id: b5a60d60-ebb1-11ec-816c-e300c95fdbc7 revision: 23 outputs: default: type: elasticsearch hosts: - >- https://REDACTED.europe-west1.gcp.cloud.es.io:443 output_permissions: default: _elastic_agent_monitoring: indices: - names: - logs-elastic_agent.cloudbeat-default privileges: &ref_0 - auto_configure - create_doc - names: - metrics-elastic_agent.cloudbeat-default privileges: *ref_0 - names: - metrics-elastic_agent.elastic_agent-default privileges: *ref_0 - names: - logs-elastic_agent.filebeat-default privileges: *ref_0 - names: - logs-elastic_agent.apm_server-default privileges: *ref_0 - names: - metrics-elastic_agent.filebeat-default privileges: *ref_0 - names: - metrics-elastic_agent.apm_server-default privileges: *ref_0 - names: - metrics-elastic_agent.endpoint_security-default privileges: *ref_0 - names: - logs-elastic_agent.auditbeat-default privileges: *ref_0 - names: - logs-elastic_agent-default privileges: *ref_0 - names: - logs-elastic_agent.endpoint_security-default privileges: *ref_0 - names: - metrics-elastic_agent.metricbeat-default privileges: *ref_0 - names: - logs-elastic_agent.packetbeat-default privileges: *ref_0 - names: - logs-elastic_agent.fleet_server-default privileges: *ref_0 - names: - metrics-elastic_agent.packetbeat-default privileges: *ref_0 - names: - metrics-elastic_agent.heartbeat-default privileges: *ref_0 - names: - metrics-elastic_agent.fleet_server-default privileges: *ref_0 - names: - logs-elastic_agent.metricbeat-default privileges: *ref_0 - names: - logs-elastic_agent.heartbeat-default privileges: *ref_0 - names: - metrics-elastic_agent.osquerybeat-default privileges: *ref_0 - names: - metrics-elastic_agent.auditbeat-default privileges: *ref_0 - names: - logs-elastic_agent.osquerybeat-default privileges: *ref_0 _elastic_agent_checks: cluster: - monitor 604429b8-889c-4517-95cd-b534d6492c41: indices: - names: - logs-endpoint.events.library-default privileges: *ref_0 - names: - logs-endpoint.alerts-default privileges: *ref_0 - names: - metrics-endpoint.metadata-default privileges: *ref_0 - names: - logs-endpoint.events.file-default privileges: *ref_0 - names: - metrics-endpoint.policy-default privileges: *ref_0 - names: - logs-endpoint.events.network-default privileges: *ref_0 - names: - .logs-endpoint.actions-default privileges: *ref_0 - names: - logs-endpoint.events.security-default privileges: *ref_0 - names: - metrics-endpoint.metrics-default privileges: *ref_0 - names: - logs-endpoint.events.process-default privileges: *ref_0 - names: - logs-endpoint.events.registry-default privileges: *ref_0 - names: - .logs-endpoint.diagnostic.collection-default privileges: *ref_0 - names: - .logs-endpoint.action.responses-default privileges: *ref_0 agent: monitoring: enabled: true use_output: default namespace: default logs: true metrics: true inputs: - id: 604429b8-889c-4517-95cd-b534d6492c41 name: endpoint-0 revision: 1 type: endpoint use_output: default meta: package: name: endpoint version: 8.3.0 data_stream: namespace: default artifact_manifest: manifest_version: 1.0.4 schema_version: v1 artifacts: endpoint-exceptionlist-macos-v1: encryption_algorithm: none decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 decoded_size: 14 encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda encoded_size: 22 relative_url: >- /api/fleet/artifacts/endpoint-exceptionlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 compression_algorithm: zlib endpoint-exceptionlist-windows-v1: encryption_algorithm: none decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 decoded_size: 14 encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda encoded_size: 22 relative_url: >- /api/fleet/artifacts/endpoint-exceptionlist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 compression_algorithm: zlib endpoint-exceptionlist-linux-v1: encryption_algorithm: none decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 decoded_size: 14 encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda encoded_size: 22 relative_url: >- /api/fleet/artifacts/endpoint-exceptionlist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 compression_algorithm: zlib endpoint-trustlist-macos-v1: encryption_algorithm: none decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 decoded_size: 14 encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda encoded_size: 22 relative_url: >- /api/fleet/artifacts/endpoint-trustlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 compression_algorithm: zlib endpoint-trustlist-windows-v1: encryption_algorithm: none decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 decoded_size: 14 encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda encoded_size: 22 relative_url: >- /api/fleet/artifacts/endpoint-trustlist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 compression_algorithm: zlib endpoint-trustlist-linux-v1: encryption_algorithm: none decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 decoded_size: 14 encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda encoded_size: 22 relative_url: >- /api/fleet/artifacts/endpoint-trustlist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 compression_algorithm: zlib endpoint-eventfilterlist-macos-v1: encryption_algorithm: none decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 decoded_size: 14 encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda encoded_size: 22 relative_url: >- /api/fleet/artifacts/endpoint-eventfilterlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 compression_algorithm: zlib endpoint-eventfilterlist-windows-v1: encryption_algorithm: none decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 decoded_size: 14 encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda encoded_size: 22 relative_url: >- /api/fleet/artifacts/endpoint-eventfilterlist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 compression_algorithm: zlib endpoint-eventfilterlist-linux-v1: encryption_algorithm: none decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 decoded_size: 14 encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda encoded_size: 22 relative_url: >- /api/fleet/artifacts/endpoint-eventfilterlist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 compression_algorithm: zlib endpoint-hostisolationexceptionlist-macos-v1: encryption_algorithm: none decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 decoded_size: 14 encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda encoded_size: 22 relative_url: >- /api/fleet/artifacts/endpoint-hostisolationexceptionlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 compression_algorithm: zlib endpoint-hostisolationexceptionlist-windows-v1: encryption_algorithm: none decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 decoded_size: 14 encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda encoded_size: 22 relative_url: >- /api/fleet/artifacts/endpoint-hostisolationexceptionlist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 compression_algorithm: zlib endpoint-hostisolationexceptionlist-linux-v1: encryption_algorithm: none decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 decoded_size: 14 encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda encoded_size: 22 relative_url: >- /api/fleet/artifacts/endpoint-hostisolationexceptionlist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 compression_algorithm: zlib endpoint-blocklist-macos-v1: encryption_algorithm: none decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 decoded_size: 14 encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda encoded_size: 22 relative_url: >- /api/fleet/artifacts/endpoint-blocklist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 compression_algorithm: zlib endpoint-blocklist-windows-v1: encryption_algorithm: none decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 decoded_size: 14 encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda encoded_size: 22 relative_url: >- /api/fleet/artifacts/endpoint-blocklist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 compression_algorithm: zlib endpoint-blocklist-linux-v1: encryption_algorithm: none decoded_sha256: d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 decoded_size: 14 encoded_sha256: f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda encoded_size: 22 relative_url: >- /api/fleet/artifacts/endpoint-blocklist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658 compression_algorithm: zlib policy: windows: events: dll_and_driver_load: true dns: true file: true network: true process: true registry: true security: true malware: mode: prevent blocklist: true ransomware: mode: prevent supported: true memory_protection: mode: prevent supported: true behavior_protection: mode: prevent supported: true popup: malware: enabled: true message: '' ransomware: enabled: true message: '' memory_protection: enabled: true message: '' behavior_protection: enabled: true message: '' logging: file: info antivirus_registration: enabled: false mac: events: process: true file: true network: true malware: mode: prevent blocklist: true behavior_protection: mode: prevent supported: true memory_protection: mode: prevent supported: true popup: malware: enabled: true message: '' behavior_protection: enabled: true message: '' memory_protection: enabled: true message: '' logging: file: info linux: events: process: true file: true network: true session_data: false malware: mode: prevent blocklist: true behavior_protection: mode: prevent supported: true memory_protection: mode: prevent supported: true popup: malware: enabled: true message: '' behavior_protection: enabled: true message: '' memory_protection: enabled: true message: '' logging: file: info fleet: hosts: - >- https://REDACTED.fleet.europe-west1.gcp.cloud.es.io:443