CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-14 14:18:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add filebeat modules

Browse Source
This commit is contained in:
Mike Reeves
2021-05-04 10:50:13 -04:00
parent d4e8ea8e72
commit 0622c77a7f
68 changed files with 2237 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/filebeat/modules/microsoft.yml.disabled
+49
View File
@@ -0,0 +1,49 @@
# Module: microsoft
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-microsoft.html
- module: microsoft
# ATP configuration
defender_atp:
enabled: true
# How often the API should be polled
#var.interval: 5m
# Oauth Client ID
#var.oauth2.client.id: ""
# Oauth Client Secret
#var.oauth2.client.secret: ""
# Oauth Token URL, should include the tenant ID
#var.oauth2.token_url: "https://login.microsoftonline.com/TENANT-ID/oauth2/token"
m365_defender:
enabled: true
# How often the API should be polled
#var.interval: 5m
# Oauth Client ID
#var.oauth2.client.id: ""
# Oauth Client Secret
#var.oauth2.client.secret: ""
# Oauth Token URL, should include the tenant ID
#var.oauth2.token_url: "https://login.microsoftonline.com/TENANT-ID/oauth2/token"
dhcp:
enabled: true
# Set which input to use between udp (default), tcp or file.
# var.input: udp
# var.syslog_host: localhost
# var.syslog_port: 9515
# Set paths for the log files when file input is used.
# var.paths:
# Toggle output of non-ECS fields (default true).
# var.rsa_fields: true
# Set custom timezone offset.
# "local" (default) for system timezone.
# "+02:00" for GMT+02:00
# var.tz_offset: local