fluent-plugin-jfrog-siem 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 21e5ec70320becee95a0bc6f26444c577692b7938b87c0b5390574413c1e96ac
-  data.tar.gz: 59b66d00c11cf67b505b45d8a2e075ac8fcf53696088fd13dd774f99ac5003ca
+  metadata.gz: cd2cc7532e266f9d58b4dbbf18479c1f34fd975649f7aa5ab9e5e671f449025b
+  data.tar.gz: fa8943afc154c4d6136ac1605f5bf85a240ce6ac58bf3ee61f42eb162f447aa6
 SHA512:
-  metadata.gz: 83bcea5adf47522832440a61aeb7b26fcf408ba52342239de09e8c5945dc795ec06a9547c13cc5bbca836167e6dd0eecc5a9d282a74d806d61c83b59394517ec
-  data.tar.gz: a29a7ebb9d13b70bb200be4479f3059bca238c7354271aa00ae48c38293bea963e8428cbde188718e2c053f62a6c6dea7d4f86bf87f7cd22f4bbf6e8e842e4fd
+  metadata.gz: b47739ce004b1d48fddd026188aed933e4397b3730eb1d9bde1511f8bd623dc687246fa0ad85a91e814aa46175e5b0aee44213e12f18be97f078fb71b44904f7
+  data.tar.gz: a377d04e8b41cb108402036158d82632390db472cc4e7a97655110465e79a939e2bc90a25945b4932463f0561294c6f4af46fe70fa730141a403e1665a960a6e

data/Gemfile

@@ -1,3 +1,2 @@
 source "https://rubygems.org"
-
 gemspec

data/README.md

@@ -19,19 +19,7 @@ bundle install
 This will install the gem shown below from source.
 
 
-## Installation
-
-### RubyGems
-
-```
-$ gem install rest-client
-```
-```
-$ gem install thread
-```
-```
-$ gem install fluent-plugin-jfrog-siem
-```
+## Development
 
 ### Bundler
 
@@ -47,7 +35,7 @@ And then execute:
 $ bundle
 ```
 
-## Configuration
+### Configuration
 
 You can generate configuration template:
 
@@ -57,23 +45,52 @@ $ fluent-plugin-config-format input jfrog-siem
 
 You can copy and paste generated documents here.
 
-###Setup & configuration parameters
+## Installation 
 
-Xray setup is required. Obtain JPD url and access token for API
+### RubyGems
+```
+$ gem install rest-client
+```
+```
+$ gem install thread
+```
+```
+$ gem install fluent-plugin-jfrog-siem
+```
+
+### Setup & configuration
+Fluentd is the supported log collector for this integration. 
+For Fluentd setup and information, read the JFrog log analytics repository's [README.](https://github.com/jfrog/log-analytics/blob/master/README.md)
+
+#### Fluentd Output
+Download fluentd conf for different log-vendors. For example
+Splunk: 
 
+Splunk setup can be found at [README.](https://github.com/jfrog/log-analytics-splunk/blob/master/README.md)
+````text
+wget https://raw.githubusercontent.com/jfrog/log-analytics/master/fluentd/plugins/input/fluent-plugin-jfrog-siem/splunk.conf
+````
+Elasticsearch: 
+
+Elasticsearch Kibana setup can be found at [README.](https://github.com/jfrog/log-analytics-elastic/blob/master/README.md)
+````text
+wget https://raw.githubusercontent.com/jfrog/log-analytics/master/fluentd/plugins/input/fluent-plugin-jfrog-siem/elastic.conf
+````
+
+#### Configuration parameters
+Integration is done by setting up Xray. Obtain JPD url and access token for API. Configure the source directive parameters specified below
 * **tag** (string) (required): The value is the tag assigned to the generated events.
 * **jpd_url** (string) (required): JPD url required to pull Xray SIEM violations
 * **access_token** (string) (required): [Access token](https://www.jfrog.com/confluence/display/JFROG/Access+Tokens) to authenticate Xray
 * **pos_file** (string) (required): Position file to record last SIEM violation pulled
 * **batch_size** (integer) (optional): Batch size for processing violations
-    * Default value: `25`.
+    * Default value: `25`
 * **thread_count** (integer) (optional): Number of workers to process violation records in thread pool
-    * Default value: `5`.
+    * Default value: `5`
 * **wait_interval** (integer) (optional): Wait interval between pulling new events
-    * Default value: `60`.
+    * Default value: `60`
     
 ## Copyright
-
 * Copyright(c) 2020 - JFrog
 * License
   * Apache License, Version 2.0

data/elastic.conf

@@ -0,0 +1,18 @@
+<source>
+  @type jfrog_siem
+  tag elastic_jfrog
+  jpd_url <jpd_url>
+  access_token <access_token>
+  pos_file "elastic_pos.txt"
+</source>
+<match elastic*>
+  @type elasticsearch
+  @id elasticsearch
+  host elasticsearch
+  port 9200
+  user <username>
+  password <password>
+  index_name xray_siem
+  include_tag_key true
+  type_name fluentd
+</match>

data/fluent-plugin-jfrog-siem.gemspec

@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name    = "fluent-plugin-jfrog-siem"
-  spec.version = "0.1.2"
+  spec.version = "0.1.3"
   spec.authors = ["John Peterson", "Mahitha Byreddy"]
   spec.email   = ["johnp@jfrog.com", "mahithab@jfrog.com"]
 

data/splunk.conf

@@ -0,0 +1,18 @@
+<source>
+  @type jfrog_siem
+  tag splunk_jfrog
+  jpd_url <jpd_url>
+  access_token <access_token>
+  pos_file "splunk_pos.txt"
+</source>
+<match splunk*>
+  @type splunk_hec
+  host HEC_HOST
+  port HEC_PORT
+  token HEC_TOKEN
+  format json
+  sourcetype_key log_source
+  use_fluentd_time false
+  index violations
+  flush_interval 10s
+</match>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-jfrog-siem
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - John Peterson
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-11-17 00:00:00.000000000 Z
+date: 2021-01-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -100,8 +100,10 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- elastic.conf
 - fluent-plugin-jfrog-siem.gemspec
 - lib/fluent/plugin/in_jfrog_siem.rb
+- splunk.conf
 - test/helper.rb
 - test/plugin/test_in_jfrog_siem.rb
 homepage: https://github.com/jfrog/log-analytics