{ "name": "cisco_meraki", "title": "Cisco Meraki", "version": "1.29.0", "release": "ga", "description": "Collect logs from Cisco Meraki with Elastic Agent.", "type": "integration", "download": "/epr/cisco_meraki/cisco_meraki-1.29.0.zip", "path": "/package/cisco_meraki/1.29.0", "icons": [ { "src": "/img/cisco-logo.svg", "path": "/package/cisco_meraki/1.29.0/img/cisco-logo.svg", "title": "Cisco logo", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.13.0 || ^9.0.0" } }, "owner": { "type": "elastic", "github": "elastic/security-service-integrations" }, "categories": [ "network", "security" ], "signature_path": "/epr/cisco_meraki/cisco_meraki-1.29.0.zip.sig", "format_version": "3.0.2", "readme": "/package/cisco_meraki/1.29.0/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/cisco-meraki-dashboard-1.png", "path": "/package/cisco_meraki/1.29.0/img/cisco-meraki-dashboard-1.png", "title": "Cisco Meraki Dashboard", "size": "600x600", "type": "image/png" }, { "src": "/img/cisco-meraki-dashboard-2.png", "path": "/package/cisco_meraki/1.29.0/img/cisco-meraki-dashboard-2.png", "title": "Cisco Meraki Dashboard", "size": "600x600", "type": "image/png" }, { "src": "/img/cisco-meraki-dashboard-3.png", "path": "/package/cisco_meraki/1.29.0/img/cisco-meraki-dashboard-3.png", "title": "Cisco Meraki Dashboard", "size": "600x600", "type": "image/png" } ], "assets": [ "/package/cisco_meraki/1.29.0/LICENSE.txt", "/package/cisco_meraki/1.29.0/changelog.yml", "/package/cisco_meraki/1.29.0/manifest.yml", "/package/cisco_meraki/1.29.0/validation.yml", "/package/cisco_meraki/1.29.0/docs/README.md", "/package/cisco_meraki/1.29.0/img/cisco-logo.svg", "/package/cisco_meraki/1.29.0/img/cisco-meraki-dashboard-1.png", "/package/cisco_meraki/1.29.0/img/cisco-meraki-dashboard-2.png", "/package/cisco_meraki/1.29.0/img/cisco-meraki-dashboard-3.png", "/package/cisco_meraki/1.29.0/kibana/tags.yml", "/package/cisco_meraki/1.29.0/data_stream/events/manifest.yml", "/package/cisco_meraki/1.29.0/data_stream/events/sample_event.json", "/package/cisco_meraki/1.29.0/data_stream/log/manifest.yml", "/package/cisco_meraki/1.29.0/data_stream/log/sample_event.json", "/package/cisco_meraki/1.29.0/kibana/dashboard/cisco_meraki-4832a430-af22-11ec-a899-6f7e676e0fb4.json", "/package/cisco_meraki/1.29.0/kibana/tag/cisco_meraki-security-solution-default.json", "/package/cisco_meraki/1.29.0/data_stream/events/fields/agent.yml", "/package/cisco_meraki/1.29.0/data_stream/events/fields/base-fields.yml", "/package/cisco_meraki/1.29.0/data_stream/events/fields/ecs.yml", "/package/cisco_meraki/1.29.0/data_stream/events/fields/fields.yml", "/package/cisco_meraki/1.29.0/data_stream/log/fields/agent.yml", "/package/cisco_meraki/1.29.0/data_stream/log/fields/base-fields.yml", "/package/cisco_meraki/1.29.0/data_stream/log/fields/ecs.yml", "/package/cisco_meraki/1.29.0/data_stream/log/fields/fields.yml", "/package/cisco_meraki/1.29.0/data_stream/events/agent/stream/http_endpoint.yml.hbs", "/package/cisco_meraki/1.29.0/data_stream/events/elasticsearch/ingest_pipeline/default.yml", "/package/cisco_meraki/1.29.0/data_stream/log/agent/stream/logfile.yml.hbs", "/package/cisco_meraki/1.29.0/data_stream/log/agent/stream/tcp.yml.hbs", "/package/cisco_meraki/1.29.0/data_stream/log/agent/stream/udp.yml.hbs", "/package/cisco_meraki/1.29.0/data_stream/log/elasticsearch/ingest_pipeline/airmarshal.yml", "/package/cisco_meraki/1.29.0/data_stream/log/elasticsearch/ingest_pipeline/default.yml", "/package/cisco_meraki/1.29.0/data_stream/log/elasticsearch/ingest_pipeline/events.yml", "/package/cisco_meraki/1.29.0/data_stream/log/elasticsearch/ingest_pipeline/flows.yml", "/package/cisco_meraki/1.29.0/data_stream/log/elasticsearch/ingest_pipeline/idsalerts.yml", "/package/cisco_meraki/1.29.0/data_stream/log/elasticsearch/ingest_pipeline/ipflows.yml", "/package/cisco_meraki/1.29.0/data_stream/log/elasticsearch/ingest_pipeline/security.yml", "/package/cisco_meraki/1.29.0/data_stream/log/elasticsearch/ingest_pipeline/urls.yml" ], "policy_templates": [ { "name": "cisco_meraki", "title": "Cisco Meraki logs or events", "description": "Collect logs or events from Cisco Meraki", "inputs": [ { "type": "udp", "title": "Collect syslog from Cisco Meraki via UDP", "description": "Collecting syslog from Cisco Meraki via UDP" }, { "type": "tcp", "title": "Collect syslog from Cisco Meraki via TCP", "description": "Collecting syslog from Cisco Meraki via TCP" }, { "type": "logfile", "title": "Collect syslog from Cisco Meraki via file", "description": "Collecting syslog from Cisco Meraki via file" }, { "type": "http_endpoint", "title": "Collect events from Cisco Meraki via Webhooks", "description": "Collecting events from Cisco Meraki via Webhooks" } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "cisco_meraki.events", "title": "Cisco Meraki webhook events", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "http_endpoint", "vars": [ { "name": "listen_address", "type": "text", "title": "Listen Address", "description": "Bind address for the listener. Use 0.0.0.0 to listen on all interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "listen_port", "type": "integer", "title": "Listen Port", "multi": false, "required": true, "show_user": true, "default": 8686 }, { "name": "url", "type": "text", "title": "Webhook path", "description": "URL path where the webhook will accept requests.", "multi": false, "required": true, "show_user": false, "default": "/meraki/events" }, { "name": "secret_value", "type": "password", "description": "Shared secret used for selecting events that can be ingested.", "multi": false, "required": false, "show_user": true }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "enabled: false\ncertificate: \"/etc/pki/client/cert.pem\"\nkey: \"/etc/pki/client/cert.key\"\n" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "meraki-events" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "http_endpoint.yml.hbs", "title": "Cisco Meraki webhook events", "description": "Receives events from Cisco Meraki webhook", "enabled": false, "ingestion_method": "Webhook" } ], "package": "cisco_meraki", "path": "events" }, { "type": "logs", "dataset": "cisco_meraki.log", "title": "Cisco Meraki logs (via Syslog)", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "udp", "vars": [ { "name": "listen_address", "type": "text", "title": "Listen Address", "description": "The bind address to listen for UDP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "listen_port", "type": "integer", "title": "Listen Port", "description": "The UDP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 8685 }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "cisco-meraki", "forwarded" ] }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": false, "show_user": false, "default": "UTC" }, { "name": "udp_options", "type": "yaml", "title": "Custom UDP Options", "description": "Specify custom configuration options for the UDP input.", "multi": false, "required": false, "show_user": false, "default": "#read_buffer: 100MiB\nmax_message_size: 1MiB\n#timeout: 300s\n" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "udp.yml.hbs", "title": "Cisco Meraki logs", "description": "Collect Cisco Meraki logs (via Syslog)", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "tcp", "vars": [ { "name": "listen_address", "type": "text", "title": "Listen Address", "description": "The bind address to listen for TCP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "listen_port", "type": "integer", "title": "Listen Port", "description": "The TCP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 8685 }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "enabled: false\ncertificate: \"/etc/pki/client/cert.pem\"\nkey: \"/etc/pki/client/cert.key\"\n" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "cisco-meraki", "forwarded" ] }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": false, "show_user": false, "default": "UTC" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "tcp.yml.hbs", "title": "Cisco Meraki logs", "description": "Collect Cisco Meraki logs (via Syslog)", "enabled": false, "ingestion_method": "Network Protocol" }, { "input": "logfile", "vars": [ { "name": "paths", "type": "text", "title": "Paths", "multi": true, "required": false, "show_user": true, "default": [ "/var/log/cisco-meraki.log" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": true, "default": [ "cisco-meraki", "forwarded" ] }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": false, "show_user": false, "default": "UTC" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "logfile.yml.hbs", "title": "Cisco Meraki logs", "description": "Collect Cisco Meraki logs (via Syslog)", "enabled": false, "ingestion_method": "File" } ], "package": "cisco_meraki", "path": "log" } ] }