Pulse Connect Secure
Collect logs from Pulse Connect Secure with Elastic Agent.
Version | 2.2.1 (View all) |
Compatible Kibana version(s) | 8.13.0 or higher |
Supported Serverless project types | Security Observability |
Subscription level | Basic |
Level of support | Community |
This integration is for Pulse Connect Secure.
Log
An example event for log
looks as following:
{
"@timestamp": "2021-10-19T09:10:35.000+02:00",
"agent": {
"ephemeral_id": "59d9a27c-2780-41a3-b336-00bff722f3ec",
"id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "8.13.0"
},
"client": {
"address": "89.160.20.156",
"as": {
"number": 29518,
"organization": {
"name": "Bredband2 AB"
}
},
"geo": {
"city_name": "Linköping",
"continent_name": "Europe",
"country_iso_code": "SE",
"country_name": "Sweden",
"location": {
"lat": 58.4167,
"lon": 15.6167
},
"region_iso_code": "SE-E",
"region_name": "Östergötland County"
},
"ip": "89.160.20.156"
},
"data_stream": {
"dataset": "pulse_connect_secure.log",
"namespace": "47711",
"type": "logs"
},
"ecs": {
"version": "8.11.0"
},
"elastic_agent": {
"id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
"snapshot": false,
"version": "8.13.0"
},
"event": {
"agent_id_status": "verified",
"category": [
"network"
],
"created": "2021-10-19T09:10:35.000+02:00",
"dataset": "pulse_connect_secure.log",
"ingested": "2024-06-12T03:21:05Z",
"kind": "event",
"original": "Oct 19 09:10:35 pcs-node1 1 2021-10-19T09:10:35+02:00 10.5.2.3 PulseSecure: - - - 2021-10-19 09:10:35 - pcs-node1 - [89.160.20.156] user.name(REALM)[REALM_ROLES] - Agent login succeeded for user.name/REALM (session:sid74fa8e00ca601280318287f67dfaee7cc6da40db0be6ac75) from 89.160.20.156 with Pulse-Secure/9.1.13.11723 (Windows 10) Pulse/9.1.13.11723.",
"outcome": "success",
"timezone": "+02:00"
},
"host": {
"hostname": "pcs-node1"
},
"input": {
"type": "udp"
},
"log": {
"source": {
"address": "172.19.0.5:42415"
}
},
"message": "Agent login succeeded for user.name/REALM (session:sid74fa8e00ca601280318287f67dfaee7cc6da40db0be6ac75) from 89.160.20.156 with Pulse-Secure/9.1.13.11723 (Windows 10) Pulse/9.1.13.11723.",
"observer": {
"ip": [
"10.5.2.3"
],
"name": "pcs-node1",
"product": "Pulse Secure Connect",
"type": "vpn",
"vendor": "Pulse Secure"
},
"pulse_secure": {
"realm": "REALM",
"role": "REALM_ROLES",
"session": {
"id": "sid74fa8e00ca601280318287f67dfaee7cc6da40db0be6ac75"
}
},
"source": {
"address": "89.160.20.156",
"as": {
"number": 29518,
"organization": {
"name": "Bredband2 AB"
}
},
"geo": {
"city_name": "Linköping",
"continent_name": "Europe",
"country_iso_code": "SE",
"country_name": "Sweden",
"location": {
"lat": 58.4167,
"lon": 15.6167
},
"region_iso_code": "SE-E",
"region_name": "Östergötland County"
},
"ip": "89.160.20.156"
},
"tags": [
"preserve_original_event",
"forwarded",
"pulse_connect_secure-log"
],
"user": {
"name": "user.name"
},
"user_agent": {
"device": {
"name": "Other"
},
"name": "Other",
"original": "Pulse-Secure/9.1.13.11723 (Windows 10) Pulse/9.1.13.11723",
"os": {
"full": "Windows 10",
"name": "Windows",
"version": "10"
}
}
}
Exported fields
Field | Description | Type |
---|---|---|
@timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date |
cloud.image.id | Image ID for the cloud instance. | keyword |
data_stream.dataset | Data stream dataset. | constant_keyword |
data_stream.namespace | Data stream namespace. | constant_keyword |
data_stream.type | Data stream type. | constant_keyword |
event.dataset | Event dataset | constant_keyword |
event.module | Event module | constant_keyword |
host.containerized | If the host is a container. | boolean |
host.os.build | OS build information. | keyword |
host.os.codename | OS codename, if any. | keyword |
input.type | Input type | keyword |
log.flags | Flags for the log file. | keyword |
log.offset | Log offset | long |
log.source.address | Source address from which the log event was read / sent from. | keyword |
pulse_secure.realm | test | keyword |
pulse_secure.role | test | keyword |
pulse_secure.session.id | test | keyword |
pulse_secure.session.id_short | keyword |
Changelog
Version | Details | Kibana version(s) |
---|---|---|
2.2.1 | Bug fix View pull request | 8.13.0 or higher |
2.2.0 | Enhancement View pull request | 8.13.0 or higher |
2.1.0 | Enhancement View pull request | 8.13.0 or higher |
2.0.1 | Bug fix View pull request | 7.16.0 or higher |
2.0.0 | Enhancement View pull request | 7.16.0 or higher |
1.19.1 | Bug fix View pull request | 7.16.0 or higher |
1.19.0 | Enhancement View pull request | 7.16.0 or higher |
1.18.3 | Bug fix View pull request | 7.16.0 or higher |
1.18.2 | Enhancement View pull request | 7.16.0 or higher |
1.18.1 | Bug fix View pull request | 7.16.0 or higher |
1.18.0 | Enhancement View pull request | 7.16.0 or higher |
1.17.0 | Enhancement View pull request | 7.16.0 or higher |
1.16.0 | Enhancement View pull request | 7.16.0 or higher |
1.15.0 | Enhancement View pull request | 7.16.0 or higher |
1.14.0 | Enhancement View pull request | 7.16.0 or higher |
1.13.0 | Enhancement View pull request | 7.16.0 or higher |
1.12.0 | Enhancement View pull request | 7.16.0 or higher |
1.11.0 | Enhancement View pull request | 7.16.0 or higher |
1.10.0 | Enhancement View pull request | 7.16.0 or higher |
1.9.0 | Enhancement View pull request | 7.16.0 or higher |
1.8.0 | Enhancement View pull request | 7.16.0 or higher |
1.7.0 | Enhancement View pull request | 7.16.0 or higher |
1.6.0 | Enhancement View pull request | 7.16.0 or higher |
1.5.1 | Enhancement View pull request | 7.16.0 or higher |
1.5.0 | Enhancement View pull request | 7.16.0 or higher |
1.4.0 | Enhancement View pull request | 7.16.0 or higher |
1.3.1 | Bug fix View pull request | 7.16.0 or higher |
1.3.0 | Enhancement View pull request | 7.16.0 or higher |
1.2.2 | Enhancement View pull request | 7.16.0 or higher |
1.2.1 | Bug fix View pull request | 7.16.0 or higher |
1.2.0 | Enhancement View pull request | 7.16.0 or higher |
1.1.0 | Enhancement View pull request | 7.16.0 or higher |
1.0.1 | Bug fix View pull request | 7.16.0 or higher |
1.0.0 | Enhancement View pull request | 7.16.0 or higher |
0.3.0 | Enhancement View pull request | — |
0.2.1 | Enhancement View pull request | — |
0.2.0 | Enhancement View pull request | — |
0.1.0 | Enhancement View pull request | — |
0.0.2 | Bug fix View pull request | — |
0.0.1 | Enhancement View pull request | — |