diff --git a/packages/cloud_defend/_dev/build/build.yml b/packages/cloud_defend/_dev/build/build.yml
new file mode 100644
index 00000000000..be0d5d54312
--- /dev/null
+++ b/packages/cloud_defend/_dev/build/build.yml
@@ -0,0 +1,4 @@
+dependencies:
+ ecs:
+ reference: git@8.6
+ import_mappings: true
diff --git a/packages/cloud_defend/changelog.yml b/packages/cloud_defend/changelog.yml
index ee586ebe16f..bc67edb89cd 100644
--- a/packages/cloud_defend/changelog.yml
+++ b/packages/cloud_defend/changelog.yml
@@ -1,4 +1,9 @@
# newer versions go on top
+- version: "0.1.1"
+ changes:
+ - description: This version now works e2e with the cloud-defend service.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/4680
- version: "0.1.0"
changes:
- description: Initial draft of the package
diff --git a/packages/cloud_defend/data_stream/alerts/agent/stream/stream.yml.hbs b/packages/cloud_defend/data_stream/alerts/agent/stream/stream.yml.hbs
index e98adeb36b4..8ca111b209a 100644
--- a/packages/cloud_defend/data_stream/alerts/agent/stream/stream.yml.hbs
+++ b/packages/cloud_defend/data_stream/alerts/agent/stream/stream.yml.hbs
@@ -1 +1,2 @@
-{{configuration}}
+security-policy:
+ {{configuration}}
diff --git a/packages/cloud_defend/data_stream/alerts/fields/ecs.yml b/packages/cloud_defend/data_stream/alerts/fields/ecs.yml
deleted file mode 100644
index 1242ae05f05..00000000000
--- a/packages/cloud_defend/data_stream/alerts/fields/ecs.yml
+++ /dev/null
@@ -1,203 +0,0 @@
-- name: message
- external: ecs
- type: match_only_text
-- name: ecs.version
- external: ecs
- type: keyword
-# agent
-- name: agent.id
- external: ecs
- type: keyword
-- name: agent.name
- external: ecs
- type: keyword
-- name: agent.type
- external: ecs
- type: keyword
-- name: agent.version
- external: ecs
- type: keyword
-# cloud
-- name: cloud.provider
- external: ecs
- type: keyword
-- name: cloud.region
- external: ecs
- type: keyword
-- name: cloud.availability_zone
- external: ecs
- type: keyword
-- name: cloud.account.id
- external: ecs
- type: keyword
-- name: cloud.account.name
- external: ecs
- type: keyword
-- name: cloud.project.id
- external: ecs
- type: keyword
-- name: cloud.project.name
- external: ecs
- type: keyword
-# container
-- name: container.id
- external: ecs
- type: keyword
-- name: container.image.name
- external: ecs
- type: keyword
-- name: container.image.tag
- external: ecs
- type: keyword
-# event
-- name: event.category
- external: ecs
- type: keyword
-- name: event.created
- external: ecs
- type: date
-- name: event.ingested
- external: ecs
- type: date
-- name: event.id
- external: ecs
- type: keyword
-- name: event.kind
- external: ecs
- type: keyword
-- name: event.type
- external: ecs
- type: keyword
-# file
-- name: file.mode
- external: ecs
- type: keyword
-- name: file.name
- external: ecs
- type: keyword
-- name: file.path
- external: ecs
- type: keyword
-# host
-- name: host.architecture
- external: ecs
- type: keyword
-- name: host.hostname
- external: ecs
- type: keyword
-- name: host.ip
- external: ecs
- type: ip
-- name: host.mac
- external: ecs
- type: keyword
-- name: host.name
- external: ecs
- type: keyword
-- name: host.os.codename
- external: ecs
- type: keyword
-- name: host.os.family
- external: ecs
- type: keyword
-- name: host.os.full
- external: ecs
- type: keyword
-- name: host.os.kernel
- external: ecs
- type: keyword
-- name: host.os.name
- external: ecs
- type: keyword
-- name: host.os.platform
- external: ecs
- type: keyword
-- name: host.os.type
- external: ecs
- type: keyword
-- name: host.os.version
- external: ecs
- type: keyword
-- name: host.boot.id
- external: ecs
- type: keyword
-- name: host.pid_ns_ino
- external: ecs
- type: keyword
-# orchestrator
-- name: orchestrator.cluster.id
- external: ecs
- type: keyword
-- name: orchestrator.cluster.name
- external: ecs
- type: keyword
-- name: orchestrator.resource.ip
- external: ecs
- type: keyword
-- name: orchestrator.resource.name
- external: ecs
- type: keyword
-- name: orchestrator.resource.type
- external: ecs
- type: keyword
-- name: orchestrator.resource.parent.type
- external: ecs
- type: keyword
-- name: orchestrator.namespace
- external: ecs
- type: keyword
-# process
-- name: process.entity_id
- external: ecs
- type: keyword
-- name: process.executable
- external: ecs
- type: keyword
-- name: process.name
- external: ecs
- type: keyword
-- name: process.parent.entity_id
- external: ecs
- type: keyword
-- name: process.parent.pid
- external: ecs
- type: long
-- name: process.parent.start
- external: ecs
- type: date
-- name: process.pid
- external: ecs
- type: long
-- name: process.entry_leader.entity_id
- external: ecs
- type: keyword
-- name: process.entry_leader.pid
- external: ecs
- type: long
-- name: process.entry_leader.start
- external: ecs
- type: date
-- name: process.session_leader.entity_id
- external: ecs
- type: keyword
-- name: process.session_leader.pid
- external: ecs
- type: long
-- name: process.session_leader.start
- external: ecs
- type: date
-- name: process.start
- external: ecs
- type: date
-- name: process.user.id
- external: ecs
- type: keyword
-- name: process.user.name
- external: ecs
- type: keyword
-- name: process.group.id
- external: ecs
- type: keyword
-- name: process.group.name
- external: ecs
- type: keyword
diff --git a/packages/cloud_defend/data_stream/alerts/manifest.yml b/packages/cloud_defend/data_stream/alerts/manifest.yml
index 4c4034c1e13..34e74abf3d1 100644
--- a/packages/cloud_defend/data_stream/alerts/manifest.yml
+++ b/packages/cloud_defend/data_stream/alerts/manifest.yml
@@ -1,10 +1,5 @@
title: "alerts"
type: logs
-#ilm_policy: logs-cloud_defend.alerts-default_policy TODO retention policy
-elasticsearch:
- index_template:
- mappings:
- dynamic: false
streams:
- input: cloud_defend/control
template_path: stream.yml.hbs
diff --git a/packages/cloud_defend/data_stream/alerts/sample_event.json b/packages/cloud_defend/data_stream/alerts/sample_event.json
deleted file mode 100644
index 5c243898279..00000000000
--- a/packages/cloud_defend/data_stream/alerts/sample_event.json
+++ /dev/null
@@ -1,63 +0,0 @@
-{
- "@timestamp": "0001-01-01T00:00:00Z",
- "agent.id": "7241730b-b86d-4028-a8a8-83d8bbecfd6a",
- "event": {
- "kind": "alert",
- "category": [
- "process"
- ],
- "type": [
- "denied"
- ],
- "action": "execMemFd"
- },
- "process": {
- "entity_id": "7241730b-b86d-4028-a8a8-83d8bbecfd6a",
- "pid": 2,
- "name": "nginx",
- "executable": "/bin/nginx",
- "start": "0001-01-01T00:00:00Z",
- "group": {
- "id": 2,
- "name": "nginx"
- },
- "user": {
- "id": 0,
- "name": "root"
- },
- "parent": {
- "entity_id": "fd38e52f-6377-43bd-90fc-051a8bc54f50",
- "pid": 1
- },
- "session_leader": {
- "entity_id": "fd38e52f-6377-43bd-90fc-051a8bc54f50",
- "pid": 1
- },
- "entry_leader": {
- "entity_id": "fd38e52f-6377-43bd-90fc-051a8bc54f50",
- "pid": 1
- }
- },
- "file": {
- "name": "nginx",
- "path": "/bin/nginx",
- "mode": "0640"
- },
- "container": {
- "id": "b781c8e5-8bf9-445e-aef2-25020af698df",
- "image.name": "nginx",
- "image.tag": [
- "latest"
- ]
- },
- "orchestrator": {
- "resource.name": "nginx-pod",
- "resource.type": "pod",
- "namespace": "default",
- "cluster.name": "my_cluster"
- },
- "cloud": {
- "provider": "gcp",
- "region": "us-east-1"
- }
-}
\ No newline at end of file
diff --git a/packages/cloud_defend/img/control-policy-general-view-screenshot.png b/packages/cloud_defend/img/control-policy-general-view-screenshot.png
new file mode 100644
index 00000000000..0c4d4a56378
Binary files /dev/null and b/packages/cloud_defend/img/control-policy-general-view-screenshot.png differ
diff --git a/packages/cloud_defend/img/control-policy-yaml-view-screenshot.png b/packages/cloud_defend/img/control-policy-yaml-view-screenshot.png
new file mode 100644
index 00000000000..92f90d3ba23
Binary files /dev/null and b/packages/cloud_defend/img/control-policy-yaml-view-screenshot.png differ
diff --git a/packages/cloud_defend/img/logo.svg b/packages/cloud_defend/img/logo.svg
new file mode 100644
index 00000000000..a0534292eb7
--- /dev/null
+++ b/packages/cloud_defend/img/logo.svg
@@ -0,0 +1,13 @@
+
diff --git a/packages/cloud_defend/img/sample-logo.svg b/packages/cloud_defend/img/sample-logo.svg
deleted file mode 100644
index 6268dd88f3b..00000000000
--- a/packages/cloud_defend/img/sample-logo.svg
+++ /dev/null
@@ -1 +0,0 @@
-
\ No newline at end of file
diff --git a/packages/cloud_defend/img/sample-screenshot.png b/packages/cloud_defend/img/sample-screenshot.png
deleted file mode 100644
index d7a56a3ecc0..00000000000
Binary files a/packages/cloud_defend/img/sample-screenshot.png and /dev/null differ
diff --git a/packages/cloud_defend/manifest.yml b/packages/cloud_defend/manifest.yml
index 2ea90623097..95ed2e9591f 100644
--- a/packages/cloud_defend/manifest.yml
+++ b/packages/cloud_defend/manifest.yml
@@ -1,7 +1,7 @@
-format_version: 2.0.0
+format_version: 2.3.0
name: cloud_defend
title: "Defend for Containers"
-version: 0.1.0
+version: 0.1.1
source:
license: "Elastic-2.0"
description: "Elastic Defend for Containers provides cloud-native runtime protections for containerized environments."
@@ -12,13 +12,17 @@ categories:
conditions:
kibana.version: "^8.7.0"
screenshots:
- - src: /img/sample-screenshot.png
- title: Sample screenshot
- size: 600x600
+ - src: /img/control-policy-general-view-screenshot.png
+ title: Control policy general view screenshot
+ size: 1699x1241
+ type: image/png
+ - src: /img/control-policy-yaml-view-screenshot.png
+ title: Control policy yaml editor screenshot
+ size: 1704x1179
type: image/png
icons:
- - src: /img/sample-logo.svg
- title: Sample logo
+ - src: /img/logo.svg
+ title: Defend for containers logo
size: 32x32
type: image/svg+xml
policy_templates: