloudwatch""}, ""event"": {""duration"": 22973251900, ""agent_id_status"": ""verified"", ""ingested"": ""2021-11-08T20:38:37Z"", ""module"": ""aws"", ""dataset"": ""aws.s3_storage_lens""}, ""aws"": {""s3_storage_lens"": {""metrics"": {""NonCurrentVersionStorageBytes"": {""avg"": 0}, ""DeleteMarkerObjectCount"": {""avg"": 0}, ""GetRequests"": {""avg"": 0}, ""SelectReturnedBytes"": {""avg"": 0}, ""ObjectCount"": {""avg"": 164195}, ""HeadRequests"": {""avg"": 0}, ""ListRequests"": {""avg"": 0}, ""DeleteRequests"": {""avg"": 0}, ""SelectRequests"": {""avg"": 0}, ""5xxErrors"": {""avg"": 0}, ""BytesDownloaded"": {""avg"": 0}, ""BytesUploaded"": {""avg"": 82537}, ""CurrentVersionStorageBytes"": {""avg"": 154238334}, ""StorageBytes"": {""avg"": 154238334}, ""ObjectLockEnabledStorageBytes"": {""avg"": 0}, ""4xxErrors"": {""avg"": 0}, ""PutRequests"": {""avg"": 145}, ""ObjectLockEnabledObjectCount"": {""avg"": 0}, ""EncryptedObjectCount"": {""avg"": 164191}, ""CurrentVersionObjectCount"": {""avg"": 164195}, ""IncompleteMultipartUploadObjectCount"": {""avg"": 0}, ""ReplicatedObjectCount"": {""avg"": 0}, ""AllRequests"": {""avg"": 145}, ""PostRequests"": {""avg"": 0}, ""IncompleteMultipartUploadStorageBytes"": {""avg"": 0}, ""NonCurrentVersionObjectCount"": {""avg"": 0}, ""ReplicatedStorageBytes"": {""avg"": 0}, ""EncryptedStorageBytes"": {""avg"": 154237917}, ""SelectScannedBytes"": {""avg"": 0}}}, ""cloudwatch"": {""namespace"": ""AWS/S3/Storage-Lens""}, ""dimensions"": {""metrics_version"": ""1.0"", ""storage_class"": ""STANDARD"", ""aws_region"": ""eu-central-1"", ""bucket_name"": ""filebeat-aws-elb-test"", ""aws_account_number"": ""428152502467"", ""configuration_id"": ""default-account-dashboard"", ""record_type"": ""BUCKET""}}}"
Amazon SQS,https://docs.elastic.co/integrations/aws/sqs,"{""@timestamp"": ""2022-07-26T21:43:00.000Z"", ""agent"": {""name"": ""docker-fleet-agent"", ""id"": ""2d4b09d0-cdb6-445e-ac3f-6415f87b9864"", ""type"": ""metricbeat"", ""ephemeral_id"": ""cdaaaabb-be7e-432f-816b-bda019fd7c15"", ""version"": ""8.3.2""}, ""elastic_agent"": {""id"": ""2d4b09d0-cdb6-445e-ac3f-6415f87b9864"", ""version"": ""8.3.2"", ""snapshot"": false}, ""cloud"": {""provider"": ""aws"", ""region"": ""eu-central-1"", ""account"": {""name"": ""elastic-beats"", ""id"": ""428152502467""}}, ""ecs"": {""version"": ""8.0.0""}, ""service"": {""type"": ""aws""}, ""data_stream"": {""namespace"": ""default"", ""type"": ""metrics"", ""dataset"": ""aws.sqs""}, ""metricset"": {""period"": 300000, ""name"": ""cloudwatch""}, ""aws"": {""sqs"": {""messages"": {""visible"": 1518.4, ""deleted"": 0, ""not_visible"": 0, ""delayed"": 0, ""received"": 0, ""sent"": 0.16666666666666666}, ""empty_receives"": 0, ""sent_message_size"": {""bytes"": 1002}, ""oldest_message_age"": {""sec"": 345605.6}, ""queue"": {""name"": ""filebeat-aws-elb-test""}}, ""cloudwatch"": {""namespace"": ""AWS/SQS""}, ""dimensions"": {""QueueName"": ""filebeat-aws-elb-test""}, ""tags"": {""created-by"": ""kaiyan""}}, ""event"": {""duration"": 11576777300, ""agent_id_status"": ""verified"", ""ingested"": ""2022-07-26T21:47:48Z"", ""module"": ""aws"", ""dataset"": ""aws.sqs""}}"
Anomali,https://docs.elastic.co/integrations/ti_anomali,"{""@timestamp"": ""2022-08-01T15:43:02.944Z"", ""agent"": {""ephemeral_id"": ""633e6483-2625-491c-9640-b4e480191a49"", ""id"": ""83b444a9-8a29-4729-964a-a91e7b770094"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.3.2""}, ""anomali"": {""threatstream"": {""classification"": ""public"", ""confidence"": 20, ""detail2"": ""imported by user 184"", ""id"": ""3135167627"", ""import_session_id"": ""1400"", ""itype"": ""mal_domain"", ""resource_uri"": ""/api/v1/intelligence/P46279656657/"", ""severity"": ""high"", ""source_feed_id"": ""3143"", ""state"": ""active"", ""trusted_circle_ids"": [""122""], ""update_id"": ""3786618776"", ""value_type"": ""domain""}}, ""data_stream"": {""dataset"": ""ti_anomali.threatstream"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""83b444a9-8a29-4729-964a-a91e7b770094"", ""snapshot"": false, ""version"": ""8.3.2""}, ""event"": {""agent_id_status"": ""verified"", ""category"": ""threat"", ""dataset"": ""ti_anomali.threatstream"", ""ingested"": ""2022-08-01T15:43:03Z"", ""kind"": ""enrichment"", ""original"": ""{\""classification\"":\""public\"",\""confidence\"":20,\""country\"":\""FR\"",\""date_first\"":\""2020-10-08T12:21:50\"",\""date_last\"":\""2020-10-08T12:24:42\"",\""detail2\"":\""imported by user 184\"",\""domain\"":\""d4xgfj.example.net\"",\""id\"":3135167627,\""import_session_id\"":1400,\""itype\"":\""mal_domain\"",\""lat\"":-49.1,\""lon\"":94.4,\""org\"":\""OVH Hosting\"",\""resource_uri\"":\""/api/v1/intelligence/P46279656657/\"",\""severity\"":\""high\"",\""source\"":\""Default Organization\"",\""source_feed_id\"":3143,\""srcip\"":\""89.160.20.156\"",\""state\"":\""active\"",\""trusted_circle_ids\"":\""122\"",\""update_id\"":3786618776,\""value_type\"":\""domain\""}"", ""severity"": 7, ""type"": ""indicator""}, ""input"": {""type"": ""http_endpoint""}, ""tags"": [""preserve_original_event"", ""forwarded"", ""anomali-threatstream""], ""threat"": {""indicator"": {""as"": {""organization"": {""name"": ""OVH Hosting""}}, ""confidence"": ""Low"", ""first_seen"": ""2020-10-08T12:21:50.000Z"", ""geo"": {""country_iso_code"": ""FR"", ""location"": {""lat"": -49.1, ""lon"": 94.4}}, ""ip"": ""89.160.20.156"", ""last_seen"": ""2020-10-08T12:24:42.000Z"", ""marking"": {""tlp"": [""WHITE""]}, ""provider"": ""Default Organization"", ""type"": ""domain-name"", ""url"": {""domain"": ""d4xgfj.example.net""}}}}"
Apache Spark,https://docs.elastic.co/integrations/apache_spark,"{""@timestamp"": ""2022-04-11T09:45:08.887Z"", ""agent"": {""ephemeral_id"": ""fd3ce7d1-e237-45c7-88f9-875edafec41e"", ""id"": ""e7990c69-6909-48d1-be06-89dbe36d302c"", ""name"": ""docker-fleet-agent"", ""type"": ""metricbeat"", ""version"": ""8.1.0""}, ""apache_spark"": {""application"": {""name"": ""PythonWordCount.1649670292906"", ""runtime"": {""ms"": 16007}}}, ""data_stream"": {""dataset"": ""apache_spark.application"", ""namespace"": ""ep"", ""type"": ""metrics""}, ""ecs"": {""version"": ""8.5.1""}, ""elastic_agent"": {""id"": ""e7990c69-6909-48d1-be06-89dbe36d302c"", ""snapshot"": false, ""version"": ""8.1.0""}, ""event"": {""agent_id_status"": ""verified"", ""dataset"": ""apache_spark.application"", ""duration"": 21401735, ""ingested"": ""2022-04-11T09:45:12Z"", ""kind"": ""metric"", ""module"": ""apache_spark"", ""type"": ""info""}, ""host"": {""architecture"": ""x86_64"", ""containerized"": true, ""hostname"": ""docker-fleet-agent"", ""ip"": [""192.168.0.5""], ""mac"": [""02:42:c0:a8:00:05""], ""name"": ""docker-fleet-agent"", ""os"": {""codename"": ""focal"", ""family"": ""debian"", ""kernel"": ""5.4.0-107-generic"", ""name"": ""Ubuntu"", ""platform"": ""ubuntu"", ""type"": ""linux"", ""version"": ""20.04.3 LTS (Focal Fossa)""}}, ""metricset"": {""name"": ""jmx"", ""period"": 60000}, ""service"": {""address"": ""http://apache-spark-main:7777/jolokia/%3FignoreErrors=true&canonicalNaming=false"", ""type"": ""jolokia""}}"
Atlassian Bitbucket,https://docs.elastic.co/integrations/atlassian_bitbucket,"{""@timestamp"": ""2021-11-27T18:10:57.316Z"", ""agent"": {""ephemeral_id"": ""c1c6859f-88f5-4ae8-ad40-5c0c9fe933d1"", ""id"": ""82d0dfd8-3946-4ac0-a092-a9146a71e3f7"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.0.0-beta1""}, ""bitbucket"": {""audit"": {""affected_objects"": [{""id"": ""3"", ""name"": ""AT"", ""type"": ""PROJECT""}], ""extra_attributes"": [{""name"": ""target"", ""nameI18nKey"": ""bitbucket.audit.attribute.legacy.target"", ""value"": ""AT""}], ""method"": ""Browser"", ""type"": {""action"": ""Project created"", ""actionI18nKey"": ""bitbucket.service.project.audit.action.projectcreated"", ""category"": ""Projects"", ""categoryI18nKey"": ""bitbucket.service.audit.category.projects""}}}, ""data_stream"": {""dataset"": ""atlassian_bitbucket.audit"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""82d0dfd8-3946-4ac0-a092-a9146a71e3f7"", ""snapshot"": false, ""version"": ""8.0.0-beta1""}, ""event"": {""action"": ""bitbucket.service.project.audit.action.projectcreated"", ""agent_id_status"": ""verified"", ""category"": [""configuration""], ""created"": ""2021-12-24T00:39:23.076Z"", ""dataset"": ""atlassian_bitbucket.audit"", ""ingested"": ""2021-12-24T00:39:24Z"", ""kind"": ""event"", ""original"": ""{\""affectedObjects\"":[{\""id\"":\""3\"",\""name\"":\""AT\"",\""type\"":\""PROJECT\""}],\""author\"":{\""avatarUri\"":\""\"",\""id\"":\""2\"",\""name\"":\""admin\"",\""type\"":\""NORMAL\"",\""uri\"":\""http://bitbucket.internal:7990/users/admin\""},\""changedValues\"":[],\""extraAttributes\"":[{\""name\"":\""target\"",\""nameI18nKey\"":\""bitbucket.audit.attribute.legacy.target\"",\""value\"":\""AT\""}],\""method\"":\""Browser\"",\""node\"":\""8767044c-1b98-4d64-82db-ef29af8c3792\"",\""source\"":\""10.100.100.2\"",\""system\"":\""http://bitbucket.internal:7990\"",\""timestamp\"":\""2021-11-27T18:10:57.316Z\"",\""type\"":{\""action\"":\""Project created\"",\""actionI18nKey\"":\""bitbucket.service.project.audit.action.projectcreated\"",\""category\"":\""Projects\"",\""categoryI18nKey\"":\""bitbucket.service.audit.category.projects\""}}"", ""type"": [""creation""]}, ""input"": {""type"": ""httpjson""}, ""related"": {""hosts"": [""bitbucket.internal""], ""ip"": [""10.100.100.2""], ""user"": [""admin""]}, ""service"": {""address"": ""http://bitbucket.internal:7990""}, ""source"": {""address"": ""10.100.100.2"", ""ip"": ""10.100.100.2""}, ""tags"": [""preserve_original_event"", ""forwarded"", ""bitbucket-audit""], ""user"": {""id"": ""2"", ""name"": ""admin""}}"
Auditd Manager,https://docs.elastic.co/integrations/auditd_manager,"{""@timestamp"": ""2022-05-12T13:10:13.230Z"", ""agent"": {""ephemeral_id"": ""cfe4170e-f9b4-435f-b19c-a0e75b573b3a"", ""id"": ""753ce520-4f32-45b1-9212-c4dcc9d575a1"", ""name"": ""custom-agent"", ""type"": ""auditbeat"", ""version"": ""8.2.0""}, ""auditd"": {""data"": {""a0"": ""a"", ""a1"": ""c00024e8c0"", ""a2"": ""38"", ""a3"": ""0"", ""arch"": ""x86_64"", ""audit_pid"": ""22501"", ""auid"": ""unset"", ""exit"": ""56"", ""old"": ""0"", ""op"": ""set"", ""result"": ""success"", ""ses"": ""unset"", ""socket"": {""family"": ""netlink"", ""saddr"": ""100000000000000000000000""}, ""syscall"": ""sendto"", ""tty"": ""(none)""}, ""message_type"": ""config_change"", ""messages"": [""type=CONFIG_CHANGE msg=audit(1652361013.230:94471): op=set audit_pid=22501 old=0 auid=4294967295 ses=4294967295 res=1"", ""type=SYSCALL msg=audit(1652361013.230:94471): arch=c000003e syscall=44 success=yes exit=56 a0=a a1=c00024e8c0 a2=38 a3=0 items=0 ppid=9509 pid=22501 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\""auditbeat\"" exe=\""/usr/share/elastic-agent/data/elastic-agent-b9a28a/install/auditbeat-8.2.0-linux-x86_64/auditbeat\"" key=(null)"", ""type=SOCKADDR msg=audit(1652361013.230:94471): saddr=100000000000000000000000"", ""type=PROCTITLE msg=audit(1652361013.230:94471): proctitle=2F7573722F73686172652F656C61737469632D6167656E742F646174612F656C61737469632D6167656E742D6239613238612F696E7374616C6C2F6175646974626561742D382E322E302D6C696E75782D7838365F36342F617564697462656174002D63006175646974626561742E656C61737469632D6167656E742E796D6C""], ""result"": ""success"", ""summary"": {""actor"": {""primary"": ""unset"", ""secondary"": ""root""}, ""how"": ""/usr/share/elastic-agent/data/elastic-agent-b9a28a/install/auditbeat-8.2.0-linux-x86_64/auditbeat"", ""object"": {""primary"": ""set"", ""type"": ""audit-config""}}, ""user"": {""filesystem"": {""group"": {""id"": ""0"", ""name"": ""root""}, ""id"": ""0"", ""name"": ""root""}, ""saved"": {""group"": {""id"": ""0"", ""name"": ""root""}, ""id"": ""0"", ""name"": ""root""}}}, ""data_stream"": {""dataset"": ""auditd_manager.auditd"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""753ce520-4f32-45b1-9212-c4dcc9d575a1"", ""snapshot"": false, ""version"": ""8.2.0""}, ""event"": {""action"": ""changed-audit-configuration"", ""agent_id_status"": ""verified"", ""category"": [""process"", ""configuration"", ""network""], ""dataset"": ""auditd_manager.auditd"", ""ingested"": ""2022-05-12T13:10:16Z"", ""kind"": ""event"", ""module"": ""auditd"", ""original"": ""type=CONFIG_CHANGE msg=audit(1652361013.230:94471): op=set audit_pid=22501 old=0 auid=4294967295 ses=4294967295 res=1\ntype=SYSCALL msg=audit(1652361013.230:94471): arch=c000003e syscall=44 success=yes exit=56 a0=a a1=c00024e8c0 a2=38 a3=0 items=0 ppid=9509 pid=22501 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\""auditbeat\"" exe=\""/usr/share/elastic-agent/data/elastic-agent-b9a28a/install/auditbeat-8.2.0-linux-x86_64/auditbeat\"" key=(null)\ntype=SOCKADDR msg=audit(1652361013.230:94471): saddr=100000000000000000000000\ntype=PROCTITLE msg=audit(1652361013.230:94471): proctitle=2F7573722F73686172652F656C61737469632D6167656E742F646174612F656C61737469632D6167656E742D6239613238612F696E7374616C6C2F6175646974626561742D382E322E302D6C696E75782D7838365F36342F617564697462656174002D63006175646974626561742E656C61737469632D6167656E742E796D6C"", ""outcome"": ""success"", ""sequence"": 94471, ""type"": [""change"", ""connection"", ""info""]}, ""host"": {""name"": ""custom-agent""}, ""network"": {""direction"": ""egress""}, ""process"": {""executable"": ""/usr/share/elastic-agent/data/elastic-agent-b9a28a/install/auditbeat-8.2.0-linux-x86_64/auditbeat"", ""name"": ""auditbeat"", ""parent"": {""pid"": 9509}, ""pid"": 22501, ""title"": ""/usr/share/elastic-agent/data/elastic-agent-b9a28a/install/auditbeat-8.2.0-linux-x86_64/auditbeat -c auditbeat.elastic-agent.yml""}, ""service"": {""type"": ""auditd""}, ""tags"": [""preserve_original_event"", ""auditd_manager-auditd""], ""user"": {""group"": {""id"": ""0"", ""name"": ""root""}, ""id"": ""0"", ""name"": ""root""}}"
AWS Fargate,https://docs.elastic.co/integrations/awsfargate,"{""@timestamp"": ""2017-10-12T08:05:34.853Z"", ""awsfargate"": {""task_stats"": {""cluster_name"": ""default"", ""task_known_status"": ""RUNNING"", ""task_desired_status"": ""RUNNING"", ""cpu"": {""core"": null, ""kernel"": {""norm"": {""pct"": 0}, ""pct"": 0, ""ticks"": 1520000000}, ""system"": {""norm"": {""pct"": 1}, ""pct"": 2, ""ticks"": 1420180000000}, ""total"": {""norm"": {""pct"": 0.2}, ""pct"": 0.4}, ""user"": {""norm"": {""pct"": 0}, ""pct"": 0, ""ticks"": 490000000}}, ""diskio"": {""read"": {""bytes"": 3452928, ""ops"": 118, ""queued"": 0, ""rate"": 0, ""service_time"": 0, ""wait_time"": 0}, ""reads"": 0, ""summary"": {""bytes"": 3452928, ""ops"": 118, ""queued"": 0, ""rate"": 0, ""service_time"": 0, ""wait_time"": 0}, ""total"": 0, ""write"": {""bytes"": 0, ""ops"": 0, ""queued"": 0, ""rate"": 0, ""service_time"": 0, ""wait_time"": 0}, ""writes"": 0}, ""identifier"": ""query-metadata/1234"", ""memory"": {""fail"": {""count"": 0}, ""limit"": 0, ""rss"": {""pct"": 0.0010557805807105247, ""total"": 4157440}, ""stats"": {""active_anon"": 4157440, ""active_file"": 4497408, ""cache"": 6000640, ""dirty"": 16384, ""hierarchical_memory_limit"": 2147483648, ""hierarchical_memsw_limit"": 9223372036854772000, ""inactive_anon"": 0, ""inactive_file"": 1503232, ""mapped_file"": 2183168, ""pgfault"": 6668, ""pgmajfault"": 52, ""pgpgin"": 5925, ""pgpgout"": 3445, ""rss"": 4157440, ""rss_huge"": 0, ""total_active_anon"": 4157440, ""total_active_file"": 4497408, ""total_cache"": 600064, ""total_dirty"": 16384, ""total_inactive_anon"": 0, ""total_inactive_file"": 4497408, ""total_mapped_file"": 2183168, ""total_pgfault"": 6668, ""total_pgmajfault"": 52, ""total_pgpgin"": 5925, ""total_pgpgout"": 3445, ""total_rss"": 4157440, ""total_rss_huge"": 0, ""total_unevictable"": 0, ""total_writeback"": 0, ""unevictable"": 0, ""writeback"": 0}, ""usage"": {""max"": 15294464, ""pct"": 0.003136136404770672, ""total"": 12349440}}, ""network"": {""eth0"": {""inbound"": {""bytes"": 137315578, ""dropped"": 0, ""errors"": 0, ""packets"": 94338}, ""outbound"": {""bytes"": 1086811, ""dropped"": 0, ""errors"": 0, ""packets"": 25857}}}, ""task_name"": ""query-metadata""}}, ""cloud"": {""region"": ""us-west-2""}, ""container"": {""id"": ""1234"", ""image"": {""name"": ""mreferre/eksutils""}, ""labels"": {""com_amazonaws_ecs_cluster"": ""arn:aws:ecs:us-west-2:111122223333:cluster/default"", ""com_amazonaws_ecs_container-name"": ""query-metadata"", ""com_amazonaws_ecs_task-arn"": ""arn:aws:ecs:us-west-2:111122223333:task/default/febee046097849aba589d4435207c04a"", ""com_amazonaws_ecs_task-definition-family"": ""query-metadata"", ""com_amazonaws_ecs_task-definition-version"": ""7""}, ""name"": ""query-metadata""}, ""service"": {""type"": ""awsfargate""}}"
AWS Inspector,https://docs.elastic.co/integrations/aws/inspector,"{""@timestamp"": ""2022-09-20T19:52:26.405Z"", ""agent"": {""ephemeral_id"": ""d1032859-fd44-410c-9960-dde7dcbc3a2e"", ""id"": ""4a3373c9-b63f-4544-a929-761b42f50054"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.4.0""}, ""aws"": {""inspector"": {""finding_arn"": ""arn:aws:s3:::sample"", ""first_observed_at"": ""2022-09-20T19:52:26.405Z"", ""inspector_score"": 1.2, ""inspector_score_details"": {""adjusted_cvss"": {""adjustments"": [{""metric"": ""Base"", ""reason"": ""use Base metric""}], ""cvss_source"": ""scope1"", ""score"": {""source"": ""scope2"", ""value"": 8.9}, ""scoring_vector"": ""Attack Vector"", ""version"": ""v3.1""}}, ""last_observed_at"": ""2022-09-20T19:52:26.405Z"", ""network_reachability_details"": {""network_path"": {""steps"": [{""component"": {""id"": ""02ce3860-3126-42af-8ac7-c2a661134129"", ""type"": ""type""}}]}, ""open_port_range"": {""begin"": 1234, ""end"": 4567}}, ""package_vulnerability_details"": {""cvss"": [{""scoring_vector"": ""Attack Vector"", ""source"": ""scope3""}], ""related_vulnerabilities"": [""security""], ""source"": {""url"": {""domain"": ""cve.mitre.org"", ""extension"": ""cgi"", ""original"": ""https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111"", ""path"": ""/cgi-bin/cvename.cgi"", ""query"": ""name=CVE-2019-6111"", ""scheme"": ""https""}, ""value"": ""example""}, ""vendor"": {""created_at"": ""2022-09-20T19:52:26.405Z"", ""updated_at"": ""2022-09-20T19:52:26.405Z""}, ""vulnerable_packages"": [{""arch"": ""arch"", ""epoch"": 123, ""file_path"": ""/example"", ""fixed_inversion"": ""3"", ""name"": ""example"", ""package_manager"": ""BUNDLER"", ""release"": ""release"", ""source_layer_hash"": ""50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c"", ""version"": ""2.0""}]}, ""remediation"": {""recommendation"": {""text"": ""example"", ""url"": {""domain"": ""cve.mitre.org"", ""extension"": ""cgi"", ""original"": ""https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111"", ""path"": ""/cgi-bin/cvename.cgi"", ""query"": ""name=CVE-2019-6111"", ""scheme"": ""https""}}}, ""resources"": [{""details"": {""aws"": {""ec2_instance"": {""iam_instance_profile_arn"": ""arn:aws:s3:::iam"", ""image_id"": ""123456789"", ""ipv4_addresses"": [""89.160.20.128"", ""81.2.69.192""], ""ipv6_addresses"": [""2a02:cf40::""], ""key_name"": ""sample"", ""launched_at"": ""2022-09-20T19:52:26.405Z"", ""platform"": ""EC2"", ""subnet_id"": ""123456"", ""type"": ""Instance"", ""vpc_id"": ""3265875""}, ""ecr_container_image"": {""architecture"": ""arch"", ""author"": ""example"", ""image"": {""hash"": ""50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545d"", ""tags"": [""sample""]}, ""platform"": ""ECR"", ""pushed_at"": ""2022-09-20T19:52:26.405Z"", ""registry"": ""ecr registry"", ""repository_name"": ""sample""}}}, ""id"": ""12345678"", ""partition"": ""partition"", ""tags"": {""string1"": ""string1"", ""string2"": ""string2""}, ""type"": ""AWS_EC2_INSTANCE""}], ""severity"": ""INFORMATIONAL"", ""status"": ""ACTIVE"", ""title"": ""sample findings"", ""type"": ""NETWORK_REACHABILITY""}}, ""cloud"": {""account"": {""id"": ""123456789""}, ""region"": [""us-east-1""]}, ""data_stream"": {""dataset"": ""aws.inspector"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.2.0""}, ""elastic_agent"": {""id"": ""4a3373c9-b63f-4544-a929-761b42f50054"", ""snapshot"": false, ""version"": ""8.4.0""}, ""event"": {""agent_id_status"": ""verified"", ""created"": ""2022-11-17T13:05:04.253Z"", ""dataset"": ""aws.inspector"", ""ingested"": ""2022-11-17T13:05:07Z"", ""kind"": ""event"", ""original"": ""{\""awsAccountId\"":\""123456789\"",\""description\"":\""Findins message\"",\""findingArn\"":\""arn:aws:s3:::sample\"",\""firstObservedAt\"":\""1.663703546405E9\"",\""inspectorScore\"":1.2,\""inspectorScoreDetails\"":{\""adjustedCvss\"":{\""adjustments\"":[{\""metric\"":\""Base\"",\""reason\"":\""use Base metric\""}],\""cvssSource\"":\""scope1\"",\""score\"":8.9,\""scoreSource\"":\""scope2\"",\""scoringVector\"":\""Attack Vector\"",\""version\"":\""v3.1\""}},\""lastObservedAt\"":\""1.663703546405E9\"",\""networkReachabilityDetails\"":{\""networkPath\"":{\""steps\"":[{\""componentId\"":\""02ce3860-3126-42af-8ac7-c2a661134129\"",\""componentType\"":\""type\""}]},\""openPortRange\"":{\""begin\"":1234,\""end\"":4567},\""protocol\"":\""TCP\""},\""packageVulnerabilityDetails\"":{\""cvss\"":[{\""baseScore\"":1.1,\""scoringVector\"":\""Attack Vector\"",\""source\"":\""scope3\"",\""version\"":\""v3.1\""}],\""referenceUrls\"":[\""https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111\""],\""relatedVulnerabilities\"":[\""security\""],\""source\"":\""example\"",\""sourceUrl\"":\""https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111\"",\""vendorCreatedAt\"":\""1.663703546405E9\"",\""vendorSeverity\"":\""basic\"",\""vendorUpdatedAt\"":\""1.663703546405E9\"",\""vulnerabilityId\"":\""123456789\"",\""vulnerablePackages\"":[{\""arch\"":\""arch\"",\""epoch\"":123,\""filePath\"":\""/example\"",\""fixedInVersion\"":\""3\"",\""name\"":\""example\"",\""packageManager\"":\""BUNDLER\"",\""release\"":\""release\"",\""sourceLayerHash\"":\""50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c\"",\""version\"":\""2.0\""}]},\""remediation\"":{\""recommendation\"":{\""Url\"":\""https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111\"",\""text\"":\""example\""}},\""resources\"":[{\""details\"":{\""awsEc2Instance\"":{\""iamInstanceProfileArn\"":\""arn:aws:s3:::iam\"",\""imageId\"":\""123456789\"",\""ipV4Addresses\"":[\""89.160.20.128\"",\""81.2.69.192\""],\""ipV6Addresses\"":[\""2a02:cf40::\""],\""keyName\"":\""sample\"",\""launchedAt\"":\""1.663703546405E9\"",\""platform\"":\""EC2\"",\""subnetId\"":\""123456\"",\""type\"":\""Instance\"",\""vpcId\"":\""3265875\""},\""awsEcrContainerImage\"":{\""architecture\"":\""arch\"",\""author\"":\""example\"",\""imageHash\"":\""50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545d\"",\""imageTags\"":[\""sample\""],\""platform\"":\""ECR\"",\""pushedAt\"":\""1.663703546405E9\"",\""registry\"":\""ecr registry\"",\""repositoryName\"":\""sample\""}},\""id\"":\""12345678\"",\""partition\"":\""partition\"",\""region\"":\""us-east-1\"",\""tags\"":{\""string1\"":\""string1\"",\""string2\"":\""string2\""},\""type\"":\""AWS_EC2_INSTANCE\""}],\""severity\"":\""INFORMATIONAL\"",\""status\"":\""ACTIVE\"",\""title\"":\""sample findings\"",\""type\"":\""NETWORK_REACHABILITY\"",\""updatedAt\"":\""1.663703546405E9\""}"", ""type"": [""info""]}, ""input"": {""type"": ""httpjson""}, ""message"": ""Findins message"", ""network"": {""transport"": ""tcp""}, ""related"": {""hash"": [""50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c"", ""50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545d""], ""ip"": [""89.160.20.128"", ""81.2.69.192"", ""2a02:cf40::""]}, ""tags"": [""preserve_original_event"", ""forwarded"", ""aws-inspector""], ""vulnerability"": {""id"": ""123456789"", ""reference"": [""https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111""], ""score"": {""base"": [1.1], ""version"": [""v3.1""]}, ""severity"": ""basic""}}"
AWS Route 53,https://docs.elastic.co/integrations/aws/route53,"{""awscloudwatch"": {""log_group"": ""test"", ""ingestion_time"": ""2021-12-06T02:18:20.000Z"", ""log_stream"": ""test""}, ""agent"": {""name"": ""docker-fleet-agent"", ""id"": ""c00f804f-7a02-441b-88f4-aeb9da6410d9"", ""type"": ""filebeat"", ""ephemeral_id"": ""1cf87179-f6b3-44b0-a46f-3aa6bc0f995f"", ""version"": ""8.0.0""}, ""elastic_agent"": {""id"": ""c00f804f-7a02-441b-88f4-aeb9da6410d9"", ""version"": ""8.0.0"", ""snapshot"": true}, ""dns"": {""response_code"": ""NOERROR"", ""question"": {""registered_domain"": ""example.com"", ""top_level_domain"": ""com"", ""name"": ""txt.example.com"", ""subdomain"": ""txt"", ""type"": ""TXT""}}, ""source"": {""as"": {""number"": 721, ""organization"": {""name"": ""DoD Network Information Center""}}, ""address"": ""55.36.5.7"", ""ip"": ""55.36.5.7""}, ""tags"": [""preserve_original_event"", ""forwarded"", ""aws-route53-logs""], ""network"": {""protocol"": ""dns"", ""transport"": ""udp"", ""type"": ""ipv4"", ""iana_number"": ""17""}, ""cloud"": {""provider"": ""aws"", ""region"": ""us-east-1""}, ""input"": {""type"": ""aws-cloudwatch""}, ""@timestamp"": ""2017-12-13T08:16:05.744Z"", ""ecs"": {""version"": ""8.0.0""}, ""related"": {""hosts"": [""txt.example.com""], ""ip"": [""55.36.5.7""]}, ""data_stream"": {""namespace"": ""default"", ""type"": ""logs"", ""dataset"": ""aws.route53_public_logs""}, ""log.file.path"": ""test/test"", ""event"": {""agent_id_status"": ""verified"", ""ingested"": ""2021-12-06T02:37:25Z"", ""original"": ""1.0 2017-12-13T08:16:05.744Z Z123412341234 txt.example.com TXT NOERROR UDP JFK5 55.36.5.7 -"", ""kind"": ""event"", ""id"": ""36545504503447201576705984279898091551471012413796646912"", ""category"": [""network""], ""type"": [""protocol""], ""dataset"": ""aws.route53_public_logs"", ""outcome"": ""success""}, ""aws"": {""route53"": {""hosted_zone_id"": ""Z123412341234"", ""edge_location"": ""JFK5""}}}"
AWS Security Hub,https://docs.elastic.co/integrations/aws/securityhub,"{""@timestamp"": ""2017-03-22T13:22:13.933Z"", ""agent"": {""ephemeral_id"": ""01f4fdba-8670-479d-b54f-7d39403bb723"", ""id"": ""eea1c0db-3657-4195-add3-da25a54834e7"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.4.0""}, ""aws"": {""securityhub_findings"": {""action"": {""port_probe"": {""blocked"": false, ""details"": [{""local"": {""ip"": {""address_v4"": ""1.128.0.0""}, ""port"": {""name"": ""HTTP"", ""number"": 80}}, ""remote_ip"": {""city"": {""name"": ""Example City""}, ""country"": {""name"": ""Example Country""}, ""geolocation"": {""latitude"": 0, ""longitude"": 0}, ""organization"": {""asn"": ""64496"", ""asn_organization"": ""ExampleASO"", ""internet_provider"": ""ExampleOrg"", ""internet_service_provider"": ""ExampleISP""}}}]}}, ""aws_account_id"": ""111111111111"", ""company"": {""name"": ""AWS""}, ""compliance"": {""related_requirements"": [""Req1"", ""Req2""], ""status"": ""PASSED"", ""status_reasons"": [{""description"": ""CloudWatch alarms do not exist in the account"", ""reason_code"": ""CLOUDWATCH_ALARMS_NOT_PRESENT""}]}, ""confidence"": 42, ""criticality"": 99, ""description"": ""The version of openssl found on instance i-abcd1234 is known to contain a vulnerability."", ""first_observed_at"": ""2017-03-22T13:22:13.933Z"", ""generator"": {""id"": ""acme-vuln-9ab348""}, ""last_observed_at"": ""2017-03-23T13:22:13.933Z"", ""malware"": [{""name"": ""Stringler"", ""path"": ""/usr/sbin/stringler"", ""state"": ""OBSERVED"", ""type"": ""COIN_MINER""}], ""network"": {""open_port_range"": {""begin"": 443, ""end"": 443}}, ""network_path"": [{""component"": {""id"": ""abc-01a234bc56d8901ee"", ""type"": ""AWS::EC2::InternetGateway""}, ""egress"": {""destination"": {""address"": [""1.128.0.0/24""], ""port_ranges"": [{""begin"": 443, ""end"": 443}]}, ""protocol"": ""TCP"", ""source"": {""address"": [""175.16.199.1/24""]}}, ""ingress"": {""destination"": {""address"": [""175.16.199.1/24""], ""port_ranges"": [{""begin"": 443, ""end"": 443}]}, ""protocol"": ""TCP"", ""source"": {""address"": [""175.16.199.1/24""]}}}], ""note"": {""text"": ""Don't forget to check under the mat."", ""updated_at"": ""2018-08-31T00:15:09.000Z"", ""updated_by"": ""jsmith""}, ""patch_summary"": {""failed"": {""count"": 0}, ""id"": ""pb-123456789098"", ""installed"": {""count"": 100, ""other"": {""count"": 1023}, ""pending_reboot"": 0, ""rejected"": {""count"": 0}}, ""missing"": {""count"": 100}, ""operation"": {""end_time"": ""2018-09-27T23:39:31.000Z"", ""start_time"": ""2018-09-27T23:37:31.000Z"", ""type"": ""Install""}, ""reboot_option"": ""RebootIfNeeded""}, ""product"": {""arn"": ""arn:aws:securityhub:us-east-1:111111111111:product/111111111111/default"", ""fields"": {""Service_Name"": ""cloudtrail.amazonaws.com"", ""aws/inspector/AssessmentTargetName"": ""My prod env"", ""aws/inspector/AssessmentTemplateName"": ""My daily CVE assessment"", ""aws/inspector/RulesPackageName"": ""Common Vulnerabilities and Exposures"", ""generico/secure-pro/Count"": ""6""}, ""name"": ""Security Hub""}, ""provider_fields"": {""confidence"": 42, ""criticality"": 99, ""related_findings"": [{""id"": ""123e4567-e89b-12d3-a456-426655440000"", ""product"": {""arn"": ""arn:aws:securityhub:us-west-2::product/aws/guardduty""}}], ""severity"": {""label"": ""MEDIUM"", ""original"": ""MEDIUM""}, ""types"": [""Software and Configuration Checks/Vulnerabilities/CVE""]}, ""record_state"": ""ACTIVE"", ""region"": ""us-east-1"", ""related_findings"": [{""id"": ""123e4567-e89b-12d3-a456-426655440000"", ""product"": {""arn"": ""arn:aws:securityhub:us-west-2::product/aws/guardduty""}}, {""id"": ""AcmeNerfHerder-111111111111-x189dx7824"", ""product"": {""arn"": ""arn:aws:securityhub:us-west-2::product/aws/guardduty""}}], ""remediation"": {""recommendation"": {""text"": ""Run sudo yum update and cross your fingers and toes."", ""url"": ""http://myfp.com/recommendations/dangerous_things_and_how_to_fix_them.html""}}, ""resources"": [{""Details"": {""IamInstanceProfileArn"": ""arn:aws:iam::123456789012:role/IamInstanceProfileArn"", ""ImageId"": ""ami-79fd7eee"", ""IpV4Addresses"": [""175.16.199.1""], ""IpV6Addresses"": [""2a02:cf40::""], ""KeyName"": ""testkey"", ""LaunchedAt"": ""2018-09-29T01:25:54Z"", ""MetadataOptions"": {""HttpEndpoint"": ""enabled"", ""HttpProtocolIpv6"": ""enabled"", ""HttpPutResponseHopLimit"": 1, ""HttpTokens"": ""optional"", ""InstanceMetadataTags"": ""disabled""}, ""NetworkInterfaces"": [{""NetworkInterfaceId"": ""eni-e5aa89a3""}], ""SubnetId"": ""PublicSubnet"", ""Type"": ""i3.xlarge"", ""VirtualizationType"": ""hvm"", ""VpcId"": ""TestVPCIpv6""}, ""Id"": ""i-cafebabe"", ""Partition"": ""aws"", ""Region"": ""us-west-2"", ""Tags"": {""billingCode"": ""Lotus-1-2-3"", ""needsPatching"": ""true""}, ""Type"": ""AwsEc2Instance""}], ""sample"": true, ""schema"": {""version"": ""2018-10-08""}, ""severity"": {""label"": ""CRITICAL"", ""original"": ""8.3""}, ""source_url"": ""http://threatintelweekly.org/backdoors/8888"", ""threat_intel_indicators"": [{""category"": ""BACKDOOR"", ""source"": ""Threat Intel Weekly"", ""source_url"": ""http://threatintelweekly.org/backdoors/8888"", ""value"": ""175.16.199.1""}], ""title"": ""EC2.20 Both VPN tunnels for an AWS Site-to-Site VPN connection should be up"", ""types"": [""Software and Configuration Checks/Vulnerabilities/CVE""], ""updated_at"": ""2018-08-31T00:15:09.000Z"", ""user_defined_fields"": {""comeBackToLater"": ""Check this again on Monday"", ""reviewedByCio"": ""true""}, ""verification_state"": ""UNKNOWN"", ""vulnerabilities"": [{""cvss"": [{""base_score"": 4.7, ""base_vector"": ""AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"", ""version"": ""V3""}, {""base_score"": 4.7, ""base_vector"": ""AV:L/AC:M/Au:N/C:C/I:N/A:N"", ""version"": ""V2""}], ""related_vulnerabilities"": [""CVE-2020-12345""], ""vendor"": {""created_at"": ""2020-01-16T00:01:43.000Z"", ""severity"": ""Medium"", ""updated_at"": ""2020-01-16T00:01:43.000Z"", ""url"": ""https://alas.aws.amazon.com/ALAS-2020-1337.html""}, ""vulnerable_packages"": [{""architecture"": ""x86_64"", ""epoch"": ""1"", ""name"": ""openssl"", ""release"": ""16.amzn2.0.3"", ""version"": ""1.0.2k""}]}], ""workflow"": {""state"": ""NEW"", ""status"": ""NEW""}}}, ""cloud"": {""account"": {""id"": ""111111111111""}}, ""data_stream"": {""dataset"": ""aws.securityhub_findings"", ""namespace"": ""ep"", ""type"": ""logs""}, ""destination"": {""domain"": ""example2.com"", ""ip"": [""1.128.0.0"", ""2a02:cf40::""], ""port"": 80}, ""ecs"": {""version"": ""8.2.0""}, ""elastic_agent"": {""id"": ""eea1c0db-3657-4195-add3-da25a54834e7"", ""snapshot"": true, ""version"": ""8.4.0""}, ""event"": {""action"": ""port_probe"", ""agent_id_status"": ""verified"", ""created"": ""2022-07-27T12:47:41.799Z"", ""dataset"": ""aws.securityhub_findings"", ""id"": ""us-west-2/111111111111/98aebb2207407c87f51e89943f12b1ef"", ""ingested"": ""2022-07-27T12:47:45Z"", ""kind"": ""event"", ""original"": ""{\""Action\"":{\""ActionType\"":\""PORT_PROBE\"",\""PortProbeAction\"":{\""Blocked\"":false,\""PortProbeDetails\"":[{\""LocalIpDetails\"":{\""IpAddressV4\"":\""1.128.0.0\""},\""LocalPortDetails\"":{\""Port\"":80,\""PortName\"":\""HTTP\""},\""RemoteIpDetails\"":{\""City\"":{\""CityName\"":\""Example City\""},\""Country\"":{\""CountryName\"":\""Example Country\""},\""GeoLocation\"":{\""Lat\"":0,\""Lon\"":0},\""Organization\"":{\""Asn\"":64496,\""AsnOrg\"":\""ExampleASO\"",\""Isp\"":\""ExampleISP\"",\""Org\"":\""ExampleOrg\""}}}]}},\""AwsAccountId\"":\""111111111111\"",\""CompanyName\"":\""AWS\"",\""Compliance\"":{\""RelatedRequirements\"":[\""Req1\"",\""Req2\""],\""Status\"":\""PASSED\"",\""StatusReasons\"":[{\""Description\"":\""CloudWatch alarms do not exist in the account\"",\""ReasonCode\"":\""CLOUDWATCH_ALARMS_NOT_PRESENT\""}]},\""Confidence\"":42,\""CreatedAt\"":\""2017-03-22T13:22:13.933Z\"",\""Criticality\"":99,\""Description\"":\""The version of openssl found on instance i-abcd1234 is known to contain a vulnerability.\"",\""FindingProviderFields\"":{\""Confidence\"":42,\""Criticality\"":99,\""RelatedFindings\"":[{\""Id\"":\""123e4567-e89b-12d3-a456-426655440000\"",\""ProductArn\"":\""arn:aws:securityhub:us-west-2::product/aws/guardduty\""}],\""Severity\"":{\""Label\"":\""MEDIUM\"",\""Original\"":\""MEDIUM\""},\""Types\"":[\""Software and Configuration Checks/Vulnerabilities/CVE\""]},\""FirstObservedAt\"":\""2017-03-22T13:22:13.933Z\"",\""GeneratorId\"":\""acme-vuln-9ab348\"",\""Id\"":\""us-west-2/111111111111/98aebb2207407c87f51e89943f12b1ef\"",\""LastObservedAt\"":\""2017-03-23T13:22:13.933Z\"",\""Malware\"":[{\""Name\"":\""Stringler\"",\""Path\"":\""/usr/sbin/stringler\"",\""State\"":\""OBSERVED\"",\""Type\"":\""COIN_MINER\""}],\""Network\"":{\""DestinationDomain\"":\""example2.com\"",\""DestinationIpV4\"":\""1.128.0.0\"",\""DestinationIpV6\"":\""2a02:cf40::\"",\""DestinationPort\"":\""80\"",\""Direction\"":\""IN\"",\""OpenPortRange\"":{\""Begin\"":443,\""End\"":443},\""Protocol\"":\""TCP\"",\""SourceDomain\"":\""example1.com\"",\""SourceIpV4\"":\""1.128.0.0\"",\""SourceIpV6\"":\""2a02:cf40::\"",\""SourceMac\"":\""00:0d:83:b1:c0:8e\"",\""SourcePort\"":\""42\""},\""NetworkPath\"":[{\""ComponentId\"":\""abc-01a234bc56d8901ee\"",\""ComponentType\"":\""AWS::EC2::InternetGateway\"",\""Egress\"":{\""Destination\"":{\""Address\"":[\""1.128.0.0/24\""],\""PortRanges\"":[{\""Begin\"":443,\""End\"":443}]},\""Protocol\"":\""TCP\"",\""Source\"":{\""Address\"":[\""175.16.199.1/24\""]}},\""Ingress\"":{\""Destination\"":{\""Address\"":[\""175.16.199.1/24\""],\""PortRanges\"":[{\""Begin\"":443,\""End\"":443}]},\""Protocol\"":\""TCP\"",\""Source\"":{\""Address\"":[\""175.16.199.1/24\""]}}}],\""Note\"":{\""Text\"":\""Don't forget to check under the mat.\"",\""UpdatedAt\"":\""2018-08-31T00:15:09Z\"",\""UpdatedBy\"":\""jsmith\""},\""PatchSummary\"":{\""FailedCount\"":\""0\"",\""Id\"":\""pb-123456789098\"",\""InstalledCount\"":\""100\"",\""InstalledOtherCount\"":\""1023\"",\""InstalledPendingReboot\"":\""0\"",\""InstalledRejectedCount\"":\""0\"",\""MissingCount\"":\""100\"",\""Operation\"":\""Install\"",\""OperationEndTime\"":\""2018-09-27T23:39:31Z\"",\""OperationStartTime\"":\""2018-09-27T23:37:31Z\"",\""RebootOption\"":\""RebootIfNeeded\""},\""Process\"":{\""LaunchedAt\"":\""2018-09-27T22:37:31Z\"",\""Name\"":\""syslogd\"",\""ParentPid\"":56789,\""Path\"":\""/usr/sbin/syslogd\"",\""Pid\"":12345,\""TerminatedAt\"":\""2018-09-27T23:37:31Z\""},\""ProductArn\"":\""arn:aws:securityhub:us-east-1:111111111111:product/111111111111/default\"",\""ProductFields\"":{\""Service_Name\"":\""cloudtrail.amazonaws.com\"",\""aws/inspector/AssessmentTargetName\"":\""My prod env\"",\""aws/inspector/AssessmentTemplateName\"":\""My daily CVE assessment\"",\""aws/inspector/RulesPackageName\"":\""Common Vulnerabilities and Exposures\"",\""generico/secure-pro/Count\"":\""6\""},\""ProductName\"":\""Security Hub\"",\""RecordState\"":\""ACTIVE\"",\""Region\"":\""us-east-1\"",\""RelatedFindings\"":[{\""Id\"":\""123e4567-e89b-12d3-a456-426655440000\"",\""ProductArn\"":\""arn:aws:securityhub:us-west-2::product/aws/guardduty\""},{\""Id\"":\""AcmeNerfHerder-111111111111-x189dx7824\"",\""ProductArn\"":\""arn:aws:securityhub:us-west-2::product/aws/guardduty\""}],\""Remediation\"":{\""Recommendation\"":{\""Text\"":\""Run sudo yum update and cross your fingers and toes.\"",\""Url\"":\""http://myfp.com/recommendations/dangerous_things_and_how_to_fix_them.html\""}},\""Resources\"":[{\""Details\"":{\""IamInstanceProfileArn\"":\""arn:aws:iam::123456789012:role/IamInstanceProfileArn\"",\""ImageId\"":\""ami-79fd7eee\"",\""IpV4Addresses\"":[\""175.16.199.1\""],\""IpV6Addresses\"":[\""2a02:cf40::\""],\""KeyName\"":\""testkey\"",\""LaunchedAt\"":\""2018-09-29T01:25:54Z\"",\""MetadataOptions\"":{\""HttpEndpoint\"":\""enabled\"",\""HttpProtocolIpv6\"":\""enabled\"",\""HttpPutResponseHopLimit\"":1,\""HttpTokens\"":\""optional\"",\""InstanceMetadataTags\"":\""disabled\""},\""NetworkInterfaces\"":[{\""NetworkInterfaceId\"":\""eni-e5aa89a3\""}],\""SubnetId\"":\""PublicSubnet\"",\""Type\"":\""i3.xlarge\"",\""VirtualizationType\"":\""hvm\"",\""VpcId\"":\""TestVPCIpv6\""},\""Id\"":\""i-cafebabe\"",\""Partition\"":\""aws\"",\""Region\"":\""us-west-2\"",\""Tags\"":{\""billingCode\"":\""Lotus-1-2-3\"",\""needsPatching\"":\""true\""},\""Type\"":\""AwsEc2Instance\""}],\""Sample\"":true,\""SchemaVersion\"":\""2018-10-08\"",\""Severity\"":{\""Label\"":\""CRITICAL\"",\""Original\"":\""8.3\""},\""SourceUrl\"":\""http://threatintelweekly.org/backdoors/8888\"",\""ThreatIntelIndicators\"":[{\""Category\"":\""BACKDOOR\"",\""LastObservedAt\"":\""2018-09-27T23:37:31Z\"",\""Source\"":\""Threat Intel Weekly\"",\""SourceUrl\"":\""http://threatintelweekly.org/backdoors/8888\"",\""Type\"":\""IPV4_ADDRESS\"",\""Value\"":\""175.16.199.1\""}],\""Threats\"":[{\""FilePaths\"":[{\""FileName\"":\""b.txt\"",\""FilePath\"":\""/tmp/b.txt\"",\""Hash\"":\""sha256\"",\""ResourceId\"":\""arn:aws:ec2:us-west-2:123456789012:volume/vol-032f3bdd89aee112f\""}],\""ItemCount\"":3,\""Name\"":\""Iot.linux.mirai.vwisi\"",\""Severity\"":\""HIGH\""}],\""Title\"":\""EC2.20 Both VPN tunnels for an AWS Site-to-Site VPN connection should be up\"",\""Types\"":[\""Software and Configuration Checks/Vulnerabilities/CVE\""],\""UpdatedAt\"":\""2018-08-31T00:15:09Z\"",\""UserDefinedFields\"":{\""comeBackToLater\"":\""Check this again on Monday\"",\""reviewedByCio\"":\""true\""},\""VerificationState\"":\""UNKNOWN\"",\""Vulnerabilities\"":[{\""Cvss\"":[{\""BaseScore\"":4.7,\""BaseVector\"":\""AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\"",\""Version\"":\""V3\""},{\""BaseScore\"":4.7,\""BaseVector\"":\""AV:L/AC:M/Au:N/C:C/I:N/A:N\"",\""Version\"":\""V2\""}],\""Id\"":\""CVE-2020-12345\"",\""ReferenceUrls\"":[\""http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418\"",\""http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563\""],\""RelatedVulnerabilities\"":[\""CVE-2020-12345\""],\""Vendor\"":{\""Name\"":\""Alas\"",\""Url\"":\""https://alas.aws.amazon.com/ALAS-2020-1337.html\"",\""VendorCreatedAt\"":\""2020-01-16T00:01:43Z\"",\""VendorSeverity\"":\""Medium\"",\""VendorUpdatedAt\"":\""2020-01-16T00:01:43Z\""},\""VulnerablePackages\"":[{\""Architecture\"":\""x86_64\"",\""Epoch\"":\""1\"",\""Name\"":\""openssl\"",\""Release\"":\""16.amzn2.0.3\"",\""Version\"":\""1.0.2k\""}]}],\""Workflow\"":{\""Status\"":\""NEW\""},\""WorkflowState\"":\""NEW\""}"", ""type"": [""info""]}, ""input"": {""type"": ""httpjson""}, ""network"": {""direction"": ""IN"", ""protocol"": ""tcp""}, ""organization"": {""name"": ""AWS""}, ""process"": {""end"": ""2018-09-27T23:37:31.000Z"", ""executable"": ""/usr/sbin/syslogd"", ""name"": ""syslogd"", ""parent"": {""pid"": 56789}, ""pid"": 12345, ""start"": ""2018-09-27T22:37:31.000Z""}, ""related"": {""ip"": [""1.128.0.0"", ""2a02:cf40::""]}, ""source"": {""domain"": ""example1.com"", ""ip"": [""1.128.0.0"", ""2a02:cf40::""], ""mac"": ""00-0D-83-B1-C0-8E"", ""port"": 42}, ""tags"": [""preserve_original_event"", ""forwarded"", ""aws_securityhub_findings""], ""threat"": {""indicator"": {""last_seen"": ""2018-09-27T23:37:31.000Z"", ""type"": ""IPV4_ADDRESS""}}, ""url"": {""domain"": ""threatintelweekly.org"", ""full"": ""http://threatintelweekly.org/backdoors/8888"", ""original"": ""http://threatintelweekly.org/backdoors/8888"", ""path"": ""/backdoors/8888"", ""scheme"": ""http""}, ""vulnerability"": {""id"": ""CVE-2020-12345"", ""reference"": [""http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418"", ""http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563""], ""scanner"": {""vendor"": ""Alas""}, ""score"": {""base"": 4.7, ""version"": ""V2""}}}"
AWS Usage,https://docs.elastic.co/integrations/aws/usage,"{""@timestamp"": ""2022-07-25T20:50:00.000Z"", ""agent"": {""name"": ""docker-fleet-agent"", ""id"": ""2d4b09d0-cdb6-445e-ac3f-6415f87b9864"", ""type"": ""metricbeat"", ""ephemeral_id"": ""6bab70d4-84d9-411d-887c-f144d4244e78"", ""version"": ""8.3.2""}, ""elastic_agent"": {""id"": ""2d4b09d0-cdb6-445e-ac3f-6415f87b9864"", ""version"": ""8.3.2"", ""snapshot"": false}, ""cloud"": {""provider"": ""aws"", ""region"": ""eu-north-1"", ""account"": {""name"": ""elastic-beats"", ""id"": ""428152502467""}}, ""ecs"": {""version"": ""8.0.0""}, ""service"": {""type"": ""aws""}, ""data_stream"": {""namespace"": ""default"", ""type"": ""metrics"", ""dataset"": ""aws.usage""}, ""metricset"": {""period"": 60000, ""name"": ""cloudwatch""}, ""aws"": {""usage"": {""metrics"": {""CallCount"": {""sum"": 1}}}, ""cloudwatch"": {""namespace"": ""AWS/Usage""}, ""dimensions"": {""Type"": ""API"", ""Resource"": ""ListMetrics"", ""Service"": ""CloudWatch"", ""Class"": ""None""}}, ""event"": {""duration"": 1432082500, ""agent_id_status"": ""verified"", ""ingested"": ""2022-07-25T20:51:19Z"", ""module"": ""aws"", ""dataset"": ""aws.usage""}}"
Azure Application Insights Metrics Overview,https://docs.elastic.co/integrations/azure_application_insights,"{""agent"": {""hostname"": ""docker-fleet-agent"", ""name"": ""docker-fleet-agent"", ""id"": ""d979a8cf-ddeb-458f-9019-389414e0ab47"", ""ephemeral_id"": ""4162d5df-ab00-4c1b-b4f3-7db2e3b599d4"", ""type"": ""metricbeat"", ""version"": ""7.15.0""}, ""elastic_agent"": {""id"": ""d979a8cf-ddeb-458f-9019-389414e0ab47"", ""version"": ""7.15.0"", ""snapshot"": true}, ""cloud"": {""provider"": ""azure""}, ""@timestamp"": ""2021-08-23T14:37:42.268Z"", ""ecs"": {""version"": ""1.12.0""}, ""service"": {""type"": ""azure""}, ""data_stream"": {""namespace"": ""default"", ""type"": ""metrics"", ""dataset"": ""azure.app_insights""}, ""host"": {""hostname"": ""docker-fleet-agent"", ""os"": {""kernel"": ""4.19.128-microsoft-standard"", ""codename"": ""Core"", ""name"": ""CentOS Linux"", ""family"": ""redhat"", ""type"": ""linux"", ""version"": ""7 (Core)"", ""platform"": ""centos""}, ""containerized"": true, ""ip"": [""192.168.96.7""], ""name"": ""docker-fleet-agent"", ""id"": ""1642d255f9a32fc6926cddf21bb0d5d3"", ""mac"": [""02:42:c0:a8:60:07""], ""architecture"": ""x86_64""}, ""metricset"": {""period"": 300000, ""name"": ""app_insights""}, ""event"": {""duration"": 503187300, ""agent_id_status"": ""verified"", ""ingested"": ""2021-08-23T14:37:41Z"", ""module"": ""azure"", ""dataset"": ""azure.app_insights""}, ""azure"": {""app_insights"": {""end_date"": ""2021-08-23T14:37:42.268Z"", ""start_date"": ""2021-08-23T14:32:42.268Z""}, ""metrics"": {""requests_count"": {""sum"": 4}}, ""application_id"": ""42cb59a9-d5be-400b-a5c4-69b0a0026ac6"", ""dimensions"": {""request_name"": ""GET Home/Index"", ""request_url_host"": ""demoappobs.azurewebsites.net""}}}"
Azure Billing Metrics,https://docs.elastic.co/integrations/azure_billing,"{""agent"": {""hostname"": ""docker-fleet-agent"", ""name"": ""docker-fleet-agent"", ""id"": ""ac0aba17-80ba-472c-a850-25b8eee31b4a"", ""type"": ""metricbeat"", ""ephemeral_id"": ""00acbc2a-2f96-4c8a-99fe-790f724e9b9e"", ""version"": ""7.15.3""}, ""elastic_agent"": {""id"": ""ac0aba17-80ba-472c-a850-25b8eee31b4a"", ""version"": ""7.15.3"", ""snapshot"": true}, ""cloud"": {""instance"": {""name"": ""alextest223"", ""id"": ""/subscriptions/7657426d-c4c3-44ac-88a2-3b2cd59e6dba/resourceGroups/alex-test-resources/providers/Microsoft.Storage/storageAccounts/testthis""}, ""provider"": ""azure"", ""region"": ""CentralUS""}, ""@timestamp"": ""2021-11-16T14:53:50.309Z"", ""ecs"": {""version"": ""1.11.0""}, ""service"": {""type"": ""azure""}, ""data_stream"": {""namespace"": ""default"", ""type"": ""metrics"", ""dataset"": ""azure.billing""}, ""host"": {""hostname"": ""docker-fleet-agent"", ""os"": {""kernel"": ""4.19.128-microsoft-standard"", ""codename"": ""Core"", ""name"": ""CentOS Linux"", ""type"": ""linux"", ""family"": ""redhat"", ""version"": ""7 (Core)"", ""platform"": ""centos""}, ""containerized"": true, ""ip"": [""192.168.16.7""], ""name"": ""docker-fleet-agent"", ""id"": ""0e45dc0f765dee79aa8992abcd05b189"", ""mac"": [""02:42:c0:a8:10:07""], ""architecture"": ""x86_64""}, ""metricset"": {""period"": 86400000, ""name"": ""billing""}, ""event"": {""duration"": 37147626300, ""agent_id_status"": ""verified"", ""ingested"": ""2021-11-16T14:53:51Z"", ""module"": ""azure"", ""dataset"": ""azure.billing""}, ""azure"": {""subscription_id"": ""7657426d-c4c3-44ac-88a2-3b2cd59e6dba"", ""resource"": {""name"": ""testthis"", ""type"": ""Microsoft.Storage"", ""group"": ""alex-test-resources""}, ""billing"": {""product"": ""Bandwidth Inter-Region - Data Transfer Out - North America"", ""pretax_cost"": 2.327970961e-06, ""usage_start"": ""2021-11-15T00:00:00.000Z"", ""usage_end"": ""2021-11-15T23:59:59.000Z"", ""department_name"": ""DEpartment"", ""account_name"": ""R&D"", ""currency"": ""USD"", ""billing_period_id"": ""/subscriptions/7657426d-c4c3-44ac-88a2-3b2cd59e6dba/providers/Microsoft.Billing/billingPeriods/20211101""}}}"
Barracuda CloudGen Firewall Logs,https://docs.elastic.co/integrations/barracuda_cloudgen_firewall,"{""@timestamp"": ""2020-11-24T15:02:21.000Z"", ""agent"": {""ephemeral_id"": ""b620e757-d3b2-4b59-8c2b-cce4d2f17081"", ""id"": ""70e82165-776e-4b35-98b8-b0c9491f4b6e"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.5.0""}, ""barracuda_cloudgen_firewall"": {""log"": {""app_rule"": ""<App>:ALL-APPS"", ""fw_info"": 2007}}, ""data_stream"": {""dataset"": ""barracuda_cloudgen_firewall.log"", ""namespace"": ""ep"", ""type"": ""logs""}, ""destination"": {""address"": ""67.43.156.78"", ""as"": {""number"": 35908}, ""bytes"": 561503, ""geo"": {""continent_name"": ""Asia"", ""country_iso_code"": ""BT"", ""country_name"": ""Bhutan"", ""location"": {""lat"": 27.5, ""lon"": 90.5}}, ""ip"": ""67.43.156.78"", ""mac"": ""00-0C-29-00-D6-00"", ""nat"": {""ip"": ""67.43.156.100""}, ""packets"": 439, ""port"": 443}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""70e82165-776e-4b35-98b8-b0c9491f4b6e"", ""snapshot"": true, ""version"": ""8.5.0""}, ""event"": {""action"": ""End"", ""agent_id_status"": ""verified"", ""category"": [""network""], ""dataset"": ""barracuda_cloudgen_firewall.log"", ""duration"": -153934592, ""ingested"": ""2022-09-21T13:30:52Z"", ""kind"": ""event"", ""type"": [""end""]}, ""input"": {""type"": ""lumberjack""}, ""labels"": {""origin_address"": ""172.20.0.4:34752""}, ""network"": {""community_id"": ""1:HGU1tX9W2VUF5ND2ey3X6Niv/AQ="", ""iana_number"": ""6"", ""transport"": ""tcp"", ""type"": ""ipv4""}, ""observer"": {""egress"": {""interface"": {""name"": ""eth0""}}, ""hostname"": ""cgf-scout-int"", ""ingress"": {""interface"": {""name"": ""eth0""}}, ""product"": ""ngfw"", ""serial_number"": ""4f94abdf7a8c465fa2cd76f680ecafd1"", ""type"": ""firewall"", ""vendor"": ""Barracuda""}, ""related"": {""ip"": [""10.17.35.171"", ""67.43.156.78""]}, ""rule"": {""name"": ""BOX-LAN-2-INTERNET""}, ""source"": {""address"": ""10.17.35.171"", ""bytes"": 7450, ""ip"": ""10.17.35.171"", ""mac"": ""00-0C-29-9A-0A-78"", ""nat"": {""ip"": ""10.17.35.175""}, ""packets"": 129, ""port"": 40532}, ""tags"": [""barracuda_cloudgen_firewall-log"", ""forwarded""]}"
Bravura Monitor,https://docs.elastic.co/integrations/hid_bravura_monitor,"{""@timestamp"": ""2021-01-16T00:35:25.258Z"", ""agent"": {""ephemeral_id"": ""fa387b80-fca3-4488-ac1b-460792f3a8ea"", ""id"": ""02ab444e-ca97-437b-85dc-d580f055047c"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.1.0""}, ""data_stream"": {""dataset"": ""hid_bravura_monitor.log"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""02ab444e-ca97-437b-85dc-d580f055047c"", ""snapshot"": false, ""version"": ""8.1.0""}, ""event"": {""agent_id_status"": ""verified"", ""dataset"": ""hid_bravura_monitor.log"", ""ingested"": ""2022-11-22T08:13:24Z"", ""original"": ""\u00182021-01-16 00:35:25.258.7085 - [] pamlws.exe [44408,52004] Error: LWS [HID-TEST] foundcomputer record not found"", ""timezone"": ""UTC""}, ""hid_bravura_monitor"": {""environment"": ""PRODUCTION"", ""instancename"": ""default"", ""instancetype"": ""Privilege-Identity-Password"", ""node"": ""docker-fleet-agent""}, ""host"": {""architecture"": ""x86_64"", ""containerized"": false, ""hostname"": ""docker-fleet-agent"", ""ip"": [""172.29.0.7""], ""mac"": [""02:42:ac:1d:00:07""], ""name"": ""docker-fleet-agent"", ""os"": {""codename"": ""focal"", ""family"": ""debian"", ""kernel"": ""5.10.104-linuxkit"", ""name"": ""Ubuntu"", ""platform"": ""ubuntu"", ""type"": ""linux"", ""version"": ""20.04.3 LTS (Focal Fossa)""}}, ""input"": {""type"": ""filestream""}, ""log"": {""file"": {""path"": ""/tmp/service_logs/hid_bravura_monitor.log""}, ""level"": ""Error"", ""logger"": ""pamlws.exe"", ""offset"": 218}, ""message"": ""LWS [HID-TEST] foundcomputer record not found"", ""process"": {""pid"": 44408, ""thread"": {""id"": 52004}}, ""tags"": [""preserve_original_event""], ""user"": {""id"": """"}}"
Cisco ISE,https://docs.elastic.co/integrations/cisco_ise,"{""@timestamp"": ""2020-02-21T19:13:08.328Z"", ""agent"": {""ephemeral_id"": ""88645c33-21f7-47a1-a1e6-b4a53f32ec43"", ""id"": ""94011a8e-8b26-4bce-a627-d54316798b52"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.6.0""}, ""cisco_ise"": {""log"": {""acct"": {""request"": {""flags"": ""Stop""}}, ""acs"": {""session"": {""id"": ""ldnnacpsn1/359344348/952729""}}, ""authen_method"": ""TacacsPlus"", ""avpair"": {""priv_lvl"": 15, ""start_time"": ""2020-03-26T01:17:12.000Z"", ""task_id"": ""2962"", ""timezone"": ""GMT""}, ""category"": {""name"": ""CISE_TACACS_Accounting""}, ""cmdset"": ""[ CmdAV=show mac-address-table <cr> ]"", ""config_version"": {""id"": 1829}, ""cpm"": {""session"": {""id"": ""81.2.69.144Accounting306034364""}}, ""device"": {""type"": [""Device Type#All Device Types#Routers"", ""Device Type#All Device Types#Routers""]}, ""ipsec"": [""IPSEC#Is IPSEC Device"", ""IPSEC#Is IPSEC Device""], ""location"": [""Location#All Locations#EMEA"", ""Location#All Locations#EMEA""], ""message"": {""code"": ""3300"", ""description"": ""Tacacs-Accounting: TACACS+ Accounting with Command"", ""id"": ""0000000001""}, ""model"": {""name"": ""Unknown""}, ""network"": {""device"": {""groups"": [""Location#All Locations#EMEA"", ""Device Type#All Device Types#Routers"", ""IPSEC#Is IPSEC Device""], ""name"": ""wlnwan1"", ""profile"": [""Cisco"", ""Cisco""]}}, ""port"": ""tty10"", ""privilege"": {""level"": 15}, ""request"": {""latency"": 1}, ""response"": {""AcctReply-Status"": ""Success""}, ""segment"": {""number"": 0, ""total"": 4}, ""selected"": {""access"": {""service"": ""Device Admin - TACACS""}}, ""service"": {""argument"": ""shell"", ""name"": ""Login""}, ""software"": {""version"": ""Unknown""}, ""step"": [""13006"", ""15049"", ""15008"", ""15048"", ""13035""], ""type"": ""Accounting""}}, ""client"": {""ip"": ""81.2.69.144""}, ""data_stream"": {""dataset"": ""cisco_ise.log"", ""namespace"": ""ep"", ""type"": ""logs""}, ""destination"": {""ip"": ""81.2.69.144""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""94011a8e-8b26-4bce-a627-d54316798b52"", ""snapshot"": true, ""version"": ""8.6.0""}, ""event"": {""action"": ""tacacs-accounting"", ""agent_id_status"": ""verified"", ""category"": [""configuration""], ""dataset"": ""cisco_ise.log"", ""ingested"": ""2023-01-13T12:14:37Z"", ""kind"": ""event"", ""sequence"": 18415781, ""timezone"": ""+00:00"", ""type"": [""info""]}, ""host"": {""hostname"": ""cisco-ise-host""}, ""input"": {""type"": ""udp""}, ""log"": {""level"": ""notice"", ""source"": {""address"": ""172.27.0.4:59237""}, ""syslog"": {""priority"": 182, ""severity"": {""name"": ""notice""}}}, ""message"": ""2020-02-21 19:13:08.328 +00:00 0018415781 3300 NOTICE Tacacs-Accounting: TACACS+ Accounting with Command, ConfigVersionId=1829, Device IP Address=81.2.69.144, CmdSet=[ CmdAV=show mac-address-table <cr> ], RequestLatency=1, NetworkDeviceName=wlnwan1, Type=Accounting, Privilege-Level=15, Service=Login, User=psxvne, Port=tty10, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair=task_id=2962, AVPair=timezone=GMT, AVPair=start_time=1585185432, AVPair=priv-lvl=15, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/952729, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Routers, NetworkDeviceGroups=IPSEC#Is IPSEC Device, CPMSessionID=81.2.69.144Accounting306034364, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Routers, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Routers, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }"", ""related"": {""hosts"": [""cisco-ise-host""], ""ip"": [""81.2.69.144""], ""user"": [""psxvne""]}, ""tags"": [""forwarded"", ""cisco_ise-log""], ""user"": {""name"": ""psxvne""}}"
Cisco Secure Email Gateway,https://docs.elastic.co/integrations/cisco_secure_email_gateway,"{""@timestamp"": ""2023-03-17T18:24:37.000Z"", ""agent"": {""ephemeral_id"": ""4e9fd9b0-5de2-40cd-83b6-9f71ce5aa238"", ""id"": ""ffb5b53a-4f77-4103-afe1-2d02bcc1a0cb"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.6.0""}, ""cisco_secure_email_gateway"": {""log"": {""category"": {""name"": ""amp""}, ""message"": ""File reputation query initiating. File Name = 'mod-6.exe', MID = 5, File Size = 1673216 bytes, File Type = application/x-dosexec""}}, ""data_stream"": {""dataset"": ""cisco_secure_email_gateway.log"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""ffb5b53a-4f77-4103-afe1-2d02bcc1a0cb"", ""snapshot"": false, ""version"": ""8.6.0""}, ""email"": {""attachments"": {""file"": {""name"": ""mod-6.exe"", ""size"": 1673216}}, ""content_type"": ""application/x-dosexec"", ""message_id"": ""5""}, ""event"": {""agent_id_status"": ""verified"", ""dataset"": ""cisco_secure_email_gateway.log"", ""ingested"": ""2023-01-31T06:32:29Z"", ""kind"": ""event""}, ""input"": {""type"": ""udp""}, ""log"": {""level"": ""info"", ""source"": {""address"": ""192.168.144.1:59695""}, ""syslog"": {""priority"": 166}}, ""tags"": [""forwarded"", ""cisco_secure_email_gateway-log""]}"
CockroachDB Metrics,https://docs.elastic.co/integrations/cockroachdb,"{""@timestamp"": ""2022-09-06T09:50:54.422Z"", ""agent"": {""ephemeral_id"": ""4002fdcf-5421-491e-90b0-4b0229592d88"", ""id"": ""19de6249-945f-46da-9464-383664c3adaf"", ""name"": ""docker-fleet-agent"", ""type"": ""metricbeat"", ""version"": ""8.4.0""}, ""cockroachdb"": {""status"": {""abortspanbytes"": {""value"": 0}, ""addsstable_applications"": {""counter"": 0}, ""addsstable_aswrites"": {""counter"": 0}, ""addsstable_copies"": {""counter"": 0}, ""addsstable_delay_enginebackpressure"": {""counter"": 0}, ""addsstable_delay_total"": {""counter"": 0}, ""addsstable_proposals"": {""counter"": 0}, ""capacity"": {""value"": 0}, ""capacity_available"": {""value"": 0}, ""capacity_reserved"": {""value"": 0}, ""capacity_used"": {""value"": 0}, ""exportrequest_delay_total"": {""counter"": 0}, ""follower_reads_success_count"": {""counter"": 0}, ""gcbytesage"": {""value"": 0}, ""intentage"": {""value"": 0}, ""intentbytes"": {""value"": 0}, ""intentcount"": {""value"": 0}, ""intentresolver_async_throttled"": {""counter"": 0}, ""intentresolver_finalized_txns_failed"": {""counter"": 0}, ""intentresolver_intents_failed"": {""counter"": 0}, ""intents_abort_attempts"": {""counter"": 0}, ""intents_poison_attempts"": {""counter"": 0}, ""intents_resolve_attempts"": {""counter"": 54}, ""keybytes"": {""value"": 82632}, ""keycount"": {""value"": 1680}, ""kv_allocator_load_based_lease_transfers_cannot_find_better_candidate"": {""counter"": 0}, ""kv_allocator_load_based_lease_transfers_delta_not_significant"": {""counter"": 0}, ""kv_allocator_load_based_lease_transfers_existing_not_overfull"": {""counter"": 0}, ""kv_allocator_load_based_lease_transfers_missing_stats_for_existing_stores"": {""counter"": 0}, ""kv_allocator_load_based_lease_transfers_should_transfer"": {""counter"": 0}, ""kv_allocator_load_based_lease_transfers_significantly_switches_relative_disposition"": {""counter"": 0}, ""kv_allocator_load_based_replica_rebalancing_cannot_find_better_candidate"": {""counter"": 0}, ""kv_allocator_load_based_replica_rebalancing_delta_not_significant"": {""counter"": 0}, ""kv_allocator_load_based_replica_rebalancing_existing_not_overfull"": {""counter"": 0}, ""kv_allocator_load_based_replica_rebalancing_missing_stats_for_existing_store"": {""counter"": 0}, ""kv_allocator_load_based_replica_rebalancing_should_transfer"": {""counter"": 0}, ""kv_allocator_load_based_replica_rebalancing_significantly_switches_relative_disposition"": {""counter"": 0}, ""kv_closed_timestamp_max_behind_nanos"": {""value"": 0}, ""kv_concurrency_avg_lock_hold_duration_nanos"": {""value"": 0}, ""kv_concurrency_avg_lock_wait_duration_nanos"": {""value"": 0}, ""kv_concurrency_lock_wait_queue_waiters"": {""value"": 0}, ""kv_concurrency_locks"": {""value"": 0}, ""kv_concurrency_locks_with_wait_queues"": {""value"": 0}, ""kv_concurrency_max_lock_hold_duration_nanos"": {""value"": 0}, ""kv_concurrency_max_lock_wait_duration_nanos"": {""value"": 0}, ""kv_concurrency_max_lock_wait_queue_waiters_for_lock"": {""value"": 0}, ""kv_rangefeed_budget_allocation_blocked"": {""counter"": 0}, ""kv_rangefeed_budget_allocation_failed"": {""counter"": 0}, ""kv_rangefeed_catchup_scan_nanos"": {""counter"": 4840834}, ""kv_replica_circuit_breaker_num_tripped_events"": {""counter"": 0}, ""kv_replica_circuit_breaker_num_tripped_replicas"": {""value"": 0}, ""kv_tenant_rate_limit_current_blocked"": {""value"": 0}, ""kv_tenant_rate_limit_num_tenants"": {""value"": 0}, ""kv_tenant_rate_limit_read_bytes_admitted"": {""counter"": 0}, ""kv_tenant_rate_limit_read_requests_admitted"": {""counter"": 0}, ""kv_tenant_rate_limit_write_bytes_admitted"": {""counter"": 0}, ""kv_tenant_rate_limit_write_requests_admitted"": {""counter"": 0}, ""labels"": {""instance"": ""elastic-package-service_cockroachdb_1:8080"", ""job"": ""prometheus"", ""store"": ""1""}, ""leases_epoch"": {""value"": 0}, ""leases_error"": {""counter"": 0}, ""leases_expiration"": {""value"": 0}, ""leases_success"": {""counter"": 28}, ""leases_transfers_error"": {""counter"": 0}, ""leases_transfers_success"": {""counter"": 0}, ""livebytes"": {""value"": 248040}, ""livecount"": {""value"": 1679}, ""queue_consistency_pending"": {""value"": 0}, ""queue_consistency_process_failure"": {""counter"": 0}, ""queue_consistency_process_success"": {""counter"": 9}, ""queue_consistency_processingnanos"": {""counter"": 490621584}, ""queue_gc_info_abortspanconsidered"": {""counter"": 0}, ""queue_gc_info_abortspangcnum"": {""counter"": 0}, ""queue_gc_info_abortspanscanned"": {""counter"": 0}, ""queue_gc_info_intentsconsidered"": {""counter"": 0}, ""queue_gc_info_intenttxns"": {""counter"": 0}, ""queue_gc_info_numkeysaffected"": {""counter"": 0}, ""queue_gc_info_pushtxn"": {""counter"": 0}, ""queue_gc_info_resolvefailed"": {""counter"": 0}, ""queue_gc_info_resolvesuccess"": {""counter"": 0}, ""queue_gc_info_resolvetotal"": {""counter"": 0}, ""queue_gc_info_transactionresolvefailed"": {""counter"": 0}, ""queue_gc_info_transactionspangcaborted"": {""counter"": 0}, ""queue_gc_info_transactionspangccommitted"": {""counter"": 0}, ""queue_gc_info_transactionspangcpending"": {""counter"": 0}, ""queue_gc_info_transactionspangcstaging"": {""counter"": 0}, ""queue_gc_info_transactionspanscanned"": {""counter"": 0}, ""queue_gc_pending"": {""value"": 0}, ""queue_gc_process_failure"": {""counter"": 0}, ""queue_gc_process_success"": {""counter"": 0}, ""queue_gc_processingnanos"": {""counter"": 0}, ""queue_merge_pending"": {""value"": 41}, ""queue_merge_process_failure"": {""counter"": 0}, ""queue_merge_process_success"": {""counter"": 0}, ""queue_merge_processingnanos"": {""counter"": 21611042}, ""queue_merge_purgatory"": {""value"": 0}, ""queue_raftlog_pending"": {""value"": 0}, ""queue_raftlog_process_failure"": {""counter"": 0}, ""queue_raftlog_process_success"": {""counter"": 3}, ""queue_raftlog_processingnanos"": {""counter"": 48402543}, ""queue_raftsnapshot_pending"": {""value"": 0}, ""queue_raftsnapshot_process_failure"": {""counter"": 0}, ""queue_raftsnapshot_process_success"": {""counter"": 0}, ""queue_raftsnapshot_processingnanos"": {""counter"": 0}, ""queue_replicagc_pending"": {""value"": 0}, ""queue_replicagc_process_failure"": {""counter"": 0}, ""queue_replicagc_process_success"": {""counter"": 0}, ""queue_replicagc_processingnanos"": {""counter"": 0}, ""queue_replicagc_removereplica"": {""counter"": 0}, ""queue_replicate_addnonvoterreplica"": {""counter"": 0}, ""queue_replicate_addreplica"": {""counter"": 0}, ""queue_replicate_addvoterreplica"": {""counter"": 0}, ""queue_replicate_nonvoterpromotions"": {""counter"": 0}, ""queue_replicate_pending"": {""value"": 0}, ""queue_replicate_process_failure"": {""counter"": 26}, ""queue_replicate_process_success"": {""counter"": 0}, ""queue_replicate_processingnanos"": {""counter"": 157329207}, ""queue_replicate_purgatory"": {""value"": 24}, ""queue_replicate_rebalancenonvoterreplica"": {""counter"": 0}, ""queue_replicate_rebalancereplica"": {""counter"": 0}, ""queue_replicate_rebalancevoterreplica"": {""counter"": 0}, ""queue_replicate_removedeadnonvoterreplica"": {""counter"": 0}, ""queue_replicate_removedeadreplica"": {""counter"": 0}, ""queue_replicate_removedeadvoterreplica"": {""counter"": 0}, ""queue_replicate_removedecommissioningnonvoterreplica"": {""counter"": 0}, ""queue_replicate_removedecommissioningreplica"": {""counter"": 0}, ""queue_replicate_removedecommissioningvoterreplica"": {""counter"": 0}, ""queue_replicate_removelearnerreplica"": {""counter"": 0}, ""queue_replicate_removenonvoterreplica"": {""counter"": 0}, ""queue_replicate_removereplica"": {""counter"": 0}, ""queue_replicate_removevoterreplica"": {""counter"": 0}, ""queue_replicate_transferlease"": {""counter"": 0}, ""queue_replicate_voterdemotions"": {""counter"": 0}, ""queue_split_pending"": {""value"": 0}, ""queue_split_process_failure"": {""counter"": 0}, ""queue_split_process_success"": {""counter"": 0}, ""queue_split_processingnanos"": {""counter"": 0}, ""queue_split_purgatory"": {""value"": 0}, ""queue_tsmaintenance_pending"": {""value"": 0}, ""queue_tsmaintenance_process_failure"": {""counter"": 0}, ""queue_tsmaintenance_process_success"": {""counter"": 1}, ""queue_tsmaintenance_processingnanos"": {""counter"": 33299709}, ""raft_commandsapplied"": {""counter"": 330}, ""raft_enqueued_pending"": {""value"": 0}, ""raft_entrycache_accesses"": {""counter"": 55}, ""raft_entrycache_bytes"": {""value"": 131713}, ""raft_entrycache_hits"": {""counter"": 3}, ""raft_entrycache_size"": {""value"": 300}, ""raft_heartbeats_pending"": {""value"": 0}, ""raft_process_applycommitted_latency"": {""histogram"": {""counts"": [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], ""values"": [27647.5, 78847, 106495, 112639, 116735, 122879, 133119, 143359, 151551, 159743, 167935, 176127, 184319, 192511, 200703, 208895, 217087, 225279, 233471, 241663, 249855, 258047, 270335, 286719, 303103, 319487, 335871, 352255, 368639, 385023, 401407, 417791, 434175, 450559, 466943, 483327, 499711, 516095, 540671, 573439, 606207, 655359, 704511, 753663, 802815, 835583, 868351, 901119, 933887, 966655, 1015807, 1081343, 1146879, 1212415, 1277951, 1441791, 1638399, 1769471, 1933311, 2129919, 2293759, 2490367, 2818047, 3080191, 3407871, 3932159, 4456447, 4980735, 5373951, 5898239, 7077887, 11010047, 14417919, 16252927, 18350079, 21495807, 25690111, 27787263, 28835839, 30408703]}}, ""raft_process_commandcommit_latency"": {""histogram"": {""counts"": [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], ""values"": [21503.5, 48127, 63487, 75775, 79871, 83967, 88063, 92159, 96255, 100351, 104447, 108543, 112639, 116735, 120831, 124927, 129023, 135167, 143359, 151551, 159743, 167935, 176127, 184319, 192511, 200703, 208895, 217087, 225279, 233471, 241663, 249855, 258047, 270335, 286719, 303103, 319487, 335871, 352255, 368639, 385023, 401407, 417791, 434175, 450559, 466943, 483327, 507903, 540671, 573439, 622591, 671743, 704511, 737279, 802815, 868351, 901119, 933887, 983039, 1097727, 1245183, 1507327, 2097151, 3014655, 3670015, 4259839, 4980735, 5373951, 5636095, 8912895, 13369343, 15728639, 17825791, 23068671, 28311551, 31457279]}}, ""raft_process_handleready_latency"": {""histogram"": {""counts"": [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], ""values"": [376831.5, 999423, 1277951, 1343487, 1409023, 1474559, 1540095, 1605631, 1671167, 1736703, 1802239, 1867775, 1933311, 1998847, 2064383, 2162687, 2293759, 2424831, 2555903, 2686975, 2818047, 2949119, 3080191, 3211263, 3342335, 3473407, 3604479, 3735551, 3866623, 3997695, 4128767, 4325375, 4587519, 4849663, 5111807, 5373951, 5636095, 5898239, 6160383, 6422527, 6815743, 7208959, 7602175, 7995391, 8257535, 8650751, 9175039, 9699327, 11534335, 13369343, 14155775, 15728639, 17301503, 20447231, 24117247, 28835839, 37224447, 42991615, 48234495, 66060287, 90177535, 117440511, 155189247, 218103807]}}, ""raft_process_logcommit_latency"": {""histogram"": {""counts"": [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], ""values"": [376831.5, 819199, 901119, 933887, 966655, 999423, 1032191, 1081343, 1146879, 1212415, 1277951, 1343487, 1409023, 1474559, 1540095, 1605631, 1671167, 1736703, 1802239, 1867775, 1933311, 1998847, 2064383, 2162687, 2293759, 2424831, 2555903, 2686975, 2818047, 2949119, 3080191, 3211263, 3342335, 3473407, 3604479, 3735551, 3866623, 3997695, 4128767, 4325375, 4587519, 4849663, 5111807, 5373951, 5898239, 6422527, 6684671, 6946815, 7471103, 8650751, 9699327, 11010047, 12320767, 13631487, 14942207, 15466495, 19398655, 36700159, 75497471, 117440511, 138412031, 150994943]}}, ""raft_process_tickingnanos"": {""counter"": 18037084}, ""raft_process_workingnanos"": {""counter"": 1726085499}, ""raft_rcvd_app"": {""counter"": 0}, ""raft_rcvd_appresp"": {""counter"": 0}, ""raft_rcvd_dropped"": {""counter"": 0}, ""raft_rcvd_heartbeat"": {""counter"": 0}, ""raft_rcvd_heartbeatresp"": {""counter"": 0}, ""raft_rcvd_prevote"": {""counter"": 0}, ""raft_rcvd_prevoteresp"": {""counter"": 0}, ""raft_rcvd_prop"": {""counter"": 0}, ""raft_rcvd_snap"": {""counter"": 0}, ""raft_rcvd_timeoutnow"": {""counter"": 0}, ""raft_rcvd_transferleader"": {""counter"": 0}, ""raft_rcvd_vote"": {""counter"": 0}, ""raft_rcvd_voteresp"": {""counter"": 0}, ""raft_scheduler_latency"": {""histogram"": {""counts"": [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], ""values"": [4095.5, 11519, 17151, 19967, 20991, 22015, 23039, 24575, 26111, 27135, 28159, 29183, 30207, 31231, 32255, 33791, 35839, 37887, 39935, 41983, 44031, 46079, 48127, 50175, 52223, 54271, 56319, 58367, 60415, 62463, 64511, 67583, 71679, 75775, 79871, 83967, 88063, 92159, 96255, 104447, 112639, 116735, 120831, 124927, 129023, 135167, 143359, 151551, 159743, 167935, 176127, 184319, 192511, 200703, 208895, 217087, 225279, 233471, 241663, 249855, 266239, 286719, 303103, 319487, 335871, 352255, 368639, 393215, 425983, 450559, 466943, 483327, 540671, 606207, 655359, 704511, 737279, 770047, 819199, 868351, 933887, 1015807, 1081343, 1179647, 1277951, 1343487, 1409023, 1474559, 1540095, 1605631, 1671167, 1736703, 1802239, 1867775, 1933311, 1998847, 2064383, 2162687, 2293759, 2424831, 2555903, 2686975, 2818047, 2949119, 3342335, 3735551, 3932159, 4259839, 4849663, 5373951, 5636095, 5898239, 6160383, 6553599, 7077887, 9437183, 14155775, 71303167, 146800639, 209715199]}}, ""raft_ticks"": {""counter"": 45}, ""raft_timeoutcampaign"": {""counter"": 0}, ""raftlog_behind"": {""value"": 0}, ""raftlog_truncated"": {""counter"": 30}, ""range_adds"": {""counter"": 0}, ""range_merges"": {""counter"": 0}, ""range_raftleadertransfers"": {""counter"": 0}, ""range_recoveries"": {""counter"": 0}, ""range_removes"": {""counter"": 0}, ""range_snapshots_applied_initial"": {""counter"": 0}, ""range_snapshots_applied_non_voter"": {""counter"": 0}, ""range_snapshots_applied_voter"": {""counter"": 0}, ""range_snapshots_generated"": {""counter"": 0}, ""range_snapshots_rcvd_bytes"": {""counter"": 0}, ""range_snapshots_sent_bytes"": {""counter"": 0}, ""range_splits"": {""counter"": 0}, ""ranges"": {""value"": 0}, ""ranges_overreplicated"": {""value"": 0}, ""ranges_unavailable"": {""value"": 0}, ""ranges_underreplicated"": {""value"": 0}, ""rebalancing_lease_transfers"": {""counter"": 0}, ""rebalancing_queriespersecond"": {""value"": 0}, ""rebalancing_range_rebalances"": {""counter"": 0}, ""rebalancing_writespersecond"": {""value"": 0}, ""replicas"": {""value"": 44}, ""replicas_leaders"": {""value"": 0}, ""replicas_leaders_not_leaseholders"": {""value"": 0}, ""replicas_leaseholders"": {""value"": 0}, ""replicas_quiescent"": {""value"": 0}, ""replicas_reserved"": {""value"": 0}, ""replicas_uninitialized"": {""value"": 0}, ""requests_backpressure_split"": {""value"": 0}, ""requests_slow_latch"": {""value"": 0}, ""requests_slow_lease"": {""value"": 0}, ""requests_slow_raft"": {""value"": 0}, ""rocksdb_block_cache_hits"": {""value"": 0}, ""rocksdb_block_cache_misses"": {""value"": 0}, ""rocksdb_block_cache_pinned_usage"": {""value"": 0}, ""rocksdb_block_cache_usage"": {""value"": 0}, ""rocksdb_bloom_filter_prefix_checked"": {""value"": 0}, ""rocksdb_bloom_filter_prefix_useful"": {""value"": 0}, ""rocksdb_compacted_bytes_read"": {""value"": 0}, ""rocksdb_compacted_bytes_written"": {""value"": 0}, ""rocksdb_compactions"": {""value"": 0}, ""rocksdb_encryption_algorithm"": {""value"": 0}, ""rocksdb_estimated_pending_compaction"": {""value"": 0}, ""rocksdb_flushed_bytes"": {""value"": 0}, ""rocksdb_flushes"": {""value"": 0}, ""rocksdb_ingested_bytes"": {""value"": 0}, ""rocksdb_memtable_total_size"": {""value"": 0}, ""rocksdb_num_sstables"": {""value"": 0}, ""rocksdb_read_amplification"": {""value"": 0}, ""rocksdb_table_readers_mem_estimate"": {""value"": 0}, ""storage_disk_slow"": {""value"": 0}, ""storage_disk_stalled"": {""value"": 0}, ""storage_l0_num_files"": {""value"": 0}, ""storage_l0_sublevels"": {""value"": 0}, ""storage_marked_for_compaction_files"": {""value"": 0}, ""storage_write_stalls"": {""value"": 0}, ""sysbytes"": {""value"": 8716}, ""syscount"": {""value"": 212}, ""totalbytes"": {""value"": 250992}, ""tscache_skl_pages"": {""value"": 1}, ""tscache_skl_rotations"": {""counter"": 0}, ""txn_commit_waits_before_commit_trigger"": {""counter"": 0}, ""txnrecovery_attempts_pending"": {""value"": 0}, ""txnrecovery_attempts_total"": {""counter"": 0}, ""txnrecovery_failures"": {""counter"": 0}, ""txnrecovery_successes_aborted"": {""counter"": 0}, ""txnrecovery_successes_committed"": {""counter"": 0}, ""txnrecovery_successes_pending"": {""counter"": 0}, ""txnwaitqueue_deadlocks_total"": {""counter"": 0}, ""txnwaitqueue_pushee_waiting"": {""value"": 0}, ""txnwaitqueue_pusher_slow"": {""value"": 0}, ""txnwaitqueue_pusher_wait_time"": {""histogram"": {""counts"": [0], ""values"": [0]}}, ""txnwaitqueue_pusher_waiting"": {""value"": 0}, ""txnwaitqueue_query_wait_time"": {""histogram"": {""counts"": [0], ""values"": [0]}}, ""txnwaitqueue_query_waiting"": {""value"": 0}, ""valbytes"": {""value"": 168360}, ""valcount"": {""value"": 1750}}}, ""data_stream"": {""dataset"": ""cockroachdb.status"", ""namespace"": ""ep"", ""type"": ""metrics""}, ""ecs"": {""version"": ""8.5.1""}, ""elastic_agent"": {""id"": ""19de6249-945f-46da-9464-383664c3adaf"", ""snapshot"": false, ""version"": ""8.4.0""}, ""event"": {""agent_id_status"": ""verified"", ""dataset"": ""cockroachdb.status"", ""duration"": 248296459, ""ingested"": ""2022-09-06T09:50:55Z"", ""module"": ""prometheus""}, ""host"": {""architecture"": ""x86_64"", ""containerized"": false, ""hostname"": ""docker-fleet-agent"", ""id"": ""5016511f0829451ea244f458eebf2212"", ""ip"": [""172.18.0.7""], ""mac"": [""02:42:ac:12:00:07""], ""name"": ""docker-fleet-agent"", ""os"": {""codename"": ""focal"", ""family"": ""debian"", ""kernel"": ""5.10.104-linuxkit"", ""name"": ""Ubuntu"", ""platform"": ""ubuntu"", ""type"": ""linux"", ""version"": ""20.04.4 LTS (Focal Fossa)""}}, ""metricset"": {""name"": ""collector"", ""period"": 10000}, ""service"": {""address"": ""http://elastic-package-service_cockroachdb_1:8080/_status/vars"", ""type"": ""prometheus""}}"
Couchbase,https://docs.elastic.co/integrations/couchbase,"{""@timestamp"": ""2022-09-22T09:52:54.159Z"", ""agent"": {""ephemeral_id"": ""7a05dbed-39c2-48ba-a54c-9c08ad6d571a"", ""id"": ""e9b62dba-64d7-428d-8d75-88f57c77d423"", ""name"": ""docker-fleet-agent"", ""type"": ""metricbeat"", ""version"": ""8.4.1""}, ""couchbase"": {""bucket"": {""data"": {""used"": {""bytes"": 103804}}, ""disk"": {""fetches"": 0, ""used"": {""bytes"": 2005443}}, ""item"": {""count"": 0}, ""memory"": {""used"": {""bytes"": 28202560}}, ""name"": ""beer-sample"", ""operations_per_sec"": 0, ""ram"": {""quota"": {""bytes"": 209715200, ""used"": {""pct"": 13.44802856445312}}}, ""type"": ""membase""}}, ""data_stream"": {""dataset"": ""couchbase.bucket"", ""namespace"": ""ep"", ""type"": ""metrics""}, ""ecs"": {""version"": ""8.5.1""}, ""elastic_agent"": {""id"": ""e9b62dba-64d7-428d-8d75-88f57c77d423"", ""snapshot"": false, ""version"": ""8.4.1""}, ""event"": {""agent_id_status"": ""verified"", ""category"": [""database""], ""dataset"": ""couchbase.bucket"", ""duration"": 205027230, ""ingested"": ""2022-09-22T09:52:57Z"", ""kind"": ""metric"", ""module"": ""couchbase"", ""type"": [""info""]}, ""host"": {""architecture"": ""x86_64"", ""containerized"": true, ""hostname"": ""docker-fleet-agent"", ""id"": ""51511c1493f34922b559a964798246ec"", ""ip"": [""192.168.128.7""], ""mac"": [""02:42:c0:a8:80:07""], ""name"": ""docker-fleet-agent"", ""os"": {""codename"": ""focal"", ""family"": ""debian"", ""kernel"": ""5.4.0-126-generic"", ""name"": ""Ubuntu"", ""platform"": ""ubuntu"", ""type"": ""linux"", ""version"": ""20.04.4 LTS (Focal Fossa)""}}, ""metricset"": {""name"": ""json"", ""period"": 10000}, ""service"": {""address"": ""http://elastic-package-service_couchbase_1:8091/pools/default/buckets"", ""type"": ""http""}, ""tags"": [""forwarded"", ""couchbase-bucket""]}"
Custom Journald logs,https://docs.elastic.co/integrations/journald,"{""@timestamp"": ""2020-07-22T13:17:10.012Z"", ""agent"": {""ephemeral_id"": ""27e2a00a-dab2-4790-8d45-29ad272d0392"", ""id"": ""bef8099b-68f6-4621-8089-2229b35a669d"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.3.2""}, ""data_stream"": {""dataset"": ""journald.log"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.0.0""}, ""elastic_agent"": {""id"": ""bef8099b-68f6-4621-8089-2229b35a669d"", ""snapshot"": false, ""version"": ""8.3.2""}, ""event"": {""agent_id_status"": ""verified"", ""code"": ""ec387f577b844b8fa948f33cad9a75e6"", ""created"": ""2022-08-18T18:14:11.588Z"", ""dataset"": ""journald.log"", ""ingested"": ""2022-08-18T18:14:15Z"", ""kind"": ""event""}, ""host"": {""hostname"": ""sleipnir"", ""id"": ""505afdafda3b4f33a63749ae39284742""}, ""input"": {""type"": ""journald""}, ""journald"": {""custom"": {""available"": ""0"", ""available_pretty"": ""0B"", ""current_use"": ""1023455232"", ""current_use_pretty"": ""976.0M"", ""disk_available"": ""6866636800"", ""disk_available_pretty"": ""6.3G"", ""disk_keep_free"": ""1466253312"", ""disk_keep_free_pretty"": ""1.3G"", ""journal_name"": ""System journal"", ""journal_path"": ""/var/log/journal/505afdafda3b4f33a63749ae39284742"", ""limit"": ""977502208"", ""limit_pretty"": ""932.2M"", ""max_use"": ""977502208"", ""max_use_pretty"": ""932.2M""}, ""gid"": 0, ""host"": {""boot_id"": ""fa3c2e3080dc4cd5be5cb5a43e140d51""}, ""pid"": 19317, ""process"": {""capabilities"": ""25402800cf"", ""command_line"": ""/lib/systemd/systemd-journald"", ""executable"": ""/lib/systemd/systemd-journald"", ""name"": ""systemd-journal""}, ""uid"": 0}, ""log"": {""syslog"": {""facility"": {""code"": 3}, ""identifier"": ""systemd-journald"", ""priority"": 6}}, ""message"": ""System journal (/var/log/journal/505afdafda3b4f33a63749ae39284742) is 976.0M, max 932.2M, 0B free."", ""process"": {""args"": [""/lib/systemd/systemd-journald""], ""args_count"": 1, ""command_line"": ""/lib/systemd/systemd-journald"", ""pid"": 19317}, ""systemd"": {""cgroup"": ""/system.slice/systemd-journald.service"", ""invocation_id"": ""7c11cda63635437bafe21c92851618a8"", ""slice"": ""system.slice"", ""transport"": ""driver"", ""unit"": ""systemd-journald.service""}, ""tags"": [""forwarded""], ""user"": {""group"": {""id"": ""0""}, ""id"": ""0""}}"
F5 BIG-IP,https://docs.elastic.co/integrations/f5_bigip,"{""@timestamp"": ""2018-11-19T22:34:40.000Z"", ""agent"": {""ephemeral_id"": ""e53fc33d-3e0e-4f88-a338-d65c29e5d7de"", ""hostname"": ""docker-fleet-agent"", ""id"": ""121c9eba-d12d-4405-9bf4-83bc92e8c764"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""7.17.0""}, ""client"": {""ip"": ""81.2.69.142""}, ""data_stream"": {""dataset"": ""f5_bigip.log"", ""namespace"": ""ep"", ""type"": ""logs""}, ""destination"": {""ip"": ""81.2.69.142"", ""port"": 80}, ""ecs"": {""version"": ""8.4.0""}, ""elastic_agent"": {""id"": ""121c9eba-d12d-4405-9bf4-83bc92e8c764"", ""snapshot"": false, ""version"": ""7.17.0""}, ""event"": {""agent_id_status"": ""verified"", ""category"": [""network""], ""dataset"": ""f5_bigip.log"", ""ingested"": ""2022-10-21T06:12:02Z"", ""kind"": ""event"", ""original"": ""{\""application\"":\""app.app\"",\""attack_type\"":\""Detection Evasion\"",\""blocking_exception_reason\"":\""test\"",\""captcha_result\"":\""not_received\"",\""date_time\"":\""2018-11-19 22:34:40\"",\""dest_ip\"":\""81.2.69.142\"",\""dest_port\"":\""80\"",\""device_id\"":\""12bdca32\"",\""fragment\"":\""test_Fragment\"",\""geo_location\"":\""US\"",\""hostname\"":\""hostname\"",\""http_class_name\"":\""/Common/abc/test\"",\""ip_address_intelligence\"":\""host1\"",\""ip_client\"":\""81.2.69.142\"",\""management_ip_address\"":\""81.2.69.142\"",\""management_ip_address_2\"":\""81.2.69.144\"",\""method\"":\""GET\"",\""policy_apply_date\"":\""2018-11-19 22:17:57\"",\""policy_name\"":\""/Common/abc\"",\""protocol\"":\""HTTP\"",\""query_string\"":\""name=abc\"",\""request\"":\""GET /admin/.\"",\""request_status\"":\""blocked\"",\""response_code\"":\""0\"",\""route_domain\"":\""example.com\"",\""session_id\"":\""abc123abcd\"",\""severity\"":\""Critical\"",\""sig_ids\"":\""abc12bcd\"",\""sig_names\"":\""Sig_Name\"",\""src_port\"":\""49804\"",\""staged_sig_ids\"":\""abc23121bc\"",\""staged_sig_names\"":\""test_name\"",\""staged_threat_campaign_names\"":\""test\"",\""sub_violations\"":\""Evasion technique detected:Directory traversals\"",\""support_id\"":\""123456789\"",\""telemetryEventCategory\"":\""ASM\"",\""tenant\"":\""Common\"",\""threat_campaign_names\"":\""threat\"",\""uri\"":\""/directory/file\"",\""username\"":\""test User\"",\""violation_rating\"":\""3\"",\""violations\"":\""Evasion technique detected\"",\""virus_name\"":\""test Virus\"",\""web_application_name\"":\""/Common/abc\"",\""websocket_direction\"":\""test\"",\""websocket_message_type\"":\""test\"",\""x_forwarded_for_header_value\"":\""81.2.69.144\""}"", ""type"": [""info""]}, ""f5_bigip"": {""log"": {""application"": {""name"": ""app.app""}, ""attack"": {""type"": ""Detection Evasion""}, ""blocking_exception_reason"": ""test"", ""captcha_result"": ""not_received"", ""client"": {""ip"": ""81.2.69.142""}, ""date_time"": ""2018-11-19T22:34:40.000Z"", ""dest"": {""ip"": ""81.2.69.142"", ""port"": 80}, ""device"": {""id"": ""12bdca32""}, ""fragment"": ""test_Fragment"", ""geo"": {""location"": ""US""}, ""hostname"": ""hostname"", ""http"": {""class_name"": ""/Common/abc/test""}, ""ip_address_intelligence"": ""host1"", ""management"": {""ip_address"": ""81.2.69.142"", ""ip_address_2"": ""81.2.69.144""}, ""method"": ""GET"", ""policy"": {""apply_date"": ""2018-11-19T22:17:57.000Z"", ""name"": ""/Common/abc""}, ""protocol"": ""HTTP"", ""query"": {""string"": ""name=abc""}, ""request"": {""detail"": ""GET /admin/."", ""status"": ""blocked""}, ""response"": {""code"": 0}, ""route_domain"": ""example.com"", ""session"": {""id"": ""abc123abcd""}, ""severity"": {""name"": ""Critical""}, ""sig"": {""ids"": ""abc12bcd"", ""names"": ""Sig_Name""}, ""src"": {""port"": 49804}, ""staged"": {""sig"": {""ids"": ""abc23121bc"", ""names"": ""test_name""}, ""threat_campaign_names"": ""test""}, ""sub_violations"": ""Evasion technique detected:Directory traversals"", ""support"": {""id"": ""123456789""}, ""telemetry"": {""event"": {""category"": ""ASM""}}, ""tenant"": ""Common"", ""threat_campaign_names"": ""threat"", ""uri"": ""/directory/file"", ""username"": ""test User"", ""violation"": {""rating"": 3}, ""violations"": ""Evasion technique detected"", ""virus_name"": ""test Virus"", ""web_application_name"": ""/Common/abc"", ""websocket"": {""direction"": ""test"", ""message_type"": ""test""}, ""x_forwarded_for_header_value"": ""81.2.69.144""}}, ""host"": {""geo"": {""country_iso_code"": ""US""}, ""id"": ""12bdca32"", ""name"": ""hostname""}, ""http"": {""request"": {""method"": ""GET""}}, ""input"": {""type"": ""http_endpoint""}, ""log"": {""level"": ""critical""}, ""network"": {""application"": ""app.app"", ""protocol"": ""http""}, ""related"": {""hosts"": [""hostname"", ""12bdca32"", ""example.com""], ""ip"": [""81.2.69.142"", ""81.2.69.144""], ""user"": [""test User""]}, ""source"": {""port"": 49804}, ""tags"": [""preserve_original_event"", ""preserve_duplicate_custom_fields"", ""forwarded"", ""f5_bigip-log""], ""user"": {""name"": ""test User""}}"
File Integrity Monitoring,https://docs.elastic.co/integrations/fim,"{""@timestamp"": ""2022-12-26T05:20:54.547Z"", ""agent"": {""ephemeral_id"": ""7bc73d63-724e-4502-95c1-ff11478b89ec"", ""id"": ""8921fb55-4463-4944-8dea-074038035111"", ""name"": ""docker-fleet-agent"", ""type"": ""auditbeat"", ""version"": ""8.3.0""}, ""ecs"": {""version"": ""8.6.0""}, ""data_stream"": {""dataset"": ""fim.event"", ""namespace"": ""ep"", ""type"": ""logs""}, ""elastic_agent"": {""id"": ""8921fb55-4463-4944-8dea-074038035111"", ""snapshot"": false, ""version"": ""8.5.0""}, ""event"": {""action"": [""created""], ""agent_id_status"": ""verified"", ""category"": [""file""], ""dataset"": ""fim.event"", ""ingested"": ""2022-12-26T05:20:55Z"", ""kind"": ""event"", ""module"": ""file_integrity"", ""type"": [""creation""]}, ""file"": {""ctime"": ""2022-12-26T05:20:54.531Z"", ""gid"": ""1000"", ""group"": ""elastic-agent"", ""hash"": {""sha1"": ""22596363b3de40b06f981fb85d82312e8c0ed511""}, ""inode"": ""11794491"", ""mode"": ""0644"", ""mtime"": ""2022-12-26T05:20:54.531Z"", ""owner"": ""elastic-agent"", ""path"": ""/tmp/service_logs/hello"", ""size"": 12, ""type"": ""file"", ""uid"": ""1000""}, ""host"": {""architecture"": ""x86_64"", ""containerized"": false, ""hostname"": ""docker-fleet-agent"", ""id"": ""66392b0697b84641af8006d87aeb89f1"", ""ip"": [""192.168.128.7""], ""mac"": [""02-42-C0-A8-80-07""], ""name"": ""docker-fleet-agent"", ""os"": {""codename"": ""focal"", ""family"": ""debian"", ""kernel"": ""5.10.104-linuxkit"", ""name"": ""Ubuntu"", ""platform"": ""ubuntu"", ""type"": ""linux"", ""version"": ""20.04.5 LTS (Focal Fossa)""}}, ""service"": {""type"": ""file_integrity""}, ""tags"": [""fim-event""]}"
ForgeRock,https://docs.elastic.co/integrations/forgerock,"{""@timestamp"": ""2022-10-05T18:21:48.248Z"", ""client"": {""ip"": ""1.128.0.0""}, ""ecs"": {""version"": ""8.5.2""}, ""event"": {""action"": ""AM-ACCESS-ATTEMPT"", ""id"": ""45463f84-ff1b-499f-aa84-8d4bd93150de-256203"", ""type"": ""access""}, ""forgerock"": {""eventName"": ""AM-ACCESS-ATTEMPT"", ""http"": {""request"": {""headers"": {""accept"": [""text/plain,*/*""], ""content-type"": [""application/x-www-form-urlencoded""], ""host"": [""openam-chico-poc.forgeblocks.com""], ""user-agent"": [""Jersey/2.34 (HttpUrlConnection 11.0.9)""], ""x-forwarded-for"": [""34.94.38.177, 34.149.144.150, 10.168.0.8""], ""x-forwarded-proto"": [""https""]}, ""secure"": true}}, ""level"": ""INFO"", ""realm"": ""/"", ""request"": {""detail"": {""grant_type"": ""client_credentials"", ""scope"": ""fr:idm:*""}}, ""source"": ""audit"", ""topic"": ""access""}, ""http"": {""request"": {""Path"": ""https://openam-chico-poc.forgeblocks.com/am/oauth2/access_token"", ""method"": ""POST""}}, ""observer"": {""vendor"": ""ForgeRock Identity Platform""}, ""service"": {""name"": ""OAuth""}, ""transaction"": {""id"": ""1664994108247-9f138d8fc9f59d23164c-26466/0""}}"
