CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #505 from Security-Onion-Solutions/strelka-sensor

Browse Source 
Strelka sensor
This commit is contained in:
weslambert
2020-04-02 16:04:35 -04:00
committed by GitHub
parent be8398387e 9a082725d1
commit 7cefc218c4
2 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
salt/filebeat/etc/filebeat.yml
View File

@@ -179,7 +179,8 @@ filebeat.inputs:
close_removed: false
{%- endif %}
#----------------------------- Logstash output ---------------------------------
#----------------------------- Elasticsearch/Logstash output ---------------------------------
{%- if grains['role'] == "so-eval" %}
output.elasticsearch:
enabled: true
hosts: ["{{ MASTER }}:9200"]
@@ -202,12 +203,15 @@ output.elasticsearch:
when.contains:
module: "strelka"
#output.logstash:
setup.template.enabled: false
{%- else %}
output.logstash:
# Boolean flag to enable or disable the output module.
#enabled: true
enabled: true
# The Logstash hosts
#hosts: ["{{ MASTER }}:5644"]
hosts: ["{{ MASTER }}:5644"]
# Number of workers per Logstash host.
#worker: 1
@@ -222,21 +226,21 @@ output.elasticsearch:
# and certificates will be accepted. In this mode, SSL based connections are
# susceptible to man-in-the-middle attacks. Use only for testing. Default is
# `full`.
#ssl.verification_mode: full
ssl.verification_mode: full
# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
# Optional SSL configuration options. SSL is off by default.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/usr/share/filebeat/intraca.crt"]
ssl.certificate_authorities: ["/usr/share/filebeat/intraca.crt"]
# Certificate for SSL client authentication
#ssl.certificate: "/usr/share/filebeat/filebeat.crt"
ssl.certificate: "/usr/share/filebeat/filebeat.crt"
# Client Certificate Key
#ssl.key: "/usr/share/filebeat/filebeat.key"
ssl.key: "/usr/share/filebeat/filebeat.key"
setup.template.enabled: false
# A dictionary of settings to place into the settings.index dictionary
@@ -251,7 +255,7 @@ setup.template.enabled: false
# https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-source-field.html
#_source:
#enabled: false
{%- endif %}
#============================== Kibana =====================================
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.

3
salt/top.sls
View File

@@ -42,6 +42,9 @@ base:
- zeek
{%- endif %}
- wazuh
{%- if STRELKA %}
- strelka
{%- endif %}
- filebeat
{%- if FLEETMASTER or FLEETNODE %}
- fleet.install_package