CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update templates for integrations

Browse Source
This commit is contained in:
Wes
2023-06-09 18:32:50 +00:00
parent e06787445c
commit ad5a424c03
1 changed files with 122 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
salt/elasticsearch/defaults.yaml
View File

@@ -111,11 +111,120 @@ elasticsearch:
name: elastic_agent
managed_by: security_onion
managed: true
logs-osquery-manager:
so-logs-system.application:
index_sorting: False
index_template:
index_patterns:
- ".logs-osquery*"
- "logs-system.application*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-system.application@package"
- "logs-system.application@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-system.security:
index_sorting: False
index_template:
index_patterns:
- "logs-system.security*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-system.security@package"
- "logs-system.security@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-windows.forwarded:
index_sorting: False
index_template:
index_patterns:
- "logs-windows.forwarded*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-windows.forwarded@package"
- "logs-windows.forwarded@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-windows.powershell:
index_sorting: False
index_template:
index_patterns:
- "logs-windows.powershell-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-windows.powershell@package"
- "logs-windows.powershell@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-windows.powershell_operational:
index_sorting: False
index_template:
index_patterns:
- "logs-windows.powershell_operational-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-windows.powershell_operational@package"
- "logs-windows.powershell_operational@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-windows.sysmon_operational:
index_sorting: False
index_template:
index_patterns:
- "logs-windows.sysmon_operational-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-windows.sysmon_operational@package"
- "logs-windows.sysmon_operational@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-osquery-manager:
index_sorting: False
index_template:
index_patterns:
- "logs-osquery*"
template:
settings:
index:
@@ -126,7 +235,7 @@ elasticsearch:
name: elastic_agent
managed_by: security_onion
managed: true
logs-elastic_agent.apm_server:
so-logs-elastic_agent.apm_server:
index_sorting: False
index_template:
index_patterns:
@@ -180,7 +289,7 @@ elasticsearch:
name: elastic_agent
managed_by: security_onion
managed: true
logs-elastic_agent.auditbeat:
so-logs-elastic_agent.auditbeat:
index_sorting: False
index_template:
index_patterns:
@@ -234,7 +343,7 @@ elasticsearch:
name: elastic_agent
managed_by: security_onion
managed: true
logs-elastic_agent.cloudbeat:
so-logs-elastic_agent.cloudbeat:
index_sorting: False
index_template:
index_patterns:
@@ -285,7 +394,7 @@ elasticsearch:
name: elastic_agent
managed_by: security_onion
managed: true
logs-elastic_agent.endpoint_security:
so-logs-elastic_agent.endpoint_security:
index_sorting: False
index_template:
index_patterns:
@@ -339,7 +448,7 @@ elasticsearch:
name: elastic_agent
managed_by: security_onion
managed: true
logs-elastic_agent.filebeat:
so-logs-elastic_agent.filebeat:
index_sorting: False
index_template:
index_patterns:
@@ -393,7 +502,7 @@ elasticsearch:
name: elastic_agent
managed_by: security_onion
managed: true
logs-elastic_agent.fleet_server:
so-logs-elastic_agent.fleet_server:
index_sorting: False
index_template:
index_patterns:
@@ -447,7 +556,7 @@ elasticsearch:
name: elastic_agent
managed_by: security_onion
managed: true
logs-elastic_agent.heartbeat:
so-logs-elastic_agent.heartbeat:
index_sorting: False
index_template:
index_patterns:
@@ -498,7 +607,7 @@ elasticsearch:
name: elastic_agent
managed_by: security_onion
managed: true
logs-elastic_agent:
so-logs-elastic_agent:
index_sorting: False
index_template:
index_patterns:
@@ -552,7 +661,7 @@ elasticsearch:
name: elastic_agent
managed_by: security_onion
managed: true
logs-elastic_agent.metricbeat:
so-logs-elastic_agent.metricbeat:
index_sorting: False
index_template:
index_patterns:
@@ -606,7 +715,7 @@ elasticsearch:
name: elastic_agent
managed_by: security_onion
managed: true
logs-elastic_agent.osquerybeat:
so-logs-elastic_agent.osquerybeat:
index_sorting: False
index_template:
index_patterns:
@@ -660,7 +769,7 @@ elasticsearch:
name: elastic_agent
managed_by: security_onion
managed: true
logs-elastic_agent.packetbeat:
so-logs-elastic_agent.packetbeat:
index_sorting: False
index_template:
index_patterns: