-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add Terraform modules for the Qualys VMDR data streams.
- Loading branch information
1 parent
955e129
commit ef67daa
Showing
8 changed files
with
573 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:enhancement | ||
Generate Terraform modules for the Qualys VMDR Fleet integration. | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
50 changes: 50 additions & 0 deletions
50
fleet_integration/qualys_vmdr.asset_host_detection.cel/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
<!-- BEGIN_TF_DOCS --> | ||
## Requirements | ||
|
||
No requirements. | ||
|
||
## Providers | ||
|
||
No providers. | ||
|
||
## Modules | ||
|
||
| Name | Source | Version | | ||
|------|--------|---------| | ||
| <a name="module_fleet_package_policy"></a> [fleet\_package\_policy](#module\_fleet\_package\_policy) | ../../fleet_package_policy | n/a | | ||
|
||
## Resources | ||
|
||
No resources. | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| <a name="input_batch_size"></a> [batch\_size](#input\_batch\_size) | Batch size for the response of the Qualys Server API. This parameter specifies the truncation limit for the response. Specify 0 for no truncation limit. | `number` | `1000` | no | | ||
| <a name="input_cloud_data"></a> [cloud\_data](#input\_cloud\_data) | What source to use to populate `cloud.*` fields. | `string` | `"both"` | no | | ||
| <a name="input_enable_request_tracer"></a> [enable\_request\_tracer](#input\_enable\_request\_tracer) | The request tracer logs HTTP requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details. | `bool` | `null` | no | | ||
| <a name="input_fleet_agent_policy_id"></a> [fleet\_agent\_policy\_id](#input\_fleet\_agent\_policy\_id) | Agent policy ID to add the package policy to. | `string` | n/a | yes | | ||
| <a name="input_fleet_data_stream_namespace"></a> [fleet\_data\_stream\_namespace](#input\_fleet\_data\_stream\_namespace) | Namespace to use for the data stream. | `string` | `"default"` | no | | ||
| <a name="input_fleet_package_policy_description"></a> [fleet\_package\_policy\_description](#input\_fleet\_package\_policy\_description) | Description to use for the package policy. | `string` | `""` | no | | ||
| <a name="input_fleet_package_policy_name_suffix"></a> [fleet\_package\_policy\_name\_suffix](#input\_fleet\_package\_policy\_name\_suffix) | Suffix to append to the end of the package policy name. | `string` | `""` | no | | ||
| <a name="input_fleet_package_version"></a> [fleet\_package\_version](#input\_fleet\_package\_version) | Version of the qualys\_vmdr package to use. | `string` | `"5.0.0"` | no | | ||
| <a name="input_http_client_timeout"></a> [http\_client\_timeout](#input\_http\_client\_timeout) | Duration before declaring that the HTTP client connection has timed out. Give a timeout of more than 1 minute when retrieving data which is more than 15 days old. Supported time units are ns, us, ms, s, m, h. Requests may take significant time, so short timeouts are not recommended. | `string` | `"10m"` | no | | ||
| <a name="input_input_parameters"></a> [input\_parameters](#input\_input\_parameters) | Input Parameters for the URL. param1=value¶m2=value¶m3=....* | `string` | `""` | no | | ||
| <a name="input_interval"></a> [interval](#input\_interval) | Interval between two REST API calls. User can choose interval as per their plan mentioned in [Qualys API Limits](https://www.qualys.com/docs/qualys-api-limits.pdf). Supported units for this parameter are h/m/s. | `string` | `"4h"` | no | | ||
| <a name="input_password"></a> [password](#input\_password) | Password for the Qualys VMDR. | `string` | n/a | yes | | ||
| <a name="input_preserve_duplicate_custom_fields"></a> [preserve\_duplicate\_custom\_fields](#input\_preserve\_duplicate\_custom\_fields) | Preserve qualys\_vmdr.asset\_host\_detection fields that were copied to Elastic Common Schema (ECS) fields. | `bool` | `false` | no | | ||
| <a name="input_preserve_original_event"></a> [preserve\_original\_event](#input\_preserve\_original\_event) | Preserves a raw copy of the original event, added to the field `event.original`. | `bool` | `false` | no | | ||
| <a name="input_processors_yaml"></a> [processors\_yaml](#input\_processors\_yaml) | Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the data is parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. | `string` | `null` | no | | ||
| <a name="input_proxy_url"></a> [proxy\_url](#input\_proxy\_url) | URL to proxy connections in the form of http[s]://<user>:<password>@<server name/ip>:<port>. Please ensure your username and password are in URL encoded format. | `string` | `null` | no | | ||
| <a name="input_ssl_yaml"></a> [ssl\_yaml](#input\_ssl\_yaml) | i.e. certificate\_authorities, supported\_protocols, verification\_mode etc. | `string` | `"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n"` | no | | ||
| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `list(string)` | <pre>[<br> "forwarded",<br> "qualys_vmdr-asset_host_detection"<br>]</pre> | no | | ||
| <a name="input_url"></a> [url](#input\_url) | Base URL of the Qualys Server API. | `string` | n/a | yes | | ||
| <a name="input_username"></a> [username](#input\_username) | Username for the Qualys VMDR. | `string` | n/a | yes | | ||
|
||
## Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| <a name="output_id"></a> [id](#output\_id) | Package policy ID | | ||
<!-- END_TF_DOCS --> |
144 changes: 144 additions & 0 deletions
144
fleet_integration/qualys_vmdr.asset_host_detection.cel/module.tf.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,144 @@ | ||
{ | ||
"//": "Generated by fleet-terraform-generator - DO NOT EDIT", | ||
"variable": { | ||
"batch_size": { | ||
"type": "number", | ||
"description": "Batch size for the response of the Qualys Server API. This parameter specifies the truncation limit for the response. Specify 0 for no truncation limit.", | ||
"default": 1000, | ||
"nullable": false | ||
}, | ||
"cloud_data": { | ||
"type": "string", | ||
"description": "What source to use to populate `cloud.*` fields.", | ||
"default": "both", | ||
"nullable": false | ||
}, | ||
"enable_request_tracer": { | ||
"type": "bool", | ||
"description": "The request tracer logs HTTP requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details.\n", | ||
"default": null | ||
}, | ||
"fleet_agent_policy_id": { | ||
"type": "string", | ||
"description": "Agent policy ID to add the package policy to." | ||
}, | ||
"fleet_data_stream_namespace": { | ||
"type": "string", | ||
"description": "Namespace to use for the data stream.", | ||
"default": "default" | ||
}, | ||
"fleet_package_policy_description": { | ||
"type": "string", | ||
"description": "Description to use for the package policy.", | ||
"default": "" | ||
}, | ||
"fleet_package_policy_name_suffix": { | ||
"type": "string", | ||
"description": "Suffix to append to the end of the package policy name.", | ||
"default": "" | ||
}, | ||
"fleet_package_version": { | ||
"type": "string", | ||
"description": "Version of the qualys_vmdr package to use.", | ||
"default": "5.0.0" | ||
}, | ||
"http_client_timeout": { | ||
"type": "string", | ||
"description": "Duration before declaring that the HTTP client connection has timed out. Give a timeout of more than 1 minute when retrieving data which is more than 15 days old. Supported time units are ns, us, ms, s, m, h. Requests may take significant time, so short timeouts are not recommended.", | ||
"default": "10m", | ||
"nullable": false | ||
}, | ||
"input_parameters": { | ||
"type": "string", | ||
"description": "Input Parameters for the URL. param1=value¶m2=value¶m3=....*", | ||
"default": "" | ||
}, | ||
"interval": { | ||
"type": "string", | ||
"description": "Interval between two REST API calls. User can choose interval as per their plan mentioned in [Qualys API Limits](https://www.qualys.com/docs/qualys-api-limits.pdf). Supported units for this parameter are h/m/s.", | ||
"default": "4h", | ||
"nullable": false | ||
}, | ||
"password": { | ||
"type": "string", | ||
"description": "Password for the Qualys VMDR.", | ||
"sensitive": true, | ||
"nullable": false | ||
}, | ||
"preserve_duplicate_custom_fields": { | ||
"type": "bool", | ||
"description": "Preserve qualys_vmdr.asset_host_detection fields that were copied to Elastic Common Schema (ECS) fields.", | ||
"default": false, | ||
"nullable": false | ||
}, | ||
"preserve_original_event": { | ||
"type": "bool", | ||
"description": "Preserves a raw copy of the original event, added to the field `event.original`.", | ||
"default": false, | ||
"nullable": false | ||
}, | ||
"processors_yaml": { | ||
"type": "string", | ||
"description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the data is parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", | ||
"default": null | ||
}, | ||
"proxy_url": { | ||
"type": "string", | ||
"description": "URL to proxy connections in the form of http[s]://<user>:<password>@<server name/ip>:<port>. Please ensure your username and password are in URL encoded format.", | ||
"default": null | ||
}, | ||
"ssl_yaml": { | ||
"type": "string", | ||
"description": "i.e. certificate_authorities, supported_protocols, verification_mode etc.", | ||
"default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" | ||
}, | ||
"tags": { | ||
"type": "list(string)", | ||
"default": [ | ||
"forwarded", | ||
"qualys_vmdr-asset_host_detection" | ||
], | ||
"nullable": false | ||
}, | ||
"url": { | ||
"type": "string", | ||
"description": "Base URL of the Qualys Server API.", | ||
"nullable": false | ||
}, | ||
"username": { | ||
"type": "string", | ||
"description": "Username for the Qualys VMDR.", | ||
"nullable": false | ||
} | ||
}, | ||
"output": { | ||
"id": { | ||
"description": "Package policy ID", | ||
"value": "${module.fleet_package_policy.id}" | ||
} | ||
}, | ||
"module": { | ||
"fleet_package_policy": { | ||
"agent_policy_id": "${var.fleet_agent_policy_id}", | ||
"all_data_streams": [ | ||
"asset_host_detection", | ||
"knowledge_base", | ||
"user_activity" | ||
], | ||
"all_policy_template_inputs": [ | ||
"qualys_vmdr-cel" | ||
], | ||
"data_stream": "asset_host_detection", | ||
"data_stream_variables_json": "${jsonencode({\n batch_size = var.batch_size\n cloud_data = var.cloud_data\n enable_request_tracer = var.enable_request_tracer\n http_client_timeout = var.http_client_timeout\n input_parameters = var.input_parameters\n interval = var.interval\n preserve_duplicate_custom_fields = var.preserve_duplicate_custom_fields\n preserve_original_event = var.preserve_original_event\n processors = var.processors_yaml\n tags = var.tags\n url = var.url\n})}", | ||
"description": "${var.fleet_package_policy_description}", | ||
"input_type": "cel", | ||
"input_variables_json": "${jsonencode({\n password = var.password\n proxy_url = var.proxy_url\n ssl = var.ssl_yaml\n username = var.username\n})}", | ||
"namespace": "${var.fleet_data_stream_namespace}", | ||
"package_name": "qualys_vmdr", | ||
"package_policy_name": "qualys_vmdr-asset_host_detection-${var.fleet_data_stream_namespace}${var.fleet_package_policy_name_suffix}", | ||
"package_version": "${var.fleet_package_version}", | ||
"policy_template": "qualys_vmdr", | ||
"source": "../../fleet_package_policy" | ||
} | ||
} | ||
} |
Oops, something went wrong.