ZeroFox
Collect logs from ZeroFox with Elastic Agent.
Version | 1.25.0 (View all) |
Compatible Kibana version(s) | 8.13.0 or higher |
Supported Serverless project types | Security Observability |
Subscription level | Basic |
Level of support | Partner |
The ZeroFox Platform integration collects and parses data from the the ZeroFox Alert APIs.
Compatibility
This integration supports the ZeroFox API v1.0
ZeroFox
Contains alert data received from the ZeroFox Cloud Platform
Exported fields
Field | Description | Type |
---|---|---|
@timestamp | Event timestamp. | date |
cloud.image.id | Image ID for the cloud instance. | keyword |
data_stream.dataset | Data stream dataset name. | constant_keyword |
data_stream.namespace | Data stream namespace. | constant_keyword |
data_stream.type | Data stream type. | constant_keyword |
dataset.name | Dataset name. | constant_keyword |
dataset.namespace | Dataset namespace. | constant_keyword |
dataset.type | Dataset type. | constant_keyword |
event.dataset | Event dataset | constant_keyword |
event.module | Event module | constant_keyword |
host.containerized | If the host is a container. | boolean |
host.os.build | OS build information. | keyword |
host.os.codename | OS codename, if any. | keyword |
input.type | Type of Filebeat input. | keyword |
zerofox.content_actions | keyword | |
zerofox.darkweb_term | keyword | |
zerofox.entity.entity_group.id | The entity group identifier. | integer |
zerofox.entity.entity_group.name | The entity group name. | keyword |
zerofox.entity.id | The entity identifier. | keyword |
zerofox.entity.image | The entity default image url. | keyword |
zerofox.entity.labels.id | The entity label identifier | keyword |
zerofox.entity.labels.name | The entity label text | keyword |
zerofox.entity.name | The entity name. | keyword |
zerofox.entity_account | keyword | |
zerofox.entity_term.deleted | boolean | |
zerofox.entity_term.id | keyword | |
zerofox.entity_term.name | keyword | |
zerofox.escalated | boolean | |
zerofox.last_modified | date | |
zerofox.metadata | flattened | |
zerofox.notes | text | |
zerofox.perpetrator.account_number | keyword | |
zerofox.perpetrator.content | keyword | |
zerofox.perpetrator.destination_account_number | keyword | |
zerofox.perpetrator.display_name | keyword | |
zerofox.perpetrator.id | keyword | |
zerofox.perpetrator.image | keyword | |
zerofox.perpetrator.name | keyword | |
zerofox.perpetrator.network | keyword | |
zerofox.perpetrator.parent_post_account_number | keyword | |
zerofox.perpetrator.parent_post_number | keyword | |
zerofox.perpetrator.parent_post_url | keyword | |
zerofox.perpetrator.post_number | keyword | |
zerofox.perpetrator.post_type | keyword | |
zerofox.perpetrator.timestamp | keyword | |
zerofox.perpetrator.type | keyword | |
zerofox.perpetrator.url | keyword | |
zerofox.perpetrator.username | keyword | |
zerofox.protected_account | keyword | |
zerofox.protected_locations | keyword | |
zerofox.protected_social_object | keyword | |
zerofox.reviewed | boolean | |
zerofox.reviews | keyword | |
zerofox.status | keyword | |
zerofox.tags | keyword |
Changelog
Version | Details | Kibana version(s) |
---|---|---|
1.25.0 | Enhancement View pull request | 8.13.0 or higher |
1.24.0 | Enhancement View pull request | 8.12.0 or higher |
1.23.0 | Enhancement View pull request | 8.12.0 or higher |
1.22.1 | Enhancement View pull request | 8.7.1 or higher |
1.22.0 | Enhancement View pull request | 8.7.1 or higher |
1.21.0 | Enhancement View pull request | 8.7.1 or higher |
1.20.0 | Enhancement View pull request | 8.7.1 or higher |
1.19.0 | Enhancement View pull request | 8.7.1 or higher |
1.18.0 | Enhancement View pull request | 8.7.1 or higher |
1.17.0 | Enhancement View pull request | 8.7.1 or higher |
1.16.0 | Enhancement View pull request | 8.7.1 or higher |
1.15.0 | Enhancement View pull request | 8.7.1 or higher |
1.14.0 | Enhancement View pull request | 8.7.1 or higher |
1.13.0 | Enhancement View pull request | 8.7.1 or higher |
1.12.0 | Enhancement View pull request | 8.7.1 or higher |
1.11.0 | Enhancement View pull request | 8.7.1 or higher |
1.10.0 | Enhancement View pull request | 8.7.1 or higher |
1.9.0 | Enhancement View pull request | 8.7.1 or higher |
1.8.0 | Enhancement View pull request | 7.14 or higher |
1.7.1 | Enhancement View pull request | 7.14 or higher |
1.7.0 | Enhancement View pull request | 7.14 or higher |
1.6.0 | Enhancement View pull request | 7.14 or higher |
1.5.0 | Enhancement View pull request | 7.14 or higher |
1.4.1 | Enhancement View pull request | 7.14 or higher |
1.4.0 | Enhancement View pull request | 7.14 or higher |
1.3.1 | Enhancement View pull request | 7.14 or higher |
1.3.0 | Enhancement View pull request | 7.14 or higher |
1.2.1 | Enhancement View pull request | 7.14 or higher |
1.2.0 | Enhancement View pull request | 7.14 or higher |
1.1.0 | Enhancement View pull request | 7.14 or higher |
1.0.3 | Enhancement View pull request | 7.14 or higher |
1.0.2 | Enhancement View pull request | — |
1.0.1 | Bug fix View pull request | — |
1.0.0 | Enhancement View pull request | — |
0.2.0 | Enhancement View pull request | — |
0.1.1 | Enhancement View pull request | — |
0.1.0 | Enhancement View pull request | — |