From 3f9678056d537621898f046efe67867502d50a61 Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 12 Jan 2024 16:42:32 -0500 Subject: [PATCH 1/3] OTX pulses template --- salt/elasticsearch/defaults.yaml | 44 ++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index b773c7b36..45b4b7d94 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -8414,6 +8414,50 @@ elasticsearch: set_priority: priority: 50 min_age: 30d + so-logs-ti_otx_x_pulses_subscribed: + index_sorting: false + index_template: + composed_of: + - logs-ti_otx.pulses_subscribed@package + - logs-ti_otx.pulses_subscribed@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + allow_custom_routing: false + hidden: false + index_patterns: + - logs-ti_otx.pulses_subscribed-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-ti_otx.pulses_subscribed-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d so-logs-ti_otx_x_threat: index_sorting: false index_template: From a07e6e1058d91b9725662db173892eecd90c2070 Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 12 Jan 2024 16:43:33 -0500 Subject: [PATCH 2/3] OTX pulses --- salt/elasticsearch/soc_elasticsearch.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/elasticsearch/soc_elasticsearch.yaml b/salt/elasticsearch/soc_elasticsearch.yaml index 40ba5673d..ef97db8d3 100644 --- a/salt/elasticsearch/soc_elasticsearch.yaml +++ b/salt/elasticsearch/soc_elasticsearch.yaml @@ -431,6 +431,7 @@ elasticsearch: so-logs-ti_misp_x_threat: *indexSettings so-logs-ti_misp_x_threat_attributes: *indexSettings so-logs-ti_otx_x_threat: *indexSettings + so-logs-ti_otx_x_pulses_subscribed: *indexSettings so-logs-ti_recordedfuture_x_latest_ioc-template: *indexSettings so-logs-ti_recordedfuture_x_threat: *indexSettings so-logs-ti_threatq_x_threat: *indexSettings From 252c51dafbebf6b645287ccb36edf2213b965b11 Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 12 Jan 2024 16:45:18 -0500 Subject: [PATCH 3/3] Change order of names --- salt/elasticsearch/soc_elasticsearch.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/soc_elasticsearch.yaml b/salt/elasticsearch/soc_elasticsearch.yaml index ef97db8d3..d66312a01 100644 --- a/salt/elasticsearch/soc_elasticsearch.yaml +++ b/salt/elasticsearch/soc_elasticsearch.yaml @@ -430,8 +430,8 @@ elasticsearch: so-logs-ti_cybersixgill_x_threat: *indexSettings so-logs-ti_misp_x_threat: *indexSettings so-logs-ti_misp_x_threat_attributes: *indexSettings - so-logs-ti_otx_x_threat: *indexSettings so-logs-ti_otx_x_pulses_subscribed: *indexSettings + so-logs-ti_otx_x_threat: *indexSettings so-logs-ti_recordedfuture_x_latest_ioc-template: *indexSettings so-logs-ti_recordedfuture_x_threat: *indexSettings so-logs-ti_threatq_x_threat: *indexSettings