-
Notifications
You must be signed in to change notification settings - Fork 73
/
spec.yml
147 lines (147 loc) · 4.47 KB
/
spec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
spec:
additionalContents: false
contents:
- description: Folder containing Kibana dashboard assets
type: folder
name: dashboard
required: false
contents:
- description: A dashboard asset file
type: file
contentMediaType: "application/json"
pattern: '^{PACKAGE_NAME}-.+\.json$'
forbiddenPatterns:
- '^.+-(ecs|ECS)\.json$' # ECS suffix is forbidden
- description: Folder containing Kibana visualization assets
type: folder
name: visualization
required: false
contents:
- description: A visualization asset file
type: file
contentMediaType: "application/json"
pattern: '^{PACKAGE_NAME}-.+\.json$'
forbiddenPatterns:
- '^.+-(ecs|ECS)\.json$' # ECS suffix is forbidden
- description: Folder containing Kibana saved search assets
type: folder
name: search
required: false
contents:
- description: A saved search asset file
type: file
contentMediaType: "application/json"
pattern: '^{PACKAGE_NAME}-.+\.json$'
forbiddenPatterns:
- '^.+-(ecs|ECS)\.json$' # ECS suffix is forbidden
- description: Folder containing Kibana map assets
type: folder
name: map
required: false
contents:
- description: A map asset file
type: file
contentMediaType: "application/json"
pattern: '^{PACKAGE_NAME}-.+\.json$'
forbiddenPatterns:
- '^.+-(ecs|ECS)\.json$' # ECS suffix is forbidden
- description: Folder containing Kibana lens assets
type: folder
name: lens
required: false
contents:
- description: A lens asset file
type: file
contentMediaType: "application/json"
pattern: '^{PACKAGE_NAME}-.+\.json$'
forbiddenPatterns:
- '^.+-(ecs|ECS)\.json$' # ECS suffix is forbidden
- description: Folder containing Kibana index pattern assets
type: folder
name: "index_pattern"
required: false
contents:
- description: An index pattern asset file
type: file
contentMediaType: "application/json"
pattern: '^.+\.json$'
- description: Folder containing rules
type: folder
name: "security_rule"
required: false
contents:
- description: An individual rule file for the detection engine
type: file
contentMediaType: "application/json"
pattern: '^.+\.json$'
- description: Folder containing CSP rule templates
type: folder
name: "csp_rule_template"
required: false
contents:
- description: An individual CSP rule template file for the cloud security posture management solution
type: file
contentMediaType: "application/json"
pattern: '^.+\.json$'
- description: Folder containing ML module assets
type: folder
name: ml_module
required: false
contents:
- description: An ML module asset file
type: file
contentMediaType: "application/json"
pattern: '^{PACKAGE_NAME}-.+\.json$'
- description: Folder containing Kibana tags
type: folder
name: tag
required: false
contents:
- description: A dashboard tag file
type: file
contentMediaType: "application/json"
pattern: '^{PACKAGE_NAME}-.+\.json$'
- description: Folder containing Osquery pack assets
type: folder
name: osquery_pack_asset
required: false
contents:
- description: An osquery pack asset file
type: file
contentMediaType: "application/json"
pattern: '^{PACKAGE_NAME}-.+\.json$'
- description: Folder containing Osquery saved queries
type: folder
name: osquery_saved_query
required: false
contents:
- description: An osquery saved query file
type: file
contentMediaType: "application/json"
pattern: '^{PACKAGE_NAME}-.+\.json$'
- description: File containing saved object tag definitions for assets
type: file
contentMediaType: "application/x-yaml"
name: "tags.yml"
required: false
$ref: "./tags.spec.yml"
- description: Folder containing Kibana SLO assets
type: folder
name: slo
required: false
contents:
- description: An SLO asset file
type: file
contentMediaType: "application/json"
pattern: '^{PACKAGE_NAME}-.+\.json$'
forbiddenPatterns:
- '^.+-(ecs|ECS)\.json$' # ECS suffix is forbidden
versions:
- before: 3.3.0
patch:
- op: remove
path: "/contents/13" # remove SLO definitions
- before: 2.10.0
patch:
- op: remove
path: "/contents/12" # remove tags definition