diff --git a/.github/.gitleaks.toml b/.github/.gitleaks.toml index 21a047959..2111ed7bc 100644 --- a/.github/.gitleaks.toml +++ b/.github/.gitleaks.toml @@ -536,7 +536,7 @@ secretGroup = 4 [allowlist] description = "global allow lists" -regexes = ['''219-09-9999''', '''078-05-1120''', '''(9[0-9]{2}|666)-\d{2}-\d{4}''', '''RPM-GPG-KEY.*''', '''.*:.*StrelkaHexDump.*''', '''.*:.*PLACEHOLDER.*''', '''ssl_.*password'''] +regexes = ['''219-09-9999''', '''078-05-1120''', '''(9[0-9]{2}|666)-\d{2}-\d{4}''', '''RPM-GPG-KEY.*''', '''.*:.*StrelkaHexDump.*''', '''.*:.*PLACEHOLDER.*''', '''ssl_.*password''', '''integration_key\s=\s"so-logs-"'''] paths = [ '''gitleaks.toml''', '''(.*?)(jpg|gif|doc|pdf|bin|svg|socket)$''', diff --git a/.github/DISCUSSION_TEMPLATE/2-4.yml b/.github/DISCUSSION_TEMPLATE/2-4.yml index 0b8d5e6b9..9583ac99a 100644 --- a/.github/DISCUSSION_TEMPLATE/2-4.yml +++ b/.github/DISCUSSION_TEMPLATE/2-4.yml @@ -24,6 +24,7 @@ body: - 2.4.110 - 2.4.111 - 2.4.120 + - 2.4.130 - Other (please provide detail below) validations: required: true diff --git a/.github/ISSUE_TEMPLATE b/.github/ISSUE_TEMPLATE deleted file mode 100644 index e02405f16..000000000 --- a/.github/ISSUE_TEMPLATE +++ /dev/null @@ -1,12 +0,0 @@ -PLEASE STOP AND READ THIS INFORMATION! - -If you are creating an issue just to ask a question, you will likely get faster and better responses by posting to our discussions forum instead: -https://securityonion.net/discuss - -If you think you have found a possible bug or are observing a behavior that you weren't expecting, use the discussion forum to start a conversation about it instead of creating an issue. - -If you are very familiar with the latest version of the product and are confident you have found a bug in Security Onion, you can continue with creating an issue here, but please make sure you have done the following: -- duplicated the issue on a fresh installation of the latest version -- provide information about your system and how you installed Security Onion -- include relevant log files -- include reproduction steps diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 000000000..43b490b49 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,38 @@ +--- +name: Bug report +about: This option is for experienced community members to report a confirmed, reproducible bug +title: '' +labels: '' +assignees: '' + +--- +PLEASE STOP AND READ THIS INFORMATION! + +If you are creating an issue just to ask a question, you will likely get faster and better responses by posting to our discussions forum at https://securityonion.net/discuss. + +If you think you have found a possible bug or are observing a behavior that you weren't expecting, use the discussion forum at https://securityonion.net/discuss to start a conversation about it instead of creating an issue. + +If you are very familiar with the latest version of the product and are confident you have found a bug in Security Onion, you can continue with creating an issue here, but please make sure you have done the following: +- duplicated the issue on a fresh installation of the latest version +- provide information about your system and how you installed Security Onion +- include relevant log files +- include reproduction steps + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 000000000..5758e82cf --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,5 @@ +blank_issues_enabled: false +contact_links: + - name: Security Onion Discussions + url: https://securityonion.com/discussions + about: Please ask and answer questions here diff --git a/DOWNLOAD_AND_VERIFY_ISO.md b/DOWNLOAD_AND_VERIFY_ISO.md index 57a07e53c..b619315c8 100644 --- a/DOWNLOAD_AND_VERIFY_ISO.md +++ b/DOWNLOAD_AND_VERIFY_ISO.md @@ -1,17 +1,17 @@ -### 2.4.111-20241217 ISO image released on 2024/12/18 +### 2.4.120-20250212 ISO image released on 2025/02/12 ### Download and Verify -2.4.111-20241217 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.4.111-20241217.iso +2.4.120-20250212 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.4.120-20250212.iso -MD5: 767823D75EB76A6DC6132F799FD0E720 -SHA1: 0A7B6918FE5D4BC89EE3F2E03B4F8F4D6255141D -SHA256: 394BFCED9B5EAA0788E2D04806231B3A170839394AAF8DD23B4CE0EB9D6EF727 +MD5: 3FF09F50AB1C9318CF0862DE9816102D +SHA1: 197AFA5A85C5CF95D0289FCD21BED7615FB8DB5C +SHA256: A59D94B09EEB39D8C2B6D0808792EC479B13D96FA7B32C3BEEFB6709C93F6692 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.111-20241217.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.120-20250212.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS @@ -25,22 +25,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2. Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.111-20241217.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.120-20250212.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.4.111-20241217.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.4.120-20250212.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.4.111-20241217.iso.sig securityonion-2.4.111-20241217.iso +gpg --verify securityonion-2.4.120-20250212.iso.sig securityonion-2.4.120-20250212.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Tue 17 Dec 2024 04:33:10 PM EST using RSA key ID FE507013 +gpg: Signature made Tue 11 Feb 2025 05:26:33 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/LICENSE b/LICENSE new file mode 100644 index 000000000..77329e94a --- /dev/null +++ b/LICENSE @@ -0,0 +1,53 @@ +Elastic License 2.0 (ELv2) + +Acceptance + + By using the software, you agree to all of the terms and conditions below. + +Copyright License + + The licensor grants you a non-exclusive, royalty-free, worldwide, non-sublicensable, non-transferable license to use, copy, distribute, make available, and prepare derivative works of the software, in each case subject to the limitations and conditions below. + +Limitations + + You may not provide the software to third parties as a hosted or managed service, where the service provides users with access to any substantial set of the features or functionality of the software. + + You may not move, change, disable, or circumvent the license key functionality in the software, and you may not remove or obscure any functionality in the software that is protected by the license key. + + You may not alter, remove, or obscure any licensing, copyright, or other notices of the licensor in the software. Any use of the licensor’s trademarks is subject to applicable law. + +Patents + + The licensor grants you a license, under any patent claims the licensor can license, or becomes able to license, to make, have made, use, sell, offer for sale, import and have imported the software, in each case subject to the limitations and conditions in this license. This license does not cover any patent claims that you cause to be infringed by modifications or additions to the software. If you or your company make any written claim that the software infringes or contributes to infringement of any patent, your patent license for the software granted under these terms ends immediately. If your company makes such a claim, your patent license ends immediately for work on behalf of your company. + +Notices + + You must ensure that anyone who gets a copy of any part of the software from you also gets a copy of these terms. + + If you modify the software, you must include in any modified copies of the software prominent notices stating that you have modified the software. + +No Other Rights + + These terms do not imply any licenses other than those expressly granted in these terms. + +Termination + + If you use the software in violation of these terms, such use is not licensed, and your licenses will automatically terminate. If the licensor provides you with a notice of your violation, and you cease all violation of this license no later than 30 days after you receive that notice, your licenses will be reinstated retroactively. However, if you violate these terms after such reinstatement, any additional violation of these terms will cause your licenses to terminate automatically and permanently. + +No Liability + + As far as the law allows, the software comes as is, without any warranty or condition, and the licensor will not be liable to you for any damages arising out of these terms or the use or nature of the software, under any kind of legal claim. + +Definitions + + The licensor is the entity offering these terms, and the software is the software the licensor makes available under these terms, including any portion of it. + + you refers to the individual or entity agreeing to these terms. + + your company is any legal entity, sole proprietorship, or other kind of organization that you work for, plus all organizations that have control over, are under the control of, or are under common control with that organization. control means ownership of substantially all the assets of an entity, or the power to direct its management and policies by vote, contract, or otherwise. Control can be direct or indirect. + + your licenses are all the licenses granted to you for the software under these terms. + + use means anything you do with the software requiring one of your licenses. + + trademark means trademarks, service marks, and similar rights. diff --git a/VERSION b/VERSION index 580cd0c49..04d2c4735 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4.120 \ No newline at end of file +2.4.130 diff --git a/salt/common/tools/sbin/so-log-check b/salt/common/tools/sbin/so-log-check index 91417171c..b9bc76f9f 100755 --- a/salt/common/tools/sbin/so-log-check +++ b/salt/common/tools/sbin/so-log-check @@ -126,6 +126,7 @@ if [[ $EXCLUDE_STARTUP_ERRORS == 'Y' ]]; then EXCLUDED_ERRORS="$EXCLUDED_ERRORS|Unable to get license information" # Logstash trying to contact ES before it's ready EXCLUDED_ERRORS="$EXCLUDED_ERRORS|process already finished" # Telegraf script finished just as the auto kill timeout kicked in EXCLUDED_ERRORS="$EXCLUDED_ERRORS|No shard available" # Typical error when making a query before ES has finished loading all indices + EXCLUDED_ERRORS="$EXCLUDED_ERRORS|responded with status-code 503" # telegraf getting 503 from ES during startup fi if [[ $EXCLUDE_FALSE_POSITIVE_ERRORS == 'Y' ]]; then @@ -152,6 +153,7 @@ if [[ $EXCLUDE_FALSE_POSITIVE_ERRORS == 'Y' ]]; then EXCLUDED_ERRORS="$EXCLUDED_ERRORS|is not an ip string literal" # false positive (Open Canary logging out blank IP addresses) EXCLUDED_ERRORS="$EXCLUDED_ERRORS|syncing rule" # false positive (rule sync log line includes rule name which can contain 'error') EXCLUDED_ERRORS="$EXCLUDED_ERRORS|request_unauthorized" # false positive (login failures to Hydra result in an 'error' log) + EXCLUDED_ERRORS="$EXCLUDED_ERRORS|adding index lifecycle policy" # false positive (elasticsearch policy names contain 'error') fi if [[ $EXCLUDE_KNOWN_ERRORS == 'Y' ]]; then @@ -213,6 +215,7 @@ if [[ $EXCLUDE_KNOWN_ERRORS == 'Y' ]]; then EXCLUDED_ERRORS="$EXCLUDED_ERRORS|syncErrors" # Detections: Not an actual error EXCLUDED_ERRORS="$EXCLUDED_ERRORS|Initialized license manager" # SOC log: before fields.status was changed to fields.licenseStatus EXCLUDED_ERRORS="$EXCLUDED_ERRORS|from NIC checksum offloading" # zeek reporter.log + EXCLUDED_ERRORS="$EXCLUDED_ERRORS|marked for removal" # docker container getting recycled fi RESULT=0 diff --git a/salt/elasticfleet/defaults.yaml b/salt/elasticfleet/defaults.yaml index 952662600..a0f509136 100644 --- a/salt/elasticfleet/defaults.yaml +++ b/salt/elasticfleet/defaults.yaml @@ -10,6 +10,7 @@ elasticfleet: grid_enrollment: '' defend_filters: enable_auto_configuration: False + subscription_integrations: False logging: zeek: excluded: @@ -32,97 +33,20 @@ elasticfleet: - stderr - stdout packages: - - apache - - auditd - - auth0 - - aws - - azure - - barracuda - - barracuda_cloudgen_firewall - - carbonblack_edr - - cef - - checkpoint - - cisco_asa - - cisco_duo - - cisco_ftd - - cisco_ios - - cisco_ise - - cisco_meraki - - cisco_secure_email_gateway - - cisco_umbrella - - citrix_adc - - citrix_waf - - cloudflare - - cloudflare_logpush - - crowdstrike - - darktrace - elastic_agent - elasticsearch - endpoint - - f5_bigip - - fim - - fireeye - fleet_server - - fortinet - - fortinet_fortigate - - gcp - - github - - google_workspace - http_endpoint - httpjson - - iis - - imperva_cloud_waf - - journald - - juniper - - juniper_srx - - kafka_log - - lastpass - log - - m365_defender - - microsoft_defender_endpoint - - microsoft_dhcp - - microsoft_sqlserver - - mimecast - - mysql - - netflow - - nginx - - o365 - - okta - osquery_manager - - panw - - pfsense - - proofpoint_tap - - pulse_connect_secure - redis - - sentinel_one - - snort - - snyk - - sonicwall_firewall - - sophos - - sophos_central - - symantec_endpoint - system - tcp - - tenable_io - - tenable_sc - - ti_abusech - - ti_anomali - - ti_cybersixgill - - ti_misp - - ti_opencti - - ti_otx - - ti_rapid7_threat_command - - ti_recordedfuture - - ti_threatq - - trendmicro - - trend_micro_vision_one - udp - - vsphere - windows - winlog - - zscaler_zia - - zscaler_zpa - - 1password optional_integrations: sublime_platform: enabled_nodes: [] diff --git a/salt/elasticfleet/enabled.sls b/salt/elasticfleet/enabled.sls index f91074b39..5a52f3a41 100644 --- a/salt/elasticfleet/enabled.sls +++ b/salt/elasticfleet/enabled.sls @@ -151,6 +151,10 @@ so-elastic-fleet-integration-upgrade: cmd.run: - name: /usr/sbin/so-elastic-fleet-integration-upgrade +so-elastic-fleet-addon-integrations: + cmd.run: + - name: /usr/sbin/so-elastic-fleet-optional-integrations-load + {% if ELASTICFLEETMERGED.config.defend_filters.enable_auto_configuration %} so-elastic-defend-manage-filters-file-watch: cmd.run: diff --git a/salt/elasticfleet/files/integrations/elastic-defend/elastic-defend-endpoints.json b/salt/elasticfleet/files/integrations/elastic-defend/elastic-defend-endpoints.json index 15f08a151..87870c7bc 100644 --- a/salt/elasticfleet/files/integrations/elastic-defend/elastic-defend-endpoints.json +++ b/salt/elasticfleet/files/integrations/elastic-defend/elastic-defend-endpoints.json @@ -3,25 +3,30 @@ "namespace": "default", "description": "", "package": { - "name": "endpoint", - "title": "Elastic Defend", - "version": "8.14.0" + "name": "endpoint", + "title": "Elastic Defend", + "version": "8.17.0", + "requires_root": true }, "enabled": true, "policy_id": "endpoints-initial", - "inputs": [{ - "type": "ENDPOINT_INTEGRATION_CONFIG", + "vars": {}, + "inputs": [ + { + "type": "endpoint", "enabled": true, - "streams": [], "config": { - "_config": { - "value": { - "type": "endpoint", - "endpointConfig": { - "preset": "DataCollection" - } - } + "integration_config": { + "value": { + "type": "endpoint", + "endpointConfig": { + "preset": "DataCollection" + } } - } - }] -} + } + }, + "streams": [] + } + ] + } + \ No newline at end of file diff --git a/salt/elasticfleet/files/integrations/grid-nodes_general/import-evtx-logs.json b/salt/elasticfleet/files/integrations/grid-nodes_general/import-evtx-logs.json index fb8c31040..bb79891b6 100644 --- a/salt/elasticfleet/files/integrations/grid-nodes_general/import-evtx-logs.json +++ b/salt/elasticfleet/files/integrations/grid-nodes_general/import-evtx-logs.json @@ -20,7 +20,7 @@ ], "data_stream.dataset": "import", "custom": "", - "processors": "- dissect:\n tokenizer: \"/nsm/import/%{import.id}/evtx/%{import.file}\"\n field: \"log.file.path\"\n target_prefix: \"\"\n- decode_json_fields:\n fields: [\"message\"]\n target: \"\"\n- drop_fields:\n fields: [\"host\"]\n ignore_missing: true\n- add_fields:\n target: data_stream\n fields:\n type: logs\n dataset: system.security\n- add_fields:\n target: event\n fields:\n dataset: system.security\n module: system\n imported: true\n- add_fields:\n target: \"@metadata\"\n fields:\n pipeline: logs-system.security-1.59.0\n- if:\n equals:\n winlog.channel: 'Microsoft-Windows-Sysmon/Operational'\n then: \n - add_fields:\n target: data_stream\n fields:\n dataset: windows.sysmon_operational\n - add_fields:\n target: event\n fields:\n dataset: windows.sysmon_operational\n module: windows\n imported: true\n - add_fields:\n target: \"@metadata\"\n fields:\n pipeline: logs-windows.sysmon_operational-1.45.1\n- if:\n equals:\n winlog.channel: 'Application'\n then: \n - add_fields:\n target: data_stream\n fields:\n dataset: system.application\n - add_fields:\n target: event\n fields:\n dataset: system.application\n - add_fields:\n target: \"@metadata\"\n fields:\n pipeline: logs-system.application-1.59.0\n- if:\n equals:\n winlog.channel: 'System'\n then: \n - add_fields:\n target: data_stream\n fields:\n dataset: system.system\n - add_fields:\n target: event\n fields:\n dataset: system.system\n - add_fields:\n target: \"@metadata\"\n fields:\n pipeline: logs-system.system-1.59.0\n \n- if:\n equals:\n winlog.channel: 'Microsoft-Windows-PowerShell/Operational'\n then: \n - add_fields:\n target: data_stream\n fields:\n dataset: windows.powershell_operational\n - add_fields:\n target: event\n fields:\n dataset: windows.powershell_operational\n module: windows\n - add_fields:\n target: \"@metadata\"\n fields:\n pipeline: logs-windows.powershell_operational-1.45.1\n- add_fields:\n target: data_stream\n fields:\n dataset: import", + "processors": "- dissect:\n tokenizer: \"/nsm/import/%{import.id}/evtx/%{import.file}\"\n field: \"log.file.path\"\n target_prefix: \"\"\n- decode_json_fields:\n fields: [\"message\"]\n target: \"\"\n- drop_fields:\n fields: [\"host\"]\n ignore_missing: true\n- add_fields:\n target: data_stream\n fields:\n type: logs\n dataset: system.security\n- add_fields:\n target: event\n fields:\n dataset: system.security\n module: system\n imported: true\n- add_fields:\n target: \"@metadata\"\n fields:\n pipeline: logs-system.security-1.66.1\n- if:\n equals:\n winlog.channel: 'Microsoft-Windows-Sysmon/Operational'\n then: \n - add_fields:\n target: data_stream\n fields:\n dataset: windows.sysmon_operational\n - add_fields:\n target: event\n fields:\n dataset: windows.sysmon_operational\n module: windows\n imported: true\n - add_fields:\n target: \"@metadata\"\n fields:\n pipeline: logs-windows.sysmon_operational-2.4.1\n- if:\n equals:\n winlog.channel: 'Application'\n then: \n - add_fields:\n target: data_stream\n fields:\n dataset: system.application\n - add_fields:\n target: event\n fields:\n dataset: system.application\n - add_fields:\n target: \"@metadata\"\n fields:\n pipeline: logs-system.application-1.66.1\n- if:\n equals:\n winlog.channel: 'System'\n then: \n - add_fields:\n target: data_stream\n fields:\n dataset: system.system\n - add_fields:\n target: event\n fields:\n dataset: system.system\n - add_fields:\n target: \"@metadata\"\n fields:\n pipeline: logs-system.system-1.66.1\n \n- if:\n equals:\n winlog.channel: 'Microsoft-Windows-PowerShell/Operational'\n then: \n - add_fields:\n target: data_stream\n fields:\n dataset: windows.powershell_operational\n - add_fields:\n target: event\n fields:\n dataset: windows.powershell_operational\n module: windows\n - add_fields:\n target: \"@metadata\"\n fields:\n pipeline: logs-windows.powershell_operational-2.4.1\n- add_fields:\n target: data_stream\n fields:\n dataset: import", "tags": [ "import" ] diff --git a/salt/elasticfleet/files/integrations/grid-nodes_general/syslog-udp-514.json b/salt/elasticfleet/files/integrations/grid-nodes_general/syslog-udp-514.json index ad32a6964..22821dea8 100644 --- a/salt/elasticfleet/files/integrations/grid-nodes_general/syslog-udp-514.json +++ b/salt/elasticfleet/files/integrations/grid-nodes_general/syslog-udp-514.json @@ -11,7 +11,7 @@ "udp-udp": { "enabled": true, "streams": { - "udp.generic": { + "udp.udp": { "enabled": true, "vars": { "listen_address": "0.0.0.0", @@ -20,11 +20,13 @@ "pipeline": "syslog", "max_message_size": "10KiB", "keep_null": false, - "processors": "- add_fields:\n target: event\n fields: \n module: syslog\n", + "processors": "- add_fields:\n target: event\n fields: \n module: syslog", "tags": [ "syslog" ], - "syslog_options": "field: message\n#format: auto\n#timezone: Local" + "syslog_options": "field: message\n#format: auto\n#timezone: Local\n", + "preserve_original_event": false, + "custom": "" } } } diff --git a/salt/elasticfleet/integration-defaults.map.jinja b/salt/elasticfleet/integration-defaults.map.jinja new file mode 100644 index 000000000..5449e791e --- /dev/null +++ b/salt/elasticfleet/integration-defaults.map.jinja @@ -0,0 +1,133 @@ +{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one + or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use + this file except in compliance with the Elastic License 2.0. #} + + +{% import_json '/opt/so/state/esfleet_package_components.json' as ADDON_PACKAGE_COMPONENTS %} +{% import_yaml 'elasticfleet/defaults.yaml' as ELASTICFLEETDEFAULTS %} + +{% set CORE_ESFLEET_PACKAGES = ELASTICFLEETDEFAULTS.get('elasticfleet', {}).get('packages', {}) %} +{% set ADDON_INTEGRATION_DEFAULTS = {} %} + +{# Some fleet integrations don't follow the standard naming convention #} +{% set WEIRD_INTEGRATIONS = { + 'awsfirehose.logs': 'awsfirehose', + 'awsfirehose.metrics': 'aws.cloudwatch', + 'cribl.logs': 'cribl', + 'sentinel_one_cloud_funnel.logins': 'sentinel_one_cloud_funnel.login', + 'azure_application_insights.app_insights': 'azure.app_insights', + 'azure_application_insights.app_state': 'azure.app_state', + 'azure_billing.billing': 'azure.billing', + 'azure_functions.metrics': 'azure.function', + 'azure_metrics.compute_vm_scaleset': 'azure.compute_vm_scaleset', + 'azure_metrics.compute_vm': 'azure.compute_vm', + 'azure_metrics.container_instance': 'azure.container_instance', + 'azure_metrics.container_registry': 'azure.container_registry', + 'azure_metrics.container_service': 'azure.container_service', + 'azure_metrics.database_account': 'azure.database_account', + 'azure_metrics.monitor': 'azure.monitor', + 'azure_metrics.storage_account': 'azure.storage_account', + 'azure_openai.metrics': 'azure.open_ai', + 'beat.state': 'beats.stack_monitoring.state', + 'beat.stats': 'beats.stack_monitoring.stats', + 'enterprisesearch.health': 'enterprisesearch.stack_monitoring.health', + 'enterprisesearch.stats': 'enterprisesearch.stack_monitoring.stats', + 'kibana.cluster_actions': 'kibana.stack_monitoring.cluster_actions', + 'kibana.cluster_rules': 'kibana.stack_monitoring.cluster_rules', + 'kibana.node_actions': 'kibana.stack_monitoring.node_actions', + 'kibana.node_rules': 'kibana.stack_monitoring.node_rules', + 'kibana.stats': 'kibana.stack_monitoring.stats', + 'kibana.status': 'kibana.stack_monitoring.status', + 'logstash.node_cel': 'logstash.stack_monitoring.node', + 'logstash.node_stats': 'logstash.stack_monitoring.node_stats', + 'synthetics.browser': 'synthetics-browser', + 'synthetics.browser_network': 'synthetics-browser.network', + 'synthetics.browser_screenshot': 'synthetics-browser.screenshot', + 'synthetics.http': 'synthetics-http', + 'synthetics.icmp': 'synthetics-icmp', + 'synthetics.tcp': 'synthetics-tcp' + } %} + +{% for pkg in ADDON_PACKAGE_COMPONENTS %} +{% if pkg.name in CORE_ESFLEET_PACKAGES %} +{# skip core integrations #} +{% elif pkg.name not in CORE_ESFLEET_PACKAGES %} +{# generate defaults for each integration #} +{% if pkg.es_index_patterns is defined and pkg.es_index_patterns is not none %} +{% for pattern in pkg.es_index_patterns %} +{% if "metrics-" in pattern.name %} +{% set integration_type = "metrics-" %} +{% elif "logs-" in pattern.name %} +{% set integration_type = "logs-" %} +{% else %} +{% set integration_type = "" %} +{% endif %} +{% set component_name = pkg.name ~ "." ~ pattern.title %} +{# fix weirdly named components #} +{% if component_name in WEIRD_INTEGRATIONS %} +{% set component_name = WEIRD_INTEGRATIONS[component_name] %} +{% endif %} +{# component_name_x maintains the functionality of merging local pillar changes with generated 'defaults' via SOC UI #} +{% set component_name_x = component_name.replace(".","_x_") %} +{# pillar overrides/merge expects the key names to follow the naming in elasticsearch/defaults.yaml eg. so-logs-1password_x_item_usages . The _x_ is replaced later on in elasticsearch/template.map.jinja #} +{% set integration_key = "so-" ~ integration_type ~ component_name_x %} + +{# Default integration settings #} +{% set integration_defaults = { + "index_sorting": false, + "index_template": { + "composed_of": [integration_type ~ component_name ~ "@package", integration_type ~ component_name ~ "@custom", "so-fleet_integrations.ip_mappings-1", "so-fleet_globals-1", "so-fleet_agent_id_verification-1"], + "data_stream": { + "allow_custom_routing": false, + "hidden": false + }, + "ignore_missing_component_templates": [integration_type ~ component_name ~ "@custom"], + "index_patterns": [pattern.name], + "priority": 501, + "template": { + "settings": { + "index": { + "lifecycle": {"name": "so-" ~ integration_type ~ component_name ~ "-logs"}, + "number_of_replicas": 0 + } + } + } + }, + "policy": { + "phases": { + "cold": { + "actions": { + "set_priority": {"priority": 0} + }, + "min_age": "60d" + }, + "delete": { + "actions": { + "delete": {} + }, + "min_age": "365d" + }, + "hot": { + "actions": { + "rollover": { + "max_age": "30d", + "max_primary_shard_size": "50gb" + }, + "set_priority": {"priority": 100} + }, + "min_age": "0ms" + }, + "warm": { + "actions": { + "set_priority": {"priority": 50} + }, + "min_age": "30d" + } + } + } + } %} +{% do ADDON_INTEGRATION_DEFAULTS.update({integration_key: integration_defaults}) %} +{% endfor %} +{% endif %} +{% endif %} +{% endfor %} diff --git a/salt/elasticfleet/soc_elasticfleet.yaml b/salt/elasticfleet/soc_elasticfleet.yaml index 0b32628ea..7ca59401f 100644 --- a/salt/elasticfleet/soc_elasticfleet.yaml +++ b/salt/elasticfleet/soc_elasticfleet.yaml @@ -40,6 +40,11 @@ elasticfleet: global: True helpLink: elastic-fleet.html advanced: True + subscription_integrations: + description: Enable the installation of integrations that require an Elastic license. + global: True + forcedType: bool + helpLink: elastic-fleet.html server: custom_fqdn: description: Custom FQDN for Agents to connect to. One per line. diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-common b/salt/elasticfleet/tools/sbin/so-elastic-fleet-common index 296e578fc..7e1e4b790 100644 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-common +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-common @@ -97,11 +97,20 @@ elastic_fleet_package_install() { curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X POST -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d '{"force":true}' "localhost:5601/api/fleet/epm/packages/$PKG/$VERSION" } +elastic_fleet_bulk_package_install() { + BULK_PKG_LIST=$1 + curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X POST -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d@$1 "localhost:5601/api/fleet/epm/packages/_bulk" +} + elastic_fleet_package_is_installed() { PACKAGE=$1 curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET -H 'kbn-xsrf: true' "localhost:5601/api/fleet/epm/packages/$PACKAGE" | jq -r '.item.status' } +elastic_fleet_installed_packages() { + curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET -H 'kbn-xsrf: true' -H 'Content-Type: application/json' "localhost:5601/api/fleet/epm/packages/installed?perPage=300" +} + elastic_fleet_agent_policy_ids() { curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies" | jq -r .items[].id if [ $? -ne 0 ]; then diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-optional-integrations-load b/salt/elasticfleet/tools/sbin/so-elastic-fleet-optional-integrations-load new file mode 100644 index 000000000..dface5a72 --- /dev/null +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-optional-integrations-load @@ -0,0 +1,111 @@ +#!/bin/bash + +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use +# this file except in compliance with the Elastic License 2.0. + +. /usr/sbin/so-common +. /usr/sbin/so-elastic-fleet-common + +# Check that /opt/so/state/estemplates.txt exists to signal that Elasticsearch +# has completed its first run of core-only integrations/indices/components/ilm +STATE_FILE_SUCCESS=/opt/so/state/estemplates.txt +INSTALLED_PACKAGE_LIST=/tmp/esfleet_installed_packages.json +BULK_INSTALL_PACKAGE_LIST=/tmp/esfleet_bulk_install.json +BULK_INSTALL_PACKAGE_TMP=/tmp/esfleet_bulk_install_tmp.json +BULK_INSTALL_OUTPUT=/opt/so/state/esfleet_bulk_install_results.json +PACKAGE_COMPONENTS=/opt/so/state/esfleet_package_components.json + +SKIP_SUBSCRIPTION=true +PENDING_UPDATE=false + +# Integrations which are included in the package registry, but excluded from automatic installation via this script. +# Requiring some level of manual Elastic Stack configuration before installation +EXCLUDED_INTEGRATIONS=('apm') + +version_conversion(){ + version=$1 + echo "$version" | awk -F '.' '{ printf("%d%03d%03d\n", $1, $2, $3); }' +} + +compare_versions() { + version1=$1 + version2=$2 + + # Convert versions to numbers + num1=$(version_conversion "$version1") + num2=$(version_conversion "$version2") + + # Compare using bc + if (( $(echo "$num1 < $num2" | bc -l) )); then + echo "less" + elif (( $(echo "$num1 > $num2" | bc -l) )); then + echo "greater" + else + echo "equal" + fi +} + +if [[ -f $STATE_FILE_SUCCESS ]]; then + if retry 3 1 "curl -s -K /opt/so/conf/elasticsearch/curl.config --output /dev/null --silent --head --fail localhost:5601/api/fleet/epm/packages"; then + # Package_list contains all integrations beta / non-beta. + latest_package_list=$(/usr/sbin/so-elastic-fleet-package-list) + echo '{ "packages" : []}' > $BULK_INSTALL_PACKAGE_LIST + rm -f $INSTALLED_PACKAGE_LIST + echo $latest_package_list | jq '{packages: [.items[] | {name: .name, latest_version: .version, installed_version: .savedObject.attributes.install_version, subscription: .conditions.elastic.subscription }]}' >> $INSTALLED_PACKAGE_LIST + + while read -r package; do + # get package details + package_name=$(echo "$package" | jq -r '.name') + latest_version=$(echo "$package" | jq -r '.latest_version') + installed_version=$(echo "$package" | jq -r '.installed_version') + subscription=$(echo "$package" | jq -r '.subscription') + bulk_package=$(echo "$package" | jq '{name: .name, version: .latest_version}' ) + + if [[ ! "${EXCLUDED_INTEGRATIONS[@]}" =~ "$package_name" ]]; then + if $SKIP_SUBSCRIPTION && [[ "$subscription" != "basic" && "$subscription" != "null" && -n "$subscription" ]]; then + # pass over integrations that require non-basic elastic license + echo "$package_name integration requires an Elastic license of $subscription or greater... skipping" + continue + else + if [[ "$installed_version" == "null" || -z "$installed_version" ]]; then + echo "$package_name is not installed... Adding to next update." + jq --argjson package "$bulk_package" '.packages += [$package]' $BULK_INSTALL_PACKAGE_LIST > $BULK_INSTALL_PACKAGE_TMP && mv $BULK_INSTALL_PACKAGE_TMP $BULK_INSTALL_PACKAGE_LIST + + PENDING_UPDATE=true + else + results=$(compare_versions "$latest_version" "$installed_version") + if [ $results == "greater" ]; then + echo "$package_name is at version $installed_version latest version is $latest_version... Adding to next update." + jq --argjson package "$bulk_package" '.packages += [$package]' $BULK_INSTALL_PACKAGE_LIST > $BULK_INSTALL_PACKAGE_TMP && mv $BULK_INSTALL_PACKAGE_TMP $BULK_INSTALL_PACKAGE_LIST + + PENDING_UPDATE=true + fi + fi + fi + else + echo "Skipping $package_name..." + fi + done <<< "$(jq -c '.packages[]' "$INSTALLED_PACKAGE_LIST")" + + if [ "$PENDING_UPDATE" = true ]; then + # Run bulk install of packages + elastic_fleet_bulk_package_install $BULK_INSTALL_PACKAGE_LIST > $BULK_INSTALL_OUTPUT + else + echo "Elastic integrations don't appear to need installation/updating..." + fi + # Write out file for generating index/component/ilm templates + latest_installed_package_list=$(elastic_fleet_installed_packages) + echo $latest_installed_package_list | jq '[.items[] | {name: .name, es_index_patterns: .dataStreams}]' > $PACKAGE_COMPONENTS + + else + # This is the installation of add-on integrations and upgrade of existing integrations. Exiting without error, next highstate will attempt to re-run. + echo "Elastic Fleet does not appear to be responding... Exiting... " + exit 0 + fi +else + # This message will appear when an update to core integration is made and this script is run at the same time as + # elasticsearch.enabled -> detects change to core index settings -> deletes estemplates.txt + echo "Elasticsearch may not be fully configured yet or is currently updating core index settings." + exit 0 +fi diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-package-list b/salt/elasticfleet/tools/sbin/so-elastic-fleet-package-list index 7e68c6e83..a52920a42 100755 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-package-list +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-package-list @@ -10,6 +10,6 @@ SESSIONCOOKIE=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') # List configured package policies -curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/epm/packages" -H 'kbn-xsrf: true' | jq +curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/epm/packages?prerelease=true" -H 'kbn-xsrf: true' | jq echo diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 9c3d11c75..c3957361a 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -1,6 +1,6 @@ elasticsearch: enabled: false - version: 8.14.3 + version: 8.17.2 index_clean: true config: action: @@ -1056,3778 +1056,6 @@ elasticsearch: set_priority: priority: 50 min_age: 30d - so-logs-1password_x_item_usages: - index_sorting: false - index_template: - composed_of: - - logs-1password.item_usages@package - - logs-1password.item_usages@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-1password.item_usages@custom - index_patterns: - - logs-1password.item_usages-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-1password.item_usages-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-1password_x_signin_attempts: - index_sorting: false - index_template: - composed_of: - - logs-1password.signin_attempts@package - - logs-1password.signin_attempts@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-1password.signin_attempts@custom - index_patterns: - - logs-1password.signin_attempts-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-1password.signin_attempts-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-apache_x_access: - index_sorting: false - index_template: - composed_of: - - logs-apache.access@package - - logs-apache.access@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-apache.access@custom - index_patterns: - - logs-apache.access-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-apache.access-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-apache_x_error: - index_sorting: false - index_template: - composed_of: - - logs-apache.error@package - - logs-apache.error@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-apache.error@custom - index_patterns: - - logs-apache.error-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-apache.error-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-auditd_x_log: - index_sorting: false - index_template: - composed_of: - - logs-auditd.log@package - - logs-auditd.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-auditd.log@custom - index_patterns: - - logs-auditd.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-auditd.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-auth0_x_logs: - index_sorting: false - index_template: - composed_of: - - logs-auth0.logs@package - - logs-auth0.logs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-auth0.logs@custom - index_patterns: - - logs-auth0.logs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-auth0.logs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-aws_x_cloudfront_logs: - index_sorting: false - index_template: - composed_of: - - logs-aws.cloudfront_logs@package - - logs-aws.cloudfront_logs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-aws.cloudfront_logs@custom - index_patterns: - - logs-aws.cloudfront_logs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-aws.cloudfront_logs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-aws_x_cloudtrail: - index_sorting: false - index_template: - composed_of: - - logs-aws.cloudtrail@package - - logs-aws.cloudtrail@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-aws.cloudtrail@custom - index_patterns: - - logs-aws.cloudtrail-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-aws.cloudtrail-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-aws_x_cloudwatch_logs: - index_sorting: false - index_template: - composed_of: - - logs-aws.cloudwatch_logs@package - - logs-aws.cloudwatch_logs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-aws.cloudwatch_logs@custom - index_patterns: - - logs-aws.cloudwatch_logs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-aws.cloudwatch_logs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-aws_x_ec2_logs: - index_sorting: false - index_template: - composed_of: - - logs-aws.ec2_logs@package - - logs-aws.ec2_logs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-aws.ec2_logs@custom - index_patterns: - - logs-aws.ec2_logs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-aws.ec2_logs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-aws_x_elb_logs: - index_sorting: false - index_template: - composed_of: - - logs-aws.elb_logs@package - - logs-aws.elb_logs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-aws.elb_logs@custom - index_patterns: - - logs-aws.elb_logs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-aws.elb_logs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-aws_x_firewall_logs: - index_sorting: false - index_template: - composed_of: - - logs-aws.firewall_logs@package - - logs-aws.firewall_logs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-aws.firewall_logs@custom - index_patterns: - - logs-aws.firewall_logs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-aws.firewall_logs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-aws_x_guardduty: - index_sorting: false - index_template: - composed_of: - - logs-aws.guardduty@package - - logs-aws.guardduty@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-aws.guardduty@custom - index_patterns: - - logs-aws.guardduty-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-aws.guardduty-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-aws_x_inspector: - index_sorting: false - index_template: - composed_of: - - logs-aws.inspector@package - - logs-aws.inspector@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-aws.inspector@custom - index_patterns: - - logs-aws.inspector-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-aws.inspector-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-aws_x_route53_public_logs: - index_sorting: false - index_template: - composed_of: - - logs-aws.route53_public_logs@package - - logs-aws.route53_public_logs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-aws.route53_public_logs@custom - index_patterns: - - logs-aws.route53_public_logs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-aws.route53_public_logs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-aws_x_route53_resolver_logs: - index_sorting: false - index_template: - composed_of: - - logs-aws.route53_resolver_logs@package - - logs-aws.route53_resolver_logs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-aws.route53_resolver_logs@custom - index_patterns: - - logs-aws.route53_resolver_logs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-aws.route53_resolver_logs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-aws_x_s3access: - index_sorting: false - index_template: - composed_of: - - logs-aws.s3access@package - - logs-aws.s3access@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-aws.s3access@custom - index_patterns: - - logs-aws.s3access-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-aws.s3access-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-aws_x_securityhub_findings: - index_sorting: false - index_template: - composed_of: - - logs-aws.securityhub_findings@package - - logs-aws.securityhub_findings@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-aws.securityhub_findings@custom - index_patterns: - - logs-aws.securityhub_findings-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-aws.securityhub_findings-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-aws_x_securityhub_insights: - index_sorting: false - index_template: - composed_of: - - logs-aws.securityhub_insights@package - - logs-aws.securityhub_insights@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-aws.securityhub_insights@custom - index_patterns: - - logs-aws.securityhub_insights-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-aws.securityhub_insights-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-aws_x_vpcflow: - index_sorting: false - index_template: - composed_of: - - logs-aws.vpcflow@package - - logs-aws.vpcflow@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-aws.vpcflow@custom - index_patterns: - - logs-aws.vpcflow-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-aws.vpcflow-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-aws_x_waf: - index_sorting: false - index_template: - composed_of: - - logs-aws.waf@package - - logs-aws.waf@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-aws.waf@custom - index_patterns: - - logs-aws.waf-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-aws.waf-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-azure_x_activitylogs: - index_sorting: false - index_template: - composed_of: - - logs-azure.activitylogs@package - - logs-azure.activitylogs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-azure.activitylogs@custom - index_patterns: - - logs-azure.activitylogs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-azure.activitylogs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-azure_x_application_gateway: - index_sorting: false - index_template: - composed_of: - - logs-azure.application_gateway@package - - logs-azure.application_gateway@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-azure.application_gateway@custom - index_patterns: - - logs-azure.application_gateway-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-azure.application_gateway-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-azure_x_auditlogs: - index_sorting: false - index_template: - composed_of: - - logs-azure.auditlogs@package - - logs-azure.auditlogs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-azure.auditlogs@custom - index_patterns: - - logs-azure.auditlogs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-azure.auditlogs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-azure_x_eventhub: - index_sorting: false - index_template: - composed_of: - - logs-azure.eventhub@package - - logs-azure.eventhub@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-azure.eventhub@custom - index_patterns: - - logs-azure.eventhub-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-azure.eventhub-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-azure_x_firewall_logs: - index_sorting: false - index_template: - composed_of: - - logs-azure.firewall_logs@package - - logs-azure.firewall_logs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-azure.firewall_logs@custom - index_patterns: - - logs-azure.firewall_logs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-azure.firewall_logs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-azure_x_identity_protection: - index_sorting: false - index_template: - composed_of: - - logs-azure.identity_protection@package - - logs-azure.identity_protection@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-azure.identity_protection@custom - index_patterns: - - logs-azure.identity_protection-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-azure.identity_protection-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-azure_x_platformlogs: - index_sorting: false - index_template: - composed_of: - - logs-azure.platformlogs@package - - logs-azure.platformlogs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-azure.platformlogs@custom - index_patterns: - - logs-azure.platformlogs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-azure.platformlogs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-azure_x_provisioning: - index_sorting: false - index_template: - composed_of: - - logs-azure.provisioning@package - - logs-azure.provisioning@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-azure.provisioning@custom - index_patterns: - - logs-azure.provisioning-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-azure.provisioning-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-azure_x_signinlogs: - index_sorting: false - index_template: - composed_of: - - logs-azure.signinlogs@package - - logs-azure.signinlogs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-azure.signinlogs@custom - index_patterns: - - logs-azure.signinlogs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-azure.signinlogs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-azure_x_springcloudlogs: - index_sorting: false - index_template: - composed_of: - - logs-azure.springcloudlogs@package - - logs-azure.springcloudlogs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-azure.springcloudlogs@custom - index_patterns: - - logs-azure.springcloudlogs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-azure.springcloudlogs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-barracuda_x_waf: - index_sorting: false - index_template: - composed_of: - - logs-barracuda.waf@package - - logs-barracuda.waf@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-barracuda.waf@custom - index_patterns: - - logs-barracuda.waf-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-barracuda.waf-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-barracuda_cloudgen_firewall_x_log: - index_sorting: False - index_template: - ignore_missing_component_templates: - - logs-barracuda_cloudgen_firewall.log@custom - index_patterns: - - "logs-barracuda_cloudgen_firewall.log-*" - template: - settings: - index: - lifecycle: - name: so-logs-barracuda_cloudgen_firewall.log-logs - number_of_replicas: 0 - composed_of: - - "logs-barracuda_cloudgen_firewall.log@package" - - "logs-barracuda_cloudgen_firewall.log@custom" - - "so-fleet_globals-1" - - "so-fleet_agent_id_verification-1" - priority: 501 - data_stream: - hidden: false - allow_custom_routing: false - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 30d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-carbonblack_edr_x_log: - index_sorting: false - index_template: - composed_of: - - logs-carbonblack_edr.log@package - - logs-carbonblack_edr.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-carbonblack_edr.log@custom - index_patterns: - - logs-carbonblack_edr.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-carbonblack_edr.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cef_x_log: - index_sorting: false - index_template: - composed_of: - - logs-cef.log@package - - logs-cef.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-cef.log@custom - index_patterns: - - logs-cef.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cef.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-checkpoint_x_firewall: - index_sorting: false - index_template: - composed_of: - - logs-checkpoint.firewall@package - - logs-checkpoint.firewall@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-checkpoint.firewall@custom - index_patterns: - - logs-checkpoint.firewall-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-checkpoint.firewall-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cisco_asa_x_log: - index_sorting: false - index_template: - composed_of: - - logs-cisco_asa.log@package - - logs-cisco_asa.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-cisco_asa.log@custom - index_patterns: - - logs-cisco_asa.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cisco_asa.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cisco_duo_x_admin: - index_sorting: false - index_template: - composed_of: - - logs-cisco_duo.admin@package - - logs-cisco_duo.admin@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-cisco_duo.admin@custom - index_patterns: - - logs-cisco_duo.admin-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cisco_duo.admin-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cisco_duo_x_auth: - index_sorting: false - index_template: - composed_of: - - logs-cisco_duo.auth@package - - logs-cisco_duo.auth@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-cisco_duo.auth@custom - index_patterns: - - logs-cisco_duo.auth-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cisco_duo.auth-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cisco_duo_x_offline_enrollment: - index_sorting: false - index_template: - composed_of: - - logs-cisco_duo.offline_enrollment@package - - logs-cisco_duo.offline_enrollment@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-cisco_duo.offline_enrollment@custom - index_patterns: - - logs-cisco_duo.offline_enrollment-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cisco_duo.offline_enrollment-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cisco_duo_x_summary: - index_sorting: false - index_template: - composed_of: - - logs-cisco_duo.summary@package - - logs-cisco_duo.summary@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-cisco_duo.summary@custom - index_patterns: - - logs-cisco_duo.summary-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cisco_duo.summary-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cisco_duo_x_telephony: - index_sorting: false - index_template: - composed_of: - - logs-cisco_duo.telephony@package - - logs-cisco_duo.telephony@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-cisco_duo.telephony@custom - index_patterns: - - logs-cisco_duo.telephony-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cisco_duo.telephony-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cisco_ftd_x_log: - index_sorting: false - index_template: - composed_of: - - logs-cisco_ftd.log@package - - logs-cisco_ftd.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-cisco_ftd.log@custom - index_patterns: - - logs-cisco_ftd.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cisco_ftd.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cisco_ios_x_log: - index_sorting: false - index_template: - composed_of: - - logs-cisco_ios.log@package - - logs-cisco_ios.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-cisco_ios.log@custom - index_patterns: - - logs-cisco_ios.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cisco_ios.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cisco_ise_x_log: - index_sorting: false - index_template: - composed_of: - - logs-cisco_ise.log@package - - logs-cisco_ise.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-cisco_ise.log@custom - index_patterns: - - logs-cisco_ise.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cisco_ise.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cisco_meraki_x_events: - index_sorting: false - index_template: - composed_of: - - logs-cisco_meraki.events@package - - logs-cisco_meraki.events@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-cisco_meraki.events@custom - index_patterns: - - logs-cisco_meraki.events-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cisco_meraki.events-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cisco_meraki_x_log: - index_sorting: false - index_template: - composed_of: - - logs-cisco_meraki.log@package - - logs-cisco_meraki.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-cisco_meraki.log@custom - index_patterns: - - logs-cisco_meraki.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cisco_meraki.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cisco_secure_email_gateway_x_log: - index_sorting: false - index_template: - composed_of: - - logs-cisco_secure_email_gateway.log@package - - logs-cisco_secure_email_gateway.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cisco_secure_email_gateway.log@custom - index_patterns: - - logs-cisco_secure_email_gateway.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cisco_secure_email_gateway.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cisco_umbrella_x_log: - index_sorting: false - index_template: - composed_of: - - logs-cisco_umbrella.log@package - - logs-cisco_umbrella.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-cisco_umbrella.log@custom - index_patterns: - - logs-cisco_umbrella.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cisco_umbrella.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-citrix_adc_x_interface: - index_sorting: false - index_template: - composed_of: - - logs-citrix_adc.interface@package - - logs-citrix_adc.interface@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-citrix_adc.interface@custom - index_patterns: - - logs-citrix_adc.interface-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-citrix_adc.interface-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-citrix_adc_x_lbvserver: - index_sorting: false - index_template: - composed_of: - - logs-citrix_adc.lbvserver@package - - logs-citrix_adc.lbvserver@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-citrix_adc.lbvserver@custom - index_patterns: - - logs-citrix_adc.lbvserver-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-citrix_adc.lbvserver-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-citrix_adc_x_service: - index_sorting: false - index_template: - composed_of: - - logs-citrix_adc.service@package - - logs-citrix_adc.service@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-citrix_adc.service@custom - index_patterns: - - logs-citrix_adc.service-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-citrix_adc.service-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-citrix_adc_x_system: - index_sorting: false - index_template: - composed_of: - - logs-citrix_adc.system@package - - logs-citrix_adc.system@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-citrix_adc.system@custom - index_patterns: - - logs-citrix_adc.system-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-citrix_adc.system-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-citrix_adc_x_vpn: - index_sorting: false - index_template: - composed_of: - - logs-citrix_adc.vpn@package - - logs-citrix_adc.vpn@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-citrix_adc.vpn@custom - index_patterns: - - logs-citrix_adc.vpn-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-citrix_adc.vpn-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-citrix_waf_x_log: - index_sorting: false - index_template: - composed_of: - - logs-citrix_waf.log@package - - logs-citrix_waf.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-citrix_waf.log@custom - index_patterns: - - logs-citrix_waf.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-citrix_waf.