Fortinet FortiClient Logs,https://docs.elastic.co/integrations/fortinet_forticlient,"{""@timestamp"": ""2021-01-29T06:09:59.000Z"", ""agent"": {""ephemeral_id"": ""e212d683-d4b4-42ac-ba98-c8414ff62188"", ""id"": ""4e3f135a-d5f9-40b6-ae01-2c834ecbead0"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.0.0""}, ""data_stream"": {""dataset"": ""fortinet_forticlient.log"", ""namespace"": ""ep"", ""type"": ""logs""}, ""destination"": {""ip"": [""10.102.123.34""], ""port"": 3994}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""4e3f135a-d5f9-40b6-ae01-2c834ecbead0"", ""snapshot"": true, ""version"": ""8.0.0""}, ""event"": {""action"": ""deny"", ""agent_id_status"": ""verified"", ""code"": ""http"", ""dataset"": ""fortinet_forticlient.log"", ""ingested"": ""2022-01-25T12:25:45Z"", ""original"": ""January 29 06:09:59 boNemoe4402.www.invalid proto=udp service=http status=deny src=10.150.92.220 dst=10.102.123.34 src_port=7178 dst_port=3994 server_app=reeufugi pid=7880 app_name=enderitq traff_direct=external block_count=5286 logon_user=sumdo@litesse6379.api.domain msg=failure\n"", ""outcome"": ""failure"", ""timezone"": ""+00:00""}, ""host"": {""name"": ""boNemoe4402.www.invalid""}, ""input"": {""type"": ""udp""}, ""log"": {""source"": {""address"": ""172.30.0.4:54478""}}, ""network"": {""direction"": ""external"", ""protocol"": ""udp""}, ""observer"": {""product"": ""FortiClient"", ""type"": ""Anti-Virus"", ""vendor"": ""Fortinet""}, ""process"": {""pid"": 7880}, ""related"": {""hosts"": [""litesse6379.api.domain"", ""boNemoe4402.www.invalid""], ""ip"": [""10.150.92.220"", ""10.102.123.34""], ""user"": [""sumdo""]}, ""rsa"": {""counters"": {""dclass_c1"": 5286, ""dclass_c1_str"": ""block_count""}, ""internal"": {""messageid"": ""http""}, ""investigations"": {""ec_outcome"": ""Failure"", ""ec_subject"": ""NetworkComm"", ""ec_theme"": ""ALM""}, ""misc"": {""action"": [""deny""], ""result"": ""failure\n""}, ""network"": {""alias_host"": [""boNemoe4402.www.invalid""], ""domain"": ""litesse6379.api.domain"", ""network_service"": ""http""}, ""time"": {""event_time"": ""2021-01-29T06:09:59.000Z""}}, ""server"": {""domain"": ""litesse6379.api.domain"", ""registered_domain"": ""api.domain"", ""subdomain"": ""litesse6379"", ""top_level_domain"": ""domain""}, ""source"": {""ip"": [""10.150.92.220""], ""port"": 7178}, ""tags"": [""preserve_original_event"", ""fortinet-clientendpoint"", ""forwarded""], ""user"": {""name"": ""sumdo""}}"
Fortinet FortiGate Firewall Logs,https://docs.elastic.co/integrations/fortinet_fortigate,"{""@timestamp"": ""2019-05-15T18:03:36.000Z"", ""agent"": {""ephemeral_id"": ""88645c33-21f7-47a1-a1e6-b4a53f32ec43"", ""id"": ""94011a8e-8b26-4bce-a627-d54316798b52"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.6.0""}, ""data_stream"": {""dataset"": ""fortinet_fortigate.log"", ""namespace"": ""ep"", ""type"": ""logs""}, ""destination"": {""as"": {""number"": 35908}, ""geo"": {""continent_name"": ""Asia"", ""country_iso_code"": ""BT"", ""country_name"": ""Bhutan"", ""location"": {""lat"": 27.5, ""lon"": 90.5}}, ""ip"": ""67.43.156.14"", ""port"": 443}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""94011a8e-8b26-4bce-a627-d54316798b52"", ""snapshot"": true, ""version"": ""8.6.0""}, ""event"": {""action"": ""app-ctrl-all"", ""agent_id_status"": ""verified"", ""category"": [""network""], ""code"": ""1059028704"", ""dataset"": ""fortinet_fortigate.log"", ""ingested"": ""2023-01-13T12:22:04Z"", ""kind"": ""event"", ""original"": ""<190>date=2019-05-15 time=18:03:36 logid=\""1059028704\"" type=\""utm\"" subtype=\""app-ctrl\"" eventtype=\""app-ctrl-all\"" level=\""information\"" vd=\""root\"" eventtime=1557968615 appid=40568 srcip=10.1.100.22 dstip=67.43.156.14 srcport=50798 dstport=443 srcintf=\""port10\"" srcintfrole=\""lan\"" dstintf=\""port9\"" dstintfrole=\""wan\"" proto=6 service=\""HTTPS\"" direction=\""outgoing\"" policyid=1 sessionid=4414 applist=\""block-social.media\"" appcat=\""Web.Client\"" app=\""HTTPS.BROWSER\"" action=\""pass\"" hostname=\""www.dailymotion.com\"" incidentserialno=1962906680 url=\""/\"" msg=\""Web.Client: HTTPS.BROWSER,\"" apprisk=\""medium\"" scertcname=\""*.dailymotion.com\"" scertissuer=\""DigiCert SHA2 High Assurance Server CA\"""", ""outcome"": ""success"", ""start"": ""2019-05-16T01:03:35.000Z"", ""type"": [""allowed""]}, ""fortinet"": {""firewall"": {""action"": ""pass"", ""appid"": ""40568"", ""apprisk"": ""medium"", ""dstintfrole"": ""wan"", ""incidentserialno"": ""1962906680"", ""sessionid"": ""4414"", ""srcintfrole"": ""lan"", ""subtype"": ""app-ctrl"", ""type"": ""utm"", ""vd"": ""root""}}, ""input"": {""type"": ""tcp""}, ""log"": {""level"": ""information"", ""source"": {""address"": ""172.27.0.4:39666""}, ""syslog"": {""facility"": {""code"": 23}, ""priority"": 190, ""severity"": {""code"": 6}}}, ""message"": ""Web.Client: HTTPS.BROWSER,"", ""network"": {""application"": ""HTTPS.BROWSER"", ""direction"": ""outbound"", ""iana_number"": ""6"", ""protocol"": ""https"", ""transport"": ""tcp""}, ""observer"": {""egress"": {""interface"": {""name"": ""port9""}}, ""ingress"": {""interface"": {""name"": ""port10""}}, ""product"": ""Fortigate"", ""type"": ""firewall"", ""vendor"": ""Fortinet""}, ""related"": {""ip"": [""10.1.100.22"", ""67.43.156.14""]}, ""rule"": {""category"": ""Web-Client"", ""id"": ""1"", ""ruleset"": ""block-social.media""}, ""source"": {""ip"": ""10.1.100.22"", ""port"": 50798}, ""tags"": [""preserve_original_event"", ""fortinet-fortigate"", ""fortinet-firewall"", ""forwarded""], ""tls"": {""server"": {""issuer"": ""DigiCert SHA2 High Assurance Server CA"", ""x509"": {""issuer"": {""common_name"": ""DigiCert SHA2 High Assurance Server CA""}, ""subject"": {""common_name"": ""*.dailymotion.com""}}}}, ""url"": {""domain"": ""www.dailymotion.com"", ""path"": ""/""}}"
Fortinet FortiMail Logs,https://docs.elastic.co/integrations/fortinet_fortimail,"{""@timestamp"": ""2016-01-29T06:09:59.000Z"", ""agent"": {""ephemeral_id"": ""821504b9-6e80-4572-aae7-c5bb3cf38906"", ""id"": ""4e3f135a-d5f9-40b6-ae01-2c834ecbead0"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.0.0""}, ""data_stream"": {""dataset"": ""fortinet_fortimail.log"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""4e3f135a-d5f9-40b6-ae01-2c834ecbead0"", ""snapshot"": true, ""version"": ""8.0.0""}, ""event"": {""action"": ""event"", ""agent_id_status"": ""verified"", ""code"": ""nes"", ""dataset"": ""fortinet_fortimail.log"", ""ingested"": ""2022-01-25T12:29:32Z"", ""original"": ""date=2016-1-29 time=06:09:59 device_id=pexe log_id=nes log_part=eab type=event subtype=update pri=high msg=\""boNemoe\""\n"", ""timezone"": ""+00:00""}, ""input"": {""type"": ""udp""}, ""log"": {""level"": ""high"", ""source"": {""address"": ""172.30.0.4:44540""}}, ""observer"": {""product"": ""FortiMail"", ""type"": ""Firewall"", ""vendor"": ""Fortinet""}, ""rsa"": {""internal"": {""event_desc"": ""boNemoe"", ""messageid"": ""event_update""}, ""misc"": {""category"": ""update"", ""event_type"": ""event"", ""hardware_id"": ""pexe"", ""msgIdPart1"": ""event"", ""msgIdPart2"": ""update"", ""reference_id"": ""nes"", ""reference_id1"": ""eab"", ""severity"": ""high""}, ""time"": {""event_time"": ""2016-01-29T06:09:59.000Z""}}, ""tags"": [""preserve_original_event"", ""fortinet-fortimail"", ""forwarded""]}"
Fortinet FortiManager Logs,https://docs.elastic.co/integrations/fortinet_fortimanager,"{""@timestamp"": ""2016-01-29T06:09:59.000Z"", ""agent"": {""ephemeral_id"": ""607e3bda-a938-4637-8dd4-02613e9144ac"", ""id"": ""4e3f135a-d5f9-40b6-ae01-2c834ecbead0"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.0.0""}, ""data_stream"": {""dataset"": ""fortinet_fortimanager.log"", ""namespace"": ""ep"", ""type"": ""logs""}, ""destination"": {""bytes"": 449, ""geo"": {""country_name"": ""sequa""}, ""ip"": [""10.44.173.44""], ""nat"": {""ip"": ""10.189.58.145"", ""port"": 5273}, ""port"": 6125}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""4e3f135a-d5f9-40b6-ae01-2c834ecbead0"", ""snapshot"": true, ""version"": ""8.0.0""}, ""event"": {""action"": ""allow"", ""agent_id_status"": ""verified"", ""code"": ""sse"", ""dataset"": ""fortinet_fortimanager.log"", ""ingested"": ""2022-01-25T12:33:50Z"", ""original"": ""logver=iusm devname=\""modtempo\"" devid=\""olab\"" vd=nto date=2016-1-29 time=6:09:59 logid=sse type=exercita subtype=der level=very-high eventtime=odoco logtime=ria srcip=10.20.234.169 srcport=1001 srcintf=eth5722 srcintfrole=vol dstip=10.44.173.44 dstport=6125 dstintf=enp0s3068 dstintfrole=nseq poluuid=itinvol sessionid=psa proto=21 action=allow policyid=ntium policytype=psaq crscore=13.800000 craction=eab crlevel=aliqu appcat=Ute service=lupt srccountry=dolore dstcountry=sequa trandisp=abo tranip=10.189.58.145 tranport=5273 duration=14.119000 sentbyte=7880 rcvdbyte=449 sentpkt=mqui app=nci\n"", ""timezone"": ""+00:00""}, ""input"": {""type"": ""udp""}, ""log"": {""level"": ""very-high"", ""source"": {""address"": ""172.30.0.4:60997""}}, ""network"": {""bytes"": 8329}, ""observer"": {""egress"": {""interface"": {""name"": ""enp0s3068""}}, ""ingress"": {""interface"": {""name"": ""eth5722""}}, ""product"": ""FortiManager"", ""type"": ""Configuration"", ""vendor"": ""Fortinet""}, ""related"": {""hosts"": [""modtempo""], ""ip"": [""10.189.58.145"", ""10.20.234.169"", ""10.44.173.44""]}, ""rsa"": {""internal"": {""messageid"": ""generic_fortinetmgr_1""}, ""misc"": {""action"": [""allow""], ""category"": ""der"", ""context"": ""abo"", ""event_source"": ""modtempo"", ""event_type"": ""exercita"", ""hardware_id"": ""olab"", ""log_session_id"": ""psa"", ""policy_id"": ""ntium"", ""reference_id"": ""sse"", ""severity"": ""very-high"", ""vsys"": ""nto""}, ""network"": {""dinterface"": ""enp0s3068"", ""network_service"": ""lupt"", ""sinterface"": ""eth5722""}, ""time"": {""duration_time"": 14.119, ""event_time"": ""2016-01-29T06:09:59.000Z"", ""event_time_str"": ""odoco""}, ""web"": {""reputation_num"": 13.8}}, ""source"": {""bytes"": 7880, ""geo"": {""country_name"": ""dolore""}, ""ip"": [""10.20.234.169""], ""port"": 1001}, ""tags"": [""preserve_original_event"", ""fortinet-fortimanager"", ""forwarded""]}"
Google Cloud Platform (GCP) Audit logs,https://docs.elastic.co/integrations/gcp/audit,"{""@timestamp"": ""2019-12-19T00:44:25.051Z"", ""agent"": {""ephemeral_id"": ""f4dde373-2ff7-464b-afdb-da94763f219b"", ""id"": ""5d3eee86-91a9-4afa-af92-c6b79bd866c0"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.6.0""}, ""client"": {""user"": {""email"": ""xxx@xxx.xxx""}}, ""cloud"": {""project"": {""id"": ""elastic-beats""}, ""provider"": ""gcp""}, ""data_stream"": {""dataset"": ""gcp.audit"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""5d3eee86-91a9-4afa-af92-c6b79bd866c0"", ""snapshot"": true, ""version"": ""8.6.0""}, ""event"": {""action"": ""beta.compute.instances.aggregatedList"", ""agent_id_status"": ""verified"", ""category"": [""network"", ""configuration""], ""created"": ""2023-01-13T14:59:20.459Z"", ""dataset"": ""gcp.audit"", ""id"": ""yonau2dg2zi"", ""ingested"": ""2023-01-13T14:59:21Z"", ""kind"": ""event"", ""outcome"": ""success"", ""provider"": ""data_access"", ""type"": [""access"", ""allowed""]}, ""gcp"": {""audit"": {""authorization_info"": [{""granted"": true, ""permission"": ""compute.instances.list"", ""resource_attributes"": {""name"": ""projects/elastic-beats"", ""service"": ""resourcemanager"", ""type"": ""resourcemanager.projects""}}], ""num_response_items"": 61, ""request"": {""@type"": ""type.googleapis.com/compute.instances.aggregatedList""}, ""resource_location"": {""current_locations"": [""global""]}, ""resource_name"": ""projects/elastic-beats/global/instances"", ""response"": {""@type"": ""core.k8s.io/v1.Status"", ""apiVersion"": ""v1"", ""details"": {""group"": ""batch"", ""kind"": ""jobs"", ""name"": ""gsuite-exporter-1589294700"", ""uid"": ""2beff34a-945f-11ea-bacf-42010a80007f""}, ""kind"": ""Status"", ""status_value"": ""Success""}, ""type"": ""type.googleapis.com/google.cloud.audit.AuditLog""}}, ""input"": {""type"": ""gcp-pubsub""}, ""log"": {""level"": ""INFO"", ""logger"": ""projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access""}, ""service"": {""name"": ""compute.googleapis.com""}, ""source"": {""ip"": ""192.168.1.1""}, ""tags"": [""forwarded"", ""gcp-audit""], ""user_agent"": {""device"": {""name"": ""Mac""}, ""name"": ""Firefox"", ""original"": ""Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)"", ""os"": {""full"": ""Mac OS X 10.15"", ""name"": ""Mac OS X"", ""version"": ""10.15""}, ""version"": ""71.0.""}}"
Google Cloud Platform (GCP) Billing metrics,https://docs.elastic.co/integrations/gcp/billing,"{""@timestamp"": ""2017-10-12T08:05:34.853Z"", ""cloud"": {""account"": {""id"": ""01475F-5B1080-1137E7""}, ""project"": {""id"": ""elastic-bi"", ""name"": ""elastic-containerlib-prod""}, ""provider"": ""gcp""}, ""event"": {""dataset"": ""gcp.billing"", ""duration"": 115000, ""module"": ""gcp""}, ""gcp"": {""billing"": {""billing_account_id"": ""01475F-5B1080-1137E7"", ""cost_type"": ""regular"", ""invoice_month"": ""202106"", ""project_id"": ""containerlib-prod-12763"", ""project_name"": ""elastic-containerlib-prod"", ""total"": 4717.170681}}, ""metricset"": {""name"": ""billing"", ""period"": 10000}, ""service"": {""type"": ""gcp""}}"
Google Cloud Platform (GCP) Compute metrics,https://docs.elastic.co/integrations/gcp/compute,"{""@timestamp"": ""2017-10-12T08:05:34.853Z"", ""cloud"": {""account"": {""id"": ""elastic-obs-integrations-dev"", ""name"": ""elastic-obs-integrations-dev""}, ""instance"": {""id"": ""4751091017865185079"", ""name"": ""gke-cluster-1-default-pool-6617a8aa-5clh""}, ""machine"": {""type"": ""e2-medium""}, ""provider"": ""gcp"", ""availability_zone"": ""us-central1-c"", ""region"": ""us-central1""}, ""event"": {""dataset"": ""gcp.compute"", ""duration"": 115000, ""module"": ""gcp""}, ""gcp"": {""compute"": {""firewall"": {""dropped"": {""bytes"": 421}, ""dropped_packets_count"": {""value"": 4}}, ""instance"": {""cpu"": {""reserved_cores"": {""value"": 1}, ""usage"": {""pct"": 0.07259952346383708}, ""usage_time"": {""sec"": 4.355971407830225}}, ""memory"": {""balloon"": {""ram_size"": {""value"": 4128378880}, ""ram_used"": {""value"": 2190848000}, ""swap_in"": {""bytes"": 0}, ""swap_out"": {""bytes"": 0}}}, ""uptime"": {""sec"": 60.00000000000091}}}, ""labels"": {""user"": {""goog-gke-node"": """"}}}, ""host"": {""id"": ""4751091017865185079"", ""name"": ""gke-cluster-1-default-pool-6617a8aa-5clh""}, ""metricset"": {""name"": ""compute"", ""period"": 10000}, ""service"": {""type"": ""gcp""}}"
Google Cloud Platform (GCP) Firestore metrics,https://docs.elastic.co/integrations/gcp/firestore,"{""@timestamp"": ""2017-10-12T08:05:34.853Z"", ""cloud"": {""account"": {""id"": ""elastic-obs-integrations-dev"", ""name"": ""elastic-obs-integrations-dev""}, ""instance"": {""id"": ""4751091017865185079"", ""name"": ""gke-cluster-1-default-pool-6617a8aa-5clh""}, ""machine"": {""type"": ""e2-medium""}, ""provider"": ""gcp"", ""availability_zone"": ""us-central1-c"", ""region"": ""us-central1""}, ""event"": {""dataset"": ""gcp.firestore"", ""duration"": 115000, ""module"": ""gcp""}, ""gcp"": {""firestore"": {""document"": {""delete"": {""count"": 3}, ""read"": {""count"": 10}, ""write"": {""count"": 1}}}, ""labels"": {""user"": {""goog-gke-node"": """"}}}, ""host"": {""id"": ""4751091017865185079"", ""name"": ""gke-cluster-1-default-pool-6617a8aa-5clh""}, ""metricset"": {""name"": ""firestore"", ""period"": 10000}, ""service"": {""type"": ""gcp""}}"
Google Cloud Platform (GCP) Firewall logs,https://docs.elastic.co/integrations/gcp/firewall,"{""@timestamp"": ""2019-10-30T13:52:42.191Z"", ""agent"": {""ephemeral_id"": ""f4dde373-2ff7-464b-afdb-da94763f219b"", ""id"": ""5d3eee86-91a9-4afa-af92-c6b79bd866c0"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.6.0""}, ""cloud"": {""availability_zone"": ""us-east1-b"", ""project"": {""id"": ""test-beats""}, ""provider"": ""gcp"", ""region"": ""us-east1""}, ""data_stream"": {""dataset"": ""gcp.firewall"", ""namespace"": ""ep"", ""type"": ""logs""}, ""destination"": {""address"": ""10.42.0.2"", ""domain"": ""test-windows"", ""ip"": ""10.42.0.2"", ""port"": 3389}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""5d3eee86-91a9-4afa-af92-c6b79bd866c0"", ""snapshot"": true, ""version"": ""8.6.0""}, ""event"": {""action"": ""firewall-rule"", ""agent_id_status"": ""verified"", ""category"": ""network"", ""created"": ""2023-01-13T15:01:23.807Z"", ""dataset"": ""gcp.firewall"", ""id"": ""1f21ciqfpfssuo"", ""ingested"": ""2023-01-13T15:01:24Z"", ""kind"": ""event"", ""type"": ""connection""}, ""gcp"": {""destination"": {""instance"": {""project_id"": ""test-beats"", ""region"": ""us-east1"", ""zone"": ""us-east1-b""}, ""vpc"": {""project_id"": ""test-beats"", ""subnetwork_name"": ""windows-isolated"", ""vpc_name"": ""windows-isolated""}}, ""firewall"": {""rule_details"": {""action"": ""ALLOW"", ""direction"": ""INGRESS"", ""ip_port_info"": [{""ip_protocol"": ""TCP"", ""port_range"": [""3389""]}], ""priority"": 1000, ""source_range"": [""0.0.0.0/0""], ""target_tag"": [""allow-rdp""]}}}, ""input"": {""type"": ""gcp-pubsub""}, ""log"": {""logger"": ""projects/test-beats/logs/compute.googleapis.com%2Ffirewall""}, ""network"": {""community_id"": ""1:OdLB9eXsBDLz8m97ao4LepX6q+4="", ""direction"": ""inbound"", ""iana_number"": ""6"", ""name"": ""windows-isolated"", ""transport"": ""tcp"", ""type"": ""ipv4""}, ""related"": {""ip"": [""192.168.2.126"", ""10.42.0.2""]}, ""rule"": {""name"": ""network:windows-isolated/firewall:windows-isolated-allow-rdp""}, ""source"": {""address"": ""192.168.2.126"", ""geo"": {""continent_name"": ""Asia"", ""country_name"": ""omn""}, ""ip"": ""192.168.2.126"", ""port"": 64853}, ""tags"": [""forwarded"", ""gcp-firewall""]}"
Google Cloud Platform (GCP) VPC Flow logs,https://docs.elastic.co/integrations/gcp/vpcflow,"{""@timestamp"": ""2019-06-14T03:50:10.845Z"", ""agent"": {""ephemeral_id"": ""f4dde373-2ff7-464b-afdb-da94763f219b"", ""id"": ""5d3eee86-91a9-4afa-af92-c6b79bd866c0"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.6.0""}, ""cloud"": {""provider"": ""gcp""}, ""data_stream"": {""dataset"": ""gcp.vpcflow"", ""namespace"": ""ep"", ""type"": ""logs""}, ""destination"": {""address"": ""10.87.40.76"", ""domain"": ""kibana"", ""ip"": ""10.87.40.76"", ""port"": 5601}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""5d3eee86-91a9-4afa-af92-c6b79bd866c0"", ""snapshot"": true, ""version"": ""8.6.0""}, ""event"": {""agent_id_status"": ""verified"", ""category"": ""network"", ""created"": ""2023-01-13T15:03:19.118Z"", ""dataset"": ""gcp.vpcflow"", ""end"": ""2019-06-14T03:40:37.048196137Z"", ""id"": ""ut8lbrffooxzf"", ""ingested"": ""2023-01-13T15:03:20Z"", ""kind"": ""event"", ""start"": ""2019-06-14T03:40:36.895188084Z"", ""type"": ""connection""}, ""gcp"": {""destination"": {""instance"": {""project_id"": ""my-sample-project"", ""region"": ""us-east1"", ""zone"": ""us-east1-b""}, ""vpc"": {""project_id"": ""my-sample-project"", ""subnetwork_name"": ""default"", ""vpc_name"": ""default""}}, ""vpcflow"": {""reporter"": ""DEST"", ""rtt"": {""ms"": 36}}}, ""input"": {""type"": ""gcp-pubsub""}, ""log"": {""logger"": ""projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows""}, ""network"": {""bytes"": 1464, ""community_id"": ""1:++9/JiESSUdwTGGcxwXk4RA0lY8="", ""direction"": ""inbound"", ""iana_number"": ""6"", ""packets"": 7, ""transport"": ""tcp"", ""type"": ""ipv4""}, ""related"": {""ip"": [""192.168.2.117"", ""10.87.40.76""]}, ""source"": {""address"": ""192.168.2.117"", ""as"": {""number"": 15169}, ""bytes"": 1464, ""geo"": {""continent_name"": ""America"", ""country_name"": ""usa""}, ""ip"": ""192.168.2.117"", ""packets"": 7, ""port"": 50646}, ""tags"": [""forwarded"", ""gcp-vpcflow""]}"
IBM MQ,https://docs.elastic.co/integrations/ibmmq,"{""@timestamp"": ""2022-07-04T07:29:32.808Z"", ""agent"": {""ephemeral_id"": ""b74cf2bf-29aa-46f0-8eec-ed48244675f2"", ""id"": ""0402a600-6a5e-443e-a57e-10f6f91ff35e"", ""name"": ""docker-fleet-agent"", ""type"": ""metricbeat"", ""version"": ""8.2.0""}, ""data_stream"": {""dataset"": ""ibmmq.qmgr"", ""namespace"": ""ep"", ""type"": ""metrics""}, ""ecs"": {""version"": ""8.5.1""}, ""elastic_agent"": {""id"": ""0402a600-6a5e-443e-a57e-10f6f91ff35e"", ""snapshot"": false, ""version"": ""8.2.0""}, ""event"": {""agent_id_status"": ""verified"", ""category"": ""web"", ""dataset"": ""ibmmq.qmgr"", ""duration"": 4639837, ""ingested"": ""2022-07-04T07:29:36Z"", ""kind"": ""metric"", ""module"": ""ibmmq"", ""type"": ""info""}, ""host"": {""architecture"": ""x86_64"", ""containerized"": true, ""hostname"": ""docker-fleet-agent"", ""ip"": [""172.18.0.7""], ""mac"": [""02:42:ac:12:00:07""], ""name"": ""docker-fleet-agent"", ""os"": {""codename"": ""focal"", ""family"": ""debian"", ""kernel"": ""3.10.0-1160.59.1.el7.x86_64"", ""name"": ""Ubuntu"", ""platform"": ""ubuntu"", ""type"": ""linux"", ""version"": ""20.04.4 LTS (Focal Fossa)""}}, ""ibmmq"": {""labels"": {""job"": ""ibmmq"", ""qmgr"": ""QM1""}, ""qmgr"": {""calls"": {""failed"": {""callback"": {""count"": 0}, ""close"": {""count"": 0}, ""connections"": {""count"": 0}, ""get"": {""count"": 2}, ""inquire"": {""count"": 0}, ""open"": {""count"": 0}, ""set"": {""count"": 0}, ""subscription_request"": {""count"": 0}}, ""succeeded"": {""callback"": {""count"": 0}, ""close"": {""count"": 0}, ""connections"": {""count"": 0}, ""control"": {""count"": 0}, ""disconnect"": {""count"": 0}, ""inquire"": {""count"": 4}, ""open"": {""count"": 0}, ""set"": {""count"": 0}, ""status"": {""count"": 0}, ""subscription_request"": {""count"": 0}}}, ""destructive"": {""get"": {""bytes"": 4868, ""count"": 13}}, ""log"": {""written"": {""bytes"": {""logical"": 0, ""physical"": 0}}}, ""messages"": {""commit"": {""count"": 0}, ""expired"": {""count"": 0}, ""failed"": {""browse"": {""count"": 0}, ""mq"": {""put"": {""count"": 0}, ""put1"": {""count"": 0}}}, ""mq"": {""put"": {""bytes"": 4868, ""count"": 13}}, ""non_persistent"": {""browse"": {""bytes"": 0, ""count"": 0}, ""destructive"": {""get"": {""count"": 13}}, ""get"": {""bytes"": 4868}, ""mq"": {""put"": {""count"": 13}, ""put1"": {""count"": 0}}, ""put"": {""bytes"": 4868}}, ""persistent"": {""browse"": {""bytes"": 0, ""count"": 0}, ""destructive"": {""get"": {""count"": 0}}, ""get"": {""bytes"": 0}, ""mq"": {""put"": {""count"": 0}, ""put1"": {""count"": 0}}, ""put"": {""bytes"": 0}}, ""published"": {""subscribers"": {""bytes"": 3500, ""count"": 13}}, ""purged"": {""queue"": {""count"": 0}}}, ""rollback"": {""count"": 0}, ""subscription"": {""durable"": {""alter"": {""count"": 0}, ""create"": {""count"": 0}, ""delete"": {""count"": 0}, ""resume"": {""count"": 0}}, ""failed"": {""create_alter_resume"": {""count"": 0}, ""delete"": {""count"": 0}}, ""non_durable"": {""create"": {""count"": 0}, ""delete"": {""count"": 0}}}, ""topic"": {""mq"": {""put"": {""count"": 13, ""failed"": {""count"": 0}, ""non_persistent"": {""count"": 13}, ""persistent"": {""count"": 0}}}, ""put"": {""bytes"": 3500}}}}, ""metricset"": {""name"": ""collector"", ""period"": 10000}, ""service"": {""address"": ""http://elastic-package-service_ibmmq_1:9157/metrics"", ""type"": ""ibmmq""}, ""tags"": [""forwarded"", ""ibmmq-qmgr""]}"
