CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-19 07:23:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11008 from Security-Onion-Solutions/fix/esanno

Browse Source 
Fix/esanno
This commit is contained in:
Josh Patterson
2023-08-10 11:32:14 -04:00
committed by GitHub
parent 2680a50927 4d497022db
commit 732d2605a7
4 changed files with 234 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
salt/elasticsearch/defaults.yaml
View File

@@ -113,7 +113,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-system.auth: so-logs-system_x_auth:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -132,7 +132,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-system.syslog: so-logs-system_x_syslog:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -151,7 +151,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-system.system: so-logs-system_x_system:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -170,7 +170,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-system.application: so-logs-system_x_application:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -189,7 +189,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-system.security: so-logs-system_x_security:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -208,7 +208,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-windows.forwarded: so-logs-windows_x_forwarded:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -226,7 +226,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-windows.powershell: so-logs-windows_x_powershell:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -244,7 +244,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-windows.powershell_operational: so-logs-windows_x_powershell_operational:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -262,7 +262,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-windows.sysmon_operational: so-logs-windows_x_sysmon_operational:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -280,7 +280,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-aws.cloudtrail: so-logs-aws_x_cloudtrail:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -298,7 +298,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-aws.cloudwatch_logs: so-logs-aws_x_cloudwatch_logs:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -316,7 +316,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-aws.ec2_logs: so-logs-aws_x_ec2_logs:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -334,7 +334,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-aws.elb_logs: so-logs-aws_x_elb_logs:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -352,7 +352,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-aws.firewall_logs: so-logs-aws_x_firewall_logs:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -370,7 +370,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-aws.route53_public_logs: so-logs-aws_x_route53_public_logs:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -388,7 +388,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-aws.route53_resolver_logs: so-logs-aws_x_route53_resolver_logs:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -406,7 +406,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-aws.s3access: so-logs-aws_x_s3access:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -424,7 +424,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-aws.vpcflow: so-logs-aws_x_vpcflow:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -442,7 +442,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-aws.waf: so-logs-aws_x_waf:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -460,7 +460,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-azure.activitylogs: so-logs-azure_x_activitylogs:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -478,7 +478,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-azure.application_gateway: so-logs-azure_x_application_gateway:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -496,7 +496,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-azure.auditlogs: so-logs-azure_x_auditlogs:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -514,7 +514,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-azure.eventhub: so-logs-azure_x_eventhub:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -532,7 +532,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-azure.firewall_logs: so-logs-azure_x_firewall_logs:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -550,7 +550,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-azure.identity_protection: so-logs-azure_x_identity_protection:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -568,7 +568,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-azure.platformlogs: so-logs-azure_x_platformlogs:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -586,7 +586,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-azure.provisioning: so-logs-azure_x_provisioning:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -604,7 +604,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-azure.signinlogs: so-logs-azure_x_signinlogs:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -622,7 +622,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-azure.springcloudlogs: so-logs-azure_x_springcloudlogs:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -640,7 +640,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-cloudflare.audit: so-logs-cloudflare_x_audit:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -658,7 +658,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-cloudflare.logpull: so-logs-cloudflare_x_logpull:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -676,7 +676,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-fim.event: so-logs-fim_x_event:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -694,7 +694,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-github.audit: so-logs-github_x_audit:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -712,7 +712,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-github.code_scanning: so-logs-github_x_code_scanning:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -730,7 +730,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-github.dependabot: so-logs-github_x_dependabot:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -748,7 +748,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-github.issues: so-logs-github_x_issues:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -766,7 +766,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-github.secret_scanning: so-logs-github_x_secret_scanning:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -784,7 +784,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-google_workspace.access_transparency: so-logs-google_workspace_x_access_transparency:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -802,7 +802,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-google_workspace.admin: so-logs-google_workspace_x_admin:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -820,7 +820,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-google_workspace.alert: so-logs-google_workspace_x_alert:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -838,7 +838,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-google_workspace.context_aware_access: so-logs-google_workspace_x_context_aware_access:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -856,7 +856,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-google_workspace.device: so-logs-google_workspace_x_device:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -874,7 +874,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-google_workspace.drive: so-logs-google_workspace_x_drive:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -892,7 +892,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-google_workspace.gcp: so-logs-google_workspace_x_gcp:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -910,7 +910,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-google_workspace.group_enterprise: so-logs-google_workspace_x_group_enterprise:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -928,7 +928,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-google_workspace.groups: so-logs-google_workspace_x_groups:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -946,7 +946,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-google_workspace.login: so-logs-google_workspace_x_login:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -964,7 +964,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-google_workspace.rules: so-logs-google_workspace_x_rules:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -982,7 +982,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-google_workspace.saml: so-logs-google_workspace_x_saml:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1000,7 +1000,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-google_workspace.token: so-logs-google_workspace_x_token:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1018,7 +1018,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-google_workspace.user_accounts: so-logs-google_workspace_x_user_accounts:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1036,7 +1036,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-1password.item_usages: so-logs-1password_x_item_usages:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1054,7 +1054,7 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-1password.signin_attempts: so-logs-1password_x_signin_attempts:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1089,7 +1089,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-osquery-manager-action.responses: so-logs-osquery-manager-action_x_responses:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1106,7 +1106,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-elastic_agent.apm_server: so-logs-elastic_agent_x_apm_server:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1160,7 +1160,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-elastic_agent.auditbeat: so-logs-elastic_agent_x_auditbeat:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1214,7 +1214,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-elastic_agent.cloudbeat: so-logs-elastic_agent_x_cloudbeat:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1265,7 +1265,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-elastic_agent.endpoint_security: so-logs-elastic_agent_x_endpoint_security:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1314,7 +1314,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-endpoint.alerts: so-logs-endpoint_x_alerts:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1363,7 +1363,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-endpoint.events.api: so-logs-endpoint_x_events_x_api:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1412,7 +1412,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-endpoint.events.file: so-logs-endpoint_x_events_x_file:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1461,7 +1461,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-endpoint.events.library: so-logs-endpoint_x_events_x_library:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1510,7 +1510,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-endpoint.events.network: so-logs-endpoint_x_events_x_network:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1559,7 +1559,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-endpoint.events.process: so-logs-endpoint_x_events_x_process:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1608,7 +1608,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-endpoint.events.registry: so-logs-endpoint_x_events_x_registry:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1657,7 +1657,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-endpoint.events.security: so-logs-endpoint_x_events_x_security:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1706,7 +1706,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-elastic_agent.filebeat: so-logs-elastic_agent_x_filebeat:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1755,7 +1755,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-elastic_agent.fleet_server: so-logs-elastic_agent_x_fleet_server:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1801,7 +1801,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-elastic_agent.heartbeat: so-logs-elastic_agent_x_heartbeat:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1907,7 +1907,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-elastic_agent.metricbeat: so-logs-elastic_agent_x_metricbeat:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -1956,7 +1956,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-elastic_agent.osquerybeat: so-logs-elastic_agent_x_osquerybeat:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:
@@ -2005,7 +2005,7 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-elastic_agent.packetbeat: so-logs-elastic_agent_x_packetbeat:
index_sorting: False index_sorting: False
index_template: index_template:
index_patterns: index_patterns:

181
salt/elasticsearch/soc_elasticsearch.yaml
View File

@@ -46,28 +46,26 @@ elasticsearch:
description: Max number of boolean clauses per query. description: Max number of boolean clauses per query.
global: True global: True
helpLink: elasticsearch.html helpLink: elasticsearch.html
index_settings: index_settings:
so-elasticsearch: &indexSettings so-logs: &indexSettings
warm:
description: Age (in days) of this index before it will move to warm storage, if warm nodes are present. Once moved, events on this index can take longer to fetch.
global: True
helpLink: elasticsearch.html
close:
description: Age (in days) of this index before it will be closed. Once closed, events on this index cannot be retrieved without first re-opening the index.
global: True
helpLink: elasticsearch.html
delete:
description: Age (in days) of this index before it will be deleted. Once deleted, events are permanently unrecoverable.
global: True
helpLink: elasticsearch.html
index_sorting: index_sorting:
description: Sorts the index by event time, at the cost of additional processing resource consumption. description: Sorts the index by event time, at the cost of additional processing resource consumption.
global: True global: True
helpLink: elasticsearch.html helpLink: elasticsearch.html
index_template: index_template:
index_patterns:
description: Patterns for matching multiple indices or tables.
forceType: "[]string"
multiline: True
global: True
helpLink: elasticsearch.html
template: template:
settings: settings:
index: index:
number_of_replicas:
description: Number of replicas required for this index. Multiple replicas protects against data loss, but also increases storage costs.
global: True
helpLink: elasticsearch.html
mapping: mapping:
total_fields: total_fields:
limit: limit:
@@ -75,17 +73,59 @@ elasticsearch:
global: True global: True
helpLink: elasticsearch.html helpLink: elasticsearch.html
refresh_interval: refresh_interval:
description: Seconds between index refreshes. Shorter intervals can cause query performance to suffer since this is a synchronous and resource-intensive operation. description: Seconds between index refreshes. Shorter intervals can cause query performance to suffer since this is a synchronous and resource-intensive operation.
global: True global: True
helpLink: elasticsearch.html helpLink: elasticsearch.html
number_of_shards: number_of_shards:
description: Number of shards required for this index. Using multiple shards increases fault tolerance, but also increases storage and network costs. description: Number of shards required for this index. Using multiple shards increases fault tolerance, but also increases storage and network costs.
global: True
helpLink: elasticsearch.html
sort:
field:
description: The field to sort by. Must set index_sorting to True.
global: True global: True
helpLink: elasticsearch.html helpLink: elasticsearch.html
number_of_replicas: order:
description: Number of replicas required for this index. Multiple replicas protects against data loss, but also increases storage costs. description: The order to sort by. Must set index_sorting to True.
global: True global: True
helpLink: elasticsearch.html helpLink: elasticsearch.html
mappings:
_meta:
package:
name:
description: Meta settings for the mapping.
global: True
helpLink: elasticsearch.html
managed_by:
description: Meta settings for the mapping.
global: True
helpLink: elasticsearch.html
managed:
description: Meta settings for the mapping.
forcedType: bool
global: True
helpLink: elasticsearch.html
composed_of:
description: The index template is composed of these component templates.
forcedType: "[]string"
global: True
helpLink: elasticsearch.html
priority:
description: The priority of the index template.
forcedType: int
global: True
helpLink: elasticsearch.html
data_stream:
hidden:
description: Hide the data stream.
forcedType: bool
global: True
helpLink: elasticsearch.html
allow_custom_routing:
description: Allow custom routing for the data stream.
forcedType: bool
global: True
helpLink: elasticsearch.html
policy: policy:
phases: phases:
hot: hot:
@@ -97,6 +137,7 @@ elasticsearch:
set_priority: set_priority:
priority: priority:
description: Priority of index. This is used for recovery after a node restart. Indices with higher priorities are recovered before indices with lower priorities. description: Priority of index. This is used for recovery after a node restart. Indices with higher priorities are recovered before indices with lower priorities.
forcedType: int
global: True global: True
helpLink: elasticsearch.html helpLink: elasticsearch.html
rollover: rollover:
@@ -117,19 +158,111 @@ elasticsearch:
set_priority: set_priority:
priority: priority:
description: Used for index recovery after a node restart. Indices with higher priorities are recovered before indices with lower priorities. description: Used for index recovery after a node restart. Indices with higher priorities are recovered before indices with lower priorities.
forcedType: int
global: True global: True
helpLink: elasticsearch.html helpLink: elasticsearch.html
delete: delete:
min_age: min_age:
description: Minimum age of index. This determines when the index should be deleted. description: Minimum age of index. This determines when the index should be deleted.
global: True global: True
helpLink: elastic helpLink: elasticsearch.html
_meta:
package:
name:
description: Meta settings for the mapping.
global: True
helpLink: elasticsearch.html
managed_by:
description: Meta settings for the mapping.
global: True
helpLink: elasticsearch.html
managed:
description: Meta settings for the mapping.
forcedType: bool
global: True
helpLink: elasticsearch.html
so-logs-system_x_auth: *indexSettings
so-logs-system_x_syslog: *indexSettings
so-logs-system_x_system: *indexSettings
so-logs-system_x_application: *indexSettings
so-logs-system_x_security: *indexSettings
so-logs-windows_x_forwarded: *indexSettings
so-logs-windows_x_powershell: *indexSettings
so-logs-windows_x_powershell_operational: *indexSettings
so-logs-windows_x_sysmon_operational: *indexSettings
so-logs-aws_x_cloudtrail: *indexSettings
so-logs-aws_x_cloudwatch_logs: *indexSettings
so-logs-aws_x_ec2_logs: *indexSettings
so-logs-aws_x_elb_logs: *indexSettings
so-logs-aws_x_firewall_logs: *indexSettings
so-logs-aws_x_route53_public_logs: *indexSettings
so-logs-aws_x_route53_resolver_logs: *indexSettings
so-logs-aws_x_s3access: *indexSettings
so-logs-aws_x_vpcflow: *indexSettings
so-logs-aws_x_waf: *indexSettings
so-logs-azure_x_activitylogs: *indexSettings
so-logs-azure_x_application_gateway: *indexSettings
so-logs-azure_x_auditlogs: *indexSettings
so-logs-azure_x_eventhub: *indexSettings
so-logs-azure_x_firewall_logs: *indexSettings
so-logs-azure_x_identity_protection: *indexSettings
so-logs-azure_x_platformlogs: *indexSettings
so-logs-azure_x_provisioning: *indexSettings
so-logs-azure_x_signinlogs: *indexSettings
so-logs-azure_x_springcloudlogs: *indexSettings
so-logs-cloudflare_x_audit: *indexSettings
so-logs-cloudflare_x_logpull: *indexSettings
so-logs-fim_x_event: *indexSettings
so-logs-github_x_audit: *indexSettings
so-logs-github_x_code_scanning: *indexSettings
so-logs-github_x_dependabot: *indexSettings
so-logs-github_x_issues: *indexSettings
so-logs-github_x_secret_scanning: *indexSettings
so-logs-google_workspace_x_access_transparency: *indexSettings
so-logs-google_workspace_x_admin: *indexSettings
so-logs-google_workspace_x_alert: *indexSettings
so-logs-google_workspace_x_context_aware_access: *indexSettings
so-logs-google_workspace_x_device: *indexSettings
so-logs-google_workspace_x_drive: *indexSettings
so-logs-google_workspace_x_gcp: *indexSettings
so-logs-google_workspace_x_group_enterprise: *indexSettings
so-logs-google_workspace_x_groups: *indexSettings
so-logs-google_workspace_x_login: *indexSettings
so-logs-google_workspace_x_rules: *indexSettings
so-logs-google_workspace_x_saml: *indexSettings
so-logs-google_workspace_x_token: *indexSettings
so-logs-google_workspace_x_user_accounts: *indexSettings
so-logs-1password_x_item_usages: *indexSettings
so-logs-1password_x_signin_attempts: *indexSettings
so-logs-osquery-manager-actions: *indexSettings
so-logs-osquery-manager-action_x_responses: *indexSettings
so-logs-elastic_agent_x_apm_server: *indexSettings
so-logs-elastic_agent_x_auditbeat: *indexSettings
so-logs-elastic_agent_x_cloudbeat: *indexSettings
so-logs-elastic_agent_x_endpoint_security: *indexSettings
so-logs-endpoint_x_alerts: *indexSettings
so-logs-endpoint_x_events_x_api: *indexSettings
so-logs-endpoint_x_events_x_file: *indexSettings
so-logs-endpoint_x_events_x_library: *indexSettings
so-logs-endpoint_x_events_x_network: *indexSettings
so-logs-endpoint_x_events_x_process: *indexSettings
so-logs-endpoint_x_events_x_registry: *indexSettings
so-logs-endpoint_x_events_x_security: *indexSettings
so-logs-elastic_agent_x_filebeat: *indexSettings
so-logs-elastic_agent_x_fleet_server: *indexSettings
so-logs-elastic_agent_x_heartbeat: *indexSettings
so-logs-elastic_agent: *indexSettings
so-logs-elastic_agent_x_metricbeat: *indexSettings
so-logs-elastic_agent_x_osquerybeat: *indexSettings
so-logs-elastic_agent_x_packetbeat: *indexSettings
so-case: *indexSettings
so-common: *indexSettings
so-endgame: *indexSettings so-endgame: *indexSettings
so-firewall: *indexSettings so-idh: *indexSettings
so-suricata: *indexSettings
so-import: *indexSettings so-import: *indexSettings
so-kibana: *indexSettings so-kratos: *indexSettings
so-logstash: *indexSettings so-logstash: *indexSettings
so-osquery: *indexSettings
so-redis: *indexSettings so-redis: *indexSettings
so-strelka: *indexSettings so-strelka: *indexSettings
so-syslog: *indexSettings so-syslog: *indexSettings

6
salt/elasticsearch/template.map.jinja
View File

@@ -1,9 +1,11 @@
{% import_yaml 'elasticsearch/defaults.yaml' as ELASTICSEARCHDEFAULTS with context %} {% import_yaml 'elasticsearch/defaults.yaml' as ELASTICSEARCHDEFAULTS with context %}
{%- set ES_INDEX_SETTINGS = salt['pillar.get']('elasticsearch:index_settings', default=ELASTICSEARCHDEFAULTS.elasticsearch.index_settings, merge=True) %} {%- set ES_INDEX_SETTINGS_ORIG = salt['pillar.get']('elasticsearch:index_settings', default=ELASTICSEARCHDEFAULTS.elasticsearch.index_settings, merge=True) %}
{% for index, settings in ES_INDEX_SETTINGS.items() %} {% set ES_INDEX_SETTINGS = {} %}
{% for index, settings in ES_INDEX_SETTINGS_ORIG.items() %}
{% if settings.index_template is defined %} {% if settings.index_template is defined %}
{% if not settings.get('index_sorting', False) | to_bool and settings.index_template.template.settings.index.sort is defined %} {% if not settings.get('index_sorting', False) | to_bool and settings.index_template.template.settings.index.sort is defined %}
{% do settings.index_template.template.settings.index.pop('sort') %} {% do settings.index_template.template.settings.index.pop('sort') %}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% do ES_INDEX_SETTINGS.update({index | replace("_x_", "."): ES_INDEX_SETTINGS_ORIG[index]}) %}
{% endfor %} {% endfor %}

3
salt/elasticsearch/tools/sbin_jinja/so-elasticsearch-ilm-policy-load
View File

@@ -6,8 +6,7 @@
. /usr/sbin/so-common . /usr/sbin/so-common
{%- import_yaml 'elasticsearch/defaults.yaml' as ELASTICSEARCHDEFAULTS %} {%- from 'elasticsearch/template.map.jinja' import ES_INDEX_SETTINGS %}
{%- set ES_INDEX_SETTINGS = salt['pillar.get']('elasticsearch:index_settings', default=ELASTICSEARCHDEFAULTS.elasticsearch.index_settings, merge=True) %}
{%- for index, settings in ES_INDEX_SETTINGS.items() %} {%- for index, settings in ES_INDEX_SETTINGS.items() %}
{%- if settings.policy is defined %} {%- if settings.policy is defined %}