From 9e18fe64cf4c69ad4af078c8bbad7bfbab1bc412 Mon Sep 17 00:00:00 2001 From: weslambert Date: Mon, 21 Aug 2023 11:20:47 -0400 Subject: [PATCH] Remove OSSEC configuration --- salt/soc/defaults.yaml | 50 ------------------------------------------ 1 file changed, 50 deletions(-) diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index 49be076c0..8ac49ea2e 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -474,19 +474,6 @@ soc: - event.dataset - process.executable - user.name - ':ossec:': - - soc_timestamp - - source.ip - - source.port - - destination.ip - - destination.port - - rule.name - - rule.level - - rule.category - - process.name - - user.name - - user.escalated - - location ':strelka:file': - soc_timestamp - file.name @@ -523,28 +510,6 @@ soc: - message - kibana.log.meta.req.headers.x-real-ip - event.dataset - '::rootcheck': - - soc_timestamp - - host.name - - metadata.ip_address - - log.full - - event.dataset - - event.module - '::ossec': - - soc_timestamp - - host.name - - metadata.ip_address - - log.full - - event.dataset - - event.module - '::syscollector': - - soc_timestamp - - host.name - - metadata.ip_address - - wazuh.data.type - - log.full - - event.dataset - - event.module ':syslog:syslog': - soc_timestamp - host.name @@ -1621,21 +1586,6 @@ soc: - rule.uuid - rule.category - rule.rev - ':ossec:': - - soc_timestamp - - rule.name - - event.severity_label - - source.ip - - source.port - - destination.ip - - destination.port - - rule.level - - rule.category - - process.name - - user.name - - user.escalated - - location - - process.name queryBaseFilter: tags:alert queryToggleFilters: - name: acknowledged