CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add system.system template and add event-mappings

Browse Source
This commit is contained in:
Wes
2023-06-14 13:28:00 +00:00
parent 8cde05807c
commit c2ac60b82e
1 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
salt/elasticsearch/defaults.yaml
View File

@@ -149,6 +149,25 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-system.system:
index_sorting: False
index_template:
index_patterns:
- "logs-system.system*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "event-mappings"
- "logs-system.system@package"
- "logs-system.system@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-system.application: so-logs-system.application:
index_sorting: False index_sorting: False
index_template: index_template:
@@ -467,13 +486,8 @@ elasticsearch:
sort: sort:
field: "@timestamp" field: "@timestamp"
order: desc order: desc
mappings:
_meta:
package:
name: elastic_agent
managed_by: security_onion
managed: true
composed_of: composed_of:
- "event-mappings"
- "logs-elastic_agent.endpoint_security@package" - "logs-elastic_agent.endpoint_security@package"
- "logs-elastic_agent.endpoint_security@custom" - "logs-elastic_agent.endpoint_security@custom"
- "so-fleet_globals-1" - "so-fleet_globals-1"