diff --git a/salt/elasticfleet/defaults.yaml b/salt/elasticfleet/defaults.yaml index a4862623d..a17957e7c 100644 --- a/salt/elasticfleet/defaults.yaml +++ b/salt/elasticfleet/defaults.yaml @@ -30,18 +30,24 @@ elasticfleet: packages: - apache - auditd + - auth0 - aws - azure - barracuda + - carbonblack_edr - cisco_asa + - cisco_duo + - cisco_meraki + - cisco_umbrella - cloudflare - crowdstrike - darktrace - elasticsearch - endpoint - f5_bigip - - fleet_server - fim + - fireeye + - fleet_server - fortinet - fortinet_fortigate - gcp @@ -57,18 +63,24 @@ elasticfleet: - m365_defender - microsoft_defender_endpoint - microsoft_dhcp + - mimecast - netflow - o365 - okta - osquery_manager - panw - pfsense + - pulse_connect_secure - redis - sentinel_one + - snyk - sonicwall_firewall + - sophos + - sophos_central - symantec_endpoint - system - tcp + - tenable_sc - ti_abusech - ti_misp - ti_otx diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 91e5191f6..1296ef549 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -4398,3 +4398,525 @@ elasticsearch: min_age: 365d actions: delete: {} + so-logs-auth0_x_logs: + index_sorting: False + index_template: + index_patterns: + - "logs-auth0.logs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-auth0.logs@package" + - "logs-auth0.logs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-carbonblack_edr_x_log: + index_sorting: False + index_template: + index_patterns: + - "logs-carbonblack_edr.log-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-carbonblack_edr.log@package" + - "logs-carbonblack_edr.log@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-cisco_duo_x_admin: + index_sorting: False + index_template: + index_patterns: + - "logs-cisco_duo.admin-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-cisco_duo.admin@package" + - "logs-cisco_duo.admin@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-cisco_duo_x_auth: + index_sorting: False + index_template: + index_patterns: + - "logs-cisco_duo.auth-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-cisco_duo.auth@package" + - "logs-cisco_duo.auth@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-cisco_duo_x_offline_enrollment: + index_sorting: False + index_template: + index_patterns: + - "logs-cisco_duo.offline_enrollment-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-cisco_duo.offline_enrollment@package" + - "logs-cisco_duo.offline_enrollment@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-cisco_duo_x_summary: + index_sorting: False + index_template: + index_patterns: + - "logs-cisco_duo.summary-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-cisco_duo.summary@package" + - "logs-cisco_duo.summary@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-cisco_duo_x_telephony: + index_sorting: False + index_template: + index_patterns: + - "logs-cisco_duo.telephony-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-cisco_duo.telephony@package" + - "logs-cisco_duo.telephony@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-cisco_meraki_x_events: + index_sorting: False + index_template: + index_patterns: + - "logs-cisco_meraki.events-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-cisco_meraki.events@package" + - "logs-cisco_meraki.events@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-cisco_meraki_x_log: + index_sorting: False + index_template: + index_patterns: + - "logs-cisco_meraki.log-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-cisco_meraki.log@package" + - "logs-cisco_meraki.log@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-cisco_umbrella_x_log: + index_sorting: False + index_template: + index_patterns: + - "logs-cisco_umbrella.log-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-cisco_umbrella.log@package" + - "logs-cisco_umbrella.log@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-fireeye_x_nx: + index_sorting: False + index_template: + index_patterns: + - "logs-fireeye.nx-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-fireeye.nx@package" + - "logs-fireeye.nx@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-mimecast_x_audit_events: + index_sorting: False + index_template: + index_patterns: + - "logs-mimecast.audit_events-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-mimecast.audit_events@package" + - "logs-mimecast.audit_events@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-mimecast_x_dlp_logs: + index_sorting: False + index_template: + index_patterns: + - "logs-mimecast.dlp_logs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-mimecast.dlp_logs@package" + - "logs-mimecast.dlp_logs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-mimecast_x_siem_logs: + index_sorting: False + index_template: + index_patterns: + - "logs-mimecast.siem_logs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-mimecast.siem_logs@package" + - "logs-mimecast.siem_logs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-mimecast_x_threat_intel_malware_customer: + index_sorting: False + index_template: + index_patterns: + - "logs-mimecast.threat_intel_malware_customer-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-mimecast.threat_intel_malware_customer@package" + - "logs-mimecast.threat_intel_malware_customer@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-mimecast_x_threat_intel_malware_grid: + index_sorting: False + index_template: + index_patterns: + - "logs-mimecast.threat_intel_malware_grid-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-mimecast.threat_intel_malware_grid@package" + - "logs-mimecast.threat_intel_malware_grid@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-mimecast_x_ttp_ap_logs: + index_sorting: False + index_template: + index_patterns: + - "logs-mimecast.ttp_ap_logs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-mimecast.ttp_ap_logs@package" + - "logs-mimecast.ttp_ap_logs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-mimecast_x_ttp_ip_logs: + index_sorting: False + index_template: + index_patterns: + - "logs-mimecast.ttp_ip_logs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-mimecast.ttp_ip_logs@package" + - "logs-mimecast.ttp_ip_logs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-mimecast_x_ttp_url_logs: + index_sorting: False + index_template: + index_patterns: + - "logs-mimecast.ttp_url_logs-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-mimecast.ttp_url_logs@package" + - "logs-mimecast.ttp_url_logs@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-pulse_connect_secure_x_log: + index_sorting: False + index_template: + index_patterns: + - "logs-pulse_connect_secure.log-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-pulse_connect_secure.log@package" + - "logs-pulse_connect_secure.log@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-snyk_x_audit: + index_sorting: False + index_template: + index_patterns: + - "logs-snyk.audit-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-snyk.audit@package" + - "logs-snyk.audit@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-snyk_x_vulnerabilities: + index_sorting: False + index_template: + index_patterns: + - "logs-snyk.vulnerabilities-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-snyk.vulnerabilities@package" + - "logs-snyk.vulnerabilities@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-sophos_x_utm: + index_sorting: False + index_template: + index_patterns: + - "logs-sophos.utm-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-sophos.utm@package" + - "logs-sophos.utm@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-sophos_x_xg: + index_sorting: False + index_template: + index_patterns: + - "logs-sophos.xg-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-sophos.xg@package" + - "logs-sophos.xg@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-sophos_central_x_alert: + index_sorting: False + index_template: + index_patterns: + - "logs-sophos_central.alert-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-sophos_central.alert@package" + - "logs-sophos_central.alert@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-sophos_central_x_event: + index_sorting: False + index_template: + index_patterns: + - "logs-sophos_central.event-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-sophos_central.event@package" + - "logs-sophos_central.event@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-tenable_sc_x_asset: + index_sorting: False + index_template: + index_patterns: + - "logs-tenable_sc.asset-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-tenable_sc.asset@package" + - "logs-tenable_sc.asset@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-tenable_sc_x_plugin: + index_sorting: False + index_template: + index_patterns: + - "logs-tenable_sc.plugin-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-tenable_sc.plugin@package" + - "logs-tenable_sc.plugin@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + so-logs-tenable_sc_x_vulnerability: + index_sorting: False + index_template: + index_patterns: + - "logs-tenable_sc.vulnerability-*" + template: + settings: + index: + number_of_replicas: 0 + composed_of: + - "logs-tenable_sc.vulnerability@package" + - "logs-tenable_sc.vulnerability@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false