From 62fa15c63ed86a5e5bee08d923b67ac801e4ddf3 Mon Sep 17 00:00:00 2001 From: Wes Date: Fri, 23 Jun 2023 14:43:15 +0000 Subject: [PATCH] Add more templates --- salt/elasticsearch/defaults.yaml | 792 +++++++++++++++++++++++++++++++ 1 file changed, 792 insertions(+) diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index e6fec1c6b..5442969e5 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -278,6 +278,798 @@ elasticsearch: data_stream: hidden: false allow_custom_routing: false + so-logs-aws.cloudtrail: + index_sorting: False + index_template: + index_patterns: + - "logs-aws.cloudtrail-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-aws.cloudtrail@package" + - "logs-aws.cloudtrail@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-aws.cloudwatch_logs: + index_sorting: False + index_template: + index_patterns: + - "logs-aws.cloudwatch_logs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-aws.cloudwatch_logs@package" + - "logs-aws.cloudwatch_logs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-aws.ec2_logs: + index_sorting: False + index_template: + index_patterns: + - "logs-aws.ec2_logs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-aws.ec2_logs@package" + - "logs-aws.ec2_logs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-aws.elb_logs: + index_sorting: False + index_template: + index_patterns: + - "logs-aws.elb_logs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-aws.elb_logs@package" + - "logs-aws.elb_logs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-aws.firewall_logs: + index_sorting: False + index_template: + index_patterns: + - "logs-aws.firewall_logs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-aws.firewall_logs@package" + - "logs-aws.firewall_logs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-aws.route53_public_logs: + index_sorting: False + index_template: + index_patterns: + - "logs-aws.route53_public_logs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-aws.route53_public_logs@package" + - "logs-aws.route53_public_logs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-aws.route53.resolver_logs: + index_sorting: False + index_template: + index_patterns: + - "logs-aws.route53.resolver_logs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-aws.route53.resolver_logs@package" + - "logs-aws.route53.resolver_logs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-aws.s3access: + index_sorting: False + index_template: + index_patterns: + - "logs-aws.s3access-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-aws.s3access@package" + - "logs-aws.s3access@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-aws.vpcflow: + index_sorting: False + index_template: + index_patterns: + - "logs-aws.vpcflow-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-aws.vpcflow@package" + - "logs-aws.vpcflow@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-aws.waf: + index_sorting: False + index_template: + index_patterns: + - "logs-aws.waf-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-aws.waf@package" + - "logs-aws.waf@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-azure.activitylogs: + index_sorting: False + index_template: + index_patterns: + - "logs-azure.activitylogs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-azure.activitylogs@package" + - "logs-azure.activitylogs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-azure.application_gateway: + index_sorting: False + index_template: + index_patterns: + - "logs-azure.application_gateway-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-azure.application_gateway@package" + - "logs-azure.application_gateway@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-azure.auditlogs: + index_sorting: False + index_template: + index_patterns: + - "logs-azure.auditlogs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-azure.auditlogs@package" + - "logs-azure.auditlogs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-azure.eventhub: + index_sorting: False + index_template: + index_patterns: + - "logs-azure.eventhub-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-azure.eventhub@package" + - "logs-azure.eventhub@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-azure.firewall_logs: + index_sorting: False + index_template: + index_patterns: + - "logs-azure.firewall_logs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-azure.firewall_logs@package" + - "logs-azure.firewall_logs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-azure.identity_protect: + index_sorting: False + index_template: + index_patterns: + - "logs-azure.identity_protect-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-azure.identity_protect@package" + - "logs-azure.identity_protect@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-azure.platformlogs: + index_sorting: False + index_template: + index_patterns: + - "logs-azure.platformlogs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-azure.platformlogs@package" + - "logs-azure.platformlogs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-azure.provisioning: + index_sorting: False + index_template: + index_patterns: + - "logs-azure.provisioning-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-azure.provisioning@package" + - "logs-azure.provisioning@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-azure.signinlogs: + index_sorting: False + index_template: + index_patterns: + - "logs-azure.signinlogs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-azure.signinlogs@package" + - "logs-azure.signinlogs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-azure.springcloudlogs: + index_sorting: False + index_template: + index_patterns: + - "logs-azure.springcloudlogs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-azure.springcloudlogs@package" + - "logs-azure.springcloudlogs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-cloudflare-audit: + index_sorting: False + index_template: + index_patterns: + - "logs-cloudflare-audit-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-cloudflare-audit@package" + - "logs-cloudflare-audit@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-cloudflare-logpull: + index_sorting: False + index_template: + index_patterns: + - "logs-cloudflare-logpull-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-cloudflare-logpull@package" + - "logs-cloudflare-logpull@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-fim.event: + index_sorting: False + index_template: + index_patterns: + - "logs-fim.event-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-fim.event@package" + - "logs-fim.event@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-github.audit: + index_sorting: False + index_template: + index_patterns: + - "logs-github.audit-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-github.audit@package" + - "logs-github.audit@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-github.code_scanning: + index_sorting: False + index_template: + index_patterns: + - "logs-github.code_scanning-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-github.code_scanning@package" + - "logs-github.code_scanning@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-github.dependabot: + index_sorting: False + index_template: + index_patterns: + - "logs-github.dependabot-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-github.dependabot@package" + - "logs-github.dependabot@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-github.issues: + index_sorting: False + index_template: + index_patterns: + - "logs-github.issues-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-github.issues@package" + - "logs-github.issues@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-github.secret_scanning: + index_sorting: False + index_template: + index_patterns: + - "logs-github.secret_scanning-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-github.secret_scanning@package" + - "logs-github.secret_scanning@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-google_workspace_transparency: + index_sorting: False + index_template: + index_patterns: + - "logs-google_workspace_transparency-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-google_workspace_transparency@package" + - "logs-google_workspace_transparency@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-google_workspace.admin: + index_sorting: False + index_template: + index_patterns: + - "logs-google_workspace.admin-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-google_workspace.admin@package" + - "logs-google_workspace.admin@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-google_workspace.alert: + index_sorting: False + index_template: + index_patterns: + - "logs-google_workspace.alert-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-google_workspace.alert@package" + - "logs-google_workspace.alert@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-google_workspace.context_aware_access: + index_sorting: False + index_template: + index_patterns: + - "logs-google_workspace.context_aware_access-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-google_workspace.context_aware_access@package" + - "logs-google_workspace.context_aware_access@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-google_workspace.device: + index_sorting: False + index_template: + index_patterns: + - "logs-google_workspace.device-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-google_workspace.device@package" + - "logs-google_workspace.device@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-google_workspace.drive: + index_sorting: False + index_template: + index_patterns: + - "logs-google_workspace.drive-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-google_workspace.drive@package" + - "logs-google_workspace.drive@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-google_workspace.gcp: + index_sorting: False + index_template: + index_patterns: + - "logs-google_workspace.gcp-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-google_workspace.gcp@package" + - "logs-google_workspace.gcp@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-google_workspace.group_enterprise: + index_sorting: False + index_template: + index_patterns: + - "logs-google_workspace.group_enterprise-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-google_workspace.group_enterprise@package" + - "logs-google_workspace.group_enterprise@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-google_workspace.groups: + index_sorting: False + index_template: + index_patterns: + - "logs-google_workspace.groups-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-google_workspace.groups@package" + - "logs-google_workspace.groups@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-google_workspace.login: + index_sorting: False + index_template: + index_patterns: + - "logs-google_workspace.login-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-google_workspace.login@package" + - "logs-google_workspace.login@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-google_workspace.rules: + index_sorting: False + index_template: + index_patterns: + - "logs-google_workspace.rules-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-google_workspace.rules@package" + - "logs-google_workspace.rules@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-google_workspace.saml: + index_sorting: False + index_template: + index_patterns: + - "logs-google_workspace.saml-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-google_workspace.saml@package" + - "logs-google_workspace.saml@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-google_workspace.token: + index_sorting: False + index_template: + index_patterns: + - "logs-google_workspace.token-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-google_workspace.token@package" + - "logs-google_workspace.token@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-google_workspace.user_accounts: + index_sorting: False + index_template: + index_patterns: + - "logs-google_workspace.user_accounts-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-google_workspace.user_accounts@package" + - "logs-google_workspace.user_accounts@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-1password.item_usages: + index_sorting: False + index_template: + index_patterns: + - "logs-1password.item_usages-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-1password.item_usages@package" + - "logs-1password.item_usages@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-1password.signin_attempts: + index_sorting: False + index_template: + index_patterns: + - "logs-1password.signin_attempts-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-1password.signin_attempts@package" + - "logs-1password.signin_attempts@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false so-logs-osquery-manager-actions: index_sorting: False index_template: