ZeroFox Cloud Platform Integration

edit

ZeroFox Cloud Platform Integration

edit

Version

1.26.0 (View all)

Compatible Kibana version(s)

8.13.0 or higher

Supported Serverless project types
What’s this?

Security
Observability

Subscription level
What’s this?

Basic

Level of support
What’s this?

Partner

The ZeroFox Platform integration collects and parses data from the the ZeroFox Alert APIs.

Compatibility

edit

This integration supports the ZeroFox API v1.0

ZeroFox

edit

Contains alert data received from the ZeroFox Cloud Platform

Exported fields
Field Description Type

@timestamp

Event timestamp.

date

cloud.image.id

Image ID for the cloud instance.

keyword

data_stream.dataset

Data stream dataset name.

constant_keyword

data_stream.namespace

Data stream namespace.

constant_keyword

data_stream.type

Data stream type.

constant_keyword

dataset.name

Dataset name.

constant_keyword

dataset.namespace

Dataset namespace.

constant_keyword

dataset.type

Dataset type.

constant_keyword

event.dataset

Event dataset

constant_keyword

event.module

Event module

constant_keyword

host.containerized

If the host is a container.

boolean

host.os.build

OS build information.

keyword

host.os.codename

OS codename, if any.

keyword

input.type

Type of Filebeat input.

keyword

zerofox.content_actions

keyword

zerofox.darkweb_term

keyword

zerofox.entity.entity_group.id

The entity group identifier.

integer

zerofox.entity.entity_group.name

The entity group name.

keyword

zerofox.entity.id

The entity identifier.

keyword

zerofox.entity.image

The entity default image url.

keyword

zerofox.entity.labels.id

The entity label identifier

keyword

zerofox.entity.labels.name

The entity label text

keyword

zerofox.entity.name

The entity name.

keyword

zerofox.entity_account

keyword

zerofox.entity_term.deleted

boolean

zerofox.entity_term.id

keyword

zerofox.entity_term.name

keyword

zerofox.escalated

boolean

zerofox.last_modified

date

zerofox.metadata

flattened

zerofox.notes

text

zerofox.perpetrator.account_number

keyword

zerofox.perpetrator.content

keyword

zerofox.perpetrator.destination_account_number

keyword

zerofox.perpetrator.display_name

keyword

zerofox.perpetrator.id

keyword

zerofox.perpetrator.image

keyword

zerofox.perpetrator.name

keyword

zerofox.perpetrator.network

keyword

zerofox.perpetrator.parent_post_account_number

keyword

zerofox.perpetrator.parent_post_number

keyword

zerofox.perpetrator.parent_post_url

keyword

zerofox.perpetrator.post_number

keyword

zerofox.perpetrator.post_type

keyword

zerofox.perpetrator.timestamp

keyword

zerofox.perpetrator.type

keyword

zerofox.perpetrator.url

keyword

zerofox.perpetrator.username

keyword

zerofox.protected_account

keyword

zerofox.protected_locations

keyword

zerofox.protected_social_object

keyword

zerofox.reviewed

boolean

zerofox.reviews

keyword

zerofox.status

keyword

zerofox.tags

keyword

Changelog

edit
Changelog
Version Details Kibana version(s)

1.26.0

Enhancement (View pull request)
Add "preserve_original_event" tag to documents with event.kind set to "pipeline_error".

8.13.0 or higher

1.25.0

Enhancement (View pull request)
Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template.

8.13.0 or higher

1.24.0

Enhancement (View pull request)
Improve handling of empty responses.

8.12.0 or higher

1.23.0

Enhancement (View pull request)
Set sensitive values as secret.

8.12.0 or higher

1.22.1

Enhancement (View pull request)
Changed owners

8.7.1 or higher

1.22.0

Enhancement (View pull request)
Limit request tracer log count to five.

8.7.1 or higher

1.21.0

Enhancement (View pull request)
ECS version updated to 8.11.0.

8.7.1 or higher

1.20.0

Enhancement (View pull request)
Improve event.original check to avoid errors if set.

8.7.1 or higher

1.19.0

Enhancement (View pull request)
Set partner owner type.

8.7.1 or higher

1.18.0

Enhancement (View pull request)
ECS version updated to 8.10.0.

8.7.1 or higher

1.17.0

Enhancement (View pull request)
The format_version in the package manifest changed from 2.11.0 to 3.0.0. Removed dotted YAML keys from package manifest. Added owner.type: elastic to package manifest.

8.7.1 or higher

1.16.0

Enhancement (View pull request)
Add tags.yml file so that integration’s dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI.

8.7.1 or higher

1.15.0

Enhancement (View pull request)
Update package to ECS 8.9.0.

8.7.1 or higher

1.14.0

Enhancement (View pull request)
Document duration units.

8.7.1 or higher

1.13.0

Enhancement (View pull request)
Document valid duration units.

8.7.1 or higher

1.12.0

Enhancement (View pull request)
Ensure event.kind is correctly set for pipeline errors.

8.7.1 or higher

1.11.0

Enhancement (View pull request)
Update package to ECS 8.8.0.

8.7.1 or higher

1.10.0

Enhancement (View pull request)
Update package-spec version to 2.7.0.

8.7.1 or higher

1.9.0

Enhancement (View pull request)
Add a new flag to enable request tracing

8.7.1 or higher

1.8.0

Enhancement (View pull request)
Update package to ECS 8.7.0.

7.14 or higher
8.0.0 or higher

1.7.1

Enhancement (View pull request)
Added categories and/or subcategories.

7.14 or higher
8.0.0 or higher

1.7.0

Enhancement (View pull request)
Update package to ECS 8.6.0.

7.14 or higher
8.0.0 or higher

1.6.0

Enhancement (View pull request)
Update package to ECS 8.5.0.

7.14 or higher
8.0.0 or higher

1.5.0

Enhancement (View pull request)
Update package to ECS 8.4.0

7.14 or higher
8.0.0 or higher

1.4.1

Enhancement (View pull request)
Update package name and description to align with standard wording

7.14 or higher
8.0.0 or higher

1.4.0

Enhancement (View pull request)
Update package to ECS 8.3.0.

7.14 or higher
8.0.0 or higher

1.3.1

Enhancement (View pull request)
update readme added a ink to zerofox readme

7.14 or higher
8.0.0 or higher

1.3.0

Enhancement (View pull request)
Update to ECS 8.2

7.14 or higher
8.0.0 or higher

1.2.1

Enhancement (View pull request)
Add documentation for multi-fields

7.14 or higher
8.0.0 or higher

1.2.0

Enhancement (View pull request)
Update to ECS 8.0

7.14 or higher
8.0.0 or higher

1.1.0

Enhancement (View pull request)
Add 8.0.0 version constraint

7.14 or higher
8.0.0 or higher

1.0.3

Enhancement (View pull request)
Uniform with guidelines

7.14 or higher

1.0.2

Enhancement (View pull request)
Update Title and Description.

1.0.1

Bug fix (View pull request)
Fix logic that checks for the forwarded tag

1.0.0

Enhancement (View pull request)
GA package

0.2.0

Enhancement (View pull request)
Update to ECS 1.12.0

0.1.1

Enhancement (View pull request)
Escape special characters in docs

0.1.0

Enhancement (View pull request)
initial release