CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add Elastic Defend Integration

Browse Source
This commit is contained in:
Josh Brower
2023-05-22 16:02:08 -04:00
parent d11479ec5f
commit 766f4dd661
2 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
salt/elasticfleet/files/integrations/endpoints-initial/elastic-defend-endpoints.json Normal file
View File

@@ -0,0 +1,28 @@
{
"name": "elastic-defend-endpoints",
"namespace": "default",
"description": "",
"package": {
"name": "endpoint",
"title": "Elastic Defend",
"version": ""
},
"enabled": true,
"policy_id": "endpoints-initial",
"vars": {},
"inputs": [{
"type": "endpoint",
"enabled": true,
"streams": [],
"config": {
"integration_config": {
"value": {
"type": "endpoint",
"endpointConfig": {
"preset": "DataCollection"
}
}
}
}
}]
}

10
salt/soctopus/files/templates/generic.template
View File

@@ -12,3 +12,13 @@ play_url: "https://{{ GLOBALS.url_base }}/playbook/issues/6000"
kibana_pivot: "https://{{ GLOBALS.url_base }}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))" kibana_pivot: "https://{{ GLOBALS.url_base }}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))"
soc_pivot: "https://{{ GLOBALS.url_base }}/#/hunt" soc_pivot: "https://{{ GLOBALS.url_base }}/#/hunt"
sigma_level: "" sigma_level: ""
index: '.ds-logs-*'
name: EQL
priority: 3
realert:
minutes: 0
type: any
filter:
- query:
query_string: