CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into kilo

Browse Source
This commit is contained in:
Jason Ertel
2021-09-16 07:44:35 -04:00
parent 82da0041a4 c06668c68e
commit b81d38e392
10 changed files with 214 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/elasticsearch/files/ingest/import.wel
View File

@@ -4,6 +4,7 @@
{ "remove": { "field": ["event.created","timestamp", "winlog.event_data.UtcTime", "event_record_id"], "ignore_failure": true } },
{ "pipeline": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational'", "name": "sysmon" } },
{ "pipeline": { "if": "ctx.winlog?.channel != 'Microsoft-Windows-Sysmon/Operational'", "name":"win.eventlogs" } },
{ "dissect": { "field": "log.file.name", "pattern" : "/tmp/%{import.id}.evtx" } },
{ "pipeline": { "name": "common" } }
]
}

3
salt/elasticsearch/templates/so/so-common-template.json
View File

@@ -1,3 +1,4 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', True) %}
{
"index_patterns": ["so-*"],
"version":50001,
@@ -8,8 +9,10 @@
"index.refresh_interval":"30s",
"index.routing.allocation.require.box_type":"hot",
"index.mapping.total_fields.limit": "1500",
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"analysis": {
"analyzer": {
"es_security_analyzer": {