CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into feature/updates

Browse Source
This commit is contained in:
Mike Reeves
2020-03-23 15:20:36 -04:00
committed by GitHub
parent 98caae8ec9 c8345753ac
commit a48ecfbbb1
34 changed files with 763 additions and 171 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
salt/common/nginx/index.html
View File

@@ -25,10 +25,17 @@ a {
padding: 0px;
}
.center {
.center-content {
margin: 0 auto;
}
.center-image {
display: block;
margin-left: auto;
margin-right: auto;
width: 50%;
}
/* Style the top navigation bar */
.topnav {
overflow: hidden;
@@ -74,8 +81,8 @@ a {
</style>
</head>
<body>
<div class="center">
<div class="topnav center">
<div class="center-content">
<div class="topnav center-content">
<a href="/so-auth/loginpage/create-user" target="_blank">Create New User</a>
<a href="/kibana/" target="_blank">Kibana</a>
<a href="/grafana/" target="_blank">Grafana</a>
@@ -89,10 +96,18 @@ a {
<a href="https://blog.securityonion.net" target="_blank">Blog</a>
</div>
<div class="content center">
<center><a href="https://securityonion.net"><img STYLE="border: none;" src="alpha_logo.jpg" alt="Security Onion" align="center" target="_blank"></img></a><br></center>
<p><center><h1>Hybrid Hunter Alpha 1.1.4 - Feature Parity Release</h1></center><br>
<div class="content center-content">
<div style="text-align: center;">
<a href="https://securityonion.net">
<img style="border: none;" src="alpha_logo.jpg" alt="Security Onion" class="center-image" target="_blank">
</a>
<br/>
</div>
<p>
<div style="text-align: center;">
<h1>Hybrid Hunter Alpha 1.1.4 - Feature Parity Release</h1>
</div>
<br/>
<h2>Changes:</h2>
<ul>
<li>Added new in-house auth method [Security Onion Auth](https://github.com/Security-Onion-Solutions/securityonion-auth).</li>
@@ -118,12 +133,30 @@ a {
</p>
</div>
<div class="footer center">
<b>Disclaimer of Warranty</b><br>
<small>THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM .AS IS. WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.</small><br>
<br>
<b>Limitation of Liability</b><br>
<small>IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.</small><br>
<div class="footer center-content">
<b>Disclaimer of Warranty</b>
<br/>
<small>
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM
.AS IS. WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE,
YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
</small>
<br/>
<br/>
<b>Limitation of Liability</b>
<br/>
<small>
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER,
OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM
(INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES
OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
</small>
<br/>
</div>
</div>
</body>

2
salt/elasticsearch/files/ingest/common
View File

@@ -39,7 +39,7 @@
{ "rename": { "field": "dataset", "target_field": "event.dataset", "ignore_missing": true } },
{
"remove": {
"field": [ "index_name_prefix", "beat"],
"field": [ "index_name_prefix"],
"ignore_failure": false
}
}

1
salt/elasticsearch/files/ingest/ossec.alert
View File

@@ -2,6 +2,7 @@
"description" : "ossec",
"processors" : [
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
{ "remove": { "field": [ "agent" ], "ignore_missing": true, "ignore_failure": false } },
{ "rename": { "field": "message2.agent", "target_field": "agent", "ignore_missing": true } },
{ "rename": { "field": "message2.data", "target_field": "data", "ignore_missing": true } },
{ "rename": { "field": "message2.decoder", "target_field": "decoder", "ignore_missing": true } },

2
salt/elasticsearch/files/ingest/strelka
View File

@@ -6,7 +6,7 @@
{ "rename": { "field": "message2.scan", "target_field": "scan", "ignore_missing": true } },
{ "rename": { "field": "message2.request", "target_field": "request", "ignore_missing": true } },
{ "rename": { "field": "scan.hash", "target_field": "file.hash", "ignore_missing": true } },
{ "remove": { "field": ["host", "path"], "ignore_missing": true } },
{ "remove": { "field": ["host", "path", "agent"], "ignore_missing": true } },
{ "pipeline": { "name": "common" } }
]
}

2
salt/elasticsearch/files/ingest/suricata.common
View File

@@ -8,7 +8,7 @@
{ "rename":{ "field": "message2.src_port", "target_field": "source.port", "ignore_failure": true } },
{ "rename":{ "field": "message2.dest_ip", "target_field": "destination.ip", "ignore_failure": true } },
{ "rename":{ "field": "message2.dest_port", "target_field": "destination.port", "ignore_failure": true } },
{ "remove": { "field": ["message2"], "ignore_failure": true } },
{ "remove": { "field": ["message2", "agent"], "ignore_failure": true } },
{ "pipeline": { "name": "common" } }
]
}

2
salt/elasticsearch/files/ingest/zeek.common
View File

@@ -16,7 +16,7 @@
{ "rename": { "field": "message2.id.resp_p", "target_field": "destination.port", "ignore_missing": true } },
{ "set": { "field": "server.port", "value": "{{destination.port}}" } },
{ "date": { "field": "message2.ts", "target_field": "@timestamp", "formats": ["ISO8601", "UNIX"], "ignore_failure": true } },
{ "remove": { "field": ["message2.ts", "path"], "ignore_failure": true } },
{ "remove": { "field": ["message2.ts", "path", "agent"], "ignore_failure": true } },
{ "pipeline": { "name": "common" } }
]
}

9
salt/elasticsearch/init.sls
View File

@@ -114,11 +114,12 @@ so-elasticsearch:
- name: so-elasticsearch
- user: elasticsearch
- environment:
- bootstrap.memory_lock=true
- cluster.name={{ esclustername }}
- discovery.type=single-node
#- bootstrap.memory_lock=true
#- cluster.name={{ esclustername }}
- ES_JAVA_OPTS=-Xms{{ esheap }} -Xmx{{ esheap }}
- http.host=0.0.0.0
- transport.host=127.0.0.1
#- http.host=0.0.0.0
#- transport.host=127.0.0.1
- ulimits:
- memlock=-1:-1
- nofile=65536:65536

4
salt/filebeat/etc/filebeat.yml
View File

@@ -71,7 +71,7 @@ filebeat.modules:
#=========================== Filebeat prospectors =============================
# List of prospectors to fetch data.
filebeat.prospectors:
filebeat.inputs:
#------------------------------ Log prospector --------------------------------
{%- if grains['role'] == 'so-sensor' or grains['role'] == "so-eval" or grains['role'] == "so-helix" or grains['role'] == "so-heavynode" %}
{%- if BROVER != 'SURICATA' %}
@@ -226,7 +226,7 @@ output.elasticsearch:
# Client Certificate Key
#ssl.key: "/usr/share/filebeat/filebeat.key"
setup.template.enabled: false
# A dictionary of settings to place into the settings.index dictionary
# of the Elasticsearch template. For more details, please check
# https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping.html

60
salt/fleet/osquery-packages.html
View File

@@ -11,7 +11,7 @@
box-sizing: border-box;
font-family: Arial, Helvetica, sans-serif;
padding-left: 30px;
padding right: 30px;
padding-right: 30px;
}
body {
@@ -24,17 +24,23 @@ a {
text-align: left;
padding: 0px;
}
.center-content {
margin: 0 auto;
}
/* Style the top navigation bar */
.topnav {
overflow: hidden;
background-color: #333;
width: 1080px;
display: flex;
align-content: center;
}
/* Style the topnav links */
.topnav a {
float: left;
display: block;
margin: auto;
color: #f2f2f2;
text-align: center;
padding: 14px 16px;
@@ -67,47 +73,59 @@ a {
</style>
</head>
<body>
<div class="topnav">
<div class="center-content">
<div class="topnav center-content">
<a href="/so-auth/loginpage/create-user" target="_blank">Create New User</a>
<a href="/kibana/" target="_blank">Kibana</a>
<a href="/grafana/" target="_blank">Grafana</a>
<a href="/sensoroni/" target="_blank">Sensoroni</a>
<a href="/playbook/" target="_blank">Playbook</a>
<a href="/fleet/" target="_blank">Fleet</a>
<a href="/thehive/" target="_blank">TheHive</a>
<a href="/packages/" target="_blank">Osquery Binaries</a>
<a href="/packages/" target="_blank">Osquery Packages</a>
<a href="https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/FAQ" target="_blank">FAQ</a>
<a href="https://www.securityonionsolutions.com" target="_blank">Security Onion Solutions</a>
<a href="https://blog.securityonion.net" target="_blank">Blog</a>
</div>
<div class="content">
<p><center><h1>Osquery Packages</h1></center><br>
</div>
<div class="content center-content">
<p>
<div style="text-align: center;">
<h1>Osquery Packages</h1>
</div>
<br/>
<h2>Notes</h2>
<ul>
<li>These packages are customized for this specific Fleet install and will only be generated after the Fleet setup script has been run. If you want vanilla osquery packages, you can get them directly from <a href="https://osquery.io/downloads">osquery.io</a></li>
<li>Packages are not signed.</li>
</ul>
<BR> <h2>Downloads</h2>
<br/>
<h2>Downloads</h2>
<div>
Generated: N/A
<br/>
<br/>
Packages:
<ul>
Generated: N/A
<BR><BR>Packages:
<li><a href="/packages/launcher.msi" download="msi-launcher.msi">MSI (Windows)</a></li>
<li><a href="/packages/launcher.deb" download="deb-launcher.deb">DEB (Debian)</a></li>
<li><a href="/packages/launcher.rpm" download="rpm-launcher.rpm">RPM (RPM)</a></li>
<BR><BR>Config Files:
</ul>
<br/>
<br/>
Config Files:
<ul>
<li><a href="/packages/launcher.flags" download="launcher.flags.txt">RPM & DEB Flag File</a></li>
<li><a href="/packages/launcher-msi.flags" download="launcher-msi.flags.txt">MSI Flag File</a></li>
</ul>
<BR><h2>Known Issues</h2>
</div>
<br/>
<h2>Known Issues</h2>
<ul>
<li>None</li>
</ul>
</p>
</div>
</div>
</div>
</body>
</html>

17
salt/kibana/bin/so-kibana-config-load Normal file
View File

@@ -0,0 +1,17 @@
#!/bin/bash
VERSION="7.6.1"
curl -X PUT "localhost:5601/api/saved_objects/config/$VERSION" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'
{ "attributes":
{
"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29",
"defaultRoute":"/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645",
"discover:sampleSize":"100",
"dashboard:defaultDarkTheme":true,
"theme:darkMode":true,
"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\",\n \"mode\": \"quick\"\n}"
}
}'
curl -X POST "localhost:5601/api/saved_objects/_import" -H "kbn-xsrf: true" --form file=@/opt/so/saltstack/salt/kibana/etc/saved_objects.ndjson

6
salt/kibana/etc/config.json
View File

@@ -1,8 +1,10 @@
{ "attributes":
{
"defaultIndex": "*:logstash-*",
"discover:sampleSize":"10",
"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29",
"defaultRoute":"/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645",
"discover:sampleSize":"100",
"dashboard:defaultDarkTheme":true,
"theme:darkMode":true,
"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\",\n \"mode\": \"quick\"\n}"
}
}

2
salt/kibana/etc/kibana.yml
View File

@@ -4,7 +4,7 @@
server.name: kibana
server.host: "0"
server.basePath: /kibana
elasticsearch.url: http://{{ ES }}:9200
elasticsearch.hosts: [ "http://{{ ES }}:9200" ]
#kibana.index: ".kibana"
#elasticsearch.username: elastic
#elasticsearch.password: changeme

507
salt/kibana/etc/saved_objects.ndjson Normal file
View File

File diff suppressed because one or more lines are too long

25
salt/kibana/init.sls
View File

@@ -1,5 +1,5 @@
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
{% set MASTER = salt['grains.get']('master') %} {% set MASTER = salt['grains.get']('master') %}
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
{% if FEATURES %}
{% set FEATURES = "-features" %}
@@ -59,6 +59,8 @@ synckibanacustom:
- user: 932
- group: 939
# File.Recurse for custom saved dashboards
# Start the kibana docker
so-kibana:
docker_container.running:
@@ -66,10 +68,9 @@ so-kibana:
- hostname: kibana
- user: kibana
- environment:
- KIBANA_DEFAULTAPPID=dashboard/94b52620-342a-11e7-9d52-4f090484f59e
- ELASTICSEARCH_HOST={{ MASTER }}
- ELASTICSEARCH_HOST={{ master }}
- ELASTICSEARCH_PORT=9200
- MASTER={{ MASTER }}
- MASTER={{ master }}
- binds:
- /opt/so/conf/kibana/etc:/usr/share/kibana/config:rw
- /opt/so/log/kibana:/var/log/kibana:rw
@@ -77,3 +78,17 @@ so-kibana:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- port_bindings:
- 0.0.0.0:5601:5601
so-kibana-config-load:
cmd.script:
- shell: /bin/bash
- runas: socore
- source: salt://kibana/bin/so-kibana-config-load
# Keep the setting correct
#KibanaHappy:
# cmd.script:
# - shell: /bin/bash
# - runas: socore
# - source: salt://kibana/bin/keepkibanahappy.sh
# - template: jinja

6
salt/logstash/init.sls
View File

@@ -145,10 +145,12 @@ lsetcsync:
- group: 939
- template: jinja
- clean: True
{% if TEMPLATES %}
- require:
{% for TEMPLATE in TEMPLATES %}
{% for TEMPLATE in TEMPLATES %}
- file: ls_template_{{TEMPLATE.split('.')[0] | replace("/","_") }}
{% endfor %}
{% endfor %}
{% endif %}
- exclude_pat: pipelines*
# Create the import directory

2
salt/logstash/pipelines/config/so/9001_output_switch.conf.jinja
View File

@@ -21,7 +21,7 @@ output {
elasticsearch {
hosts => "{{ ES }}"
index => "so-switch-%{+YYYY.MM.dd}"
template => "/so-template.json"
template => "/so-common-template.json"
}
}
}

2
salt/logstash/pipelines/config/so/9002_output_import.conf.jinja
View File

@@ -20,7 +20,7 @@ output {
hosts => "{{ ES }}"
index => "so-import-%{+YYYY.MM.dd}"
template_name => "logstash"
template => "/so-template.json"
template => "/so-common-template.json"
template_overwrite => true
}
}

2
salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja
View File

@@ -21,7 +21,7 @@ output {
elasticsearch {
hosts => "{{ ES }}"
index => "so-flow-%{+YYYY.MM.dd}"
template => "/so-template.json"
template => "/so-common-template.json"
}
}
}

2
salt/logstash/pipelines/config/so/9026_output_dhcp.conf.jinja
View File

@@ -20,7 +20,7 @@ output {
#stdout { codec => rubydebug }
elasticsearch {
hosts => "{{ ES }}"
template => "/so-template.json"
template => "/so-common-template.json"
}
}
}

2
salt/logstash/pipelines/config/so/9029_output_esxi.conf.jinja
View File

@@ -19,7 +19,7 @@ output {
if [event_type] == "esxi" and "test_data" not in [tags] {
elasticsearch {
hosts => "{{ ES }}"
template => "/so-template.json"
template => "/so-common-template.json"
}
}
}

2
salt/logstash/pipelines/config/so/9030_output_greensql.conf.jinja
View File

@@ -19,7 +19,7 @@ output {
if [event_type] == "greensql" and "test_data" not in [tags] {
elasticsearch {
hosts => "{{ ES }}"
template => "/so-template.json"
template => "/so-common-template.json"
}
}
}

2
salt/logstash/pipelines/config/so/9031_output_iis.conf.jinja
View File

@@ -20,7 +20,7 @@ output {
#stdout { codec => rubydebug }
elasticsearch {
hosts => "{{ ES }}"
template => "/so-template.json"
template => "/so-common-template.json"
}
}
}

2
salt/logstash/pipelines/config/so/9032_output_mcafee.conf.jinja
View File

@@ -20,7 +20,7 @@ output {
#stdout { codec => rubydebug }
elasticsearch {
hosts => "{{ ES }}"
template => "/so-template.json"
template => "/so-common-template.json"
}
}
}

2
salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja
View File

@@ -22,7 +22,7 @@ output {
hosts => "{{ ES }}"
index => "so-ids-%{+YYYY.MM.dd}"
template_name => "logstash"
template => "/so-template.json"
template => "/so-common-template.json"
template_overwrite => true
}
}

2
salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja
View File

@@ -21,7 +21,7 @@ output {
hosts => "{{ ES }}"
index => "so-syslog-%{+YYYY.MM.dd}"
template_name => "logstash"
template => "/so-template.json"
template => "/so-common-template.json"
template_overwrite => true
}
}

2
salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja
View File

@@ -13,7 +13,7 @@ output {
elasticsearch {
hosts => "{{ ES }}"
index => "so-osquery-%{+YYYY.MM.dd}"
template => "/so-template.json"
template => "/so-common-template.json"
}
}
}

2
salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja
View File

@@ -22,7 +22,7 @@ output {
hosts => "{{ ES }}"
index => "so-firewall-%{+YYYY.MM.dd}"
template_name => "logstash"
template => "/so-template.json"
template => "/so-common-template.json"
template_overwrite => true
}
}

2
salt/logstash/pipelines/config/so/9300_output_windows.conf.jinja
View File

@@ -21,7 +21,7 @@ output {
elasticsearch {
hosts => "{{ ES }}"
index => "so-windows-%{+YYYY.MM.dd}"
template => "/so-template.json"
template => "/so-common-template.json"
}
}
}

2
salt/logstash/pipelines/config/so/9301_output_dns_windows.conf.jinja
View File

@@ -21,7 +21,7 @@ output {
elasticsearch {
hosts => "{{ ES }}"
index => "so-%{+YYYY.MM.dd}"
template => "/so-template.json"
template => "/so-common-template.json"
}
}
}

2
salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja
View File

@@ -21,7 +21,7 @@ output {
elasticsearch {
hosts => "{{ ES }}"
index => "so-ids-%{+YYYY.MM.dd}"
template => "/so-template.json"
template => "/so-common-template.json"
}
}
}

4
salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
View File

@@ -22,8 +22,8 @@ output {
pipeline => "%{event_type}"
hosts => "{{ ES }}"
index => "so-ossec-%{+YYYY.MM.dd}"
template_name => "so-ossec"
template => "/so-ossec-template.json"
template_name => "so-common"
template => "/so-common-template.json"
template_overwrite => true
}
}

4
salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja
View File

@@ -21,8 +21,8 @@ output {
elasticsearch {
hosts => "{{ ES }}"
index => "so-strelka-%{+YYYY.MM.dd}"
template_name => "so-strelka"
template => "/so-strelka-template.json"
template_name => "so-common"
template => "/so-common-template.json"
template_overwrite => true
}
}

2
salt/logstash/pipelines/templates/so/so-beats-template.json
View File

@@ -3,7 +3,6 @@
"so-beats-*"
],
"mappings": {
"doc": {
"_meta": {
"version": "6.1.3"
},
@@ -1270,7 +1269,6 @@
}
}
}
}
},
"order": 1,
"settings": {

4
salt/logstash/pipelines/templates/so/so-common-template.json
View File

@@ -1,5 +1,5 @@
{
"index_patterns": ["so-ids-*", "so-firewall-*", "so-syslog-*", "so-zeek-*", "so-import-*", "so-ossec-*", "so-strelka", "so-beats-*"],
"index_patterns": ["so-ids-*", "so-firewall-*", "so-syslog-*", "so-zeek-*", "so-import-*", "so-ossec-*", "so-strelka-*", "so-beats-*"],
"version":50001,
"order" : 10,
"settings":{
@@ -8,7 +8,6 @@
"index.refresh_interval":"30s"
},
"mappings":{
"doc":{
"dynamic": false,
"date_detection": false,
"properties":{
@@ -351,5 +350,4 @@
}
}
}
}
}