fluent-plugin-jfrog-siem 0.1.9 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +36 -0
- data/README.md +2 -1
- data/fluent-plugin-jfrog-siem.gemspec +1 -1
- data/test/plugin/test_in_jfrog_siem.rb +3 -3
- metadata +3 -4
- data/elastic.conf +0 -18
- data/splunk.conf +0 -18
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 306eb5d59fd5e00e2e8feda0339a3b635f1e61aaabff9312ad372dc714c3ff8f
|
4
|
+
data.tar.gz: 469ea7950f9d96236a88159a797f17077b31f5c3d7ddc19ca91f4d6209963a9a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 02db6faa97750196fd42a0b04a8a8f517dfa0a26ad585778b8283b4cce9814ff239d96eb0a9ca34ef02a2f66bab9bb632cf8c0194afe7a3e4902ea08f4d9fd77
|
7
|
+
data.tar.gz: 745bef31330a205aac78d2f49e2b25f6f924f52c3d8a0be35d3d1f4aee77f1c862b8e8124a95ed62d90befc3e5a351061cbe1b902482484e3778081404737527
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
# JFrog Fluentd SIEM Input Plugin Changelog
|
2
|
+
All changes to the SIEM plugin will be documented in this file.
|
3
|
+
|
4
|
+
## [1.0.0] - May 18, 2020
|
5
|
+
* [BREAKING] Using JFrog API Key for authentication
|
6
|
+
|
7
|
+
## [0.1.9] - May 17, 2021
|
8
|
+
* Handling the case where violations are left in a batch to be processed
|
9
|
+
|
10
|
+
## [0.1.8] - May 10, 2021
|
11
|
+
* Fixing persist, not persist item conditions
|
12
|
+
|
13
|
+
## [0.1.7] - April 21, 2021
|
14
|
+
* Adding policies and rules to payload
|
15
|
+
|
16
|
+
## [0.1.6] - April 13, 2021
|
17
|
+
* Adding additonal parameters to match with access logs for correlation
|
18
|
+
|
19
|
+
## [0.1.5] - March 29, 2021
|
20
|
+
* Normalizing the format of Impacted Artifact, fixing properties not found case
|
21
|
+
|
22
|
+
## [0.1.4] - February 02, 2021
|
23
|
+
* Adding dependencies, gemspec updates
|
24
|
+
|
25
|
+
## [0.1.3] - January 21, 2021
|
26
|
+
* Fixing thread pool issues (moving loop inside a thread pool)
|
27
|
+
|
28
|
+
## [0.1.2] - November 17, 2020
|
29
|
+
* Changes to better README
|
30
|
+
|
31
|
+
## [0.1.1] - November 17, 2020
|
32
|
+
* Adding dependencies to gemspec
|
33
|
+
|
34
|
+
## [0.1.0] - October 05, 2020
|
35
|
+
* Initial release of Jfrog Logs Analytic integration
|
36
|
+
|
data/README.md
CHANGED
@@ -87,7 +87,8 @@ wget https://raw.githubusercontent.com/jfrog/log-analytics-datadog/master/siem/d
|
|
87
87
|
Integration is done by setting up Xray. Obtain JPD url and access token for API. Configure the source directive parameters specified below
|
88
88
|
* **tag** (string) (required): The value is the tag assigned to the generated events.
|
89
89
|
* **jpd_url** (string) (required): JPD url required to pull Xray SIEM violations
|
90
|
-
* **
|
90
|
+
* **apikey** (string) (required): API Key is the [Artifactory API Key](https://www.jfrog.com/confluence/display/JFROG/User+Profile#UserProfile-APIKey) for authentication
|
91
|
+
* **username** (string) (required): USER is the Artifactory username for authentication
|
91
92
|
* **pos_file** (string) (required): Position file to record last SIEM violation pulled
|
92
93
|
* **batch_size** (integer) (optional): Batch size for processing violations
|
93
94
|
* Default value: `25`
|
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
3
3
|
|
4
4
|
Gem::Specification.new do |spec|
|
5
5
|
spec.name = "fluent-plugin-jfrog-siem"
|
6
|
-
spec.version = "0.
|
6
|
+
spec.version = "1.0.0"
|
7
7
|
spec.authors = ["John Peterson", "Mahitha Byreddy"]
|
8
8
|
spec.email = ["johnp@jfrog.com", "mahithab@jfrog.com"]
|
9
9
|
|
@@ -13,9 +13,9 @@ class JfrogSiemInputTest < Test::Unit::TestCase
|
|
13
13
|
# Default configuration for tests
|
14
14
|
CONFIG = %[
|
15
15
|
tag "test_tag"
|
16
|
-
jpd_url
|
17
|
-
username
|
18
|
-
apikey
|
16
|
+
jpd_url JPD_URL
|
17
|
+
username USER
|
18
|
+
apikey API_KEY
|
19
19
|
pos_file "test_pos.txt"
|
20
20
|
]
|
21
21
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-jfrog-siem
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John Peterson
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-05-
|
12
|
+
date: 2021-05-18 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|
@@ -124,14 +124,13 @@ executables: []
|
|
124
124
|
extensions: []
|
125
125
|
extra_rdoc_files: []
|
126
126
|
files:
|
127
|
+
- CHANGELOG.md
|
127
128
|
- Gemfile
|
128
129
|
- LICENSE
|
129
130
|
- README.md
|
130
131
|
- Rakefile
|
131
|
-
- elastic.conf
|
132
132
|
- fluent-plugin-jfrog-siem.gemspec
|
133
133
|
- lib/fluent/plugin/in_jfrog_siem.rb
|
134
|
-
- splunk.conf
|
135
134
|
- test/helper.rb
|
136
135
|
- test/plugin/test_in_jfrog_siem.rb
|
137
136
|
homepage: https://github.com/jfrog/log-analytics
|
data/elastic.conf
DELETED
@@ -1,18 +0,0 @@
|
|
1
|
-
<source>
|
2
|
-
@type jfrog_siem
|
3
|
-
tag elastic_jfrog
|
4
|
-
jpd_url <jpd_url>
|
5
|
-
access_token <access_token>
|
6
|
-
pos_file "elastic_pos.txt"
|
7
|
-
</source>
|
8
|
-
<match elastic*>
|
9
|
-
@type elasticsearch
|
10
|
-
@id elasticsearch
|
11
|
-
host elasticsearch
|
12
|
-
port 9200
|
13
|
-
user <username>
|
14
|
-
password <password>
|
15
|
-
index_name xray_siem
|
16
|
-
include_tag_key true
|
17
|
-
type_name fluentd
|
18
|
-
</match>
|
data/splunk.conf
DELETED
@@ -1,18 +0,0 @@
|
|
1
|
-
<source>
|
2
|
-
@type jfrog_siem
|
3
|
-
tag splunk_jfrog
|
4
|
-
jpd_url <jpd_url>
|
5
|
-
access_token <access_token>
|
6
|
-
pos_file "splunk_pos.txt"
|
7
|
-
</source>
|
8
|
-
<match splunk*>
|
9
|
-
@type splunk_hec
|
10
|
-
host HEC_HOST
|
11
|
-
port HEC_PORT
|
12
|
-
token HEC_TOKEN
|
13
|
-
format json
|
14
|
-
sourcetype_key log_source
|
15
|
-
use_fluentd_time false
|
16
|
-
index violations
|
17
|
-
flush_interval 10s
|
18
|
-
</match>
|