From 9b1ddcacb484e8aca11f4215d9aa62ab2a18725a Mon Sep 17 00:00:00 2001
From: Wes <wlambertts@gmail.com>
Date: Thu, 11 Jan 2024 14:00:09 +0000
Subject: [PATCH] Add additional templates for integrations

---
 salt/elasticsearch/defaults.yaml | 572 +++++++++++++++++++++++++++++++
 1 file changed, 572 insertions(+)

diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml
index 66916acd1..4a9c65078 100644
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -2273,6 +2273,138 @@ elasticsearch:
               set_priority:
                 priority: 50
             min_age: 30d
+    so-logs-cisco_ftd_x_log:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-cisco_ftd.log-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-cisco_ftd.log-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-cisco_ftd.log@package"
+          - "logs-cisco_ftd.log@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-cisco_ios_x_log:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-cisco_ios.log-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-cisco_ios.log-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-cisco_ios.log@package"
+          - "logs-cisco_ios.log@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-cisco_ise_x_log:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-cisco_ise.log-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-cisco_ise.log-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-cisco_ise.log@package"
+          - "logs-cisco_ise.log@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
     so-logs-cisco_meraki_x_events:
       index_sorting: false
       index_template:
@@ -5295,6 +5427,94 @@ elasticsearch:
               set_priority:
                 priority: 50
             min_age: 30d
+    so-logs-iis_x_access:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-iis.access-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-iis.access-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-iis.access@package"
+          - "logs-iis.access@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-iis_x_error:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-iis.error-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-iis.error-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-iis.error@package"
+          - "logs-iis.error@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
     so-logs-juniper_srx_x_log:
       index_sorting: false
       index_template:
@@ -5867,6 +6087,182 @@ elasticsearch:
               set_priority:
                 priority: 50
             min_age: 30d
+    so-logs-microsoft_sqlserver_x_audit:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-microsoft_sqlserver.audit-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-microsoft_sqlserver.audit-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-microsoft_sqlserver.audit@package"
+          - "logs-microsoft_sqlserver.audit@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-microsoft_sqlserver_x_log:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-microsoft_sqlserver.log-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-microsoft_sqlserver.log-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-microsoft_sqlserver.log@package"
+          - "logs-microsoft_sqlserver.log@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-mysql_x_error:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-mysql.error-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-mysql.error-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-mysql.error@package"
+          - "logs-mysql.error@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-mysql_x_slowlog:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-mysql.slowlog-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-mysql.slowlog-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-mysql.slowlog@package"
+          - "logs-mysql.slowlog@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
     so-logs-mimecast_x_audit_events:
       index_sorting: false
       index_template:
@@ -6473,6 +6869,182 @@ elasticsearch:
               set_priority:
                 priority: 50
             min_age: 30d
+    so-logs-proofpoint_tap_x_clicks_blocked:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-proofpoint_tap.clicks_blocked-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-proofpoint_tap.clicks_blocked-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-proofpoint_tap.clicks_blocked@package"
+          - "logs-proofpoint_tap.clicks_blocked@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-proofpoint_tap_x_clicks_permitted:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-proofpoint_tap.clicks_permitted-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-proofpoint_tap.clicks_permitted-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-proofpoint_tap.clicks_permitted@package"
+          - "logs-proofpoint_tap.clicks_permitted@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-proofpoint_tap_x_message_blocked:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-proofpoint_tap.message_blocked-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-proofpoint_tap.message_blocked-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-proofpoint_tap.message_blocked@package"
+          - "logs-proofpoint_tap.message_blocked@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-proofpoint_tap_x_message_delivered:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-proofpoint_tap.message_delivered-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-proofpoint_tap.message_delivered-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-proofpoint_tap.message_delivered@package"
+          - "logs-proofpoint_tap.message_delivered@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
     so-logs-pulse_connect_secure_x_log:
       index_sorting: false
       index_template: