Packages
Security Requirements and Controls
Change packages
permission
Packages provide a way to bundle LogScale assets such as parsers, queries, dashboards and alerts into a Package file that can then be shared with others. Packages can be distributed and installed manually by uploading the Package file to LogScale from the LogScale UI or CLI. This provides customers with an efficient and easy way to distribute and configure LogScale assets.
The LogScale Marketplace is accessed from within the LogScale UI and is where end-users can browse a selection of pre-built packages and can install them directly into their LogScale service. Anyone can build a LogScale package and submit it to LogScale for inclusion in the marketplace.
The marketplace provides a way for LogScale, customers and partners to share LogScale assets, which saves time and encourages people to find new ways to do more with LogScale. LogScale is keen that all packages can be freely used and edited by anyone to fuel creativity in the spirit of the open source community.
Package Types
There are two types of packages: Libraries; and Applications. Libraries define a set of components that you can use as templates for creating new components within LogScale. Applications include the templates, but also install a collection of the library components deployed within your LogScale environment.
Packages can contain parsers, queries, dashboards , actions, and alerts.
Libraries
A package library is a collection of component templates, for example dashboards, saved queries, alerts, or parsers. After installing a library within LogScale, these templates will be available as the basis for creating a new component.
To create a new component based on a template, use the component creation dialog for e.g. dashboards and select the
option. Then you can choose a template from which to create your new dashboard.
For example, you may install the crowdstrike/ioc
package to get dashboard templates that help you get started using our
ioc:lookup()
function. The templates from the
package can be used to create new dashboards like so:
Figure 60. Create From Template
Figure 61. Newly Created Dashboard
When a component is created based on a template, it is completely detached from the original template and package. So if you want to install an update to a library package, which changes some templates you have used to create components, this will not affect any of those components. Only new components you make from those templates after the update have that change in them.
Applications
Application packages are bundles of components built to support the use of LogScale for a specific application or logging environment. When you install an application package, all the components in the package are created for you in your repository, ready to be used immediately.
For example, we have an application package for the Apache HTTP server. When you install it, all dashboards and parsers in the package are immediately available and ready to handle data.
Figure 62. Apache HTTP Server Dashboards Grouped by Package Name
Should you want to install an update to an application package later, the components created by the original package will be updated by the new package update.
Creating Packages
You can create your own packages based on components available in LogScale, including by creating or using your own queries, widgets and components. This functionality enables you to create a standard set of components that you can then use on your LogScale clusters, or to distribute to others.
Custom packages can be shared as a Zip file with other users, or they can be published to the Package Marketplace.
For more information about creating and maintaining packages, see Create a Package.
Publishing Packages
In order to publish your package you just have to make it available as a Zip file, and publish the URL. A good place to tell people about your package is the CrowdStrike Community home page.
You can also the share the package on a repository service, for example Github, where it can be installed using Command-Line Interface (humioctl) or by downloading the Zip archive of your repository. See Developer Guidelines for more information on creating packages for the marketplace.