CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8752 from Security-Onion-Solutions/fix/logstash_remove_osquery_livequery_output_configuration

Browse Source 
Remove Osquery live query Logstash output configuration
This commit is contained in:
weslambert
2022-09-15 15:53:49 -04:00
committed by GitHub
parent c49c7348ff 1a90eeb1b1
commit 6212a288e4
1 changed files with 0 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
salt/logstash/pipelines/config/so/9101_output_osquery_livequery.conf.jinja
View File

@@ -1,37 +0,0 @@
{%- set ES = salt['grains.get']('master') -%}
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
filter {
if [type] =~ "live_query" {
mutate {
rename => {
"[host][hostname]" => "computer_name"
}
}
prune {
blacklist_names => ["host"]
}
split {
field => "rows"
}
}
}
output {
if [type] =~ "live_query" {
elasticsearch {
pipeline => "osquery.live_query"
hosts => "{{ ES }}"
user => "{{ ES_USER }}"
password => "{{ ES_PASS }}"
index => "so-osquery"
ssl => true
ssl_certificate_verification => false
}
}
}