dependencies:

ecs:

reference: git@v8.17.0

[Airlock Digital](https://www.airlockdigital.com/) delivers an easy-to-manage and scalable application control solution to protect endpoints with confidence. Built by cybersecurity professionals and trusted by organizations worldwide, Airlock Digital enforces a Deny by Default security posture to block all untrusted code, including unknown applications, unwanted scripts, malware, and ransomware.

The Airlock Digital integration for Elastic allows you to collect logs from, [Airlock Digital REST API](https://api.airlockdigital.com/), then visualise the data in Kibana.

The Airlock Digital integration is compatible with `v6.1.x` and `v1` version of Airlock Digital REST API.

This integration periodically queries the Airlock Digital REST API to retrieve Agent logs.

This integration collects log messages of the following types:

- `Agent`: Collects agent logs via [Airlock Digital REST API](https://api.airlockdigital.com/#35ef50c6-1df4-4330-a433-1915ccf380cf).

Integrating Airlock Digital agent logs with Elastic SIEM provides SOC teams with comprehensive visibility into endpoint policy enforcement and system activity. Dashboards highlight agent health, host and user patterns, OS distribution, group and policy metrics, storage availability, and trusted configurations, empowering efficient monitoring, proactive resource management, and improved operational readiness.

1. In order to make the API calls, the User Group to which a user belongs should contain required permissions. You can follow the below steps for that:

2. Go to the **Settings** and navigate to **Users** tab.

3. Under **User Group Management** for the respective user group provide **agent/find** and **group/policies** roles in the REST API Roles section and click on save.

1. Log in to your Airlock console.

2. On the right side of the navigation bar, click on the dropdown with the user’s name and navigate to **My profile** section.

3. Click on the **Generate API Key** button.

4. Copy the displayed API key — it will be required later for configuration.

For more details, check [Documentation](https://api.airlockdigital.com/).

This integration supports both Elastic Agentless-based and Agent-based installations.

Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).

Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.

Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md). You can install only one Elastic Agent per host.

1. In the top search bar in Kibana, search for **Integrations**.

2. In the search bar, type **Airlock Digital**.

3. Select the **Airlock Digital** integration from the search results.

4. Select **Add Airlock Digital** to add the integration.

5. Enable and configure only the collection methods which you will use.

* To **Collect Airlock Digital logs via API**, you'll need to:

- Configure **URL** and **API Key**.

- Enable/Disable the required datasets.

- For each dataset, adjust the integration configuration parameters if required, including the Interval, Preserve original event etc. to enable data collection.

6. Select **Save and continue** to save the integration.

1. In the top search bar in Kibana, search for **Dashboards**.

2. In the search bar, type **Airlock Digital**.

3. Select a dashboard for the dataset you are collecting, and verify the dashboard information is populated.

For more information on architectures that can be used for scaling this integration, check the [Ingest Architectures](https://www.elastic.co/docs/manage-data/ingest/ingest-reference-architectures) documentation.

{{fields "agent"}}

{{event "agent"}}

These inputs can be used in this integration:

- [cel](https://www.elastic.co/docs/reference/beats/filebeat/filebeat-input-cel)

These integration datasets use the following API:

- `Agent`: [Airlock Digital REST API](https://api.airlockdigital.com/#35ef50c6-1df4-4330-a433-1915ccf380cf).

version: '3.8'

services:

airlock_digital:

image: docker.elastic.co/observability/stream:v0.20.0

hostname: airlock_digital

ports:

- 8090

volumes:

- ./files:/files:ro

environment:

PORT: '8090'

command:

- http-server

- --addr=:8090

- --config=/files/config.yml