CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14331 from Security-Onion-Solutions/reyesj2-patch-2

Browse Source 
osquery v1.15.0 index templates updates
This commit is contained in:
Jorge Reyes
2025-03-04 13:17:28 -06:00
committed by GitHub
parent 0ff4fc101b 124bf266b5
commit 966503d875
4 changed files with 90 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
salt/elasticsearch/defaults.yaml
View File

@@ -2659,7 +2659,7 @@ elasticsearch:
set_priority:
priority: 50
min_age: 30d
so-logs-osquery-manager-action_x_responses:
so-logs-osquery_manager_x_action_x_responses:
index_sorting: false
index_template:
_meta:
@@ -2667,17 +2667,51 @@ elasticsearch:
managed_by: security_onion
package:
name: elastic_agent
data_stream:
allow_custom_routing: false
hidden: false
composed_of:
- logs-osquery_manager.action.responses
ignore_missing_component_templates: []
- logs-osquery_manager.action.responses@package
- logs-osquery_manager.action.responses@custom
- so-fleet_integrations.ip_mappings-1
- so-fleet_globals-1
- so-fleet_agent_id_verification-1
ignore_missing_component_templates:
- logs-osquery_manager.action.responses@custom
index_patterns:
- .logs-osquery_manager.action.responses*
- logs-osquery_manager.action.responses*
priority: 501
template:
settings:
index:
lifecycle:
name: so-logs-osquery_manager.action.responses-logs
number_of_replicas: 0
so-logs-osquery-manager-actions:
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 60d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-osquery_manager_x_result:
index_sorting: false
index_template:
_meta:
@@ -2685,16 +2719,50 @@ elasticsearch:
managed_by: security_onion
package:
name: elastic_agent
data_stream:
allow_custom_routing: false
hidden: false
composed_of:
- logs-osquery_manager.actions
ignore_missing_component_templates: []
- logs-osquery_manager.result@package
- logs-osquery_manager.result@custom
- so-fleet_integrations.ip_mappings-1
- so-fleet_globals-1
- so-fleet_agent_id_verification-1
ignore_missing_component_templates:
- logs-osquery_manager.result@custom
index_patterns:
- .logs-osquery_manager.actions*
- logs-osquery_manager.result*
priority: 501
template:
settings:
index:
lifecycle:
name: so-logs-osquery_manager.result-logs
number_of_replicas: 0
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 60d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-soc:
close: 30
delete: 365

4
salt/elasticsearch/soc_elasticsearch.yaml
View File

@@ -368,8 +368,8 @@ elasticsearch:
so-logs-detections_x_alerts: *indexSettings
so-logs-http_endpoint_x_generic: *indexSettings
so-logs-httpjson_x_generic: *indexSettings
so-logs-osquery-manager-actions: *indexSettings
so-logs-osquery-manager-action_x_responses: *indexSettings
so-logs-osquery_manager_x_action_x_responses: *indexSettings
so-logs-osquery_manager_x_result: *indexSettings
so-logs-elastic_agent_x_apm_server: *indexSettings
so-logs-elastic_agent_x_auditbeat: *indexSettings
so-logs-elastic_agent_x_cloudbeat: *indexSettings

9
salt/elasticsearch/templates/component/elastic-agent/logs@custom.json Normal file
View File

@@ -0,0 +1,9 @@
{
"template": {
"settings": {
"index": {
"number_of_replicas": "0"
}
}
}
}

4
salt/elasticsearch/templates/component/elastic-agent/metrics@custom.json
View File

@@ -1,7 +1,9 @@
{
"template": {
"settings": {
"number_of_replicas": 0
"index": {
"number_of_replicas": "0"
}
}
}
}