diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 10cc347d1..50e06c340 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -111,11 +111,120 @@ elasticsearch: name: elastic_agent managed_by: security_onion managed: true - logs-osquery-manager: + so-logs-system.application: index_sorting: False index_template: index_patterns: - - ".logs-osquery*" + - "logs-system.application*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-system.application@package" + - "logs-system.application@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-system.security: + index_sorting: False + index_template: + index_patterns: + - "logs-system.security*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-system.security@package" + - "logs-system.security@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-windows.forwarded: + index_sorting: False + index_template: + index_patterns: + - "logs-windows.forwarded*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-windows.forwarded@package" + - "logs-windows.forwarded@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-windows.powershell: + index_sorting: False + index_template: + index_patterns: + - "logs-windows.powershell-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-windows.powershell@package" + - "logs-windows.powershell@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-windows.powershell_operational: + index_sorting: False + index_template: + index_patterns: + - "logs-windows.powershell_operational-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-windows.powershell_operational@package" + - "logs-windows.powershell_operational@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-windows.sysmon_operational: + index_sorting: False + index_template: + index_patterns: + - "logs-windows.sysmon_operational-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-windows.sysmon_operational@package" + - "logs-windows.sysmon_operational@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + + so-logs-osquery-manager: + index_sorting: False + index_template: + index_patterns: + - "logs-osquery*" template: settings: index: @@ -126,7 +235,7 @@ elasticsearch: name: elastic_agent managed_by: security_onion managed: true - logs-elastic_agent.apm_server: + so-logs-elastic_agent.apm_server: index_sorting: False index_template: index_patterns: @@ -180,7 +289,7 @@ elasticsearch: name: elastic_agent managed_by: security_onion managed: true - logs-elastic_agent.auditbeat: + so-logs-elastic_agent.auditbeat: index_sorting: False index_template: index_patterns: @@ -234,7 +343,7 @@ elasticsearch: name: elastic_agent managed_by: security_onion managed: true - logs-elastic_agent.cloudbeat: + so-logs-elastic_agent.cloudbeat: index_sorting: False index_template: index_patterns: @@ -285,7 +394,7 @@ elasticsearch: name: elastic_agent managed_by: security_onion managed: true - logs-elastic_agent.endpoint_security: + so-logs-elastic_agent.endpoint_security: index_sorting: False index_template: index_patterns: @@ -339,7 +448,7 @@ elasticsearch: name: elastic_agent managed_by: security_onion managed: true - logs-elastic_agent.filebeat: + so-logs-elastic_agent.filebeat: index_sorting: False index_template: index_patterns: @@ -393,7 +502,7 @@ elasticsearch: name: elastic_agent managed_by: security_onion managed: true - logs-elastic_agent.fleet_server: + so-logs-elastic_agent.fleet_server: index_sorting: False index_template: index_patterns: @@ -447,7 +556,7 @@ elasticsearch: name: elastic_agent managed_by: security_onion managed: true - logs-elastic_agent.heartbeat: + so-logs-elastic_agent.heartbeat: index_sorting: False index_template: index_patterns: @@ -498,7 +607,7 @@ elasticsearch: name: elastic_agent managed_by: security_onion managed: true - logs-elastic_agent: + so-logs-elastic_agent: index_sorting: False index_template: index_patterns: @@ -552,7 +661,7 @@ elasticsearch: name: elastic_agent managed_by: security_onion managed: true - logs-elastic_agent.metricbeat: + so-logs-elastic_agent.metricbeat: index_sorting: False index_template: index_patterns: @@ -606,7 +715,7 @@ elasticsearch: name: elastic_agent managed_by: security_onion managed: true - logs-elastic_agent.osquerybeat: + so-logs-elastic_agent.osquerybeat: index_sorting: False index_template: index_patterns: @@ -660,7 +769,7 @@ elasticsearch: name: elastic_agent managed_by: security_onion managed: true - logs-elastic_agent.packetbeat: + so-logs-elastic_agent.packetbeat: index_sorting: False index_template: index_patterns: