CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13849 from Security-Onion-Solutions/revert-13841-reyesj2/eaintegration

Browse Source 
Revert "Add support for cybereason integration"
This commit is contained in:
Jorge Reyes
2024-10-21 15:26:15 -04:00
committed by GitHub
parent b95563bdf1 cf95af66c6
commit 2b4dfbe2ca
9 changed files with 0 additions and 487 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/elasticfleet/defaults.yaml
View File

@@ -53,7 +53,6 @@ elasticfleet:
- citrix_waf - citrix_waf
- cloudflare - cloudflare
- crowdstrike - crowdstrike
- cybereason
- darktrace - darktrace
- elastic_agent - elastic_agent
- elasticsearch - elasticsearch

264
salt/elasticsearch/defaults.yaml
View File

@@ -3562,270 +3562,6 @@ elasticsearch:
set_priority: set_priority:
priority: 50 priority: 50
min_age: 30d min_age: 30d
so-logs-cybereason_x_logon_session:
index_sorting: False
index_template:
index_patterns:
- "logs-cybereason.logon_session-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-cybereason.logon_session@package"
- "logs-cybereason.logon_session@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
ignore_missing_component_templates:
- logs-cybereason.logon_session@custom
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 60d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-cybereason_x_malop_connection:
index_sorting: False
index_template:
index_patterns:
- "logs-cybereason.malop_connection-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-cybereason.malop_connection@package"
- "logs-cybereason.malop_connection@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
ignore_missing_component_templates:
- logs-cybereason.malop_connection@custom
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 60d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-cybereason_x_malop_process:
index_sorting: False
index_template:
index_patterns:
- "logs-cybereason.malop_process-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-cybereason.malop_process@package"
- "logs-cybereason.malop_process@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
ignore_missing_component_templates:
- logs-cybereason.malop_process@custom
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 60d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-cybereason_x_malware:
index_sorting: False
index_template:
index_patterns:
- "logs-cybereason.malware-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-cybereason.malware@package"
- "logs-cybereason.malware@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
ignore_missing_component_templates:
- logs-cybereason.malware@custom
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 60d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-cybereason_x_poll_malop:
index_sorting: False
index_template:
index_patterns:
- "logs-cybereason.poll_malop-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-cybereason.poll_malop@package"
- "logs-cybereason.poll_malop@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
ignore_missing_component_templates:
- logs-cybereason.poll_malop@custom
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 60d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-cybereason_x_suspicions_process:
index_sorting: False
index_template:
index_patterns:
- "logs-cybereason.suspicions_process-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-cybereason.suspicions_process@package"
- "logs-cybereason.suspicions_process@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
ignore_missing_component_templates:
- logs-cybereason.suspicions_process@custom
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 60d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-darktrace_x_ai_analyst_alert: so-logs-darktrace_x_ai_analyst_alert:
index_sorting: false index_sorting: false
index_template: index_template:

6
salt/elasticsearch/soc_elasticsearch.yaml
View File

@@ -398,12 +398,6 @@ elasticsearch:
so-logs-cloudflare_x_logpull: *indexSettings so-logs-cloudflare_x_logpull: *indexSettings
so-logs-crowdstrike_x_falcon: *indexSettings so-logs-crowdstrike_x_falcon: *indexSettings
so-logs-crowdstrike_x_fdr: *indexSettings so-logs-crowdstrike_x_fdr: *indexSettings
so-logs-cybereason_x_logon_session: *indexSettings
so-logs-cybereason_x_malop_connection: *indexSettings
so-logs-cybereason_x_malop_process: *indexSettings
so-logs-cybereason_x_malware: *indexSettings
so-logs-cybereason_x_poll_malop: *indexSettings
so-logs-cybereason_x_suspicions_process: *indexSettings
so-logs-darktrace_x_ai_analyst_alert: *indexSettings so-logs-darktrace_x_ai_analyst_alert: *indexSettings
so-logs-darktrace_x_model_breach_alert: *indexSettings so-logs-darktrace_x_model_breach_alert: *indexSettings
so-logs-darktrace_x_system_status_alert: *indexSettings so-logs-darktrace_x_system_status_alert: *indexSettings

36
salt/elasticsearch/templates/component/elastic-agent/logs-cybereason.logon_session@custom.json
View File

@@ -1,36 +0,0 @@
{
"template": {
"mappings": {
"properties": {
"host": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"related": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"destination": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"source": {
"properties":{
"ip": {
"type": "ip"
}
}
}
}
}
}
}

36
salt/elasticsearch/templates/component/elastic-agent/logs-cybereason.malop_connection@custom.json
View File

@@ -1,36 +0,0 @@
{
"template": {
"mappings": {
"properties": {
"host": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"related": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"destination": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"source": {
"properties":{
"ip": {
"type": "ip"
}
}
}
}
}
}
}

36
salt/elasticsearch/templates/component/elastic-agent/logs-cybereason.malop_process@custom.json
View File

@@ -1,36 +0,0 @@
{
"template": {
"mappings": {
"properties": {
"host": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"related": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"destination": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"source": {
"properties":{
"ip": {
"type": "ip"
}
}
}
}
}
}
}

36
salt/elasticsearch/templates/component/elastic-agent/logs-cybereason.malware@custom.json
View File

@@ -1,36 +0,0 @@
{
"template": {
"mappings": {
"properties": {
"host": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"related": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"destination": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"source": {
"properties":{
"ip": {
"type": "ip"
}
}
}
}
}
}
}

36
salt/elasticsearch/templates/component/elastic-agent/logs-cybereason.poll_malop@custom.json
View File

@@ -1,36 +0,0 @@
{
"template": {
"mappings": {
"properties": {
"host": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"related": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"destination": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"source": {
"properties":{
"ip": {
"type": "ip"
}
}
}
}
}
}
}

36
salt/elasticsearch/templates/component/elastic-agent/logs-cybereason.suspicions_process@custom.json
View File

@@ -1,36 +0,0 @@
{
"template": {
"mappings": {
"properties": {
"host": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"related": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"destination": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"source": {
"properties":{
"ip": {
"type": "ip"
}
}
}
}
}
}
}