CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add additional integration to templates

Browse Source
This commit is contained in:
Wes
2024-01-19 22:02:39 +00:00
parent d0457cb61e
commit 05aa8b013a
1 changed files with 440 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

440
salt/elasticsearch/defaults.yaml
View File

@@ -2537,6 +2537,270 @@ elasticsearch:
set_priority:
priority: 50
min_age: 30d
so-logs-citrix_adc_x_interface:
index_sorting: False
index_template:
index_patterns:
- "logs-citrix_adc.interface-*"
template:
settings:
index:
lifecycle:
name: so-logs-citrix_adc.interface-logs
number_of_replicas: 0
composed_of:
- "logs-citrix_adc.interface@package"
- "logs-citrix_adc.interface@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-citrix_adc_x_lbvserver:
index_sorting: False
index_template:
index_patterns:
- "logs-citrix_adc.lbvserver-*"
template:
settings:
index:
lifecycle:
name: so-logs-citrix_adc.lbvserver-logs
number_of_replicas: 0
composed_of:
- "logs-citrix_adc.lbvserver@package"
- "logs-citrix_adc.lbvserver@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-citrix_adc_x_service:
index_sorting: False
index_template:
index_patterns:
- "logs-citrix_adc.service-*"
template:
settings:
index:
lifecycle:
name: so-logs-citrix_adc.service-logs
number_of_replicas: 0
composed_of:
- "logs-citrix_adc.service@package"
- "logs-citrix_adc.service@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-citrix_adc_x_system:
index_sorting: False
index_template:
index_patterns:
- "logs-citrix_adc.system-*"
template:
settings:
index:
lifecycle:
name: so-logs-citrix_adc.system-logs
number_of_replicas: 0
composed_of:
- "logs-citrix_adc.system@package"
- "logs-citrix_adc.system@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-citrix_adc_x_vpn:
index_sorting: False
index_template:
index_patterns:
- "logs-citrix_adc.vpn-*"
template:
settings:
index:
lifecycle:
name: so-logs-citrix_adc.vpn-logs
number_of_replicas: 0
composed_of:
- "logs-citrix_adc.vpn@package"
- "logs-citrix_adc.vpn@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-citrix_waf_x_log:
index_sorting: False
index_template:
index_patterns:
- "logs-citrix_waf.log-*"
template:
settings:
index:
lifecycle:
name: so-logs-citrix_waf.log-logs
number_of_replicas: 0
composed_of:
- "logs-citrix_waf.log@package"
- "logs-citrix_waf.log@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-cloudflare_x_audit:
index_sorting: false
index_template:
@@ -6659,6 +6923,138 @@ elasticsearch:
set_priority:
priority: 50
min_age: 30d
so-logs-nginx_x_access:
index_sorting: False
index_template:
index_patterns:
- "logs-nginx.access-*"
template:
settings:
index:
lifecycle:
name: so-logs-nginx.access-logs
number_of_replicas: 0
composed_of:
- "logs-nginx.access@package"
- "logs-nginx.access@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-nginx_x_error:
index_sorting: False
index_template:
index_patterns:
- "logs-nginx.error-*"
template:
settings:
index:
lifecycle:
name: so-logs-nginx.error-logs
number_of_replicas: 0
composed_of:
- "logs-nginx.error@package"
- "logs-nginx.error@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-metrics-nginx_x_stubstatus:
index_sorting: False
index_template:
index_patterns:
- "metrics-nginx.stubstatus-*"
template:
settings:
index:
lifecycle:
name: so-metrics-nginx.stubstatus-logs
number_of_replicas: 0
composed_of:
- "metrics-nginx.stubstatus@package"
- "metrics-nginx.stubstatus@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-o365_x_audit:
index_sorting: false
index_template:
@@ -8854,6 +9250,50 @@ elasticsearch:
set_priority:
priority: 50
min_age: 30d
so-logs-winlog_x_winlog:
index_sorting: False
index_template:
index_patterns:
- "logs-winlog.winlog-*"
template:
settings:
index:
lifecycle:
name: so-logs-winlog.winlog-logs
number_of_replicas: 0
composed_of:
- "logs-winlog.winlog@package"
- "logs-winlog.winlog@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-zscaler_zia_x_alerts:
index_sorting: false
index_template: