add additional annotations for elasticsearch index settings

2025-12-06 09:12:45 +01:00 · 2023-08-09 16:09:23 -04:00
parent dfe916d7c8
commit f9e272dd8f
1 changed files with 86 additions and 0 deletions
--- a/salt/elasticsearch/soc_elasticsearch.yaml
+++ b/salt/elasticsearch/soc_elasticsearch.yaml
@@ -181,3 +181,89 @@ elasticsearch:
            forcedType: bool
            global: True
            helpLink: elasticsearch.html
+    so-logs-system.auth: *indexSettings
+    so-logs-system.syslog: *indexSettings
+    so-logs-system.system: *indexSettings
+    so-logs-system.application: *indexSettings
+    so-logs-system.security: *indexSettings
+    so-logs-windows.forwarded: *indexSettings
+    so-logs-windows.powershell: *indexSettings
+    so-logs-windows.powershell_operational: *indexSettings
+    so-logs-windows.sysmon_operational: *indexSettings
+    so-logs-aws.cloudtrail: *indexSettings
+    so-logs-aws.cloudwatch_logs: *indexSettings
+    so-logs-aws.ec2_logs: *indexSettings
+    so-logs-aws.elb_logs: *indexSettings
+    so-logs-aws.firewall_logs: *indexSettings
+    so-logs-aws.route53_public_logs: *indexSettings
+    so-logs-aws.route53_resolver_logs: *indexSettings
+    so-logs-aws.s3access: *indexSettings
+    so-logs-aws.vpcflow: *indexSettings
+    so-logs-aws.waf: *indexSettings
+    so-logs-azure.activitylogs: *indexSettings
+    so-logs-azure.application_gateway: *indexSettings
+    so-logs-azure.auditlogs: *indexSettings
+    so-logs-azure.eventhub: *indexSettings
+    so-logs-azure.firewall_logs: *indexSettings
+    so-logs-azure.identity_protection: *indexSettings
+    so-logs-azure.platformlogs: *indexSettings
+    so-logs-azure.provisioning: *indexSettings
+    so-logs-azure.signinlogs: *indexSettings
+    so-logs-azure.springcloudlogs: *indexSettings
+    so-logs-cloudflare.audit: *indexSettings
+    so-logs-cloudflare.logpull: *indexSettings
+    so-logs-fim.event: *indexSettings
+    so-logs-github.audit: *indexSettings
+    so-logs-github.code_scanning: *indexSettings
+    so-logs-github.dependabot: *indexSettings
+    so-logs-github.issues: *indexSettings
+    so-logs-github.secret_scanning: *indexSettings
+    so-logs-google_workspace.access_transparency: *indexSettings
+    so-logs-google_workspace.admin: *indexSettings
+    so-logs-google_workspace.alert: *indexSettings
+    so-logs-google_workspace.context_aware_access: *indexSettings
+    so-logs-google_workspace.device: *indexSettings
+    so-logs-google_workspace.drive: *indexSettings
+    so-logs-google_workspace.gcp: *indexSettings
+    so-logs-google_workspace.group_enterprise: *indexSettings
+    so-logs-google_workspace.groups: *indexSettings
+    so-logs-google_workspace.login: *indexSettings
+    so-logs-google_workspace.rules: *indexSettings
+    so-logs-google_workspace.saml: *indexSettings
+    so-logs-google_workspace.token: *indexSettings
+    so-logs-google_workspace.user_accounts: *indexSettings
+    so-logs-1password.item_usages: *indexSettings
+    so-logs-1password.signin_attempts: *indexSettings
+    so-logs-osquery-manager-actions: *indexSettings
+    so-logs-osquery-manager-action.responses: *indexSettings
+    so-logs-elastic_agent.apm_server: *indexSettings
+    so-logs-elastic_agent.auditbeat: *indexSettings
+    so-logs-elastic_agent.cloudbeat: *indexSettings
+    so-logs-elastic_agent.endpoint_security: *indexSettings
+    so-logs-endpoint.alerts: *indexSettings
+    so-logs-endpoint.events.api: *indexSettings
+    so-logs-endpoint.events.file: *indexSettings
+    so-logs-endpoint.events.library: *indexSettings
+    so-logs-endpoint.events.network: *indexSettings
+    so-logs-endpoint.events.process: *indexSettings
+    so-logs-endpoint.events.registry: *indexSettings
+    so-logs-endpoint.events.security: *indexSettings
+    so-logs-elastic_agent.filebeat: *indexSettings
+    so-logs-elastic_agent.fleet_server: *indexSettings
+    so-logs-elastic_agent.heartbeat: *indexSettings
+    so-logs-elastic_agent: *indexSettings
+    so-logs-elastic_agent.metricbeat: *indexSettings
+    so-logs-elastic_agent.osquerybeat: *indexSettings
+    so-logs-elastic_agent.packetbeat: *indexSettings
+    so-case: *indexSettings
+    so-common: *indexSettings
+    so-endgame: *indexSettings
+    so-idh: *indexSettings
+    so-suricata: *indexSettings
+    so-import: *indexSettings
+    so-kratos: *indexSettings
+    so-logstash: *indexSettings
+    so-redis: *indexSettings
+    so-strelka: *indexSettings
+    so-syslog: *indexSettings
+    so-zeek: *indexSettings