CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add more templates

Browse Source
This commit is contained in:
Wes
2023-06-23 14:43:15 +00:00
parent e995576b1d
commit 62fa15c63e
1 changed files with 792 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

792
salt/elasticsearch/defaults.yaml
View File

@@ -278,6 +278,798 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-aws.cloudtrail:
index_sorting: False
index_template:
index_patterns:
- "logs-aws.cloudtrail-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-aws.cloudtrail@package"
- "logs-aws.cloudtrail@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-aws.cloudwatch_logs:
index_sorting: False
index_template:
index_patterns:
- "logs-aws.cloudwatch_logs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-aws.cloudwatch_logs@package"
- "logs-aws.cloudwatch_logs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-aws.ec2_logs:
index_sorting: False
index_template:
index_patterns:
- "logs-aws.ec2_logs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-aws.ec2_logs@package"
- "logs-aws.ec2_logs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-aws.elb_logs:
index_sorting: False
index_template:
index_patterns:
- "logs-aws.elb_logs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-aws.elb_logs@package"
- "logs-aws.elb_logs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-aws.firewall_logs:
index_sorting: False
index_template:
index_patterns:
- "logs-aws.firewall_logs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-aws.firewall_logs@package"
- "logs-aws.firewall_logs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-aws.route53_public_logs:
index_sorting: False
index_template:
index_patterns:
- "logs-aws.route53_public_logs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-aws.route53_public_logs@package"
- "logs-aws.route53_public_logs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-aws.route53.resolver_logs:
index_sorting: False
index_template:
index_patterns:
- "logs-aws.route53.resolver_logs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-aws.route53.resolver_logs@package"
- "logs-aws.route53.resolver_logs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-aws.s3access:
index_sorting: False
index_template:
index_patterns:
- "logs-aws.s3access-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-aws.s3access@package"
- "logs-aws.s3access@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-aws.vpcflow:
index_sorting: False
index_template:
index_patterns:
- "logs-aws.vpcflow-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-aws.vpcflow@package"
- "logs-aws.vpcflow@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-aws.waf:
index_sorting: False
index_template:
index_patterns:
- "logs-aws.waf-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-aws.waf@package"
- "logs-aws.waf@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-azure.activitylogs:
index_sorting: False
index_template:
index_patterns:
- "logs-azure.activitylogs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-azure.activitylogs@package"
- "logs-azure.activitylogs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-azure.application_gateway:
index_sorting: False
index_template:
index_patterns:
- "logs-azure.application_gateway-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-azure.application_gateway@package"
- "logs-azure.application_gateway@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-azure.auditlogs:
index_sorting: False
index_template:
index_patterns:
- "logs-azure.auditlogs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-azure.auditlogs@package"
- "logs-azure.auditlogs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-azure.eventhub:
index_sorting: False
index_template:
index_patterns:
- "logs-azure.eventhub-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-azure.eventhub@package"
- "logs-azure.eventhub@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-azure.firewall_logs:
index_sorting: False
index_template:
index_patterns:
- "logs-azure.firewall_logs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-azure.firewall_logs@package"
- "logs-azure.firewall_logs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-azure.identity_protect:
index_sorting: False
index_template:
index_patterns:
- "logs-azure.identity_protect-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-azure.identity_protect@package"
- "logs-azure.identity_protect@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-azure.platformlogs:
index_sorting: False
index_template:
index_patterns:
- "logs-azure.platformlogs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-azure.platformlogs@package"
- "logs-azure.platformlogs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-azure.provisioning:
index_sorting: False
index_template:
index_patterns:
- "logs-azure.provisioning-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-azure.provisioning@package"
- "logs-azure.provisioning@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-azure.signinlogs:
index_sorting: False
index_template:
index_patterns:
- "logs-azure.signinlogs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-azure.signinlogs@package"
- "logs-azure.signinlogs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-azure.springcloudlogs:
index_sorting: False
index_template:
index_patterns:
- "logs-azure.springcloudlogs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-azure.springcloudlogs@package"
- "logs-azure.springcloudlogs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-cloudflare-audit:
index_sorting: False
index_template:
index_patterns:
- "logs-cloudflare-audit-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-cloudflare-audit@package"
- "logs-cloudflare-audit@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-cloudflare-logpull:
index_sorting: False
index_template:
index_patterns:
- "logs-cloudflare-logpull-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-cloudflare-logpull@package"
- "logs-cloudflare-logpull@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-fim.event:
index_sorting: False
index_template:
index_patterns:
- "logs-fim.event-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-fim.event@package"
- "logs-fim.event@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-github.audit:
index_sorting: False
index_template:
index_patterns:
- "logs-github.audit-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-github.audit@package"
- "logs-github.audit@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-github.code_scanning:
index_sorting: False
index_template:
index_patterns:
- "logs-github.code_scanning-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-github.code_scanning@package"
- "logs-github.code_scanning@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-github.dependabot:
index_sorting: False
index_template:
index_patterns:
- "logs-github.dependabot-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-github.dependabot@package"
- "logs-github.dependabot@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-github.issues:
index_sorting: False
index_template:
index_patterns:
- "logs-github.issues-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-github.issues@package"
- "logs-github.issues@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-github.secret_scanning:
index_sorting: False
index_template:
index_patterns:
- "logs-github.secret_scanning-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-github.secret_scanning@package"
- "logs-github.secret_scanning@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-google_workspace_transparency:
index_sorting: False
index_template:
index_patterns:
- "logs-google_workspace_transparency-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-google_workspace_transparency@package"
- "logs-google_workspace_transparency@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-google_workspace.admin:
index_sorting: False
index_template:
index_patterns:
- "logs-google_workspace.admin-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-google_workspace.admin@package"
- "logs-google_workspace.admin@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-google_workspace.alert:
index_sorting: False
index_template:
index_patterns:
- "logs-google_workspace.alert-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-google_workspace.alert@package"
- "logs-google_workspace.alert@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-google_workspace.context_aware_access:
index_sorting: False
index_template:
index_patterns:
- "logs-google_workspace.context_aware_access-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-google_workspace.context_aware_access@package"
- "logs-google_workspace.context_aware_access@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-google_workspace.device:
index_sorting: False
index_template:
index_patterns:
- "logs-google_workspace.device-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-google_workspace.device@package"
- "logs-google_workspace.device@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-google_workspace.drive:
index_sorting: False
index_template:
index_patterns:
- "logs-google_workspace.drive-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-google_workspace.drive@package"
- "logs-google_workspace.drive@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-google_workspace.gcp:
index_sorting: False
index_template:
index_patterns:
- "logs-google_workspace.gcp-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-google_workspace.gcp@package"
- "logs-google_workspace.gcp@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-google_workspace.group_enterprise:
index_sorting: False
index_template:
index_patterns:
- "logs-google_workspace.group_enterprise-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-google_workspace.group_enterprise@package"
- "logs-google_workspace.group_enterprise@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-google_workspace.groups:
index_sorting: False
index_template:
index_patterns:
- "logs-google_workspace.groups-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-google_workspace.groups@package"
- "logs-google_workspace.groups@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-google_workspace.login:
index_sorting: False
index_template:
index_patterns:
- "logs-google_workspace.login-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-google_workspace.login@package"
- "logs-google_workspace.login@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-google_workspace.rules:
index_sorting: False
index_template:
index_patterns:
- "logs-google_workspace.rules-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-google_workspace.rules@package"
- "logs-google_workspace.rules@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-google_workspace.saml:
index_sorting: False
index_template:
index_patterns:
- "logs-google_workspace.saml-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-google_workspace.saml@package"
- "logs-google_workspace.saml@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-google_workspace.token:
index_sorting: False
index_template:
index_patterns:
- "logs-google_workspace.token-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-google_workspace.token@package"
- "logs-google_workspace.token@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-google_workspace.user_accounts:
index_sorting: False
index_template:
index_patterns:
- "logs-google_workspace.user_accounts-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-google_workspace.user_accounts@package"
- "logs-google_workspace.user_accounts@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-1password.item_usages:
index_sorting: False
index_template:
index_patterns:
- "logs-1password.item_usages-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-1password.item_usages@package"
- "logs-1password.item_usages@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-1password.signin_attempts:
index_sorting: False
index_template:
index_patterns:
- "logs-1password.signin_attempts-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-1password.signin_attempts@package"
- "logs-1password.signin_attempts@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-osquery-manager-actions: so-logs-osquery-manager-actions:
index_sorting: False index_sorting: False
index_template: index_template: