From 000507c3664ad6160ff7f543ecb7cb7d81c3fa2a Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Tue, 16 May 2023 12:50:40 -0400 Subject: [PATCH] Update Integrations --- .../endpoints-initial/system-endpoints.json | 37 ++++---------- .../endpoints-initial/windows-endpoints.json | 48 +++++++++++-------- .../grid-nodes/system-grid-nodes.json | 11 +---- 3 files changed, 39 insertions(+), 57 deletions(-) diff --git a/salt/elasticfleet/files/integrations/endpoints-initial/system-endpoints.json b/salt/elasticfleet/files/integrations/endpoints-initial/system-endpoints.json index 1ba9a3347..a5890794a 100644 --- a/salt/elasticfleet/files/integrations/endpoints-initial/system-endpoints.json +++ b/salt/elasticfleet/files/integrations/endpoints-initial/system-endpoints.json @@ -1,11 +1,11 @@ { + "policy_id": "endpoints-initial", "package": { "name": "system", "version": "" }, "name": "system-endpoints", "namespace": "default", - "policy_id": "endpoints-initial", "inputs": { "system-logfile": { "enabled": true, @@ -13,14 +13,9 @@ "system.auth": { "enabled": true, "vars": { - "ignore_older": "72h", "paths": [ "/var/log/auth.log*", "/var/log/secure*" - ], - "preserve_original_event": false, - "tags": [ - "system-auth" ] } }, @@ -30,47 +25,33 @@ "paths": [ "/var/log/messages*", "/var/log/syslog*" - ], - "tags": [], - "ignore_older": "72h" + ] } } } }, "system-winlog": { "enabled": true, + "vars": { + "preserve_original_event": false + }, "streams": { "system.application": { "enabled": true, "vars": { - "preserve_original_event": false, - "ignore_older": "72h", - "language": 0, "tags": [] } }, "system.security": { "enabled": true, "vars": { - "preserve_original_event": false, - "ignore_older": "72h", - "language": 0, - "tags": [] - } - }, - "system.system": { - "enabled": true, - "vars": { - "preserve_original_event": false, - "ignore_older": "72h", - "language": 0, "tags": [] } } - } - }, - "system-system/metrics": { - "enabled": false + } + }, + "system-system/metrics": { + "enabled": false } } } diff --git a/salt/elasticfleet/files/integrations/endpoints-initial/windows-endpoints.json b/salt/elasticfleet/files/integrations/endpoints-initial/windows-endpoints.json index 0f2787b9e..b17986a53 100644 --- a/salt/elasticfleet/files/integrations/endpoints-initial/windows-endpoints.json +++ b/salt/elasticfleet/files/integrations/endpoints-initial/windows-endpoints.json @@ -1,11 +1,12 @@ { + "policy_id": "endpoints-initial", "package": { "name": "windows", "version": "" }, "name": "windows-endpoints", + "description": "", "namespace": "default", - "policy_id": "endpoints-initial", "inputs": { "windows-winlog": { "enabled": true, @@ -13,47 +14,54 @@ "windows.forwarded": { "enabled": true, "vars": { - "preserve_original_event": false, - "ignore_older": "72h", - "language": 0, "tags": [ "forwarded" - ] + ], + "preserve_original_event": false } }, "windows.powershell": { "enabled": true, "vars": { - "preserve_original_event": false, - "event_id": "400, 403, 600, 800", - "ignore_older": "72h", - "language": 0, - "tags": [] + "tags": [], + "preserve_original_event": false } }, "windows.powershell_operational": { "enabled": true, "vars": { - "preserve_original_event": false, - "event_id": "4103, 4104, 4105, 4106", - "ignore_older": "72h", - "language": 0, - "tags": [] + "tags": [], + "preserve_original_event": false } }, "windows.sysmon_operational": { "enabled": true, "vars": { - "preserve_original_event": false, - "ignore_older": "72h", - "language": 0, - "tags": [] + "tags": [], + "preserve_original_event": false } } } }, "windows-windows/metrics": { - "enabled": false + "enabled": false, + "streams": { + "windows.perfmon": { + "enabled": false, + "vars": { + "perfmon.group_measurements_by_instance": false, + "perfmon.ignore_non_existent_counters": false, + "perfmon.queries": "- object: 'Process'\n instance: [\"*\"]\n counters:\n - name: '% Processor Time'\n field: cpu_perc\n format: \"float\"\n - name: \"Working Set\"\n", + "period": "10s" + } + }, + "windows.service": { + "enabled": false, + "vars": { + "period": "60s" + } + } + } } } } diff --git a/salt/elasticfleet/files/integrations/grid-nodes/system-grid-nodes.json b/salt/elasticfleet/files/integrations/grid-nodes/system-grid-nodes.json index a29553393..3c10227ca 100644 --- a/salt/elasticfleet/files/integrations/grid-nodes/system-grid-nodes.json +++ b/salt/elasticfleet/files/integrations/grid-nodes/system-grid-nodes.json @@ -1,11 +1,11 @@ { + "policy_id": "so-grid-nodes", "package": { "name": "system", "version": "" }, "name": "system-grid-nodes", "namespace": "default", - "policy_id": "so-grid-nodes", "inputs": { "system-logfile": { "enabled": true, @@ -13,14 +13,9 @@ "system.auth": { "enabled": true, "vars": { - "ignore_older": "72h", "paths": [ "/var/log/auth.log*", "/var/log/secure*" - ], - "preserve_original_event": false, - "tags": [ - "system-auth" ] } }, @@ -30,9 +25,7 @@ "paths": [ "/var/log/messages*", "/var/log/syslog*" - ], - "tags": [], - "ignore_older": "72h" + ] } } }