CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13526 from Security-Onion-Solutions/feature/tenable_io

Browse Source 
Add Tenable IO
This commit is contained in:
weslambert
2024-08-21 09:03:33 -04:00
committed by GitHub
parent e772497e12 dc197f6a5c
commit 1ed73b6f8e
3 changed files with 192 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/elasticfleet/defaults.yaml
View File

@@ -97,6 +97,7 @@ elasticfleet:
- symantec_endpoint - symantec_endpoint
- system - system
- tcp - tcp
- tenable_io
- tenable_sc - tenable_sc
- ti_abusech - ti_abusech
- ti_anomali - ti_anomali

184
salt/elasticsearch/defaults.yaml
View File

@@ -9282,6 +9282,190 @@ elasticsearch:
set_priority: set_priority:
priority: 50 priority: 50
min_age: 30d min_age: 30d
so-logs-tenable_io_x_asset:
index_sorting: False
index_template:
index_patterns:
- "logs-tenable_io.asset-*"
template:
settings:
index:
lifecycle:
name: so-logs-tenable_io.asset-logs
number_of_replicas: 0
composed_of:
- "logs-tenable_io.asset@package"
- "logs-tenable_io.asset@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
ignore_missing_component_templates:
- logs-tenable_io.asset@custom
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-tenable_io_x_plugin:
index_sorting: False
index_template:
index_patterns:
- "logs-tenable_io.plugin-*"
template:
settings:
index:
lifecycle:
name: so-logs-tenable_io.plugin-logs
number_of_replicas: 0
composed_of:
- "logs-tenable_io.plugin@package"
- "logs-tenable_io.plugin@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
ignore_missing_component_templates:
- logs-tenable_io.plugin@custom
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-tenable_io_x_scan:
index_sorting: False
index_template:
index_patterns:
- "logs-tenable_io.scan-*"
template:
settings:
index:
lifecycle:
name: so-logs-tenable_io.scan-logs
number_of_replicas: 0
composed_of:
- "logs-tenable_io.scan@package"
- "logs-tenable_io.scan@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
ignore_missing_component_templates:
- logs-tenable_io.scan@custom
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-tenable_io_x_vulnerability:
index_sorting: False
index_template:
index_patterns:
- "logs-tenable_io.vulnerability-*"
template:
settings:
index:
lifecycle:
name: so-logs-tenable_io.vulnerability-logs
number_of_replicas: 0
composed_of:
- "logs-tenable_io.vulnerability@package"
- "logs-tenable_io.vulnerability@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
ignore_missing_component_templates:
- logs-tenable_io.vulnerability@custom
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-tenable_sc_x_asset: so-logs-tenable_sc_x_asset:
index_sorting: false index_sorting: false
index_template: index_template:

7
salt/elasticsearch/soc_elasticsearch.yaml
View File

@@ -466,6 +466,13 @@ elasticsearch:
so-logs-sonicwall_firewall_x_log: *indexSettings so-logs-sonicwall_firewall_x_log: *indexSettings
so-logs-snort_x_log: *indexSettings so-logs-snort_x_log: *indexSettings
so-logs-symantec_endpoint_x_log: *indexSettings so-logs-symantec_endpoint_x_log: *indexSettings
so-logs-tenable_io_x_asset: *indexSettings
so-logs-tenable_io_x_plugin: *indexSettings
so-logs-tenable_io_x_scan: *indexSettings
so-logs-tenable_io_x_vulnerability: *indexSettings
so-logs-tenable_sc_x_asset: *indexSettings
so-logs-tenable_sc_x_plugin: *indexSettings
so-logs-tenable_sc_x_vulnerability: *indexSettings
so-logs-ti_abusech_x_malware: *indexSettings so-logs-ti_abusech_x_malware: *indexSettings
so-logs-ti_abusech_x_malwarebazaar: *indexSettings so-logs-ti_abusech_x_malwarebazaar: *indexSettings
so-logs-ti_abusech_x_threatfox: *indexSettings so-logs-ti_abusech_x_threatfox: *indexSettings