Merge branch 'dev' into feature/osquery-ingest

2026-04-26 06:27:50 +02:00 · 2020-04-01 10:19:35 -04:00
parent 0e76447d11 9f44a86ae4
commit 5ca9a643a8
10 changed files with 613 additions and 726 deletions
@@ -164,9 +164,10 @@ filebeat.inputs:

  - type: log
    paths:
-      - /opt/so/log/strelka/strelka.log
+      - /nsm/strelka/log/strelka.log
    fields:
      module: strelka
+      category: file
      dataset: file

    processors:
@@ -197,6 +198,9 @@ output.elasticsearch:
    - index: "so-osquery-%{+yyyy.MM.dd}"
      when.contains:
        module: "osquery"
+    - index: "so-strelka-%{+yyyy.MM.dd}"
+      when.contains:
+        module: "strelka"

 #output.logstash:
  # Boolean flag to enable or disable the output module.