CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add o365 and okta

Browse Source
This commit is contained in:
Wes
2023-08-23 20:20:06 +00:00
parent 2f51349ff8
commit 31a49268cb
2 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
salt/elasticsearch/defaults.yaml
View File

@@ -1672,6 +1672,42 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-o365_x_audit:
index_sorting: False
index_template:
index_patterns:
- "logs-o365.audit-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-o365.audit@package"
- "logs-o365.audit@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-okta_x_system:
index_sorting: False
index_template:
index_patterns:
- "logs-okta.system-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-okta.system@package"
- "logs-okta.system@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-panw_x_panos: so-logs-panw_x_panos:
index_sorting: False index_sorting: False
index_template: index_template:

2
salt/elasticsearch/soc_elasticsearch.yaml
View File

@@ -278,6 +278,8 @@ elasticsearch:
so-logs-microsoft_defender_endpoint_x_log: *indexSettings so-logs-microsoft_defender_endpoint_x_log: *indexSettings
so-logs-microsoft_dhcp_x_log: *indexSettings so-logs-microsoft_dhcp_x_log: *indexSettings
so-logs-netflow_x_log: *indexSettings so-logs-netflow_x_log: *indexSettings
so-logs-okta_x_system: *indexSettings
so-logs-o365_x_audit: *indexSettings
so-logs-panw_x_panos: *indexSettings so-logs-panw_x_panos: *indexSettings
so-logs-pfsense_x_log: *indexSettings so-logs-pfsense_x_log: *indexSettings
so-logs-sentinel_one_x_activity: *indexSettings so-logs-sentinel_one_x_activity: *indexSettings