CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

modify default templates

Browse Source
This commit is contained in:
Wes Lambert
2020-03-14 12:02:52 +00:00
parent 9fb3a47358
commit d48c2723ba
1 changed files with 355 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

355
salt/logstash/pipelines/templates/so/so-common-template.json Normal file
View File

@@ -0,0 +1,355 @@
{
"index_patterns": ["so-ids-*", "so-firewall-*", "so-syslog-*", "so-zeek-*", "so-import-*", "so-ossec-*", "so-strelka", "so-beats-*"],
"version":50001,
"order" : 10,
"settings":{
"number_of_replicas":0,
"number_of_shards":1,
"index.refresh_interval":"30s"
},
"mappings":{
"doc":{
"dynamic": false,
"date_detection": false,
"properties":{
"@timestamp":{
"type":"date"
},
"@version":{
"type":"keyword"
},
"geoip":{
"dynamic":true,
"properties":{
"ip":{
"type":"ip"
},
"location":{
"type":"geo_point"
},
"latitude":{
"type":"half_float"
},
"longitude":{
"type":"half_float"
}
}
},
"destination_geo":{
"dynamic":true,
"properties":{
"ip":{
"type":"ip"
},
"location":{
"type":"geo_point"
},
"latitude":{
"type":"half_float"
},
"longitude":{
"type":"half_float"
}
}
},
"source_geo":{
"dynamic":true,
"properties":{
"ip":{
"type":"ip"
},
"location":{
"type":"geo_point"
},
"latitude":{
"type":"half_float"
},
"longitude":{
"type":"half_float"
}
}
},
"agent":{
"type":"object",
"dynamic": true
},
"as":{
"type":"object",
"dynamic": true
},
"alert":{
"type":"object",
"dynamic": true
},
"client":{
"type":"object",
"dynamic": true
},
"cloud":{
"type":"object",
"dynamic": true
},
"code_signature":{
"type":"object",
"dynamic": true
},
"connection":{
"type":"object",
"dynamic": true
},
"container":{
"type":"object",
"dynamic": true
},
"data":{
"type":"object",
"dynamic": true
},
"dce_rpc":{
"type":"object",
"dynamic": true
},
"destination":{
"type":"object",
"dynamic": true
},
"dhcp":{
"type":"object",
"dynamic": true
},
"dnp3":{
"type":"object",
"dynamic": true
},
"dns":{
"type":"object",
"dynamic": true
},
"dll":{
"type":"object",
"dynamic": true
},
"ecs":{
"type":"object",
"dynamic": true
},
"error":{
"type":"object",
"dynamic": true
},
"event":{
"type":"object",
"dynamic": true
},
"file":{
"type":"object",
"dynamic": true
},
"flow":{
"type":"object",
"dynamic": true
},
"ftp":{
"type":"object",
"dynamic": true
},
"geo":{
"type":"object",
"dynamic": true
},
"group":{
"type":"object",
"dynamic": true
},
"hash":{
"type":"object",
"dynamic": true
},
"host":{
"type":"object",
"dynamic": true
},
"http":{
"type":"object",
"dynamic": true
},
"ingest":{
"type":"object",
"dynamic": true
},
"interface":{
"type":"object",
"dynamic": true
},
"kerberos":{
"type":"object",
"dynamic": true
},
"log":{
"type":"object",
"dynamic": true
},
"manager":{
"type":"object",
"dynamic": true
},
"modbus":{
"type":"object",
"dynamic": true
},
"network":{
"type":"object",
"dynamic": true
},
"ntlm":{
"type":"object",
"dynamic": true
},
"observer":{
"type":"object",
"dynamic": true
},
"organization":{
"type":"object",
"dynamic": true
},
"os":{
"type":"object",
"dynamic": true
},
"package":{
"type":"object",
"dynamic": true
},
"pe":{
"type":"object",
"dynamic": true
},
"process":{
"type":"object",
"dynamic": true
},
"radius":{
"type":"object",
"dynamic": true
},
"rdp":{
"type":"object",
"dynamic": true
},
"registry":{
"type":"object",
"dynamic": true
},
"related":{
"type":"object",
"dynamic": true
},
"rfb":{
"type":"object",
"dynamic": true
},
"rule":{
"type":"object",
"dynamic": true
},
"server":{
"type":"object",
"dynamic": true
},
"service":{
"type":"object",
"dynamic": true
},
"sip":{
"type":"object",
"dynamic": true
},
"smb":{
"type":"object",
"dynamic": true
},
"smtp":{
"type":"object",
"dynamic": true
},
"snmp":{
"type":"object",
"dynamic": true
},
"socks":{
"type":"object",
"dynamic": true
},
"software":{
"type":"object",
"dynamic": true
},
"source":{
"type":"object",
"dynamic": true
},
"ssh":{
"type":"object",
"dynamic": true
},
"ssl":{
"type":"object",
"dynamic": true
},
"tags":{
"type":"text",
"fields":{
"keyword":{
"type":"keyword"
}
}
},
"threat":{
"type":"object",
"dynamic": true
},
"tls":{
"type":"object",
"dynamic": true
},
"trace":{
"type":"object",
"dynamic": true
},
"tunnel":{
"type":"object",
"dynamic": true
},
"user":{
"type":"object",
"dynamic": true
},
"user_agent":{
"type":"object",
"dynamic": true
},
"version":{
"type":"object",
"dynamic": true
},
"vlan":{
"type":"object",
"dynamic": true
},
"vulnerability":{
"type":"object",
"dynamic": true
},
"weird":{
"type":"object",
"dynamic": true
},
"x509":{
"type":"object",
"dynamic": true
}
}
}
}
}