CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12221 from Security-Onion-Solutions/feature/additional_integrations_4

Browse Source 
Additional integrations #4 - Part 1
This commit is contained in:
weslambert
2024-01-19 17:32:37 -05:00
committed by GitHub
parent c2b44985c7 7118cc8dee
commit de6151fbe2
3 changed files with 454 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/elasticfleet/defaults.yaml
View File

@@ -45,6 +45,8 @@ elasticfleet:
- cisco_ise - cisco_ise
- cisco_meraki - cisco_meraki
- cisco_umbrella - cisco_umbrella
- citrix_adc
- citrix_waf
- cloudflare - cloudflare
- crowdstrike - crowdstrike
- darktrace - darktrace
@@ -75,6 +77,7 @@ elasticfleet:
- mimecast - mimecast
- mysql - mysql
- netflow - netflow
- nginx
- o365 - o365
- okta - okta
- osquery_manager - osquery_manager
@@ -103,6 +106,7 @@ elasticfleet:
- udp - udp
- vsphere - vsphere
- windows - windows
- winlog
- zscaler_zia - zscaler_zia
- zscaler_zpa - zscaler_zpa
- 1password - 1password

440
salt/elasticsearch/defaults.yaml
View File

@@ -2537,6 +2537,270 @@ elasticsearch:
set_priority: set_priority:
priority: 50 priority: 50
min_age: 30d min_age: 30d
so-logs-citrix_adc_x_interface:
index_sorting: False
index_template:
index_patterns:
- "logs-citrix_adc.interface-*"
template:
settings:
index:
lifecycle:
name: so-logs-citrix_adc.interface-logs
number_of_replicas: 0
composed_of:
- "logs-citrix_adc.interface@package"
- "logs-citrix_adc.interface@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-citrix_adc_x_lbvserver:
index_sorting: False
index_template:
index_patterns:
- "logs-citrix_adc.lbvserver-*"
template:
settings:
index:
lifecycle:
name: so-logs-citrix_adc.lbvserver-logs
number_of_replicas: 0
composed_of:
- "logs-citrix_adc.lbvserver@package"
- "logs-citrix_adc.lbvserver@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-citrix_adc_x_service:
index_sorting: False
index_template:
index_patterns:
- "logs-citrix_adc.service-*"
template:
settings:
index:
lifecycle:
name: so-logs-citrix_adc.service-logs
number_of_replicas: 0
composed_of:
- "logs-citrix_adc.service@package"
- "logs-citrix_adc.service@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-citrix_adc_x_system:
index_sorting: False
index_template:
index_patterns:
- "logs-citrix_adc.system-*"
template:
settings:
index:
lifecycle:
name: so-logs-citrix_adc.system-logs
number_of_replicas: 0
composed_of:
- "logs-citrix_adc.system@package"
- "logs-citrix_adc.system@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-citrix_adc_x_vpn:
index_sorting: False
index_template:
index_patterns:
- "logs-citrix_adc.vpn-*"
template:
settings:
index:
lifecycle:
name: so-logs-citrix_adc.vpn-logs
number_of_replicas: 0
composed_of:
- "logs-citrix_adc.vpn@package"
- "logs-citrix_adc.vpn@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-citrix_waf_x_log:
index_sorting: False
index_template:
index_patterns:
- "logs-citrix_waf.log-*"
template:
settings:
index:
lifecycle:
name: so-logs-citrix_waf.log-logs
number_of_replicas: 0
composed_of:
- "logs-citrix_waf.log@package"
- "logs-citrix_waf.log@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-cloudflare_x_audit: so-logs-cloudflare_x_audit:
index_sorting: false index_sorting: false
index_template: index_template:
@@ -6659,6 +6923,138 @@ elasticsearch:
set_priority: set_priority:
priority: 50 priority: 50
min_age: 30d min_age: 30d
so-logs-nginx_x_access:
index_sorting: False
index_template:
index_patterns:
- "logs-nginx.access-*"
template:
settings:
index:
lifecycle:
name: so-logs-nginx.access-logs
number_of_replicas: 0
composed_of:
- "logs-nginx.access@package"
- "logs-nginx.access@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-nginx_x_error:
index_sorting: False
index_template:
index_patterns:
- "logs-nginx.error-*"
template:
settings:
index:
lifecycle:
name: so-logs-nginx.error-logs
number_of_replicas: 0
composed_of:
- "logs-nginx.error@package"
- "logs-nginx.error@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-metrics-nginx_x_stubstatus:
index_sorting: False
index_template:
index_patterns:
- "metrics-nginx.stubstatus-*"
template:
settings:
index:
lifecycle:
name: so-metrics-nginx.stubstatus-logs
number_of_replicas: 0
composed_of:
- "metrics-nginx.stubstatus@package"
- "metrics-nginx.stubstatus@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-o365_x_audit: so-logs-o365_x_audit:
index_sorting: false index_sorting: false
index_template: index_template:
@@ -8854,6 +9250,50 @@ elasticsearch:
set_priority: set_priority:
priority: 50 priority: 50
min_age: 30d min_age: 30d
so-logs-winlog_x_winlog:
index_sorting: False
index_template:
index_patterns:
- "logs-winlog.winlog-*"
template:
settings:
index:
lifecycle:
name: so-logs-winlog.winlog-logs
number_of_replicas: 0
composed_of:
- "logs-winlog.winlog@package"
- "logs-winlog.winlog@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-zscaler_zia_x_alerts: so-logs-zscaler_zia_x_alerts:
index_sorting: false index_sorting: false
index_template: index_template:

10
salt/elasticsearch/soc_elasticsearch.yaml
View File

@@ -318,6 +318,7 @@ elasticsearch:
so-logs-windows_x_powershell: *indexSettings so-logs-windows_x_powershell: *indexSettings
so-logs-windows_x_powershell_operational: *indexSettings so-logs-windows_x_powershell_operational: *indexSettings
so-logs-windows_x_sysmon_operational: *indexSettings so-logs-windows_x_sysmon_operational: *indexSettings
so-logs-winlog_x_winlog: *indexSettings
so-logs-apache_x_access: *indexSettings so-logs-apache_x_access: *indexSettings
so-logs-apache_x_error: *indexSettings so-logs-apache_x_error: *indexSettings
so-logs-auditd_x_log: *indexSettings so-logs-auditd_x_log: *indexSettings
@@ -346,6 +347,12 @@ elasticsearch:
so-logs-cisco_ftd_x_log: *indexSettings so-logs-cisco_ftd_x_log: *indexSettings
so-logs-cisco_ios_x_log: *indexSettings so-logs-cisco_ios_x_log: *indexSettings
so-logs-cisco_ise_x_log: *indexSettings so-logs-cisco_ise_x_log: *indexSettings
so-logs-citrix_adc_x_interface: *indexSettings
so-logs-citrix_adc_x_lbvserver: *indexSettings
so-logs-citrix_adc_x_service: *indexSettings
so-logs-citrix_adc_x_system: *indexSettings
so-logs-citrix_adc_x_vpn: *indexSettings
so-logs-citrix_waf_x_log: *indexSettings
so-logs-cloudflare_x_audit: *indexSettings so-logs-cloudflare_x_audit: *indexSettings
so-logs-cloudflare_x_logpull: *indexSettings so-logs-cloudflare_x_logpull: *indexSettings
so-logs-crowdstrike_x_falcon: *indexSettings so-logs-crowdstrike_x_falcon: *indexSettings
@@ -406,6 +413,8 @@ elasticsearch:
so-logs-mysql_x_error: *indexSettings so-logs-mysql_x_error: *indexSettings
so-logs-mysql_x_slowlog: *indexSettings so-logs-mysql_x_slowlog: *indexSettings
so-logs-netflow_x_log: *indexSettings so-logs-netflow_x_log: *indexSettings
so-logs-nginx_x_access: *indexSettings
so-logs-nginx_x_error: *indexSettings
so-logs-o365_x_audit: *indexSettings so-logs-o365_x_audit: *indexSettings
so-logs-okta_x_system: *indexSettings so-logs-okta_x_system: *indexSettings
so-logs-panw_x_panos: *indexSettings so-logs-panw_x_panos: *indexSettings
@@ -471,6 +480,7 @@ elasticsearch:
so-metrics-endpoint_x_metadata: *indexSettings so-metrics-endpoint_x_metadata: *indexSettings
so-metrics-endpoint_x_metrics: *indexSettings so-metrics-endpoint_x_metrics: *indexSettings
so-metrics-endpoint_x_policy: *indexSettings so-metrics-endpoint_x_policy: *indexSettings
so-metrics-nginx_x_stubstatus: *indexSettings
so-case: *indexSettings so-case: *indexSettings
so-common: *indexSettings so-common: *indexSettings
so-endgame: *indexSettings so-endgame: *indexSettings