CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove 'so-curator-cluster-warm' and remove unncessary Curator default values

Browse Source
This commit is contained in:
Wes
2023-03-07 16:21:55 +00:00
parent df94e830c5
commit 073054b447
3 changed files with 0 additions and 171 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
salt/curator/defaults.yaml
View File

@@ -1,182 +1,47 @@
elasticsearch: elasticsearch:
index_settings: index_settings:
so-aws:
warm: 7
close: 30
delete: 365
so-azure:
warm: 7
close: 30
delete: 365
so-barracuda:
warm: 7
close: 30
delete: 365
so-beats: so-beats:
warm: 7
close: 30
delete: 365
so-bluecoat:
warm: 7
close: 30
delete: 365
so-cef:
warm: 7
close: 30
delete: 365
so-checkpoint:
warm: 7
close: 30
delete: 365
so-cisco:
warm: 7
close: 30
delete: 365
so-cyberark:
warm: 7
close: 30
delete: 365
so-cylance:
warm: 7
close: 30 close: 30
delete: 365 delete: 365
so-elasticsearch: so-elasticsearch:
warm: 7
close: 30
delete: 365
so-endgame:
warm: 7
close: 30
delete: 365
so-f5:
warm: 7
close: 30 close: 30
delete: 365 delete: 365
so-firewall: so-firewall:
warm: 7
close: 30
delete: 365
so-fortinet:
warm: 7
close: 30
delete: 365
so-gcp:
warm: 7
close: 30
delete: 365
so-google_workspace:
warm: 7
close: 30 close: 30
delete: 365 delete: 365
so-ids: so-ids:
warm: 7
close: 30
delete: 365
so-imperva:
warm: 7
close: 30 close: 30
delete: 365 delete: 365
so-import: so-import:
warm: 7
close: 73000 close: 73000
delete: 73001 delete: 73001
so-infoblox:
warm: 7
close: 30
delete: 365
so-juniper:
warm: 7
close: 30
delete: 365
so-kratos: so-kratos:
warm: 7
close: 30 close: 30
delete: 365 delete: 365
so-kibana: so-kibana:
warm: 7
close: 30 close: 30
delete: 365 delete: 365
so-logstash: so-logstash:
warm: 7
close: 30
delete: 365
so-microsoft:
warm: 7
close: 30
delete: 365
so-misp:
warm: 7
close: 30 close: 30
delete: 365 delete: 365
so-netflow: so-netflow:
warm: 7
close: 30
delete: 365
so-netscout:
warm: 7
close: 30
delete: 365
so-o365:
warm: 7
close: 30
delete: 365
so-okta:
warm: 7
close: 30 close: 30
delete: 365 delete: 365
so-osquery: so-osquery:
warm: 7
close: 30 close: 30
delete: 365 delete: 365
so-ossec: so-ossec:
warm: 7
close: 30
delete: 365
so-proofpoint:
warm: 7
close: 30
delete: 365
so-radware:
warm: 7
close: 30 close: 30
delete: 365 delete: 365
so-redis: so-redis:
warm: 7
close: 30
delete: 365
so-snort:
warm: 7
close: 30
delete: 365
so-snyk:
warm: 7
close: 30
delete: 365
so-sonicwall:
warm: 7
close: 30
delete: 365
so-sophos:
warm: 7
close: 30 close: 30
delete: 365 delete: 365
so-strelka: so-strelka:
warm: 7
close: 30 close: 30
delete: 365 delete: 365
so-syslog: so-syslog:
warm: 7
close: 30
delete: 365
so-tomcat:
warm: 7
close: 30 close: 30
delete: 365 delete: 365
so-zeek: so-zeek:
warm: 7
close: 30
delete: 365
so-zscaler:
warm: 7
close: 30 close: 30
delete: 365 delete: 365

26
salt/curator/files/bin/so-curator-cluster-warm
View File

@@ -1,26 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
APP=warm
lf=/tmp/$APP-pidLockFile
# create empty lock file if none exists
cat /dev/null >> $lf
read lastPID < $lf
# if lastPID is not null and a process with that pid exists , exit
[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit
echo $$ > $lf
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-warm.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-warm.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-warm.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ids-warm.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-import-warm.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-kratos-warm.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-osquery-warm.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-warm.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-warm.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-warm.yml > /dev/null 2>&1;

10
salt/curator/init.sls
View File

@@ -182,16 +182,6 @@ so-curatorclusterdelete:
- month: '*' - month: '*'
- dayweek: '*' - dayweek: '*'
so-curatorclusterwarm:
cron.present:
- name: /usr/sbin/so-curator-cluster-warm > /opt/so/log/curator/cron-warm.log 2>&1
- user: root
- minute: '2'
- hour: '*/1'
- daymonth: '*'
- month: '*'
- dayweek: '*'
{% else %} {% else %}
{{sls}}_state_not_allowed: {{sls}}_state_not_allowed: