From 68a667ee7cb6de7c8e829939f9e4042c5cc63890 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 12 May 2021 15:31:19 -0400 Subject: [PATCH] Add thirfpartydefaults.yml --- ...efaults.yml => securityoniondefaults.yaml} | 0 salt/filebeat/thirdpartydefaults.yaml | 275 ++++++++++++++++++ 2 files changed, 275 insertions(+) rename salt/filebeat/{thirdpartydefaults.yml => securityoniondefaults.yaml} (100%) create mode 100644 salt/filebeat/thirdpartydefaults.yaml diff --git a/salt/filebeat/thirdpartydefaults.yml b/salt/filebeat/securityoniondefaults.yaml similarity index 100% rename from salt/filebeat/thirdpartydefaults.yml rename to salt/filebeat/securityoniondefaults.yaml diff --git a/salt/filebeat/thirdpartydefaults.yaml b/salt/filebeat/thirdpartydefaults.yaml new file mode 100644 index 000000000..027ec4595 --- /dev/null +++ b/salt/filebeat/thirdpartydefaults.yaml @@ -0,0 +1,275 @@ +third_party_filebeat: + modules: + aws: + cloudtrail: + enabled: false + cloudwatch: + enabled: false + ec2: + enabled: false + elb: + enabled: false + s3access: + enabled: false + vpcflow: + enabled: false + azure: + activitylogs: + enabled: false + platformlogs: + enabled: false + auditlogs: + enabled: false + signinlogs: + enabled: false + barracuda: + waf: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9503 + spamfirewall: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9524 + bluecoat: + director: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9505 + cef: + log: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9003 + checkpoint: + firewall: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9505 + cisco: + asa: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9001 + ftd: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9003 + ios: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9002 + nexus: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9506 + meraki: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9525 + umbrella: + enabled: false + amp: + enabled: false + cyberark: + corepas: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9527 + cylance: + protect: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9508 + f5: + bigipapm: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9504 + bigipafm: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9528 + fortinet: + firewall: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9004 + clientendpoint: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9510 + fortimail: + enabled: false + var.input: udp + var.syslog_port: 9350 + gcp: + vpcflow: + enabled: false + firewall: + enabled: false + audit: + enabled: false + google_workspace: + saml: + enabled: false + user_accounts: + enabled: false + login: + enabled: false + admin: + enabled: false + drive: + enabled: false + groups: + enabled: false + imperva: + securesphere: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9511 + infoblox: + nios: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9512 + juniper: + junos: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9513 + netscreen: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9523 + srx: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9006 + microsoft: + defender_atp: + enabled: false + m365_defender: + enabled: false + dhcp: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9515 + misp: + threat: + enabled: false + netflow: + log: + enabled: false + var.netflow_host: 0.0.0.0 + var.netflow_port: 2055 + var.internal_networks: + - private + netscout: + sightline: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9502 + o365: + audit: + enabled: false + okta: + enabled: false + pesando: + dfw: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9001 + proofpoint: + emailsecurity: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9531 + radware: + defensepro: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9518 + snort: + log: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9532 + snyk: + audit: + enabled: false + vulnerabilities: + enabled: false + sonicwall: + firewall: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9519 + sophos: + xg: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9005 + utm: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9533 + squid: + log: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9520 + threatintel: + abuseurl: + enabled: false + abusemalware: + enabled: false + misp: + enabled: false + otx: + enabled: false + anomali: + enabled: false + tomcat: + log: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9501 + zscaler: + zia: + enabled: false + var.input: udp + var.syslog_host: 0.0.0.0 + var.syslog_port: 9521