osquery ingest - initial support

2025-12-28 03:43:31 +01:00 · 2020-04-01 10:17:36 -04:00
parent 2bfacecb4b
commit 0e76447d11
5 changed files with 37 additions and 6 deletions
--- a/salt/logstash/pipelines/templates/so/so-common-template.json
+++ b/salt/logstash/pipelines/templates/so/so-common-template.json
@@ -1,5 +1,5 @@
 {
-  "index_patterns": ["so-ids-*", "so-firewall-*", "so-syslog-*", "so-zeek-*", "so-import-*", "so-ossec-*", "so-strelka-*", "so-beats-*"],
+  "index_patterns": ["so-ids-*", "so-firewall-*", "so-syslog-*", "so-zeek-*", "so-import-*", "so-ossec-*", "so-strelka-*", "so-beats-*", "so-osquery-*"],
  "version":50001,
  "order" : 10,
  "settings":{