系统软件包数据集

编辑

这是系统模块的 package 数据集。

它针对使用 dpkg 或 rpm 作为软件包管理器的 Linux 发行版以及 macOS (Darwin) 上的 Homebrew 进行了实现。

示例仪表板

编辑

该数据集附带一个示例仪表板

Auditbeat System Package Dashboard

字段

编辑

有关数据集中每个字段的描述,请参阅导出的字段部分。

以下是由此数据集生成的示例文档

{
    "@timestamp": "2017-10-12T08:05:34.853Z",
    "event": {
        "action": "existing_package",
        "category": [
            "package"
        ],
        "dataset": "package",
        "id": "6bed65c5-9797-4fb7-9ec7-2d1873c54371",
        "kind": "state",
        "module": "system",
        "type": [
            "info"
        ]
    },
    "message": "Package zstd (1.5.4) is already installed",
    "package": {
        "description": "Zstandard is a real-time compression algorithm",
        "installed": "2023-02-15T20:40:24.390086982-05:00",
        "name": "zstd",
        "reference": "https://facebook.github.io/zstd/",
        "type": "brew",
        "version": "1.5.4"
    },
    "service": {
        "type": "system"
    },
    "system": {
        "audit": {
            "package": {
                "entity_id": "SxYD3ZMh/Ym0lBIk",
                "installtime": "2023-02-15T20:40:24.390086982-05:00",
                "name": "zstd",
                "summary": "Zstandard is a real-time compression algorithm",
                "url": "https://facebook.github.io/zstd/",
                "version": "1.5.4"
            }
        }
    }
}