CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8816 from Security-Onion-Solutions/funstuff

Browse Source
This commit is contained in:
Mike Reeves
2022-09-26 18:15:14 -04:00
committed by GitHub
parent ea8d9362ae 2066efcabf
commit e032a9f449
3 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/filebeat/defaults.yaml
View File

@@ -1,6 +1,5 @@
filebeat: filebeat:
config: config:
zeek_logs_enabled: zeek_logs_enabled:
- conn - conn
- dce_rpc - dce_rpc

6
salt/filebeat/etc/filebeat.yml
View File

@@ -131,7 +131,11 @@ filebeat.inputs:
{%- if grains['role'] in ['so-eval', 'so-standalone', 'so-sensor', 'so-helix', 'so-heavynode', 'so-import'] %} {%- if grains['role'] in ['so-eval', 'so-standalone', 'so-sensor', 'so-helix', 'so-heavynode', 'so-import'] %}
{%- if ZEEKVER != 'SURICATA' %} {%- if ZEEKVER != 'SURICATA' %}
{%- for LOGNAME in salt['pillar.get']('zeeklogs:enabled', '') %} {% import_yaml 'filebeat/defaults.yaml' as FBD with context %}
{% set FBCONFIG = salt['pillar.get']('filebeat:zeek_logs_enabled', default=FBD.filebeat, merge=True) %}
{%- for LOGNAME in FBCONFIG.zeek_logs_enabled %}
- type: filestream - type: filestream
id: zeek-{{ LOGNAME }} id: zeek-{{ LOGNAME }}
paths: paths:

2
salt/idstools/sync_files.sls
View File

@@ -30,7 +30,7 @@ rulesdir:
synclocalnidsrules: synclocalnidsrules:
file.recurse: file.recurse:
- name: /opt/so/rules/nids/ - name: /opt/so/rules/nids/
- source: salt://idstools/ - source: salt://idstools/rules/
- user: 939 - user: 939
- group: 939 - group: 939
- show_changes: False - show_changes: False