From 965ced94c443a1a3a029b19deaf952c576bb0cd4 Mon Sep 17 00:00:00 2001 From: Wes Date: Thu, 7 Dec 2023 13:48:08 +0000 Subject: [PATCH] Remove close files --- .../logs-elastic_agent-default-close.yaml | 27 ------------------ ...-elastic_agent-filebeat-default-close.yaml | 27 ------------------ ...stic_agent-fleet_server-default-close.yaml | 27 ------------------ ...lastic_agent-metricbeat-default-close.yaml | 27 ------------------ ...astic_agent-osquerybeat-default-close.yaml | 27 ------------------ .../files/action/logs-import-so-close.yml | 27 ------------------ .../files/action/logs-strelka-so-close.yml | 27 ------------------ .../files/action/logs-suricata-so-close.yml | 27 ------------------ .../files/action/logs-syslog-so-close.yml | 27 ------------------ ...logs-system-application-default-close.yaml | 27 ------------------ .../logs-system-auth-default-close.yaml | 27 ------------------ .../logs-system-security-default-close.yaml | 27 ------------------ .../logs-system-syslog-default-close.yaml | 27 ------------------ .../logs-system-system-default-close.yaml | 27 ------------------ ...logs-windows-powershell-default-close.yaml | 27 ------------------ ...dows-sysmon_operational-default-close.yaml | 27 ------------------ .../files/action/logs-zeek-so-close.yml | 27 ------------------ salt/curator/files/action/so-beats-close.yml | 27 ------------------ .../files/action/so-elasticsearch-close.yml | 27 ------------------ .../files/action/so-firewall-close.yml | 28 ------------------- salt/curator/files/action/so-ids-close.yml | 28 ------------------- salt/curator/files/action/so-import-close.yml | 27 ------------------ salt/curator/files/action/so-kibana-close.yml | 27 ------------------ salt/curator/files/action/so-kratos-close.yml | 27 ------------------ .../files/action/so-logstash-close.yml | 27 ------------------ .../curator/files/action/so-netflow-close.yml | 27 ------------------ .../curator/files/action/so-osquery-close.yml | 27 ------------------ salt/curator/files/action/so-ossec-close.yml | 27 ------------------ salt/curator/files/action/so-redis-close.yml | 27 ------------------ .../curator/files/action/so-strelka-close.yml | 27 ------------------ salt/curator/files/action/so-syslog-close.yml | 27 ------------------ salt/curator/files/action/so-zeek-close.yml | 27 ------------------ 32 files changed, 866 deletions(-) delete mode 100644 salt/curator/files/action/logs-elastic_agent-default-close.yaml delete mode 100644 salt/curator/files/action/logs-elastic_agent-filebeat-default-close.yaml delete mode 100644 salt/curator/files/action/logs-elastic_agent-fleet_server-default-close.yaml delete mode 100644 salt/curator/files/action/logs-elastic_agent-metricbeat-default-close.yaml delete mode 100644 salt/curator/files/action/logs-elastic_agent-osquerybeat-default-close.yaml delete mode 100644 salt/curator/files/action/logs-import-so-close.yml delete mode 100644 salt/curator/files/action/logs-strelka-so-close.yml delete mode 100644 salt/curator/files/action/logs-suricata-so-close.yml delete mode 100644 salt/curator/files/action/logs-syslog-so-close.yml delete mode 100644 salt/curator/files/action/logs-system-application-default-close.yaml delete mode 100644 salt/curator/files/action/logs-system-auth-default-close.yaml delete mode 100644 salt/curator/files/action/logs-system-security-default-close.yaml delete mode 100644 salt/curator/files/action/logs-system-syslog-default-close.yaml delete mode 100644 salt/curator/files/action/logs-system-system-default-close.yaml delete mode 100644 salt/curator/files/action/logs-windows-powershell-default-close.yaml delete mode 100644 salt/curator/files/action/logs-windows-sysmon_operational-default-close.yaml delete mode 100644 salt/curator/files/action/logs-zeek-so-close.yml delete mode 100644 salt/curator/files/action/so-beats-close.yml delete mode 100644 salt/curator/files/action/so-elasticsearch-close.yml delete mode 100644 salt/curator/files/action/so-firewall-close.yml delete mode 100644 salt/curator/files/action/so-ids-close.yml delete mode 100644 salt/curator/files/action/so-import-close.yml delete mode 100644 salt/curator/files/action/so-kibana-close.yml delete mode 100644 salt/curator/files/action/so-kratos-close.yml delete mode 100644 salt/curator/files/action/so-logstash-close.yml delete mode 100644 salt/curator/files/action/so-netflow-close.yml delete mode 100644 salt/curator/files/action/so-osquery-close.yml delete mode 100644 salt/curator/files/action/so-ossec-close.yml delete mode 100644 salt/curator/files/action/so-redis-close.yml delete mode 100644 salt/curator/files/action/so-strelka-close.yml delete mode 100644 salt/curator/files/action/so-syslog-close.yml delete mode 100644 salt/curator/files/action/so-zeek-close.yml diff --git a/salt/curator/files/action/logs-elastic_agent-default-close.yaml b/salt/curator/files/action/logs-elastic_agent-default-close.yaml deleted file mode 100644 index 03c1ea81d..000000000 --- a/salt/curator/files/action/logs-elastic_agent-default-close.