CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/2.4/dev' into upgrade/salt3006.3

Browse Source
This commit is contained in:
m0duspwnens
2023-10-19 17:01:12 -04:00
parent dbfccdfff8 5119e6c45a
commit f03bbdbc09
2 changed files with 535 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
salt/elasticfleet/defaults.yaml
View File

@@ -30,18 +30,24 @@ elasticfleet:
packages: packages:
- apache - apache
- auditd - auditd
- auth0
- aws - aws
- azure - azure
- barracuda - barracuda
- carbonblack_edr
- cisco_asa - cisco_asa
- cisco_duo
- cisco_meraki
- cisco_umbrella
- cloudflare - cloudflare
- crowdstrike - crowdstrike
- darktrace - darktrace
- elasticsearch - elasticsearch
- endpoint - endpoint
- f5_bigip - f5_bigip
- fleet_server
- fim - fim
- fireeye
- fleet_server
- fortinet - fortinet
- fortinet_fortigate - fortinet_fortigate
- gcp - gcp
@@ -57,18 +63,24 @@ elasticfleet:
- m365_defender - m365_defender
- microsoft_defender_endpoint - microsoft_defender_endpoint
- microsoft_dhcp - microsoft_dhcp
- mimecast
- netflow - netflow
- o365 - o365
- okta - okta
- osquery_manager - osquery_manager
- panw - panw
- pfsense - pfsense
- pulse_connect_secure
- redis - redis
- sentinel_one - sentinel_one
- snyk
- sonicwall_firewall - sonicwall_firewall
- sophos
- sophos_central
- symantec_endpoint - symantec_endpoint
- system - system
- tcp - tcp
- tenable_sc
- ti_abusech - ti_abusech
- ti_misp - ti_misp
- ti_otx - ti_otx

522
salt/elasticsearch/defaults.yaml
View File

@@ -4398,3 +4398,525 @@ elasticsearch:
min_age: 365d min_age: 365d
actions: actions:
delete: {} delete: {}
so-logs-auth0_x_logs:
index_sorting: False
index_template:
index_patterns:
- "logs-auth0.logs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-auth0.logs@package"
- "logs-auth0.logs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-carbonblack_edr_x_log:
index_sorting: False
index_template:
index_patterns:
- "logs-carbonblack_edr.log-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-carbonblack_edr.log@package"
- "logs-carbonblack_edr.log@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-cisco_duo_x_admin:
index_sorting: False
index_template:
index_patterns:
- "logs-cisco_duo.admin-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-cisco_duo.admin@package"
- "logs-cisco_duo.admin@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-cisco_duo_x_auth:
index_sorting: False
index_template:
index_patterns:
- "logs-cisco_duo.auth-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-cisco_duo.auth@package"
- "logs-cisco_duo.auth@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-cisco_duo_x_offline_enrollment:
index_sorting: False
index_template:
index_patterns:
- "logs-cisco_duo.offline_enrollment-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-cisco_duo.offline_enrollment@package"
- "logs-cisco_duo.offline_enrollment@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-cisco_duo_x_summary:
index_sorting: False
index_template:
index_patterns:
- "logs-cisco_duo.summary-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-cisco_duo.summary@package"
- "logs-cisco_duo.summary@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-cisco_duo_x_telephony:
index_sorting: False
index_template:
index_patterns:
- "logs-cisco_duo.telephony-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-cisco_duo.telephony@package"
- "logs-cisco_duo.telephony@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-cisco_meraki_x_events:
index_sorting: False
index_template:
index_patterns:
- "logs-cisco_meraki.events-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-cisco_meraki.events@package"
- "logs-cisco_meraki.events@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-cisco_meraki_x_log:
index_sorting: False
index_template:
index_patterns:
- "logs-cisco_meraki.log-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-cisco_meraki.log@package"
- "logs-cisco_meraki.log@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-cisco_umbrella_x_log:
index_sorting: False
index_template:
index_patterns:
- "logs-cisco_umbrella.log-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-cisco_umbrella.log@package"
- "logs-cisco_umbrella.log@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-fireeye_x_nx:
index_sorting: False
index_template:
index_patterns:
- "logs-fireeye.nx-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-fireeye.nx@package"
- "logs-fireeye.nx@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-mimecast_x_audit_events:
index_sorting: False
index_template:
index_patterns:
- "logs-mimecast.audit_events-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-mimecast.audit_events@package"
- "logs-mimecast.audit_events@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-mimecast_x_dlp_logs:
index_sorting: False
index_template:
index_patterns:
- "logs-mimecast.dlp_logs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-mimecast.dlp_logs@package"
- "logs-mimecast.dlp_logs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-mimecast_x_siem_logs:
index_sorting: False
index_template:
index_patterns:
- "logs-mimecast.siem_logs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-mimecast.siem_logs@package"
- "logs-mimecast.siem_logs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-mimecast_x_threat_intel_malware_customer:
index_sorting: False
index_template:
index_patterns:
- "logs-mimecast.threat_intel_malware_customer-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-mimecast.threat_intel_malware_customer@package"
- "logs-mimecast.threat_intel_malware_customer@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-mimecast_x_threat_intel_malware_grid:
index_sorting: False
index_template:
index_patterns:
- "logs-mimecast.threat_intel_malware_grid-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-mimecast.threat_intel_malware_grid@package"
- "logs-mimecast.threat_intel_malware_grid@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-mimecast_x_ttp_ap_logs:
index_sorting: False
index_template:
index_patterns:
- "logs-mimecast.ttp_ap_logs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-mimecast.ttp_ap_logs@package"
- "logs-mimecast.ttp_ap_logs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-mimecast_x_ttp_ip_logs:
index_sorting: False
index_template:
index_patterns:
- "logs-mimecast.ttp_ip_logs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-mimecast.ttp_ip_logs@package"
- "logs-mimecast.ttp_ip_logs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-mimecast_x_ttp_url_logs:
index_sorting: False
index_template:
index_patterns:
- "logs-mimecast.ttp_url_logs-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-mimecast.ttp_url_logs@package"
- "logs-mimecast.ttp_url_logs@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-pulse_connect_secure_x_log:
index_sorting: False
index_template:
index_patterns:
- "logs-pulse_connect_secure.log-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-pulse_connect_secure.log@package"
- "logs-pulse_connect_secure.log@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-snyk_x_audit:
index_sorting: False
index_template:
index_patterns:
- "logs-snyk.audit-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-snyk.audit@package"
- "logs-snyk.audit@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-snyk_x_vulnerabilities:
index_sorting: False
index_template:
index_patterns:
- "logs-snyk.vulnerabilities-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-snyk.vulnerabilities@package"
- "logs-snyk.vulnerabilities@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-sophos_x_utm:
index_sorting: False
index_template:
index_patterns:
- "logs-sophos.utm-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-sophos.utm@package"
- "logs-sophos.utm@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-sophos_x_xg:
index_sorting: False
index_template:
index_patterns:
- "logs-sophos.xg-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-sophos.xg@package"
- "logs-sophos.xg@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-sophos_central_x_alert:
index_sorting: False
index_template:
index_patterns:
- "logs-sophos_central.alert-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-sophos_central.alert@package"
- "logs-sophos_central.alert@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-sophos_central_x_event:
index_sorting: False
index_template:
index_patterns:
- "logs-sophos_central.event-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-sophos_central.event@package"
- "logs-sophos_central.event@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-tenable_sc_x_asset:
index_sorting: False
index_template:
index_patterns:
- "logs-tenable_sc.asset-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-tenable_sc.asset@package"
- "logs-tenable_sc.asset@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-tenable_sc_x_plugin:
index_sorting: False
index_template:
index_patterns:
- "logs-tenable_sc.plugin-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-tenable_sc.plugin@package"
- "logs-tenable_sc.plugin@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-tenable_sc_x_vulnerability:
index_sorting: False
index_template:
index_patterns:
- "logs-tenable_sc.vulnerability-*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-tenable_sc.vulnerability@package"
- "logs-tenable_sc.vulnerability@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false