Vector Templates
000-source-file.yml
Source file that fetchs data from source file
_001_SOURCE_FILE
Path to source vector vector component (file or directory)
000-source-test-file-with-receiver-emulation.yml
Fetch data from source file then parses it as JSON and performs receiver like transformations.
VECTOR_ENRICHMENT_PATH
Directory where enrichment CSVs are located;
000-source-test-file-with-receiver-emulation.yml
Fetch data from source file then parses it as JSON and performs receiver like transformations.
EVENT_CATEGORY_MAP_CSV
File for event.category value mapping;
000-source-test-file-with-receiver-emulation.yml
Fetch data from source file then parses it as JSON and performs receiver like transformations.
_001_SOURCE_FILE
Path to source data examples;
001-source-kafka-aws-saas.yml
Source file that fetches data from kafka topic
KAFKA_MTLS_PATH
the path for the pki certificates landed from Secret Manager or Hashicorp Vault for MTLS to Kafka/MSK
001-source-kafka-aws-saas.yml
Source file that fetches data from kafka topic
KAFKA_BROKERS
the comma delimited list of hostname:port for kafka brokers
001-source-kafka-aws-saas.yml
Source file that fetches data from kafka topic
KAFKA_TOPIC
the topic to pull data from
001-source-kafka-aws-saas.yml
Source file that fetches data from kafka topic
KAFKA_SOURCE_TOPIC_SUFFIX
suffix of the topic to pull data from
001-source-kafka-aws-saas.yml
Source file that fetches data from kafka topic
KAFKA_CONSUMER_GROUP
the consumer group associated with this topic
001-source-kafka-aws-saas.yml
Source file that fetches data from Kafka topic
KAFKA_MTLS_PATH
The path for the PKI certificates landed from Secret Manager or Hashicorp Vault for MTLS to Kafka/MSK.
001-source-kafka-aws-saas.yml
Source file that fetches data from Kafka topic
KAFKA_BROKERS
The comma-delimited list of hostname:port for Kafka brokers.
001-source-kafka-aws-saas.yml
Source file that fetches data from Kafka topic
KAFKA_SOURCE_TOPIC
The base topic to pull data from.
001-source-kafka-aws-saas.yml
Source file that fetches data from Kafka topic
KAFKA_SOURCE_TOPIC_SUFFIX
Suffix of the topic to pull data from.
001-source-kafka-aws-saas.yml
Source file that fetches data from Kafka topic
KAFKA_CONSUMER_GROUP
The consumer group associated with this topic.
001-source-kafka-aws-saas.yml
Source file that fetches data from Kafka topic
KAFKA_MESSAGE_MAX_BYTES
Maximum message size (in bytes) the broker can accept. Default: 10485760.
001-source-kafka-aws-saas.yml
Source file that fetches data from Kafka topic
KAFKA_FETCH_WAIT_MAX_MS
Maximum time (in milliseconds) the broker will wait to accumulate data before responding to a fetch request. Default: 10000.
002-source-kafka-event-hub.yml
Source for HyperSec XDR External Azure tenancy - Configuration for SASL authentication
N/A
N/A
003-source-kafka-aws-saas-regex.yml
Source file that fetches data from kafka topics using regex
KAFKA_MTLS_PATH
the path for the pki certificates landed from Secret Manager or Hashicorp Vault for MTLS to Kafka/MSK
003-source-kafka-aws-saas-regex.yml
Source file that fetches data from kafka topics using regex
KAFKA_BROKERS
the comma delimited list of hostname:port for kafka brokers
003-source-kafka-aws-saas-regex.yml
Source file that fetches data from kafka topics using regex
KAFKA_SOURCE_TOPIC_REGEX
regex string of topics to pull data from
003-source-kafka-aws-saas-regex.yml
Source file that fetches data from kafka topics using regex
KAFKA_CONSUMER_GROUP
the consumer group associated with this topic
101-transform-flatten-message.yml
Transform file that parses message field as JSON
_101_TRANSFORM_FLATTEN_MESSAGE_INPUT
Dynamic input set in the container as an env variable;
101-transform-flatten-message.yml
Transform file that parses message field as JSON
_101_TRANSFORM_FLATTEN_MESSAGE_INPUT
Dynamic input set in the container as an env variable;
102-transform-remap-fields.yml
Transform file that rename fields accordingly to match clickhouse column names
VECTOR_ENRICHMENT_PATH
path of enrichment files folder;
102-transform-remap-fields.yml
Transform file that rename fields accordingly to match clickhouse column names
REMAP_FIELDS
path of csv file containing data for fields that needs remapping;
102-transform-remap-fields.yml
Transform file that rename fields accordingly to match clickhouse column names
_102_TRANSFORM_REMAP_FIELDS_INPUT
Dynamic input set in the container as an env variable;
102-transform-remap-fields.yml
Transform file that rename fields accordingly to match clickhouse column names
VECTOR_ENRICHMENT_PATH
path of enrichment files folder;
102-transform-remap-fields.yml
Transform file that rename fields accordingly to match clickhouse column names
REMAP_FIELDS
path of csv file containing data for fields that needs remapping;
102-transform-remap-fields.yml
Transform file that rename fields accordingly to match clickhouse column names
_102_TRANSFORM_REMAP_FIELDS_INPUT
Dynamic input set in the container as an env variable;
103-transform-enrich-maxmind.yml
Transform file that enriches IP addresses using the maxmind mmdb source, Set private_address to False for public IPs and True for private IPs, Set country_name to "Private Address Space" for all private IPs, Remove geoip data fields with null values
VECTOR_ENRICHMENT_PATH
the path to the maxmind mmdb files;
103-transform-enrich-maxmind.yml
Transform file that enriches IP addresses using the maxmind mmdb source, Set private_address to False for public IPs and True for private IPs, Set country_name to "Private Address Space" for all private IPs, Remove geoip data fields with null values
_103_TRANSFORM_ENRICH_MAXMIND_INPUT
Dynamic input set in the container as an env variable;
103-transform-enrich-maxmind.yml
Transform file that enriches IP addresses using the maxmind mmdb source, Set private_address to False for public IPs and True for private IPs, Set country_name to "Private Address Space" for all private IPs, Remove geoip data fields with null values
MAXMIND_ENRICHMENT
csv of fields to geoip enrich dot separated;
103-transform-enrich-maxmind.yml
Transform file that enriches IP addresses using the maxmind mmdb source, Set private_address to False for public IPs and True for private IPs, Set country_name to "Private Address Space" for all private IPs, Remove geoip data fields with null values
GEOIP_ASN
location of geoip_asn mmdb file;
103-transform-enrich-maxmind.yml
Transform file that enriches IP addresses using the maxmind mmdb source, Set private_address to False for public IPs and True for private IPs, Set country_name to "Private Address Space" for all private IPs, Remove geoip data fields with null values
GEOIP_CITY
location of geoip_city mmdb file;
103-transform-enrich-maxmind.yml
Transform file that enriches IP addresses using the maxmind mmdb source, Set private_address to False for public IPs and True for private IPs, Set country_name to "Private Address Space" for all private IPs, Remove geoip data fields with null values
FIELD_SETTER_ITERATION_GROUP
Value for iterator on enrichment csvs;
103-transform-enrich-maxmind.yml
Transform file that enriches IP addresses using the maxmind mmdb source, Set private_address to False for public IPs and True for private IPs, Set country_name to "Private Address Space" for all private IPs, Remove geoip data fields with null values
VECTOR_ENRICHMENT_PATH
the path to the maxmind mmdb files;
103-transform-enrich-maxmind.yml
Transform file that enriches IP addresses using the maxmind mmdb source, Set private_address to False for public IPs and True for private IPs, Set country_name to "Private Address Space" for all private IPs, Remove geoip data fields with null values
_103_TRANSFORM_ENRICH_MAXMIND_INPUT
Dynamic input set in the container as an env variable;
103-transform-enrich-maxmind.yml
Transform file that enriches IP addresses using the maxmind mmdb source, Set private_address to False for public IPs and True for private IPs, Set country_name to "Private Address Space" for all private IPs, Remove geoip data fields with null values
MAXMIND_ENRICHMENT
csv of fields to geoip enrich dot separated;
103-transform-enrich-maxmind.yml
Transform file that enriches IP addresses using the maxmind mmdb source, Set private_address to False for public IPs and True for private IPs, Set country_name to "Private Address Space" for all private IPs, Remove geoip data fields with null values
GEOIP_ASN
location of geoip_asn mmdb file;
103-transform-enrich-maxmind.yml
Transform file that enriches IP addresses using the maxmind mmdb source, Set private_address to False for public IPs and True for private IPs, Set country_name to "Private Address Space" for all private IPs, Remove geoip data fields with null values
GEOIP_CITY
location of geoip_city mmdb file;
103-transform-enrich-maxmind.yml
Transform file that enriches IP addresses using the maxmind mmdb source, Set private_address to False for public IPs and True for private IPs, Set country_name to "Private Address Space" for all private IPs, Remove geoip data fields with null values
FIELD_SETTER_ITERATION_GROUP
Value for iterator on enrichment csvs;
104-transform-extract-fields.yml
Transform file that extracts a field to parse its content into a key,value object.
VECTOR_ENRICHMENT_PATH
path of enrichment files
104-transform-extract-fields.yml
Transform file that extracts a field to parse its content into a key,value object.
_104_TRANSFORM_EXTRACT_FIELDS_INPUT
Dynamic input set in the container as an env variable;
104-transform-extract-fields.yml
Transform file that extracts a field to parse its content into a key,value object.
EXTRACT_FIELDS_CSV
path of csv that contains data for the fields to be extracted
104-transform-extract-fields.yml
Transform file that extracts a field to parse its content into a key,value object.
FIELD_SETTER_ITERATION_GROUP
value for iterator on extract_fields.csv
104-transform-extract-fields.yml
Transform file that extracts a field to parse its content into a key,value object.
VECTOR_ENRICHMENT_PATH
path of enrichment files
104-transform-extract-fields.yml
Transform file that extracts a field to parse its content into a key,value object.
_104_TRANSFORM_EXTRACT_FIELDS_INPUT
Dynamic input set in the container as an env variable;
104-transform-extract-fields.yml
Transform file that extracts a field to parse its content into a key,value object.
EXTRACT_FIELDS_CSV
path of csv that contains data for the fields to be extracted
104-transform-extract-fields.yml
Transform file that extracts a field to parse its content into a key,value object.
FIELD_SETTER_ITERATION_GROUP
value for iterator on extract_fields.csv
104-transform-extract-fields.yml
Transform file that extracts a field to parse its content into a key,value object.
VECTOR_ENRICHMENT_PATH
path of enrichment files
104-transform-extract-fields.yml
Transform file that extracts a field to parse its content into a key,value object.
_104_TRANSFORM_EXTRACT_FIELDS_INPUT
Dynamic input set in the container as an env variable;
104-transform-extract-fields.yml
Transform file that extracts a field to parse its content into a key,value object.
EXTRACT_FIELDS_CSV
path of csv that contains data for the fields to be extracted
104-transform-extract-fields.yml
Transform file that extracts a field to parse its content into a key,value object.
FIELD_SETTER_ITERATION_GROUP
value for iterator on extract_fields.csv
105-transform-junk-filter.yml
[HSXDR-154] - Transform file that removes all fields with empty values
_105_TRANSFORM_JUNK_FILTER_INPUT
name of the last enrichment transform
106-transform-netflow-timestamp-mapping.yml
[HSXDR-227] - Transform file for netflow datetime field correction
_106_TRANSFORM_TIMESTAMP_MAPPING_INPUT
name of input: remap or source
106-transform-netflow-timestamp-mapping.yml
[HSXDR-227] - Transform file for netflow datetime field correction
VECTOR_ENRICHMENT_PATH
path of enrichment files folder
106-transform-netflow-timestamp-mapping.yml
[HSXDR-227] - Transform file for netflow datetime field correction
TIME_FIELDS
path of csv that contains data of the fields with datetime format
106-transform-netflow-timestamp-mapping.yml
[HSXDR-227] - Transform file for netflow datetime field correction
_106_TRANSFORM_TIMESTAMP_MAPPING_INPUT
name of input: remap or source
106-transform-netflow-timestamp-mapping.yml
[HSXDR-227] - Transform file for netflow datetime field correction
VECTOR_ENRICHMENT_PATH
path of enrichment files folder
106-transform-netflow-timestamp-mapping.yml
[HSXDR-227] - Transform file for netflow datetime field correction
TIME_FIELDS
path of csv that contains data of the fields with datetime format
107-transform-ch-control-fields.yml
Transform file that copies all fields then store it under tags field
_107_TRANSFORM_CH_CONTROL_FIELDS_INPUT
name of input: remap or source
107-transform-ch-control-fields.yml
Transform file that copies all fields then store it under tags field
_107_TRANSFORM_CH_CONTROL_FIELDS_INPUT
name of input: remap or source
108-transform-ch-json-remap.yml
Transform file that converts JSON field into string for clickhouse loading
_108_TRANSFORM_CH_JSON_REMAP
name of input: remap or source
108-transform-ch-json-remap.yml
Transform file that converts JSON field into string for clickhouse loading
VECTOR_ENRICHMENT_PATH
path of enrichment files folder
108-transform-ch-json-remap.yml
Transform file that converts JSON field into string for clickhouse loading
JSON_FIELDS
path of csv file containing data for fields that needs to be transformed into json string
108-transform-ch-json-remap.yml
Transform file that converts JSON field into string for clickhouse loading
_108_TRANSFORM_CH_JSON_REMAP
name of input: remap or source
108-transform-ch-json-remap.yml
Transform file that converts JSON field into string for clickhouse loading
VECTOR_ENRICHMENT_PATH
path of enrichment files folder
108-transform-ch-json-remap.yml
Transform file that converts JSON field into string for clickhouse loading
JSON_FIELDS
path of csv file containing data for fields that needs to be transformed into json string
108-transform-ch-json-remap.yml
Transform file that converts JSON field into string for clickhouse loading
FIELD_SETTER_ITERATION_GROUP
Value for iterator on enrichment csvs;
109-transform-ch-custom-transformations.yml
Transform file that modify events to conform with Clickhouse guidelines
_109_TRANSFORM_CH_CUSTOM_TRANSFORMATIONS_INPUT
name of input: remap or source
109-transform-ch-custom-transformations.yml
Transform file that modify events to conform with Clickhouse guidelines
SUPPORTED_TIMESTAMP_FORMAT
list of timestamp formats supported for transform
109-transform-ch-custom-transformations.yml
Transform file that modify events to conform with Clickhouse guidelines
_109_TRANSFORM_CH_CUSTOM_TRANSFORMATIONS_INPUT
name of input: remap or source
109-transform-ch-custom-transformations.yml
Transform file that modify events to conform with Clickhouse guidelines
SUPPORTED_TIMESTAMP_FORMAT
list of timestamp formats supported for transform
109-transform-ch-custom-transformations.yml
Transform file that modify events to conform with Clickhouse guidelines
_109_TRANSFORM_CH_CUSTOM_TRANSFORMATIONS_INPUT
name of input: remap or source
109-transform-ch-custom-transformations.yml
Transform file that modify events to conform with Clickhouse guidelines
SUPPORTED_TIMESTAMP_FORMAT
list of timestamp formats supported for transform
110-transform-netflow-flatten.yml
Unnest an array field from an object to create an array of objects using that field; keeping all other fields.
_110_TRANSFORM_NETFLOW_FLATTEN_INPUT
name of input: remap or source
111-transform-os-set-data-stream-fields.yml
Transform file that sets the opensearch data stream control fields
_111_TRANSFORM_OS_SET_DATA_STREAM_FIELDS_INPUT
name of input: remap or source
112-transform-remove-flows-prefix.yml
Transform file that removes Flows field and move values under it outside
_112_TRANSFORM_REMOVE_FLOWS_PREFIX_INPUT
name of input: remap or source
114-transform-ch-custom-values.yml
Transform file that modify events to conform with Clickhouse guidelines
_114_TRANSFORM_CH_CUSTOM_VALUES_INPUT
name of input: remap or source
114-transform-ch-custom-values.yml
Transform file that modify events to conform with Clickhouse guidelines
SUPPORTED_TIMESTAMP_FORMAT
list of timestamp formats supported for transform
114-transform-ch-custom-values.yml
Transform file that modify events to conform with Clickhouse guidelines
VECTOR_ENRICHMENT_PATH
enrichment csv file folder location
114-transform-ch-custom-values.yml
Transform file that modify events to conform with Clickhouse guidelines
TIME_FIELDS
path of csv that contains field names with datetime format
114-transform-ch-custom-values.yml
Transform file that modify events to conform with Clickhouse guidelines
INVALID_CHAR_FIELDS
path of csv that contains field names with values having invalid characters
114-transform-ch-custom-values.yml
Transform file that modify events to conform with Clickhouse guidelines
ARRAY_FIELDS
path of csv that contains field names with array format
114-transform-ch-custom-values.yml
Transform file that modify events to conform with Clickhouse guidelines
FIELD_SETTER_ITERATION_GROUP
alue for iterator on enrichment csvs
115-transform-timestamp-load-field.yml
Transform file that adds timestamp_load field
_115_TRANSFORM_TIMESTAMP_LOAD_INPUT
name of input: remap or source
116-transform-fields-to-camel-case.yml
N/A
N/A
116-transform-fields-to-camel-case.yml
N/A
N/A
116-transform-fields-to-camel-case.yml
N/A
N/A
116-transform-fields-to-snake-case.yml
N/A
N/A
116-transform-fields-to-snake-case.yml
N/A
N/A
116-transform-fields-to-snake-case.yml
N/A
N/A
117-transform-ch-change-field-datatype.yml
Transform file that modifies fields into respective datatypes
_117_TRANSFORM_CH_CHANGE_FIELD_DATATYPE_INPUT
name of input: remap or source
117-transform-ch-change-field-datatype.yml
Transform file that modifies fields into respective datatypes
VECTOR_ENRICHMENT_PATH
path to enrichment files
117-transform-ch-change-field-datatype.yml
Transform file that modifies fields into respective datatypes
UPDATE_DATATYPE
csv containing the list of fields with their corresponding datatypes
117-transform-ch-change-field-datatype.yml
Transform file that modifies fields into respective datatypes
_117_TRANSFORM_CH_CHANGE_FIELD_DATATYPE_INPUT
name of input: remap or source
117-transform-ch-change-field-datatype.yml
Transform file that modifies fields into respective datatypes
VECTOR_ENRICHMENT_PATH
path to enrichment files
117-transform-ch-change-field-datatype.yml
Transform file that modifies fields into respective datatypes
UPDATE_DATATYPE
csv containing the list of fields with their corresponding datatypes
118-transform-ch-subschema-mapping.yml
Transform file that modifies tags.event.category field if the condition is met
_118_TRANSFORM_CH_SUBSCHEMA_MAPPING_INPUT
name of input: remap or source
118-transform-ch-subschema-mapping.yml
Transform file that modifies tags.event.category field if the condition is met
VECTOR_ENRICHMENT_PATH
path to enrichment files
118-transform-ch-subschema-mapping.yml
Transform file that modifies tags.event.category field if the condition is met
EVENT_SUBSCHEMA_CSV
csv containing the condition and the corresponding value to set into event.category
118-transform-ch-subschema-mapping.yml
Transform file that modifies tags.event.category field if the condition is met
_118_TRANSFORM_CH_SUBSCHEMA_MAPPING_INPUT
name of input: remap or source
118-transform-ch-subschema-mapping.yml
Transform file that modifies tags.event.category field if the condition is met
VECTOR_ENRICHMENT_PATH
path to enrichment files
118-transform-ch-subschema-mapping.yml
Transform file that modifies tags.event.category field if the condition is met
EVENT_SUBSCHEMA_CSV
csv containing the condition and the corresponding value to set into event.category
119-transform-split-ip-field.yml
Transform file that extracts IP fields into respective *v4/*v6 field
_119_TRANSFORM_SPLIT_IP_FIELD_INPUT
name of input: remap or source
119-transform-split-ip-field.yml
Transform file that extracts IP fields into respective *v4/*v6 field
VECTOR_ENRICHMENT_PATH
path to enrichment files
119-transform-split-ip-field.yml
Transform file that extracts IP fields into respective *v4/*v6 field
FIELD_SETTER_ITERATION_GROUP
string iterator for csv
119-transform-split-ip-field.yml
Transform file that extracts IP fields into respective *v4/*v6 field
IP_FIELDS
csv containing the list of fields in IP format
119-transform-split-ip-field.yml
Transform file that extracts IP fields into respective *v4/*v6 field
_119_TRANSFORM_SPLIT_IP_FIELD_INPUT
name of input: remap or source
119-transform-split-ip-field.yml
Transform file that extracts IP fields into respective *v4/*v6 field
VECTOR_ENRICHMENT_PATH
path to enrichment files
119-transform-split-ip-field.yml
Transform file that extracts IP fields into respective *v4/*v6 field
FIELD_SETTER_ITERATION_GROUP
string iterator for csv
119-transform-split-ip-field.yml
Transform file that extracts IP fields into respective *v4/*v6 field
IP_FIELDS
csv containing the list of fields in IP format
120-transform-generic-whitelist-filter.yml
[HSXDR-253] Transform file for generic Filtering of events (whitelist/blacklist)
_120_TRANSFORM_GENERIC_WHITELIST_FILTER_INPUT
name of input: remap or source
120-transform-generic-whitelist-filter.yml
[HSXDR-253] Transform file for generic Filtering of events (whitelist/blacklist)
VECTOR_ENRICHMENT_PATH
path to enrichment files
120-transform-generic-whitelist-filter.yml
[HSXDR-253] Transform file for generic Filtering of events (whitelist/blacklist)
FIELD_SETTER_ITERATION_GROUP
string iterator for csv
120-transform-generic-whitelist-filter.yml
[HSXDR-253] Transform file for generic Filtering of events (whitelist/blacklist)
FILTER_WHITELIST_CSV
csv containing the list of fields with their corresponding values
120-transform-generic-whitelist-filter.yml
[HSXDR-253] Transform file for generic Filtering of events (whitelist/blacklist)
FILTER_WHITELIST
boolean value
120-transform-generic-whitelist-filter.yml
[HSXDR-253] Transform file for generic Filtering of events (whitelist/blacklist)
_120_TRANSFORM_GENERIC_WHITELIST_FILTER_INPUT
name of input: remap or source
120-transform-generic-whitelist-filter.yml
[HSXDR-253] Transform file for generic Filtering of events (whitelist/blacklist)
VECTOR_ENRICHMENT_PATH
path to enrichment files
120-transform-generic-whitelist-filter.yml
[HSXDR-253] Transform file for generic Filtering of events (whitelist/blacklist)
FILTER_ITERATION_GROUP
string iterator for csv
120-transform-generic-whitelist-filter.yml
[HSXDR-253] Transform file for generic Filtering of events (whitelist/blacklist)
FILTER_WHITELIST_CSV
csv containing the list of fields with their corresponding values
120-transform-generic-whitelist-filter.yml
[HSXDR-253] Transform file for generic Filtering of events (whitelist/blacklist)
FILTER_WHITELIST
boolean value
121-transform-filebeat-dns.yml
[HSXDR-252] Transform file that extracts filebeat Windows DNS fields
_121_TRANSFORM_FILEBEAT_DNS_INPUT
name of input: remap or source
122-transform-domain.yml
[HSXDR-261] Transform file that extracts domain (PSL compliant) from a field
_122_TRANSFORM_DOMAIN_INPUT
name of input: remap or source
122-transform-domain.yml
[HSXDR-261] Transform file that extracts domain (PSL compliant) from a field
DOMAIN_FIELDS_CSV
csv file containing fields needed to enrich
122-transform-domain.yml
[HSXDR-261] Transform file that extracts domain (PSL compliant) from a field
FIELD_SETTER_ITERATION_GROUP
iterator for csv files
122-transform-domain.yml
[HSXDR-261] Transform file that extracts domain (PSL compliant) from a field
_122_TRANSFORM_DOMAIN_INPUT
name of input: remap or source
122-transform-domain.yml
[HSXDR-261] Transform file that extracts domain (PSL compliant) from a field
DOMAIN_FIELDS_CSV
csv file containing fields needed to enrich
122-transform-domain.yml
[HSXDR-261] Transform file that extracts domain (PSL compliant) from a field
FIELD_SETTER_ITERATION_GROUP
iterator for csv files
123-transform-extract-cef.yml
[HSXDR-298] Transform file for logs_syslog that parses CEF data into key,value object then loads parsed event into logs_cef
_123_TRANSFORM_EXTRACT_CEF_INPUT
name of input: remap or source
124-transform-hypercol-metric.yml
[HSXDR-394] Transform file for unnesting logs_hypercol_metric events
_124_TRANSFORM_HYPERCOL_METRIC_INPUT
name of input: remap or source
125-transform-route-filebeat-events-2.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
_125_TRANSFORM_ROUTE_FILEBEAT_EVENTS_INPUT_2
name of input: remap or source
125-transform-route-filebeat-events-2.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
VECTOR_ENRICHMENT_PATH
the path to the maxmind mmdb files
125-transform-route-filebeat-events-2.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
GEOIP_ASN
location of geoip_asn mmdb file
125-transform-route-filebeat-events-2.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
GEOIP_CITY
location of geoip_city mmdb file
125-transform-route-filebeat-events-2.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
TIMEZONES_DB
the path to the TIMEZONES database file
125-transform-route-filebeat-events.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
_125_TRANSFORM_ROUTE_FILEBEAT_EVENTS_INPUT
name of input: remap or source
125-transform-route-filebeat-events.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
VECTOR_ENRICHMENT_PATH
the path to the maxmind mmdb files
125-transform-route-filebeat-events.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
GEOIP_ASN
location of geoip_asn mmdb file
125-transform-route-filebeat-events.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
GEOIP_CITY
location of geoip_city mmdb file
125-transform-route-filebeat-events.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
TIMEZONES_DB
the path to the TIMEZONES database file
125-transform-route-filebeat-events.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
_125_TRANSFORM_ROUTE_FILEBEAT_EVENTS_INPUT
name of input: remap or source
125-transform-route-filebeat-events.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
VECTOR_ENRICHMENT_PATH
the path to the maxmind mmdb files
125-transform-route-filebeat-events.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
GEOIP_ASN
location of geoip_asn mmdb file
125-transform-route-filebeat-events.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
GEOIP_CITY
location of geoip_city mmdb file
125-transform-route-filebeat-events.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
TIMEZONES_DB
the path to the TIMEZONES database file
125-transform-route-filebeat-events-2.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
_125_TRANSFORM_ROUTE_FILEBEAT_EVENTS_INPUT_2
name of input: remap or source
125-transform-route-filebeat-events-2.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
VECTOR_ENRICHMENT_PATH
the path to the maxmind mmdb files
125-transform-route-filebeat-events-2.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
GEOIP_ASN
location of geoip_asn mmdb file
125-transform-route-filebeat-events-2.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
GEOIP_CITY
location of geoip_city mmdb file
125-transform-route-filebeat-events-2.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
TIMEZONES_DB
the path to the TIMEZONES database file
125-transform-route-filebeat-events-2.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
_125_TRANSFORM_ROUTE_FILEBEAT_EVENTS_INPUT_2
name of input: remap or source
125-transform-route-filebeat-events-2.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
VECTOR_ENRICHMENT_PATH
the path to the maxmind mmdb files
125-transform-route-filebeat-events-2.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
GEOIP_ASN
location of geoip_asn mmdb file
125-transform-route-filebeat-events-2.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
GEOIP_CITY
location of geoip_city mmdb file
125-transform-route-filebeat-events-2.yml
[HSXDR-375] Transform file that re-routes events to designated auto-generated vector templates
TIMEZONES_DB
the path to the TIMEZONES database file
126-transform-filebeat-azure-activity-logs.yml
Processes Activity Logs from Azure
_AZURE_ACTIVITY_LOGS_INPUT
name of input: remap or source
127-transform-filebeat-azure-audit-logs.yml
Processes Audit Logs from Azure
_AZURE_AUDIT_LOGS_INPUT
name of input: remap or source
128-transform-filebeat-azure-signin-logs.yml
Processes SignIn Logs from Azure
_AZURE_SIGNIN_LOGS_INPUT
name of input: remap or source
129-transform-event-hash-field.yml
[HSXDR-379] Transform file that adds event_hash field
_129_TRANSFORM_EVENT_HASH_FIELD_INPUT
name of input: remap or source
129-transform-event-hash-field.yml
[HSXDR-379] Transform file that adds event_hash field
_129_TRANSFORM_EVENT_HASH_FIELD_INPUT
name of input: remap or source
130-transform-filebeat-azure-platform-logs.yml
Processes Platform Logs from Azure
_AZURE_PLATFORM_LOGS_INPUT
name of input: remap or source
131-transform-nxlog-windows-dns.yml
[HSXDR-386] Transform file that unnests nxlog_windows_dns events
_131_TRANSFORM_NXLOG_WINDOWS_DNS_INPUT
name of input: remap or source
132-transform-kafka-azure-events.yml
[HSXDR-399] Tranform file for TOPCat Parallel Feed Pod - vector components
_132_TRANSFORM_KAFKA_AZURE_EVENTS_INPUT
name of input: remap or source
133-transform-omss-topcat-parallel-feed.yml
[HSXDR-402] Transform file for MSK TPROD to MSK TPREPROD (vector template)
_133_TRANSFORM_OMSS_TOPCAT_PARALLEL_FEED_INPUT
name of input: remap or source
134-transform-filebeat-cisco-asa-logs.yml
Processes Logs from Cisco ASA
_CISCO_ASA_INPUT
name of input: remap or source
134-transform-filebeat-cisco-asa-logs.yml
Processes Logs from Cisco ASA
VECTOR_ENRICHMENT_PATH
the path to the maxmind mmdb files (already defined on filebeat-route transform file)
134-transform-filebeat-cisco-asa-logs.yml
Processes Logs from Cisco ASA
GEOIP_ASN
location of the geoip_asn mmdb file (already defined on filebeat-route transform file)
134-transform-filebeat-cisco-asa-logs.yml
Processes Logs from Cisco ASA
GEOIP_CITY
location of the geoip_city mmdb file (already defined on filebeat-route transform file)
135-transform-filebeat-cisco-nexus-logs.yml
Processes Logs from Cisco Nexus
_CISCO_ASA_INPUT
name of input: remap or source
135-transform-filebeat-cisco-nexus-logs.yml
Processes Logs from Cisco Nexus
VECTOR_ENRICHMENT_PATH
the path to the maxmind mmdb files (already defined on filebeat-route transform file)
135-transform-filebeat-cisco-nexus-logs.yml
Processes Logs from Cisco Nexus
TIMEZONES_DB
the path to the TIMEZONES database file (already defined on filebeat-route transform file)
136-transform-filebeat-o365-audit-logs.yml
Processes Logs from Office 365
_OFFICE_365_LOGS_INPUT
name of input: remap or source
136-transform-filebeat-o365-audit-logs.yml
Processes Logs from Office 365
VECTOR_ENRICHMENT_PATH
the path to the maxmind mmdb files (already defined on filebeat-route transform file)
136-transform-filebeat-o365-audit-logs.yml
Processes Logs from Office 365
GEOIP_ASN
location of the geoip_asn mmdb file (already defined on filebeat-route transform file)
136-transform-filebeat-o365-audit-logs.yml
Processes Logs from Office 365
GEOIP_CITY
location of the geoip_city mmdb file (already defined on filebeat-route transform file)
137-transform-filebeat-panw-panos-logs.yml
Processes Logs from Palo Alto Next Generation Firewall
_PANW_PANOS_LOGS_INPUT
name of input: remap or source
137-transform-filebeat-panw-panos-logs.yml
Processes Logs from Palo Alto Next Generation Firewall
VECTOR_ENRICHMENT_PATH
the path to the maxmind mmdb files (already defined on filebeat-route transform file)
137-transform-filebeat-panw-panos-logs.yml
Processes Logs from Palo Alto Next Generation Firewall
GEOIP_ASN
location of the geoip_asn mmdb file (already defined on filebeat-route transform file)
137-transform-filebeat-panw-panos-logs.yml
Processes Logs from Palo Alto Next Generation Firewall
GEOIP_CITY
location of the geoip_city mmdb file (already defined on filebeat-route transform file)
138-transform-filter.yml
HSXDR-408: Transform file for generic Filtering of events
N/A
N/A
138-transform-filter.yml
HSXDR-408: Transform file for generic Filtering of events
N/A
N/A
139-transform-filebeat-cisco-meraki-events.yml
Processes Logs from Cisco Meraki
_CISCO_MERAKI_EVENTS_INPUT
name of input: remap or source
140-transform-filebeat-cisco-meraki-logs.yml
Processes Logs from Cisco Meraki
_CISCO_MERAKI_LOGS_INPUT
name of input: remap or source
141-transform-filebeat-cisco-ios-logs.yml
Processes Logs from Cisco IOS
_CISCO_IOS_LOGS_INPUT
name of input: remap or source
142-transform-coerce-types.yml
[HSXDR-414] Transform file that coerces field into their corresponding data types
_142_TRANSFORM_COERCE_TYPES_INPUT
name of input: remap or source
142-transform-coerce-types.yml
[HSXDR-414] Transform file that coerces field into their corresponding data types
VECTOR_ENRICHMENT_PATH
path to enrichment files
142-transform-coerce-types.yml
[HSXDR-414] Transform file that coerces field into their corresponding data types
FIELD_SETTER_ITERATION_GROUP
string iterator for csv
142-transform-coerce-types.yml
[HSXDR-414] Transform file that coerces field into their corresponding data types
COERCE_CSV
csv containing the list of fields with their corresponding values
142-transform-coerce-types.yml
[HSXDR-414] Transform file that coerces field into their corresponding data types
SUPPORTED_TIMESTAMP_FORMAT
list of supported timestamp formats
142-transform-coerce-types.yml
[HSXDR-414] Transform file that coerces field into their corresponding data types
TS_TZ_MATCH
path of csv that contains data of the timezone to be used if mapped
142-transform-coerce-types.yml
[HSXDR-414] Transform file that coerces field into their corresponding data types
_142_TRANSFORM_COERCE_TYPES_INPUT
name of input: remap or source
142-transform-coerce-types.yml
[HSXDR-414] Transform file that coerces field into their corresponding data types
VECTOR_ENRICHMENT_PATH
path to enrichment files
142-transform-coerce-types.yml
[HSXDR-414] Transform file that coerces field into their corresponding data types
FIELD_SETTER_ITERATION_GROUP
string iterator for csv
142-transform-coerce-types.yml
[HSXDR-414] Transform file that coerces field into their corresponding data types
COERCE_CSV
csv containing the list of fields with their corresponding values
142-transform-coerce-types.yml
[HSXDR-414] Transform file that coerces field into their corresponding data types
SUPPORTED_TIMESTAMP_FORMAT
list of supported timestamp formats
142-transform-coerce-types.yml
[HSXDR-414] Transform file that coerces field into their corresponding data types
TS_TZ_MATCH
path of csv that contains data of the timezone to be used if mapped
143-transform-filebeat-cisco-umbrella-audit-logs.yml
Processes auditlogsfrom Cisco Umbrella
_CISCO_UMBRELLA_AUDITLOGS_INPUT
name of input: remap or source
144-transform-filebeat-cisco-umbrella-cloud-firewall-logs.yml
Processes cloudfirewalllogsfrom Cisco Umbrella
_CISCO_UMBRELLA_CLOUDFIREWALLLOGS_INPUT
name of input: remap or source
145-transform-filebeat-cisco-umbrella-dlp-logs.yml
Processes dlplogsfrom Cisco Umbrella
_CISCO_UMBRELLA_DLPLOGS_INPUT
name of input: remap or source
146-transform-filebeat-cisco-umbrella-dns-logs.yml
Processes dnslogsfrom Cisco Umbrella
_CISCO_UMBRELLA_DNSLOGS_INPUT
name of input: remap or source
147-transform-filebeat-cisco-umbrella-intrusion-logs.yml
Processes intrusionlogsfrom Cisco Umbrella
_CISCO_UMBRELLA_INTRUSIONLOGS_INPUT
name of input: remap or source
148-transform-filebeat-cisco-umbrella-ip-logs.yml
Processes iplogsfrom Cisco Umbrella
_CISCO_UMBRELLA_IPLOGS_INPUT
name of input: remap or source
149-transform-filebeat-cisco-umbrella-proxy-logs.yml
Processes proxylogsfrom Cisco Umbrella
_CISCO_UMBRELLA_PROXYLOGS_INPUT
name of input: remap or source
150-transform-filebeat-cisco-ftd-logs.yml
Processes Logs from Cisco FTD
_CISCO_FTD_INPUT
name of input: remap or source
150-transform-filebeat-cisco-ftd-logs.yml
Processes Logs from Cisco FTD
VECTOR_ENRICHMENT_PATH
the path to the maxmind mmdb files (already defined on filebeat-route transform file)
150-transform-filebeat-cisco-ftd-logs.yml
Processes Logs from Cisco FTD
GEOIP_ASN
location of the geoip_asn mmdb file (already defined on filebeat-route transform file)
150-transform-filebeat-cisco-ftd-logs.yml
Processes Logs from Cisco FTD
GEOIP_CITY
location of the geoip_city mmdb file (already defined on filebeat-route transform file)
151-transform-filebeat-cisco-amp-logs.yml
Processes Logs from Cisco AMP
_CISCO_AMP_INPUT
name of input: remap or source
151-transform-filebeat-cisco-amp-logs.yml
Processes Logs from Cisco AMP
VECTOR_ENRICHMENT_PATH
the path to the maxmind mmdb files (already defined on filebeat-route transform file)
151-transform-filebeat-cisco-amp-logs.yml
Processes Logs from Cisco AMP
GEOIP_ASN
location of the geoip_asn mmdb file (already defined on filebeat-route transform file)
151-transform-filebeat-cisco-amp-logs.yml
Processes Logs from Cisco AMP
GEOIP_CITY
location of the geoip_city mmdb file (already defined on filebeat-route transform file)
152-transform-timestamp-progress-checkpoint.yml
Transform file that adds a custom timestamp onto the records that can help with debugging lab between steps.
_152_TRANSFORM_TIMESTAMP_PROGRESS_CHECKPOINT_INPUT
name of input: remap or source
152-transform-timestamp-progress-checkpoint.yml
Transform file that adds a custom timestamp onto the records that can help with debugging lab between steps.
_152_TRANSFORM_TIMESTAMP_PROGRESS_CHECKPOINT_FIELD_NAME
Dynamic input set in the container as an env variable
152-transform-timestamp-progress-checkpoint.yml
Transform file that adds a custom timestamp onto the records that can help with debugging lab between steps.
_152_TRANSFORM_TIMESTAMP_PROGRESS_CHECKPOINT_INPUT
name of input: remap or source
152-transform-timestamp-progress-checkpoint.yml
Transform file that adds a custom timestamp onto the records that can help with debugging lab between steps.
_152_TRANSFORM_TIMESTAMP_PROGRESS_CHECKPOINT_FIELD_NAME
Dynamic input set in the container as an env variable
153-transform-filebeat-crowdstrike-falcon-logs.yml
Processes Logs from Crowdstrike Falcon
_CROWDSTRIKE_FALCON_INPUT
name of input: remap or source
153-transform-filebeat-crowdstrike-falcon-logs.yml
Processes Logs from Crowdstrike Falcon
VECTOR_ENRICHMENT_PATH
the path to the maxmind mmdb files (already defined on filebeat-route transform file)
153-transform-filebeat-crowdstrike-falcon-logs.yml
Processes Logs from Crowdstrike Falcon
GEOIP_ASN
location of the geoip_asn mmdb file (already defined on filebeat-route transform file)
153-transform-filebeat-crowdstrike-falcon-logs.yml
Processes Logs from Crowdstrike Falcon
GEOIP_CITY
location of the geoip_city mmdb file (already defined on filebeat-route transform file)
154-transform-filebeat-fortinet-fortigate-logs.yml
Processes Logs from Fortinet firewall logs
_FORTINET_FORTIGATE_INPUT
name of input: remap or source
154-transform-filebeat-fortinet-fortigate-logs.yml
Processes Logs from Fortinet firewall logs
VECTOR_ENRICHMENT_PATH
the path to the maxmind mmdb files (already defined on filebeat-route transform file)
154-transform-filebeat-fortinet-fortigate-logs.yml
Processes Logs from Fortinet firewall logs
GEOIP_ASN
location of the geoip_asn mmdb file (already defined on filebeat-route transform file)
154-transform-filebeat-fortinet-fortigate-logs.yml
Processes Logs from Fortinet firewall logs
GEOIP_CITY
location of the geoip_city mmdb file (already defined on filebeat-route transform file)
155-transform-filebeat-okta-system-logs.yml
Processes Logs from Okta System
_OKTA_SYSTEM_INPUT
name of input: remap or source
155-transform-filebeat-okta-system-logs.yml
Processes Logs from Okta System
VECTOR_ENRICHMENT_PATH
the path to the maxmind mmdb files (already defined on filebeat-route transform file)
155-transform-filebeat-okta-system-logs.yml
Processes Logs from Okta System
GEOIP_ASN
location of the geoip_asn mmdb file (already defined on filebeat-route transform file)
155-transform-filebeat-okta-system-logs.yml
Processes Logs from Okta System
GEOIP_CITY
location of the geoip_city mmdb file (already defined on filebeat-route transform file)
156-transform-array-fields.yml
[HSXDR-481] Transform file that explodes fields with array values
_156_TRANSFORM_ARRAY_FIELDS_INPUT
name of input: remap or source
157-transform-epoch-timestamp-conversion.yml
[HSXDR-482] transform file that converts timestamp fields into epochms
_157_TRANSFORM_EPOCH_TIMESTAMP_CONVERSION_INPUT
name of input: remap or source
157-transform-epoch-timestamp-conversion.yml
[HSXDR-482] transform file that converts timestamp fields into epochms
VECTOR_ENRICHMENT_PATH
path of enrichment files folder
157-transform-epoch-timestamp-conversion.yml
[HSXDR-482] transform file that converts timestamp fields into epochms
TS_TO_EPOCH_MS_CSV
path of csv file containing data for fields that needs to be transformed
157-transform-epoch-timestamp-conversion.yml
[HSXDR-482] transform file that converts timestamp fields into epochms
FIELD_SETTER_ITERATION_GROUP
string iterator for csv file
157-transform-epoch-timestamp-conversion.yml
[HSXDR-482] transform file that converts timestamp fields into epochms
SUPPORTED_TIMESTAMP_FORMAT
list of timestamp formats supported for transform
157-transform-epoch-timestamp-conversion.yml
[HSXDR-482] transform file that converts timestamp fields into epochms
_157_TRANSFORM_EPOCH_TIMESTAMP_CONVERSION_INPUT
name of input: remap or source
157-transform-epoch-timestamp-conversion.yml
[HSXDR-482] transform file that converts timestamp fields into epochms
VECTOR_ENRICHMENT_PATH
path of enrichment files folder
157-transform-epoch-timestamp-conversion.yml
[HSXDR-482] transform file that converts timestamp fields into epochms
TS_TO_EPOCH_MS_CSV
path of csv file containing data for fields that needs to be transformed
157-transform-epoch-timestamp-conversion.yml
[HSXDR-482] transform file that converts timestamp fields into epochms
FIELD_SETTER_ITERATION_GROUP
string iterator for csv file
157-transform-epoch-timestamp-conversion.yml
[HSXDR-482] transform file that converts timestamp fields into epochms
SUPPORTED_TIMESTAMP_FORMAT
list of timestamp formats supported for transform
158-transform-timestamp-fields.yml
Transform file that extracts and converts fields into timestamp format
_158_TRANSFORM_TIMESTAMP_FIELD_INPUT
name of input: remap or source
158-transform-timestamp-fields.yml
Transform file that extracts and converts fields into timestamp format
FIELD_SETTER_ITERATION_GROUP
iteration_group value
158-transform-timestamp-fields.yml
Transform file that extracts and converts fields into timestamp format
VECTOR_ENRICHMENT_PATH
path of enrichment files folder
158-transform-timestamp-fields.yml
Transform file that extracts and converts fields into timestamp format
TIMESTAMP_FIELDS
path of csv that contains data of the fields with datetime format
158-transform-timestamp-fields.yml
Transform file that extracts and converts fields into timestamp format
SUPPORTED_TIMESTAMP_FORMAT
list of supported datetime formats
158-transform-timestamp-fields.yml
Transform file that extracts and converts fields into timestamp format
_158_TRANSFORM_TIMESTAMP_FIELD_INPUT
name of input: remap or source
158-transform-timestamp-fields.yml
Transform file that extracts and converts fields into timestamp format
FIELD_SETTER_ITERATION_GROUP
iteration_group value
158-transform-timestamp-fields.yml
Transform file that extracts and converts fields into timestamp format
VECTOR_ENRICHMENT_PATH
path of enrichment files folder
158-transform-timestamp-fields.yml
Transform file that extracts and converts fields into timestamp format
TIMESTAMP_FIELDS
path of csv that contains data of the fields with datetime format
158-transform-timestamp-fields.yml
Transform file that extracts and converts fields into timestamp format
SUPPORTED_TIMESTAMP_FORMAT
list of supported datetime formats
159-transform-dlq-event-category.yml
Transform file that reroute events to kafka if org_id/event_category is missing on the csv
_159_TRANSFORM_DLQ_EVENT_CATEGORY_INPUT
name of input: remap or source
159-transform-dlq-event-category.yml
Transform file that reroute events to kafka if org_id/event_category is missing on the csv
FIELD_SETTER_ITERATION_GROUP
iteration_group value
159-transform-dlq-event-category.yml
Transform file that reroute events to kafka if org_id/event_category is missing on the csv
VECTOR_ENRICHMENT_PATH
path of enrichment files folder
159-transform-dlq-event-category.yml
Transform file that reroute events to kafka if org_id/event_category is missing on the csv
DLQ_EVENT_CATEGORY_CSV
path of csv that contains data of the fields with datetime format
159-transform-dlq-event-category.yml
Transform file that reroute events to kafka if org_id/event_category is missing on the csv
_159_TRANSFORM_DLQ_EVENT_CATEGORY_INPUT
name of input: remap or source
159-transform-dlq-event-category.yml
Transform file that reroute events to kafka if org_id/event_category is missing on the csv
VECTOR_ENRICHMENT_PATH
path of enrichment files folder
159-transform-dlq-event-category.yml
Transform file that reroute events to kafka if org_id/event_category is missing on the csv
DLQ_EVENT_CATEGORY_CSV
path of csv that contains data of the fields with datetime format
160-transform-unnest-linux-audit.yml
[HSXDR-508] Transform file that unnests array types on linux audit events
_160_TRANSFORM_UNNEST_LINUX_AUDIT_INPUT
name of input: remap or source
161-transform-simple-blacklist-filter.yml
[HSXDR-253] generic Filter (blacklist)
_161_TRANSFORM_SIMPLE_BLACKLIST_FILTER_INPUT
name of input: remap or source
161-transform-simple-blacklist-filter.yml
[HSXDR-253] generic Filter (blacklist)
VECTOR_ENRICHMENT_PATH
path to enrichment files
161-transform-simple-blacklist-filter.yml
[HSXDR-253] generic Filter (blacklist)
FILTER_ITERATION_GROUP
string iterator for csv
161-transform-simple-blacklist-filter.yml
[HSXDR-253] generic Filter (blacklist)
FILTER_BLACKLIST_CSV
csv containing the list of fields with their corresponding values
161-transform-simple-blacklist-filter.yml
[HSXDR-253] generic Filter (blacklist)
_161_TRANSFORM_SIMPLE_BLACKLIST_FILTER_INPUT
name of input: remap or source
161-transform-simple-blacklist-filter.yml
[HSXDR-253] generic Filter (blacklist)
VECTOR_ENRICHMENT_PATH
path to enrichment files
161-transform-simple-blacklist-filter.yml
[HSXDR-253] generic Filter (blacklist)
FILTER_ITERATION_GROUP
string iterator for csv
161-transform-simple-blacklist-filter.yml
[HSXDR-253] generic Filter (blacklist)
FILTER_BLACKLIST_CSV
csv containing the list of fields with their corresponding values
162-transform-simple-whitelist-filter.yml
[HSXDR-253] generic Filter (whitelist)
_162_TRANSFORM_SIMPLE_WHITELIST_FILTER_INPUT
name of input: remap or source
162-transform-simple-whitelist-filter.yml
[HSXDR-253] generic Filter (whitelist)
VECTOR_ENRICHMENT_PATH
path to enrichment files
162-transform-simple-whitelist-filter.yml
[HSXDR-253] generic Filter (whitelist)
FILTER_ITERATION_GROUP
string iterator for csv
162-transform-simple-whitelist-filter.yml
[HSXDR-253] generic Filter (whitelist)
FILTER_WHITELIST_CSV
csv containing the list of fields with their corresponding values
162-transform-simple-whitelist-filter.yml
[HSXDR-253] generic Filter (whitelist)
_162_TRANSFORM_SIMPLE_WHITELIST_FILTER_INPUT
name of input: remap or source
162-transform-simple-whitelist-filter.yml
[HSXDR-253] generic Filter (whitelist)
VECTOR_ENRICHMENT_PATH
path to enrichment files
162-transform-simple-whitelist-filter.yml
[HSXDR-253] generic Filter (whitelist)
FILTER_ITERATION_GROUP
string iterator for csv
162-transform-simple-whitelist-filter.yml
[HSXDR-253] generic Filter (whitelist)
FILTER_WHITELIST_CSV
csv containing the list of fields with their corresponding values
163-transform-update-field-values.yml
Transform file that remaps field value base on the set value of another field
_163_TRANSFORM_UPDATE_FIELD_VALUES_INPUT
name of input: remap or source
163-transform-update-field-values.yml
Transform file that remaps field value base on the set value of another field
VECTOR_ENRICHMENT_PATH
path to enrichment files
163-transform-update-field-values.yml
Transform file that remaps field value base on the set value of another field
_163_TRANSFORM_UPDATE_FIELD_VALUES_ITERATION_GROUP
string iterator for csv
163-transform-update-field-values.yml
Transform file that remaps field value base on the set value of another field
_163_TRANSFORM_UPDATE_FIELD_VALUES_CSV
Path to the csv file containing the field remappings.
163-transform-update-field-values.yml
Transform file that remaps field value base on the set value of another field
_163_TRANSFORM_UPDATE_FIELD_VALUES_INPUT
name of input: remap or source
163-transform-update-field-values.yml
Transform file that remaps field value base on the set value of another field
VECTOR_ENRICHMENT_PATH
path to enrichment files
163-transform-update-field-values.yml
Transform file that remaps field value base on the set value of another field
_163_TRANSFORM_UPDATE_FIELD_VALUES_ITERATION_GROUP
string iterator for csv
163-transform-update-field-values.yml
Transform file that remaps field value base on the set value of another field
_163_TRANSFORM_UPDATE_FIELD_VALUES_CSV
Path to the csv file containing the field remappings.
164-transform-crowdstrike-flatten.yml
Flatten crowdstrike fields
_164_TRANSFORM_CROWDSTRIKE_FLATTEN_INPUT
name of input: remap or source
164-transform-crowdstrike-flatten.yml
Flatten crowdstrike fields
_164_TRANSFORM_CROWDSTRIKE_FLATTEN_INPUT
name of input: remap or source
164-transform-crowdstrike-flatten.yml
Flatten crowdstrike fields
_164_TRANSFORM_CROWDSTRIKE_FLATTEN_INPUT
name of input: remap or source
165-transform-set-logriginal-field.yml
Add logoriginal field that contains raw event log if not yet set
_165_TRANSFORM_LOGORIGINAL_FIELD_INPUT
name of input: remap or source
199-transform-passthrough.yml
Simply passthrough stage (noop/dummy)
N/A
N/A
200-test-file-sink.yml
N/A
N/A
201-sink-clickhouse-saas.yml
Clickhouse Sink for HyperSec XDR AWS SaaS deployment
_201_SINK_CLICKHOUSE_SAAS_INPUT
name of input: remap or source
201-sink-clickhouse-saas.yml
Clickhouse Sink for HyperSec XDR AWS SaaS deployment
CLICKHOUSE_AUTH_PASSWORD
clickhouse auth password
201-sink-clickhouse-saas.yml
Clickhouse Sink for HyperSec XDR AWS SaaS deployment
CLICKHOUSE_ENDPOINT
clickhouse endpoint
202-sink-dlq-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
_202_SINK_DLQ_KAFKA_AWS_SAAS_INPUT
name of input: remap or source
202-sink-dlq-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_MTLS_PATH
PKI certificates path for Kafka/MSK MTLS authentication.
202-sink-dlq-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_BROKERS
Comma-separated Kafka broker hosts and ports.
202-sink-dlq-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
VECTOR_BUFFER_SIZE
Specifies the maximum size of the buffer on disk in bytes. This setting is crucial for controlling how much data Vector buffers on disk before flushing. Size must be at least ~256 megabytes (268435456 bytes) to ensure proper operation and performance of the disk-based buffering system. Default: 400000000 bytes when configured for disk usage.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
VECTOR_ENRICHMENT_PATH
Directory for CSV data enrichments; Default: /data/enrichment/
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
EVENT_CATEGORY_MAP_CSV
Event category mapping file; Default: /data/mappings/event_category.csv
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
_001_SOURCE_FILE
Source Vector component path; Default: /data/source/
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_MTLS_PATH
PKI certificates path for Kafka/MSK MTLS authentication.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_BROKERS
Comma-separated Kafka broker hosts and ports.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_TOPIC
Destination topic for sending data.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
_202_SINK_KAFKA_AWS_SAAS_INPUT
(Description and/or default value if applicable)
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
VECTOR_BUFFER_SIZE
Specifies the maximum size of the buffer on disk in bytes. This setting is crucial for controlling how much data Vector buffers on disk before flushing. Size must be at least ~256 megabytes (268435456 bytes) to ensure proper operation and performance of the disk-based buffering system. Default: 400000000 bytes when configured for disk usage.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
VECTOR_ENRICHMENT_PATH
Directory for CSV data enrichments; Default: /data/enrichment/
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
EVENT_CATEGORY_MAP_CSV
Event category mapping file; Default: /data/mappings/event_category.csv
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
_001_SOURCE_FILE
Source Vector component path; Default: /data/source/
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_MTLS_PATH
PKI certificates path for Kafka/MSK MTLS authentication.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_BROKERS
Comma-separated Kafka broker hosts and ports.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_TOPIC
Destination topic for sending data.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
_202_SINK_KAFKA_AWS_SAAS_INPUT
(Description and/or default value if applicable)
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
VECTOR_BUFFER_SIZE
Specifies the maximum size of the buffer on disk in bytes. This setting is crucial for controlling how much data Vector buffers on disk before flushing. Size must be at least ~256 megabytes (268435456 bytes) to ensure proper operation and performance of the disk-based buffering system. Default: 400000000 bytes when configured for disk usage.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
_202_SINK_KAFKA_AWS_SAAS_INPUT
name of input: remap or source
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_MTLS_PATH
PKI certificates path for Kafka/MSK MTLS authentication.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_BROKERS
Comma-separated Kafka broker hosts and ports.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
VECTOR_BUFFER_SIZE
Specifies the maximum size of the buffer on disk in bytes. This setting is crucial for controlling how much data Vector buffers on disk before flushing. Size must be at least ~256 megabytes (268435456 bytes) to ensure proper operation and performance of the disk-based buffering system. Default: 400000000 bytes when configured for disk usage.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
_202_SINK_KAFKA_AWS_SAAS_TOPIC_SUFFIX
suffix to be added on kafka topic (default value is set to "load")
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
_202_SINK_KAFKA_AWS_SAAS_INPUT
Name of the input (e.g., remap or source).
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_MTLS_PATH
PKI certificates path for Kafka/MSK MTLS authentication.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_BROKERS
Comma-separated Kafka broker hosts and ports.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
VECTOR_BUFFER_SIZE
Specifies the maximum size of the buffer on disk in bytes. Must be at least ~256 megabytes (268435456 bytes). Default: 46000000000 bytes.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
_202_SINK_KAFKA_AWS_SAAS_TOPIC_SUFFIX
Suffix to be added to the Kafka topic. Default: "load".
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_COMPRESSION
Compression type for Kafka messages. Supported options: gzip, lz4, none, snappy, zstd. Default: "lz4".
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_MESSAGE_TIMEOUT_MS
Message timeout in milliseconds. Default: 300000.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_SOCKET_TIMEOUT_MS
Socket timeout in milliseconds. Default: 60000.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_BATCH_NUM_MESSAGES
Maximum number of messages to batch before sending. Default: 10000.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_BATCH_SIZE
Maximum size (in bytes) of a batch. Default: 1000000.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_QUEUE_BUFFERING_MAX_MS
Maximum time (in milliseconds) to buffer messages before sending. Default: 200.
202-sink-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_ACKS
Number of acknowledgments required from the broker before considering a request complete. Default: "1".
202-sink-msk-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
_202_SINK_MFK_KAFKA_AWS_SAAS_INPUT
name of input: remap or source
202-sink-msk-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_MTLS_PATH
PKI certificates path for Kafka/MSK MTLS authentication.
202-sink-msk-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
KAFKA_BROKERS
Comma-separated Kafka broker hosts and ports.
202-sink-msk-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
VECTOR_BUFFER_SIZE
Specifies the maximum size of the buffer on disk in bytes. This setting is crucial for controlling how much data Vector buffers on disk before flushing. Size must be at least ~256 megabytes (268435456 bytes) to ensure proper operation and performance of the disk-based buffering system. Default: 400000000 bytes when configured for disk usage.
202-sink-msk-kafka-aws-saas.yml
Acts as a sink for HyperSec XDR within AWS SaaS deployments, enabling secure and efficient data processing.
_202_SINK_MFK_KAFKA_AWS_SAAS_TOPIC_SUFFIX
suffix to be added on kafka topic (default value is set to "load")
203-sink-opensearch-aws-saas-index.yml
Sink for HyperSec XDR AWS SaaS deployment
OPENSEARCH_ENDPOINT
PKI certificates path for Kafka/MSK MTLS authentication; Default
203-sink-opensearch-aws-saas-index.yml
Sink for HyperSec XDR AWS SaaS deployment
VECTOR_BUFFER_SIZE
Specifies the maximum size of the buffer on disk in bytes. This setting is crucial for controlling how much data Vector buffers on disk before flushing. Size must be at least ~256 megabytes (268435456 bytes) to ensure proper operation and performance of the disk-based buffering system. Default: 400000000 bytes when configured for disk usage.
204-sink-opensearch-aws-saas-stream.yml
OpenSearch Sink for HyperSec XDR AWS SaaS deployment
_204_SINK_OPENSEARCH_AWS_SAAS_STREAM_INPUT
name of input: remap or source
204-sink-opensearch-aws-saas-stream.yml
OpenSearch Sink for HyperSec XDR AWS SaaS deployment
OPENSEARCH_ENDPOINT
Custom endpoint for use with AWS-compatible services.
204-sink-opensearch-aws-saas-stream.yml
OpenSearch Sink for HyperSec XDR AWS SaaS deployment
AWS_DEFAULT_REGION
AWS region of the target service.
204-sink-opensearch-aws-saas-stream-test.yml
Sink for HyperSec XDR AWS SaaS deployment
N/A
N/A
205-sink-opensearch-index.yml
Sink for HyperSec XDR AWS SaaS deployment
N/A
N/A
206-sink-opensearch-stream.yml
Sink for HyperSec XDR AWS SaaS deployment
N/A
N/A
207-sink-aws-s3.yml
AWS S3 Sink for HyperSec XDR Archive
_207_SINK_AWS_S3_INPUT
name of input: remap or source
207-sink-aws-s3.yml
AWS S3 Sink for HyperSec XDR Archive
_207_SINK_AWS_S3_BUCKET_NAME
S3 bucket name
207-sink-aws-s3.yml
AWS S3 Sink for HyperSec XDR Archive
_207_SINK_AWS_S3_REGION
AWS region of the target service.
208-sink-custom-prometheus.yml
[HSXDR-229] Expose messages/events from kafka topic for Prometheus scraping
_208_SINK_CUSTOM_PROMETHEUS_INPUT
name of input: remap or source
208-sink-custom-prometheus.yml
[HSXDR-229] Expose messages/events from kafka topic for Prometheus scraping
_208_SINK_CUSTOM_PROMETHEUS_ENDPOINT
endpoint to send data to
208-sink-custom-prometheus.yml
[HSXDR-229] Expose messages/events from kafka topic for Prometheus scraping
_208_SINK_CUSTOM_PROMETHEUS_AUTH_REGION
AWS region of the target service.
hs-xdr-vector-ct-all-main.yml
Main (common for all) component template. Data path and GraphQL.
VECTOR_DATA_DIR
The directory used for persisting Vector state, such as on-disk buffers, file checkpoints, and more. Please make sure the Vector project has write permissions to this directory.
hs-xdr-vector-ct-all-prometheus.yml
Expose vector metricss for the running vector process for Prometheus scraping
PROMETHEUS_EXPORTER
address to expose for scraping.
hypersec-receiver.yml
N/A
N/A
hypersec-receiver-sink.yml
N/A
N/A
hypersec-receiver-sink.yml
N/A
N/A
hypersec-receiver-sink.yml
HyperSec Sink Receiver container configuration
PROMETHEUS_EXPORTER
address to expose for scraping.
hypersec-receiver-sink.yml
HyperSec Sink Receiver container configuration
KAFKA_MTLS_PATH
PKI certificates path for Kafka/MSK MTLS authentication.
hypersec-receiver-sink.yml
HyperSec Sink Receiver container configuration
KAFKA_BROKERS
Comma-separated Kafka broker hosts and ports.
hypersec-receiver-sink-notest.yml
HyperSec Receiver container configuration
PROMETHEUS_EXPORTER
address to expose for scraping.
hypersec-receiver-sink-notest.yml
HyperSec Receiver container configuration
KAFKA_MTLS_PATH
PKI certificates path for Kafka/MSK MTLS authentication.
hypersec-receiver-sink-notest.yml
HyperSec Receiver container configuration
KAFKA_BROKERS
Comma-separated Kafka broker hosts and ports.
hypersec-receiver-source.yml
HyperSec Source Receiver container configuration
VECTOR_DATA_DIR
The directory used for persisting Vector state, such as on-disk buffers, file checkpoints, and more. Please make sure the Vector project has write permissions to this directory.
hypersec-receiver-source.yml
HyperSec Source Receiver container configuration
VECTOR_MTLS_PATH
PKI certificates path for Kafka/MSK MTLS authentication.
hypersec-receiver-transform-event-category.yml
HyperSec Transform Receiver container configuration for setting tags.event.category values
VECTOR_ENRICHMENT_PATH
the path to the maxmind enrichment files
hypersec-receiver-transform-event-category.yml
HyperSec Transform Receiver container configuration for setting tags.event.category values
FIELD_SETTER_ITERATION_GROUP
string iterator for the enrichment csv used
hypersec-receiver-transform-timestamp.yml
HyperSec Transform Receiver container configuration for normalizing timestamp fields
VECTOR_ENRICHMENT_PATH
the path to the maxmind enrichment files
hypersec-receiver-transform-timestamp.yml
HyperSec Transform Receiver container configuration for normalizing timestamp fields
FIELD_SETTER_ITERATION_GROUP
string iterator for the enrichment csv used
hypersec-receiver-transform-timestamp.yml
HyperSec Transform Receiver container configuration for normalizing timestamp fields
TIME_FIELDS
path of csv that contains data of the fields with datetime format
hypersec-receiver-transform-timestamp.yml
HyperSec Transform Receiver container configuration for normalizing timestamp fields
TS_TZ_MATCH
path of csv that contains data of the timezone to be used if mapped
hypersec-receiver-transform-timestamp.yml
HyperSec Transform Receiver container configuration for normalizing timestamp fields
TZ_OFFSET_MAPPING
path of csv that contains data for the timezone and UTC offset mapping
hypersec-receiver-transform-timestamp.yml
HyperSec Transform Receiver container configuration for normalizing timestamp fields
SUPPORTED_TIMESTAMP_FORMAT
list of supported datetime formats
Last updated