CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-02-21 06:25:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add filebeat modules

Browse Source
This commit is contained in:
Mike Reeves
2021-05-04 10:50:13 -04:00
parent d4e8ea8e72
commit 0622c77a7f
68 changed files with 2237 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
salt/filebeat/modules/googlecloud.yml.disabled Normal file
View File

@@ -0,0 +1,58 @@
# Module: googlecloud
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-googlecloud.html
# googlecloud module is deprecated, please use gcp instead
- module: gcp
vpcflow:
enabled: true
# Google Cloud project ID.
var.project_id: my-gcp-project-id
# Google Pub/Sub topic containing VPC flow logs. Stackdriver must be
# configured to use this topic as a sink for VPC flow logs.
var.topic: gcp-vpc-flowlogs
# Google Pub/Sub subscription for the topic. Filebeat will create this
# subscription if it does not exist.
var.subscription_name: filebeat-gcp-vpc-flowlogs-sub
# Credentials file for the service account with authorization to read from
# the subscription.
var.credentials_file: ${path.config}/gcp-service-account-xyz.json
firewall:
enabled: true
# Google Cloud project ID.
var.project_id: my-gcp-project-id
# Google Pub/Sub topic containing firewall logs. Stackdriver must be
# configured to use this topic as a sink for firewall logs.
var.topic: gcp-vpc-firewall
# Google Pub/Sub subscription for the topic. Filebeat will create this
# subscription if it does not exist.
var.subscription_name: filebeat-gcp-firewall-sub
# Credentials file for the service account with authorization to read from
# the subscription.
var.credentials_file: ${path.config}/gcp-service-account-xyz.json
audit:
enabled: true
# Google Cloud project ID.
var.project_id: my-gcp-project-id
# Google Pub/Sub topic containing firewall logs. Stackdriver must be
# configured to use this topic as a sink for firewall logs.
var.topic: gcp-vpc-audit
# Google Pub/Sub subscription for the topic. Filebeat will create this
# subscription if it does not exist.
var.subscription_name: filebeat-gcp-audit
# Credentials file for the service account with authorization to read from
# the subscription.
var.credentials_file: ${path.config}/gcp-service-account-xyz.json