[new modules] Add Qualys VMDR

Add Terraform modules for the Qualys VMDR data streams.

.changelog/51.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+Generate Terraform modules for the Qualys VMDR Fleet integration.
+```

Makefile

@@ -30,6 +30,7 @@ fleet-modules: install
 		"google_workspace/*/*/httpjson" \
 		"m365_defender/*/event/*" \
 		"m365_defender/*/incident/*" \
+		"qualys_vmdr/*/*/cel" \
 		"system/*/application/winlog" \
 		"system/*/security/winlog" \
 		"system/system/diskio/system_metrics" \

fleet_integration/qualys_vmdr.asset_host_detection.cel/README.md

@@ -0,0 +1,50 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_fleet_package_policy"></a> [fleet\_package\_policy](#module\_fleet\_package\_policy) | ../../fleet_package_policy | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_batch_size"></a> [batch\_size](#input\_batch\_size) | Batch size for the response of the Qualys Server API. This parameter specifies the truncation limit for the response. Specify 0 for no truncation limit. | `number` | `1000` | no |
+| <a name="input_cloud_data"></a> [cloud\_data](#input\_cloud\_data) | What source to use to populate `cloud.*` fields. | `string` | `"both"` | no |
+| <a name="input_enable_request_tracer"></a> [enable\_request\_tracer](#input\_enable\_request\_tracer) | The request tracer logs HTTP requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details. | `bool` | `null` | no |
+| <a name="input_fleet_agent_policy_id"></a> [fleet\_agent\_policy\_id](#input\_fleet\_agent\_policy\_id) | Agent policy ID to add the package policy to. | `string` | n/a | yes |
+| <a name="input_fleet_data_stream_namespace"></a> [fleet\_data\_stream\_namespace](#input\_fleet\_data\_stream\_namespace) | Namespace to use for the data stream. | `string` | `"default"` | no |
+| <a name="input_fleet_package_policy_description"></a> [fleet\_package\_policy\_description](#input\_fleet\_package\_policy\_description) | Description to use for the package policy. | `string` | `""` | no |
+| <a name="input_fleet_package_policy_name_suffix"></a> [fleet\_package\_policy\_name\_suffix](#input\_fleet\_package\_policy\_name\_suffix) | Suffix to append to the end of the package policy name. | `string` | `""` | no |
+| <a name="input_fleet_package_version"></a> [fleet\_package\_version](#input\_fleet\_package\_version) | Version of the qualys\_vmdr package to use. | `string` | `"5.0.0"` | no |
+| <a name="input_http_client_timeout"></a> [http\_client\_timeout](#input\_http\_client\_timeout) | Duration before declaring that the HTTP client connection has timed out. Give a timeout of more than 1 minute when retrieving data which is more than 15 days old. Supported time units are ns, us, ms, s, m, h. Requests may take significant time, so short timeouts are not recommended. | `string` | `"10m"` | no |
+| <a name="input_input_parameters"></a> [input\_parameters](#input\_input\_parameters) | Input Parameters for the URL. param1=value&param2=value&param3=....* | `string` | `""` | no |
+| <a name="input_interval"></a> [interval](#input\_interval) | Interval between two REST API calls. User can choose interval as per their plan mentioned in [Qualys API Limits](https://www.qualys.com/docs/qualys-api-limits.pdf). Supported units for this parameter are h/m/s. | `string` | `"4h"` | no |
+| <a name="input_password"></a> [password](#input\_password) | Password for the Qualys VMDR. | `string` | n/a | yes |
+| <a name="input_preserve_duplicate_custom_fields"></a> [preserve\_duplicate\_custom\_fields](#input\_preserve\_duplicate\_custom\_fields) | Preserve qualys\_vmdr.asset\_host\_detection fields that were copied to Elastic Common Schema (ECS) fields. | `bool` | `false` | no |
+| <a name="input_preserve_original_event"></a> [preserve\_original\_event](#input\_preserve\_original\_event) | Preserves a raw copy of the original event, added to the field `event.original`. | `bool` | `false` | no |
+| <a name="input_processors_yaml"></a> [processors\_yaml](#input\_processors\_yaml) | Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the data is parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. | `string` | `null` | no |
+| <a name="input_proxy_url"></a> [proxy\_url](#input\_proxy\_url) | URL to proxy connections in the form of http[s]://<user>:<password>@<server name/ip>:<port>. Please ensure your username and password are in URL encoded format. | `string` | `null` | no |
+| <a name="input_ssl_yaml"></a> [ssl\_yaml](#input\_ssl\_yaml) | i.e. certificate\_authorities, supported\_protocols, verification\_mode etc. | `string` | `"#certificate_authorities:\n#  - |\n#    -----BEGIN CERTIFICATE-----\n#    MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n#    ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n#    MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n#    BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n#    fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n#    94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n#    /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n#    PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n#    CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n#    BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n#    8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n#    874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n#    3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n#    H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n#    8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n#    yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n#    sxSmbIUfc2SGJGCJD4I=\n#    -----END CERTIFICATE-----\n"` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `list(string)` | <pre>[<br>  "forwarded",<br>  "qualys_vmdr-asset_host_detection"<br>]</pre> | no |
+| <a name="input_url"></a> [url](#input\_url) | Base URL of the Qualys Server API. | `string` | n/a | yes |
+| <a name="input_username"></a> [username](#input\_username) | Username for the Qualys VMDR. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_id"></a> [id](#output\_id) | Package policy ID |
+<!-- END_TF_DOCS -->

fleet_integration/qualys_vmdr.asset_host_detection.cel/module.tf.json

@@ -0,0 +1,144 @@
+{
+  "//": "Generated by fleet-terraform-generator - DO NOT EDIT",
+  "variable": {
+    "batch_size": {
+      "type": "number",
+      "description": "Batch size for the response of the Qualys Server API. This parameter specifies the truncation limit for the response. Specify 0 for no truncation limit.",
+      "default": 1000,
+      "nullable": false
+    },
+    "cloud_data": {
+      "type": "string",
+      "description": "What source to use to populate `cloud.*` fields.",
+      "default": "both",
+      "nullable": false
+    },
+    "enable_request_tracer": {
+      "type": "bool",
+      "description": "The request tracer logs HTTP requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details.\n",
+      "default": null
+    },
+    "fleet_agent_policy_id": {
+      "type": "string",
+      "description": "Agent policy ID to add the package policy to."
+    },
+    "fleet_data_stream_namespace": {
+      "type": "string",
+      "description": "Namespace to use for the data stream.",
+      "default": "default"
+    },
+    "fleet_package_policy_description": {
+      "type": "string",
+      "description": "Description to use for the package policy.",
+      "default": ""
+    },
+    "fleet_package_policy_name_suffix": {
+      "type": "string",
+      "description": "Suffix to append to the end of the package policy name.",
+      "default": ""
+    },
+    "fleet_package_version": {
+      "type": "string",
+      "description": "Version of the qualys_vmdr package to use.",
+      "default": "5.0.0"
+    },
+    "http_client_timeout": {
+      "type": "string",
+      "description": "Duration before declaring that the HTTP client connection has timed out. Give a timeout of more than 1 minute when retrieving data which is more than 15 days old. Supported time units are ns, us, ms, s, m, h. Requests may take significant time, so short timeouts are not recommended.",
+      "default": "10m",
+      "nullable": false
+    },
+    "input_parameters": {
+      "type": "string",
+      "description": "Input Parameters for the URL. param1=value&param2=value&param3=....*",
+      "default": ""
+    },
+    "interval": {
+      "type": "string",
+      "description": "Interval between two REST API calls. User can choose interval as per their plan mentioned in [Qualys API Limits](https://www.qualys.com/docs/qualys-api-limits.pdf). Supported units for this parameter are h/m/s.",
+      "default": "4h",
+      "nullable": false
+    },
+    "password": {
+      "type": "string",
+      "description": "Password for the Qualys VMDR.",
+      "sensitive": true,
+      "nullable": false
+    },
+    "preserve_duplicate_custom_fields": {
+      "type": "bool",
+      "description": "Preserve qualys_vmdr.asset_host_detection fields that were copied to Elastic Common Schema (ECS) fields.",
+      "default": false,
+      "nullable": false
+    },
+    "preserve_original_event": {
+      "type": "bool",
+      "description": "Preserves a raw copy of the original event, added to the field `event.original`.",
+      "default": false,
+      "nullable": false
+    },
+    "processors_yaml": {
+      "type": "string",
+      "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the data is parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.",
+      "default": null
+    },
+    "proxy_url": {
+      "type": "string",
+      "description": "URL to proxy connections in the form of http[s]://<user>:<password>@<server name/ip>:<port>. Please ensure your username and password are in URL encoded format.",
+      "default": null
+    },
+    "ssl_yaml": {
+      "type": "string",
+      "description": "i.e. certificate_authorities, supported_protocols, verification_mode etc.",
+      "default": "#certificate_authorities:\n#  - |\n#    -----BEGIN CERTIFICATE-----\n#    MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n#    ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n#    MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n#    BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n#    fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n#    94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n#    /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n#    PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n#    CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n#    BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n#    8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n#    874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n#    3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n#    H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n#    8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n#    yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n#    sxSmbIUfc2SGJGCJD4I=\n#    -----END CERTIFICATE-----\n"
+    },
+    "tags": {
+      "type": "list(string)",
+      "default": [
+        "forwarded",
+        "qualys_vmdr-asset_host_detection"
+      ],
+      "nullable": false
+    },
+    "url": {
+      "type": "string",
+      "description": "Base URL of the Qualys Server API.",
+      "nullable": false
+    },
+    "username": {
+      "type": "string",
+      "description": "Username for the Qualys VMDR.",
+      "nullable": false
+    }
+  },
+  "output": {
+    "id": {
+      "description": "Package policy ID",
+      "value": "${module.fleet_package_policy.id}"
+    }
+  },
+  "module": {
+    "fleet_package_policy": {
+      "agent_policy_id": "${var.fleet_agent_policy_id}",
+      "all_data_streams": [
+        "asset_host_detection",
+        "knowledge_base",
+        "user_activity"
+      ],
+      "all_policy_template_inputs": [
+        "qualys_vmdr-cel"
+      ],
+      "data_stream": "asset_host_detection",
+      "data_stream_variables_json": "${jsonencode({\n  batch_size = var.batch_size\n  cloud_data = var.cloud_data\n  enable_request_tracer = var.enable_request_tracer\n  http_client_timeout = var.http_client_timeout\n  input_parameters = var.input_parameters\n  interval = var.interval\n  preserve_duplicate_custom_fields = var.preserve_duplicate_custom_fields\n  preserve_original_event = var.preserve_original_event\n  processors = var.processors_yaml\n  tags = var.tags\n  url = var.url\n})}",
+      "description": "${var.fleet_package_policy_description}",
+      "input_type": "cel",
+      "input_variables_json": "${jsonencode({\n  password = var.password\n  proxy_url = var.proxy_url\n  ssl = var.ssl_yaml\n  username = var.username\n})}",
+      "namespace": "${var.fleet_data_stream_namespace}",
+      "package_name": "qualys_vmdr",
+      "package_policy_name": "qualys_vmdr-asset_host_detection-${var.fleet_data_stream_namespace}${var.fleet_package_policy_name_suffix}",
+      "package_version": "${var.fleet_package_version}",
+      "policy_template": "qualys_vmdr",
+      "source": "../../fleet_package_policy"
+    }
+  }
+}