Merge remote-tracking branch 'remotes/origin/master' into feature/users

2026-01-18 22:22:07 +01:00 · 2021-07-02 08:13:56 -04:00
parent c919f6bca0 d26056d272
commit f10290246f
142 changed files with 16416 additions and 1920 deletions
--- a/pillar/logstash/search.sls
+++ b/pillar/logstash/search.sls
@@ -7,6 +7,7 @@ logstash:
        - so/9000_output_zeek.conf.jinja
        - so/9002_output_import.conf.jinja
        - so/9034_output_syslog.conf.jinja
+        - so/9050_output_filebeatmodules.conf.jinja
        - so/9100_output_osquery.conf.jinja  
        - so/9400_output_suricata.conf.jinja
        - so/9500_output_beats.conf.jinja
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -23,6 +23,9 @@ base:
  '*_manager or *_managersearch':
    - match: compound
    - data.*
+{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
+    - elasticsearch.auth
+{% endif %}
    - secrets
    - global
    - minions.{{ grains.id }}
@@ -39,6 +42,9 @@ base:
    - secrets
    - healthcheck.eval
    - elasticsearch.eval
+{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
+    - elasticsearch.auth
+{% endif %}
    - global
    - minions.{{ grains.id }}

@@ -47,6 +53,9 @@ base:
    - logstash.manager
    - logstash.search
    - elasticsearch.search
+{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
+    - elasticsearch.auth
+{% endif %}
    - data.*
    - zeeklogs
    - secrets
@@ -60,6 +69,7 @@ base:

  '*_heavynode':
    - zeeklogs
+    - elasticsearch.auth
    - global
    - minions.{{ grains.id }}

@@ -81,6 +91,7 @@ base:
    - logstash
    - logstash.search
    - elasticsearch.search
+    - elasticsearch.auth
    - global
    - minions.{{ grains.id }}
    - data.nodestab
@@ -89,5 +100,8 @@ base:
    - zeeklogs
    - secrets
    - elasticsearch.eval
+{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
+    - elasticsearch.auth
+{% endif %}
    - global
    - minions.{{ grains.id }}
--- a/pillar/zeek/init.sls
+++ b/pillar/zeek/init.sls
@@ -52,5 +52,4 @@ zeek:
      - frameworks/signatures/detect-windows-shells
    redef:
      - LogAscii::use_json = T;
-      - LogAscii::json_timestamps = JSON::TS_ISO8601;
-      - CaptureLoss::watch_interval = 5 mins;
+      - CaptureLoss::watch_interval = 5 mins;