{
  "name": "teleport",
  "title": "Teleport",
  "version": "1.5.0",
  "release": "ga",
  "source": {
    "license": "Elastic-2.0"
  },
  "description": "Collect logs from Teleport with Elastic Agent.",
  "type": "integration",
  "download": "/epr/teleport/teleport-1.5.0.zip",
  "path": "/package/teleport/1.5.0",
  "icons": [
    {
      "src": "/img/teleport-logo.svg",
      "path": "/package/teleport/1.5.0/img/teleport-logo.svg",
      "title": "Teleport logo",
      "size": "512x512",
      "type": "image/svg+xml"
    }
  ],
  "conditions": {
    "kibana": {
      "version": "^8.14.0 || ^9.0.0"
    },
    "elastic": {
      "subscription": "basic"
    }
  },
  "owner": {
    "type": "elastic",
    "github": "elastic/security-service-integrations"
  },
  "categories": [
    "monitoring",
    "network",
    "security"
  ],
  "signature_path": "/epr/teleport/teleport-1.5.0.zip.sig",
  "format_version": "3.0.3",
  "readme": "/package/teleport/1.5.0/docs/README.md",
  "license": "basic",
  "screenshots": [
    {
      "src": "/img/teleport-dashboard-main-chrome.png",
      "path": "/package/teleport/1.5.0/img/teleport-dashboard-main-chrome.png",
      "title": "Dashboard screenshot (main)",
      "size": "600x600",
      "type": "image/png"
    },
    {
      "src": "/img/teleport-dashboard-related-user-chrome.png",
      "path": "/package/teleport/1.5.0/img/teleport-dashboard-related-user-chrome.png",
      "title": "Dashboard screenshot (user selected)",
      "size": "600x600",
      "type": "image/png"
    }
  ],
  "assets": [
    "/package/teleport/1.5.0/LICENSE.txt",
    "/package/teleport/1.5.0/changelog.yml",
    "/package/teleport/1.5.0/manifest.yml",
    "/package/teleport/1.5.0/validation.yml",
    "/package/teleport/1.5.0/docs/README.md",
    "/package/teleport/1.5.0/img/teleport-dashboard-main-chrome.png",
    "/package/teleport/1.5.0/img/teleport-dashboard-related-user-chrome.png",
    "/package/teleport/1.5.0/img/teleport-logo.svg",
    "/package/teleport/1.5.0/data_stream/audit/manifest.yml",
    "/package/teleport/1.5.0/data_stream/audit/sample_event.json",
    "/package/teleport/1.5.0/kibana/dashboard/teleport-6ed390ba-aab9-446c-9b9b-f4fc1867656c.json",
    "/package/teleport/1.5.0/kibana/search/teleport-837113b5-1bdb-4a90-9336-e05d39db8707.json",
    "/package/teleport/1.5.0/data_stream/audit/fields/base-fields.yml",
    "/package/teleport/1.5.0/data_stream/audit/fields/beats.yml",
    "/package/teleport/1.5.0/data_stream/audit/fields/fields.yml",
    "/package/teleport/1.5.0/data_stream/audit/agent/stream/filestream.yml.hbs",
    "/package/teleport/1.5.0/data_stream/audit/elasticsearch/ingest_pipeline/default.yml",
    "/package/teleport/1.5.0/data_stream/audit/elasticsearch/ingest_pipeline/event-categories.yml",
    "/package/teleport/1.5.0/data_stream/audit/elasticsearch/ingest_pipeline/event-enrich.yml",
    "/package/teleport/1.5.0/data_stream/audit/elasticsearch/ingest_pipeline/event-groups.yml"
  ],
  "policy_templates": [
    {
      "name": "teleport",
      "title": "Teleport",
      "description": "Collect audit logs from Teleport with Elastic Agent.",
      "inputs": [
        {
          "type": "filestream",
          "title": "Teleport audit logs",
          "description": "Collect Teleport audit logs"
        }
      ],
      "multiple": true
    }
  ],
  "data_streams": [
    {
      "type": "logs",
      "dataset": "teleport.audit",
      "title": "Teleport audit logs",
      "release": "ga",
      "ingest_pipeline": "default",
      "streams": [
        {
          "input": "filestream",
          "vars": [
            {
              "name": "paths",
              "type": "text",
              "title": "Paths",
              "description": "The full path to the related log file.",
              "multi": true,
              "required": true,
              "show_user": true,
              "default": [
                "/test/path"
              ]
            },
            {
              "name": "exclude_files",
              "type": "text",
              "title": "Exclude Files",
              "description": "A list of regular expressions to match the files that you want Filebeat to ignore.",
              "multi": false,
              "required": false,
              "show_user": true,
              "default": [
                "\\.gz$"
              ]
            },
            {
              "name": "custom",
              "type": "yaml",
              "title": "Additional Filestream Configuration Options",
              "description": "Configuration options that can be used to further change input configuration. Check the [Filebeat documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-filestream.html) for more information.",
              "multi": false,
              "required": false,
              "show_user": false,
              "default": "#encoding: plain\nprospector.scanner.recursive_glob: true\n#prospector.scanner.symlinks: true\n#prospector.scanner.include_files: ['']\n#prospector.scanner.resend_on_touch: false\n#prospector.scanner.check_interval: 10s\n#prospector.scanner.fingerprint.enabled: false\n#prospector.scanner.fingerprint.offset: 0\n#prospector.scanner.fingerprint.length: 1024\n#ignore_older: 0\n#ignore_inactive: ''\n#close.on_state_change.inactive: 5m\n#close.on_state_change.renamed: false\n#close.on_state_change.removed: false\n#close.reader.on_eof: false\n#close.reader.after_interval: 0\n#clean_inactive: 0\n#clean_removed: true\n#backoff.init: 2s\n#backoff.max: 10s\n#file_identity.native: ~\n#file_identity.path: ''\n#file_identity.inode_marker.path: ''\n#file_identity.fingerprint: ~\n#rotation.external.strategy.copytruncate.suffix_regex: '\\.\\d$'\n#rotation.external.strategy.copytruncate.dateformat: '-20060102'\n#include_lines: ['sometext']\n#exclude_lines: ['^DBG']\n#buffer_size: 16384\n#message_max_bytes: 1048576"
            },
            {
              "name": "preserve_original_event",
              "type": "bool",
              "title": "Preserve original event",
              "description": "Preserves a raw copy of the original event, added to the field `event.original`",
              "multi": false,
              "required": true,
              "show_user": true,
              "default": false
            },
            {
              "name": "cloud_data",
              "type": "select",
              "title": "Cloud Metadata Source",
              "description": "What source to use to populate `cloud.*` fields.",
              "multi": false,
              "required": true,
              "show_user": false,
              "default": "both"
            },
            {
              "name": "tags",
              "type": "text",
              "title": "Tags",
              "multi": true,
              "required": true,
              "show_user": false,
              "default": [
                "forwarded",
                "teleport-audit"
              ]
            },
            {
              "name": "processors",
              "type": "yaml",
              "title": "Processors",
              "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.",
              "multi": false,
              "required": false,
              "show_user": false
            }
          ],
          "template_path": "filestream.yml.hbs",
          "title": "Teleport audit logs",
          "description": "Collect Teleport audit logs",
          "enabled": true,
          "ingestion_method": "File"
        }
      ],
      "package": "teleport",
      "path": "audit"
    }
  ]
}