CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/2.4/dev' into salt3006.1

Browse Source
This commit is contained in:
m0duspwnens
2023-05-16 13:08:28 -04:00
parent acc7619023 8101171c97
commit 6aff526d9e
4 changed files with 41 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
salt/elasticfleet/files/integrations/endpoints-initial/system-endpoints.json
View File

@@ -1,11 +1,11 @@
{ {
"policy_id": "endpoints-initial",
"package": { "package": {
"name": "system", "name": "system",
"version": "" "version": ""
}, },
"name": "system-endpoints", "name": "system-endpoints",
"namespace": "default", "namespace": "default",
"policy_id": "endpoints-initial",
"inputs": { "inputs": {
"system-logfile": { "system-logfile": {
"enabled": true, "enabled": true,
@@ -13,14 +13,9 @@
"system.auth": { "system.auth": {
"enabled": true, "enabled": true,
"vars": { "vars": {
"ignore_older": "72h",
"paths": [ "paths": [
"/var/log/auth.log*", "/var/log/auth.log*",
"/var/log/secure*" "/var/log/secure*"
],
"preserve_original_event": false,
"tags": [
"system-auth"
] ]
} }
}, },
@@ -30,40 +25,26 @@
"paths": [ "paths": [
"/var/log/messages*", "/var/log/messages*",
"/var/log/syslog*" "/var/log/syslog*"
], ]
"tags": [],
"ignore_older": "72h"
} }
} }
} }
}, },
"system-winlog": { "system-winlog": {
"enabled": true, "enabled": true,
"vars": {
"preserve_original_event": false
},
"streams": { "streams": {
"system.application": { "system.application": {
"enabled": true, "enabled": true,
"vars": { "vars": {
"preserve_original_event": false,
"ignore_older": "72h",
"language": 0,
"tags": [] "tags": []
} }
}, },
"system.security": { "system.security": {
"enabled": true, "enabled": true,
"vars": { "vars": {
"preserve_original_event": false,
"ignore_older": "72h",
"language": 0,
"tags": []
}
},
"system.system": {
"enabled": true,
"vars": {
"preserve_original_event": false,
"ignore_older": "72h",
"language": 0,
"tags": [] "tags": []
} }
} }

48
salt/elasticfleet/files/integrations/endpoints-initial/windows-endpoints.json
View File

@@ -1,11 +1,12 @@
{ {
"policy_id": "endpoints-initial",
"package": { "package": {
"name": "windows", "name": "windows",
"version": "" "version": ""
}, },
"name": "windows-endpoints", "name": "windows-endpoints",
"description": "",
"namespace": "default", "namespace": "default",
"policy_id": "endpoints-initial",
"inputs": { "inputs": {
"windows-winlog": { "windows-winlog": {
"enabled": true, "enabled": true,
@@ -13,47 +14,54 @@
"windows.forwarded": { "windows.forwarded": {
"enabled": true, "enabled": true,
"vars": { "vars": {
"preserve_original_event": false,
"ignore_older": "72h",
"language": 0,
"tags": [ "tags": [
"forwarded" "forwarded"
] ],
"preserve_original_event": false
} }
}, },
"windows.powershell": { "windows.powershell": {
"enabled": true, "enabled": true,
"vars": { "vars": {
"preserve_original_event": false, "tags": [],
"event_id": "400, 403, 600, 800", "preserve_original_event": false
"ignore_older": "72h",
"language": 0,
"tags": []
} }
}, },
"windows.powershell_operational": { "windows.powershell_operational": {
"enabled": true, "enabled": true,
"vars": { "vars": {
"preserve_original_event": false, "tags": [],
"event_id": "4103, 4104, 4105, 4106", "preserve_original_event": false
"ignore_older": "72h",
"language": 0,
"tags": []
} }
}, },
"windows.sysmon_operational": { "windows.sysmon_operational": {
"enabled": true, "enabled": true,
"vars": { "vars": {
"preserve_original_event": false, "tags": [],
"ignore_older": "72h", "preserve_original_event": false
"language": 0,
"tags": []
} }
} }
} }
}, },
"windows-windows/metrics": { "windows-windows/metrics": {
"enabled": false "enabled": false,
"streams": {
"windows.perfmon": {
"enabled": false,
"vars": {
"perfmon.group_measurements_by_instance": false,
"perfmon.ignore_non_existent_counters": false,
"perfmon.queries": "- object: 'Process'\n instance: [\"*\"]\n counters:\n - name: '% Processor Time'\n field: cpu_perc\n format: \"float\"\n - name: \"Working Set\"\n",
"period": "10s"
}
},
"windows.service": {
"enabled": false,
"vars": {
"period": "60s"
}
}
}
} }
} }
} }

11
salt/elasticfleet/files/integrations/grid-nodes/system-grid-nodes.json
View File

@@ -1,11 +1,11 @@
{ {
"policy_id": "so-grid-nodes",
"package": { "package": {
"name": "system", "name": "system",
"version": "" "version": ""
}, },
"name": "system-grid-nodes", "name": "system-grid-nodes",
"namespace": "default", "namespace": "default",
"policy_id": "so-grid-nodes",
"inputs": { "inputs": {
"system-logfile": { "system-logfile": {
"enabled": true, "enabled": true,
@@ -13,14 +13,9 @@
"system.auth": { "system.auth": {
"enabled": true, "enabled": true,
"vars": { "vars": {
"ignore_older": "72h",
"paths": [ "paths": [
"/var/log/auth.log*", "/var/log/auth.log*",
"/var/log/secure*" "/var/log/secure*"
],
"preserve_original_event": false,
"tags": [
"system-auth"
] ]
} }
}, },
@@ -30,9 +25,7 @@
"paths": [ "paths": [
"/var/log/messages*", "/var/log/messages*",
"/var/log/syslog*" "/var/log/syslog*"
], ]
"tags": [],
"ignore_older": "72h"
} }
} }
} }

3
salt/elasticsearch/ca.sls
View File

@@ -17,10 +17,11 @@ catrustdir:
{% if GLOBALS.is_manager %} {% if GLOBALS.is_manager %}
# We have to add the Manager CA to the CA list # We have to add the Manager CA to the CA list
cascriptsync: catrustscript:
cmd.script: cmd.script:
- source: salt://elasticsearch/tools/sbin_jinja/so-catrust - source: salt://elasticsearch/tools/sbin_jinja/so-catrust
- template: jinja - template: jinja
- cwd: /opt/so
- defaults: - defaults:
GLOBALS: {{ GLOBALS }} GLOBALS: {{ GLOBALS }}
{% endif %} {% endif %}