Add additional templates for integrations

2025-12-06 17:22:49 +01:00 · 2024-01-11 14:00:09 +00:00
parent 5703023008
commit 9b1ddcacb4
1 changed files with 572 additions and 0 deletions
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -2273,6 +2273,138 @@ elasticsearch:
              set_priority:
                priority: 50
            min_age: 30d
+    so-logs-cisco_ftd_x_log:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-cisco_ftd.log-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-cisco_ftd.log-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-cisco_ftd.log@package"
+          - "logs-cisco_ftd.log@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-cisco_ios_x_log:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-cisco_ios.log-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-cisco_ios.log-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-cisco_ios.log@package"
+          - "logs-cisco_ios.log@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-cisco_ise_x_log:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-cisco_ise.log-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-cisco_ise.log-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-cisco_ise.log@package"
+          - "logs-cisco_ise.log@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
    so-logs-cisco_meraki_x_events:
      index_sorting: false
      index_template:
@@ -5295,6 +5427,94 @@ elasticsearch:
              set_priority:
                priority: 50
            min_age: 30d
+    so-logs-iis_x_access:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-iis.access-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-iis.access-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-iis.access@package"
+          - "logs-iis.access@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-iis_x_error:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-iis.error-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-iis.error-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-iis.error@package"
+          - "logs-iis.error@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
    so-logs-juniper_srx_x_log:
      index_sorting: false
      index_template:
@@ -5867,6 +6087,182 @@ elasticsearch:
              set_priority:
                priority: 50
            min_age: 30d
+    so-logs-microsoft_sqlserver_x_audit:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-microsoft_sqlserver.audit-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-microsoft_sqlserver.audit-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-microsoft_sqlserver.audit@package"
+          - "logs-microsoft_sqlserver.audit@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-microsoft_sqlserver_x_log:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-microsoft_sqlserver.log-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-microsoft_sqlserver.log-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-microsoft_sqlserver.log@package"
+          - "logs-microsoft_sqlserver.log@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-mysql_x_error:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-mysql.error-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-mysql.error-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-mysql.error@package"
+          - "logs-mysql.error@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-mysql_x_slowlog:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-mysql.slowlog-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-mysql.slowlog-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-mysql.slowlog@package"
+          - "logs-mysql.slowlog@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
    so-logs-mimecast_x_audit_events:
      index_sorting: false
      index_template:
@@ -6473,6 +6869,182 @@ elasticsearch:
              set_priority:
                priority: 50
            min_age: 30d
+    so-logs-proofpoint_tap_x_clicks_blocked:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-proofpoint_tap.clicks_blocked-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-proofpoint_tap.clicks_blocked-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-proofpoint_tap.clicks_blocked@package"
+          - "logs-proofpoint_tap.clicks_blocked@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-proofpoint_tap_x_clicks_permitted:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-proofpoint_tap.clicks_permitted-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-proofpoint_tap.clicks_permitted-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-proofpoint_tap.clicks_permitted@package"
+          - "logs-proofpoint_tap.clicks_permitted@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-proofpoint_tap_x_message_blocked:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-proofpoint_tap.message_blocked-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-proofpoint_tap.message_blocked-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-proofpoint_tap.message_blocked@package"
+          - "logs-proofpoint_tap.message_blocked@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-proofpoint_tap_x_message_delivered:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-proofpoint_tap.message_delivered-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-logs-proofpoint_tap.message_delivered-logs
+              number_of_replicas: 0
+        composed_of:
+          - "logs-proofpoint_tap.message_delivered@package"
+          - "logs-proofpoint_tap.message_delivered@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
    so-logs-pulse_connect_secure_x_log:
      index_sorting: false
      index_template: