Skip to content

Instantly share code, notes, and snippets.

@szwarckonrad

szwarckonrad/gist:ade11a52410d614cf51bf8f188445338 Secret

Created July 28, 2023 13:31
Show Gist options
  • Save szwarckonrad/ade11a52410d614cf51bf8f188445338 to your computer and use it in GitHub Desktop.
Save szwarckonrad/ade11a52410d614cf51bf8f188445338 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
id: 500ddef0-2d1a-11ee-9a83-cfcc69084983
revision: 4
outputs:
b68bd130-2d3f-11ee-b641-af4c9ef4fd05:
type: kafka
hosts:
- 'https://localhost:5123'
client_id: Elastic agent
version: 1.0.0
compression: none
auth_type: user_pass
username: Test
password: test
sasl:
mechanism: PLAIN
partition: random
random:
group_events: 1
topics:
- topic: hii
headers:
- key: Asd
value: sad
timeout: 30
broker_timeout: 30
broker_buffer_size: 256
broker_ack_reliability: Wait for local commit
default:
type: elasticsearch
hosts:
- 'http://192.168.1.15:9200'
fleet:
hosts:
- 'http://192.168.1.15:8220'
output_permissions:
default:
_elastic_agent_monitoring:
indices:
- names:
- logs-elastic_agent.apm_server-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.apm_server-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.auditbeat-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.auditbeat-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.cloud_defend-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.cloudbeat-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.cloudbeat-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.elastic_agent-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.endpoint_security-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.endpoint_security-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.filebeat_input-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.filebeat_input-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.filebeat-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.filebeat-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.fleet_server-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.fleet_server-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.heartbeat-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.heartbeat-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.metricbeat-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.metricbeat-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.osquerybeat-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.osquerybeat-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.packetbeat-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.packetbeat-default
privileges:
- auto_configure
- create_doc
_elastic_agent_checks:
cluster:
- monitor
agent:
download:
sourceURI: 'https://artifacts.elastic.co/downloads/'
monitoring:
enabled: true
use_output: default
namespace: default
logs: true
metrics: true
features: {}
protection:
enabled: false
uninstall_token_hash: ''
signing_key: >-
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEd0II6nhjzIliM9VjanuR4fxFBBqpwz06I8d2h5ksoqlt5A4HyDVebPGy7Qe4SlbYQ8vl8WvsrF5kQOiSpTvhIQ==
inputs:
- id: logfile-system-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
name: system-1
revision: 1
type: logfile
use_output: b68bd130-2d3f-11ee-b641-af4c9ef4fd05
meta:
package:
name: system
version: 1.38.1
data_stream:
namespace: default
package_policy_id: 860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
streams:
- id: logfile-system.auth-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
data_stream:
dataset: system.auth
type: logs
ignore_older: 72h
paths:
- /var/log/auth.log*
- /var/log/secure*
exclude_files:
- .gz$
multiline:
pattern: ^\s
match: after
tags:
- system-auth
processors:
- add_locale: null
- id: logfile-system.syslog-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
data_stream:
dataset: system.syslog
type: logs
paths:
- /var/log/messages*
- /var/log/syslog*
- /var/log/system*
exclude_files:
- .gz$
multiline:
pattern: ^\s
match: after
processors:
- add_locale: null
ignore_older: 72h
- id: winlog-system-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
name: system-1
revision: 1
type: winlog
