CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 10:42:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add 'logs-windows-sysmon_operational-delete' for Windows Sysmon operational indices

Browse Source
This commit is contained in:
Wes
2023-03-14 13:51:49 +00:00
parent f0d4c16b2b
commit 766e6a7974
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/curator/files/action/logs-windows-sysmon_operational-default-delete.yaml
View File

@@ -3,19 +3,19 @@
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{%- set DELETE_DAYS = CURATORMERGED['logs-system-auth-default'].delete %}
{%- set DELETE_DAYS = CURATORMERGED['logs-windows-sysmon_operational-default'].delete %}
actions:
1:
action: delete_indices
description: >-
Delete Elastic Agent system auth indices when older than {{ DELETE_DAYS }} days.
Delete Elastic Agent Windows Sysmon operational indices when older than {{ DELETE_DAYS }} days.
options:
ignore_empty_list: True
disable_action: False
filters:
- filtertype: pattern
kind: regex
value: '^(.ds-logs-system.auth-default.*)$'
value: '^(.ds-logs-windows.sysmon_operational-default.*)$'
- filtertype: age
source: name
direction: older