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-elastic_agent-default'].close %} -actions: - 1: - action: close - description: >- - Close Elastic Agent default indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-elastic_agent-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/logs-elastic_agent-filebeat-default-close.yaml b/salt/curator/files/action/logs-elastic_agent-filebeat-default-close.yaml deleted file mode 100644 index 2d7e897cf..000000000 --- a/salt/curator/files/action/logs-elastic_agent-filebeat-default-close.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-elastic_agent-filebeat-default'].close %} -actions: - 1: - action: close - description: >- - Close Elastic Agent Filebeat indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-elastic_agent.filebeat-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/logs-elastic_agent-fleet_server-default-close.yaml b/salt/curator/files/action/logs-elastic_agent-fleet_server-default-close.yaml deleted file mode 100644 index 0fd1d6129..000000000 --- a/salt/curator/files/action/logs-elastic_agent-fleet_server-default-close.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-elastic_agent-fleet_server-default'].close %} -actions: - 1: - action: close - description: >- - Close Elastic Agent Fleet Server indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-elastic_agent.fleet_server-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/logs-elastic_agent-metricbeat-default-close.yaml b/salt/curator/files/action/logs-elastic_agent-metricbeat-default-close.yaml deleted file mode 100644 index cedf64eeb..000000000 --- a/salt/curator/files/action/logs-elastic_agent-metricbeat-default-close.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-elastic_agent-metricbeat-default'].close %} -actions: - 1: - action: close - description: >- - Close Elastic Agent Metricbeat indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-elastic_agent.metricbeat-default-.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/logs-elastic_agent-osquerybeat-default-close.yaml b/salt/curator/files/action/logs-elastic_agent-osquerybeat-default-close.yaml deleted file mode 100644 index e25b7f2b8..000000000 --- a/salt/curator/files/action/logs-elastic_agent-osquerybeat-default-close.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-elastic_agent-osquerybeat-default'].close %} -actions: - 1: - action: close - description: >- - Close Elastic Agent Osquerybeat indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-elastic_agent.osquerybeat-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/logs-import-so-close.yml b/salt/curator/files/action/logs-import-so-close.yml deleted file mode 100644 index e2d28fd06..000000000 --- a/salt/curator/files/action/logs-import-so-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-import-so'].close %} -actions: - 1: - action: close - description: >- - Close import indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-import-so.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/logs-strelka-so-close.yml b/salt/curator/files/action/logs-strelka-so-close.yml deleted file mode 100644 index c4b57995d..000000000 --- a/salt/curator/files/action/logs-strelka-so-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-strelka-so'].close %} -actions: - 1: - action: close - description: >- - Close Strelka indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-strelka-so.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/logs-suricata-so-close.yml b/salt/curator/files/action/logs-suricata-so-close.yml deleted file mode 100644 index c99a85285..000000000 --- a/salt/curator/files/action/logs-suricata-so-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-suricata-so'].close %} -actions: - 1: - action: close - description: >- - Close Suricata indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-suricata-so.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/logs-syslog-so-close.yml b/salt/curator/files/action/logs-syslog-so-close.yml deleted file mode 100644 index 3ccf7834b..000000000 --- a/salt/curator/files/action/logs-syslog-so-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-syslog-so'].close %} -actions: - 1: - action: close - description: >- - Close syslog indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-syslog-so.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/logs-system-application-default-close.yaml b/salt/curator/files/action/logs-system-application-default-close.yaml deleted file mode 100644 index 4a04ebbb7..000000000 --- a/salt/curator/files/action/logs-system-application-default-close.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-system-application-default'].close %} -actions: - 1: - action: close - description: >- - Close Elastic Agent system application indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-system.application-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/logs-system-auth-default-close.yaml b/salt/curator/files/action/logs-system-auth-default-close.yaml deleted file mode 100644 index 287997e87..000000000 --- a/salt/curator/files/action/logs-system-auth-default-close.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-system-auth-default'].close %} -actions: - 1: - action: close - description: >- - Close Elastic Agent system auth indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-system.auth-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/logs-system-security-default-close.yaml b/salt/curator/files/action/logs-system-security-default-close.yaml deleted file mode 100644 index 2506ca357..000000000 --- a/salt/curator/files/action/logs-system-security-default-close.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-system-security-default'].close %} -actions: - 1: - action: close - description: >- - Close Elastic Agent system security indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-system.security-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/logs-system-syslog-default-close.yaml b/salt/curator/files/action/logs-system-syslog-default-close.yaml deleted file mode 100644 index 8da3afd45..000000000 --- a/salt/curator/files/action/logs-system-syslog-default-close.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-system-syslog-default'].close %} -actions: - 1: - action: close - description: >- - Close Elastic Agent system syslog indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-system.syslog-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/logs-system-system-default-close.yaml b/salt/curator/files/action/logs-system-system-default-close.yaml deleted file mode 100644 index 401125e08..000000000 --- a/salt/curator/files/action/logs-system-system-default-close.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-system-system-default'].close %} -actions: - 1: - action: close - description: >- - Close Elastic Agent system system indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-system.system-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/logs-windows-powershell-default-close.yaml b/salt/curator/files/action/logs-windows-powershell-default-close.yaml deleted file mode 100644 index 8f878f4c9..000000000 --- a/salt/curator/files/action/logs-windows-powershell-default-close.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-windows-powershell-default'].close %} -actions: - 1: - action: close - description: >- - Close Elastic Agent Windows Powershell indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-windows.powershell-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/logs-windows-sysmon_operational-default-close.yaml b/salt/curator/files/action/logs-windows-sysmon_operational-default-close.yaml deleted file mode 100644 index 8cd9c99f3..000000000 --- a/salt/curator/files/action/logs-windows-sysmon_operational-default-close.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-windows-sysmon_operational-default'].close %} -actions: - 1: - action: close - description: >- - Close Elastic Agent Windows Sysmon operational indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-windows.sysmon_operational-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/logs-zeek-so-close.yml b/salt/curator/files/action/logs-zeek-so-close.yml deleted file mode 100644 index 020c89cbc..000000000 --- a/salt/curator/files/action/logs-zeek-so-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['logs-zeek-so'].close %} -actions: - 1: - action: close - description: >- - Close Zeek indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-zeek-so.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/so-beats-close.yml b/salt/curator/files/action/so-beats-close.yml deleted file mode 100644 index 88c7ce91a..000000000 --- a/salt/curator/files/action/so-beats-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['so-beats'].close %} -actions: - 1: - action: close - description: >- - Close Beats indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(logstash-beats.*|so-beats.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/so-elasticsearch-close.yml b/salt/curator/files/action/so-elasticsearch-close.yml deleted file mode 100644 index e4d8824bd..000000000 --- a/salt/curator/files/action/so-elasticsearch-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['so-elasticsearch'].close %} -actions: - 1: - action: close - description: >- - Close elasticsearch indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(logstash-elasticsearch.*|so-elasticsearch.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/so-firewall-close.yml b/salt/curator/files/action/so-firewall-close.yml deleted file mode 100644 index 18d30737d..000000000 --- a/salt/curator/files/action/so-firewall-close.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -{%- set cur_close_days = CURATORMERGED['so-firewall'].close %} -actions: - 1: - action: close - description: >- - Close Firewall indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(logstash-firewall.*|so-firewall.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/so-ids-close.yml b/salt/curator/files/action/so-ids-close.yml deleted file mode 100644 index 359e0a4cc..000000000 --- a/salt/curator/files/action/so-ids-close.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -{%- set cur_close_days = CURATORMERGED['so-ids'].close %} -actions: - 1: - action: close - description: >- - Close IDS indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(logstash-ids.*|so-ids.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/so-import-close.yml b/salt/curator/files/action/so-import-close.yml deleted file mode 100644 index 7a60b9343..000000000 --- a/salt/curator/files/action/so-import-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['so-import'].close %} -actions: - 1: - action: close - description: >- - Close Import indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(logstash-import.*|so-import.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/so-kibana-close.yml b/salt/curator/files/action/so-kibana-close.yml deleted file mode 100644 index 7c29ed294..000000000 --- a/salt/curator/files/action/so-kibana-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['so-kibana'].close %} -actions: - 1: - action: close - description: >- - Close kibana indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(logstash-kibana.*|so-kibana.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/so-kratos-close.yml b/salt/curator/files/action/so-kratos-close.yml deleted file mode 100644 index d5fc3385c..000000000 --- a/salt/curator/files/action/so-kratos-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['so-kratos'].close %} -actions: - 1: - action: close - description: >- - Close kratos indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(logstash-kratos.*|so-kratos.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/so-logstash-close.yml b/salt/curator/files/action/so-logstash-close.yml deleted file mode 100644 index 34402d95c..000000000 --- a/salt/curator/files/action/so-logstash-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['so-logstash'].close %} -actions: - 1: - action: close - description: >- - Close logstash indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(logstash-logstash.*|so-logstash.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/so-netflow-close.yml b/salt/curator/files/action/so-netflow-close.yml deleted file mode 100644 index 359d6f1f1..000000000 --- a/salt/curator/files/action/so-netflow-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['so-netflow'].close %} -actions: - 1: - action: close - description: >- - Close netflow indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(logstash-netflow.*|so-netflow.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/so-osquery-close.yml b/salt/curator/files/action/so-osquery-close.yml deleted file mode 100644 index 59b6a92b2..000000000 --- a/salt/curator/files/action/so-osquery-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['so-osquery'].close %} -actions: - 1: - action: close - description: >- - Close osquery indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(logstash-osquery.*|so-osquery.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/so-ossec-close.yml b/salt/curator/files/action/so-ossec-close.yml deleted file mode 100644 index ac0691ad8..000000000 --- a/salt/curator/files/action/so-ossec-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['so-ossec'].close %} -actions: - 1: - action: close - description: >- - Close ossec indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(logstash-ossec.*|so-ossec.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/so-redis-close.yml b/salt/curator/files/action/so-redis-close.yml deleted file mode 100644 index f7c5ef4c6..000000000 --- a/salt/curator/files/action/so-redis-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['so-redis'].close %} -actions: - 1: - action: close - description: >- - Close redis indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(logstash-redis.*|so-redis.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/so-strelka-close.yml b/salt/curator/files/action/so-strelka-close.yml deleted file mode 100644 index 9d908d6d2..000000000 --- a/salt/curator/files/action/so-strelka-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['so-strelka'].close %} -actions: - 1: - action: close - description: >- - Close Strelka indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(logstash-strelka.*|so-strelka.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/so-syslog-close.yml b/salt/curator/files/action/so-syslog-close.yml deleted file mode 100644 index e5a58e437..000000000 --- a/salt/curator/files/action/so-syslog-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['so-syslog'].close %} -actions: - 1: - action: close - description: >- - Close syslog indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(logstash-syslog.*|so-syslog.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: diff --git a/salt/curator/files/action/so-zeek-close.yml b/salt/curator/files/action/so-zeek-close.yml deleted file mode 100644 index 1e9ea59e4..000000000 --- a/salt/curator/files/action/so-zeek-close.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set cur_close_days = CURATORMERGED['so-zeek'].close %} -actions: - 1: - action: close - description: >- - Close Zeek indices older than {{cur_close_days}} days. - options: - delete_aliases: False - timeout_override: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(logstash-zeek.*|so-zeek.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{cur_close_days}} - exclude: