Add o365 and okta

2025-12-07 17:52:46 +01:00 · 2023-08-23 20:20:06 +00:00
parent 2f51349ff8
commit 31a49268cb
2 changed files with 38 additions and 0 deletions
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -1672,6 +1672,42 @@ elasticsearch:
        data_stream:
          hidden: false
          allow_custom_routing: false
+    so-logs-o365_x_audit:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-o365.audit-*"
+        template:
+          settings:
+            index:
+              number_of_replicas: 0
+        composed_of:
+          - "logs-o365.audit@package"
+          - "logs-o365.audit@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+    so-logs-okta_x_system:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-okta.system-*"
+        template:
+          settings:
+            index:
+              number_of_replicas: 0
+        composed_of:
+          - "logs-okta.system@package"
+          - "logs-okta.system@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
    so-logs-panw_x_panos:
      index_sorting: False
      index_template:
--- a/salt/elasticsearch/soc_elasticsearch.yaml
+++ b/salt/elasticsearch/soc_elasticsearch.yaml
@@ -278,6 +278,8 @@ elasticsearch:
    so-logs-microsoft_defender_endpoint_x_log: *indexSettings
    so-logs-microsoft_dhcp_x_log: *indexSettings
    so-logs-netflow_x_log: *indexSettings
+    so-logs-okta_x_system: *indexSettings
+    so-logs-o365_x_audit: *indexSettings
    so-logs-panw_x_panos: *indexSettings
    so-logs-pfsense_x_log: *indexSettings
    so-logs-sentinel_one_x_activity: *indexSettings