CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

add support for trendmicro integration

Browse Source 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
This commit is contained in:
reyesj2
2024-10-16 16:45:46 -04:00
parent a3933bdc79
commit 322199358d
7 changed files with 326 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/elasticfleet/defaults.yaml
View File

@@ -110,6 +110,8 @@ elasticfleet:
- ti_otx - ti_otx
- ti_recordedfuture - ti_recordedfuture
- ti_threatq - ti_threatq
- trendmicro
- trend_micro_vision_one
- udp - udp
- vsphere - vsphere
- windows - windows

176
salt/elasticsearch/defaults.yaml
View File

@@ -10298,6 +10298,182 @@ elasticsearch:
set_priority: set_priority:
priority: 50 priority: 50
min_age: 30d min_age: 30d
so-logs-trend_micro_vision_one_x_alert:
index_sorting: False
index_template:
index_patterns:
- "logs-trend_micro_vision_one.alert-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-trend_micro_vision_one.alert@package"
- "logs-trend_micro_vision_one.alert@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
ignore_missing_component_templates:
- "logs-trend_micro_vision_one.alert@custom"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 60d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-trend_micro_vision_one_x_audit:
index_sorting: False
index_template:
index_patterns:
- "logs-trend_micro_vision_one.audit-*"
template:
settings:
index:
number_of_replicas: 0
ignore_missing_component_templates:
- "logs-trend_micro_vision_one.audit@custom"
composed_of:
- "logs-trend_micro_vision_one.audit@package"
- "logs-trend_micro_vision_one.audit@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 60d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-trend_micro_vision_one_x_detection:
index_sorting: False
index_template:
index_patterns:
- "logs-trend_micro_vision_one.detection-*"
template:
settings:
index:
number_of_replicas: 0
ignore_missing_component_templates:
- "logs-trend_micro_vision_one.detection@custom"
composed_of:
- "logs-trend_micro_vision_one.detection@package"
- "logs-trend_micro_vision_one.detection@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 60d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-trendmicro_x_deep_security:
index_sorting: False
index_template:
index_patterns:
- "logs-trendmicro.deep_security-*"
template:
settings:
index:
number_of_replicas: 0
ignore_missing_component_templates:
- "logs-trendmicro.deep_security@custom"
composed_of:
- "logs-trendmicro.deep_security@package"
- "logs-trendmicro.deep_security@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 60d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-vsphere_x_log: so-logs-vsphere_x_log:
index_sorting: false index_sorting: false
index_template: index_template:

4
salt/elasticsearch/soc_elasticsearch.yaml
View File

@@ -494,6 +494,10 @@ elasticsearch:
so-logs-ti_recordedfuture_x_latest_ioc-template: *indexSettings so-logs-ti_recordedfuture_x_latest_ioc-template: *indexSettings
so-logs-ti_recordedfuture_x_threat: *indexSettings so-logs-ti_recordedfuture_x_threat: *indexSettings
so-logs-ti_threatq_x_threat: *indexSettings so-logs-ti_threatq_x_threat: *indexSettings
so-logs-trend_micro_vision_one_x_alert: *indexSettings
so-logs-trend_micro_vision_one_x_audit: *indexSettings
so-logs-trend_micro_vision_one_x_detection: *indexSettings
so-logs-trendmicro_x_deep_security: *indexSettings
so-logs-zscaler_zia_x_alerts: *indexSettings so-logs-zscaler_zia_x_alerts: *indexSettings
so-logs-zscaler_zia_x_dns: *indexSettings so-logs-zscaler_zia_x_dns: *indexSettings
so-logs-zscaler_zia_x_firewall: *indexSettings so-logs-zscaler_zia_x_firewall: *indexSettings

36
salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.alert@custom.json Normal file
View File

@@ -0,0 +1,36 @@
{
"template": {
"mappings": {
"properties": {
"host": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"related": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"destination": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"source": {
"properties":{
"ip": {
"type": "ip"
}
}
}
}
}
}
}

36
salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.audit@custom.json Normal file
View File

@@ -0,0 +1,36 @@
{
"template": {
"mappings": {
"properties": {
"host": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"related": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"destination": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"source": {
"properties":{
"ip": {
"type": "ip"
}
}
}
}
}
}
}

36
salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.detection@custom.json Normal file
View File

@@ -0,0 +1,36 @@
{
"template": {
"mappings": {
"properties": {
"host": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"related": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"destination": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"source": {
"properties":{
"ip": {
"type": "ip"
}
}
}
}
}
}
}

36
salt/elasticsearch/templates/component/elastic-agent/logs-trendmicro.deep_security@custom.json Normal file
View File

@@ -0,0 +1,36 @@
{
"template": {
"mappings": {
"properties": {
"host": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"related": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"destination": {
"properties":{
"ip": {
"type": "ip"
}
}
},
"source": {
"properties":{
"ip": {
"type": "ip"
}
}
}
}
}
}
}