Infoblox BloxOne DDI,https://docs.elastic.co/integrations/infoblox_bloxone_ddi,"{""@timestamp"": ""2022-07-11T11:51:15.417Z"", ""agent"": {""ephemeral_id"": ""2012f3f7-49dc-4448-bb3b-60ba7ba8a293"", ""hostname"": ""docker-fleet-agent"", ""id"": ""e0bb9c9c-c3ad-47d7-882c-5fff0f458160"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""7.17.0""}, ""client"": {""user"": {""id"": ""abc3212abc""}}, ""data_stream"": {""dataset"": ""infoblox_bloxone_ddi.dhcp_lease"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""e0bb9c9c-c3ad-47d7-882c-5fff0f458160"", ""snapshot"": false, ""version"": ""7.17.0""}, ""event"": {""agent_id_status"": ""verified"", ""category"": [""network""], ""created"": ""2022-11-21T10:35:16.397Z"", ""dataset"": ""infoblox_bloxone_ddi.dhcp_lease"", ""end"": ""2022-07-11T11:51:15.417Z"", ""ingested"": ""2022-11-21T10:35:19Z"", ""kind"": ""event"", ""original"": ""{\""address\"":\""81.2.69.192\"",\""client_id\"":\""abc3212abc\"",\""ends\"":\""2022-07-11T11:51:15.417Z\"",\""fingerprint\"":\""ab3213cbabab/abc23bca\"",\""fingerprint_processed\"":\""12abca32bca32abcd\"",\""ha_group\"":\""abc321cdcbda321\"",\""hardware\"":\""00:00:5E:00:53:00\"",\""host\"":\""admin\"",\""hostname\"":\""Host1\"",\""iaid\"":0,\""last_updated\"":\""2022-07-11T11:51:15.417Z\"",\""options\"":{\""message\"":\""Hello\""},\""preferred_lifetime\"":\""2022-07-11T11:51:15.417Z\"",\""protocol\"":\""ip4\"",\""space\"":\""DHCP lease Space\"",\""starts\"":\""2022-07-14T11:51:15.417Z\"",\""state\"":\""used\"",\""type\"":\""DHCP lease Type\""}"", ""start"": ""2022-07-14T11:51:15.417Z"", ""type"": [""protocol""]}, ""host"": {""hostname"": ""Host1"", ""name"": ""admin""}, ""infoblox_bloxone_ddi"": {""dhcp_lease"": {""address"": ""81.2.69.192"", ""client_id"": ""abc3212abc"", ""ends"": ""2022-07-11T11:51:15.417Z"", ""fingerprint"": {""processed"": ""12abca32bca32abcd"", ""value"": ""ab3213cbabab/abc23bca""}, ""ha_group"": ""abc321cdcbda321"", ""hardware"": ""00-00-5E-00-53-00"", ""host"": ""admin"", ""hostname"": ""Host1"", ""iaid"": 0, ""last_updated"": ""2022-07-11T11:51:15.417Z"", ""options"": {""message"": ""Hello""}, ""preferred_lifetime"": ""2022-07-11T11:51:15.417Z"", ""protocol"": ""ipv4"", ""space"": ""DHCP lease Space"", ""starts"": ""2022-07-14T11:51:15.417Z"", ""state"": ""used"", ""type"": ""DHCP lease Type""}}, ""input"": {""type"": ""httpjson""}, ""network"": {""type"": ""ipv4""}, ""related"": {""hosts"": [""admin"", ""Host1""], ""ip"": [""81.2.69.192""]}, ""tags"": [""preserve_original_event"", ""preserve_duplicate_custom_fields"", ""forwarded"", ""infoblox_bloxone_ddi-dhcp_lease""]}"
Istio,https://docs.elastic.co/integrations/istio,"{""@timestamp"": ""2022-07-20T09:52:24.955Z"", ""data_stream"": {""namespace"": ""default"", ""type"": ""logs"", ""dataset"": ""istio.access_logs""}, ""destination"": {""address"": ""10.68.2.10:9080"", ""ip"": ""10.68.2.10"", ""port"": 9080}, ""ecs"": {""version"": ""8.3.0""}, ""event"": {""category"": [""web""], ""created"": ""2020-04-28T11:07:58.223Z"", ""duration"": 1000000, ""id"": ""785918d6-06b6-9312-bf77-6d9bd968dc21"", ""ingested"": ""2022-07-20T11:05:15.804584205Z"", ""kind"": ""event"", ""module"": ""istio"", ""original"": ""[2022-07-20T09:52:24.955Z] \""GET /details/0 HTTP/1.1\"" 200 - via_upstream - \""-\"" 0 178 2 1 \""-\"" \""Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36\"" \""785918d6-06b6-9312-bf77-6d9bd968dc21\"" \""details:9080\"" \""10.68.2.10:9080\"" inbound|9080|| 127.0.0.6:47889 10.68.2.10:9080 89.160.20.156:39696 outbound_.9080_._.details.default.svc.cluster.local default"", ""outcome"": ""success"", ""type"": [""access""]}, ""http"": {""request"": {""body"": {""bytes"": 178}, ""id"": ""785918d6-06b6-9312-bf77-6d9bd968dc21"", ""method"": ""GET""}, ""response"": {""body"": {""bytes"": 0}, ""status_code"": 200}, ""version"": ""1.1""}, ""istio"": {""access"": {""authority"": ""details:9080"", ""bytes"": {""received"": 0, ""sent"": 178}, ""downstream"": {""local_address"": ""10.68.2.10:9080"", ""remote_address"": ""89.160.20.156:39696""}, ""duration"": 2, ""requested_server_name"": ""outbound_.9080_._.details.default.svc.cluster.local"", ""response"": {""code_details"": ""via_upstream""}, ""route_name"": ""default"", ""upstream"": {""local_address"": ""127.0.0.6:47889"", ""cluster"": ""inbound|9080||"", ""host"": ""10.68.2.10:9080"", ""service_time"": 1}}}, ""network"": {""community_id"": ""1:Kd61jBZsKdDUbZUBs5s/VI08qc0="", ""protocol"": ""http"", ""transport"": ""tcp""}, ""related"": {""ip"": [""89.160.20.156"", ""10.68.2.10""]}, ""source"": {""address"": ""89.160.20.156:39696"", ""as"": {""number"": 29518, ""organization"": {""name"": ""Bredband2 AB""}}, ""geo"": {""city_name"": ""Link\u00f6ping"", ""continent_name"": ""Europe"", ""country_iso_code"": ""SE"", ""country_name"": ""Sweden"", ""location"": {""lat"": 58.4167, ""lon"": 15.6167}, ""region_iso_code"": ""SE-E"", ""region_name"": ""\u00d6sterg\u00f6tland County""}, ""ip"": ""89.160.20.156"", ""port"": 39696}, ""tags"": [""preserve_original_event""], ""url"": {""original"": ""/details/0""}, ""user_agent"": {""device"": {""name"": ""Mac""}, ""name"": ""Chrome"", ""original"": ""Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36"", ""os"": {""full"": ""Mac OS X 10.15.7"", ""name"": ""Mac OS X"", ""version"": ""10.15.7""}, ""version"": ""103.0.5060.114""}}"
Jamf Compliance Reporter,https://docs.elastic.co/integrations/jamf_compliance_reporter,"{""@timestamp"": ""2019-10-02T16:17:08.000Z"", ""agent"": {""ephemeral_id"": ""d5ffc842-05cf-43da-96fe-905f95ab2e41"", ""id"": ""4f9748a6-cc5b-4160-bfdb-b533f9ba576a"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.4.0""}, ""data_stream"": {""dataset"": ""jamf_compliance_reporter.log"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""4f9748a6-cc5b-4160-bfdb-b533f9ba576a"", ""snapshot"": false, ""version"": ""8.4.0""}, ""event"": {""action"": ""preference_list_event"", ""agent_id_status"": ""verified"", ""category"": [""process""], ""dataset"": ""jamf_compliance_reporter.log"", ""ingested"": ""2022-11-04T11:01:45Z"", ""kind"": ""event"", ""type"": [""info""]}, ""host"": {""hostname"": ""macbook_pro"", ""id"": ""X03XX889XXX3"", ""mac"": [""38-F9-E8-15-5A-82""], ""os"": {""type"": ""macos"", ""version"": ""Version 10.14.6 (Build 18G95)""}}, ""input"": {""type"": ""tcp""}, ""jamf_compliance_reporter"": {""log"": {""dataset"": ""event"", ""event_attributes"": {""audit_event"": {""excluded_processes"": [""/usr/bin/log"", ""/usr/sbin/syslogd""], ""excluded_users"": [""_spotlight"", ""_windowserver""]}, ""audit_event_log_verbose_messages"": ""1"", ""audit_level"": 3, ""file_event"": {""exclusion_paths"": [""/Users/.*/Library/.*""], ""inclusion_paths"": [""/Users/.*""], ""use_fuzzy_match"": 0}, ""file_license_info"": {""license_expiration_date"": ""2020-01-01T00:00:00.000Z"", ""license_key"": ""43cafc3da47e792939ea82c70..."", ""license_type"": ""Annual"", ""license_version"": ""1""}, ""log"": {""file"": {""location"": ""/var/log/JamfComplianceReporter.log"", ""max_number_backups"": 10, ""max_size_mega_bytes"": 10, ""ownership"": ""root:wheel"", ""permission"": ""640""}, ""remote_endpoint_enabled"": 1, ""remote_endpoint_type"": ""AWSKinesis"", ""remote_endpoint_type_awskinesis"": {""access_key_id"": ""AKIAQFE..."", ""region"": ""us-east-1"", ""secret_key"": ""JAdcoRIo4zsPz..."", ""stream_name"": ""compliancereporter_testing""}}, ""unified_log_predicates"": [""'(subsystem == \""com.example.networkstatistics\"")'"", ""'(subsystem == \""com.apple.CryptoTokenKit\"" AND category == \""AHP\"")'""], ""version"": ""3.1b43""}, ""event_score"": 0, ""host_info"": {""host"": {""uuid"": ""3X6E4X3X-9285-4X7X-9X0X-X3X62XX379XX""}}}}, ""log"": {""source"": {""address"": ""192.168.224.7:58764""}}, ""related"": {""hosts"": [""macbook_pro""], ""user"": [""dan@email.com""]}, ""tags"": [""forwarded"", ""jamf_compliance_reporter-log""], ""user"": {""email"": ""dan@email.com""}}"
Kibana,https://docs.elastic.co/integrations/kibana,"{""agent"": {""name"": ""docker-fleet-agent"", ""id"": ""44d99b67-3ac6-44a7-aa72-63367a8c2f8b"", ""type"": ""metricbeat"", ""ephemeral_id"": ""ab3cdd2a-3336-4682-a038-6844197893f4"", ""version"": ""8.5.0""}, ""process"": {""pid"": 7}, ""@timestamp"": ""2022-08-06T22:34:12.983Z"", ""ecs"": {""version"": ""8.0.0""}, ""data_stream"": {""namespace"": ""default"", ""type"": ""metrics"", ""dataset"": ""kibana.stats""}, ""service"": {""address"": ""https://kibana:5601/api/stats?extended=true"", ""id"": ""79307ef1-725a-4f29-992a-446bcbedf380"", ""type"": ""kibana"", ""version"": ""8.5.0""}, ""elastic_agent"": {""id"": ""44d99b67-3ac6-44a7-aa72-63367a8c2f8b"", ""version"": ""8.5.0"", ""snapshot"": true}, ""host"": {""hostname"": ""docker-fleet-agent"", ""os"": {""kernel"": ""5.10.47-linuxkit"", ""codename"": ""focal"", ""name"": ""Ubuntu"", ""type"": ""linux"", ""family"": ""debian"", ""version"": ""20.04.4 LTS (Focal Fossa)"", ""platform"": ""ubuntu""}, ""containerized"": true, ""ip"": [""172.21.0.7""], ""name"": ""docker-fleet-agent"", ""mac"": [""02:42:ac:15:00:07""], ""architecture"": ""x86_64""}, ""metricset"": {""period"": 10000, ""name"": ""stats""}, ""event"": {""duration"": 22471757, ""agent_id_status"": ""verified"", ""ingested"": ""2022-08-06T22:34:13Z"", ""module"": ""kibana"", ""dataset"": ""kibana.stats""}, ""kibana"": {""elasticsearch"": {""cluster"": {""id"": ""wMZ6Mw1nR1ydMG25AiiOLw""}}, ""stats"": {""request"": {""total"": 4, ""disconnects"": 0}, ""process"": {""memory"": {""resident_set_size"": {""bytes"": 510763008}, ""heap"": {""total"": {""bytes"": 354033664}, ""used"": {""bytes"": 280320136}, ""size_limit"": {""bytes"": 4345298944}}}, ""event_loop_delay"": {""ms"": 10.395972266666668}, ""uptime"": {""ms"": 64365}}, ""os"": {""distroRelease"": ""Ubuntu-20.04"", ""distro"": ""Ubuntu"", ""memory"": {""used_in_bytes"": 4305055744, ""total_in_bytes"": 35739144192, ""free_in_bytes"": 31434088448}, ""load"": {""5m"": 0.66, ""15m"": 0.25, ""1m"": 1.66}, ""platformRelease"": ""linux-5.10.47-linuxkit"", ""platform"": ""linux""}, ""name"": ""kibana"", ""host"": {""name"": ""0.0.0.0""}, ""index"": "".kibana"", ""response_time"": {""avg"": {""ms"": 8}, ""max"": {""ms"": 11}}, ""concurrent_connections"": 10, ""snapshot"": true, ""status"": ""green""}}}"
Kubernetes Audit Logs,https://docs.elastic.co/integrations/kubernetes/audit-logs,"{""kubernetes"": {""audit"": {""auditID"": ""bcacfeaa-5ab5-48de-8bac-3a87d1474b6a"", ""requestReceivedTimestamp"": ""2022-08-31T08:09:39.660940Z"", ""level"": ""RequestResponse"", ""kind"": ""Event"", ""verb"": ""get"", ""annotations"": {""authorization_k8s_io/decision"": ""allow"", ""authorization_k8s_io/reason"": ""RBAC: allowed by ClusterRoleBinding \""system:public-info-viewer\"" of ClusterRole \""system:public-info-viewer\"" to Group \""system:unauthenticated\""""}, ""userAgent"": ""kube-probe/1.24"", ""requestURI"": ""/readyz"", ""responseStatus"": {""metadata"": {}, ""code"": 200}, ""stageTimestamp"": ""2022-08-31T08:09:39.662241Z"", ""sourceIPs"": [""172.18.0.2""], ""apiVersion"": ""audit.k8s.io/v1"", ""stage"": ""ResponseComplete"", ""user"": {""groups"": [""system:unauthenticated""], ""username"": ""system:anonymous""}}}, ""input"": {""type"": ""filestream""}, ""agent"": {""name"": ""kind-control-plane"", ""id"": ""6e730a0c-7da5-48ff-b4c9-f6c63844975d"", ""type"": ""filebeat"", ""ephemeral_id"": ""d27511c8-9cd1-402c-8b1b-234abbd9dcae"", ""version"": ""8.4.0""}, ""@timestamp"": ""2022-08-31T08:09:57.520Z"", ""ecs"": {""version"": ""8.0.0""}, ""log"": {""file"": {""path"": ""/var/log/kubernetes/kube-apiserver-audit-1.log""}, ""offset"": 20995}, ""data_stream"": {""namespace"": ""default"", ""type"": ""logs"", ""dataset"": ""kubernetes.audit_logs""}, ""host"": {""hostname"": ""kind-control-plane"", ""os"": {""kernel"": ""5.10.104-linuxkit"", ""codename"": ""focal"", ""name"": ""Ubuntu"", ""type"": ""linux"", ""family"": ""debian"", ""version"": ""20.04.4 LTS (Focal Fossa)"", ""platform"": ""ubuntu""}, ""containerized"": false, ""ip"": [""10.244.0.1"", ""10.244.0.1"", ""10.244.0.1"", ""172.30.0.3"", ""172.18.0.2"", ""fc00:f853:ccd:e793::2"", ""fe80::42:acff:fe12:2""], ""name"": ""kind-control-plane"", ""id"": ""5016511f0829451ea244f458eebf2212"", ""mac"": [""02:42:ac:12:00:02"", ""02:42:ac:1e:00:03"", ""3a:ba:49:df:78:35"", ""86:c7:fe:c8:fa:22"", ""d6:48:c1:a2:a4:15""], ""architecture"": ""x86_64""}, ""elastic_agent"": {""id"": ""6e730a0c-7da5-48ff-b4c9-f6c63844975d"", ""version"": ""8.4.0"", ""snapshot"": false}, ""event"": {""agent_id_status"": ""verified"", ""ingested"": ""2022-08-31T08:09:58Z"", ""dataset"": ""kubernetes.audit_logs""}}"
Logstash,https://docs.elastic.co/integrations/logstash,"{""agent"": {""hostname"": ""docker-fleet-agent"", ""name"": ""docker-fleet-agent"", ""id"": ""0c223a58-fac1-457d-84d2-13b4cc188cd8"", ""type"": ""metricbeat"", ""ephemeral_id"": ""14484f41-a26f-44c9-adf0-fc0f1495b4f3"", ""version"": ""7.15.0""}, ""elastic_agent"": {""id"": ""0c223a58-fac1-457d-84d2-13b4cc188cd8"", ""version"": ""7.15.0"", ""snapshot"": true}, ""logstash"": {""node"": {""stats"": {""events"": {""filtered"": 0, ""in"": 0, ""out"": 0}}}}, ""@timestamp"": ""2021-09-02T17:29:14.596Z"", ""ecs"": {""version"": ""1.10.0""}, ""data_stream"": {""namespace"": ""default"", ""type"": ""metrics"", ""dataset"": ""logstash.node_stats""}, ""service"": {""hostname"": ""45943bf17069"", ""address"": ""http://logstash:9600/_node/stats"", ""name"": ""logstash"", ""id"": ""8cfe1a39-ac50-439d-8bf2-93198aa26c0d"", ""type"": ""logstash"", ""version"": ""8.0.0""}, ""host"": {""hostname"": ""docker-fleet-agent"", ""os"": {""kernel"": ""5.11.10-arch1-1"", ""codename"": ""Core"", ""name"": ""CentOS Linux"", ""type"": ""linux"", ""family"": ""redhat"", ""version"": ""7 (Core)"", ""platform"": ""centos""}, ""containerized"": true, ""ip"": [""172.25.0.4""], ""name"": ""docker-fleet-agent"", ""id"": ""1292624d19b2cee1a317ad634c9a8358"", ""mac"": [""02:42:ac:19:00:04""], ""architecture"": ""x86_64""}, ""metricset"": {""period"": 10000, ""name"": ""node_stats""}, ""event"": {""duration"": 18621194, ""agent_id_status"": ""verified"", ""ingested"": ""2021-09-02T17:29:15.608149964Z"", ""module"": ""logstash"", ""dataset"": ""logstash.node_stats""}}"
Lyve Cloud,https://docs.elastic.co/integrations/lyve_cloud,"{""@timestamp"": ""2022-10-20T12:52:42.974Z"", ""cloud"": {""provider"": ""lyvecloud""}, ""ecs"": {""version"": ""8.5.1""}, ""event"": {""original"": ""{\""auditEntry\"": {\""api\"": {\""name\"": \""GetBucketLocation\"", \""bucket\"": \""user-name-t10\"", \""status\"": \""OK\"", \""statusCode\"": 200, \""timeToResponse\"": \""27121602ns\"", \""timeToFirstByte\"": \""27072750ns\""}, \""time\"": \""2022-10-20T12:52:42.974686686Z\"", \""version\"": \""1\"", \""requestID\"": \""171FC8111B3F560B\"", \""userAgent\"": \""MinIO (linux; amd64) minio-go/v7.0.15\"", \""deploymentid\"": \""8fe8887f-d1e2-4918-9e33-52bfba3b0de8\"", \""requestQuery\"": {\""location\"": \""\""}, \""requestHeader\"": {\""X-Real-Ip\"": \""10.213.135.144:28911\"", \""User-Agent\"": \""aws-cli/2.7.7 Python/3.9.11 Linux/5.15.0-52-generic exe/x86_64.ubuntu.20 prompt/off command/s3api.head-object\"", \""X-Amz-Date\"": \""20221024T083808Z\"", \""Authorization\"": \""AWS4-HMAC-SHA256 Credential=<redacted>/20221024/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=<redacted>\"", \""Accept-Encoding\"": \""identity\"", \""X-Forwarded-For\"": \""1.128.0.0, 10.213.135.144\"", \""X-Forwarded-Host\"": \""s3.us-east-1.lyvecloud.seagate.com\"", \""X-Forwarded-Proto\"": \""https\"", \""X-Amz-Content-Sha256\"": \""e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\""}, \""responseHeader\"": {\""ETag\"": \""b1946ac92492d2347c6235b4d2611184\"", \""Vary\"": \""Origin\"", \""Content-Type\"": \""application/octet-stream\"", \""Accept-Ranges\"": \""bytes\"", \""Last-Modified\"": \""Sun, 23 Oct 2022 12:51:23 GMT\"", \""Content-Length\"": \""6\"", \""X-Amz-Request-Id\"": \""1720F4788755136D\"", \""X-Xss-Protection\"": \""1; mode=block\"", \""x-amz-version-id\"": \""ab44978d-0929-4c3a-8d52-17157c1fb6ad\"", \""X-Amz-Bucket-Region\"": \""us-east-1\"", \""X-Amz-Object-Lock-Mode\"": \""COMPLIANCE\"", \""Content-Security-Policy\"": \""block-all-mixed-content\"", \""X-Amz-Server-Side-Encryption\"": \""AES256\"", \""X-Amz-Object-Lock-Retain-Until-Date\"": \""2022-10-27T12:51:23.250Z\""}}, \""serviceAccountName\"": \""user-name-terraform\"", \""serviceAccountCreatorId\"": \""name.last@company.com\""}""}, ""http"": {""response"": {""body"": {""bytes"": 6}, ""mime_type"": ""application/octet-stream"", ""status_code"": 200}}, ""log"": {""file"": {""path"": ""https://s3.us-east-1.lyvecloud.seagate.com/logss001/October-2022/S3-2022-20-10-14-09-31.gz""}}, ""lyve_cloud"": {""audit"": {""auditEntry"": {""api"": {""bucket"": ""user-name-t10"", ""name"": ""GetBucketLocation"", ""status"": ""OK"", ""timeToFirstByte"": 27072750, ""timeToResponse"": 27121602}, ""requestHeader"": {""X-Forwarded-For"": ""1.128.0.0, 10.213.135.144"", ""X-Forwarded-Host"": ""s3.us-east-1.lyvecloud.seagate.com"", ""X-Real-Ip"": ""10.213.135.144:28911""}, ""responseHeader"": {""Accept-Ranges"": ""bytes"", ""Last-Modified"": ""Sun, 23 Oct 2022 12:51:23 GMT"", ""X-Amz-Bucket-Region"": ""us-east-1"", ""X-Amz-Object-Lock-Mode"": ""COMPLIANCE"", ""X-Amz-Server-Side-Encryption"": ""AES256"", ""object_lock_retain_until_date"": ""2022-10-27T12:51:23.250Z"", ""x-amz-version-id"": ""ab44978d-0929-4c3a-8d52-17157c1fb6ad""}, ""version"": ""1""}}}, ""os"": {""name"": ""Linux""}, ""related"": {""ip"": [""1.128.0.0"", ""10.213.135.144""], ""user"": ""user-name-terraform""}, ""tags"": [""preserve_original_event""], ""user"": {""email"": ""name.last@company.com"", ""id"": ""name.last@company.com"", ""name"": ""user-name-terraform""}, ""user_agent"": {""device"": {""name"": ""Other""}, ""name"": ""Other"", ""original"": ""MinIO (linux; amd64) minio-go/v7.0.15""}}"
Microsoft M365 Defender,https://docs.elastic.co/integrations/m365_defender,"{""@timestamp"": ""2021-09-30T09:35:45.113Z"", ""agent"": {""ephemeral_id"": ""680ecfc9-79a0-47ae-b6a5-7b8a1546433c"", ""id"": ""e77dcfd5-f1ee-46d9-8fcf-08ad9ace0457"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.6.0""}, ""cloud"": {""account"": {""id"": ""b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c""}, ""provider"": [""azure""]}, ""data_stream"": {""dataset"": ""m365_defender.incident"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.5.0""}, ""elastic_agent"": {""id"": ""e77dcfd5-f1ee-46d9-8fcf-08ad9ace0457"", ""snapshot"": false, ""version"": ""8.6.0""}, ""event"": {""action"": [""detected""], ""agent_id_status"": ""verified"", ""created"": ""2021-08-13T08:43:35.553Z"", ""dataset"": ""m365_defender.incident"", ""id"": ""2972395"", ""ingested"": ""2023-02-01T07:32:54Z"", ""kind"": ""event"", ""original"": ""{\""@odata.type\"":\""#microsoft.graph.security.incident\"",\""alerts\"":{\""@odata.type\"":\""#microsoft.graph.security.alert\"",\""actorDisplayName\"":null,\""alertWebUrl\"":\""https://security.microsoft.com/alerts/da637551227677560813_-961444813?tid=b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c\"",\""assignedTo\"":null,\""category\"":\""DefenseEvasion\"",\""classification\"":\""unknown\"",\""comments\"":[],\""createdDateTime\"":\""2021-04-27T12:19:27.7211305Z\"",\""description\"":\""A hidden file has been launched. This activity could indicate a compromised host. Attackers often hide files associated with malicious tools to evade file system inspection and defenses.\"",\""detectionSource\"":\""antivirus\"",\""detectorId\"":\""e0da400f-affd-43ef-b1d5-afc2eb6f2756\"",\""determination\"":\""unknown\"",\""evidence\"":[{\""@odata.type\"":\""#microsoft.graph.security.deviceEvidence\"",\""azureAdDeviceId\"":null,\""createdDateTime\"":\""2021-04-27T12:19:27.7211305Z\"",\""defenderAvStatus\"":\""unknown\"",\""deviceDnsName\"":\""tempDns\"",\""firstSeenDateTime\"":\""2020-09-12T07:28:32.4321753Z\"",\""healthStatus\"":\""active\"",\""loggedOnUsers\"":[],\""mdeDeviceId\"":\""73e7e2de709dff64ef64b1d0c30e67fab63279db\"",\""onboardingStatus\"":\""onboarded\"",\""osBuild\"":22424,\""osPlatform\"":\""Windows10\"",\""rbacGroupId\"":75,\""rbacGroupName\"":\""UnassignedGroup\"",\""remediationStatus\"":\""none\"",\""remediationStatusDetails\"":null,\""riskScore\"":\""medium\"",\""roles\"":[\""compromised\""],\""tags\"":[\""Test Machine\""],\""verdict\"":\""unknown\"",\""version\"":\""Other\"",\""vmMetadata\"":{\""cloudProvider\"":\""azure\"",\""resourceId\"":\""/subscriptions/8700d3a3-3bb7-4fbe-a090-488a1ad04161/resourceGroups/WdatpApi-EUS-STG/providers/Microsoft.Compute/virtualMachines/NirLaviTests\"",\""subscriptionId\"":\""8700d3a3-3bb7-4fbe-a090-488a1ad04161\"",\""vmId\"":\""ca1b0d41-5a3b-4d95-b48b-f220aed11d78\""}},{\""@odata.type\"":\""#microsoft.graph.security.fileEvidence\"",\""createdDateTime\"":\""2021-04-27T12:19:27.7211305Z\"",\""detectionStatus\"":\""detected\"",\""fileDetails\"":{\""fileName\"":\""MsSense.exe\"",\""filePath\"":\""C:\\\\Program Files\\\\temp\"",\""filePublisher\"":\""Microsoft Corporation\"",\""fileSize\"":6136392,\""issuer\"":null,\""sha1\"":\""5f1e8acedc065031aad553b710838eb366cfee9a\"",\""sha256\"":\""8963a19fb992ad9a76576c5638fd68292cffb9aaac29eb8285f9abf6196a7dec\"",\""signer\"":null},\""mdeDeviceId\"":\""73e7e2de709dff64ef64b1d0c30e67fab63279db\"",\""remediationStatus\"":\""none\"",\""remediationStatusDetails\"":null,\""roles\"":[],\""tags\"":[],\""verdict\"":\""unknown\""},{\""@odata.type\"":\""#microsoft.graph.security.processEvidence\"",\""createdDateTime\"":\""2021-04-27T12:19:27.7211305Z\"",\""detectionStatus\"":\""detected\"",\""imageFile\"":{\""fileName\"":\""MsSense.exe\"",\""filePath\"":\""C:\\\\Program Files\\\\temp\"",\""filePublisher\"":\""Microsoft Corporation\"",\""fileSize\"":6136392,\""issuer\"":null,\""sha1\"":\""5f1e8acedc065031aad553b710838eb366cfee9a\"",\""sha256\"":\""8963a19fb992ad9a76576c5638fd68292cffb9aaac29eb8285f9abf6196a7dec\"",\""signer\"":null},\""mdeDeviceId\"":\""73e7e2de709dff64ef64b1d0c30e67fab63279db\"",\""parentProcessCreationDateTime\"":\""2021-08-12T07:39:09.0909239Z\"",\""parentProcessId\"":668,\""parentProcessImageFile\"":{\""fileName\"":\""services.exe\"",\""filePath\"":\""C:\\\\Windows\\\\System32\"",\""filePublisher\"":\""Microsoft Corporation\"",\""fileSize\"":731744,\""issuer\"":null,\""sha1\"":null,\""sha256\"":null,\""signer\"":null},\""processCommandLine\"":\""\\\""MsSense.exe\\\""\"",\""processCreationDateTime\"":\""2021-08-12T12:43:19.0772577Z\"",\""processId\"":4780,\""remediationStatus\"":\""none\"",\""remediationStatusDetails\"":null,\""roles\"":[],\""tags\"":[],\""userAccount\"":{\""accountName\"":\""SYSTEM\"",\""azureAdUserId\"":null,\""domainName\"":\""NT AUTHORITY\"",\""userPrincipalName\"":null,\""userSid\"":\""S-1-5-18\""},\""verdict\"":\""unknown\""},{\""@odata.type\"":\""#microsoft.graph.security.registryKeyEvidence\"",\""createdDateTime\"":\""2021-04-27T12:19:27.7211305Z\"",\""registryHive\"":\""HKEY_LOCAL_MACHINE\"",\""registryKey\"":\""SYSTEM\\\\CONTROLSET001\\\\CONTROL\\\\WMI\\\\AUTOLOGGER\\\\SENSEAUDITLOGGER\"",\""remediationStatus\"":\""none\"",\""remediationStatusDetails\"":null,\""roles\"":[],\""tags\"":[],\""verdict\"":\""unknown\""}],\""firstActivityDateTime\"":\""2021-04-26T07:45:50.116Z\"",\""id\"":\""da637551227677560813_-961444813\"",\""incidentId\"":\""28282\"",\""incidentWebUrl\"":\""https://security.microsoft.com/incidents/28282?tid=b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c\"",\""lastActivityDateTime\"":\""2021-05-02T07:56:58.222Z\"",\""lastUpdateDateTime\"":\""2021-05-02T14:19:01.3266667Z\"",\""mitreTechniques\"":[\""T1564.001\""],\""providerAlertId\"":\""da637551227677560813_-961444813\"",\""recommendedActions\"":\""Collect artifacts and determine scope\\n\ufffd\\tReview the machine timeline for suspicious activities that may have occurred before and after the time of the alert, and record additional related artifacts (files, IPs/URLs) \\n\ufffd\\tLook for the presence of relevant artifacts on other systems. Identify commonalities and differences between potentially compromised systems.\\n\ufffd\\tSubmit relevant files for deep analysis and review resulting detailed behavioral information.\\n\ufffd\\tSubmit undetected files to the MMPC malware portal\\n\\nInitiate containment \\u0026 mitigation \\n\ufffd\\tContact the user to verify intent and initiate local remediation actions as needed.\\n\ufffd\\tUpdate AV signatures and run a full scan. The scan might reveal and remove previously-undetected malware components.\\n\ufffd\\tEnsure that the machine has the latest security updates. In particular, ensure that you have installed the latest software, web browser, and Operating System versions.\\n\ufffd\\tIf credential theft is suspected, reset all relevant users passwords.\\n\ufffd\\tBlock communication with relevant URLs or IPs at the organization\ufffds perimeter.\"",\""resolvedDateTime\"":null,\""serviceSource\"":\""microsoftDefenderForEndpoint\"",\""severity\"":\""low\"",\""status\"":\""new\"",\""tenantId\"":\""b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c\"",\""threatDisplayName\"":null,\""threatFamilyName\"":null,\""title\"":\""Suspicious execution of hidden file\""},\""assignedTo\"":\""KaiC@contoso.onmicrosoft.com\"",\""classification\"":\""truePositive\"",\""comments\"":[{\""comment\"":\""Demo incident\"",\""createdBy\"":\""DavidS@contoso.onmicrosoft.com\"",\""createdTime\"":\""2021-09-30T12:07:37.2756993Z\""}],\""createdDateTime\"":\""2021-08-13T08:43:35.5533333Z\"",\""determination\"":\""multiStagedAttack\"",\""displayName\"":\""Multi-stage incident involving Initial access \\u0026 Command and control on multiple endpoints reported by multiple sources\"",\""id\"":\""2972395\"",\""incidentWebUrl\"":\""https://security.microsoft.com/incidents/2972395?tid=12f988bf-16f1-11af-11ab-1d7cd011db47\"",\""lastUpdateDateTime\"":\""2021-09-30T09:35:45.1133333Z\"",\""redirectIncidentId\"":null,\""severity\"":\""medium\"",\""status\"":\""active\"",\""tags\"":[\""Demo\""],\""tenantId\"":\""b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c\""}"", ""provider"": ""microsoftDefenderForEndpoint"", ""severity"": 3, ""url"": ""https://security.microsoft.com/incidents/2972395?tid=12f988bf-16f1-11af-11ab-1d7cd011db47""}, ""file"": {""hash"": {""sha1"": [""5f1e8acedc065031aad553b710838eb366cfee9a""], ""sha256"": [""8963a19fb992ad9a76576c5638fd68292cffb9aaac29eb8285f9abf6196a7dec""]}, ""name"": [""MsSense.exe""], ""path"": [""C:\\Program Files\\temp""], ""size"": [6136392]}, ""host"": {""id"": [""73e7e2de709dff64ef64b1d0c30e67fab63279db""], ""os"": {""name"": [""Windows10""], ""version"": [""Other""]}}, ""input"": {""type"": ""httpjson""}, ""m365_defender"": {""incident"": {""alert"": {""alert_web_url"": {""domain"": ""security.microsoft.com"", ""original"": ""https://security.microsoft.com/alerts/da637551227677560813_-961444813?tid=b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c"", ""path"": ""/alerts/da637551227677560813_-961444813"", ""query"": ""tid=b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c"", ""scheme"": ""https""}, ""category"": ""DefenseEvasion"", ""classification"": ""unknown"", ""created_datetime"": ""2021-04-27T12:19:27.721Z"", ""description"": ""A hidden file has been launched. This activity could indicate a compromised host. Attackers often hide files associated with malicious tools to evade file system inspection and defenses."", ""detection_source"": ""antivirus"", ""detector_id"": ""e0da400f-affd-43ef-b1d5-afc2eb6f2756"", ""determination"": ""unknown"", ""evidence"": [{""created_datetime"": ""2021-04-27T12:19:27.721Z"", ""defender_av_status"": ""unknown"", ""device_dns_name"": ""tempDns"", ""first_seen_datetime"": ""2020-09-12T07:28:32.432Z"", ""health_status"": ""active"", ""mde_device_id"": ""73e7e2de709dff64ef64b1d0c30e67fab63279db"", ""odata_type"": ""#microsoft.graph.security.deviceEvidence"", ""onboarding_status"": ""onboarded"", ""os_build"": ""22424"", ""os_platform"": ""Windows10"", ""rbac_group"": {""id"": ""75"", ""name"": ""UnassignedGroup""}, ""remediation_status"": ""none"", ""risk_score"": ""medium"", ""roles"": [""compromised""], ""tags"": [""Test Machine""], ""verdict"": ""unknown"", ""version"": ""Other"", ""vm_metadata"": {""cloud_provider"": ""azure"", ""resource_id"": ""/subscriptions/8700d3a3-3bb7-4fbe-a090-488a1ad04161/resourceGroups/WdatpApi-EUS-STG/providers/Microsoft.Compute/virtualMachines/NirLaviTests"", ""subscription_id"": ""8700d3a3-3bb7-4fbe-a090-488a1ad04161"", ""vm_id"": ""ca1b0d41-5a3b-4d95-b48b-f220aed11d78""}}, {""created_datetime"": ""2021-04-27T12:19:27.721Z"", ""detection_status"": ""detected"", ""file_details"": {""name"": ""MsSense.exe"", ""path"": ""C:\\Program Files\\temp"", ""publisher"": ""Microsoft Corporation"", ""sha1"": ""5f1e8acedc065031aad553b710838eb366cfee9a"", ""sha256"": ""8963a19fb992ad9a76576c5638fd68292cffb9aaac29eb8285f9abf6196a7dec"", ""size"": 6136392}, ""mde_device_id"": ""73e7e2de709dff64ef64b1d0c30e67fab63279db"", ""odata_type"": ""#microsoft.graph.security.fileEvidence"", ""remediation_status"": ""none"", ""verdict"": ""unknown""}, {""created_datetime"": ""2021-04-27T12:19:27.721Z"", ""detection_status"": ""detected"", ""image_file"": {""name"": ""MsSense.exe"", ""path"": ""C:\\Program Files\\temp"", ""publisher"": ""Microsoft Corporation"", ""sha1"": ""5f1e8acedc065031aad553b710838eb366cfee9a"", ""sha256"": ""8963a19fb992ad9a76576c5638fd68292cffb9aaac29eb8285f9abf6196a7dec"", ""size"": 6136392}, ""mde_device_id"": ""73e7e2de709dff64ef64b1d0c30e67fab63279db"", ""odata_type"": ""#microsoft.graph.security.processEvidence"", ""parent_process"": {""creation_datetime"": ""2021-08-12T07:39:09.090Z"", ""id"": 668, ""image_file"": {""name"": ""services.exe"", ""path"": ""C:\\Windows\\System32"", ""publisher"": ""Microsoft Corporation"", ""size"": 731744}}, ""process"": {""command_line"": ""\""MsSense.exe\"""", ""creation_datetime"": ""2021-08-12T12:43:19.077Z"", ""id"": 4780}, ""remediation_status"": ""none"", ""user_account"": {""account_name"": ""SYSTEM"", ""domain_name"": ""NT AUTHORITY"", ""user_sid"": ""S-1-5-18""}, ""verdict"": ""unknown""}, {""created_datetime"": ""2021-04-27T12:19:27.721Z"", ""odata_type"": ""#microsoft.graph.security.registryKeyEvidence"", ""registry_hive"": ""HKEY_LOCAL_MACHINE"", ""registry_key"": ""SYSTEM\\CONTROLSET001\\CONTROL\\WMI\\AUTOLOGGER\\SENSEAUDITLOGGER"", ""remediation_status"": ""none"", ""verdict"": ""unknown""}], ""first_activity_datetime"": ""2021-04-26T07:45:50.116Z"", ""id"": ""da637551227677560813_-961444813"", ""incident_id"": ""28282"", ""incident_web_url"": {""domain"": ""security.microsoft.com"", ""original"": ""https://security.microsoft.com/incidents/28282?tid=b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c"", ""path"": ""/incidents/28282"", ""query"": ""tid=b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c"", ""scheme"": ""https""}, ""last_activity_datetime"": ""2021-05-02T07:56:58.222Z"", ""last_update_datetime"": ""2021-05-02T14:19:01.326Z"", ""mitre_techniques"": [""T1564.001""], ""provider_alert_id"": ""da637551227677560813_-961444813"", ""recommended_actions"": ""Collect artifacts and determine scope\n\ufffd\tReview the machine timeline for suspicious activities that may have occurred before and after the time of the alert, and record additional related artifacts (files, IPs/URLs) \n\ufffd\tLook for the presence of relevant artifacts on other systems. Identify commonalities and differences between potentially compromised systems.\n\ufffd\tSubmit relevant files for deep analysis and review resulting detailed behavioral information.\n\ufffd\tSubmit undetected files to the MMPC malware portal\n\nInitiate containment & mitigation \n\ufffd\tContact the user to verify intent and initiate local remediation actions as needed.\n\ufffd\tUpdate AV signatures and run a full scan. The scan might reveal and remove previously-undetected malware components.\n\ufffd\tEnsure that the machine has the latest security updates. In particular, ensure that you have installed the latest software, web browser, and Operating System versions.\n\ufffd\tIf credential theft is suspected, reset all relevant users passwords.\n\ufffd\tBlock communication with relevant URLs or IPs at the organization\ufffds perimeter."", ""service_source"": ""microsoftDefenderForEndpoint"", ""severity"": ""low"", ""status"": ""new"", ""tenant_id"": ""b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c"", ""title"": ""Suspicious execution of hidden file""}, ""assigned_to"": ""KaiC@contoso.onmicrosoft.com"", ""classification"": ""truePositive"", ""comments"": [{""comment"": ""Demo incident"", ""createdBy"": ""DavidS@contoso.onmicrosoft.com"", ""createdTime"": ""2021-09-30T12:07:37.2756993Z""}], ""created_datetime"": ""2021-08-13T08:43:35.553Z"", ""determination"": ""multiStagedAttack"", ""display_name"": ""Multi-stage incident involving Initial access & Command and control on multiple endpoints reported by multiple sources"", ""id"": ""2972395"", ""last_update_datetime"": ""2021-09-30T09:35:45.113Z"", ""odata_type"": ""#microsoft.graph.security.incident"", ""severity"": ""medium"", ""status"": ""active"", ""tags"": [""Demo""], ""tenant_id"": ""b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c"", ""web_url"": {""domain"": ""security.microsoft.com"", ""original"": ""https://security.microsoft.com/incidents/2972395?tid=12f988bf-16f1-11af-11ab-1d7cd011db47"", ""path"": ""/incidents/2972395"", ""query"": ""tid=12f988bf-16f1-11af-11ab-1d7cd011db47"", ""scheme"": ""https""}}}, ""message"": ""Multi-stage incident involving Initial access & Command and control on multiple endpoints reported by multiple sources"", ""process"": {""command_line"": [""\""MsSense.exe\""""], ""hash"": {""sha1"": [""5f1e8acedc065031aad553b710838eb366cfee9a""], ""sha256"": [""8963a19fb992ad9a76576c5638fd68292cffb9aaac29eb8285f9abf6196a7dec""]}, ""parent"": {""pid"": [668], ""start"": [""2021-08-12T07:39:09.090Z""]}, ""pid"": [4780], ""start"": [""2021-08-12T12:43:19.077Z""], ""user"": {""name"": [""SYSTEM""]}}, ""registry"": {""hive"": [""HKEY_LOCAL_MACHINE""], ""key"": [""SYSTEM\\CONTROLSET001\\CONTROL\\WMI\\AUTOLOGGER\\SENSEAUDITLOGGER""]}, ""related"": {""hash"": [""5f1e8acedc065031aad553b710838eb366cfee9a"", ""8963a19fb992ad9a76576c5638fd68292cffb9aaac29eb8285f9abf6196a7dec""], ""hosts"": [""tempDns"", ""NT AUTHORITY""], ""user"": [""KaiC@contoso.onmicrosoft.com"", ""DavidS@contoso.onmicrosoft.com"", ""SYSTEM"", ""S-1-5-18""]}, ""source"": {""user"": {""name"": ""KaiC@contoso.onmicrosoft.com""}}, ""tags"": [""preserve_original_event"", ""preserve_duplicate_custom_fields"", ""forwarded"", ""m365_defender-incident""], ""threat"": {""tactic"": {""name"": [""DefenseEvasion""]}, ""technique"": {""subtechnique"": {""id"": [""T1564.001""]}}}}"
Nagios XI,https://docs.elastic.co/integrations/nagios_xi,"{""@timestamp"": ""2022-03-16T07:02:41.000Z"", ""agent"": {""ephemeral_id"": ""51b119f6-cf3c-4fe1-ba07-4f8194106cda"", ""id"": ""98cccf9b-3d95-4b93-b4dc-472035898e0f"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.1.0""}, ""data_stream"": {""dataset"": ""nagios_xi.events"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.5.1""}, ""elastic_agent"": {""id"": ""98cccf9b-3d95-4b93-b4dc-472035898e0f"", ""snapshot"": false, ""version"": ""8.1.0""}, ""event"": {""agent_id_status"": ""verified"", ""created"": ""2022-05-09T07:14:09.873Z"", ""dataset"": ""nagios_xi.events"", ""ingested"": ""2022-05-09T07:14:10Z"", ""kind"": ""event"", ""module"": ""nagios_xi"", ""original"": ""{\""entry_time\"":\""2022-03-16 07:02:41\"",\""instance_id\"":\""1\"",\""logentry_data\"":\""Event broker module '/usr/local/nagios/bin/ndo.so' initialized successfully.\"",\""logentry_id\"":\""211261\"",\""logentry_type\"":\""262144\""}"", ""type"": ""info""}, ""input"": {""type"": ""httpjson""}, ""message"": ""Event broker module '/usr/local/nagios/bin/ndo.so' initialized successfully."", ""nagios_xi"": {""event"": {""entry_time"": ""2022-03-16T07:02:41.000Z"", ""instance_id"": 1, ""logentry"": {""id"": 211261, ""type"": 262144}}}, ""tags"": [""preserve_original_event"", ""forwarded"", ""nagios_xi-events""]}"
PingOne,https://docs.elastic.co/integrations/ping_one,"{""@timestamp"": ""2022-06-10T17:04:25.518Z"", ""agent"": {""ephemeral_id"": ""3ec0008f-3b03-448a-8617-f9798d15e68d"", ""hostname"": ""docker-fleet-agent"", ""id"": ""8e2910ec-3bb9-439a-90a1-acedb9847388"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""7.17.0""}, ""client"": {""user"": {""id"": ""830109c7-f8aa-491e-b2f2-8f7532ae85e9"", ""name"": ""RichardPatchetWorker""}}, ""data_stream"": {""dataset"": ""ping_one.audit"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""8e2910ec-3bb9-439a-90a1-acedb9847388"", ""snapshot"": false, ""version"": ""7.17.0""}, ""event"": {""action"": ""group.created"", ""agent_id_status"": ""verified"", ""category"": [""iam"", ""configuration""], ""created"": ""2022-10-03T07:21:04.317Z"", ""dataset"": ""ping_one.audit"", ""id"": ""2076da4e-81ae-4cf4-803a-4ccc16419bc9"", ""ingested"": ""2022-10-03T07:21:05Z"", ""kind"": ""event"", ""original"": ""{\""_links\"":{\""self\"":{\""href\"":\""https://api.pingone.com/v1/environments/bf4cb8b8-33e9-4576-8d70-c0ab679fe0fa/activities/2076da4e-81ae-4cf4-803a-4ccc16419bc9\""}},\""action\"":{\""description\"":\""Group Created\"",\""type\"":\""GROUP.CREATED\""},\""actors\"":{\""client\"":{\""environment\"":{\""id\"":\""bf4cb8b8-33e9-4576-8d70-c0ab679fe0fa\""},\""href\"":\""https://api.pingone.com/v1/environments/bf4cb8b8-33e9-4576-8d70-c0ab679fe0fa/applications/830109c7-f8aa-491e-b2f2-8f7532ae85e9\"",\""id\"":\""830109c7-f8aa-491e-b2f2-8f7532ae85e9\"",\""name\"":\""RichardPatchetWorker\"",\""type\"":\""CLIENT\""}},\""correlationId\"":\""28b1f3ca-2ab6-4cc0-b33f-50153c7c9c14\"",\""createdAt\"":\""2022-06-10T17:04:25.534Z\"",\""id\"":\""2076da4e-81ae-4cf4-803a-4ccc16419bc9\"",\""recordedAt\"":\""2022-06-10T17:04:25.518Z\"",\""resources\"":[{\""environment\"":{\""id\"":\""bf4cb8b8-33e9-4576-8d70-c0ab679fe0fa\""},\""href\"":\""https://api.pingone.com/v1/environments/bf4cb8b8-33e9-4576-8d70-c0ab679fe0fa/groups/ac05e3ff-60e2-4e03-bbac-f9455e6a6d51\"",\""id\"":\""ac05e3ff-60e2-4e03-bbac-f9455e6a6d51\"",\""name\"":\""Managers\"",\""type\"":\""GROUP\""}],\""result\"":{\""description\"":\""Created Group Managers\"",\""status\"":\""SUCCESS\""}}"", ""outcome"": ""success"", ""type"": [""creation"", ""group""]}, ""input"": {""type"": ""httpjson""}, ""ping_one"": {""audit"": {""action"": {""description"": ""Group Created"", ""type"": ""GROUP.CREATED""}, ""actors"": {""client"": {""environment"": {""id"": ""bf4cb8b8-33e9-4576-8d70-c0ab679fe0fa""}, ""href"": ""https://api.pingone.com/v1/environments/bf4cb8b8-33e9-4576-8d70-c0ab679fe0fa/applications/830109c7-f8aa-491e-b2f2-8f7532ae85e9"", ""id"": ""830109c7-f8aa-491e-b2f2-8f7532ae85e9"", ""name"": ""RichardPatchetWorker"", ""type"": ""CLIENT""}}, ""correlation"": {""id"": ""28b1f3ca-2ab6-4cc0-b33f-50153c7c9c14""}, ""created_at"": ""2022-06-10T17:04:25.534Z"", ""id"": ""2076da4e-81ae-4cf4-803a-4ccc16419bc9"", ""recorded_at"": ""2022-06-10T17:04:25.518Z"", ""resources"": [{""environment"": {""id"": ""bf4cb8b8-33e9-4576-8d70-c0ab679fe0fa""}, ""href"": ""https://api.pingone.com/v1/environments/bf4cb8b8-33e9-4576-8d70-c0ab679fe0fa/groups/ac05e3ff-60e2-4e03-bbac-f9455e6a6d51"", ""id"": ""ac05e3ff-60e2-4e03-bbac-f9455e6a6d51"", ""name"": ""Managers"", ""type"": ""GROUP""}], ""result"": {""description"": ""Created Group Managers"", ""status"": ""SUCCESS""}}}, ""related"": {""user"": [""830109c7-f8aa-491e-b2f2-8f7532ae85e9"", ""RichardPatchetWorker""]}, ""tags"": [""preserve_original_event"", ""preserve_duplicate_custom_fields"", ""forwarded"", ""ping_one-audit""], ""url"": {""domain"": ""api.pingone.com"", ""original"": ""https://api.pingone.com/v1/environments/bf4cb8b8-33e9-4576-8d70-c0ab679fe0fa/groups/ac05e3ff-60e2-4e03-bbac-f9455e6a6d51"", ""path"": ""/v1/environments/bf4cb8b8-33e9-4576-8d70-c0ab679fe0fa/groups/ac05e3ff-60e2-4e03-bbac-f9455e6a6d51"", ""scheme"": ""https""}}"
Platform Observability,https://docs.elastic.co/integrations/platform_observability,"{""event"": {""action"": ""http_request"", ""category"": [""web""], ""outcome"": ""unknown""}, ""http"": {""request"": {""method"": ""get""}}, ""url"": {""domain"": ""localhost"", ""path"": ""/internal/security/session"", ""port"": 5601, ""scheme"": ""http""}, ""user"": {""name"": ""elastic"", ""roles"": [""superuser""]}, ""kibana"": {""space_id"": ""default"", ""session_id"": ""ccZ0sbxrmmJwo+/y2Mn1tmGIrKOuZYaF8voUh0SkA/k=""}, ""trace"": {""id"": ""1c8c5808-d2d6-41fc-8cb7-998aa8996be9""}, ""ecs"": {""version"": ""8.0.0""}, ""@timestamp"": ""2022-06-29T12:05:03.742+00:00"", ""message"": ""User is requesting [/internal/security/session] endpoint"", ""log"": {""level"": ""INFO"", ""logger"": ""plugins.security.audit.ecs""}, ""process"": {""pid"": 7}, ""transaction"": {""id"": ""f8863d86567119e6""}}"
