From 31a49268cb960d26c04d7e8ea28cc5f9c4bf4260 Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 23 Aug 2023 20:20:06 +0000 Subject: [PATCH] Add o365 and okta --- salt/elasticsearch/defaults.yaml | 36 +++++++++++++++++++++++ salt/elasticsearch/soc_elasticsearch.yaml | 2 ++ 2 files changed, 38 insertions(+) diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 1c1d3ec58..3ea24c3fd 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -1672,6 +1672,42 @@ elasticsearch: data_stream: hidden: false allow_custom_routing: false + so-logs-o365_x_audit: + index_sorting: False + index_template: + index_patterns: + - "logs-o365.audit-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-o365.audit@package" + - "logs-o365.audit@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-okta_x_system: + index_sorting: False + index_template: + index_patterns: + - "logs-okta.system-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-okta.system@package" + - "logs-okta.system@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false so-logs-panw_x_panos: index_sorting: False index_template: diff --git a/salt/elasticsearch/soc_elasticsearch.yaml b/salt/elasticsearch/soc_elasticsearch.yaml index 01de1ec30..e8ecccd2c 100644 --- a/salt/elasticsearch/soc_elasticsearch.yaml +++ b/salt/elasticsearch/soc_elasticsearch.yaml @@ -278,6 +278,8 @@ elasticsearch: so-logs-microsoft_defender_endpoint_x_log: *indexSettings so-logs-microsoft_dhcp_x_log: *indexSettings so-logs-netflow_x_log: *indexSettings + so-logs-okta_x_system: *indexSettings + so-logs-o365_x_audit: *indexSettings so-logs-panw_x_panos: *indexSettings so-logs-pfsense_x_log: *indexSettings so-logs-sentinel_one_x_activity: *indexSettings