CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-13 21:59:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

update index template priorities + explicity add datastream config options

Browse Source
This commit is contained in:
reyesj2
2026-03-17 13:50:15 -05:00
parent 1a943aefc5
commit a52e5d0474
1 changed files with 51 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/elasticsearch/defaults.yaml
+51 -26
View File
@@ -117,7 +117,7 @@ elasticsearch:
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- so-case* - so-case*
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -203,7 +203,9 @@ elasticsearch:
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
- winlog-mappings - winlog-mappings
data_stream: {} data_stream:
allow_custom_routing: false
hidden: false
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- logs-*-so* - logs-*-so*
@@ -263,7 +265,7 @@ elasticsearch:
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- so-detection* - so-detection*
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -444,7 +446,7 @@ elasticsearch:
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- endgame* - endgame*
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -549,7 +551,7 @@ elasticsearch:
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- logs-idh-so* - logs-idh-so*
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -659,11 +661,13 @@ elasticsearch:
- common-dynamic-mappings - common-dynamic-mappings
- winlog-mappings - winlog-mappings
- hash-mappings - hash-mappings
data_stream: {} data_stream:
allow_custom_routing: false
hidden: false
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- logs-import-so* - logs-import-so*
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -718,7 +722,7 @@ elasticsearch:
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- so-ip* - so-ip*
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -747,7 +751,7 @@ elasticsearch:
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- .items-default-** - .items-default-**
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -846,7 +850,7 @@ elasticsearch:
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- logs-kratos-so* - logs-kratos-so*
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -954,7 +958,7 @@ elasticsearch:
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- logs-hydra-so* - logs-hydra-so*
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -1009,7 +1013,7 @@ elasticsearch:
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- .lists-default-** - .lists-default-**
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -1495,6 +1499,9 @@ elasticsearch:
- so-fleet_integrations.ip_mappings-1 - so-fleet_integrations.ip_mappings-1
- so-fleet_globals-1 - so-fleet_globals-1
- so-fleet_agent_id_verification-1 - so-fleet_agent_id_verification-1
data_stream:
allow_custom_routing: false
hidden: false
ignore_missing_component_templates: ignore_missing_component_templates:
- logs-elastic_agent.cloudbeat@custom - logs-elastic_agent.cloudbeat@custom
index_patterns: index_patterns:
@@ -1730,6 +1737,9 @@ elasticsearch:
- so-fleet_integrations.ip_mappings-1 - so-fleet_integrations.ip_mappings-1
- so-fleet_globals-1 - so-fleet_globals-1
- so-fleet_agent_id_verification-1 - so-fleet_agent_id_verification-1
data_stream:
allow_custom_routing: false
hidden: false
ignore_missing_component_templates: ignore_missing_component_templates:
- logs-elastic_agent.heartbeat@custom - logs-elastic_agent.heartbeat@custom
index_patterns: index_patterns:
@@ -3043,11 +3053,13 @@ elasticsearch:
- dtc-user_agent-mappings - dtc-user_agent-mappings
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
data_stream: {} data_stream:
allow_custom_routing: false
hidden: false
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- logs-soc-so* - logs-soc-so*
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -3637,10 +3649,13 @@ elasticsearch:
- vulnerability-mappings - vulnerability-mappings
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
data_stream:
allow_custom_routing: false
hidden: false
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- logs-logstash-default* - logs-logstash-default*
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -3941,7 +3956,7 @@ elasticsearch:
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- logs-redis.log* - logs-redis.log*
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -4052,11 +4067,13 @@ elasticsearch:
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
- hash-mappings - hash-mappings
data_stream: {} data_stream:
allow_custom_routing: false
hidden: false
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- logs-strelka-so* - logs-strelka-so*
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -4166,11 +4183,13 @@ elasticsearch:
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
- hash-mappings - hash-mappings
data_stream: {} data_stream:
allow_custom_routing: false
hidden: false
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- logs-suricata-so* - logs-suricata-so*
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -4280,11 +4299,13 @@ elasticsearch:
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
- hash-mappings - hash-mappings
data_stream: {} data_stream:
allow_custom_routing: false
hidden: false
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- logs-suricata.alerts-* - logs-suricata.alerts-*
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -4394,11 +4415,13 @@ elasticsearch:
- vulnerability-mappings - vulnerability-mappings
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
data_stream: {} data_stream:
allow_custom_routing: false
hidden: false
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- logs-syslog-so* - logs-syslog-so*
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false
@@ -4510,11 +4533,13 @@ elasticsearch:
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
- hash-mappings - hash-mappings
data_stream: {} data_stream:
allow_custom_routing: false
hidden: false
ignore_missing_component_templates: [] ignore_missing_component_templates: []
index_patterns: index_patterns:
- logs-zeek-so* - logs-zeek-so*
priority: 500 priority: 501
template: template:
mappings: mappings:
date_detection: false date_detection: false