Pulse Connect Secure Integration
editPulse Connect Secure Integration
editVersion |
2.3.0 (View all) |
Compatible Kibana version(s) |
8.13.0 or higher |
Supported Serverless project types |
Security |
Subscription level |
Basic |
Level of support |
Community |
This integration is for Pulse Connect Secure.
Log
editExample
An example event for log
looks as following:
{ "@timestamp": "2021-10-19T09:10:35.000+02:00", "agent": { "ephemeral_id": "59d9a27c-2780-41a3-b336-00bff722f3ec", "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7", "name": "docker-fleet-agent", "type": "filebeat", "version": "8.13.0" }, "client": { "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, "geo": { "city_name": "Linköping", "continent_name": "Europe", "country_iso_code": "SE", "country_name": "Sweden", "location": { "lat": 58.4167, "lon": 15.6167 }, "region_iso_code": "SE-E", "region_name": "Östergötland County" }, "ip": "89.160.20.156" }, "data_stream": { "dataset": "pulse_connect_secure.log", "namespace": "47711", "type": "logs" }, "ecs": { "version": "8.11.0" }, "elastic_agent": { "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7", "snapshot": false, "version": "8.13.0" }, "event": { "agent_id_status": "verified", "category": [ "network" ], "created": "2021-10-19T09:10:35.000+02:00", "dataset": "pulse_connect_secure.log", "ingested": "2024-06-12T03:21:05Z", "kind": "event", "original": "Oct 19 09:10:35 pcs-node1 1 2021-10-19T09:10:35+02:00 10.5.2.3 PulseSecure: - - - 2021-10-19 09:10:35 - pcs-node1 - [89.160.20.156] user.name(REALM)[REALM_ROLES] - Agent login succeeded for user.name/REALM (session:sid74fa8e00ca601280318287f67dfaee7cc6da40db0be6ac75) from 89.160.20.156 with Pulse-Secure/9.1.13.11723 (Windows 10) Pulse/9.1.13.11723.", "outcome": "success", "timezone": "+02:00" }, "host": { "hostname": "pcs-node1" }, "input": { "type": "udp" }, "log": { "source": { "address": "172.19.0.5:42415" } }, "message": "Agent login succeeded for user.name/REALM (session:sid74fa8e00ca601280318287f67dfaee7cc6da40db0be6ac75) from 89.160.20.156 with Pulse-Secure/9.1.13.11723 (Windows 10) Pulse/9.1.13.11723.", "observer": { "ip": [ "10.5.2.3" ], "name": "pcs-node1", "product": "Pulse Secure Connect", "type": "vpn", "vendor": "Pulse Secure" }, "pulse_secure": { "realm": "REALM", "role": "REALM_ROLES", "session": { "id": "sid74fa8e00ca601280318287f67dfaee7cc6da40db0be6ac75" } }, "source": { "address": "89.160.20.156", "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, "geo": { "city_name": "Linköping", "continent_name": "Europe", "country_iso_code": "SE", "country_name": "Sweden", "location": { "lat": 58.4167, "lon": 15.6167 }, "region_iso_code": "SE-E", "region_name": "Östergötland County" }, "ip": "89.160.20.156" }, "tags": [ "preserve_original_event", "forwarded", "pulse_connect_secure-log" ], "user": { "name": "user.name" }, "user_agent": { "device": { "name": "Other" }, "name": "Other", "original": "Pulse-Secure/9.1.13.11723 (Windows 10) Pulse/9.1.13.11723", "os": { "full": "Windows 10", "name": "Windows", "version": "10" } } }
Exported fields
Field | Description | Type |
---|---|---|
@timestamp |
Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. |
date |
cloud.image.id |
Image ID for the cloud instance. |
keyword |
data_stream.dataset |
Data stream dataset. |
constant_keyword |
data_stream.namespace |
Data stream namespace. |
constant_keyword |
data_stream.type |
Data stream type. |
constant_keyword |
event.dataset |
Event dataset |
constant_keyword |
event.module |
Event module |
constant_keyword |
host.containerized |
If the host is a container. |
boolean |
host.os.build |
OS build information. |
keyword |
host.os.codename |
OS codename, if any. |
keyword |
input.type |
Input type |
keyword |
log.flags |
Flags for the log file. |
keyword |
log.offset |
Log offset |
long |
log.source.address |
Source address from which the log event was read / sent from. |
keyword |
pulse_secure.realm |
test |
keyword |
pulse_secure.role |
test |
keyword |
pulse_secure.session.id |
test |
keyword |
pulse_secure.session.id_short |
keyword |
Changelog
editChangelog
Version | Details | Kibana version(s) |
---|---|---|
2.3.0 |
Enhancement (View pull request) |
8.13.0 or higher |
2.2.1 |
Bug fix (View pull request) |
8.13.0 or higher |
2.2.0 |
Enhancement (View pull request) |
8.13.0 or higher |
2.1.0 |
Enhancement (View pull request) |
8.13.0 or higher |
2.0.1 |
Bug fix (View pull request) |
7.16.0 or higher |
2.0.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.19.1 |
Bug fix (View pull request) |
7.16.0 or higher |
1.19.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.18.3 |
Bug fix (View pull request) |
7.16.0 or higher |
1.18.2 |
Enhancement (View pull request) |
7.16.0 or higher |
1.18.1 |
Bug fix (View pull request) |
7.16.0 or higher |
1.18.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.17.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.16.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.15.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.14.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.13.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.12.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.11.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.10.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.9.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.8.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.7.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.6.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.5.1 |
Enhancement (View pull request) |
7.16.0 or higher |
1.5.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.4.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.3.1 |
Bug fix (View pull request) |
7.16.0 or higher |
1.3.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.2.2 |
Enhancement (View pull request) |
7.16.0 or higher |
1.2.1 |
Bug fix (View pull request) |
7.16.0 or higher |
1.2.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.1.0 |
Enhancement (View pull request) |
7.16.0 or higher |
1.0.1 |
Bug fix (View pull request) |
7.16.0 or higher |
1.0.0 |
Enhancement (View pull request) |
7.16.0 or higher |
0.3.0 |
Enhancement (View pull request) |
— |
0.2.1 |
Enhancement (View pull request) |
— |
0.2.0 |
Enhancement (View pull request) |
— |
0.1.0 |
Enhancement (View pull request) |
— |
0.0.2 |
Bug fix (View pull request) |
— |
0.0.1 |
Enhancement (View pull request) |
— |