{ "name": "authentik", "title": "authentik", "version": "1.6.0", "release": "ga", "description": "Collect logs from authentik with Elastic Agent.", "type": "integration", "download": "/epr/authentik/authentik-1.6.0.zip", "path": "/package/authentik/1.6.0", "icons": [ { "src": "/img/authentik-logo.svg", "path": "/package/authentik/1.6.0/img/authentik-logo.svg", "title": "authentik logo", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.16.0 || ^9.0.0" }, "elastic": { "subscription": "basic" } }, "owner": { "type": "elastic", "github": "elastic/security-service-integrations" }, "categories": [ "security", "iam" ], "signature_path": "/epr/authentik/authentik-1.6.0.zip.sig", "format_version": "3.4.0", "readme": "/package/authentik/1.6.0/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/authentik-event_overview.png", "path": "/package/authentik/1.6.0/img/authentik-event_overview.png", "title": "Event Overview Dashboard", "size": "600x600", "type": "image/png" }, { "src": "/img/authentik-user_and_group_overview.png", "path": "/package/authentik/1.6.0/img/authentik-user_and_group_overview.png", "title": "User and Group Overview Dashboard", "size": "600x600", "type": "image/png" } ], "assets": [ "/package/authentik/1.6.0/LICENSE.txt", "/package/authentik/1.6.0/changelog.yml", "/package/authentik/1.6.0/manifest.yml", "/package/authentik/1.6.0/validation.yml", "/package/authentik/1.6.0/docs/README.md", "/package/authentik/1.6.0/img/authentik-event_overview.png", "/package/authentik/1.6.0/img/authentik-logo.svg", "/package/authentik/1.6.0/img/authentik-user_and_group_overview.png", "/package/authentik/1.6.0/kibana/tags.yml", "/package/authentik/1.6.0/data_stream/event/manifest.yml", "/package/authentik/1.6.0/data_stream/event/sample_event.json", "/package/authentik/1.6.0/data_stream/group/manifest.yml", "/package/authentik/1.6.0/data_stream/group/sample_event.json", "/package/authentik/1.6.0/data_stream/user/manifest.yml", "/package/authentik/1.6.0/data_stream/user/sample_event.json", "/package/authentik/1.6.0/kibana/dashboard/authentik-490ec869-2ac1-4c30-9653-7916748d4f84.json", "/package/authentik/1.6.0/kibana/dashboard/authentik-e3c4a5f9-e47c-4cde-b755-859122e7ef80.json", "/package/authentik/1.6.0/kibana/search/authentik-16fb2a4f-720c-416f-9713-dfc87ce0cb79.json", "/package/authentik/1.6.0/kibana/search/authentik-cfd98a0c-37de-40a7-a785-72104f99c515.json", "/package/authentik/1.6.0/kibana/search/authentik-cfe038cb-a2ed-494f-a7ee-40723b96c029.json", "/package/authentik/1.6.0/kibana/tag/authentik-security-solution-default.json", "/package/authentik/1.6.0/data_stream/event/fields/base-fields.yml", "/package/authentik/1.6.0/data_stream/event/fields/beats.yml", "/package/authentik/1.6.0/data_stream/event/fields/fields.yml", "/package/authentik/1.6.0/data_stream/group/fields/base-fields.yml", "/package/authentik/1.6.0/data_stream/group/fields/beats.yml", "/package/authentik/1.6.0/data_stream/group/fields/fields.yml", "/package/authentik/1.6.0/data_stream/user/fields/base-fields.yml", "/package/authentik/1.6.0/data_stream/user/fields/beats.yml", "/package/authentik/1.6.0/data_stream/user/fields/fields.yml", "/package/authentik/1.6.0/data_stream/event/agent/stream/cel.yml.hbs", "/package/authentik/1.6.0/data_stream/event/elasticsearch/ingest_pipeline/default.yml", "/package/authentik/1.6.0/data_stream/group/agent/stream/cel.yml.hbs", "/package/authentik/1.6.0/data_stream/group/elasticsearch/ingest_pipeline/default.yml", "/package/authentik/1.6.0/data_stream/user/agent/stream/cel.yml.hbs", "/package/authentik/1.6.0/data_stream/user/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "authentik", "title": "authentik logs", "description": "Collect authentik logs.", "inputs": [ { "type": "cel", "vars": [ { "name": "url", "type": "url", "title": "URL", "description": "Base URL of the authentik instance.", "multi": false, "required": true, "show_user": true }, { "name": "api_token", "type": "password", "title": "API Token", "description": "API Token used to authenticate the requests.", "multi": false, "required": true, "show_user": true }, { "name": "proxy_url", "type": "text", "title": "Proxy URL", "description": "URL to proxy connections in the form of http[s]://:@:. Please ensure your username and password are in URL encoded format.", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" } ], "title": "Collect authentik logs via API", "description": "Collecting authentik logs via API." } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "authentik.event", "title": "authentik event logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the authentik API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "5m" }, { "name": "page_size", "type": "text", "title": "Page Size", "description": "Page size for the response of the authentik API.", "multi": false, "required": true, "show_user": false, "default": 1000 }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Supported time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details.", "multi": false, "required": false, "show_user": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "authentik-event" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": false, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve authentik.event fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "authentik event Logs", "description": "Collecting authentik event logs via API.", "enabled": true, "ingestion_method": "API" } ], "package": "authentik", "path": "event" }, { "type": "logs", "dataset": "authentik.group", "title": "authentik group logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the authentik API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "page_size", "type": "text", "title": "Page Size", "description": "Page size for the response of the authentik API.", "multi": false, "required": true, "show_user": false, "default": 1000 }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Supported time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details.", "multi": false, "required": false, "show_user": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "authentik-group" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": false, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve authentik.group fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "authentik group Logs", "description": "Collecting authentik group logs via API.", "enabled": true, "ingestion_method": "API" } ], "package": "authentik", "path": "group" }, { "type": "logs", "dataset": "authentik.user", "title": "authentik user logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the authentik API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "page_size", "type": "text", "title": "Page Size", "description": "Page size for the response of the authentik API.", "multi": false, "required": true, "show_user": false, "default": 1000 }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Supported time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details.", "multi": false, "required": false, "show_user": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "authentik-user" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": false, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve authentik.user fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "authentik user Logs", "description": "Collecting authentik user logs via API.", "enabled": true, "ingestion_method": "API" } ], "package": "authentik", "path": "user" } ] }