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_x_audit: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare.audit@package - - logs-cloudflare.audit@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-cloudflare.audit@custom - index_patterns: - - logs-cloudflare.audit-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare.audit-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_x_logpull: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare.logpull@package - - logs-cloudflare.logpull@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-cloudflare.logpull@custom - index_patterns: - - logs-cloudflare.logpull-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare.logpull-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_access_request: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.access_request@package - - logs-cloudflare_logpush.access_request@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.access_request@custom - index_patterns: - - logs-cloudflare_logpush.access_request-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.access_request-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_audit: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.audit@package - - logs-cloudflare_logpush.audit@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.audit@custom - index_patterns: - - logs-cloudflare_logpush.audit-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.audit-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_casb: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.casb@package - - logs-cloudflare_logpush.casb@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.casb@custom - index_patterns: - - logs-cloudflare_logpush.casb-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.casb-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_device_posture: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.device_posture@package - - logs-cloudflare_logpush.device_posture@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.device_posture@custom - index_patterns: - - logs-cloudflare_logpush.device_posture-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.device_posture-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_dns: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.dns@package - - logs-cloudflare_logpush.dns@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.dns@custom - index_patterns: - - logs-cloudflare_logpush.dns-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.dns-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_dns_firewall: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.dns_firewall@package - - logs-cloudflare_logpush.dns_firewall@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.dns_firewall@custom - index_patterns: - - logs-cloudflare_logpush.dns_firewall-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.dns_firewall-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_firewall_event: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.firewall_event@package - - logs-cloudflare_logpush.firewall_event@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.firewall_event@custom - index_patterns: - - logs-cloudflare_logpush.firewall_event-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.firewall_event-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_gateway_dns: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.gateway_dns@package - - logs-cloudflare_logpush.gateway_dns@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.gateway_dns@custom - index_patterns: - - logs-cloudflare_logpush.gateway_dns-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.gateway_dns-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_gateway_http: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.gateway_http@package - - logs-cloudflare_logpush.gateway_http@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.gateway_http@custom - index_patterns: - - logs-cloudflare_logpush.gateway_http-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.gateway_http-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_gateway_network: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.gateway_network@package - - logs-cloudflare_logpush.gateway_network@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.gateway_network@custom - index_patterns: - - logs-cloudflare_logpush.gateway_network-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.gateway_network-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_http_request: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.http_request@package - - logs-cloudflare_logpush.http_request@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.http_request@custom - index_patterns: - - logs-cloudflare_logpush.http_request-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.http_request-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_magic_ids: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.magic_ids@package - - logs-cloudflare_logpush.magic_ids@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.magic_ids@custom - index_patterns: - - logs-cloudflare_logpush.magic_ids-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.magic_ids-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_nel_report: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.nel_report@package - - logs-cloudflare_logpush.nel_report@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.nel_report@custom - index_patterns: - - logs-cloudflare_logpush.nel_report-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.nel_report-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_network_analytics: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.network_analytics@package - - logs-cloudflare_logpush.network_analytics@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.network_analytics@custom - index_patterns: - - logs-cloudflare_logpush.network_analytics-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.network_analytics-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_network_session: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.network_session@package - - logs-cloudflare_logpush.network_session@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.network_session@custom - index_patterns: - - logs-cloudflare_logpush.network_session-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.network_session-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_sinkhole_http: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.sinkhole_http@package - - logs-cloudflare_logpush.sinkhole_http@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.sinkhole_http@custom - index_patterns: - - logs-cloudflare_logpush.sinkhole_http-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.sinkhole_http-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_spectrum_event: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.spectrum_event@package - - logs-cloudflare_logpush.spectrum_event@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.spectrum_event@custom - index_patterns: - - logs-cloudflare_logpush.spectrum_event-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.spectrum_event-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-cloudflare_logpush_x_workers_trace: - index_sorting: false - index_template: - composed_of: - - logs-cloudflare_logpush.workers_trace@package - - logs-cloudflare_logpush.workers_trace@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-cloudflare_logpush.workers_trace@custom - index_patterns: - - logs-cloudflare_logpush.workers_trace-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-cloudflare_logpush.workers_trace-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-crowdstrike_x_alert: - index_sorting: False - index_template: - index_patterns: - - logs-crowdstrike.alert-* - template: - settings: - index: - lifecycle: - name: so-logs-crowdstrike.alert-logs - number_of_replicas: 0 - composed_of: - - logs-crowdstrike.alert@package - - logs-crowdstrike.alert@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - priority: 501 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-crowdstrike.alert@custom - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-crowdstrike_x_falcon: - index_sorting: False - index_template: - index_patterns: - - logs-crowdstrike.falcon-* - template: - settings: - index: - lifecycle: - name: so-logs-crowdstrike.falcon-logs - number_of_replicas: 0 - composed_of: - - logs-crowdstrike.falcon@package - - logs-crowdstrike.falcon@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - priority: 501 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-crowdstrike.falcon@custom - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-crowdstrike_x_fdr: - index_sorting: False - index_template: - index_patterns: - - logs-crowdstrike.fdr-* - template: - settings: - index: - lifecycle: - name: so-logs-crowdstrike.fdr-logs - number_of_replicas: 0 - composed_of: - - logs-crowdstrike.fdr@package - - logs-crowdstrike.fdr@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - priority: 501 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-crowdstrike.fdr@custom - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-crowdstrike_x_host: - index_sorting: False - index_template: - index_patterns: - - logs-crowdstrike.host-* - template: - settings: - index: - lifecycle: - name: so-logs-crowdstrike.host-logs - number_of_replicas: 0 - composed_of: - - logs-crowdstrike.host@package - - logs-crowdstrike.host@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - priority: 501 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-crowdstrike.host@custom - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-darktrace_x_ai_analyst_alert: - index_sorting: false - index_template: - composed_of: - - logs-darktrace.ai_analyst_alert@package - - logs-darktrace.ai_analyst_alert@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-darktrace.ai_analyst_alert@custom - index_patterns: - - logs-darktrace.ai_analyst_alert-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-darktrace.ai_analyst_alert-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-darktrace_x_model_breach_alert: - index_sorting: false - index_template: - composed_of: - - logs-darktrace.model_breach_alert@package - - logs-darktrace.model_breach_alert@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-darktrace.model_breach_alert@custom - index_patterns: - - logs-darktrace.model_breach_alert-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-darktrace.model_breach_alert-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-darktrace_x_system_status_alert: - index_sorting: false - index_template: - composed_of: - - logs-darktrace.system_status_alert@package - - logs-darktrace.system_status_alert@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-darktrace.system_status_alert@custom - index_patterns: - - logs-darktrace.system_status_alert-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-darktrace.system_status_alert-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d so-logs-detections_x_alerts: index_sorting: false index_template: @@ -4898,6 +1126,7 @@ elasticsearch: - event-mappings - logs-elastic_agent@package - logs-elastic_agent@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -4917,15 +1146,65 @@ elasticsearch: name: elastic_agent settings: index: + codec: best_compression lifecycle: name: so-logs-elastic_agent-logs mapping: total_fields: limit: 5000 + ignore_malformed: true number_of_replicas: 0 sort: field: '@timestamp' order: desc + query: + default_field: + - cloud.account.id + - cloud.availability_zone + - cloud.instance.id + - cloud.instance.name + - cloud.machine.type + - cloud.provider + - cloud.region + - cloud.project.id + - cloud.image.id + - container.id + - container.image.name + - container.name + - host.architecture + - host.hostname + - host.id + - host.mac + - host.name + - host.os.family + - host.os.kernel + - host.os.name + - host.os.platform + - host.os.version + - host.os.build + - host.os.codename + - host.type + - ecs.version + - agent.build.original + - agent.ephemeral_id + - agent.id + - agent.name + - agent.type + - agent.version + - log.level + - message + - elastic_agent.id + - elastic_agent.process + - elastic_agent.version + - component.id + - component.type + - component.binary + - component.state + - component.old_state + - unit.id + - unit.type + - unit.state + - unit.old_state policy: _meta: managed: true @@ -4961,6 +1240,7 @@ elasticsearch: composed_of: - logs-elastic_agent.apm_server@package - logs-elastic_agent.apm_server@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -5024,6 +1304,7 @@ elasticsearch: composed_of: - logs-elastic_agent.auditbeat@package - logs-elastic_agent.auditbeat@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -5087,6 +1368,7 @@ elasticsearch: composed_of: - logs-elastic_agent.cloudbeat@package - logs-elastic_agent.cloudbeat@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 ignore_missing_component_templates: @@ -5148,6 +1430,7 @@ elasticsearch: - event-mappings - logs-elastic_agent.endpoint_security@package - logs-elastic_agent.endpoint_security@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -5206,6 +1489,7 @@ elasticsearch: - event-mappings - logs-elastic_agent.filebeat@package - logs-elastic_agent.filebeat@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -5264,6 +1548,7 @@ elasticsearch: - event-mappings - logs-elastic_agent.fleet_server@package - logs-elastic_agent.fleet_server@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -5318,6 +1603,7 @@ elasticsearch: composed_of: - logs-elastic_agent.heartbeat@package - logs-elastic_agent.heartbeat@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 ignore_missing_component_templates: @@ -5379,6 +1665,7 @@ elasticsearch: - event-mappings - logs-elastic_agent.metricbeat@package - logs-elastic_agent.metricbeat@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -5437,6 +1724,7 @@ elasticsearch: - event-mappings - logs-elastic_agent.osquerybeat@package - logs-elastic_agent.osquerybeat@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -5494,6 +1782,7 @@ elasticsearch: composed_of: - logs-elastic_agent.packetbeat@package - logs-elastic_agent.packetbeat@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -5551,13 +1840,132 @@ elasticsearch: set_priority: priority: 50 min_age: 30d + so-logs-endpoint_x_actions: + index_sorting: false + index_template: + composed_of: + - .logs-endpoint.actions@package + - .logs-endpoint.actions@custom + - event-mappings + - so-fleet_integrations.ip_mappings-1 + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + allow_custom_routing: false + hidden: false + ignore_missing_component_templates: + - .logs-endpoint.actions@custom + index_patterns: + - logs-endpoint.actions-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-endpoint.actions-logs + mapping: + total_fields: + limit: 5000 + number_of_replicas: 0 + sort: + field: '@timestamp' + order: desc + policy: + _meta: + managed: true + managed_by: security_onion + package: + name: elastic_agent + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-endpoint_x_action_x_responses: + index_sorting: false + index_template: + composed_of: + - .logs-endpoint.action.responses@package + - .logs-endpoint.action.responses@custom + - event-mappings + - so-fleet_integrations.ip_mappings-1 + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + allow_custom_routing: false + hidden: false + ignore_missing_component_templates: + - .logs-endpoint.action.responses@custom + index_patterns: + - logs-endpoint.action.responses-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-endpoint.actions-logs + mapping: + total_fields: + limit: 5000 + number_of_replicas: 0 + sort: + field: '@timestamp' + order: desc + policy: + _meta: + managed: true + managed_by: security_onion + package: + name: elastic_agent + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d so-logs-endpoint_x_alerts: index_sorting: false index_template: composed_of: - - event-mappings - - logs-endpoint.alerts@custom - logs-endpoint.alerts@package + - logs-endpoint.alerts@custom + - event-mappings + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -5613,31 +2021,48 @@ elasticsearch: index_sorting: false index_template: composed_of: + - .logs-endpoint.diagnostic.collection@package + - .logs-endpoint.diagnostic.collection@custom - event-mappings - - logs-endpoint.diagnostic.collection@custom - - logs-endpoint.diagnostic.collection@package + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: allow_custom_routing: false hidden: false ignore_missing_component_templates: - - logs-endpoint.diagnostic.collection@custom + - .logs-endpoint.diagnostic.collection@custom index_patterns: - .logs-endpoint.diagnostic.collection-* priority: 501 template: settings: index: + codec: best_compression lifecycle: name: so-logs-endpoint.diagnostic.collection-logs mapping: total_fields: limit: 5000 + ignore_malformed: true number_of_replicas: 0 sort: field: '@timestamp' order: desc + query: + default_field: + - ecs.version + - event.action + - event.category + - event.code + - event.dataset + - event.hash + - event.id + - event.kind + - event.module + - event.outcome + - event.provider + - event.type policy: _meta: managed: true @@ -5671,9 +2096,10 @@ elasticsearch: index_sorting: false index_template: composed_of: - - event-mappings - - logs-endpoint.events.api@custom - logs-endpoint.events.api@package + - logs-endpoint.events.api@custom + - event-mappings + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -5729,9 +2155,10 @@ elasticsearch: index_sorting: false index_template: composed_of: - - event-mappings - - logs-endpoint.events.file@custom - logs-endpoint.events.file@package + - logs-endpoint.events.file@custom + - event-mappings + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -5787,9 +2214,10 @@ elasticsearch: index_sorting: false index_template: composed_of: - - event-mappings - - logs-endpoint.events.library@custom - logs-endpoint.events.library@package + - logs-endpoint.events.library@custom + - event-mappings + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -5845,9 +2273,10 @@ elasticsearch: index_sorting: false index_template: composed_of: - - event-mappings - - logs-endpoint.events.network@custom - logs-endpoint.events.network@package + - logs-endpoint.events.network@custom + - event-mappings + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -5903,9 +2332,10 @@ elasticsearch: index_sorting: false index_template: composed_of: - - event-mappings - - logs-endpoint.events.process@custom - logs-endpoint.events.process@package + - logs-endpoint.events.process@custom + - event-mappings + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -5961,9 +2391,10 @@ elasticsearch: index_sorting: false index_template: composed_of: - - event-mappings - - logs-endpoint.events.registry@custom - logs-endpoint.events.registry@package + - logs-endpoint.events.registry@custom + - event-mappings + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -6019,9 +2450,10 @@ elasticsearch: index_sorting: false index_template: composed_of: - - event-mappings - - logs-endpoint.events.security@custom - logs-endpoint.events.security@package + - logs-endpoint.events.security@custom + - event-mappings + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -6073,1455 +2505,42 @@ elasticsearch: set_priority: priority: 50 min_age: 30d - so-logs-f5_bigip_x_log: + so-logs-endpoint_x_heartbeat: index_sorting: false index_template: composed_of: - - logs-f5_bigip.log@package - - logs-f5_bigip.log@custom + - .logs-endpoint.heartbeat@package + - .logs-endpoint.heartbeat@custom + - event-mappings + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: allow_custom_routing: false hidden: false ignore_missing_component_templates: - - logs-f5_bigip.log@custom + - .logs-endpoint.heartbeat@custom index_patterns: - - logs-f5_bigip.log-* + - .logs-endpoint.heartbeat-* priority: 501 template: settings: index: lifecycle: - name: so-logs-f5_bigip.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-fim_x_event: - index_sorting: false - index_template: - composed_of: - - logs-fim.event@package - - logs-fim.event@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-fim.event@custom - index_patterns: - - logs-fim.event-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-fim.event-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-fireeye_x_nx: - index_sorting: false - index_template: - composed_of: - - logs-fireeye.nx@package - - logs-fireeye.nx@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-fireeye.nx@custom - index_patterns: - - logs-fireeye.nx-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-fireeye.nx-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-fortinet_fortigate_x_log: - index_sorting: false - index_template: - composed_of: - - logs-fortinet_fortigate.log@package - - logs-fortinet_fortigate.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-fortinet_fortigate.log@custom - index_patterns: - - logs-fortinet_fortigate.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-fortinet_fortigate.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-fortinet_x_clientendpoint: - index_sorting: false - index_template: - composed_of: - - logs-fortinet.clientendpoint@package - - logs-fortinet.clientendpoint@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-fortinet.clientendpoint@custom - index_patterns: - - logs-fortinet.clientendpoint-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-fortinet.clientendpoint-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-fortinet_x_firewall: - index_sorting: false - index_template: - composed_of: - - logs-fortinet.firewall@package - - logs-fortinet.firewall@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-fortinet.firewall@custom - index_patterns: - - logs-fortinet.firewall-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-fortinet.firewall-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-fortinet_x_fortimail: - index_sorting: false - index_template: - composed_of: - - logs-fortinet.fortimail@package - - logs-fortinet.fortimail@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-fortinet.fortimail@custom - index_patterns: - - logs-fortinet.fortimail-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-fortinet.fortimail-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-fortinet_x_fortimanager: - index_sorting: false - index_template: - composed_of: - - logs-fortinet.fortimanager@package - - logs-fortinet.fortimanager@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-fortinet.fortimanager@custom - index_patterns: - - logs-fortinet.fortimanager-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-fortinet.fortimanager-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-gcp_x_audit: - index_sorting: false - index_template: - composed_of: - - logs-gcp.audit@package - - logs-gcp.audit@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-gcp.audit@custom - index_patterns: - - logs-gcp.audit-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-gcp.audit-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-gcp_x_dns: - index_sorting: false - index_template: - composed_of: - - logs-gcp.dns@package - - logs-gcp.dns@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-gcp.dns@custom - index_patterns: - - logs-gcp.dns-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-gcp.dns-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-gcp_x_firewall: - index_sorting: false - index_template: - composed_of: - - logs-gcp.firewall@package - - logs-gcp.firewall@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-gcp.firewall@custom - index_patterns: - - logs-gcp.firewall-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-gcp.firewall-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-gcp_x_loadbalancing_logs: - index_sorting: false - index_template: - composed_of: - - logs-gcp.loadbalancing_logs@package - - logs-gcp.loadbalancing_logs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-gcp.loadbalancing_logs@custom - index_patterns: - - logs-gcp.loadbalancing_logs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-gcp.loadbalancing_logs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-gcp_x_vpcflow: - index_sorting: false - index_template: - composed_of: - - logs-gcp.vpcflow@package - - logs-gcp.vpcflow@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-gcp.vpcflow@custom - index_patterns: - - logs-gcp.vpcflow-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-gcp.vpcflow-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-github_x_audit: - index_sorting: false - index_template: - composed_of: - - logs-github.audit@package - - logs-github.audit@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-github.audit@custom - index_patterns: - - logs-github.audit-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-github.audit-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-github_x_code_scanning: - index_sorting: false - index_template: - composed_of: - - logs-github.code_scanning@package - - logs-github.code_scanning@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-github.code_scanning@custom - index_patterns: - - logs-github.code_scanning-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-github.code_scanning-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-github_x_dependabot: - index_sorting: false - index_template: - composed_of: - - logs-github.dependabot@package - - logs-github.dependabot@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-github.dependabot@custom - index_patterns: - - logs-github.dependabot-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-github.dependabot-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-github_x_issues: - index_sorting: false - index_template: - composed_of: - - logs-github.issues@package - - logs-github.issues@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-github.issues@custom - index_patterns: - - logs-github.issues-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-github.issues-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-github_x_secret_scanning: - index_sorting: false - index_template: - composed_of: - - logs-github.secret_scanning@package - - logs-github.secret_scanning@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-github.secret_scanning@custom - index_patterns: - - logs-github.secret_scanning-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-github.secret_scanning-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-google_workspace_x_access_transparency: - index_sorting: false - index_template: - composed_of: - - logs-google_workspace.access_transparency@package - - logs-google_workspace.access_transparency@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-google_workspace.access_transparency@custom - index_patterns: - - logs-google_workspace.access_transparency-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-google_workspace.access_transparency-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-google_workspace_x_admin: - index_sorting: false - index_template: - composed_of: - - logs-google_workspace.admin@package - - logs-google_workspace.admin@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-google_workspace.admin@custom - index_patterns: - - logs-google_workspace.admin-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-google_workspace.admin-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-google_workspace_x_alert: - index_sorting: false - index_template: - composed_of: - - logs-google_workspace.alert@package - - logs-google_workspace.alert@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-google_workspace.alert@custom - index_patterns: - - logs-google_workspace.alert-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-google_workspace.alert-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-google_workspace_x_context_aware_access: - index_sorting: false - index_template: - composed_of: - - logs-google_workspace.context_aware_access@package - - logs-google_workspace.context_aware_access@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-google_workspace.context_aware_access@custom - index_patterns: - - logs-google_workspace.context_aware_access-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-google_workspace.context_aware_access-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-google_workspace_x_device: - index_sorting: false - index_template: - composed_of: - - logs-google_workspace.device@package - - logs-google_workspace.device@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-google_workspace.device@custom - index_patterns: - - logs-google_workspace.device-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-google_workspace.device-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-google_workspace_x_drive: - index_sorting: false - index_template: - composed_of: - - logs-google_workspace.drive@package - - logs-google_workspace.drive@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-google_workspace.drive@custom - index_patterns: - - logs-google_workspace.drive-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-google_workspace.drive-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-google_workspace_x_gcp: - index_sorting: false - index_template: - composed_of: - - logs-google_workspace.gcp@package - - logs-google_workspace.gcp@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-google_workspace.gcp@custom - index_patterns: - - logs-google_workspace.gcp-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-google_workspace.gcp-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-google_workspace_x_group_enterprise: - index_sorting: false - index_template: - composed_of: - - logs-google_workspace.group_enterprise@package - - logs-google_workspace.group_enterprise@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-google_workspace.group_enterprise@custom - index_patterns: - - logs-google_workspace.group_enterprise-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-google_workspace.group_enterprise-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-google_workspace_x_groups: - index_sorting: false - index_template: - composed_of: - - logs-google_workspace.groups@package - - logs-google_workspace.groups@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-google_workspace.groups@custom - index_patterns: - - logs-google_workspace.groups-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-google_workspace.groups-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-google_workspace_x_login: - index_sorting: false - index_template: - composed_of: - - logs-google_workspace.login@package - - logs-google_workspace.login@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-google_workspace.login@custom - index_patterns: - - logs-google_workspace.login-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-google_workspace.login-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-google_workspace_x_rules: - index_sorting: false - index_template: - composed_of: - - logs-google_workspace.rules@package - - logs-google_workspace.rules@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-google_workspace.rules@custom - index_patterns: - - logs-google_workspace.rules-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-google_workspace.rules-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-google_workspace_x_saml: - index_sorting: false - index_template: - composed_of: - - logs-google_workspace.saml@package - - logs-google_workspace.saml@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-google_workspace.saml@custom - index_patterns: - - logs-google_workspace.saml-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-google_workspace.saml-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-google_workspace_x_token: - index_sorting: false - index_template: - composed_of: - - logs-google_workspace.token@package - - logs-google_workspace.token@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-google_workspace.token@custom - index_patterns: - - logs-google_workspace.token-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-google_workspace.token-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-google_workspace_x_user_accounts: - index_sorting: false - index_template: - composed_of: - - logs-google_workspace.user_accounts@package - - logs-google_workspace.user_accounts@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-google_workspace.user_accounts@custom - index_patterns: - - logs-google_workspace.user_accounts-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-google_workspace.user_accounts-logs + name: so-logs-endpoint.heartbeat-logs + mapping: + total_fields: + limit: 5000 number_of_replicas: 0 + sort: + field: '@timestamp' + order: desc policy: + _meta: + managed: true + managed_by: security_onion + package: + name: elastic_agent phases: cold: actions: @@ -7551,13 +2570,14 @@ elasticsearch: composed_of: - logs-http_endpoint.generic@package - logs-http_endpoint.generic@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: allow_custom_routing: false hidden: false ignore_missing_component_templates: - - logs-http_endpoint.generic@package + - logs-http_endpoint.generic@package - logs-http_endpoint.generic@custom index_patterns: - logs-http_endpoint.generic-* @@ -7598,6 +2618,7 @@ elasticsearch: composed_of: - logs-httpjson.generic@package - logs-httpjson.generic@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -7638,1525 +2659,6 @@ elasticsearch: set_priority: priority: 50 min_age: 30d - so-logs-iis_x_access: - index_sorting: false - index_template: - composed_of: - - logs-iis.access@package - - logs-iis.access@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-iis.access@custom - index_patterns: - - logs-iis.access-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-iis.access-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-iis_x_error: - index_sorting: false - index_template: - composed_of: - - logs-iis.error@package - - logs-iis.error@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-iis.error@custom - index_patterns: - - logs-iis.error-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-iis.error-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-imperva_cloud_waf_x_event: - index_sorting: False - index_template: - ignore_missing_component_templates: - - logs-imperva_cloud_waf.event@custom - index_patterns: - - "logs-imperva_cloud_waf.event-*" - template: - settings: - index: - lifecycle: - name: so-logs-imperva_cloud_waf.event-logs - number_of_replicas: 0 - composed_of: - - "logs-imperva_cloud_waf.event@package" - - "logs-imperva_cloud_waf.event@custom" - - "so-fleet_globals-1" - - "so-fleet_agent_id_verification-1" - priority: 501 - data_stream: - hidden: false - allow_custom_routing: false - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 30d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-juniper_srx_x_log: - index_sorting: false - index_template: - composed_of: - - logs-juniper_srx.log@package - - logs-juniper_srx.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-juniper_srx.log@custom - index_patterns: - - logs-juniper_srx.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-juniper_srx.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-juniper_x_junos: - index_sorting: false - index_template: - composed_of: - - logs-juniper.junos@package - - logs-juniper.junos@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-juniper.junos@custom - index_patterns: - - logs-juniper.junos-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-juniper.junos-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-juniper_x_netscreen: - index_sorting: false - index_template: - composed_of: - - logs-juniper.netscreen@package - - logs-juniper.netscreen@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-juniper.netscreen@custom - index_patterns: - - logs-juniper.netscreen-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-juniper.netscreen-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-juniper_x_srx: - index_sorting: false - index_template: - composed_of: - - logs-juniper.srx@package - - logs-juniper.srx@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-juniper.srx@custom - index_patterns: - - logs-juniper.srx-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-juniper.srx-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-kafka_log_x_generic: - index_sorting: false - index_template: - composed_of: - - logs-kafka_log.generic@package - - logs-kafka_log.generic@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-kafka_log.generic@custom - index_patterns: - - logs-kafka_log.generic-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-kafka_log.generic-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-lastpass_x_detailed_shared_folder: - index_sorting: false - index_template: - composed_of: - - logs-lastpass.detailed_shared_folder@package - - logs-lastpass.detailed_shared_folder@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-lastpass.detailed_shared_folder@custom - index_patterns: - - logs-lastpass.detailed_shared_folder-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-lastpass.detailed_shared_folder-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-lastpass_x_event_report: - index_sorting: false - index_template: - composed_of: - - logs-lastpass.event_report@package - - logs-lastpass.event_report@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-lastpass.event_report@custom - index_patterns: - - logs-lastpass.event_report-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-lastpass.event_report-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-lastpass_x_user: - index_sorting: false - index_template: - composed_of: - - logs-lastpass.user@package - - logs-lastpass.user@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-lastpass.user@custom - index_patterns: - - logs-lastpass.user-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-lastpass.user-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-m365_defender_x_event: - index_sorting: false - index_template: - composed_of: - - logs-m365_defender.event@package - - logs-m365_defender.event@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-m365_defender.event@custom - index_patterns: - - logs-m365_defender.event-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-m365_defender.event-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-m365_defender_x_incident: - index_sorting: false - index_template: - composed_of: - - logs-m365_defender.incident@package - - logs-m365_defender.incident@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-m365_defender.incident@custom - index_patterns: - - logs-m365_defender.incident-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-m365_defender.incident-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-m365_defender_x_log: - index_sorting: false - index_template: - composed_of: - - logs-m365_defender.log@package - - logs-m365_defender.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-m365_defender.log@custom - index_patterns: - - logs-m365_defender.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-m365_defender.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-microsoft_defender_endpoint_x_log: - index_sorting: false - index_template: - composed_of: - - logs-microsoft_defender_endpoint.log@package - - logs-microsoft_defender_endpoint.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-microsoft_defender_endpoint.log@custom - index_patterns: - - logs-microsoft_defender_endpoint.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-microsoft_defender_endpoint.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-microsoft_dhcp_x_log: - index_sorting: false - index_template: - composed_of: - - logs-microsoft_dhcp.log@package - - logs-microsoft_dhcp.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-microsoft_dhcp.log@custom - index_patterns: - - logs-microsoft_dhcp.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-microsoft_dhcp.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-microsoft_sqlserver_x_audit: - index_sorting: false - index_template: - composed_of: - - logs-microsoft_sqlserver.audit@package - - logs-microsoft_sqlserver.audit@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-microsoft_sqlserver.audit@custom - index_patterns: - - logs-microsoft_sqlserver.audit-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-microsoft_sqlserver.audit-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-microsoft_sqlserver_x_log: - index_sorting: false - index_template: - composed_of: - - logs-microsoft_sqlserver.log@package - - logs-microsoft_sqlserver.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-microsoft_sqlserver.log@custom - index_patterns: - - logs-microsoft_sqlserver.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-microsoft_sqlserver.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-mimecast_x_audit_events: - index_sorting: false - index_template: - composed_of: - - logs-mimecast.audit_events@package - - logs-mimecast.audit_events@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-mimecast.audit_events@custom - index_patterns: - - logs-mimecast.audit_events-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-mimecast.audit_events-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-mimecast_x_dlp_logs: - index_sorting: false - index_template: - composed_of: - - logs-mimecast.dlp_logs@package - - logs-mimecast.dlp_logs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-mimecast.dlp_logs@custom - index_patterns: - - logs-mimecast.dlp_logs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-mimecast.dlp_logs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-mimecast_x_siem_logs: - index_sorting: false - index_template: - composed_of: - - logs-mimecast.siem_logs@package - - logs-mimecast.siem_logs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-mimecast.siem_logs@custom - index_patterns: - - logs-mimecast.siem_logs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-mimecast.siem_logs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-mimecast_x_threat_intel_malware_customer: - index_sorting: false - index_template: - composed_of: - - logs-mimecast.threat_intel_malware_customer@package - - logs-mimecast.threat_intel_malware_customer@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-mimecast.threat_intel_malware_customer@custom - index_patterns: - - logs-mimecast.threat_intel_malware_customer-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-mimecast.threat_intel_malware_customer-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-mimecast_x_threat_intel_malware_grid: - index_sorting: false - index_template: - composed_of: - - logs-mimecast.threat_intel_malware_grid@package - - logs-mimecast.threat_intel_malware_grid@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-mimecast.threat_intel_malware_grid@custom - index_patterns: - - logs-mimecast.threat_intel_malware_grid-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-mimecast.threat_intel_malware_grid-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-mimecast_x_ttp_ap_logs: - index_sorting: false - index_template: - composed_of: - - logs-mimecast.ttp_ap_logs@package - - logs-mimecast.ttp_ap_logs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-mimecast.ttp_ap_logs@custom - index_patterns: - - logs-mimecast.ttp_ap_logs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-mimecast.ttp_ap_logs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-mimecast_x_ttp_ip_logs: - index_sorting: false - index_template: - composed_of: - - logs-mimecast.ttp_ip_logs@package - - logs-mimecast.ttp_ip_logs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-mimecast.ttp_ip_logs@custom - index_patterns: - - logs-mimecast.ttp_ip_logs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-mimecast.ttp_ip_logs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-mimecast_x_ttp_url_logs: - index_sorting: false - index_template: - composed_of: - - logs-mimecast.ttp_url_logs@package - - logs-mimecast.ttp_url_logs@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-mimecast.ttp_url_logs@custom - index_patterns: - - logs-mimecast.ttp_url_logs-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-mimecast.ttp_url_logs-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-mysql_x_error: - index_sorting: false - index_template: - composed_of: - - logs-mysql.error@package - - logs-mysql.error@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-mysql.error@custom - index_patterns: - - logs-mysql.error-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-mysql.error-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-mysql_x_slowlog: - index_sorting: false - index_template: - composed_of: - - logs-mysql.slowlog@package - - logs-mysql.slowlog@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-mysql.slowlog@custom - index_patterns: - - logs-mysql.slowlog-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-mysql.slowlog-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-netflow_x_log: - index_sorting: false - index_template: - composed_of: - - logs-netflow.log@package - - logs-netflow.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-netflow.log@custom - index_patterns: - - logs-netflow.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-netflow.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-nginx_x_access: - index_sorting: false - index_template: - composed_of: - - logs-nginx.access@package - - logs-nginx.access@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-nginx.access@custom - index_patterns: - - logs-nginx.access-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-nginx.access-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-nginx_x_error: - index_sorting: false - index_template: - composed_of: - - logs-nginx.error@package - - logs-nginx.error@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-nginx.error@custom - index_patterns: - - logs-nginx.error-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-nginx.error-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-o365_x_audit: - index_sorting: false - index_template: - composed_of: - - logs-o365.audit@package - - logs-o365.audit@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-o365.audit@custom - index_patterns: - - logs-o365.audit-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-o365.audit-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-okta_x_system: - index_sorting: false - index_template: - composed_of: - - okta-mappings - - logs-okta.system@package - - logs-okta.system@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-okta.system@custom - index_patterns: - - logs-okta.system-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-okta.system-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d so-logs-osquery-manager-action_x_responses: index_sorting: false index_template: @@ -9193,696 +2695,6 @@ elasticsearch: settings: index: number_of_replicas: 0 - so-logs-panw_x_panos: - index_sorting: false - index_template: - composed_of: - - logs-panw.panos@package - - logs-panw.panos@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-panw.panos@custom - index_patterns: - - logs-panw.panos-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-panw.panos-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-pfsense_x_log: - index_sorting: false - index_template: - composed_of: - - logs-pfsense.log@package - - logs-pfsense.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-pfsense.log@custom - index_patterns: - - logs-pfsense.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-pfsense.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-proofpoint_tap_x_clicks_blocked: - index_sorting: false - index_template: - composed_of: - - logs-proofpoint_tap.clicks_blocked@package - - logs-proofpoint_tap.clicks_blocked@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-proofpoint_tap.clicks_blocked@custom - index_patterns: - - logs-proofpoint_tap.clicks_blocked-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-proofpoint_tap.clicks_blocked-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-proofpoint_tap_x_clicks_permitted: - index_sorting: false - index_template: - composed_of: - - logs-proofpoint_tap.clicks_permitted@package - - logs-proofpoint_tap.clicks_permitted@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-proofpoint_tap.clicks_permitted@custom - index_patterns: - - logs-proofpoint_tap.clicks_permitted-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-proofpoint_tap.clicks_permitted-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-proofpoint_tap_x_message_blocked: - index_sorting: false - index_template: - composed_of: - - logs-proofpoint_tap.message_blocked@package - - logs-proofpoint_tap.message_blocked@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-proofpoint_tap.message_blocked@custom - index_patterns: - - logs-proofpoint_tap.message_blocked-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-proofpoint_tap.message_blocked-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-proofpoint_tap_x_message_delivered: - index_sorting: false - index_template: - composed_of: - - logs-proofpoint_tap.message_delivered@package - - logs-proofpoint_tap.message_delivered@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-proofpoint_tap.message_delivered@custom - index_patterns: - - logs-proofpoint_tap.message_delivered-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-proofpoint_tap.message_delivered-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-pulse_connect_secure_x_log: - index_sorting: false - index_template: - composed_of: - - logs-pulse_connect_secure.log@package - - logs-pulse_connect_secure.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-pulse_connect_secure.log@custom - index_patterns: - - logs-pulse_connect_secure.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-pulse_connect_secure.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-sentinel_one_x_activity: - index_sorting: false - index_template: - composed_of: - - logs-sentinel_one.activity@package - - logs-sentinel_one.activity@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-sentinel_one.activity@custom - index_patterns: - - logs-sentinel_one.activity-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-sentinel_one.activity-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-sentinel_one_x_agent: - index_sorting: false - index_template: - composed_of: - - logs-sentinel_one.agent@package - - logs-sentinel_one.agent@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-sentinel_one.agent@custom - index_patterns: - - logs-sentinel_one.agent-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-sentinel_one.agent-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-sentinel_one_x_alert: - index_sorting: false - index_template: - composed_of: - - logs-sentinel_one.alert@package - - logs-sentinel_one.alert@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-sentinel_one.alert@custom - index_patterns: - - logs-sentinel_one.alert-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-sentinel_one.alert-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-sentinel_one_x_group: - index_sorting: false - index_template: - composed_of: - - logs-sentinel_one.group@package - - logs-sentinel_one.group@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-sentinel_one.group@custom - index_patterns: - - logs-sentinel_one.group-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-sentinel_one.group-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-sentinel_one_x_threat: - index_sorting: false - index_template: - composed_of: - - logs-sentinel_one.threat@package - - logs-sentinel_one.threat@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-sentinel_one.threat@custom - index_patterns: - - logs-sentinel_one.threat-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-sentinel_one.threat-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-snort_x_log: - index_sorting: false - index_template: - composed_of: - - logs-snort.log@package - - logs-snort.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-snort.log@custom - index_patterns: - - logs-snort.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-snort.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-snyk_x_audit: - index_sorting: false - index_template: - composed_of: - - logs-snyk.audit@package - - logs-snyk.audit@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-snyk.audit@custom - index_patterns: - - logs-snyk.audit-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-snyk.audit-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-snyk_x_vulnerabilities: - index_sorting: false - index_template: - composed_of: - - logs-snyk.vulnerabilities@package - - logs-snyk.vulnerabilities@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-snyk.vulnerabilities@custom - index_patterns: - - logs-snyk.vulnerabilities-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-snyk.vulnerabilities-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d so-logs-soc: close: 30 delete: 365 @@ -9991,282 +2803,6 @@ elasticsearch: priority: 50 min_age: 30d warm: 7 - so-logs-sonicwall_firewall_x_log: - index_sorting: false - index_template: - composed_of: - - logs-sonicwall_firewall.log@package - - logs-sonicwall_firewall.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-sonicwall_firewall.log@custom - index_patterns: - - logs-sonicwall_firewall.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-sonicwall_firewall.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-sophos_central_x_alert: - index_sorting: false - index_template: - composed_of: - - logs-sophos_central.alert@package - - logs-sophos_central.alert@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-sophos_central.alert@custom - index_patterns: - - logs-sophos_central.alert-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-sophos_central.alert-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-sophos_central_x_event: - index_sorting: false - index_template: - composed_of: - - logs-sophos_central.event@package - - logs-sophos_central.event@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-sophos_central.event@custom - index_patterns: - - logs-sophos_central.event-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-sophos_central.event-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-sophos_x_utm: - index_sorting: false - index_template: - composed_of: - - logs-sophos.utm@package - - logs-sophos.utm@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-sophos.utm@custom - index_patterns: - - logs-sophos.utm-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-sophos.utm-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-sophos_x_xg: - index_sorting: false - index_template: - composed_of: - - logs-sophos.xg@package - - logs-sophos.xg@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-sophos.xg@custom - index_patterns: - - logs-sophos.xg-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-sophos.xg-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-symantec_endpoint_x_log: - index_sorting: false - index_template: - composed_of: - - logs-symantec_endpoint.log@package - - logs-symantec_endpoint.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-symantec_endpoint.log@custom - index_patterns: - - logs-symantec_endpoint.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-symantec_endpoint.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d so-logs-system_x_application: index_sorting: false index_template: @@ -10274,6 +2810,7 @@ elasticsearch: - event-mappings - logs-system.application@package - logs-system.application@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 - so-system-mappings @@ -10322,6 +2859,7 @@ elasticsearch: - event-mappings - logs-system.auth@package - logs-system.auth@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 - so-system-mappings @@ -10370,6 +2908,7 @@ elasticsearch: - event-mappings - logs-system.security@package - logs-system.security@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 - so-system-mappings @@ -10466,6 +3005,7 @@ elasticsearch: - event-mappings - logs-system.system@package - logs-system.system@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 - so-system-mappings @@ -10507,1346 +3047,13 @@ elasticsearch: set_priority: priority: 50 min_age: 30d - so-logs-tenable_io_x_asset: - index_sorting: False - index_template: - index_patterns: - - "logs-tenable_io.asset-*" - template: - settings: - index: - lifecycle: - name: so-logs-tenable_io.asset-logs - number_of_replicas: 0 - composed_of: - - "logs-tenable_io.asset@package" - - "logs-tenable_io.asset@custom" - - "so-fleet_globals-1" - - "so-fleet_agent_id_verification-1" - priority: 501 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-tenable_io.asset@custom - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 30d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-tenable_io_x_plugin: - index_sorting: False - index_template: - index_patterns: - - "logs-tenable_io.plugin-*" - template: - settings: - index: - lifecycle: - name: so-logs-tenable_io.plugin-logs - number_of_replicas: 0 - composed_of: - - "logs-tenable_io.plugin@package" - - "logs-tenable_io.plugin@custom" - - "so-fleet_globals-1" - - "so-fleet_agent_id_verification-1" - priority: 501 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-tenable_io.plugin@custom - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 30d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-tenable_io_x_scan: - index_sorting: False - index_template: - index_patterns: - - "logs-tenable_io.scan-*" - template: - settings: - index: - lifecycle: - name: so-logs-tenable_io.scan-logs - number_of_replicas: 0 - composed_of: - - "logs-tenable_io.scan@package" - - "logs-tenable_io.scan@custom" - - "so-fleet_globals-1" - - "so-fleet_agent_id_verification-1" - priority: 501 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-tenable_io.scan@custom - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 30d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-tenable_io_x_vulnerability: - index_sorting: False - index_template: - index_patterns: - - "logs-tenable_io.vulnerability-*" - template: - settings: - index: - lifecycle: - name: so-logs-tenable_io.vulnerability-logs - number_of_replicas: 0 - composed_of: - - "logs-tenable_io.vulnerability@package" - - "logs-tenable_io.vulnerability@custom" - - "so-fleet_globals-1" - - "so-fleet_agent_id_verification-1" - priority: 501 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-tenable_io.vulnerability@custom - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 30d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-tenable_sc_x_asset: - index_sorting: false - index_template: - composed_of: - - logs-tenable_sc.asset@package - - logs-tenable_sc.asset@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-tenable_sc.asset@custom - index_patterns: - - logs-tenable_sc.asset-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-tenable_sc.asset-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-tenable_sc_x_plugin: - index_sorting: false - index_template: - composed_of: - - logs-tenable_sc.plugin@package - - logs-tenable_sc.plugin@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-tenable_sc.plugin@custom - index_patterns: - - logs-tenable_sc.plugin-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-tenable_sc.plugin-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-tenable_sc_x_vulnerability: - index_sorting: false - index_template: - composed_of: - - logs-tenable_sc.vulnerability@package - - logs-tenable_sc.vulnerability@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-tenable_sc.vulnerability@custom - index_patterns: - - logs-tenable_sc.vulnerability-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-tenable_sc.vulnerability-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_abusech_x_malware: - index_sorting: false - index_template: - composed_of: - - logs-ti_abusech.malware@package - - logs-ti_abusech.malware@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-ti_abusech.malware@custom - index_patterns: - - logs-ti_abusech.malware-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_abusech.malware-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_abusech_x_malwarebazaar: - index_sorting: false - index_template: - composed_of: - - logs-ti_abusech.malwarebazaar@package - - logs-ti_abusech.malwarebazaar@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-ti_abusech.malwarebazaar@custom - index_patterns: - - logs-ti_abusech.malwarebazaar-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_abusech.malwarebazaar-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_abusech_x_threatfox: - index_sorting: false - index_template: - composed_of: - - logs-ti_abusech.threatfox@package - - logs-ti_abusech.threatfox@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-ti_abusech.threatfox@custom - index_patterns: - - logs-ti_abusech.threatfox-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_abusech.threatfox-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_abusech_x_url: - index_sorting: false - index_template: - composed_of: - - logs-ti_abusech.url@package - - logs-ti_abusech.url@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-ti_abusech.url@custom - index_patterns: - - logs-ti_abusech.url-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_abusech.url-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_anomali_x_threatstream: - index_sorting: false - index_template: - composed_of: - - logs-ti_anomali.threatstream@package - - logs-ti_anomali.threatstream@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-ti_anomali.threatstream@custom - index_patterns: - - logs-ti_anomali.threatstream-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_anomali.threatstream-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_cybersixgill_x_threat: - index_sorting: false - index_template: - composed_of: - - logs-ti_cybersixgill.threat@package - - logs-ti_cybersixgill.threat@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-ti_cybersixgill.threat@custom - index_patterns: - - logs-ti_cybersixgill.threat-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_cybersixgill.threat-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_misp_x_threat: - index_sorting: false - index_template: - composed_of: - - logs-ti_misp.threat@package - - logs-ti_misp.threat@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-ti_misp.threat@custom - index_patterns: - - logs-ti_misp.threat-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_misp.threat-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_misp_x_threat_attributes: - index_sorting: false - index_template: - composed_of: - - logs-ti_misp.threat_attributes@package - - logs-ti_misp.threat_attributes@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-ti_misp.threat_attributes@custom - index_patterns: - - logs-ti_misp.threat_attributes-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_misp.threat_attributes-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_opencti_x_indicator: - index_sorting: False - index_template: - composed_of: - - "logs-ti_opencti.indicator@package" - - "logs-ti_opencti.indicator@custom" - - "so-fleet_globals-1" - - "so-fleet_agent_id_verification-1" - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - "logs-ti_opencti.indicator@custom" - index_patterns: - - "logs-ti_opencti.indicator-*" - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_opencti.indicator-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_otx_x_pulses_subscribed: - index_sorting: false - index_template: - composed_of: - - logs-ti_otx.pulses_subscribed@package - - logs-ti_otx.pulses_subscribed@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-ti_otx.pulses_subscribed@custom - index_patterns: - - logs-ti_otx.pulses_subscribed-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_otx.pulses_subscribed-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_otx_x_threat: - index_sorting: false - index_template: - composed_of: - - logs-ti_otx.threat@package - - logs-ti_otx.threat@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-ti_otx.threat@custom - index_patterns: - - logs-ti_otx.threat-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_otx.threat-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_rapid7_threat_command_x_alert: - index_sorting: false - index_template: - composed_of: - - logs-ti_rapid7_threat_command.alert@package - - logs-ti_rapid7_threat_command.alert@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-ti_rapid7_threat_command.alert@custom - index_patterns: - - logs-ti_rapid7_threat_command.alert-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_rapid7_threat_command.alert-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_rapid7_threat_command_x_ioc: - index_sorting: false - index_template: - composed_of: - - logs-ti_rapid7_threat_command.ioc@package - - logs-ti_rapid7_threat_command.ioc@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-ti_rapid7_threat_command.ioc@custom - index_patterns: - - logs-ti_rapid7_threat_command.ioc-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_rapid7_threat_command.ioc-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_rapid7_threat_command_x_vulnerability: - index_sorting: false - index_template: - composed_of: - - logs-ti_rapid7_threat_command.vulnerability@package - - logs-ti_rapid7_threat_command.vulnerability@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - hidden: false - allow_custom_routing: false - ignore_missing_component_templates: - - logs-ti_rapid7_threat_command.vulnerability@custom - index_patterns: - - logs-ti_rapid7_threat_command.vulnerability-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_rapid7_threat_command.vulnerability-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_recordedfuture_x_latest_ioc-template: - index_sorting: false - index_template: - composed_of: - - logs-ti_recordedfuture.latest_ioc-template@package - - logs-ti_recordedfuture.latest_ioc-template@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-ti_recordedfuture.latest_ioc-template@custom - index_patterns: - - logs-ti_recordedfuture.latest_ioc-template-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_recordedfuture.latest_ioc-template-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_recordedfuture_x_threat: - index_sorting: false - index_template: - composed_of: - - logs-ti_recordedfuture.threat@package - - logs-ti_recordedfuture.threat@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-ti_recordedfuture.threat@custom - index_patterns: - - logs-ti_recordedfuture.threat-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_recordedfuture.threat-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-ti_threatq_x_threat: - index_sorting: false - index_template: - composed_of: - - logs-ti_threatq.threat@package - - logs-ti_threatq.threat@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-ti_threatq.threat@custom - index_patterns: - - logs-ti_threatq.threat-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-ti_threatq.threat-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-trend_micro_vision_one_x_alert: - index_sorting: False - index_template: - index_patterns: - - "logs-trend_micro_vision_one.alert-*" - template: - settings: - index: - lifecycle: - name: so-logs-trend_micro_vision_one.alert-logs - number_of_replicas: 0 - composed_of: - - "logs-trend_micro_vision_one.alert@package" - - "logs-trend_micro_vision_one.alert@custom" - - "so-fleet_globals-1" - - "so-fleet_agent_id_verification-1" - ignore_missing_component_templates: - - "logs-trend_micro_vision_one.alert@custom" - priority: 501 - data_stream: - hidden: false - allow_custom_routing: false - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-trend_micro_vision_one_x_audit: - index_sorting: False - index_template: - index_patterns: - - "logs-trend_micro_vision_one.audit-*" - template: - settings: - index: - lifecycle: - name: so-logs-trend_micro_vision_one.audit-logs - number_of_replicas: 0 - ignore_missing_component_templates: - - "logs-trend_micro_vision_one.audit@custom" - composed_of: - - "logs-trend_micro_vision_one.audit@package" - - "logs-trend_micro_vision_one.audit@custom" - - "so-fleet_globals-1" - - "so-fleet_agent_id_verification-1" - priority: 501 - data_stream: - hidden: false - allow_custom_routing: false - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-trend_micro_vision_one_x_detection: - index_sorting: False - index_template: - index_patterns: - - "logs-trend_micro_vision_one.detection-*" - template: - settings: - index: - lifecycle: - name: so-logs-trend_micro_vision_one.detection-logs - number_of_replicas: 0 - ignore_missing_component_templates: - - "logs-trend_micro_vision_one.detection@custom" - composed_of: - - "logs-trend_micro_vision_one.detection@package" - - "logs-trend_micro_vision_one.detection@custom" - - "so-fleet_globals-1" - - "so-fleet_agent_id_verification-1" - priority: 501 - data_stream: - hidden: false - allow_custom_routing: false - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-trendmicro_x_deep_security: - index_sorting: False - index_template: - index_patterns: - - "logs-trendmicro.deep_security-*" - template: - settings: - index: - lifecycle: - name: so-logs-trend_micro_vision_one.deep_security-logs - number_of_replicas: 0 - ignore_missing_component_templates: - - "logs-trendmicro.deep_security@custom" - composed_of: - - "logs-trendmicro.deep_security@package" - - "logs-trendmicro.deep_security@custom" - - "so-fleet_globals-1" - - "so-fleet_agent_id_verification-1" - priority: 501 - data_stream: - hidden: false - allow_custom_routing: false - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-vsphere_x_log: - index_sorting: false - index_template: - composed_of: - - logs-vsphere.log@package - - logs-vsphere.log@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-vsphere.log@custom - index_patterns: - - logs-vsphere.log-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-vsphere.log-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d so-logs-windows_x_forwarded: index_sorting: false index_template: composed_of: - logs-windows.forwarded@package - logs-windows.forwarded@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -11893,6 +3100,7 @@ elasticsearch: composed_of: - logs-windows.powershell@package - logs-windows.powershell@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -11939,6 +3147,7 @@ elasticsearch: composed_of: - logs-windows.powershell_operational@package - logs-windows.powershell_operational@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -11985,6 +3194,7 @@ elasticsearch: composed_of: - logs-windows.sysmon_operational@package - logs-windows.sysmon_operational@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -12031,6 +3241,7 @@ elasticsearch: composed_of: - logs-winlog.winlog@package - logs-winlog.winlog@custom + - so-fleet_integrations.ip_mappings-1 - so-fleet_globals-1 - so-fleet_agent_id_verification-1 data_stream: @@ -12072,466 +3283,6 @@ elasticsearch: set_priority: priority: 50 min_age: 30d - so-logs-zscaler_zia_x_alerts: - index_sorting: false - index_template: - composed_of: - - logs-zscaler_zia.alerts@package - - logs-zscaler_zia.alerts@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-zscaler_zia.alerts@custom - index_patterns: - - logs-zscaler_zia.alerts-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-zscaler_zia.alerts-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-zscaler_zia_x_dns: - index_sorting: false - index_template: - composed_of: - - logs-zscaler_zia.dns@package - - logs-zscaler_zia.dns@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-zscaler_zia.dns@custom - index_patterns: - - logs-zscaler_zia.dns-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-zscaler_zia.dns-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-zscaler_zia_x_firewall: - index_sorting: false - index_template: - composed_of: - - logs-zscaler_zia.firewall@package - - logs-zscaler_zia.firewall@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-zscaler_zia.firewall@custom - index_patterns: - - logs-zscaler_zia.firewall-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-zscaler_zia.firewall-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-zscaler_zia_x_tunnel: - index_sorting: false - index_template: - composed_of: - - logs-zscaler_zia.tunnel@package - - logs-zscaler_zia.tunnel@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-zscaler_zia.tunnel@custom - index_patterns: - - logs-zscaler_zia.tunnel-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-zscaler_zia.tunnel-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-zscaler_zia_x_web: - index_sorting: false - index_template: - composed_of: - - logs-zscaler_zia.web@package - - logs-zscaler_zia.web@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-zscaler_zia.web@custom - index_patterns: - - logs-zscaler_zia.web-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-zscaler_zia.web-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-zscaler_zpa_x_app_connector_status: - index_sorting: false - index_template: - composed_of: - - logs-zscaler_zpa.app_connector_status@package - - logs-zscaler_zpa.app_connector_status@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-zscaler_zpa.app_connector_status@custom - index_patterns: - - logs-zscaler_zpa.app_connector_status-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-zscaler_zpa.app_connector_status-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-zscaler_zpa_x_audit: - index_sorting: false - index_template: - composed_of: - - logs-zscaler_zpa.audit@package - - logs-zscaler_zpa.audit@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-zscaler_zpa.audit@custom - index_patterns: - - logs-zscaler_zpa.audit-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-zscaler_zpa.audit-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-zscaler_zpa_x_browser_access: - index_sorting: false - index_template: - composed_of: - - logs-zscaler_zpa.browser_access@package - - logs-zscaler_zpa.browser_access@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-zscaler_zpa.browser_access@custom - index_patterns: - - logs-zscaler_zpa.browser_access-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-zscaler_zpa.browser_access-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-zscaler_zpa_x_user_activity: - index_sorting: false - index_template: - composed_of: - - logs-zscaler_zpa.user_activity@package - - logs-zscaler_zpa.user_activity@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-zscaler_zpa.user_activity@custom - index_patterns: - - logs-zscaler_zpa.user_activity-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-zscaler_zpa.user_activity-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-logs-zscaler_zpa_x_user_status: - index_sorting: false - index_template: - composed_of: - - logs-zscaler_zpa.user_status@package - - logs-zscaler_zpa.user_status@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - logs-zscaler_zpa.user_status@custom - index_patterns: - - logs-zscaler_zpa.user_status-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-logs-zscaler_zpa.user_status-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d so-logstash: index_sorting: false index_template: @@ -12827,190 +3578,6 @@ elasticsearch: index: mode: time_series number_of_replicas: 0 - so-metrics-nginx_x_stubstatus: - index_sorting: false - index_template: - composed_of: - - metrics-nginx.stubstatus@package - - metrics-nginx.stubstatus@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - metrics-nginx.stubstatus@custom - index_patterns: - - metrics-nginx.stubstatus-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-metrics-nginx.stubstatus-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-metrics-vsphere_x_datastore: - index_sorting: false - index_template: - composed_of: - - metrics-vsphere.datastore@package - - metrics-vsphere.datastore@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - metrics-vsphere.datastore@custom - index_patterns: - - metrics-vsphere.datastore-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-metrics-vsphere.datastore-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-metrics-vsphere_x_host: - index_sorting: false - index_template: - composed_of: - - metrics-vsphere.host@package - - metrics-vsphere.host@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - metrics-vsphere.host@custom - index_patterns: - - metrics-vsphere.host-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-metrics-vsphere.host-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d - so-metrics-vsphere_x_virtualmachine: - index_sorting: false - index_template: - composed_of: - - metrics-vsphere.virtualmachine@package - - metrics-vsphere.virtualmachine@custom - - so-fleet_globals-1 - - so-fleet_agent_id_verification-1 - data_stream: - allow_custom_routing: false - hidden: false - ignore_missing_component_templates: - - metrics-vsphere.virtualmachine@custom - index_patterns: - - metrics-vsphere.virtualmachine-* - priority: 501 - template: - settings: - index: - lifecycle: - name: so-metrics-vsphere.virtualmachine-logs - number_of_replicas: 0 - policy: - phases: - cold: - actions: - set_priority: - priority: 0 - min_age: 60d - delete: - actions: - delete: {} - min_age: 365d - hot: - actions: - rollover: - max_age: 30d - max_primary_shard_size: 50gb - set_priority: - priority: 100 - min_age: 0ms - warm: - actions: - set_priority: - priority: 50 - min_age: 30d so-redis: index_sorting: false index_template: diff --git a/salt/elasticsearch/enabled.sls b/salt/elasticsearch/enabled.sls index 4699dfb1f..e1629fade 100644 --- a/salt/elasticsearch/enabled.sls +++ b/salt/elasticsearch/enabled.sls @@ -151,7 +151,7 @@ es_template_{{TEMPLATE.split('.')[0] | replace("/","_") }}: {% endfor %} {% endif %} -{% if GLOBALS.role in GLOBALS.manager_roles %} +{% if GLOBALS.role in GLOBALS.manager_roles %} so-es-cluster-settings: cmd.run: - name: /usr/sbin/so-elasticsearch-cluster-settings @@ -160,7 +160,7 @@ so-es-cluster-settings: - require: - docker_container: so-elasticsearch - file: elasticsearch_sbin_jinja -{% endif %} +{% endif %} so-elasticsearch-ilm-policy-load: cmd.run: diff --git a/salt/elasticsearch/files/ingest/global@custom b/salt/elasticsearch/files/ingest/global@custom index 085afd23c..e11a0be72 100644 --- a/salt/elasticsearch/files/ingest/global@custom +++ b/salt/elasticsearch/files/ingest/global@custom @@ -8,7 +8,9 @@ "processors": [ { "set": { "ignore_failure": true, "field": "event.module", "value": "elastic_agent" } }, { "split": { "if": "ctx.event?.dataset != null && ctx.event.dataset.contains('.')", "field": "event.dataset", "separator": "\\.", "target_field": "module_temp" } }, + { "split": { "if": "ctx.data_stream?.dataset.contains('.')", "field":"data_stream.dataset", "separator":"\\.", "target_field":"datastream_dataset_temp", "ignore_missing":true } }, { "set": { "if": "ctx.module_temp != null", "override": true, "field": "event.module", "value": "{{module_temp.0}}" } }, + { "set": { "if": "ctx.datastream_dataset_temp != null && ctx.datastream_dataset_temp[0] == 'network_traffic'", "field":"event.module", "value":"{{ datastream_dataset_temp.0 }}", "ignore_failure":true, "ignore_empty_value":true, "description":"Fix EA network packet capture" } }, { "gsub": { "if": "ctx.event?.dataset != null && ctx.event.dataset.contains('.')", "field": "event.dataset", "pattern": "^[^.]*.", "replacement": "", "target_field": "dataset_tag_temp" } }, { "append": { "if": "ctx.dataset_tag_temp != null", "field": "tags", "value": "{{dataset_tag_temp}}", "allow_duplicates": false } }, { "set": { "if": "ctx.network?.direction == 'egress'", "override": true, "field": "network.initiated", "value": "true" } }, @@ -22,6 +24,6 @@ { "set": { "if": "ctx.event?.module == 'fim'", "override": true, "field": "event.module", "value": "file_integrity" } }, { "rename": { "if": "ctx.winlog?.provider_name == 'Microsoft-Windows-Windows Defender'", "ignore_missing": true, "field": "winlog.event_data.Threat Name", "target_field": "winlog.event_data.threat_name" } }, { "set": { "if": "ctx?.metadata?.kafka != null" , "field": "kafka.id", "value": "{{metadata.kafka.partition}}{{metadata.kafka.offset}}{{metadata.kafka.timestamp}}", "ignore_failure": true } }, - { "remove": { "field": [ "message2", "type", "fields", "category", "module", "dataset", "event.dataset_temp", "dataset_tag_temp", "module_temp" ], "ignore_missing": true, "ignore_failure": true } } + { "remove": { "field": [ "message2", "type", "fields", "category", "module", "dataset", "event.dataset_temp", "dataset_tag_temp", "module_temp", "datastream_dataset_temp" ], "ignore_missing": true, "ignore_failure": true } } ] } diff --git a/salt/elasticsearch/files/ingest/logs-pfsense.log-1.16.0 b/salt/elasticsearch/files/ingest/logs-pfsense.log-1.16.0 deleted file mode 100644 index f53abb0e3..000000000 --- a/salt/elasticsearch/files/ingest/logs-pfsense.log-1.16.0 +++ /dev/null @@ -1,389 +0,0 @@ -{ - "description": "Pipeline for PFsense", - "processors": [ - { - "set": { - "field": "ecs.version", - "value": "8.10.0" - } - }, - { - "set": { - "field": "observer.vendor", - "value": "netgate" - } - }, - { - "set": { - "field": "observer.type", - "value": "firewall" - } - }, - { - "rename": { - "field": "message", - "target_field": "event.original" - } - }, - { - "set": { - "field": "event.kind", - "value": "event" - } - }, - { - "set": { - "field": "event.timezone", - "value": "{{_tmp.tz_offset}}", - "if": "ctx._tmp?.tz_offset != null && ctx._tmp?.tz_offset != 'local'" - } - }, - { - "grok": { - "description": "Parse syslog header", - "field": "event.original", - "patterns": [ - "^(%{ECS_SYSLOG_PRI})?%{TIMESTAMP} %{GREEDYDATA:message}" - ], - "pattern_definitions": { - "ECS_SYSLOG_PRI": "<%{NONNEGINT:log.syslog.priority:long}>(\\d )?", - "TIMESTAMP": "(?:%{BSD_TIMESTAMP_FORMAT}|%{SYSLOG_TIMESTAMP_FORMAT})", - "BSD_TIMESTAMP_FORMAT": "%{SYSLOGTIMESTAMP:_tmp.timestamp}(%{SPACE}%{BSD_PROCNAME}|%{SPACE}%{OBSERVER}%{SPACE}%{BSD_PROCNAME})(\\[%{POSINT:process.pid:long}\\])?:", - "BSD_PROCNAME": "(?:\\b%{NAME:process.name}|\\(%{NAME:process.name}\\))", - "NAME": "[[[:alnum:]]_-]+", - "SYSLOG_TIMESTAMP_FORMAT": "%{TIMESTAMP_ISO8601:_tmp.timestamp8601}%{SPACE}%{OBSERVER}%{SPACE}%{PROCESS}%{SPACE}(%{POSINT:process.pid:long}|-) - (-|%{META})", - "TIMESTAMP_ISO8601": "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE:event.timezone}?", - "OBSERVER": "(?:%{IP:observer.ip}|%{HOSTNAME:observer.name})", - "PROCESS": "(\\(%{DATA:process.name}\\)|(?:%{UNIXPATH}*/)?%{BASEPATH:process.name})", - "BASEPATH": "[[[:alnum:]]_%!$@:.,+~-]+", - "META": "\\[[^\\]]*\\]" - } - } - }, - { - "date": { - "if": "ctx._tmp.timestamp8601 != null", - "field": "_tmp.timestamp8601", - "target_field": "@timestamp", - "formats": [ - "ISO8601" - ] - } - }, - { - "date": { - "if": "ctx.event?.timezone != null && ctx._tmp?.timestamp != null", - "field": "_tmp.timestamp", - "target_field": "@timestamp", - "formats": [ - "MMM d HH:mm:ss", - "MMM d HH:mm:ss", - "MMM dd HH:mm:ss" - ], - "timezone": "{{ event.timezone }}" - } - }, - { - "grok": { - "description": "Set Event Provider", - "field": "process.name", - "patterns": [ - "^%{HYPHENATED_WORDS:event.provider}" - ], - "pattern_definitions": { - "HYPHENATED_WORDS": "\\b[A-Za-z0-9_]+(-[A-Za-z_]+)*\\b" - } - } - }, - { - "pipeline": { - "name": "logs-pfsense.log-1.16.0-firewall", - "if": "ctx.event.provider == 'filterlog'" - } - }, - { - "pipeline": { - "name": "logs-pfsense.log-1.16.0-openvpn", - "if": "ctx.event.provider == 'openvpn'" - } - }, - { - "pipeline": { - "name": "logs-pfsense.log-1.16.0-ipsec", - "if": "ctx.event.provider == 'charon'" - } - }, - { - "pipeline": { - "name": "logs-pfsense.log-1.16.0-dhcp", - "if": "[\"dhcpd\", \"dhclient\", \"dhcp6c\"].contains(ctx.event.provider)" - } - }, - { - "pipeline": { - "name": "logs-pfsense.log-1.16.0-unbound", - "if": "ctx.event.provider == 'unbound'" - } - }, - { - "pipeline": { - "name": "logs-pfsense.log-1.16.0-haproxy", - "if": "ctx.event.provider == 'haproxy'" - } - }, - { - "pipeline": { - "name": "logs-pfsense.log-1.16.0-php-fpm", - "if": "ctx.event.provider == 'php-fpm'" - } - }, - { - "pipeline": { - "name": "logs-pfsense.log-1.16.0-squid", - "if": "ctx.event.provider == 'squid'" - } - }, - { - "pipeline": { - "name": "logs-pfsense.log-1.16.0-suricata", - "if": "ctx.event.provider == 'suricata'" - } - }, - { - "drop": { - "if": "![\"filterlog\", \"openvpn\", \"charon\", \"dhcpd\", \"dhclient\", \"dhcp6c\", \"unbound\", \"haproxy\", \"php-fpm\", \"squid\", \"suricata\"].contains(ctx.event?.provider)" - } - }, - { - "append": { - "field": "event.category", - "value": "network", - "if": "ctx.network != null" - } - }, - { - "convert": { - "field": "source.address", - "target_field": "source.ip", - "type": "ip", - "ignore_failure": true, - "ignore_missing": true - } - }, - { - "convert": { - "field": "destination.address", - "target_field": "destination.ip", - "type": "ip", - "ignore_failure": true, - "ignore_missing": true - } - }, - { - "set": { - "field": "network.type", - "value": "ipv6", - "if": "ctx.source?.ip != null && ctx.source.ip.contains(\":\")" - } - }, - { - "set": { - "field": "network.type", - "value": "ipv4", - "if": "ctx.source?.ip != null && ctx.source.ip.contains(\".\")" - } - }, - { - "geoip": { - "field": "source.ip", - "target_field": "source.geo", - "ignore_missing": true - } - }, - { - "geoip": { - "field": "destination.ip", - "target_field": "destination.geo", - "ignore_missing": true - } - }, - { - "geoip": { - "ignore_missing": true, - "database_file": "GeoLite2-ASN.mmdb", - "field": "source.ip", - "target_field": "source.as", - "properties": [ - "asn", - "organization_name" - ] - } - }, - { - "geoip": { - "database_file": "GeoLite2-ASN.mmdb", - "field": "destination.ip", - "target_field": "destination.as", - "properties": [ - "asn", - "organization_name" - ], - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.asn", - "target_field": "source.as.number", - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.organization_name", - "target_field": "source.as.organization.name", - "ignore_missing": true - } - }, - { - "rename": { - "field": "destination.as.asn", - "target_field": "destination.as.number", - "ignore_missing": true - } - }, - { - "rename": { - "field": "destination.as.organization_name", - "target_field": "destination.as.organization.name", - "ignore_missing": true - } - }, - { - "community_id": { - "target_field": "network.community_id", - "ignore_failure": true - } - }, - { - "grok": { - "field": "observer.ingress.interface.name", - "patterns": [ - "%{DATA}.%{NONNEGINT:observer.ingress.vlan.id}" - ], - "ignore_missing": true, - "ignore_failure": true - } - }, - { - "set": { - "field": "network.vlan.id", - "copy_from": "observer.ingress.vlan.id", - "ignore_empty_value": true - } - }, - { - "append": { - "field": "related.ip", - "value": "{{destination.ip}}", - "allow_duplicates": false, - "if": "ctx.destination?.ip != null" - } - }, - { - "append": { - "field": "related.ip", - "value": "{{source.ip}}", - "allow_duplicates": false, - "if": "ctx.source?.ip != null" - } - }, - { - "append": { - "field": "related.ip", - "value": "{{source.nat.ip}}", - "allow_duplicates": false, - "if": "ctx.source?.nat?.ip != null" - } - }, - { - "append": { - "field": "related.hosts", - "value": "{{destination.domain}}", - "if": "ctx.destination?.domain != null" - } - }, - { - "append": { - "field": "related.user", - "value": "{{user.name}}", - "if": "ctx.user?.name != null" - } - }, - { - "set": { - "field": "network.direction", - "value": "{{network.direction}}bound", - "if": "ctx.network?.direction != null && ctx.network?.direction =~ /^(in|out)$/" - } - }, - { - "remove": { - "field": [ - "_tmp" - ], - "ignore_failure": true - } - }, - { - "script": { - "lang": "painless", - "description": "This script processor iterates over the whole document to remove fields with null values.", - "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null || (v instanceof String && v == \"-\"));\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" - } - }, - { - "remove": { - "field": "event.original", - "if": "ctx.tags == null || !(ctx.tags.contains('preserve_original_event'))", - "ignore_failure": true, - "ignore_missing": true - } - }, - { - "pipeline": { - "name": "logs-pfsense.log@custom", - "ignore_missing_pipeline": true - } - } - ], - "on_failure": [ - { - "remove": { - "field": [ - "_tmp" - ], - "ignore_failure": true - } - }, - { - "set": { - "field": "event.kind", - "value": "pipeline_error" - } - }, - { - "append": { - "field": "error.message", - "value": "{{{ _ingest.on_failure_message }}}" - } - } - ], - "_meta": { - "managed_by": "fleet", - "managed": true, - "package": { - "name": "pfsense" - } - } -} diff --git a/salt/elasticsearch/files/ingest/logs-pfsense.log-1.19.1 b/salt/elasticsearch/files/ingest/logs-pfsense.log-1.21.0 similarity index 90% rename from salt/elasticsearch/files/ingest/logs-pfsense.log-1.19.1 rename to salt/elasticsearch/files/ingest/logs-pfsense.log-1.21.0 index 6166f6b55..7c4f2575f 100644 --- a/salt/elasticsearch/files/ingest/logs-pfsense.log-1.19.1 +++ b/salt/elasticsearch/files/ingest/logs-pfsense.log-1.21.0 @@ -1,10 +1,17 @@ { "description": "Pipeline for PFsense", + "_meta": { + "managed_by": "fleet", + "managed": true, + "package": { + "name": "pfsense" + } + }, "processors": [ { "set": { "field": "ecs.version", - "value": "8.11.0" + "value": "8.17.0" } }, { @@ -36,7 +43,7 @@ { "set": { "field": "event.timezone", - "value": "{{_tmp.tz_offset}}", + "value": "{{{_tmp.tz_offset}}}", "if": "ctx._tmp?.tz_offset != null && ctx._tmp?.tz_offset != 'local'" } }, @@ -83,7 +90,7 @@ "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ], - "timezone": "{{ event.timezone }}" + "timezone": "{{{ event.timezone }}}" } }, { @@ -100,61 +107,67 @@ }, { "pipeline": { - "name": "logs-pfsense.log-1.19.1-firewall", + "name": "logs-pfsense.log-1.21.0-firewall", "if": "ctx.event.provider == 'filterlog'" } }, { "pipeline": { - "name": "logs-pfsense.log-1.19.1-openvpn", + "name": "logs-pfsense.log-1.21.0-openvpn", "if": "ctx.event.provider == 'openvpn'" } }, { "pipeline": { - "name": "logs-pfsense.log-1.19.1-ipsec", + "name": "logs-pfsense.log-1.21.0-ipsec", "if": "ctx.event.provider == 'charon'" } }, { "pipeline": { - "name": "logs-pfsense.log-1.19.1-dhcp", + "name": "logs-pfsense.log-1.21.0-dhcp", "if": "[\"dhcpd\", \"dhclient\", \"dhcp6c\"].contains(ctx.event.provider)" } }, { "pipeline": { - "name": "logs-pfsense.log-1.19.1-unbound", + "name": "logs-pfsense.log-1.21.0-unbound", "if": "ctx.event.provider == 'unbound'" } }, { "pipeline": { - "name": "logs-pfsense.log-1.19.1-haproxy", + "name": "logs-pfsense.log-1.21.0-haproxy", "if": "ctx.event.provider == 'haproxy'" } }, { "pipeline": { - "name": "logs-pfsense.log-1.19.1-php-fpm", + "name": "logs-pfsense.log-1.21.0-php-fpm", "if": "ctx.event.provider == 'php-fpm'" } }, { "pipeline": { - "name": "logs-pfsense.log-1.19.1-squid", + "name": "logs-pfsense.log-1.21.0-squid", "if": "ctx.event.provider == 'squid'" } }, { - "pipeline": { - "name": "logs-pfsense.log-1.16.0-suricata", + "pipeline": { + "name": "logs-pfsense.log-1.21.0-snort", + "if": "ctx.event.provider == 'snort'" + } + }, + { + "pipeline": { + "name": "logs-pfsense.log-1.21.0-suricata", "if": "ctx.event.provider == 'suricata'" } }, { "drop": { - "if": "![\"filterlog\", \"openvpn\", \"charon\", \"dhcpd\", \"dhclient\", \"dhcp6c\", \"unbound\", \"haproxy\", \"php-fpm\", \"squid\", \"suricata\"].contains(ctx.event?.provider)" + "if": "![\"filterlog\", \"openvpn\", \"charon\", \"dhcpd\", \"dhclient\", \"dhcp6c\", \"unbound\", \"haproxy\", \"php-fpm\", \"squid\", \"snort\", \"suricata\"].contains(ctx.event?.provider)" } }, { @@ -288,7 +301,7 @@ { "append": { "field": "related.ip", - "value": "{{destination.ip}}", + "value": "{{{destination.ip}}}", "allow_duplicates": false, "if": "ctx.destination?.ip != null" } @@ -296,7 +309,7 @@ { "append": { "field": "related.ip", - "value": "{{source.ip}}", + "value": "{{{source.ip}}}", "allow_duplicates": false, "if": "ctx.source?.ip != null" } @@ -304,7 +317,7 @@ { "append": { "field": "related.ip", - "value": "{{source.nat.ip}}", + "value": "{{{source.nat.ip}}}", "allow_duplicates": false, "if": "ctx.source?.nat?.ip != null" } @@ -312,21 +325,21 @@ { "append": { "field": "related.hosts", - "value": "{{destination.domain}}", + "value": "{{{destination.domain}}}", "if": "ctx.destination?.domain != null" } }, { "append": { "field": "related.user", - "value": "{{user.name}}", + "value": "{{{user.name}}}", "if": "ctx.user?.name != null" } }, { "set": { "field": "network.direction", - "value": "{{network.direction}}bound", + "value": "{{{network.direction}}}bound", "if": "ctx.network?.direction != null && ctx.network?.direction =~ /^(in|out)$/" } }, @@ -403,12 +416,5 @@ "value": "{{{ _ingest.on_failure_message }}}" } } - ], - "_meta": { - "managed_by": "fleet", - "managed": true, - "package": { - "name": "pfsense" - } - } -} + ] +} \ No newline at end of file diff --git a/salt/elasticsearch/files/ingest/logs-pfsense.log-1.16.0-suricata b/salt/elasticsearch/files/ingest/logs-pfsense.log-1.21.0-suricata similarity index 100% rename from salt/elasticsearch/files/ingest/logs-pfsense.log-1.16.0-suricata rename to salt/elasticsearch/files/ingest/logs-pfsense.log-1.21.0-suricata diff --git a/salt/elasticsearch/files/ingest/zeek.software b/salt/elasticsearch/files/ingest/zeek.software index f5d3d1013..11298ba0b 100644 --- a/salt/elasticsearch/files/ingest/zeek.software +++ b/salt/elasticsearch/files/ingest/zeek.software @@ -11,7 +11,7 @@ { "dot_expander": { "field": "version.minor2", "path": "message2", "ignore_failure": true } }, { "rename": { "field": "message2.version.minor2", "target_field": "software.version.minor2", "ignore_missing": true } }, { "dot_expander": { "field": "version.minor3", "path": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.version.minor3", "target_field": "version.minor3", "ignore_missing": true } }, + { "rename": { "field": "message2.version.minor3", "target_field": "software.version.minor3", "ignore_missing": true } }, { "dot_expander": { "field": "version.addl", "path": "message2", "ignore_failure": true } }, { "rename": { "field": "message2.version.addl", "target_field": "software.version.additional_info", "ignore_missing": true } }, { "rename": { "field": "message2.host", "target_field": "source.ip", "ignore_missing": true } }, diff --git a/salt/elasticsearch/soc_elasticsearch.yaml b/salt/elasticsearch/soc_elasticsearch.yaml index 0db3f34fa..adce41bff 100644 --- a/salt/elasticsearch/soc_elasticsearch.yaml +++ b/salt/elasticsearch/soc_elasticsearch.yaml @@ -77,6 +77,12 @@ elasticsearch: custom008: *pipelines custom009: *pipelines custom010: *pipelines + managed_integrations: + description: List of integrations to add into SOC config UI. Enter the full or partial integration name. Eg. 1password, 1pass + forcedType: "[]string" + global: True + advanced: True + helpLink: elasticsearch.html index_settings: global_overrides: index_template: @@ -166,7 +172,7 @@ elasticsearch: index_template: index_patterns: description: Patterns for matching multiple indices or tables. - forceType: "[]string" + forcedType: "[]string" multiline: True global: True advanced: True @@ -358,161 +364,9 @@ elasticsearch: so-logs-windows_x_powershell_operational: *indexSettings so-logs-windows_x_sysmon_operational: *indexSettings so-logs-winlog_x_winlog: *indexSettings - so-logs-apache_x_access: *indexSettings - so-logs-apache_x_error: *indexSettings - so-logs-auditd_x_log: *indexSettings - so-logs-aws_x_cloudtrail: *indexSettings - so-logs-aws_x_cloudwatch_logs: *indexSettings - so-logs-aws_x_ec2_logs: *indexSettings - so-logs-aws_x_elb_logs: *indexSettings - so-logs-aws_x_firewall_logs: *indexSettings - so-logs-aws_x_route53_public_logs: *indexSettings - so-logs-aws_x_route53_resolver_logs: *indexSettings - so-logs-aws_x_s3access: *indexSettings - so-logs-aws_x_vpcflow: *indexSettings - so-logs-aws_x_waf: *indexSettings - so-logs-azure_x_activitylogs: *indexSettings - so-logs-azure_x_application_gateway: *indexSettings - so-logs-azure_x_auditlogs: *indexSettings - so-logs-azure_x_eventhub: *indexSettings - so-logs-azure_x_firewall_logs: *indexSettings - so-logs-azure_x_identity_protection: *indexSettings - so-logs-azure_x_platformlogs: *indexSettings - so-logs-azure_x_provisioning: *indexSettings - so-logs-azure_x_signinlogs: *indexSettings - so-logs-azure_x_springcloudlogs: *indexSettings - so-logs-barracuda_x_waf: *indexSettings - so-logs-barracuda_cloudgen_firewall_x_log: *indexSettings - so-logs-cef_x_log: *indexSettings - so-logs-cisco_asa_x_log: *indexSettings - so-logs-cisco_ftd_x_log: *indexSettings - so-logs-cisco_ios_x_log: *indexSettings - so-logs-cisco_ise_x_log: *indexSettings - so-logs-citrix_adc_x_interface: *indexSettings - so-logs-citrix_adc_x_lbvserver: *indexSettings - so-logs-citrix_adc_x_service: *indexSettings - so-logs-citrix_adc_x_system: *indexSettings - so-logs-citrix_adc_x_vpn: *indexSettings - so-logs-citrix_waf_x_log: *indexSettings - so-logs-cloudflare_x_audit: *indexSettings - so-logs-cloudflare_x_logpull: *indexSettings - so-logs-crowdstrike_x_alert: *indexSettings - so-logs-crowdstrike_x_falcon: *indexSettings - so-logs-crowdstrike_x_fdr: *indexSettings - so-logs-crowdstrike_x_host: *indexSettings - so-logs-darktrace_x_ai_analyst_alert: *indexSettings - so-logs-darktrace_x_model_breach_alert: *indexSettings - so-logs-darktrace_x_system_status_alert: *indexSettings so-logs-detections_x_alerts: *indexSettings - so-logs-f5_bigip_x_log: *indexSettings - so-logs-fim_x_event: *indexSettings - so-logs-fortinet_x_clientendpoint: *indexSettings - so-logs-fortinet_x_firewall: *indexSettings - so-logs-fortinet_x_fortimail: *indexSettings - so-logs-fortinet_x_fortimanager: *indexSettings - so-logs-fortinet_x_fortigate: *indexSettings - so-logs-gcp_x_audit: *indexSettings - so-logs-gcp_x_dns: *indexSettings - so-logs-gcp_x_firewall: *indexSettings - so-logs-gcp_x_loadbalancing_logs: *indexSettings - so-logs-gcp_x_vpcflow: *indexSettings - so-logs-github_x_audit: *indexSettings - so-logs-github_x_code_scanning: *indexSettings - so-logs-github_x_dependabot: *indexSettings - so-logs-github_x_issues: *indexSettings - so-logs-github_x_secret_scanning: *indexSettings - so-logs-google_workspace_x_access_transparency: *indexSettings - so-logs-google_workspace_x_admin: *indexSettings - so-logs-google_workspace_x_alert: *indexSettings - so-logs-google_workspace_x_context_aware_access: *indexSettings - so-logs-google_workspace_x_device: *indexSettings - so-logs-google_workspace_x_drive: *indexSettings - so-logs-google_workspace_x_gcp: *indexSettings - so-logs-google_workspace_x_group_enterprise: *indexSettings - so-logs-google_workspace_x_groups: *indexSettings - so-logs-google_workspace_x_login: *indexSettings - so-logs-google_workspace_x_rules: *indexSettings - so-logs-google_workspace_x_saml: *indexSettings - so-logs-google_workspace_x_token: *indexSettings - so-logs-google_workspace_x_user_accounts: *indexSettings so-logs-http_endpoint_x_generic: *indexSettings so-logs-httpjson_x_generic: *indexSettings - so-logs-iis_x_access: *indexSettings - so-logs-iis_x_error: *indexSettings - so-logs-imperva_cloud_waf_x_event: *indexSettings - so-logs-juniper_x_junos: *indexSettings - so-logs-juniper_x_netscreen: *indexSettings - so-logs-juniper_x_srx: *indexSettings - so-logs-juniper_srx_x_log: *indexSettings - so-logs-kafka_log_x_generic: *indexSettings - so-logs-lastpass_x_detailed_shared_folder: *indexSettings - so-logs-lastpass_x_event_report: *indexSettings - so-logs-lastpass_x_user: *indexSettings - so-logs-m365_defender_x_event: *indexSettings - so-logs-m365_defender_x_incident: *indexSettings - so-logs-m365_defender_x_log: *indexSettings - so-logs-microsoft_defender_endpoint_x_log: *indexSettings - so-logs-microsoft_dhcp_x_log: *indexSettings - so-logs-microsoft_sqlserver_x_audit: *indexSettings - so-logs-microsoft_sqlserver_x_log: *indexSettings - so-logs-mysql_x_error: *indexSettings - so-logs-mysql_x_slowlog: *indexSettings - so-logs-netflow_x_log: *indexSettings - so-logs-nginx_x_access: *indexSettings - so-logs-nginx_x_error: *indexSettings - so-logs-o365_x_audit: *indexSettings - so-logs-okta_x_system: *indexSettings - so-logs-panw_x_panos: *indexSettings - so-logs-pfsense_x_log: *indexSettings - so-logs-proofpoint_tap_x_clicks_blocked: *indexSettings - so-logs-proofpoint_tap_x_clicks_permitted: *indexSettings - so-logs-proofpoint_tap_x_message_blocked: *indexSettings - so-logs-proofpoint_tap_x_message_delivered: *indexSettings - so-logs-sentinel_one_x_activity: *indexSettings - so-logs-sentinel_one_x_agent: *indexSettings - so-logs-sentinel_one_x_alert: *indexSettings - so-logs-sentinel_one_x_group: *indexSettings - so-logs-sentinel_one_x_threat: *indexSettings - so-logs-sonicwall_firewall_x_log: *indexSettings - so-logs-snort_x_log: *indexSettings - so-logs-symantec_endpoint_x_log: *indexSettings - so-logs-tenable_io_x_asset: *indexSettings - so-logs-tenable_io_x_plugin: *indexSettings - so-logs-tenable_io_x_scan: *indexSettings - so-logs-tenable_io_x_vulnerability: *indexSettings - so-logs-tenable_sc_x_asset: *indexSettings - so-logs-tenable_sc_x_plugin: *indexSettings - so-logs-tenable_sc_x_vulnerability: *indexSettings - so-logs-ti_abusech_x_malware: *indexSettings - so-logs-ti_abusech_x_malwarebazaar: *indexSettings - so-logs-ti_abusech_x_threatfox: *indexSettings - so-logs-ti_abusech_x_url: *indexSettings - so-logs-ti_anomali_x_threatstream: *indexSettings - so-logs-ti_cybersixgill_x_threat: *indexSettings - so-logs-ti_misp_x_threat: *indexSettings - so-logs-ti_misp_x_threat_attributes: *indexSettings - so-logs-ti_opencti_x_indicator: *indexSettings - so-logs-ti_otx_x_pulses_subscribed: *indexSettings - so-logs-ti_otx_x_threat: *indexSettings - so-logs-ti_recordedfuture_x_latest_ioc-template: *indexSettings - so-logs-ti_recordedfuture_x_threat: *indexSettings - so-logs-ti_threatq_x_threat: *indexSettings - so-logs-trend_micro_vision_one_x_alert: *indexSettings - so-logs-trend_micro_vision_one_x_audit: *indexSettings - so-logs-trend_micro_vision_one_x_detection: *indexSettings - so-logs-trendmicro_x_deep_security: *indexSettings - so-logs-zscaler_zia_x_alerts: *indexSettings - so-logs-zscaler_zia_x_dns: *indexSettings - so-logs-zscaler_zia_x_firewall: *indexSettings - so-logs-zscaler_zia_x_tunnel: *indexSettings - so-logs-zscaler_zia_x_web: *indexSettings - so-logs-zscaler_zpa_x_app_connector_status: *indexSettings - so-logs-zscaler_zpa_x_audit: *indexSettings - so-logs-zscaler_zpa_x_browser_access: *indexSettings - so-logs-zscaler_zpa_x_user_activity: *indexSettings - so-logs-zscaler_zpa_x_user_status: *indexSettings - so-logs-1password_x_item_usages: *indexSettings - so-logs-1password_x_signin_attempts: *indexSettings so-logs-osquery-manager-actions: *indexSettings so-logs-osquery-manager-action_x_responses: *indexSettings so-logs-elastic_agent_x_apm_server: *indexSettings @@ -538,6 +392,9 @@ elasticsearch: so-metrics-endpoint_x_metrics: *indexSettings so-metrics-endpoint_x_policy: *indexSettings so-metrics-nginx_x_stubstatus: *indexSettings + so-metrics-vsphere_x_datastore: *indexSettings + so-metrics-vsphere_x_host: *indexSettings + so-metrics-vsphere_x_virtualmachine: *indexSettings so-case: *indexSettings so-common: *indexSettings so-endgame: *indexSettings diff --git a/salt/elasticsearch/template.map.jinja b/salt/elasticsearch/template.map.jinja index 507ea533d..aa90cb81b 100644 --- a/salt/elasticsearch/template.map.jinja +++ b/salt/elasticsearch/template.map.jinja @@ -14,6 +14,18 @@ {% set ES_INDEX_SETTINGS_ORIG = ELASTICSEARCHDEFAULTS.elasticsearch.index_settings %} +{# start generation of integration default index_settings #} +{% if salt['file.file_exists']('/opt/so/state/esfleet_package_components.json') %} +{% set check_package_components = salt['file.stats']('/opt/so/state/esfleet_package_components.json') %} +{% if check_package_components.size > 1 %} +{% from 'elasticfleet/integration-defaults.map.jinja' import ADDON_INTEGRATION_DEFAULTS %} +{% for index, settings in ADDON_INTEGRATION_DEFAULTS.items() %} +{% do ES_INDEX_SETTINGS_ORIG.update({index: settings}) %} +{% endfor %} +{% endif%} +{% endif %} +{# end generation of integration default index_settings #} + {% set ES_INDEX_SETTINGS_GLOBAL_OVERRIDES = {} %} {% for index in ES_INDEX_SETTINGS_ORIG.keys() %} {% do ES_INDEX_SETTINGS_GLOBAL_OVERRIDES.update({index: salt['defaults.merge'](ELASTICSEARCHDEFAULTS.elasticsearch.index_settings[index], PILLAR_GLOBAL_OVERRIDES, in_place=False)}) %} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-1password.item_usages@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-1password.item_usages@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-1password.item_usages@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-1password.signin_attempts@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-1password.signin_attempts@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-1password.signin_attempts@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-apache.access@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-apache.access@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-apache.access@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-apache.error@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-apache.error@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-apache.error@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-auditd.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-auditd.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-auditd.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-auth0.logs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-auth0.logs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-auth0.logs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.cloudfront_logs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-aws.cloudfront_logs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.cloudfront_logs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.cloudtrail@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-aws.cloudtrail@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.cloudtrail@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.cloudwatch_logs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-aws.cloudwatch_logs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.cloudwatch_logs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.ec2_logs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-aws.ec2_logs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.ec2_logs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.elb_logs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-aws.elb_logs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.elb_logs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.firewall_logs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-aws.firewall_logs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.firewall_logs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.guardduty@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-aws.guardduty@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.guardduty@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.inspector@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-aws.inspector@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.inspector@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.route53_public_logs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-aws.route53_public_logs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.route53_public_logs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.route53_resolver_logs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-aws.route53_resolver_logs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.route53_resolver_logs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.s3access@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-aws.s3access@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.s3access@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.securityhub_findings@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-aws.securityhub_findings@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.securityhub_findings@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.securityhub_insights@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-aws.securityhub_insights@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.securityhub_insights@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.vpcflow@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-aws.vpcflow@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.vpcflow@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.waf@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-aws.waf@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-aws.waf@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.activitylogs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-azure.activitylogs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.activitylogs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.application_gateway@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-azure.application_gateway@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.application_gateway@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.auditlogs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-azure.auditlogs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.auditlogs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.eventhub@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-azure.eventhub@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.eventhub@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.firewall_logs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-azure.firewall_logs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.firewall_logs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.identity_protection@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-azure.identity_protection@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.identity_protection@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.platformlogs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-azure.platformlogs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.platformlogs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.provisioning@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-azure.provisioning@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.provisioning@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.signinlogs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-azure.signinlogs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.signinlogs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.springcloudlogs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-azure.springcloudlogs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-azure.springcloudlogs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-barracuda.waf@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-barracuda.waf@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-barracuda.waf@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-barracuda_cloudgen_firewall.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-barracuda_cloudgen_firewall.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-barracuda_cloudgen_firewall.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-carbonblack_edr.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-carbonblack_edr.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-carbonblack_edr.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cef.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cef.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cef.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-checkpoint.firewall@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-checkpoint.firewall@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-checkpoint.firewall@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_asa.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_asa.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_asa.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_duo.admin@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_duo.admin@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_duo.admin@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_duo.auth@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_duo.auth@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_duo.auth@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_duo.offline_enrollment@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_duo.offline_enrollment@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_duo.offline_enrollment@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_duo.summary@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_duo.summary@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_duo.summary@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_duo.telephony@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_duo.telephony@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_duo.telephony@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_ftd.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_ftd.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_ftd.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_ios.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_ios.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_ios.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_ise.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_ise.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_ise.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_meraki.events@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_meraki.events@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_meraki.events@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_meraki.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_meraki.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_meraki.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_secure_email_gateway.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_secure_email_gateway.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_secure_email_gateway.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_umbrella.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_umbrella.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cisco_umbrella.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_adc.interface@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_adc.interface@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_adc.interface@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_adc.lbvserver@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_adc.lbvserver@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_adc.lbvserver@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_adc.service@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_adc.service@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_adc.service@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_adc.system@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_adc.system@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_adc.system@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_adc.vpn@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_adc.vpn@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_adc.vpn@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_waf.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_waf.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-citrix_waf.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare.audit@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare.audit@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare.audit@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare.logpull@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare.logpull@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare.logpull@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.access_request@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.access_request@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.access_request@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.audit@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.audit@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.audit@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.casb@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.casb@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.casb@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.device_posture@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.device_posture@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.device_posture@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.dns@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.dns@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.dns@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.dns_firewall@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.dns_firewall@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.dns_firewall@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.firewall_event@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.firewall_event@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.firewall_event@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_dns@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_dns@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_dns@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_http@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_http@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_http@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_network@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_network@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_network@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.http_request@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.http_request@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.http_request@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.magic_ids@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.magic_ids@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.magic_ids@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.nel_report@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.nel_report@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.nel_report@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.network_analytics@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.network_analytics@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.network_analytics@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.network_session@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.network_session@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.network_session@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.sinkhole_http@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.sinkhole_http@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.sinkhole_http@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.spectrum_event@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.spectrum_event@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.spectrum_event@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.workers_trace@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.workers_trace@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.workers_trace@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-crowdstrike.alert@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-crowdstrike.alert@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-crowdstrike.alert@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-crowdstrike.falcon@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-crowdstrike.falcon@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-crowdstrike.falcon@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-crowdstrike.fdr@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-crowdstrike.fdr@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-crowdstrike.fdr@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-crowdstrike.host@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-crowdstrike.host@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-crowdstrike.host@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-darktrace.ai_analyst_alert@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-darktrace.ai_analyst_alert@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-darktrace.ai_analyst_alert@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-darktrace.model_breach_alert@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-darktrace.model_breach_alert@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-darktrace.model_breach_alert@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-darktrace.system_status_alert@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-darktrace.system_status_alert@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-darktrace.system_status_alert@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.apm_server@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.apm_server@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.apm_server@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.auditbeat@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.auditbeat@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.auditbeat@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.cloudbeat@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.cloudbeat@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.cloudbeat@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.endpoint_security@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.endpoint_security@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.endpoint_security@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.filebeat@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.filebeat@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.filebeat@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.fleet_server@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.fleet_server@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.fleet_server@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.heartbeat@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.heartbeat@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.heartbeat@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.metricbeat@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.metricbeat@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.metricbeat@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.osquerybeat@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.osquerybeat@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.osquerybeat@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.packetbeat@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.packetbeat@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent.packetbeat@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent@custom.json deleted file mode 100644 index d8d14a5a9..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent@custom.json +++ /dev/null @@ -1,43 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent@package.json b/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent@package.json deleted file mode 100644 index efd85bb4b..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-elastic_agent@package.json +++ /dev/null @@ -1,383 +0,0 @@ -{ - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "default_pipeline": "logs-elastic_agent-1.20.0", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.os.build", - "host.os.codename", - "host.type", - "ecs.version", - "agent.build.original", - "agent.ephemeral_id", - "agent.id", - "agent.name", - "agent.type", - "agent.version", - "log.level", - "message", - "elastic_agent.id", - "elastic_agent.process", - "elastic_agent.version", - "component.id", - "component.type", - "component.binary", - "component.state", - "component.old_state", - "unit.id", - "unit.type", - "unit.state", - "unit.old_state" - ] - } - } - }, - "mappings": { - "dynamic": false, - "dynamic_templates": [ - { - "container.labels": { - "path_match": "container.labels.*", - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "properties": { - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "agent": { - "properties": { - "build": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "elastic_agent": { - "properties": { - "process": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "snapshot": { - "type": "boolean" - } - } - }, - "message": { - "type": "text" - }, - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "component": { - "properties": { - "binary": { - "ignore_above": 1024, - "type": "keyword" - }, - "old_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "wildcard" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "unit": { - "properties": { - "old_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "wildcard" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "@timestamp": { - "type": "date" - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "dataset": { - "type": "constant_keyword" - } - } - } - } - } - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.alerts@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.alerts@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.alerts@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.diagnostic.collection@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.diagnostic.collection@custom.json deleted file mode 100644 index 5bbe3c1fa..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.diagnostic.collection@custom.json +++ /dev/null @@ -1,43 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - }, - "_meta": { - "package": { - "name": "endpoint" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.diagnostic.collection@package.json b/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.diagnostic.collection@package.json deleted file mode 100644 index bf60f2543..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.diagnostic.collection@package.json +++ /dev/null @@ -1,132 +0,0 @@ -{ - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "logs-endpoint.collection-diagnostic" - }, - "codec": "best_compression", - "default_pipeline": "logs-endpoint.diagnostic.collection-8.10.2", - "mapping": { - "total_fields": { - "limit": "10000" - }, - "ignore_malformed": "true" - }, - "query": { - "default_field": [ - "ecs.version", - "event.action", - "event.category", - "event.code", - "event.dataset", - "event.hash", - "event.id", - "event.kind", - "event.module", - "event.outcome", - "event.provider", - "event.type" - ] - } - } - }, - "mappings": { - "dynamic": false, - "properties": { - "@timestamp": { - "ignore_malformed": false, - "type": "date" - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "event": { - "properties": { - "severity": { - "type": "long" - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "sequence": { - "type": "long" - }, - "ingested": { - "type": "date" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "dataset": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - }, - "_meta": { - "package": { - "name": "endpoint" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.api@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.api@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.api@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.file@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.file@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.file@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.library@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.library@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.library@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.network@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.network@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.network@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.process@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.process@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.process@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.registry@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.registry@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.registry@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.security@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.security@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-endpoint.events.security@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-f5_bigip.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-f5_bigip.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-f5_bigip.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-fim.event@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-fim.event@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-fim.event@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-fireeye.nx@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-fireeye.nx@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-fireeye.nx@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-fortinet.clientendpoint@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-fortinet.clientendpoint@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-fortinet.clientendpoint@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-fortinet.firewall@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-fortinet.firewall@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-fortinet.firewall@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-fortinet.fortimail@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-fortinet.fortimail@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-fortinet.fortimail@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-fortinet.fortimanager@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-fortinet.fortimanager@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-fortinet.fortimanager@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-fortinet_fortigate.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-fortinet_fortigate.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-fortinet_fortigate.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-gcp.audit@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-gcp.audit@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-gcp.audit@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-gcp.dns@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-gcp.dns@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-gcp.dns@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-gcp.firewall@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-gcp.firewall@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-gcp.firewall@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-gcp.loadbalancing_logs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-gcp.loadbalancing_logs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-gcp.loadbalancing_logs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-gcp.vpcflow@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-gcp.vpcflow@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-gcp.vpcflow@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-github.audit@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-github.audit@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-github.audit@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-github.code_scanning@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-github.code_scanning@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-github.code_scanning@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-github.dependabot@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-github.dependabot@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-github.dependabot@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-github.issues@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-github.issues@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-github.issues@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-github.secret_scanning@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-github.secret_scanning@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-github.secret_scanning@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.access_transparency@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.access_transparency@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.access_transparency@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.admin@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.admin@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.admin@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.alert@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.alert@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.alert@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.context_aware_access@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.context_aware_access@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.context_aware_access@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.device@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.device@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.device@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.drive@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.drive@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.drive@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.gcp@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.gcp@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.gcp@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.group_enterprise@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.group_enterprise@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.group_enterprise@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.groups@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.groups@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.groups@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.login@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.login@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.login@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.rules@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.rules@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.rules@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.saml@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.saml@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.saml@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.token@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.token@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.token@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.user_accounts@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.user_accounts@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-google_workspace.user_accounts@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-http_endpoint.generic@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-http_endpoint.generic@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-http_endpoint.generic@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-httpjson.generic@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-httpjson.generic@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-httpjson.generic@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-iis.access@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-iis.access@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-iis.access@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-iis.error@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-iis.error@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-iis.error@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-imperva_cloud_waf.event@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-imperva_cloud_waf.event@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-imperva_cloud_waf.event@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-juniper.junos@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-juniper.junos@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-juniper.junos@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-juniper.netscreen@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-juniper.netscreen@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-juniper.netscreen@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-juniper.srx@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-juniper.srx@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-juniper.srx@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-juniper_srx.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-juniper_srx.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-juniper_srx.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-kafka_log.generic@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-kafka_log.generic@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-kafka_log.generic@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-lastpass.detailed_shared_folder@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-lastpass.detailed_shared_folder@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-lastpass.detailed_shared_folder@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-lastpass.event_report@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-lastpass.event_report@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-lastpass.event_report@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-lastpass.user@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-lastpass.user@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-lastpass.user@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-m365_defender.event@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-m365_defender.event@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-m365_defender.event@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-m365_defender.incident@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-m365_defender.incident@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-m365_defender.incident@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-m365_defender.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-m365_defender.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-m365_defender.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-microsoft_defender_endpoint.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-microsoft_defender_endpoint.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-microsoft_defender_endpoint.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-microsoft_dhcp.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-microsoft_dhcp.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-microsoft_dhcp.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-microsoft_sqlserver.audit@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-microsoft_sqlserver.audit@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-microsoft_sqlserver.audit@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-microsoft_sqlserver.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-microsoft_sqlserver.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-microsoft_sqlserver.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.audit_events@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.audit_events@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.audit_events@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.dlp_logs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.dlp_logs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.dlp_logs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.siem_logs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.siem_logs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.siem_logs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.threat_intel_malware_customer@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.threat_intel_malware_customer@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.threat_intel_malware_customer@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.threat_intel_malware_grid@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.threat_intel_malware_grid@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.threat_intel_malware_grid@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.ttp_ap_logs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.ttp_ap_logs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.ttp_ap_logs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.ttp_ip_logs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.ttp_ip_logs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.ttp_ip_logs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.ttp_url_logs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.ttp_url_logs@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-mimecast.ttp_url_logs@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-mysql.error@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-mysql.error@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-mysql.error@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-mysql.slowlog@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-mysql.slowlog@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-mysql.slowlog@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-netflow.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-netflow.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-netflow.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-nginx.access@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-nginx.access@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-nginx.access@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-nginx.error@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-nginx.error@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-nginx.error@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-o365.audit@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-o365.audit@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-o365.audit@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-okta.system@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-okta.system@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-okta.system@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-panw.panos@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-panw.panos@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-panw.panos@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-pfsense.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-pfsense.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-pfsense.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-proofpoint_tap.clicks_blocked@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-proofpoint_tap.clicks_blocked@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-proofpoint_tap.clicks_blocked@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-proofpoint_tap.clicks_permitted@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-proofpoint_tap.clicks_permitted@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-proofpoint_tap.clicks_permitted@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-proofpoint_tap.message_blocked@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-proofpoint_tap.message_blocked@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-proofpoint_tap.message_blocked@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-proofpoint_tap.message_delivered@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-proofpoint_tap.message_delivered@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-proofpoint_tap.message_delivered@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-pulse_connect_secure.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-pulse_connect_secure.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-pulse_connect_secure.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-sentinel_one.activity@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-sentinel_one.activity@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-sentinel_one.activity@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-sentinel_one.agent@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-sentinel_one.agent@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-sentinel_one.agent@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-sentinel_one.alert@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-sentinel_one.alert@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-sentinel_one.alert@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-sentinel_one.group@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-sentinel_one.group@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-sentinel_one.group@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-sentinel_one.threat@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-sentinel_one.threat@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-sentinel_one.threat@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-snort.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-snort.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-snort.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-snyk.audit@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-snyk.audit@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-snyk.audit@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-snyk.vulnerabilities@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-snyk.vulnerabilities@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-snyk.vulnerabilities@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-soc@package.json b/salt/elasticsearch/templates/component/elastic-agent/logs-soc@package.json new file mode 100644 index 000000000..a2ad15b79 --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-soc@package.json @@ -0,0 +1,10 @@ +{ + "template": {}, + "_meta": { + "package": { + "name": "log" + }, + "managed_by": "fleet", + "managed": true + } +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-sonicwall_firewall.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-sonicwall_firewall.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-sonicwall_firewall.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-sophos.utm@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-sophos.utm@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-sophos.utm@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-sophos.xg@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-sophos.xg@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-sophos.xg@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-sophos_central.alert@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-sophos_central.alert@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-sophos_central.alert@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-sophos_central.event@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-sophos_central.event@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-sophos_central.event@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-symantec_endpoint.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-symantec_endpoint.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-symantec_endpoint.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-system.application@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-system.application@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-system.application@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-system.auth@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-system.auth@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-system.auth@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-system.security@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-system.security@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-system.security@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-system.system@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-system.system@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-system.system@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_io.asset@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_io.asset@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_io.asset@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_io.plugin@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_io.plugin@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_io.plugin@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_io.scan@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_io.scan@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_io.scan@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_io.vulnerability@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_io.vulnerability@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_io.vulnerability@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_sc.asset@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_sc.asset@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_sc.asset@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_sc.plugin@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_sc.plugin@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_sc.plugin@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_sc.vulnerability@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_sc.vulnerability@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-tenable_sc.vulnerability@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_abusech.malware@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_abusech.malware@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_abusech.malware@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_abusech.malwarebazaar@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_abusech.malwarebazaar@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_abusech.malwarebazaar@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_abusech.threatfox@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_abusech.threatfox@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_abusech.threatfox@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_abusech.url@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_abusech.url@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_abusech.url@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_anomali.threatstream@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_anomali.threatstream@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_anomali.threatstream@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_cybersixgill.threat@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_cybersixgill.threat@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_cybersixgill.threat@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_misp.threat@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_misp.threat@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_misp.threat@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_misp.threat_attributes@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_misp.threat_attributes@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_misp.threat_attributes@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_opencti.indicator@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_opencti.indicator@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_opencti.indicator@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_otx.pulses_subscribed@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_otx.pulses_subscribed@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_otx.pulses_subscribed@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_otx.threat@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_otx.threat@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_otx.threat@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_rapid7_threat_command.alert@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_rapid7_threat_command.alert@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_rapid7_threat_command.alert@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_rapid7_threat_command.ioc@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_rapid7_threat_command.ioc@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_rapid7_threat_command.ioc@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_rapid7_threat_command.vulnerability@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_rapid7_threat_command.vulnerability@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_rapid7_threat_command.vulnerability@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_recordedfuture.latest_ioc-template@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_recordedfuture.latest_ioc-template@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_recordedfuture.latest_ioc-template@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_recordedfuture.threat@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_recordedfuture.threat@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_recordedfuture.threat@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_threatq.threat@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_threatq.threat@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_threatq.threat@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.alert@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.alert@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.alert@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.audit@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.audit@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.audit@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.detection@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.detection@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-trend_micro_vision_one.detection@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-trendmicro.deep_security@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-trendmicro.deep_security@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-trendmicro.deep_security@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-vsphere.log@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-vsphere.log@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-vsphere.log@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-windows.forwarded@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-windows.forwarded@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-windows.forwarded@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-windows.powershell@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-windows.powershell@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-windows.powershell@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-windows.powershell_operational@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-windows.powershell_operational@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-windows.powershell_operational@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-windows.sysmon_operational@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-windows.sysmon_operational@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-windows.sysmon_operational@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-winlog.winlog@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-winlog.winlog@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-winlog.winlog@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zia.alerts@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zia.alerts@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zia.alerts@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zia.dns@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zia.dns@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zia.dns@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zia.firewall@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zia.firewall@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zia.firewall@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zia.tunnel@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zia.tunnel@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zia.tunnel@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zia.web@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zia.web@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zia.web@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zpa.app_connector_status@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zpa.app_connector_status@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zpa.app_connector_status@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zpa.audit@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zpa.audit@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zpa.audit@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zpa.browser_access@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zpa.browser_access@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zpa.browser_access@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zpa.user_activity@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zpa.user_activity@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zpa.user_activity@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zpa.user_status@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zpa.user_status@custom.json deleted file mode 100644 index 17319ab9f..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/logs-zscaler_zpa.user_status@custom.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "template": { - "mappings": { - "properties": { - "host": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "related": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "destination": { - "properties":{ - "ip": { - "type": "ip" - } - } - }, - "source": { - "properties":{ - "ip": { - "type": "ip" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/metrics-fleet_server.agent_status@package.json b/salt/elasticsearch/templates/component/elastic-agent/metrics-fleet_server.agent_status@package.json deleted file mode 100644 index 8fc83f9cb..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/metrics-fleet_server.agent_status@package.json +++ /dev/null @@ -1,201 +0,0 @@ -{ - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "metrics" - }, - "default_pipeline": "metrics-fleet_server.agent_status-1.5.0", - "mapping": { - "total_fields": { - "limit": "1000" - } - } - } - }, - "mappings": { - "dynamic": false, - "_source": { - "mode": "synthetic" - }, - "properties": { - "cluster": { - "properties": { - "id": { - "time_series_dimension": true, - "type": "keyword" - } - } - }, - "fleet": { - "properties": { - "agents": { - "properties": { - "offline": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "total": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "updating": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "inactive": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "healthy": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "unhealthy": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "unenrolled": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "enrolled": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "unhealthy_reason": { - "properties": { - "output": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "input": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "other": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - } - } - }, - "upgrading_step": { - "properties": { - "rollback": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "requested": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "restarting": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "downloading": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "scheduled": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "extracting": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "replacing": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "failed": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "watching": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - } - } - } - } - } - } - }, - "agent": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "@timestamp": { - "ignore_malformed": false, - "type": "date" - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "kibana": { - "properties": { - "uuid": { - "path": "agent.id", - "type": "alias" - }, - "version": { - "path": "agent.version", - "type": "alias" - } - } - } - } - } - }, - "_meta": { - "package": { - "name": "fleet_server" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/metrics-fleet_server.agent_versions@package.json b/salt/elasticsearch/templates/component/elastic-agent/metrics-fleet_server.agent_versions@package.json deleted file mode 100644 index af3323ee9..000000000 --- a/salt/elasticsearch/templates/component/elastic-agent/metrics-fleet_server.agent_versions@package.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "metrics" - }, - "default_pipeline": "metrics-fleet_server.agent_versions-1.5.0", - "mapping": { - "total_fields": { - "limit": "1000" - } - } - } - }, - "mappings": { - "dynamic": false, - "_source": { - "mode": "synthetic" - }, - "properties": { - "cluster": { - "properties": { - "id": { - "time_series_dimension": true, - "type": "keyword" - } - } - }, - "fleet": { - "properties": { - "agent": { - "properties": { - "count": { - "time_series_metric": "gauge", - "meta": {}, - "type": "long" - }, - "version": { - "time_series_dimension": true, - "type": "keyword" - } - } - } - } - }, - "agent": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "@timestamp": { - "ignore_malformed": false, - "type": "date" - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "kibana": { - "properties": { - "uuid": { - "path": "agent.id", - "type": "alias" - }, - "version": { - "path": "agent.version", - "type": "alias" - } - } - } - } - } - }, - "_meta": { - "package": { - "name": "fleet_server" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/elastic-agent/metrics@custom.json b/salt/elasticsearch/templates/component/elastic-agent/metrics@custom.json new file mode 100644 index 000000000..5b459147b --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/metrics@custom.json @@ -0,0 +1,7 @@ +{ + "template": { + "settings": { + "number_of_replicas": 0 + } + } +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/elastic-agent/so-fleet_integrations.ip_mappings-1.json b/salt/elasticsearch/templates/component/elastic-agent/so-fleet_integrations.ip_mappings-1.json new file mode 100644 index 000000000..3777e670c --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/so-fleet_integrations.ip_mappings-1.json @@ -0,0 +1,37 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } + } + \ No newline at end of file diff --git a/salt/kibana/defaults.yaml b/salt/kibana/defaults.yaml index 90b75b8c4..a4be3787f 100644 --- a/salt/kibana/defaults.yaml +++ b/salt/kibana/defaults.yaml @@ -22,7 +22,7 @@ kibana: - default - file migrations: - discardCorruptObjects: "8.10.4" + discardCorruptObjects: "8.17.2" telemetry: enabled: False security: @@ -35,3 +35,5 @@ kibana: hostname: localhost fleet: registryUrl: "" + apm: + enabled: false diff --git a/salt/kibana/tools/sbin_jinja/so-kibana-space-defaults b/salt/kibana/tools/sbin_jinja/so-kibana-space-defaults index 6e4959194..a22aba066 100755 --- a/salt/kibana/tools/sbin_jinja/so-kibana-space-defaults +++ b/salt/kibana/tools/sbin_jinja/so-kibana-space-defaults @@ -13,6 +13,6 @@ echo "Setting up default Space:" {% if HIGHLANDER %} curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["enterpriseSearch"]} ' >> /opt/so/log/kibana/misc.log {% else %} -curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["ml","enterpriseSearch","logs","infrastructure","apm","uptime","monitoring","stackAlerts","actions","securitySolutionCases"]} ' >> /opt/so/log/kibana/misc.log +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["ml","enterpriseSearch","logs","infrastructure","apm","uptime","monitoring","stackAlerts","actions","securitySolutionCasesV2","inventory","dataQuality","actions"]} ' >> /opt/so/log/kibana/misc.log {% endif %} echo diff --git a/salt/logstash/map.jinja b/salt/logstash/map.jinja index da2bc341a..95ec6b85d 100644 --- a/salt/logstash/map.jinja +++ b/salt/logstash/map.jinja @@ -33,9 +33,18 @@ {# Append Kafka input pipeline when Kafka is enabled #} {% if GLOBALS.pipeline == 'KAFKA' %} -{% do LOGSTASH_MERGED.defined_pipelines.search.remove('so/0900_input_redis.conf.jinja') %} -{% do LOGSTASH_MERGED.defined_pipelines.search.append('so/0800_input_kafka.conf.jinja') %} -{% do LOGSTASH_MERGED.defined_pipelines.manager.append('so/0800_input_kafka.conf.jinja') %} +{% if 'so/0900_input_redis.conf.jinja' in LOGSTASH_MERGED.defined_pipelines.search %} +{% do LOGSTASH_MERGED.defined_pipelines.search.remove('so/0900_input_redis.conf.jinja') %} +{% endif %} +{% if 'so/0800_input_kafka.conf.jinja' not in LOGSTASH_MERGED.defined_pipelines.search %} +{% do LOGSTASH_MERGED.defined_pipelines.search.append('so/0800_input_kafka.conf.jinja') %} +{% endif %} +{% if 'so/0800_input_kafka.conf.jinja' not in LOGSTASH_MERGED.defined_pipelines.manager %} +{% do LOGSTASH_MERGED.defined_pipelines.manager.append('so/0800_input_kafka.conf.jinja') %} +{% endif %} +{% if 'so/9999_output_redis.conf.jinja' in LOGSTASH_MERGED.defined_pipelines.manager %} +{% do LOGSTASH_MERGED.defined_pipelines.manager.remove('so/9999_output_redis.conf.jinja') %} +{% endif %} {# Disable logstash on manager & receiver nodes unless it has an override configured #} {% if not KAFKA_LOGSTASH %} {% if GLOBALS.role in ['so-manager', 'so-receiver'] and GLOBALS.hostname not in KAFKA_LOGSTASH %} diff --git a/salt/manager/init.sls b/salt/manager/init.sls index c4b2ad136..8de5d097a 100644 --- a/salt/manager/init.sls +++ b/salt/manager/init.sls @@ -14,6 +14,7 @@ include: - manager.sync_es_users - manager.elasticsearch - manager.kibana + - manager.managed_soc_annotations repo_log_dir: file.directory: diff --git a/salt/manager/managed_soc_annotations.sls b/salt/manager/managed_soc_annotations.sls new file mode 100644 index 000000000..17621f973 --- /dev/null +++ b/salt/manager/managed_soc_annotations.sls @@ -0,0 +1,59 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{# Managed elasticsearch/soc_elasticsearch.yaml file for adding integration configuration items to UI #} +{% set managed_integrations = salt['pillar.get']('elasticsearch:managed_integrations', []) %} +{% if managed_integrations %} +{% from 'elasticfleet/integration-defaults.map.jinja' import ADDON_INTEGRATION_DEFAULTS %} +{% set addon_integration_keys = ADDON_INTEGRATION_DEFAULTS.keys() %} +{% set matched_integration_names = [] %} +{% for k in addon_integration_keys %} +{% for i in managed_integrations %} +{% if i in k %} +{% do matched_integration_names.append(k) %} +{% endif %} +{% endfor %} +{% endfor %} +{% set es_soc_annotations = '/opt/so/saltstack/default/salt/elasticsearch/soc_elasticsearch.yaml' %} +{{ es_soc_annotations }}: + file.serialize: + - dataset: + {% set data = salt['file.read'](es_soc_annotations) | load_yaml %} + {% set es = data.get('elasticsearch', {}) %} + {% set index_settings = es.get('index_settings', {}) %} + {% set input = index_settings.get('so-logs', {}) %} + {% for k in matched_integration_names %} + {% if k not in index_settings %} + {% set _ = index_settings.update({k: input}) %} + {% endif %} + {% endfor %} + {% for k in addon_integration_keys %} + {% if k not in matched_integration_names and k in index_settings %} + {% set _ = index_settings.pop(k) %} + {% endif %} + {% endfor %} + {{ data }} + +{# Managed elasticsearch/defaults.yaml file for enabling 'Revert to default' via SOC UI for newly added config items #} +{% set es_defaults = '/opt/so/saltstack/default/salt/elasticsearch/defaults.yaml' %} +{{ es_defaults }}: + file.serialize: + - dataset: + {% set data = salt['file.read'](es_defaults) | load_yaml %} + {% set es = data.get('elasticsearch', {}) %} + {% set index_settings = es.get('index_settings', {}) %} + {% for k in matched_integration_names %} + {% if k not in index_settings %} + {% set input = ADDON_INTEGRATION_DEFAULTS[k] %} + {% set _ = index_settings.update({k: input})%} + {% endif %} + {% endfor %} + {% for k in addon_integration_keys %} + {% if k not in matched_integration_names and k in index_settings %} + {% set _ = index_settings.pop(k) %} + {% endif %} + {% endfor %} + {{ data }} +{% endif %} \ No newline at end of file diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 259ef9abd..a6c9b7693 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -406,6 +406,7 @@ preupgrade_changes() { [[ "$INSTALLEDVERSION" == 2.4.100 ]] && up_to_2.4.110 [[ "$INSTALLEDVERSION" == 2.4.110 ]] && up_to_2.4.111 [[ "$INSTALLEDVERSION" == 2.4.111 ]] && up_to_2.4.120 + [[ "$INSTALLEDVERSION" == 2.4.120 ]] && up_to_2.4.130 true } @@ -429,6 +430,7 @@ postupgrade_changes() { [[ "$POSTVERSION" == 2.4.100 ]] && post_to_2.4.110 [[ "$POSTVERSION" == 2.4.110 ]] && post_to_2.4.111 [[ "$POSTVERSION" == 2.4.111 ]] && post_to_2.4.120 + [[ "$POSTVERSION" == 2.4.120 ]] && post_to_2.4.130 true } @@ -531,10 +533,24 @@ post_to_2.4.120() { # Manually rollover suricata alerts index to ensure data_stream.dataset expected mapping is set to 'suricata' rollover_index "logs-suricata.alerts-so" + POSTVERSION=2.4.120 +} + +post_to_2.4.130() { + # Optional integrations are loaded AFTER initial successful load of core ES templates (/opt/so/state/estemplates.txt) + # Dynamic templates are created in elasticsearch.enabled for every optional integration based on output of so-elastic-fleet-optional-integrations-load script + echo "Ensuring Elasticsearch templates are up to date after updating package registry" + salt-call state.apply elasticsearch queue=True + + # Update kibana default space + salt-call state.apply kibana.config queue=True + echo "Updating Kibana default space" + /usr/sbin/so-kibana-space-defaults + echo "Regenerating Elastic Agent Installers" /sbin/so-elastic-agent-gen-installers - POSTVERSION=2.4.120 + POSTVERSION=2.4.130 } repo_sync() { @@ -716,8 +732,8 @@ up_to_2.4.90() { } up_to_2.4.100() { - # Elastic Update for this release, so download Elastic Agent files - determine_elastic_agent_upgrade + echo "Nothing to do for 2.4.100" + INSTALLEDVERSION=2.4.100 } @@ -740,12 +756,23 @@ up_to_2.4.120() { mkdir -p /opt/so/saltstack/local/pillar/versionlock touch /opt/so/saltstack/local/pillar/versionlock/adv_versionlock.sls /opt/so/saltstack/local/pillar/versionlock/soc_versionlock.sls - # New Grid Integration added this release - rm -f /opt/so/state/eaintegrations.txt INSTALLEDVERSION=2.4.120 } +up_to_2.4.130() { + # Remove any old Elastic Defend config files + rm -f /opt/so/conf/elastic-fleet/integrations/endpoints-initial/elastic-defend-endpoints.json + + # Elastic Update for this release, so download Elastic Agent files + determine_elastic_agent_upgrade + + # Ensure override exists to allow nmcli access to other devices + touch /etc/NetworkManager/conf.d/10-globally-managed-devices.conf + + INSTALLEDVERSION=2.4.130 +} + add_hydra_pillars() { mkdir -p /opt/so/saltstack/local/pillar/hydra touch /opt/so/saltstack/local/pillar/hydra/soc_hydra.sls diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 3168a5986..069e55cdb 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -103,7 +103,7 @@ http { ssl_ciphers TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_CCM:TLS_RSA_WITH_ARIA_256_GCM_SHA384:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_128_CCM:TLS_RSA_WITH_ARIA_128_GCM_SHA256; ssl_ecdh_curve secp521r1:secp384r1; ssl_prefer_server_ciphers on; - ssl_protocols TLSv1.2; + ssl_protocols TLSv1.2 TLSv1.3; } {%- endif %} @@ -143,8 +143,9 @@ http { ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_CCM:TLS_RSA_WITH_ARIA_256_GCM_SHA384:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_128_CCM:TLS_RSA_WITH_ARIA_128_GCM_SHA256; + ssl_ecdh_curve secp521r1:secp384r1; ssl_prefer_server_ciphers on; - ssl_protocols TLSv1.2; + ssl_protocols TLSv1.2 TLSv1.3; location / { allow all; sendfile on; @@ -176,8 +177,9 @@ http { ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_CCM:TLS_RSA_WITH_ARIA_256_GCM_SHA384:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_128_CCM:TLS_RSA_WITH_ARIA_128_GCM_SHA256; + ssl_ecdh_curve secp521r1:secp384r1; ssl_prefer_server_ciphers on; - ssl_protocols TLSv1.2; + ssl_protocols TLSv1.2 TLSv1.3; location ~* (^/login/.*|^/js/.*|^/css/.*|^/images/.*) { proxy_pass http://{{ GLOBALS.manager }}:9822; diff --git a/setup/so-functions b/setup/so-functions index 339624277..fd1973a0d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -167,17 +167,14 @@ check_manager_connection() { } check_network_manager_conf() { - local gmdconf="/usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf" - local nmconf="/etc/NetworkManager/NetworkManager.conf" + local gmdconf="/etc/NetworkManager/conf.d/10-globally-managed-devices.conf" local preupdir="/etc/NetworkManager/dispatcher.d/pre-up.d" - if test -f "$gmdconf" && ! test -f "${gmdconf}.bak"; then - { - mv "$gmdconf" "${gmdconf}.bak" - touch "$gmdconf" - systemctl restart NetworkManager - } >> "$setup_log" 2>&1 - fi + { + [[ -f $gmdconf ]] && mv "$gmdconf" "${gmdconf}.bak" + touch "$gmdconf" + systemctl restart NetworkManager + } >> "$setup_log" 2>&1 if [[ ! -d "$preupdir" ]]; then mkdir "$preupdir" >> "$setup_log" 2>&1 diff --git a/sigs/securityonion-2.4.120-20250212.iso.sig b/sigs/securityonion-2.4.120-20250212.iso.sig new file mode 100644 index 000000000..54975b60f Binary files /dev/null and b/sigs/securityonion-2.4.120-20250212.iso.sig differ