From f9e272dd8f07613c748fee6540c88e4bea59b145 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 9 Aug 2023 16:09:23 -0400
Subject: [PATCH] add additional annotations for elasticsearch index settings

---
 salt/elasticsearch/soc_elasticsearch.yaml | 86 +++++++++++++++++++++++
 1 file changed, 86 insertions(+)

diff --git a/salt/elasticsearch/soc_elasticsearch.yaml b/salt/elasticsearch/soc_elasticsearch.yaml
index 2228eccf6..89d347b42 100644
--- a/salt/elasticsearch/soc_elasticsearch.yaml
+++ b/salt/elasticsearch/soc_elasticsearch.yaml
@@ -181,3 +181,89 @@ elasticsearch:
             forcedType: bool
             global: True
             helpLink: elasticsearch.html
+    so-logs-system.auth: *indexSettings
+    so-logs-system.syslog: *indexSettings
+    so-logs-system.system: *indexSettings
+    so-logs-system.application: *indexSettings
+    so-logs-system.security: *indexSettings
+    so-logs-windows.forwarded: *indexSettings
+    so-logs-windows.powershell: *indexSettings
+    so-logs-windows.powershell_operational: *indexSettings
+    so-logs-windows.sysmon_operational: *indexSettings
+    so-logs-aws.cloudtrail: *indexSettings
+    so-logs-aws.cloudwatch_logs: *indexSettings
+    so-logs-aws.ec2_logs: *indexSettings
+    so-logs-aws.elb_logs: *indexSettings
+    so-logs-aws.firewall_logs: *indexSettings
+    so-logs-aws.route53_public_logs: *indexSettings
+    so-logs-aws.route53_resolver_logs: *indexSettings
+    so-logs-aws.s3access: *indexSettings
+    so-logs-aws.vpcflow: *indexSettings
+    so-logs-aws.waf: *indexSettings
+    so-logs-azure.activitylogs: *indexSettings
+    so-logs-azure.application_gateway: *indexSettings
+    so-logs-azure.auditlogs: *indexSettings
+    so-logs-azure.eventhub: *indexSettings
+    so-logs-azure.firewall_logs: *indexSettings
+    so-logs-azure.identity_protection: *indexSettings
+    so-logs-azure.platformlogs: *indexSettings
+    so-logs-azure.provisioning: *indexSettings
+    so-logs-azure.signinlogs: *indexSettings
+    so-logs-azure.springcloudlogs: *indexSettings
+    so-logs-cloudflare.audit: *indexSettings
+    so-logs-cloudflare.logpull: *indexSettings
+    so-logs-fim.event: *indexSettings
+    so-logs-github.audit: *indexSettings
+    so-logs-github.code_scanning: *indexSettings
+    so-logs-github.dependabot: *indexSettings
+    so-logs-github.issues: *indexSettings
+    so-logs-github.secret_scanning: *indexSettings
+    so-logs-google_workspace.access_transparency: *indexSettings
+    so-logs-google_workspace.admin: *indexSettings
+    so-logs-google_workspace.alert: *indexSettings
+    so-logs-google_workspace.context_aware_access: *indexSettings
+    so-logs-google_workspace.device: *indexSettings
+    so-logs-google_workspace.drive: *indexSettings
+    so-logs-google_workspace.gcp: *indexSettings
+    so-logs-google_workspace.group_enterprise: *indexSettings
+    so-logs-google_workspace.groups: *indexSettings
+    so-logs-google_workspace.login: *indexSettings
+    so-logs-google_workspace.rules: *indexSettings
+    so-logs-google_workspace.saml: *indexSettings
+    so-logs-google_workspace.token: *indexSettings
+    so-logs-google_workspace.user_accounts: *indexSettings
+    so-logs-1password.item_usages: *indexSettings
+    so-logs-1password.signin_attempts: *indexSettings
+    so-logs-osquery-manager-actions: *indexSettings
+    so-logs-osquery-manager-action.responses: *indexSettings
+    so-logs-elastic_agent.apm_server: *indexSettings
+    so-logs-elastic_agent.auditbeat: *indexSettings
+    so-logs-elastic_agent.cloudbeat: *indexSettings
+    so-logs-elastic_agent.endpoint_security: *indexSettings
+    so-logs-endpoint.alerts: *indexSettings
+    so-logs-endpoint.events.api: *indexSettings
+    so-logs-endpoint.events.file: *indexSettings
+    so-logs-endpoint.events.library: *indexSettings
+    so-logs-endpoint.events.network: *indexSettings
+    so-logs-endpoint.events.process: *indexSettings
+    so-logs-endpoint.events.registry: *indexSettings
+    so-logs-endpoint.events.security: *indexSettings
+    so-logs-elastic_agent.filebeat: *indexSettings
+    so-logs-elastic_agent.fleet_server: *indexSettings
+    so-logs-elastic_agent.heartbeat: *indexSettings
+    so-logs-elastic_agent: *indexSettings
+    so-logs-elastic_agent.metricbeat: *indexSettings
+    so-logs-elastic_agent.osquerybeat: *indexSettings
+    so-logs-elastic_agent.packetbeat: *indexSettings
+    so-case: *indexSettings
+    so-common: *indexSettings
+    so-endgame: *indexSettings
+    so-idh: *indexSettings
+    so-suricata: *indexSettings
+    so-import: *indexSettings
+    so-kratos: *indexSettings
+    so-logstash: *indexSettings
+    so-redis: *indexSettings
+    so-strelka: *indexSettings
+    so-syslog: *indexSettings
+    so-zeek: *indexSettings