Proofpoint TAP,https://docs.elastic.co/integrations/proofpoint_tap,"{""@timestamp"": ""2022-03-30T10:11:12.000Z"", ""agent"": {""ephemeral_id"": ""e1f6ec70-06b8-4d4b-829f-03000950c530"", ""id"": ""19f05486-b68d-449a-9bdd-1493d2f3b55d"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.4.0""}, ""data_stream"": {""dataset"": ""proofpoint_tap.clicks_blocked"", ""namespace"": ""ep"", ""type"": ""logs""}, ""destination"": {""as"": {""number"": 29518, ""organization"": {""name"": ""Bredband2 AB""}}, ""geo"": {""city_name"": ""Link\u00f6ping"", ""continent_name"": ""Europe"", ""country_iso_code"": ""SE"", ""country_name"": ""Sweden"", ""location"": {""lat"": 58.4167, ""lon"": 15.6167}, ""region_iso_code"": ""SE-E"", ""region_name"": ""\u00d6sterg\u00f6tland County""}, ""ip"": ""89.160.20.112""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""19f05486-b68d-449a-9bdd-1493d2f3b55d"", ""snapshot"": false, ""version"": ""8.4.0""}, ""email"": {""from"": {""address"": ""abc123@example.com""}, ""message_id"": ""12345678912345.12345.mail@example.com"", ""to"": {""address"": ""9c52aa64228824247c48df69b066e5a7@example.com""}}, ""event"": {""agent_id_status"": ""verified"", ""category"": [""email""], ""created"": ""2022-11-04T13:46:30.114Z"", ""dataset"": ""proofpoint_tap.clicks_blocked"", ""id"": ""a5c9f8bb-1234-1234-1234-dx9xxx2xx9xxx"", ""ingested"": ""2022-11-04T13:46:33Z"", ""kind"": ""event"", ""original"": ""{\""GUID\"":\""ZcxxxxVxyxFxyxLxxxDxVxx4xxxxx\"",\""campaignId\"":\""46x01x8x-x899-404x-xxx9-111xx393d1x7\"",\""classification\"":\""malware\"",\""clickIP\"":\""89.160.20.112\"",\""clickTime\"":\""2022-03-30T10:11:12.000Z\"",\""id\"":\""a5c9f8bb-1234-1234-1234-dx9xxx2xx9xxx\"",\""messageID\"":\""12345678912345.12345.mail@example.com\"",\""recipient\"":\""9c52aa64228824247c48df69b066e5a7@example.com\"",\""sender\"":\""abc123@example.com\"",\""senderIP\"":\""81.2.69.143\"",\""threatID\"":\""502b7xxxx0x5x1x3xb6xcxexbxxxxxxxcxxexc6xbxxxxxxdx7fxcx6x9xxxx9xdxxxxxxxx5f\"",\""threatStatus\"":\""active\"",\""threatTime\"":\""2022-03-21T14:40:31.000Z\"",\""threatURL\"":\""https://threatinsight.proofpoint.com/a2abc123-1234-1234-1234-babcded1234/threat/email/502xxxxxxxxxcebxxxxxxxxxxa04277xxxxx5dxc6xxxxxxxxx5f\"",\""url\"":\""https://www.example.com/abcdabcd123?query=0\"",\""userAgent\"":\""Mozilla/5.0 (iPhone; CPU iPhone OS 14_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/199.0.427504638 Mobile/15E148 Safari/604.1\""}"", ""type"": [""denied""]}, ""input"": {""type"": ""httpjson""}, ""proofpoint_tap"": {""clicks_blocked"": {""campaign_id"": ""46x01x8x-x899-404x-xxx9-111xx393d1x7"", ""classification"": ""malware"", ""threat"": {""id"": ""502b7xxxx0x5x1x3xb6xcxexbxxxxxxxcxxexc6xbxxxxxxdx7fxcx6x9xxxx9xdxxxxxxxx5f"", ""status"": ""active"", ""time"": ""2022-03-21T14:40:31.000Z"", ""url"": ""https://threatinsight.proofpoint.com/a2abc123-1234-1234-1234-babcded1234/threat/email/502xxxxxxxxxcebxxxxxxxxxxa04277xxxxx5dxc6xxxxxxxxx5f""}}, ""guid"": ""ZcxxxxVxyxFxyxLxxxDxVxx4xxxxx""}, ""related"": {""ip"": [""81.2.69.143"", ""89.160.20.112""]}, ""source"": {""ip"": ""81.2.69.143""}, ""tags"": [""preserve_original_event"", ""forwarded"", ""proofpoint_tap-clicks_blocked""], ""url"": {""domain"": ""www.example.com"", ""full"": ""https://www.example.com/abcdabcd123?query=0"", ""path"": ""/abcdabcd123"", ""query"": ""query=0"", ""scheme"": ""https""}, ""user_agent"": {""device"": {""name"": ""iPhone""}, ""name"": ""Google"", ""original"": ""Mozilla/5.0 (iPhone; CPU iPhone OS 14_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/199.0.427504638 Mobile/15E148 Safari/604.1"", ""os"": {""full"": ""iOS 14.6"", ""name"": ""iOS"", ""version"": ""14.6""}, ""version"": ""199.0.427504638""}}"
Pulse Connect Secure,https://docs.elastic.co/integrations/pulse_connect_secure,"{""@timestamp"": ""2021-10-19T09:10:35.000+02:00"", ""agent"": {""ephemeral_id"": ""48b94170-8de9-42a4-8608-50484a347a6a"", ""id"": ""584f3aea-648c-4e58-aba4-32b8f88d4396"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.0.0-beta1""}, ""client"": {""address"": ""89.160.20.156"", ""as"": {""number"": 29518, ""organization"": {""name"": ""Bredband2 AB""}}, ""geo"": {""city_name"": ""Link\u00f6ping"", ""continent_name"": ""Europe"", ""country_iso_code"": ""SE"", ""country_name"": ""Sweden"", ""location"": {""lat"": 58.4167, ""lon"": 15.6167}, ""region_iso_code"": ""SE-E"", ""region_name"": ""\u00d6sterg\u00f6tland County""}, ""ip"": ""89.160.20.156""}, ""data_stream"": {""dataset"": ""pulse_connect_secure.log"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""584f3aea-648c-4e58-aba4-32b8f88d4396"", ""snapshot"": false, ""version"": ""8.0.0-beta1""}, ""event"": {""agent_id_status"": ""verified"", ""category"": ""network"", ""created"": ""2021-10-19T09:10:35.000+02:00"", ""dataset"": ""pulse_connect_secure.log"", ""ingested"": ""2022-02-03T09:39:02Z"", ""kind"": ""event"", ""original"": ""Oct 19 09:10:35 pcs-node1 1 2021-10-19T09:10:35+02:00 10.5.2.3 PulseSecure: - - - 2021-10-19 09:10:35 - pcs-node1 - [89.160.20.156] user.name(REALM)[REALM_ROLES] - Agent login succeeded for user.name/REALM (session:sid74fa8e00ca601280318287f67dfaee7cc6da40db0be6ac75) from 89.160.20.156 with Pulse-Secure/9.1.13.11723 (Windows 10) Pulse/9.1.13.11723.\n"", ""outcome"": ""success"", ""timezone"": ""+02:00""}, ""host"": {""hostname"": ""pcs-node1""}, ""input"": {""type"": ""udp""}, ""log"": {""source"": {""address"": ""172.19.0.7:51695""}}, ""message"": ""Agent login succeeded for user.name/REALM (session:sid74fa8e00ca601280318287f67dfaee7cc6da40db0be6ac75) from 89.160.20.156 with Pulse-Secure/9.1.13.11723 (Windows 10) Pulse/9.1.13.11723."", ""observer"": {""ip"": ""10.5.2.3"", ""name"": ""pcs-node1"", ""product"": ""Pulse Secure Connect"", ""type"": ""vpn"", ""vendor"": ""Pulse Secure""}, ""pulse_secure"": {""realm"": ""REALM"", ""role"": ""REALM_ROLES"", ""session"": {""id"": ""sid74fa8e00ca601280318287f67dfaee7cc6da40db0be6ac75""}}, ""source"": {""address"": ""89.160.20.156"", ""as"": {""number"": 29518, ""organization"": {""name"": ""Bredband2 AB""}}, ""geo"": {""city_name"": ""Link\u00f6ping"", ""continent_name"": ""Europe"", ""country_iso_code"": ""SE"", ""country_name"": ""Sweden"", ""location"": {""lat"": 58.4167, ""lon"": 15.6167}, ""region_iso_code"": ""SE-E"", ""region_name"": ""\u00d6sterg\u00f6tland County""}, ""ip"": ""89.160.20.156""}, ""tags"": [""preserve_original_event"", ""forwarded"", ""pulse_connect_secure-log""], ""user"": {""name"": ""user.name""}, ""user_agent"": {""device"": {""name"": ""Other""}, ""name"": ""Other"", ""original"": ""Pulse-Secure/9.1.13.11723 (Windows 10) Pulse/9.1.13.11723"", ""os"": {""full"": ""Windows 10"", ""name"": ""Windows"", ""version"": ""10""}}}"
SonicWall Firewall,https://docs.elastic.co/integrations/sonicwall_firewall,"{""@timestamp"": ""2022-05-16T08:18:39.000+02:00"", ""agent"": {""ephemeral_id"": ""6cc3228b-d89c-4104-b750-d9cb44ed5513"", ""id"": ""08a5caf6-a717-4f5f-90e2-0f4eb7c59b00"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.2.0""}, ""data_stream"": {""dataset"": ""sonicwall_firewall.log"", ""namespace"": ""ep"", ""type"": ""logs""}, ""destination"": {""geo"": {""city_name"": ""London"", ""continent_name"": ""Europe"", ""country_iso_code"": ""GB"", ""country_name"": ""United Kingdom"", ""location"": {""lat"": 51.5142, ""lon"": -0.0931}, ""region_iso_code"": ""GB-ENG"", ""region_name"": ""England""}, ""ip"": ""81.2.69.193"", ""mac"": ""00-17-C5-30-F9-D9"", ""port"": 64889}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""08a5caf6-a717-4f5f-90e2-0f4eb7c59b00"", ""snapshot"": false, ""version"": ""8.2.0""}, ""event"": {""action"": ""connection-denied"", ""agent_id_status"": ""verified"", ""category"": [""network""], ""code"": ""713"", ""dataset"": ""sonicwall_firewall.log"", ""ingested"": ""2022-05-23T13:47:58Z"", ""kind"": ""event"", ""outcome"": ""success"", ""sequence"": ""692"", ""severity"": ""7"", ""timezone"": ""+02:00"", ""type"": [""connection"", ""denied""]}, ""input"": {""type"": ""udp""}, ""log"": {""level"": ""debug"", ""source"": {""address"": ""172.24.0.4:47831""}}, ""message"": ""\ufffd (TCP Flag(s): RST)"", ""network"": {""bytes"": 46, ""protocol"": ""https"", ""transport"": ""tcp""}, ""observer"": {""egress"": {""interface"": {""name"": ""X1""}, ""zone"": ""Untrusted""}, ""ingress"": {""interface"": {""name"": ""X1""}, ""zone"": ""Untrusted""}, ""ip"": ""10.0.0.96"", ""name"": ""firewall"", ""product"": ""SonicOS"", ""serial_number"": ""0040103CE114"", ""type"": ""firewall"", ""vendor"": ""SonicWall""}, ""related"": {""ip"": [""10.0.0.96"", ""81.2.69.193""], ""user"": [""admin""]}, ""rule"": {""id"": ""15 (WAN->WAN)""}, ""sonicwall"": {""firewall"": {""app"": ""12"", ""event_group_category"": ""Firewall Settings"", ""gcat"": ""6"", ""sess"": ""Web""}}, ""source"": {""bytes"": 46, ""ip"": ""10.0.0.96"", ""mac"": ""00-06-B1-DD-4F-D4"", ""port"": 443}, ""tags"": [""sonicwall-firewall"", ""forwarded""], ""user"": {""name"": ""admin""}}"
Spring Boot,https://docs.elastic.co/integrations/spring_boot,"{""@timestamp"": ""2022-08-05T09:30:10.644Z"", ""agent"": {""ephemeral_id"": ""575ffec5-bd74-4689-8baa-8486735193f3"", ""id"": ""3ab22ca1-4caf-465f-8789-2a45a81ed9b1"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.1.0""}, ""data_stream"": {""dataset"": ""spring_boot.audit_events"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.5.1""}, ""elastic_agent"": {""id"": ""3ab22ca1-4caf-465f-8789-2a45a81ed9b1"", ""snapshot"": false, ""version"": ""8.1.0""}, ""event"": {""agent_id_status"": ""verified"", ""category"": ""web"", ""created"": ""2022-08-05T09:30:10.644Z"", ""dataset"": ""spring_boot.audit_events"", ""ingested"": ""2022-08-05T09:30:14Z"", ""kind"": ""event"", ""module"": ""spring_boot"", ""type"": ""info""}, ""host"": {""architecture"": ""x86_64"", ""containerized"": true, ""hostname"": ""docker-fleet-agent"", ""ip"": [""192.168.112.5""], ""mac"": [""02:42:c0:a8:70:05""], ""name"": ""docker-fleet-agent"", ""os"": {""codename"": ""focal"", ""family"": ""debian"", ""kernel"": ""3.10.0-1160.71.1.el7.x86_64"", ""name"": ""Ubuntu"", ""platform"": ""ubuntu"", ""type"": ""linux"", ""version"": ""20.04.4 LTS (Focal Fossa)""}}, ""spring_boot"": {""audit_events"": {""data"": {""remote_address"": ""192.168.144.2""}, ""principal"": ""actuator"", ""type"": ""AUTHENTICATION_SUCCESS""}}, ""tags"": [""spring_boot.audit_events.metrics""]}"
Sysmon for Linux,https://docs.elastic.co/integrations/sysmon_linux,"{""@timestamp"": ""2022-10-24T17:05:31.000Z"", ""agent"": {""ephemeral_id"": ""0ccb5087-29e5-4a64-a028-e51e06c2d944"", ""id"": ""af423af4-492e-4074-bae6-f31a40d3fd91"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.5.0""}, ""data_stream"": {""dataset"": ""sysmon_linux.log"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.5.0""}, ""elastic_agent"": {""id"": ""af423af4-492e-4074-bae6-f31a40d3fd91"", ""snapshot"": false, ""version"": ""8.5.0""}, ""event"": {""action"": ""log"", ""agent_id_status"": ""verified"", ""dataset"": ""sysmon_linux.log"", ""ingested"": ""2022-12-08T10:33:50Z"", ""kind"": ""event"", ""timezone"": ""+00:00""}, ""host"": {""architecture"": ""x86_64"", ""containerized"": false, ""hostname"": ""docker-fleet-agent"", ""id"": ""66392b0697b84641af8006d87aeb89f1"", ""ip"": [""192.168.48.7""], ""mac"": [""02-42-C0-A8-30-07""], ""name"": ""docker-fleet-agent"", ""os"": {""codename"": ""focal"", ""family"": ""debian"", ""kernel"": ""5.10.104-linuxkit"", ""name"": ""Ubuntu"", ""platform"": ""ubuntu"", ""type"": ""linux"", ""version"": ""20.04.5 LTS (Focal Fossa)""}}, ""input"": {""type"": ""filestream""}, ""log"": {""file"": {""path"": ""/tmp/service_logs/sysmon.log""}, ""offset"": 0}, ""message"": ""Sysmon v1.0.0 - Monitors system events"", ""process"": {""name"": ""sysmon"", ""pid"": 3041}}"
Trend Micro Vision One,https://docs.elastic.co/integrations/trend_micro_vision_one,"{""@timestamp"": ""2030-04-30T00:01:16.000Z"", ""agent"": {""ephemeral_id"": ""866cfa51-4f51-436a-8e64-6075e4fc5940"", ""id"": ""6d1daf8c-cf74-431d-829c-3dedd9bd2ced"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.4.0""}, ""data_stream"": {""dataset"": ""trend_micro_vision_one.alert"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""6d1daf8c-cf74-431d-829c-3dedd9bd2ced"", ""snapshot"": false, ""version"": ""8.4.0""}, ""event"": {""agent_id_status"": ""verified"", ""category"": [""email""], ""created"": ""2022-12-05T12:05:45.098Z"", ""dataset"": ""trend_micro_vision_one.alert"", ""id"": ""WB-9002-20200427-0002"", ""ingested"": ""2022-12-05T12:05:48Z"", ""kind"": ""alert"", ""original"": ""{\""alertProvider\"":\""SAE\"",\""createdDateTime\"":\""2020-04-30T00:01:15Z\"",\""description\"":\""A backdoor was possibly implanted after a user received a possible spear phishing email message.\"",\""id\"":\""WB-9002-20200427-0002\"",\""impactScope\"":{\""accountCount\"":0,\""desktopCount\"":0,\""emailAddressCount\"":0,\""entities\"":[{\""entityId\"":\""5257b401-2fd7-469c-94fa-39a4f11eb925\"",\""entityType\"":\""host\"",\""entityValue\"":\""user@email.com\"",\""provenance\"":[\""Alert\""],\""relatedEntities\"":[\""CODERED\\\\\\\\user\""],\""relatedIndicatorIds\"":[1]}],\""serverCount\"":0},\""indicators\"":[{\""field\"":\""request url\"",\""filterIds\"":[\""f862df72-7f5e-4b2b-9f7f-9148e875f908\""],\""id\"":1,\""provenance\"":[\""Alert\""],\""relatedEntities\"":[\""user@example.com\""],\""type\"":\""url\"",\""value\"":\""http://www.example.com/ab001.zip\""}],\""investigationStatus\"":\""New\"",\""matchedRules\"":[{\""id\"":\""5f52d1f1-53e7-411a-b74f-745ee81fa30b\"",\""matchedFilters\"":[{\""id\"":\""ccf86fc1-688f-4131-a46f-1d7a6ee2f88e\"",\""matchedDateTime\"":\""2019-08-02T04:00:01Z\"",\""matchedEvents\"":[{\""matchedDateTime\"":\""2019-08-02T04:00:01Z\"",\""type\"":\""TELEMETRY_REGISTRY\"",\""uuid\"":\""fa9ff47c-e1b8-459e-a3d0-a5b104b854a5\""}],\""mitreTechniqueIds\"":[\""T1192\""],\""name\"":\""(T1192) Spearphishing Link\""}],\""name\"":\""Possible SpearPhishing Email\""}],\""model\"":\""Possible APT Attack\"",\""schemaVersion\"":\""1.0\"",\""score\"":63,\""severity\"":\""critical\"",\""updatedDateTime\"":\""2030-04-30T00:01:16Z\"",\""workbenchLink\"":\""https://THE_WORKBENCH_URL\""}"", ""severity"": 63, ""type"": [""info""]}, ""input"": {""type"": ""httpjson""}, ""log"": {""level"": ""critical""}, ""tags"": [""preserve_original_event"", ""preserve_duplicate_custom_fields"", ""forwarded"", ""trend_micro_vision_one-alert""], ""trend_micro_vision_one"": {""alert"": {""alert_provider"": ""SAE"", ""created_date"": ""2020-04-30T00:01:15.000Z"", ""description"": ""A backdoor was possibly implanted after a user received a possible spear phishing email message."", ""id"": ""WB-9002-20200427-0002"", ""impact_scope"": {""account_count"": 0, ""desktop_count"": 0, ""email_address_count"": 0, ""entities"": [{""id"": ""5257b401-2fd7-469c-94fa-39a4f11eb925"", ""provenance"": [""Alert""], ""related_entities"": [""CODERED\\\\user""], ""related_indicator_id"": [1], ""type"": ""host"", ""value"": {""account_value"": ""user@email.com""}}], ""server_count"": 0}, ""indicators"": [{""field"": ""request url"", ""filter_id"": [""f862df72-7f5e-4b2b-9f7f-9148e875f908""], ""id"": 1, ""provenance"": [""Alert""], ""related_entities"": [""user@example.com""], ""type"": ""url"", ""value"": ""http://www.example.com/ab001.zip""}], ""investigation_status"": ""New"", ""matched_rule"": [{""filter"": [{""date"": ""2019-08-02T04:00:01.000Z"", ""events"": [{""date"": ""2019-08-02T04:00:01.000Z"", ""type"": ""TELEMETRY_REGISTRY"", ""uuid"": ""fa9ff47c-e1b8-459e-a3d0-a5b104b854a5""}], ""id"": ""ccf86fc1-688f-4131-a46f-1d7a6ee2f88e"", ""mitre_technique_id"": [""T1192""], ""name"": ""(T1192) Spearphishing Link""}], ""id"": ""5f52d1f1-53e7-411a-b74f-745ee81fa30b"", ""name"": ""Possible SpearPhishing Email""}], ""model"": ""Possible APT Attack"", ""schema_version"": ""1.0"", ""score"": 63, ""severity"": ""critical"", ""workbench_link"": ""https://THE_WORKBENCH_URL""}}, ""url"": {""original"": ""https://THE_WORKBENCH_URL"", ""scheme"": ""https""}}"
VMware Carbon Black Cloud,https://docs.elastic.co/integrations/carbon_black_cloud,"{""@timestamp"": ""2022-02-10T16:04:30.263Z"", ""agent"": {""ephemeral_id"": ""6e44cfec-4990-4784-a5c5-5d5954dd12e3"", ""id"": ""d25950db-7f14-44a1-8b37-581c2fe716ba"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""8.4.1""}, ""carbon_black_cloud"": {""audit"": {""flagged"": false, ""verbose"": false}}, ""client"": {""ip"": ""10.10.10.10"", ""user"": {""id"": ""abc@demo.com""}}, ""data_stream"": {""dataset"": ""carbon_black_cloud.audit"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""d25950db-7f14-44a1-8b37-581c2fe716ba"", ""snapshot"": false, ""version"": ""8.4.1""}, ""event"": {""agent_id_status"": ""verified"", ""created"": ""2022-11-16T09:32:58.943Z"", ""dataset"": ""carbon_black_cloud.audit"", ""id"": ""2122f8ce8xxxxxxxxxxxxx"", ""ingested"": ""2022-11-16T09:33:02Z"", ""kind"": ""event"", ""original"": ""{\""clientIp\"":\""10.10.10.10\"",\""description\"":\""Logged in successfully\"",\""eventId\"":\""2122f8ce8xxxxxxxxxxxxx\"",\""eventTime\"":1644509070263,\""flagged\"":false,\""loginName\"":\""abc@demo.com\"",\""orgName\"":\""cb-xxxx-xxxx.com\"",\""requestUrl\"":null,\""verbose\"":false}"", ""outcome"": ""success"", ""reason"": ""Logged in successfully""}, ""input"": {""type"": ""httpjson""}, ""organization"": {""name"": ""cb-xxxx-xxxx.com""}, ""related"": {""ip"": [""10.10.10.10""]}, ""tags"": [""preserve_original_event"", ""forwarded"", ""carbon_black_cloud-audit""]}"
WebSphere Application Server,https://docs.elastic.co/integrations/websphere_application_server,"{""@timestamp"": ""2022-05-19T13:33:01.029Z"", ""agent"": {""ephemeral_id"": ""7fca7599-6641-4340-ab44-e026d1b4935a"", ""id"": ""a0386d69-0749-44b4-8487-9b92e66852a1"", ""name"": ""docker-fleet-agent"", ""type"": ""metricbeat"", ""version"": ""8.2.0""}, ""data_stream"": {""dataset"": ""websphere_application_server.jdbc"", ""namespace"": ""ep"", ""type"": ""metrics""}, ""ecs"": {""version"": ""8.5.1""}, ""elastic_agent"": {""id"": ""a0386d69-0749-44b4-8487-9b92e66852a1"", ""snapshot"": false, ""version"": ""8.2.0""}, ""event"": {""agent_id_status"": ""verified"", ""category"": ""web"", ""dataset"": ""websphere_application_server.jdbc"", ""duration"": 364066933, ""ingested"": ""2022-05-19T13:33:04Z"", ""kind"": ""metric"", ""module"": ""websphere_application_server"", ""type"": ""info""}, ""host"": {""architecture"": ""x86_64"", ""containerized"": true, ""hostname"": ""docker-fleet-agent"", ""ip"": [""172.31.0.5""], ""mac"": [""02:42:ac:1f:00:05""], ""name"": ""docker-fleet-agent"", ""os"": {""codename"": ""focal"", ""family"": ""debian"", ""kernel"": ""3.10.0-1160.45.1.el7.x86_64"", ""name"": ""Ubuntu"", ""platform"": ""ubuntu"", ""type"": ""linux"", ""version"": ""20.04.4 LTS (Focal Fossa)""}}, ""metricset"": {""name"": ""collector"", ""period"": 60000}, ""server"": {""address"": ""elastic-package-service_websphere_application_server_1:9080""}, ""service"": {""address"": ""http://elastic-package-service_websphere_application_server_1:9080/metrics"", ""type"": ""prometheus""}, ""tags"": [""forwarded"", ""websphere_application_server-jdbc"", ""prometheus""], ""websphere_application_server"": {""jdbc"": {""connection"": {""allocated"": 0, ""closed"": 0, ""created"": 0, ""free"": 0, ""handles"": 0, ""managed"": 0, ""returned"": 0, ""total"": {""fault"": 0, ""in_use"": 0, ""seconds_in_use"": 0, ""wait"": 0, ""wait_seconds"": 0}, ""waiting_threads"": 0}, ""data_source"": ""jms/built-in-jms-connectionfactory"", ""percent_used"": 0, ""pool_size"": 0}}}"
Zscaler Private Access,https://docs.elastic.co/integrations/zscaler_zpa,"{""@timestamp"": ""2019-07-03T05:17:22.000Z"", ""agent"": {""ephemeral_id"": ""3822f64e-da38-4bc8-ba94-142dfb616687"", ""hostname"": ""docker-fleet-agent"", ""id"": ""bd852834-2771-4c96-b2b6-2b6de67a2c01"", ""name"": ""docker-fleet-agent"", ""type"": ""filebeat"", ""version"": ""7.16.2""}, ""client"": {""nat"": {""ip"": ""10.0.0.1""}}, ""data_stream"": {""dataset"": ""zscaler_zpa.app_connector_status"", ""namespace"": ""ep"", ""type"": ""logs""}, ""ecs"": {""version"": ""8.6.0""}, ""elastic_agent"": {""id"": ""bd852834-2771-4c96-b2b6-2b6de67a2c01"", ""snapshot"": false, ""version"": ""7.16.2""}, ""event"": {""agent_id_status"": ""verified"", ""category"": [""package""], ""dataset"": ""zscaler_zpa.app_connector_status"", ""ingested"": ""2022-11-10T07:09:35Z"", ""kind"": ""event"", ""original"": ""{\""LogTimestamp\"":\""Wed Jul 3 05:17:22 2019\"",\""Customer\"":\""Customer Name\"",\""SessionID\"":\""8A64Qwj9zCkfYDGJVoUZ\"",\""SessionType\"":\""ZPN_ASSISTANT_BROKER_CONTROL\"",\""SessionStatus\"":\""ZPN_STATUS_AUTHENTICATED\"",\""Version\"":\""19.20.3\"",\""Platform\"":\""el7\"",\""ZEN\"":\""US-NY-8179\"",\""Connector\"":\""Some App Connector\"",\""ConnectorGroup\"":\""Some App Connector Group\"",\""PrivateIP\"":\""10.0.0.4\"",\""PublicIP\"":\""0.0.0.0\"",\""Latitude\"":47,\""Longitude\"":-122,\""CountryCode\"":\""\"",\""TimestampAuthentication\"":\""2019-06-27T05:05:23.348Z\"",\""TimestampUnAuthentication\"":\""\"",\""CPUUtilization\"":1,\""MemUtilization\"":20,\""ServiceCount\"":2,\""InterfaceDefRoute\"":\""eth0\"",\""DefRouteGW\"":\""10.0.0.1\"",\""PrimaryDNSResolver\"":\""168.63.129.16\"",\""HostStartTime\"":\""1513229995\"",\""HostUpTime\"":\""1513229995\"",\""ConnectorUpTime\"":\""1555920005\"",\""ConnectorStartTime\"":\""1555920005\"",\""NumOfInterfaces\"":2,\""BytesRxInterface\"":319831966346,\""PacketsRxInterface\"":1617569938,\""ErrorsRxInterface\"":0,\""DiscardsRxInterface\"":0,\""BytesTxInterface\"":192958782635,\""PacketsTxInterface\"":1797471190,\""ErrorsTxInterface\"":0,\""DiscardsTxInterface\"":0,\""TotalBytesRx\"":10902554,\""TotalBytesTx\"":48931771}"", ""type"": [""info""]}, ""host"": {""cpu"": {""usage"": 1}, ""network"": {""egress"": {""bytes"": 48931771}, ""ingress"": {""bytes"": 10902554}}}, ""input"": {""type"": ""tcp""}, ""log"": {""source"": {""address"": ""192.168.64.5:34894""}}, ""observer"": {""geo"": {""location"": {""lat"": 47, ""lon"": -122}}, ""ip"": ""0.0.0.0"", ""os"": {""platform"": ""el7""}, ""type"": ""forwarder"", ""version"": ""19.20.3""}, ""organization"": {""name"": ""Customer Name""}, ""related"": {""ip"": [""10.0.0.1"", ""0.0.0.0"", ""10.0.0.4"", ""168.63.129.16""]}, ""tags"": [""forwarded"", ""zscaler_zpa-app_connectors_status""], ""zscaler_zpa"": {""app_connector_status"": {""connector"": {""group"": ""Some App Connector Group"", ""name"": ""Some App Connector""}, ""connector_start_time"": ""2019-04-22T08:00:05.000Z"", ""connector_up_time"": ""2019-04-22T08:00:05.000Z"", ""host_start_time"": ""2017-12-14T05:39:55.000Z"", ""host_up_time"": ""2017-12-14T05:39:55.000Z"", ""interface"": {""name"": ""eth0"", ""received"": {""bytes"": 319831966346, ""discards"": 0, ""errors"": 0, ""packets"": 1617569938}, ""transmitted"": {""bytes"": 192958782635, ""discards"": 0, ""errors"": 0, ""packets"": 1797471190}}, ""memory"": {""utilization"": 20}, ""num_of_interfaces"": 2, ""primary_dns_resolver"": ""168.63.129.16"", ""private_ip"": ""10.0.0.4"", ""service"": {""count"": 2}, ""session"": {""id"": ""8A64Qwj9zCkfYDGJVoUZ"", ""status"": ""ZPN_STATUS_AUTHENTICATED"", ""type"": ""ZPN_ASSISTANT_BROKER_CONTROL""}, ""timestamp"": {""authentication"": ""2019-06-27T05:05:23.348Z""}, ""zen"": ""US-NY-8179""}}}"