{ "name": "sysmon_linux", "title": "Sysmon for Linux", "version": "1.8.1", "release": "ga", "description": "Collect Sysmon Linux logs with Elastic Agent.", "type": "integration", "download": "/epr/sysmon_linux/sysmon_linux-1.8.1.zip", "path": "/package/sysmon_linux/1.8.1", "icons": [ { "src": "/img/sysmon-linux.svg", "path": "/package/sysmon_linux/1.8.1/img/sysmon-linux.svg", "title": "sysmon-linux", "size": "1000x1000", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.4.0 || ^9.0.0" } }, "owner": { "type": "elastic", "github": "elastic/sec-linux-platform" }, "categories": [ "os_system", "security" ], "signature_path": "/epr/sysmon_linux/sysmon_linux-1.8.1.zip.sig", "format_version": "3.0.0", "readme": "/package/sysmon_linux/1.8.1/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/kibana-sysmon-linux.png", "path": "/package/sysmon_linux/1.8.1/img/kibana-sysmon-linux.png", "title": "kibana sysmon linux", "size": "1220x852", "type": "image/png" } ], "assets": [ "/package/sysmon_linux/1.8.1/LICENSE.txt", "/package/sysmon_linux/1.8.1/changelog.yml", "/package/sysmon_linux/1.8.1/manifest.yml", "/package/sysmon_linux/1.8.1/validation.yml", "/package/sysmon_linux/1.8.1/docs/README.md", "/package/sysmon_linux/1.8.1/img/kibana-sysmon-linux.png", "/package/sysmon_linux/1.8.1/img/sysmon-linux.svg", "/package/sysmon_linux/1.8.1/kibana/tags.yml", "/package/sysmon_linux/1.8.1/data_stream/log/manifest.yml", "/package/sysmon_linux/1.8.1/data_stream/log/sample_event.json", "/package/sysmon_linux/1.8.1/kibana/dashboard/sysmon_linux-22fcf4b0-64d8-11ed-8c3d-9d8cab821d64.json", "/package/sysmon_linux/1.8.1/data_stream/log/fields/agent.yml", "/package/sysmon_linux/1.8.1/data_stream/log/fields/base-fields.yml", "/package/sysmon_linux/1.8.1/data_stream/log/fields/beats.yml", "/package/sysmon_linux/1.8.1/data_stream/log/fields/ecs.yml", "/package/sysmon_linux/1.8.1/data_stream/log/fields/fields.yml", "/package/sysmon_linux/1.8.1/data_stream/log/fields/winlog.yml", "/package/sysmon_linux/1.8.1/data_stream/log/agent/stream/filestream.yml.hbs", "/package/sysmon_linux/1.8.1/data_stream/log/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "sysmon_linux", "title": "Sysmon for Linux logs", "description": "Collect Sysmon for Linux logs", "inputs": [ { "type": "filestream", "title": "Collect Sysmon for Linux logs", "description": "Collecting Sysmon for Linux logs" } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "sysmon_linux.log", "title": "Sysmon for Linux logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "filestream", "vars": [ { "name": "paths", "type": "text", "title": "Paths", "multi": true, "required": true, "show_user": true, "default": [ "/var/log/sysmon*" ] }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": false, "show_user": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false }, { "name": "ignore_older", "type": "text", "title": "Ignore events older than", "description": "If this option is specified, events that are older than the specified amount of time are ignored. Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", "multi": false, "required": false, "show_user": false, "default": "72h" } ], "template_path": "filestream.yml.hbs", "title": "Sysmon for Linux logs (log)", "description": "Collect Sysmon for Linux logs using log input", "enabled": true, "ingestion_method": "File" } ], "package": "sysmon_linux", "path": "log" } ] }