CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add additional templates for integrations

Browse Source
This commit is contained in:
Wes
2024-01-11 14:00:09 +00:00
parent 5703023008
commit 9b1ddcacb4
1 changed files with 572 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

572
salt/elasticsearch/defaults.yaml
View File

@@ -2273,6 +2273,138 @@ elasticsearch:
set_priority: set_priority:
priority: 50 priority: 50
min_age: 30d min_age: 30d
so-logs-cisco_ftd_x_log:
index_sorting: False
index_template:
index_patterns:
- "logs-cisco_ftd.log-*"
template:
settings:
index:
lifecycle:
name: so-logs-cisco_ftd.log-logs
number_of_replicas: 0
composed_of:
- "logs-cisco_ftd.log@package"
- "logs-cisco_ftd.log@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-cisco_ios_x_log:
index_sorting: False
index_template:
index_patterns:
- "logs-cisco_ios.log-*"
template:
settings:
index:
lifecycle:
name: so-logs-cisco_ios.log-logs
number_of_replicas: 0
composed_of:
- "logs-cisco_ios.log@package"
- "logs-cisco_ios.log@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-cisco_ise_x_log:
index_sorting: False
index_template:
index_patterns:
- "logs-cisco_ise.log-*"
template:
settings:
index:
lifecycle:
name: so-logs-cisco_ise.log-logs
number_of_replicas: 0
composed_of:
- "logs-cisco_ise.log@package"
- "logs-cisco_ise.log@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-cisco_meraki_x_events: so-logs-cisco_meraki_x_events:
index_sorting: false index_sorting: false
index_template: index_template:
@@ -5295,6 +5427,94 @@ elasticsearch:
set_priority: set_priority:
priority: 50 priority: 50
min_age: 30d min_age: 30d
so-logs-iis_x_access:
index_sorting: False
index_template:
index_patterns:
- "logs-iis.access-*"
template:
settings:
index:
lifecycle:
name: so-logs-iis.access-logs
number_of_replicas: 0
composed_of:
- "logs-iis.access@package"
- "logs-iis.access@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-iis_x_error:
index_sorting: False
index_template:
index_patterns:
- "logs-iis.error-*"
template:
settings:
index:
lifecycle:
name: so-logs-iis.error-logs
number_of_replicas: 0
composed_of:
- "logs-iis.error@package"
- "logs-iis.error@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-juniper_srx_x_log: so-logs-juniper_srx_x_log:
index_sorting: false index_sorting: false
index_template: index_template:
@@ -5867,6 +6087,182 @@ elasticsearch:
set_priority: set_priority:
priority: 50 priority: 50
min_age: 30d min_age: 30d
so-logs-microsoft_sqlserver_x_audit:
index_sorting: False
index_template:
index_patterns:
- "logs-microsoft_sqlserver.audit-*"
template:
settings:
index:
lifecycle:
name: so-logs-microsoft_sqlserver.audit-logs
number_of_replicas: 0
composed_of:
- "logs-microsoft_sqlserver.audit@package"
- "logs-microsoft_sqlserver.audit@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-microsoft_sqlserver_x_log:
index_sorting: False
index_template:
index_patterns:
- "logs-microsoft_sqlserver.log-*"
template:
settings:
index:
lifecycle:
name: so-logs-microsoft_sqlserver.log-logs
number_of_replicas: 0
composed_of:
- "logs-microsoft_sqlserver.log@package"
- "logs-microsoft_sqlserver.log@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-mysql_x_error:
index_sorting: False
index_template:
index_patterns:
- "logs-mysql.error-*"
template:
settings:
index:
lifecycle:
name: so-logs-mysql.error-logs
number_of_replicas: 0
composed_of:
- "logs-mysql.error@package"
- "logs-mysql.error@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-mysql_x_slowlog:
index_sorting: False
index_template:
index_patterns:
- "logs-mysql.slowlog-*"
template:
settings:
index:
lifecycle:
name: so-logs-mysql.slowlog-logs
number_of_replicas: 0
composed_of:
- "logs-mysql.slowlog@package"
- "logs-mysql.slowlog@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-mimecast_x_audit_events: so-logs-mimecast_x_audit_events:
index_sorting: false index_sorting: false
index_template: index_template:
@@ -6473,6 +6869,182 @@ elasticsearch:
set_priority: set_priority:
priority: 50 priority: 50
min_age: 30d min_age: 30d
so-logs-proofpoint_tap_x_clicks_blocked:
index_sorting: False
index_template:
index_patterns:
- "logs-proofpoint_tap.clicks_blocked-*"
template:
settings:
index:
lifecycle:
name: so-logs-proofpoint_tap.clicks_blocked-logs
number_of_replicas: 0
composed_of:
- "logs-proofpoint_tap.clicks_blocked@package"
- "logs-proofpoint_tap.clicks_blocked@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-proofpoint_tap_x_clicks_permitted:
index_sorting: False
index_template:
index_patterns:
- "logs-proofpoint_tap.clicks_permitted-*"
template:
settings:
index:
lifecycle:
name: so-logs-proofpoint_tap.clicks_permitted-logs
number_of_replicas: 0
composed_of:
- "logs-proofpoint_tap.clicks_permitted@package"
- "logs-proofpoint_tap.clicks_permitted@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-proofpoint_tap_x_message_blocked:
index_sorting: False
index_template:
index_patterns:
- "logs-proofpoint_tap.message_blocked-*"
template:
settings:
index:
lifecycle:
name: so-logs-proofpoint_tap.message_blocked-logs
number_of_replicas: 0
composed_of:
- "logs-proofpoint_tap.message_blocked@package"
- "logs-proofpoint_tap.message_blocked@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-proofpoint_tap_x_message_delivered:
index_sorting: False
index_template:
index_patterns:
- "logs-proofpoint_tap.message_delivered-*"
template:
settings:
index:
lifecycle:
name: so-logs-proofpoint_tap.message_delivered-logs
number_of_replicas: 0
composed_of:
- "logs-proofpoint_tap.message_delivered@package"
- "logs-proofpoint_tap.message_delivered@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-pulse_connect_secure_x_log: so-logs-pulse_connect_secure_x_log:
index_sorting: false index_sorting: false
index_template: index_template: