Trellix ePO 云
编辑Trellix ePO 云
编辑概述
编辑Trellix ePO 云 集成允许用户监控设备、事件和组。Trellix ePolicy Orchestrator 是一个集中式安全管理平台,用于协调和管理所有端点。
使用 Trellix ePO 集成来收集和解析来自 ePO 云的数据。此集成不支持 ePO 的本地安装。然后可视化来自 Trellix 的数据,以在 Elastic Security 中通过搜索、关联和可视化来识别威胁。
数据流
编辑Trellix ePO 云集成收集三种类型的数据:设备、事件和组。
设备 获取所有设备。
事件 获取所有事件。
组 获取所有组。
Trellix ePO 云的 Rest API 参考。
要求
编辑必须安装 Elastic Agent。有关更多信息,请参阅此处的链接。
所需的最低 kibana.version 为 8.7.1。
此模块已针对 Trellix ePO Cloud API 版本 v2 进行了测试。
设置
编辑要从 Trellix ePO Cloud REST API 收集数据,请按照以下步骤操作
编辑- 转到Trellix 开发者门户,并通过输入电子邮件地址和密码登录。
- 转到 自助服务 → API 访问管理。
- 输入 客户端类型。
-
选择如下所示的 IAM 范围
API 方法类型 设备
GET
事件
GET
组
GET
- 单击 请求。
- 复制 客户端 ID、客户端密钥 和 API 密钥。
- 转到 Kibana 并选择 集成 → Trellix ePO 云。
- 单击 添加 Trellix ePO 云。
- 提供从 Trellix 复制的 客户端 ID、客户端密钥 和 API 密钥。
注意
- 通过此 API 可用的事件数据保留期为 3 天。
日志参考
编辑设备
编辑这是 Device 数据集。
示例
以下是 device 的示例事件
{
"@timestamp": "2023-05-04T11:10:21.063Z",
"agent": {
"ephemeral_id": "4805b569-e5ef-4c14-a54b-ef2dfe988fa7",
"id": "09aeef39-f21d-41e4-b3a6-c1551488d075",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "8.7.1"
},
"data_stream": {
"dataset": "trellix_epo_cloud.device",
"namespace": "ep",
"type": "logs"
},
"ecs": {
"version": "8.11.0"
},
"elastic_agent": {
"id": "09aeef39-f21d-41e4-b3a6-c1551488d075",
"snapshot": true,
"version": "8.7.1"
},
"event": {
"agent_id_status": "verified",
"category": [
"host"
],
"dataset": "trellix_epo_cloud.device",
"ingested": "2023-05-04T11:10:25Z",
"kind": "event",
"original": "{\"attributes\":{\"agentGuid\":\"3AF594B1-00A0-AA00-87C6-005056833A00\",\"agentPlatform\":\"LINUX\",\"agentState\":0,\"agentVersion\":\"5.7.9.139\",\"computerName\":\"localhost\",\"cpuSpeed\":2100,\"cpuType\":\"Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz\",\"domainName\":\"(none)\",\"excludedTags\":\"\",\"ipAddress\":\"1.128.0.0\",\"ipHostName\":\"localhost\",\"isPortable\":\"non-portable\",\"lastUpdate\":\"2023-04-17T07:38:35.563+00:00\",\"macAddress\":\"00005E005300\",\"managed\":\"1\",\"managedState\":1,\"name\":\"localhost\",\"nodeCreatedDate\":\"2023-03-29T12:06:05.877+00:00\",\"nodePath\":null,\"numOfCpu\":4,\"osBuildNumber\":0,\"osPlatform\":\"Server\",\"osType\":\"Linux\",\"osVersion\":\"3.10\",\"parentId\":123456,\"subnetAddress\":\"\",\"systemBootTime\":\"2023-03-24T16:54:27.000+00:00\",\"systemManufacturer\":\"VMware, Inc.\",\"systemModel\":\"VMware Virtual Platform\",\"systemRebootPending\":0,\"systemSerialNumber\":\"VMware-12 02 1a a1 1c 31 9c eb-0e a6 00 41 54 14 91 f5\",\"tags\":\"Deployment 2, Deployment, Server\",\"tenantId\":12345,\"totalPhysicalMemory\":12409634816,\"userName\":\"N/A\"},\"id\":\"123456\",\"links\":{\"self\":\"https://api.manage.trellix.com/epo/v2/devices/123456\"},\"relationships\":{\"installedProducts\":{\"links\":{\"related\":\"https://api.manage.trellix.com/epo/v2/devices/123456/installedProducts\",\"self\":\"https://api.manage.trellix.com/epo/v2/devices/123456/relationships/installedProducts\"}}},\"type\":\"devices\"}",
"reference": "https://api.manage.trellix.com/epo/v2/devices/123456",
"type": [
"info"
]
},
"host": {
"id": "123456",
"ip": [
"1.128.0.0"
],
"mac": [
"00-00-5E-00-53-00"
],
"name": "localhost",
"os": {
"platform": "Server",
"type": "linux",
"version": "3.10"
}
},
"input": {
"type": "cel"
},
"observer": {
"serial_number": "VMware-12 02 1a a1 1c 31 9c eb-0e a6 00 41 54 14 91 f5"
},
"related": {
"hosts": [
"123456",
"localhost"
],
"ip": [
"1.128.0.0"
]
},
"tags": [
"preserve_original_event",
"preserve_duplicate_custom_fields",
"forwarded",
"trellix_epo_cloud-device"
],
"trellix_epo_cloud": {
"device": {
"attributes": {
"agent": {
"guid": "3AF594B1-00A0-AA00-87C6-005056833A00",
"platform": "LINUX",
"state": false,
"version": "5.7.9.139"
},
"computer_name": "localhost",
"cpu": {
"speed": 2100,
"type": "Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz"
},
"domain_name": "(none)",
"ip_address": "1.128.0.0",
"ip_host_name": "localhost",
"is_portable": "non-portable",
"last_update": "2023-04-17T07:38:35.563Z",
"mac_address": "00-00-5E-00-53-00",
"managed": "1",
"managed_state": false,
"name": "localhost",
"node": {
"created_date": "2023-03-29T12:06:05.877Z"
},
"num_of_cpu": 4,
"os": {
"build_number": 0,
"platform": "Server",
"type": "Linux",
"version": "3.10"
},
"parent": {
"id": "123456"
},
"system": {
"boot_time": "2023-03-24T16:54:27.000Z",
"manufacturer": "VMware, Inc.",
"model": "VMware Virtual Platform",
"reboot_pending": false,
"serial_number": "VMware-12 02 1a a1 1c 31 9c eb-0e a6 00 41 54 14 91 f5"
},
"tags": [
"Deployment 2",
"Deployment",
"Server"
],
"tenant": {
"id": "12345"
},
"total_physical_memory": 12409634816,
"user_name": "N/A"
},
"id": "123456",
"links": {
"self": "https://api.manage.trellix.com/epo/v2/devices/123456"
},
"relationships": {
"installed_products": {
"links": {
"related": "https://api.manage.trellix.com/epo/v2/devices/123456/installedProducts",
"self": "https://api.manage.trellix.com/epo/v2/devices/123456/relationships/installedProducts"
}
}
}
},
"type": "devices"
}
}
导出的字段
| 字段 | 描述 | 类型 |
|---|---|---|
@timestamp |
事件时间戳。 |
date |
data_stream.dataset |
数据流数据集。 |
constant_keyword |
data_stream.namespace |
数据流命名空间。 |
constant_keyword |
data_stream.type |
数据流类型。 |
constant_keyword |
event.dataset |
事件数据集。 |
constant_keyword |
event.module |
事件模块。 |
constant_keyword |
input.type |
Filebeat 输入的类型。 |
keyword |
log.offset |
日志偏移量。 |
long |
trellix_epo_cloud.device.attributes.agent.guid |
keyword |
|
trellix_epo_cloud.device.attributes.agent.platform |
keyword |
|
trellix_epo_cloud.device.attributes.agent.state |
boolean |
|
trellix_epo_cloud.device.attributes.agent.version |
keyword |
|
trellix_epo_cloud.device.attributes.computer_name |
keyword |
|
trellix_epo_cloud.device.attributes.cpu.speed |
long |
|
trellix_epo_cloud.device.attributes.cpu.type |
keyword |
|
trellix_epo_cloud.device.attributes.domain_name |
keyword |
|
trellix_epo_cloud.device.attributes.excluded_tags |
keyword |
|
trellix_epo_cloud.device.attributes.ip_address |
ip |
|
trellix_epo_cloud.device.attributes.ip_host_name |
keyword |
|
trellix_epo_cloud.device.attributes.is_portable |
keyword |
|
trellix_epo_cloud.device.attributes.last_update |
date |
|
trellix_epo_cloud.device.attributes.mac_address |
keyword |
|
trellix_epo_cloud.device.attributes.managed |
keyword |
|
trellix_epo_cloud.device.attributes.managed_state |
boolean |
|
trellix_epo_cloud.device.attributes.name |
keyword |
|
trellix_epo_cloud.device.attributes.node.created_date |
date |
|
trellix_epo_cloud.device.attributes.node.path |
keyword |
|
trellix_epo_cloud.device.attributes.num_of_cpu |
long |
|
trellix_epo_cloud.device.attributes.os.build_number |
long |
|
trellix_epo_cloud.device.attributes.os.platform |
keyword |
|
trellix_epo_cloud.device.attributes.os.type |
keyword |
|
trellix_epo_cloud.device.attributes.os.version |
keyword |
|
trellix_epo_cloud.device.attributes.parent.id |
keyword |
|
trellix_epo_cloud.device.attributes.subnet_address |
keyword |
|
trellix_epo_cloud.device.attributes.system.boot_time |
date |
|
trellix_epo_cloud.device.attributes.system.manufacturer |
keyword |
|
trellix_epo_cloud.device.attributes.system.model |
keyword |
|
trellix_epo_cloud.device.attributes.system.reboot_pending |
boolean |
|
trellix_epo_cloud.device.attributes.system.serial_number |
keyword |
|
trellix_epo_cloud.device.attributes.tags |
keyword |
|
trellix_epo_cloud.device.attributes.tenant.id |
keyword |
|
trellix_epo_cloud.device.attributes.total_physical_memory |
long |
|
trellix_epo_cloud.device.attributes.user_name |
keyword |
|
trellix_epo_cloud.device.id |
keyword |
|
trellix_epo_cloud.device.links.self |
keyword |
|
trellix_epo_cloud.device.relationships.devices.data.id |
keyword |
|
trellix_epo_cloud.device.relationships.devices.data.type |
keyword |
|
trellix_epo_cloud.device.relationships.devices.links.related |
keyword |
|
trellix_epo_cloud.device.relationships.devices.links.self |
keyword |
|
trellix_epo_cloud.device.relationships.installed_products.links.related |
keyword |
|
trellix_epo_cloud.device.relationships.installed_products.links.self |
keyword |
|
trellix_epo_cloud.type |
keyword |
事件
编辑这是 Event 数据集。
示例
以下是 event 的示例事件
{
"@timestamp": "2023-04-06T23:36:14.041Z",
"agent": {
"ephemeral_id": "7dd32c2b-4f80-4ff8-9dd6-873cbbf02295",
"id": "09aeef39-f21d-41e4-b3a6-c1551488d075",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "8.7.1"
},
"data_stream": {
"dataset": "trellix_epo_cloud.event",
"namespace": "ep",
"type": "logs"
},
"destination": {
"ip": [
"89.160.20.115",
"2a02:cf40::3"
],
"mac": "00-00-5E-00-53-00",
"user": {
"name": "root"
}
},
"ecs": {
"version": "8.11.0"
},
"elastic_agent": {
"id": "09aeef39-f21d-41e4-b3a6-c1551488d075",
"snapshot": true,
"version": "8.7.1"
},
"event": {
"agent_id_status": "verified",
"category": [
"threat"
],
"dataset": "trellix_epo_cloud.event",
"id": "0102be3a-41db-448c-9a68-bce7c480d443",
"ingested": "2023-05-04T11:11:36Z",
"kind": "alert",
"original": "{\"attributes\":{\"agentguid\":\"8630b925-cbd2-ed11-1234-abcdefghijklmn\",\"analyzer\":\"ENDP_AM_1070LYNX\",\"analyzerdatversion\":\"5298.0\",\"analyzerdetectionmethod\":\"quick scan\",\"analyzerengineversion\":\"6600.9927\",\"analyzerhostname\":\"ub20\",\"analyzeripv4\":\"81.2.69.142\",\"analyzeripv6\":\"/2a02:cf40::1\",\"analyzermac\":\"00005E005300\",\"analyzername\":\"Trellix Endpoint Security\",\"analyzerversion\":\"10.7.14.38\",\"autoguid\":\"9fcf439b-82d7-425c-1234-abcdefghijklmn\",\"detectedutc\":\"1680823939000\",\"nodepath\":\"1\\\\\854691\\\\\901751\",\"receivedutc\":\"1680824174041\",\"sourcefilepath\":null,\"sourcehostname\":null,\"sourceipv4\":\"89.160.20.112\",\"sourceipv6\":\"/2a02:cf40::2\",\"sourcemac\":\"00005E005300\",\"sourceprocesshash\":null,\"sourceprocessname\":null,\"sourceprocesssigned\":null,\"sourceprocesssigner\":null,\"sourceurl\":\"https://example.com\",\"sourceusername\":null,\"targetfilename\":\"/var/log/secure\",\"targethash\":null,\"targethostname\":null,\"targetipv4\":\"89.160.20.115\",\"targetipv6\":\"/2a02:cf40::3\",\"targetmac\":\"00005E005300\",\"targetport\":null,\"targetprocessname\":\"/usr/sbin/logrotate\",\"targetprotocol\":null,\"targetusername\":\"root\",\"threatactiontaken\":\"IDS_ALERT_ACT_TAK_DEN\",\"threatcategory\":\"ops.update.end\",\"threateventid\":1119,\"threathandled\":true,\"threatname\":\"None\",\"threatseverity\":\"6\",\"threattype\":\"IDS_ALERT_DET_TYP_NOT\",\"timestamp\":\"2023-04-06T23:36:14.041Z\"},\"id\":\"0102be3a-41db-448c-9a68-bce7c480d443\",\"links\":{\"self\":\"/epo/v2/events/0102be3a-41db-448c-9a68-bce7c480d443\"},\"type\":\"MVEvents\"}",
"reference": "/epo/v2/events/0102be3a-41db-448c-9a68-bce7c480d443",
"severity": 6,
"type": [
"indicator"
]
},
"file": {
"name": "/var/log/secure"
},
"input": {
"type": "cel"
},
"related": {
"hosts": [
"https://example.com",
"ub20"
],
"ip": [
"89.160.20.115",
"2a02:cf40::3",
"89.160.20.112",
"2a02:cf40::2",
"81.2.69.142",
"2a02:cf40::1"
],
"user": [
"root"
]
},
"source": {
"address": "https://example.com",
"domain": "https://example.com",
"ip": [
"89.160.20.112",
"2a02:cf40::2"
],
"mac": "00-00-5E-00-53-00",
"registered_domain": "https://example.com",
"top_level_domain": "com"
},
"tags": [
"preserve_original_event",
"preserve_duplicate_custom_fields",
"forwarded",
"trellix_epo_cloud-event"
],
"threat": {
"indicator": {
"description": "IDS_ALERT_ACT_TAK_DEN"
}
},
"trellix_epo_cloud": {
"event": {
"attributes": {
"agent": {
"guid": "8630b925-cbd2-ed11-1234-abcdefghijklmn"
},
"analyzer": {
"dat_version": "5298.0",
"detection_method": "quick scan",
"engine_version": "6600.9927",
"hostname": "ub20",
"ipv4": "81.2.69.142",
"ipv6": "2a02:cf40::1",
"mac": "00-00-5E-00-53-00",
"name": "Trellix Endpoint Security",
"value": "ENDP_AM_1070LYNX",
"version": "10.7.14.38"
},
"auto_guid": "9fcf439b-82d7-425c-1234-abcdefghijklmn",
"detected_utc": "2023-04-06T23:32:19.000Z",
"node": {
"path": "1\\854691\\901751"
},
"received_utc": "2023-04-06T23:36:14.041Z",
"source": {
"ipv4": "89.160.20.112",
"ipv6": "2a02:cf40::2",
"mac": "00-00-5E-00-53-00",
"url": "https://example.com"
},
"target": {
"file_name": "/var/log/secure",
"ipv4": "89.160.20.115",
"ipv6": "2a02:cf40::3",
"mac": "00-00-5E-00-53-00",
"process_name": "/usr/sbin/logrotate",
"user_name": "root"
},
"threat": {
"action_taken": "IDS_ALERT_ACT_TAK_DEN",
"category": "ops.update.end",
"event": {
"id": "1119"
},
"handled": true,
"name": "None",
"severity": 6,
"type": "IDS_ALERT_DET_TYP_NOT"
},
"timestamp": "2023-04-06T23:36:14.041Z"
},
"id": "0102be3a-41db-448c-9a68-bce7c480d443",
"links": {
"self": "/epo/v2/events/0102be3a-41db-448c-9a68-bce7c480d443"
}
},
"type": "MVEvents"
}
}
导出的字段
| 字段 | 描述 | 类型 |
|---|---|---|
@timestamp |
事件时间戳。 |
date |
data_stream.dataset |
数据流数据集。 |
constant_keyword |
data_stream.namespace |
数据流命名空间。 |
constant_keyword |
data_stream.type |
数据流类型。 |
constant_keyword |
event.dataset |
事件数据集。 |
constant_keyword |
event.module |
事件模块。 |
constant_keyword |
input.type |
Filebeat 输入的类型。 |
keyword |
log.offset |
日志偏移量。 |
long |
trellix_epo_cloud.event.attributes.agent.guid |
keyword |
|
trellix_epo_cloud.event.attributes.analyzer.dat_version |
keyword |
|
trellix_epo_cloud.event.attributes.analyzer.detection_method |
keyword |
|
trellix_epo_cloud.event.attributes.analyzer.domain |
keyword |
|
trellix_epo_cloud.event.attributes.analyzer.engine_version |
keyword |
|
trellix_epo_cloud.event.attributes.analyzer.hostname |
keyword |
|
trellix_epo_cloud.event.attributes.analyzer.ipv4 |
ip |
|
trellix_epo_cloud.event.attributes.analyzer.ipv6 |
ip |
|
trellix_epo_cloud.event.attributes.analyzer.mac |
keyword |
|
trellix_epo_cloud.event.attributes.analyzer.name |
keyword |
|
trellix_epo_cloud.event.attributes.analyzer.registered_domain |
keyword |
|
trellix_epo_cloud.event.attributes.analyzer.subdomain |
keyword |
|
trellix_epo_cloud.event.attributes.analyzer.top_level_domain |
keyword |
|
trellix_epo_cloud.event.attributes.analyzer.value |
keyword |
|
trellix_epo_cloud.event.attributes.analyzer.version |
keyword |
|
trellix_epo_cloud.event.attributes.auto_guid |
keyword |
|
trellix_epo_cloud.event.attributes.detected_utc |
date |
|
trellix_epo_cloud.event.attributes.node.path |
keyword |
|
trellix_epo_cloud.event.attributes.received_utc |
date |
|
trellix_epo_cloud.event.attributes.source.file_path |
keyword |
|
trellix_epo_cloud.event.attributes.source.hostname |
keyword |
|
trellix_epo_cloud.event.attributes.source.ipv4 |
ip |
|
trellix_epo_cloud.event.attributes.source.ipv6 |
ip |
|
trellix_epo_cloud.event.attributes.source.mac |
keyword |
|
trellix_epo_cloud.event.attributes.source.process.hash |
keyword |
|
trellix_epo_cloud.event.attributes.source.process.name |
keyword |
|
trellix_epo_cloud.event.attributes.source.process.signed |
keyword |
|
trellix_epo_cloud.event.attributes.source.process.signer |
keyword |
|
trellix_epo_cloud.event.attributes.source.url |
keyword |
|
trellix_epo_cloud.event.attributes.source.user_name |
keyword |
|
trellix_epo_cloud.event.attributes.target.file_name |
keyword |
|
trellix_epo_cloud.event.attributes.target.hash |
keyword |
|
trellix_epo_cloud.event.attributes.target.hostname |
keyword |
|
trellix_epo_cloud.event.attributes.target.ipv4 |
ip |
|
trellix_epo_cloud.event.attributes.target.ipv6 |
ip |
|
trellix_epo_cloud.event.attributes.target.mac |
keyword |
|
trellix_epo_cloud.event.attributes.target.port |
long |
|
trellix_epo_cloud.event.attributes.target.process_name |
keyword |
|
trellix_epo_cloud.event.attributes.target.protocol |
keyword |
|
trellix_epo_cloud.event.attributes.target.user_name |
keyword |
|
trellix_epo_cloud.event.attributes.threat.action_taken |
keyword |
|
trellix_epo_cloud.event.attributes.threat.category |
keyword |
|
trellix_epo_cloud.event.attributes.threat.event.id |
keyword |
|
trellix_epo_cloud.event.attributes.threat.handled |
boolean |
|
trellix_epo_cloud.event.attributes.threat.name |
keyword |
|
trellix_epo_cloud.event.attributes.threat.severity |
long |
|
trellix_epo_cloud.event.attributes.threat.type |
keyword |
|
trellix_epo_cloud.event.attributes.timestamp |
date |
|
trellix_epo_cloud.event.id |
keyword |
|
trellix_epo_cloud.event.links.self |
keyword |
|
trellix_epo_cloud.type |
keyword |
组
编辑这是 Group 数据集。
示例
以下是 group 的示例事件
{
"@timestamp": "2023-05-04T11:12:41.040Z",
"agent": {
"ephemeral_id": "5b5537a7-dc4b-40b1-b9a2-c7d322502909",
"id": "09aeef39-f21d-41e4-b3a6-c1551488d075",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "8.7.1"
},
"data_stream": {
"dataset": "trellix_epo_cloud.group",
"namespace": "ep",
"type": "logs"
},
"ecs": {
"version": "8.11.0"
},
"elastic_agent": {
"id": "09aeef39-f21d-41e4-b3a6-c1551488d075",
"snapshot": true,
"version": "8.7.1"
},
"event": {
"agent_id_status": "verified",
"category": [
"iam"
],
"dataset": "trellix_epo_cloud.group",
"ingested": "2023-05-04T11:12:44Z",
"kind": "event",
"original": "{\"attributes\":{\"groupTypeId\":7,\"l1ParentId\":null,\"l2ParentId\":null,\"name\":\"GlobalRoot\",\"nodePath\":\"1\",\"nodeTextPath\":\"GlobalRoot\",\"nodeTextPath2\":\"\\\\\\",\"notes\":null,\"parentId\":0},\"id\":\"1\",\"links\":{\"self\":\"https://api.manage.trellix.com/epo/v2/groups/1\"},\"relationships\":{\"subGroups\":{\"links\":{\"related\":\"https://api.manage.trellix.com/epo/v2/groups/1/subGroups\",\"self\":\"https://api.manage.trellix.com/epo/v2/groups/1/relationships/subGroups\"}}},\"type\":\"groups\"}",
"reference": "https://api.manage.trellix.com/epo/v2/groups/1",
"type": [
"group"
]
},
"group": {
"id": "1",
"name": "GlobalRoot"
},
"input": {
"type": "cel"
},
"tags": [
"preserve_original_event",
"preserve_duplicate_custom_fields",
"forwarded",
"trellix_epo_cloud-group"
],
"trellix_epo_cloud": {
"group": {
"attributes": {
"group_type": {
"id": "7"
},
"name": "GlobalRoot",
"node": {
"path": "1",
"text_path": "GlobalRoot",
"text_path2": "\\"
},
"parent": {
"id": "0"
}
},
"id": "1",
"links": {
"self": "https://api.manage.trellix.com/epo/v2/groups/1"
},
"relationships": {
"sub_groups": {
"links": {
"related": "https://api.manage.trellix.com/epo/v2/groups/1/subGroups",
"self": "https://api.manage.trellix.com/epo/v2/groups/1/relationships/subGroups"
}
}
}
},
"type": "groups"
}
}
导出的字段
| 字段 | 描述 | 类型 |
|---|---|---|
@timestamp |
事件时间戳。 |
date |
data_stream.dataset |
数据流数据集。 |
constant_keyword |
data_stream.namespace |
数据流命名空间。 |
constant_keyword |
data_stream.type |
数据流类型。 |
constant_keyword |
event.dataset |
事件数据集。 |
constant_keyword |
event.module |
事件模块。 |
constant_keyword |
input.type |
Filebeat 输入的类型。 |
keyword |
log.offset |
日志偏移量。 |
long |
trellix_epo_cloud.group.attributes.group_type.id |
keyword |
|
trellix_epo_cloud.group.attributes.l1_parent.id |
keyword |
|
trellix_epo_cloud.group.attributes.l2_parent.id |
keyword |
|
trellix_epo_cloud.group.attributes.name |
keyword |
|
trellix_epo_cloud.group.attributes.node.path |
keyword |
|
trellix_epo_cloud.group.attributes.node.text_path |
keyword |
|
trellix_epo_cloud.group.attributes.node.text_path2 |
keyword |
|
trellix_epo_cloud.group.attributes.notes |
keyword |
|
trellix_epo_cloud.group.attributes.parent.id |
keyword |
|
trellix_epo_cloud.group.id |
keyword |
|
trellix_epo_cloud.group.links.self |
keyword |
|
trellix_epo_cloud.group.relationships.groups.data.id |
keyword |
|
trellix_epo_cloud.group.relationships.groups.data.type |
keyword |
|
trellix_epo_cloud.group.relationships.groups.links.related |
keyword |
|
trellix_epo_cloud.group.relationships.groups.links.self |
keyword |
|
trellix_epo_cloud.group.relationships.sub_groups.links.related |
keyword |
|
trellix_epo_cloud.group.relationships.sub_groups.links.self |
keyword |
|
trellix_epo_cloud.type |
keyword |
变更日志
编辑变更日志
| 版本 | 详细信息 | Kibana 版本 |
|---|---|---|
1.13.0 |
增强 (查看拉取请求) |
8.13.0 或更高版本 |
1.12.0 |
增强 (查看拉取请求) |
8.13.0 或更高版本 |
1.11.0 |
增强 (查看拉取请求) |
8.13.0 或更高版本 |
1.10.0 |
增强 (查看拉取请求) |
8.12.0 或更高版本 |
1.9.1 |
增强 (查看拉取请求) |
8.7.1 或更高版本 |
1.9.0 |
增强 (查看拉取请求) |
8.7.1 或更高版本 |
1.8.0 |
增强 (查看拉取请求) |
8.7.1 或更高版本 |
1.7.0 |
增强 (查看拉取请求) |
8.7.1 或更高版本 |
1.6.0 |
增强 (查看拉取请求) |
8.7.1 或更高版本 |
1.5.0 |
增强功能 (查看拉取请求) |
8.7.1 或更高版本 |
1.4.0 |
增强功能 (查看拉取请求) |
8.7.1 或更高版本 |
1.3.0 |
增强功能 (查看拉取请求) |
8.7.1 或更高版本 |
1.2.0 |
增强功能 (查看拉取请求) |
8.7.1 或更高版本 |
1.1.0 |
增强功能 (查看拉取请求) |
8.7.1 或更高版本 |
1.0.2 |
错误修复 (查看拉取请求) |
8.7.1 或更高版本 |
1.0.1 |
错误修复 (查看拉取请求) |
8.7.1 或更高版本 |
1.0.0 |
增强功能 (查看拉取请求) |
8.7.1 或更高版本 |
0.2.0 |
增强功能 (查看拉取请求) |
— |
0.1.1 |
错误修复 (查看拉取请求) |
— |
0.1.0 |
增强功能 (查看拉取请求) |
— |