Merge pull request #11153 from Security-Onion-Solutions/fix/elastic_fleet_integrations

Add more Elastic Fleet integrations
2025-12-07 09:42:46 +01:00 · 2023-08-23 16:22:14 -04:00
parent 4a582804b0 d2d0d53eef
commit d4bffba736
3 changed files with 1266 additions and 0 deletions
--- a/salt/elasticfleet/defaults.yaml
+++ b/salt/elasticfleet/defaults.yaml
@@ -26,20 +26,51 @@ elasticfleet:
        - stderr
        - stdout
  packages:
+    - auditd
    - aws
    - azure
+    - barracuda
+    - cisco_asa
    - cloudflare
+    - crowdstrike
+    - darktrace
    - elasticsearch
    - endpoint
+    - f5_bigip
    - fleet_server
    - fim
+    - fortinet
+    - gcp
    - github
    - google_workspace
+    - http_endpoint
+    - httpjson
+    - juniper
+    - juniper_srx
+    - kafka_log
+    - lastpass
    - log
+    - m365_defender
+    - microsoft_defender_endpoint
+    - microsoft_dhcp
+    - netflow
+    - o365
+    - okta
    - osquery_manager
+    - panw
+    - pfsense
    - redis
+    - sentinel_one
+    - sonicwall_firewall
+    - symantec_endpoint
    - system
    - tcp
+    - ti_abusech
+    - ti_misp
+    - ti_otx
+    - ti_recordedfuture
    - udp
    - windows
+    - zscaler_zia
+    - zscaler_zpa
    - 1password
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
--- a/salt/elasticsearch/soc_elasticsearch.yaml
+++ b/salt/elasticsearch/soc_elasticsearch.yaml
@@ -201,6 +201,7 @@ elasticsearch:
    so-logs-windows_x_powershell: *indexSettings
    so-logs-windows_x_powershell_operational: *indexSettings
    so-logs-windows_x_sysmon_operational: *indexSettings
+    so-logs-auditd_x_log: *indexSettings
    so-logs-aws_x_cloudtrail: *indexSettings
    so-logs-aws_x_cloudwatch_logs: *indexSettings
    so-logs-aws_x_ec2_logs: *indexSettings
@@ -221,9 +222,27 @@ elasticsearch:
    so-logs-azure_x_provisioning: *indexSettings
    so-logs-azure_x_signinlogs: *indexSettings
    so-logs-azure_x_springcloudlogs: *indexSettings
+    so-logs-barracuda_x_waf: *indexSettings
+    so-logs-cisco_asa_x_log: *indexSettings
    so-logs-cloudflare_x_audit: *indexSettings
    so-logs-cloudflare_x_logpull: *indexSettings
+    so-logs-crowdstrike_x_falcon: *indexSettings
+    so-logs-crowdstrike_x_fdr: *indexSettings
+    so-logs-darktrace_x_ai_analyst_alert: *indexSettings
+    so-logs-darktrace_x_model_breach_alert: *indexSettings
+    so-logs-darktrace_x_system_status_alert: *indexSettings
+    so-logs-f5_bigip_x_log: *indexSettings
    so-logs-fim_x_event: *indexSettings
+    so-logs-fortinet_x_clientendpoint: *indexSettings
+    so-logs-fortinet_x_firewall: *indexSettings
+    so-logs-fortinet_x_fortimail: *indexSettings
+    so-logs-fortinet_x_fortimanager: *indexSettings
+    so-logs-fortinet_x_fortigate: *indexSettings
+    so-logs-gcp_x_audit: *indexSettings
+    so-logs-gcp_x_dns: *indexSettings
+    so-logs-gcp_x_firewall: *indexSettings
+    so-logs-gcp_x_loadbalancing_logs: *indexSettings
+    so-logs-gcp_x_vpcflow: *indexSettings
    so-logs-github_x_audit: *indexSettings
    so-logs-github_x_code_scanning: *indexSettings
    so-logs-github_x_dependabot: *indexSettings
@@ -243,6 +262,52 @@ elasticsearch:
    so-logs-google_workspace_x_saml: *indexSettings
    so-logs-google_workspace_x_token: *indexSettings
    so-logs-google_workspace_x_user_accounts: *indexSettings
+    so-logs-http_endpoint_x_generic: *indexSettings
+    so-logs-httpjson_x_generic: *indexSettings
+    so-logs-juniper_x_junos: *indexSettings
+    so-logs-juniper_x_netscreen: *indexSettings
+    so-logs-juniper_x_srx: *indexSettings
+    so-logs-juniper_srx_x_log: *indexSettings
+    so-logs-kafka_log_x_generic: *indexSettings
+    so-logs-lastpass_x_detailed_shared_folder: *indexSettings
+    so-logs-lastpass_x_event_report: *indexSettings
+    so-logs-lastpass_x_user: *indexSettings
+    so-logs-m365_defender_x_event: *indexSettings
+    so-logs-m365_defender_x_incident: *indexSettings
+    so-logs-m365_defender_x_log: *indexSettings
+    so-logs-microsoft_defender_endpoint_x_log: *indexSettings
+    so-logs-microsoft_dhcp_x_log: *indexSettings
+    so-logs-netflow_x_log: *indexSettings
+    so-logs-o365_x_audit: *indexSettings
+    so-logs-okta_x_system: *indexSettings
+    so-logs-panw_x_panos: *indexSettings
+    so-logs-pfsense_x_log: *indexSettings
+    so-logs-sentinel_one_x_activity: *indexSettings
+    so-logs-sentinel_one_x_agent: *indexSettings
+    so-logs-sentinel_one_x_alert: *indexSettings
+    so-logs-sentinel_one_x_group: *indexSettings
+    so-logs-sentinel_one_x_threat: *indexSettings
+    so-logs-sonicwall_firewall_x_log: *indexSettings
+    so-logs-symantec_endpoint_x_log: *indexSettings
+    so-logs-ti_abusech_x_malware: *indexSettings
+    so-logs-ti_abusech_x_malwarebazaar: *indexSettings
+    so-logs-ti_abusech_x_threatfox: *indexSettings
+    so-logs-ti_abusech_x_url: *indexSettings
+    so-logs-ti_misp_x_threat: *indexSettings
+    so-logs-ti_misp_x_threat_attributes: *indexSettings
+    so-logs-ti_otx_x_threat: *indexSettings
+    so-logs-ti_recordedfuture_x_latest_ioc-template: *indexSettings
+    so-logs-ti_recordedfuture_x_threat: *indexSettings
+    so-logs-zscaler_zia_x_alerts: *indexSettings
+    so-logs-zscaler_zia_x_dns: *indexSettings
+    so-logs-zscaler_zia_x_firewall: *indexSettings
+    so-logs-zscaler_zia_x_tunnel: *indexSettings
+    so-logs-zscaler_zia_x_web: *indexSettings
+    so-logs-zscaler_zpa_x_app_connector_status: *indexSettings
+    so-logs-zscaler_zpa_x_audit: *indexSettings
+    so-logs-zscaler_zpa_x_browser_access: *indexSettings
+    so-logs-zscaler_zpa_x_user_activity: *indexSettings
+    so-logs-zscaler_zpa_x_user_status: *indexSettings
    so-logs-1password_x_item_usages: *indexSettings
    so-logs-1password_x_signin_attempts: *indexSettings
    so-logs-osquery-manager-actions: *indexSettings