diff --git a/salt/elasticfleet/defaults.yaml b/salt/elasticfleet/defaults.yaml index c3ca0f828..e586100da 100644 --- a/salt/elasticfleet/defaults.yaml +++ b/salt/elasticfleet/defaults.yaml @@ -110,6 +110,8 @@ elasticfleet: - ti_otx - ti_recordedfuture - ti_threatq + - trendmicro + - trend_micro_vision_one - udp - vsphere - windows diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 06f5392d8..f0178728e 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -10298,6 +10298,182 @@ elasticsearch: set_priority: priority: 50 min_age: 30d + so-logs-trend_micro_vision_one_x_alert: + index_sorting: False + index_template: + index_patterns: + - "logs-trend_micro_vision_one.alert-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-trend_micro_vision_one.alert@package" + - "logs-trend_micro_vision_one.alert@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + ignore_missing_component_templates: + - "logs-trend_micro_vision_one.alert@custom" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-trend_micro_vision_one_x_audit: + index_sorting: False + index_template: + index_patterns: + - "logs-trend_micro_vision_one.audit-*" + template: + settings: + index: + number_of_replicas: 0 + ignore_missing_component_templates: + - "logs-trend_micro_vision_one.audit@custom" + composed_of: + - "logs-trend_micro_vision_one.audit@package" + - "logs-trend_micro_vision_one.audit@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-trend_micro_vision_one_x_detection: + index_sorting: False + index_template: + index_patterns: + - "logs-trend_micro_vision_one.detection-*" + template: + settings: + index: + number_of_replicas: 0 + ignore_missing_component_templates: + - "logs-trend_micro_vision_one.detection@custom" + composed_of: + - "logs-trend_micro_vision_one.detection@package" + - "logs-trend_micro_vision_one.detection@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-trendmicro_x_deep_security: + index_sorting: False + index_template: + index_patterns: + - "logs-trendmicro.deep_security-*" + template: + settings: + index: + number_of_replicas: 0 + ignore_missing_component_templates: + - "logs-trendmicro.deep_security@custom" + composed_of: + - "logs-trendmicro.deep_security@package" + - "logs-trendmicro.deep_security@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d so-logs-vsphere_x_log: index_sorting: false index_template: diff --git a/salt/elasticsearch/soc_elasticsearch.yaml b/salt/elasticsearch/soc_elasticsearch.yaml index 31a8a7f6f..266372708 100644 --- a/salt/elasticsearch/soc_elasticsearch.yaml +++ b/salt/elasticsearch/soc_elasticsearch.yaml @@ -494,6 +494,10 @@ elasticsearch: so-logs-ti_recordedfuture_x_latest_ioc-template: *indexSettings so-logs-ti_recordedfuture_x_threat: *indexSettings so-logs-ti_threatq_x_threat: *indexSettings + so-logs-trend_micro_vision_one_x_alert: *indexSettings + so-logs-trend_micro_vision_one_x_audit: *indexSettings + so-logs-trend_micro_vision_one_x_detection: *indexSettings + so-logs-trendmicro_x_deep_security: *indexSettings so-logs-zscaler_zia_x_alerts: *indexSettings so-logs-zscaler_zia_x_dns: *indexSettings so-logs-zscaler_zia_x_firewall: *indexSettings diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.alert@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.alert@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.alert@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.audit@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.audit@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.audit@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.detection@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.detection@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.detection@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-trendmicro.deep_security@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-trendmicro.deep_security@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-trendmicro.deep_security@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +}