[SCHEMA]: "elasticstack_fleet_*" resources

[tsouza]

Agent Policy

• https://github.com/elastic/kibana/blob/master/x-pack/plugins/fleet/server/routes/agent_policy/index.ts#L53

resource 'elasticstack_fleet_agent_policy' '<name>' {
	description		string
	namespace		string
	agent_monitoring {
		collect_logs	boolean
		collect_metrics boolean
	}
}

Enrollment Key

https://github.com/elastic/kibana/blob/master/x-pack/plugins/fleet/server/routes/enrollment_api_key/index.ts#L53

resource 'elasticstack_fleet_enrollment_key' '<name>' {
	policy_id	string
}

Integration

https://github.com/elastic/kibana/blob/master/x-pack/plugins/fleet/server/routes/package_policy/index.ts#L48

• Note: Integration resources needs to be defined on a per type basis. The following resource defines the fleet integration resource type namespace 'elasticstack_fleet_integration_*` as well as the generic set of fields

resource elasticstack_fleet_integration_<type>' '<name>' {
	policy_id	string
	description	string
	namespace	string
}

• Note: For now, we will stick with a couple of integrations: system, 'endpoint_security`

Integration: System

resource 'elasticstack_fleet_integration_system` '<name>' {
	logs {
		auth {
			paths	[]string
		}
		syslog {
			paths	[]string
		}
		windows {
			application	boolean
			security	boolean
			system 		boolean
		}
	}
	metrics {
		cpu {
			period	string
			metrics []string
		}
		diskio {
			period			string
			include_devices []string
		}
		filesystem {
			period			string
			processors []{
				# variable key/value pair - This is the processors chain definition as in a regular Beat, so we should be able to represent this is a JSON then serialize it as YAML string.
			}
		}
		fsstat {
			period			string
			processors []{
				# see filesystem.processors above
			}
		}
		load {
			period	string		
		}
		memory {
			period	string		
		}
		network {
			period	string		
		}
		process {
			period	string
			include_top_n {
				by_cpu		integer
				by_memory	integer
			}
			cmdline_cache		boolean
			cgroup_reporting	boolean
			env_whitelist		string
			include_cpu_ticks	boolean
			processes		[]string
		}
		process_summary {
			period	string		
		}
		socket_summary {
			period	string		
		}
		uptime {
			period	string		
		}
	}
}

Integration: Endpoint Security

resource 'elasticstack_fleet_integration_elastic_endpoint_security' '<name>' {
	protections {
		malware {
			level		string
			notify_user boolean
			custom_user_notification_message	string
		}
		ransomware {
			level		string
			notify_user boolean
			custom_user_notification_message	string
		}
	}
	settings {
		register_as_windows_antivirus	boolean
		event_collection []{
			target_operating_systems   []string
			events 			 		   []string
		}
		extended []{
			key		string
			value 	string
		}
	}
}

Rules:

• Under (malware|ransomware).level, the following values are supported: detect, prevent
• Under settings.event_collection.target_operating_systems, the following values are supported: mac, linux, windows
• Under settings.event_collectio.events, the following values are supported on a per target OS basis:
  • mac, linux and windows:
    • file
    • process
    • network
  • windows:
    • dll_and_driver_load
    • dns
    • registry
    • security