CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 02:32:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '2.4/dev' into jppsensoroni

Browse Source
This commit is contained in:
Josh Patterson
2024-03-05 17:51:32 -05:00
committed by GitHub
parent 5687fdcf57 d5b08142a0
commit ac9db8a392
4 changed files with 224 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/elasticfleet/defaults.yaml
View File

@@ -65,6 +65,7 @@ elasticfleet:
- http_endpoint - http_endpoint
- httpjson - httpjson
- iis - iis
- journald
- juniper - juniper
- juniper_srx - juniper_srx
- kafka_log - kafka_log

220
salt/elasticsearch/defaults.yaml
View File

@@ -1107,6 +1107,50 @@ elasticsearch:
set_priority: set_priority:
priority: 50 priority: 50
min_age: 30d min_age: 30d
so-logs-aws_x_cloudfront_logs:
index_sorting: False
index_template:
index_patterns:
- "logs-aws.cloudfront_logs-*"
template:
settings:
index:
lifecycle:
name: so-logs-aws.cloudfront_logs-logs
number_of_replicas: 0
composed_of:
- "logs-aws.cloudfront_logs@package"
- "logs-aws.cloudfront_logs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-aws_x_cloudtrail: so-logs-aws_x_cloudtrail:
index_sorting: false index_sorting: false
index_template: index_template:
@@ -1327,6 +1371,94 @@ elasticsearch:
set_priority: set_priority:
priority: 50 priority: 50
min_age: 30d min_age: 30d
so-logs-aws_x_guardduty:
index_sorting: False
index_template:
index_patterns:
- "logs-aws.guardduty-*"
template:
settings:
index:
lifecycle:
name: so-logs-aws.guardduty-logs
number_of_replicas: 0
composed_of:
- "logs-aws.guardduty@package"
- "logs-aws.guardduty@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-aws_x_inspector:
index_sorting: False
index_template:
index_patterns:
- "logs-aws.inspector-*"
template:
settings:
index:
lifecycle:
name: so-logs-aws.inspector-logs
number_of_replicas: 0
composed_of:
- "logs-aws.inspector@package"
- "logs-aws.inspector@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-aws_x_route53_public_logs: so-logs-aws_x_route53_public_logs:
index_sorting: false index_sorting: false
index_template: index_template:
@@ -1459,6 +1591,94 @@ elasticsearch:
set_priority: set_priority:
priority: 50 priority: 50
min_age: 30d min_age: 30d
so-logs-aws_x_securityhub_findings:
index_sorting: False
index_template:
index_patterns:
- "logs-aws.securityhub_findings-*"
template:
settings:
index:
lifecycle:
name: so-logs-aws.securityhub_findings-logs
number_of_replicas: 0
composed_of:
- "logs-aws.securityhub_findings@package"
- "logs-aws.securityhub_findings@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-aws_x_securityhub_insights:
index_sorting: False
index_template:
index_patterns:
- "logs-aws.securityhub_insights-*"
template:
settings:
index:
lifecycle:
name: so-logs-aws.securityhub_insights-logs
number_of_replicas: 0
composed_of:
- "logs-aws.securityhub_insights@package"
- "logs-aws.securityhub_insights@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-aws_x_vpcflow: so-logs-aws_x_vpcflow:
index_sorting: false index_sorting: false
index_template: index_template:

1
salt/idstools/soc_idstools.yaml
View File

@@ -6,6 +6,7 @@ idstools:
description: Enter your registration code or oinkcode for paid NIDS rulesets. description: Enter your registration code or oinkcode for paid NIDS rulesets.
title: Registration Code title: Registration Code
global: True global: True
forcedType: string
helpLink: rules.html helpLink: rules.html
ruleset: ruleset:
description: 'Defines the ruleset you want to run. Options are ETOPEN or ETPRO. WARNING! Changing the ruleset will remove all existing Suricata rules of the previous ruleset and their associated overrides. This removal cannot be undone.' description: 'Defines the ruleset you want to run. Options are ETOPEN or ETPRO. WARNING! Changing the ruleset will remove all existing Suricata rules of the previous ruleset and their associated overrides. This removal cannot be undone.'

4
salt/manager/tools/sbin/so-minion
View File

@@ -96,8 +96,8 @@ function pcapspace() {
fi fi
local s=$(( $SPACESIZE / 1000000 )) local s=$(( $SPACESIZE / 1000000 ))
local s1=$(( $s / 2 ))
local s2=$(( $s1 / $CORECOUNT )) local s2=$(( $s1 / $CORECOUNT ))
local s1=$(( $s / 4 ))
MAXPCAPFILES=$s2 MAXPCAPFILES=$s2
@@ -280,7 +280,7 @@ function add_sensor_to_minion() {
echo " enabled: True" >> $PILLARFILE echo " enabled: True" >> $PILLARFILE
if [[ $is_pcaplimit ]]; then if [[ $is_pcaplimit ]]; then
echo " config:" >> $PILLARFILE echo " config:" >> $PILLARFILE
echo " diskfreepercentage: 60" >> $PILLARFILE echo " diskfreepercentage: 75" >> $PILLARFILE
pcapspace pcapspace
fi fi
echo " " >> $PILLARFILE echo " " >> $PILLARFILE