# Module: snyk
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-snyk.html

- module: snyk
  audit:
    enabled: true

    # Set which input to use between httpjson (default) or file.
    #var.input: httpjson
    #
    # What audit type to collect, can be either "group" or "organization".
    #var.audit_type: organization
    #
    # The ID related to the audit_type. If audit type is group, then this value should be
    # the group ID and if it is organization it should be the organization ID to collect from.
    #var.audit_id: 1235432-asdfdf-2341234-asdgjhg

    # How often the API should be polled, defaults to 1 hour.
    #var.interval: 1h
    # How far to look back the first time the module starts up. (Only works with full days, 24 hours, 48 hours etc).
    #var.first_interval: 24h

    # The API token that is created for a specific user, found in the Snyk management dashboard.
    #var.api_token:

    # Event filtering.
    # All configuration items below is OPTIONAL and the default options will be overwritten
    # for each entry that is not commented out.

    # Will return only logs for this specific project.
    #var.project_id: ""
    # User public ID. Will fetch only audit logs originated from this user's actions.
    #var.user_id: ""
    # Will return only logs for this specific event.
    #var.event: ""
    # User email address. Will fetch only audit logs originated from this user's actions.
    #var.email_address: ""

  vulnerabilities:
    enabled: true

    # Set which input to use between httpjson (default) or file.
    #var.input: httpjson

    # How often the API should be polled. Data from the Snyk API is automatically updated
    # once per day, so the default interval is 24 hours.
    #var.interval: 24h

    # How far to look back the first time the module starts up. (Only works with full days, 24 hours, 48 hours etc).
    #var.first_interval: 24h

    # The API token that is created for a specific user, found in the Snyk management dashboard.
    #var.api_token:

    # The list of org IDs to filter the results by.
    # One organization ID per line, starting with a - sign
    #var.orgs:
    #  - 12354-asdfdf-123543-asdsdfg
    #  - 76554-jhggfd-654342-hgrfasd


    # Event filtering.
    # All configuration items below is OPTIONAL and the default options will be overwritten
    # for each entry that is not commented out.

    # The severity levels of issues to filter the results by.
    #var.included_severity:
    #  - high
    #  - medium
    #  - low
    #
    # The exploit maturity levels of issues to filter the results by.
    #var.exploit_maturity:
    #  - mature
    #  - proof-of-concept
    #  - no-known-exploit
    #  - no-data
    #
    # The type of issues to filter the results by.
    #var.types:
    #  - vuln
    #  - license
    #
    # The type of languages to filter the results by.
    #var.languages:
    #  - javascript
    #  - ruby
    #  - java
    #  - scala
    #  - python
    #  - golang
    #  - php
    #  - dotnet
    #  - swift
    #  - docker
    #
    # Search term to filter issue name by, or an exact CVE or CWE.
    #var.identifier:
    #  - ""
    #
    # If set to true, only include issues which are ignored, if set to false, only include issues which are not ignored.
    #var.ignored: false
    #var.patched: false
    #var.fixable: false
    #var.is_fixed: false
    #var.is_patchable: false
    #var.is_pinnable: false
    #
    # The priority score ranging between 0-1000
    #var.min_priority_score: 0
    #var.max_priority_score: 1000