use_output: b68bd130-2d3f-11ee-b641-af4c9ef4fd05
meta:
package:
name: system
version: 1.38.1
data_stream:
namespace: default
package_policy_id: 860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
streams:
- id: winlog-system.application-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
name: Application
data_stream:
dataset: system.application
type: logs
condition: '${host.platform} == ''windows'''
ignore_older: 72h
- id: winlog-system.security-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
name: Security
data_stream:
dataset: system.security
type: logs
condition: '${host.platform} == ''windows'''
ignore_older: 72h
- id: winlog-system.system-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
name: System
data_stream:
dataset: system.system
type: logs
condition: '${host.platform} == ''windows'''
ignore_older: 72h
- id: system/metrics-system-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
name: system-1
revision: 1
type: system/metrics
use_output: b68bd130-2d3f-11ee-b641-af4c9ef4fd05
meta:
package:
name: system
version: 1.38.1
data_stream:
namespace: default
package_policy_id: 860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
streams:
- id: system/metrics-system.cpu-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
data_stream:
dataset: system.cpu
type: metrics
metricsets:
- cpu
cpu.metrics:
- percentages
- normalized_percentages
period: 10s
- id: system/metrics-system.diskio-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
data_stream:
dataset: system.diskio
type: metrics
metricsets:
- diskio
diskio.include_devices: null
period: 10s
- id: system/metrics-system.filesystem-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
data_stream:
dataset: system.filesystem
type: metrics
metricsets:
- filesystem
period: 1m
processors:
- drop_event.when.regexp:
system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)
- id: system/metrics-system.fsstat-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
data_stream:
dataset: system.fsstat
type: metrics
metricsets:
- fsstat
period: 1m
processors:
- drop_event.when.regexp:
system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)
- id: system/metrics-system.load-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
data_stream:
dataset: system.load
type: metrics
metricsets:
- load
condition: '${host.platform} != ''windows'''
period: 10s
- id: system/metrics-system.memory-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
data_stream:
dataset: system.memory
type: metrics
metricsets:
- memory
period: 10s
- id: system/metrics-system.network-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
data_stream:
dataset: system.network
type: metrics
metricsets:
- network
period: 10s
network.interfaces: null
- id: system/metrics-system.process-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
data_stream:
dataset: system.process
type: metrics
metricsets:
- process
period: 10s
process.include_top_n.by_cpu: 5
process.include_top_n.by_memory: 5
process.cmdline.cache.enabled: true
process.cgroups.enabled: false
process.include_cpu_ticks: false
processes:
- .*
- id: >-
system/metrics-system.process.summary-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
data_stream:
dataset: system.process.summary
type: metrics
metricsets:
- process_summary
period: 10s
- id: >-
system/metrics-system.socket_summary-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
data_stream:
dataset: system.socket_summary
type: metrics
metricsets:
- socket_summary
period: 10s
- id: system/metrics-system.uptime-860b3d7a-d6c9-4f9e-bfea-6ad59655f04f
data_stream:
dataset: system.uptime
type: metrics
metricsets:
- uptime
period: 10s
- id: f4b547dc-d192-4b67-9b99-8d2429f349c3
name: test
revision: 2
type: endpoint
use_output: b68bd130-2d3f-11ee-b641-af4c9ef4fd05
meta:
package:
name: endpoint
version: 8.9.1
data_stream:
namespace: default
package_policy_id: f4b547dc-d192-4b67-9b99-8d2429f349c3
integration_config:
type: endpoint
endpointConfig:
preset: EDRComplete
artifact_manifest:
schema_version: v1
manifest_version: 1.0.2
artifacts:
endpoint-blocklist-linux-v1:
relative_url: >-
/api/fleet/artifacts/endpoint-blocklist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
compression_algorithm: zlib
decoded_size: 14
decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
encryption_algorithm: none
encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda
encoded_size: 22
endpoint-blocklist-windows-v1:
relative_url: >-
/api/fleet/artifacts/endpoint-blocklist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
compression_algorithm: zlib
decoded_size: 14
decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
encryption_algorithm: none
encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda
encoded_size: 22
endpoint-trustlist-macos-v1:
relative_url: >-
/api/fleet/artifacts/endpoint-trustlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
compression_algorithm: zlib
decoded_size: 14
decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
encryption_algorithm: none
encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda
encoded_size: 22
endpoint-hostisolationexceptionlist-linux-v1:
relative_url: >-
/api/fleet/artifacts/endpoint-hostisolationexceptionlist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
compression_algorithm: zlib
decoded_size: 14
decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
encryption_algorithm: none
encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda
encoded_size: 22
endpoint-exceptionlist-macos-v1:
relative_url: >-
/api/fleet/artifacts/endpoint-exceptionlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
compression_algorithm: zlib
decoded_size: 14
decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
encryption_algorithm: none
encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda
encoded_size: 22
endpoint-blocklist-macos-v1:
relative_url: >-
/api/fleet/artifacts/endpoint-blocklist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
compression_algorithm: zlib
decoded_size: 14
decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
encryption_algorithm: none
encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda
encoded_size: 22
endpoint-eventfilterlist-macos-v1:
relative_url: >-
/api/fleet/artifacts/endpoint-eventfilterlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
compression_algorithm: zlib
decoded_size: 14
decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
encryption_algorithm: none
encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda
encoded_size: 22
endpoint-hostisolationexceptionlist-windows-v1:
relative_url: >-
/api/fleet/artifacts/endpoint-hostisolationexceptionlist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
compression_algorithm: zlib
decoded_size: 14
decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
encryption_algorithm: none
encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda
encoded_size: 22
endpoint-trustlist-windows-v1:
relative_url: >-
/api/fleet/artifacts/endpoint-trustlist-windows-v1/512dacede36bc93599f8702250fbbd259c1e843f6338bbf27eddb7ab427c1ef9
compression_algorithm: zlib
decoded_size: 236
decoded_sha256: 512dacede36bc93599f8702250fbbd259c1e843f6338bbf27eddb7ab427c1ef9
encryption_algorithm: none
encoded_sha256: 39bd2f2337252f76b32007dd8472fe0e2bb7d5bbee29a0fda5843c6ba25b651c
encoded_size: 131
endpoint-eventfilterlist-windows-v1:
relative_url: >-
/api/fleet/artifacts/endpoint-eventfilterlist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
compression_algorithm: zlib
decoded_size: 14
decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
encryption_algorithm: none
encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda
encoded_size: 22
endpoint-exceptionlist-linux-v1:
relative_url: >-
/api/fleet/artifacts/endpoint-exceptionlist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
compression_algorithm: zlib
decoded_size: 14
decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
encryption_algorithm: none
encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda
encoded_size: 22
endpoint-trustlist-linux-v1:
relative_url: >-
/api/fleet/artifacts/endpoint-trustlist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
compression_algorithm: zlib
decoded_size: 14
decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
encryption_algorithm: none
encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda
encoded_size: 22
endpoint-eventfilterlist-linux-v1:
relative_url: >-
/api/fleet/artifacts/endpoint-eventfilterlist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
compression_algorithm: zlib
decoded_size: 14
decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
encryption_algorithm: none
encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda
encoded_size: 22
endpoint-exceptionlist-windows-v1:
relative_url: >-
/api/fleet/artifacts/endpoint-exceptionlist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
compression_algorithm: zlib
decoded_size: 14
decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
encryption_algorithm: none
encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda
encoded_size: 22
endpoint-hostisolationexceptionlist-macos-v1:
relative_url: >-
/api/fleet/artifacts/endpoint-hostisolationexceptionlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
compression_algorithm: zlib
decoded_size: 14
decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658
encryption_algorithm: none
encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda
encoded_size: 22
policy:
meta:
cloud: false
license: trial
cluster_name: elasticsearch
cluster_uuid: 2qiIRZ-0Sym8Cx8nftmlqA
license_uid: 5520682e-cb34-4ca7-a269-3c951689d71f
linux:
behavior_protection:
mode: prevent
reputation_service: false
supported: true
popup:
behavior_protection:
enabled: true
message: ''
malware:
enabled: true
message: ''
memory_protection:
enabled: true
message: ''
malware:
mode: prevent
blocklist: true
advanced:
capture_env_vars: 'LD_PRELOAD,LD_LIBRARY_PATH'
logging:
file: info
events:
tty_io: false
process: true
session_data: false
file: true
network: true
memory_protection:
mode: prevent
supported: true
windows:
behavior_protection:
mode: prevent
reputation_service: false
supported: true
popup:
behavior_protection:
enabled: true
message: ''
malware:
enabled: true
message: ''
ransomware:
enabled: true
message: ''
memory_protection:
enabled: true
message: ''
malware:
mode: prevent
blocklist: true
attack_surface_reduction:
credential_hardening:
enabled: true
logging:
file: info
antivirus_registration:
enabled: false
events:
registry: true
process: true
security: true
file: true
dns: true
credential_access: true
dll_and_driver_load: true
network: true
ransomware:
mode: prevent
supported: true
memory_protection:
mode: prevent
supported: true
mac:
behavior_protection:
mode: prevent
reputation_service: false
supported: true
popup:
behavior_protection:
enabled: true
message: ''
malware:
enabled: true
message: ''
memory_protection:
enabled: true
message: ''
malware:
mode: prevent
blocklist: true
advanced:
capture_env_vars: >-
DYLD_INSERT_LIBRARIES,DYLD_FRAMEWORK_PATH,DYLD_LIBRARY_PATH,LD_PRELOAD
logging:
file: info
events:
process: true
file: true
network: true
memory_protection:
mode: prevent
supported: true
signed:
data: >-
eyJpZCI6IjUwMGRkZWYwLTJkMWEtMTFlZS05YTgzLWNmY2M2OTA4NDk4MyIsImFnZW50Ijp7ImZlYXR1cmVzIjp7fSwicHJvdGVjdGlvbiI6eyJlbmFibGVkIjpmYWxzZSwidW5pbnN0YWxsX3Rva2VuX2hhc2giOiIiLCJzaWduaW5nX2tleSI6Ik1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRWQwSUk2bmhqeklsaU05VmphbnVSNGZ4RkJCcXB3ejA2SThkMmg1a3NvcWx0NUE0SHlEVmViUEd5N1FlNFNsYllROHZsOFd2c3JGNWtRT2lTcFR2aElRPT0ifX0sImlucHV0cyI6W3siaWQiOiJsb2dmaWxlLXN5c3RlbS04NjBiM2Q3YS1kNmM5LTRmOWUtYmZlYS02YWQ1OTY1NWYwNGYiLCJuYW1lIjoic3lzdGVtLTEiLCJyZXZpc2lvbiI6MSwidHlwZSI6ImxvZ2ZpbGUifSx7ImlkIjoid2lubG9nLXN5c3RlbS04NjBiM2Q3YS1kNmM5LTRmOWUtYmZlYS02YWQ1OTY1NWYwNGYiLCJuYW1lIjoic3lzdGVtLTEiLCJyZXZpc2lvbiI6MSwidHlwZSI6IndpbmxvZyJ9LHsiaWQiOiJzeXN0ZW0vbWV0cmljcy1zeXN0ZW0tODYwYjNkN2EtZDZjOS00ZjllLWJmZWEtNmFkNTk2NTVmMDRmIiwibmFtZSI6InN5c3RlbS0xIiwicmV2aXNpb24iOjEsInR5cGUiOiJzeXN0ZW0vbWV0cmljcyJ9LHsiaWQiOiJmNGI1NDdkYy1kMTkyLTRiNjctOWI5OS04ZDI0MjlmMzQ5YzMiLCJuYW1lIjoidGVzdCIsInJldmlzaW9uIjoyLCJ0eXBlIjoiZW5kcG9pbnQifV19
signature: >-
MEYCIQCk+B1qBhnTG4dVFoPYLg3Mte/EfRK1iteQF3EWeuAmKwIhAIZzSeM32ZonA0MBiWRhkktkeYKThD6nFR0BI37yF0Du
secret_references: []
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment