mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-08 18:22:47 +01:00
Merge branch '2.4/dev' into jppsensoroni
This commit is contained in:
Josh Patterson
GitHub
@@ -65,6 +65,7 @@ elasticfleet:
|
||||
- http_endpoint
|
||||
- httpjson
|
||||
- iis
|
||||
- journald
|
||||
- juniper
|
||||
- juniper_srx
|
||||
- kafka_log
|
||||
|
||||
@@ -1107,6 +1107,50 @@ elasticsearch:
|
||||
set_priority:
|
||||
priority: 50
|
||||
min_age: 30d
|
||||
so-logs-aws_x_cloudfront_logs:
|
||||
index_sorting: False
|
||||
index_template:
|
||||
index_patterns:
|
||||
- "logs-aws.cloudfront_logs-*"
|
||||
template:
|
||||
settings:
|
||||
index:
|
||||
lifecycle:
|
||||
name: so-logs-aws.cloudfront_logs-logs
|
||||
number_of_replicas: 0
|
||||
composed_of:
|
||||
- "logs-aws.cloudfront_logs@package"
|
||||
- "logs-aws.cloudfront_logs@custom"
|
||||
- "so-fleet_globals-1"
|
||||
- "so-fleet_agent_id_verification-1"
|
||||
priority: 501
|
||||
data_stream:
|
||||
hidden: false
|
||||
allow_custom_routing: false
|
||||
policy:
|
||||
phases:
|
||||
cold:
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 0
|
||||
min_age: 30d
|
||||
delete:
|
||||
actions:
|
||||
delete: {}
|
||||
min_age: 365d
|
||||
hot:
|
||||
actions:
|
||||
rollover:
|
||||
max_age: 30d
|
||||
max_primary_shard_size: 50gb
|
||||
set_priority:
|
||||
priority: 100
|
||||
min_age: 0ms
|
||||
warm:
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 50
|
||||
min_age: 30d
|
||||
so-logs-aws_x_cloudtrail:
|
||||
index_sorting: false
|
||||
index_template:
|
||||
@@ -1327,6 +1371,94 @@ elasticsearch:
|
||||
set_priority:
|
||||
priority: 50
|
||||
min_age: 30d
|
||||
so-logs-aws_x_guardduty:
|
||||
index_sorting: False
|
||||
index_template:
|
||||
index_patterns:
|
||||
- "logs-aws.guardduty-*"
|
||||
template:
|
||||
settings:
|
||||
index:
|
||||
lifecycle:
|
||||
name: so-logs-aws.guardduty-logs
|
||||
number_of_replicas: 0
|
||||
composed_of:
|
||||
- "logs-aws.guardduty@package"
|
||||
- "logs-aws.guardduty@custom"
|
||||
- "so-fleet_globals-1"
|
||||
- "so-fleet_agent_id_verification-1"
|
||||
priority: 501
|
||||
data_stream:
|
||||
hidden: false
|
||||
allow_custom_routing: false
|
||||
policy:
|
||||
phases:
|
||||
cold:
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 0
|
||||
min_age: 30d
|
||||
delete:
|
||||
actions:
|
||||
delete: {}
|
||||
min_age: 365d
|
||||
hot:
|
||||
actions:
|
||||
rollover:
|
||||
max_age: 30d
|
||||
max_primary_shard_size: 50gb
|
||||
set_priority:
|
||||
priority: 100
|
||||
min_age: 0ms
|
||||
warm:
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 50
|
||||
min_age: 30d
|
||||
so-logs-aws_x_inspector:
|
||||
index_sorting: False
|
||||
index_template:
|
||||
index_patterns:
|
||||
- "logs-aws.inspector-*"
|
||||
template:
|
||||
settings:
|
||||
index:
|
||||
lifecycle:
|
||||
name: so-logs-aws.inspector-logs
|
||||
number_of_replicas: 0
|
||||
composed_of:
|
||||
- "logs-aws.inspector@package"
|
||||
- "logs-aws.inspector@custom"
|
||||
- "so-fleet_globals-1"
|
||||
- "so-fleet_agent_id_verification-1"
|
||||
priority: 501
|
||||
data_stream:
|
||||
hidden: false
|
||||
allow_custom_routing: false
|
||||
policy:
|
||||
phases:
|
||||
cold:
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 0
|
||||
min_age: 30d
|
||||
delete:
|
||||
actions:
|
||||
delete: {}
|
||||
min_age: 365d
|
||||
hot:
|
||||
actions:
|
||||
rollover:
|
||||
max_age: 30d
|
||||
max_primary_shard_size: 50gb
|
||||
set_priority:
|
||||
priority: 100
|
||||
min_age: 0ms
|
||||
warm:
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 50
|
||||
min_age: 30d
|
||||
so-logs-aws_x_route53_public_logs:
|
||||
index_sorting: false
|
||||
index_template:
|
||||
@@ -1459,6 +1591,94 @@ elasticsearch:
|
||||
set_priority:
|
||||
priority: 50
|
||||
min_age: 30d
|
||||
so-logs-aws_x_securityhub_findings:
|
||||
index_sorting: False
|
||||
index_template:
|
||||
index_patterns:
|
||||
- "logs-aws.securityhub_findings-*"
|
||||
template:
|
||||
settings:
|
||||
index:
|
||||
lifecycle:
|
||||
name: so-logs-aws.securityhub_findings-logs
|
||||
number_of_replicas: 0
|
||||
composed_of:
|
||||
- "logs-aws.securityhub_findings@package"
|
||||
- "logs-aws.securityhub_findings@custom"
|
||||
- "so-fleet_globals-1"
|
||||
- "so-fleet_agent_id_verification-1"
|
||||
priority: 501
|
||||
data_stream:
|
||||
hidden: false
|
||||
allow_custom_routing: false
|
||||
policy:
|
||||
phases:
|
||||
cold:
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 0
|
||||
min_age: 30d
|
||||
delete:
|
||||
actions:
|
||||
delete: {}
|
||||
min_age: 365d
|
||||
hot:
|
||||
actions:
|
||||
rollover:
|
||||
max_age: 30d
|
||||
max_primary_shard_size: 50gb
|
||||
set_priority:
|
||||
priority: 100
|
||||
min_age: 0ms
|
||||
warm:
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 50
|
||||
min_age: 30d
|
||||
so-logs-aws_x_securityhub_insights:
|
||||
index_sorting: False
|
||||
index_template:
|
||||
index_patterns:
|
||||
- "logs-aws.securityhub_insights-*"
|
||||
template:
|
||||
settings:
|
||||
index:
|
||||
lifecycle:
|
||||
name: so-logs-aws.securityhub_insights-logs
|
||||
number_of_replicas: 0
|
||||
composed_of:
|
||||
- "logs-aws.securityhub_insights@package"
|
||||
- "logs-aws.securityhub_insights@custom"
|
||||
- "so-fleet_globals-1"
|
||||
- "so-fleet_agent_id_verification-1"
|
||||
priority: 501
|
||||
data_stream:
|
||||
hidden: false
|
||||
allow_custom_routing: false
|
||||
policy:
|
||||
phases:
|
||||
cold:
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 0
|
||||
min_age: 30d
|
||||
delete:
|
||||
actions:
|
||||
delete: {}
|
||||
min_age: 365d
|
||||
hot:
|
||||
actions:
|
||||
rollover:
|
||||
max_age: 30d
|
||||
max_primary_shard_size: 50gb
|
||||
set_priority:
|
||||
priority: 100
|
||||
min_age: 0ms
|
||||
warm:
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 50
|
||||
min_age: 30d
|
||||
so-logs-aws_x_vpcflow:
|
||||
index_sorting: false
|
||||
index_template:
|
||||
|
||||
@@ -6,6 +6,7 @@ idstools:
|
||||
description: Enter your registration code or oinkcode for paid NIDS rulesets.
|
||||
title: Registration Code
|
||||
global: True
|
||||
forcedType: string
|
||||
helpLink: rules.html
|
||||
ruleset:
|
||||
description: 'Defines the ruleset you want to run. Options are ETOPEN or ETPRO. WARNING! Changing the ruleset will remove all existing Suricata rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
|
||||
|
||||
@@ -96,8 +96,8 @@ function pcapspace() {
|
||||
fi
|
||||
|
||||
local s=$(( $SPACESIZE / 1000000 ))
|
||||
local s1=$(( $s / 2 ))
|
||||
local s2=$(( $s1 / $CORECOUNT ))
|
||||
local s1=$(( $s / 4 ))
|
||||
|
||||
MAXPCAPFILES=$s2
|
||||
|
||||
@@ -280,7 +280,7 @@ function add_sensor_to_minion() {
|
||||
echo " enabled: True" >> $PILLARFILE
|
||||
if [[ $is_pcaplimit ]]; then
|
||||
echo " config:" >> $PILLARFILE
|
||||
echo " diskfreepercentage: 60" >> $PILLARFILE
|
||||
echo " diskfreepercentage: 75" >> $PILLARFILE
|
||||
pcapspace
|
||||
fi
|
||||
echo " " >> $PILLARFILE
|
||||
|
||||
Reference in New Issue
Block a user