[eset_protect] Update grant type to password

packages/eset_protect/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.5.0"
+  changes:
+    - description: Update grant type to password.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/9600
 - version: "0.4.0"
   changes:
     - description: Lowercase related hash and indicator hash to support indicator rule matching. Fixed grok parse error when object_uri equals 'script'.

packages/eset_protect/data_stream/detection/agent/stream/cel.yml.hbs

@@ -15,8 +15,10 @@ resource.timeout: {{http_client_timeout}}
 {{/if}}
 resource.url: https://{{region}}.incident-management.eset.systems
 auth.oauth2:
-  client.id: {{username}}
-  client.secret: {{password}}
+  client.id: ' '
+  client.secret: ' '
+  user: {{username}}
+  password: {{password}}
   token_url: https://{{region}}.business-account.iam.eset.systems/oauth/token
 state:
   page_size: {{batch_size}}

packages/eset_protect/data_stream/detection/sample_event.json

@@ -1,8 +1,8 @@
 {
     "@timestamp": "2023-10-26T13:36:53.000Z",
     "agent": {
-        "ephemeral_id": "96cc7ee0-ede2-46a4-9b0e-4104dead04cc",
-        "id": "78166295-0693-4726-a27f-cd8722896c22",
+        "ephemeral_id": "2fa60320-4665-4a3f-b3df-598365a43967",
+        "id": "1dc8834b-079b-4e29-bc3c-6b8466a1ebb0",
         "name": "docker-fleet-agent",
         "type": "filebeat",
         "version": "8.12.0"
@@ -38,7 +38,7 @@
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "78166295-0693-4726-a27f-cd8722896c22",
+        "id": "1dc8834b-079b-4e29-bc3c-6b8466a1ebb0",
         "snapshot": false,
         "version": "8.12.0"
     },
@@ -75,7 +75,7 @@
             "intrusion_detection"
         ],
         "dataset": "eset_protect.detection",
-        "ingested": "2024-03-18T21:48:09Z",
+        "ingested": "2024-04-15T11:21:28Z",
         "kind": "alert",
         "original": "{\"category\":\"DETECTION_CATEGORY_NETWORK_INTRUSION\",\"context\":{\"circumstances\":\"Eicar\",\"deviceUuid\":\"xxx-xxxx-1234-5678-xxxxxxxxxxxx\",\"process\":{\"path\":\"C:\\\\Windows\\\\chrome.exe\"},\"userName\":\"testingpc\\\\example\"},\"networkCommunication\":{\"protocolName\":\"0\",\"remoteIpAddress\":\"89.160.20.112\",\"remotePort\":443},\"objectHashSha1\":\"AAF4C61DDCC5E8A2DABEDE0F3B4820123456789D\",\"objectTypeName\":\"File\",\"objectUrl\":\"C:\\\\Temp\\\\06516f11-xxxx-xxxx-xxxx-37da66b5de99_ccf7464ba6e2e12e984514f694bfb10d03de77358d8a3afd7a2ffed150ec1df8.zip.e99\\\\ccf7464ba6e2e12e984514f694bfb10d03de77358d8a3afd7a2ffed150ec1df8\",\"occurTime\":\"2023-10-26T13:36:53Z\",\"responses\":[{}],\"severityLevel\":\"SEVERITY_LEVEL_MEDIUM\",\"typeName\":\"TCP Port scanning attack\",\"uuid\":\"xxx-xxxx-xxxx-1234-xxxxxxxxxxxx\"}",
         "type": [

packages/eset_protect/data_stream/device_task/agent/stream/cel.yml.hbs

@@ -15,8 +15,10 @@ resource.timeout: {{http_client_timeout}}
 {{/if}}
 resource.url: https://{{region}}.automation.eset.systems
 auth.oauth2:
-  client.id: {{username}}
-  client.secret: {{password}}
+  client.id: ' '
+  client.secret: ' '
+  user: {{username}}
+  password: {{password}}
   token_url: https://{{region}}.business-account.iam.eset.systems/oauth/token
 state:
   page_size: {{batch_size}}

packages/eset_protect/data_stream/device_task/sample_event.json

@@ -1,11 +1,11 @@
 {
-    "@timestamp": "2024-03-27T16:00:29.582Z",
+    "@timestamp": "2024-04-15T11:22:08.404Z",
     "agent": {
-        "ephemeral_id": "c5a8ca66-614e-438e-b69a-9e12cb12aa7d",
-        "id": "e270d8a1-0a98-417c-a79f-840c446ad79a",
+        "ephemeral_id": "dab52f57-46fe-48e3-af04-bf877342afc1",
+        "id": "1dc8834b-079b-4e29-bc3c-6b8466a1ebb0",
         "name": "docker-fleet-agent",
         "type": "filebeat",
-        "version": "8.12.2"
+        "version": "8.12.0"
     },
     "data_stream": {
         "dataset": "eset_protect.device_task",
@@ -16,9 +16,9 @@
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "e270d8a1-0a98-417c-a79f-840c446ad79a",
+        "id": "1dc8834b-079b-4e29-bc3c-6b8466a1ebb0",
         "snapshot": false,
-        "version": "8.12.2"
+        "version": "8.12.0"
     },
     "eset_protect": {
         "device_task": {
@@ -58,7 +58,7 @@
         "action": "Shutdown computer",
         "agent_id_status": "verified",
         "dataset": "eset_protect.device_task",
-        "ingested": "2024-03-27T16:00:39Z",
+        "ingested": "2024-04-15T11:22:20Z",
         "kind": "event",
         "original": "{\"action\":{\"name\":\"Shutdown computer\",\"params\":{\"@type\":\"type.googleapis.com/Era.Common.DataDefinition.Task.ESS.OnDemandScan\",\"cleaningEnabled\":true,\"customProfileName\":\"DefaultProfile\",\"scanProfile\":\"InDepth\",\"scanTargets\":[\"eset://AllTargets\"]}},\"description\":\"Automatically created via context menu\",\"displayName\":\"Reboot Computer - via context menu\",\"targets\":{\"devicesUuids\":[\"0205321e-XXXX-XXXX-1234-feeb35010ea7\",\"0205321e-XXXX-XXXX-5678-feeb35010ea7\",\"0205321e-XXXX-1234-5678-feeb35010ea7\"]},\"triggers\":[{\"manual\":{\"expireTime\":\"2023-12-01T01:30:00Z\"}}],\"uuid\":\"c93070e0-XXXX-1234-5678-c48f0e5e0b7e\",\"versionId\":\"1511\"}",
         "type": [

packages/eset_protect/data_stream/event/sample_event.json

@@ -1,11 +1,11 @@
 {
     "@timestamp": "2021-06-21T03:56:20.000Z",
     "agent": {
-        "ephemeral_id": "c8765a56-3694-4bf7-aada-7f979a9581cd",
-        "id": "e270d8a1-0a98-417c-a79f-840c446ad79a",
+        "ephemeral_id": "19330aa8-237e-42d6-b133-dccabc20e01b",
+        "id": "1dc8834b-079b-4e29-bc3c-6b8466a1ebb0",
         "name": "docker-fleet-agent",
         "type": "filebeat",
-        "version": "8.12.2"
+        "version": "8.12.0"
     },
     "data_stream": {
         "dataset": "eset_protect.event",
@@ -37,9 +37,9 @@
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "e270d8a1-0a98-417c-a79f-840c446ad79a",
+        "id": "1dc8834b-079b-4e29-bc3c-6b8466a1ebb0",
         "snapshot": false,
-        "version": "8.12.2"
+        "version": "8.12.0"
     },
     "eset_protect": {
         "event": {
@@ -72,7 +72,7 @@
             "web"
         ],
         "dataset": "eset_protect.event",
-        "ingested": "2024-03-27T16:01:32Z",
+        "ingested": "2024-04-15T11:23:16Z",
         "kind": "alert",
         "original": "{\"event_type\":\"FilteredWebsites_Event\",\"ipv4\":\"192.168.30.30\",\"hostname\":\"win-test\",\"group_name\":\"All/Lost & found\",\"os_name\":\"Microsoft Windows 11 Pro\",\"group_description\":\"Lost & found static group\",\"source_uuid\":\"d9477661-8fa4-4144-b8d4-e37b983bcd69\",\"occured\":\"21-Jun-2021 03:56:20\",\"severity\":\"Warning\",\"event\":\"An attempt to connect to URL\",\"target_address\":\"89.160.20.128\",\"target_address_type\":\"IPv4\",\"scanner_id\":\"HTTP filter\",\"action_taken\":\"blocked\",\"object_uri\":\"https://test.com\",\"hash\":\"ABCDAA625E6961037B8904E113FD0C232A7D0EDC\",\"username\":\"WIN-TEST\\\\Administrator\",\"processname\":\"C:\\\\Program Files\\\\Web browser\\\\brwser.exe\",\"rule_id\":\"Blocked by PUA blacklist\"}",
         "type": [
@@ -98,7 +98,7 @@
     },
     "log": {
         "source": {
-            "address": "172.19.0.11:48112"
+            "address": "192.168.240.8:60590"
         },
         "syslog": {
             "appname": "ERAServer",

packages/eset_protect/docs/README.md

@@ -77,8 +77,8 @@ An example event for `detection` looks as following:
 {
     "@timestamp": "2023-10-26T13:36:53.000Z",
     "agent": {
-        "ephemeral_id": "96cc7ee0-ede2-46a4-9b0e-4104dead04cc",
-        "id": "78166295-0693-4726-a27f-cd8722896c22",
+        "ephemeral_id": "2fa60320-4665-4a3f-b3df-598365a43967",
+        "id": "1dc8834b-079b-4e29-bc3c-6b8466a1ebb0",
         "name": "docker-fleet-agent",
         "type": "filebeat",
         "version": "8.12.0"
@@ -114,7 +114,7 @@ An example event for `detection` looks as following:
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "78166295-0693-4726-a27f-cd8722896c22",
+        "id": "1dc8834b-079b-4e29-bc3c-6b8466a1ebb0",
         "snapshot": false,
         "version": "8.12.0"
     },
@@ -151,7 +151,7 @@ An example event for `detection` looks as following:
             "intrusion_detection"
         ],
         "dataset": "eset_protect.detection",
-        "ingested": "2024-03-18T21:48:09Z",
+        "ingested": "2024-04-15T11:21:28Z",
         "kind": "alert",
         "original": "{\"category\":\"DETECTION_CATEGORY_NETWORK_INTRUSION\",\"context\":{\"circumstances\":\"Eicar\",\"deviceUuid\":\"xxx-xxxx-1234-5678-xxxxxxxxxxxx\",\"process\":{\"path\":\"C:\\\\Windows\\\\chrome.exe\"},\"userName\":\"testingpc\\\\example\"},\"networkCommunication\":{\"protocolName\":\"0\",\"remoteIpAddress\":\"89.160.20.112\",\"remotePort\":443},\"objectHashSha1\":\"AAF4C61DDCC5E8A2DABEDE0F3B4820123456789D\",\"objectTypeName\":\"File\",\"objectUrl\":\"C:\\\\Temp\\\\06516f11-xxxx-xxxx-xxxx-37da66b5de99_ccf7464ba6e2e12e984514f694bfb10d03de77358d8a3afd7a2ffed150ec1df8.zip.e99\\\\ccf7464ba6e2e12e984514f694bfb10d03de77358d8a3afd7a2ffed150ec1df8\",\"occurTime\":\"2023-10-26T13:36:53Z\",\"responses\":[{}],\"severityLevel\":\"SEVERITY_LEVEL_MEDIUM\",\"typeName\":\"TCP Port scanning attack\",\"uuid\":\"xxx-xxxx-xxxx-1234-xxxxxxxxxxxx\"}",
         "type": [
@@ -265,13 +265,13 @@ An example event for `device_task` looks as following:
 
 ```json
 {
-    "@timestamp": "2024-03-27T16:00:29.582Z",
+    "@timestamp": "2024-04-15T11:22:08.404Z",
     "agent": {
-        "ephemeral_id": "c5a8ca66-614e-438e-b69a-9e12cb12aa7d",
-        "id": "e270d8a1-0a98-417c-a79f-840c446ad79a",
+        "ephemeral_id": "dab52f57-46fe-48e3-af04-bf877342afc1",
+        "id": "1dc8834b-079b-4e29-bc3c-6b8466a1ebb0",
         "name": "docker-fleet-agent",
         "type": "filebeat",
-        "version": "8.12.2"
+        "version": "8.12.0"
     },
     "data_stream": {
         "dataset": "eset_protect.device_task",
@@ -282,9 +282,9 @@ An example event for `device_task` looks as following:
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "e270d8a1-0a98-417c-a79f-840c446ad79a",
+        "id": "1dc8834b-079b-4e29-bc3c-6b8466a1ebb0",
         "snapshot": false,
-        "version": "8.12.2"
+        "version": "8.12.0"
     },
     "eset_protect": {
         "device_task": {
@@ -324,7 +324,7 @@ An example event for `device_task` looks as following:
         "action": "Shutdown computer",
         "agent_id_status": "verified",
         "dataset": "eset_protect.device_task",
-        "ingested": "2024-03-27T16:00:39Z",
+        "ingested": "2024-04-15T11:22:20Z",
         "kind": "event",
         "original": "{\"action\":{\"name\":\"Shutdown computer\",\"params\":{\"@type\":\"type.googleapis.com/Era.Common.DataDefinition.Task.ESS.OnDemandScan\",\"cleaningEnabled\":true,\"customProfileName\":\"DefaultProfile\",\"scanProfile\":\"InDepth\",\"scanTargets\":[\"eset://AllTargets\"]}},\"description\":\"Automatically created via context menu\",\"displayName\":\"Reboot Computer - via context menu\",\"targets\":{\"devicesUuids\":[\"0205321e-XXXX-XXXX-1234-feeb35010ea7\",\"0205321e-XXXX-XXXX-5678-feeb35010ea7\",\"0205321e-XXXX-1234-5678-feeb35010ea7\"]},\"triggers\":[{\"manual\":{\"expireTime\":\"2023-12-01T01:30:00Z\"}}],\"uuid\":\"c93070e0-XXXX-1234-5678-c48f0e5e0b7e\",\"versionId\":\"1511\"}",
         "type": [
@@ -401,11 +401,11 @@ An example event for `event` looks as following:
 {
     "@timestamp": "2021-06-21T03:56:20.000Z",
     "agent": {
-        "ephemeral_id": "c8765a56-3694-4bf7-aada-7f979a9581cd",
-        "id": "e270d8a1-0a98-417c-a79f-840c446ad79a",
+        "ephemeral_id": "19330aa8-237e-42d6-b133-dccabc20e01b",
+        "id": "1dc8834b-079b-4e29-bc3c-6b8466a1ebb0",
         "name": "docker-fleet-agent",
         "type": "filebeat",
-        "version": "8.12.2"
+        "version": "8.12.0"
     },
     "data_stream": {
         "dataset": "eset_protect.event",
@@ -437,9 +437,9 @@ An example event for `event` looks as following:
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "e270d8a1-0a98-417c-a79f-840c446ad79a",
+        "id": "1dc8834b-079b-4e29-bc3c-6b8466a1ebb0",
         "snapshot": false,
-        "version": "8.12.2"
+        "version": "8.12.0"
     },
     "eset_protect": {
         "event": {
@@ -472,7 +472,7 @@ An example event for `event` looks as following:
             "web"
         ],
         "dataset": "eset_protect.event",
-        "ingested": "2024-03-27T16:01:32Z",
+        "ingested": "2024-04-15T11:23:16Z",
         "kind": "alert",
         "original": "{\"event_type\":\"FilteredWebsites_Event\",\"ipv4\":\"192.168.30.30\",\"hostname\":\"win-test\",\"group_name\":\"All/Lost & found\",\"os_name\":\"Microsoft Windows 11 Pro\",\"group_description\":\"Lost & found static group\",\"source_uuid\":\"d9477661-8fa4-4144-b8d4-e37b983bcd69\",\"occured\":\"21-Jun-2021 03:56:20\",\"severity\":\"Warning\",\"event\":\"An attempt to connect to URL\",\"target_address\":\"89.160.20.128\",\"target_address_type\":\"IPv4\",\"scanner_id\":\"HTTP filter\",\"action_taken\":\"blocked\",\"object_uri\":\"https://test.com\",\"hash\":\"ABCDAA625E6961037B8904E113FD0C232A7D0EDC\",\"username\":\"WIN-TEST\\\\Administrator\",\"processname\":\"C:\\\\Program Files\\\\Web browser\\\\brwser.exe\",\"rule_id\":\"Blocked by PUA blacklist\"}",
         "type": [
@@ -498,7 +498,7 @@ An example event for `event` looks as following:
     },
     "log": {
         "source": {
-            "address": "172.19.0.11:48112"
+            "address": "192.168.240.8:60590"
         },
         "syslog": {
             "appname": "ERAServer",

packages/eset_protect/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 3.0.3
 name: eset_protect
 title: ESET PROTECT
-version: 0.4.0
+version: 0.5.0
 description: Collect logs from ESET PROTECT with Elastic Agent.
 type: integration
 categories: