CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-28 11:53:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,461 Commits 19 Branches 120 Tags
134caa7f58814c2ccc06e40e65eefefc49d1e28f
Commit Graph

45 Commits

Author SHA1 Message Date
Wes
c9118699a9 Add index management lifecycle policy defintion and reference in index template 2023-02-10 15:10:30 +00:00
Wes
f1db1bc273 Ensure Kratos events are sent to a data stream instead of an index 2023-01-26 16:12:06 +00:00
Wes
51692ac66c Update index pattern in various template definitions to match new data stream naming convention 2023-01-23 21:52:44 +00:00
weslambert
7d3f6121eb Remove default "logs-*" template settings for now 2023-01-19 10:29:10 -05:00
weslambert
7a499c9051 Modify default 'logs-*' template priority 2023-01-18 17:24:07 -05:00
weslambert
73a4dae28e Make sure Elastic Agent data streams do not use replicas 2023-01-13 16:10:44 -05:00
weslambert
7cba5626b7 Merge pull request #9570 from Security-Onion-Solutions/fix/elasticsearch_templates_elastic_agent 
Change priority for Elastic Agent Elasticsearch index templates
 2023-01-12 16:48:12 -05:00
weslambert
654d869e3e Change priority from 500 to 200 for Elastic Agent index templates to avoid collisions with other templates 2023-01-12 16:46:08 -05:00
weslambert
fb8d8ea972 Update Elasticsearch index template for Kratos 2023-01-12 15:31:41 -05:00
Wes
c3b83f1fc8 Update template settings to use data streams 2023-01-11 14:03:11 +00:00
m0duspwnens
c880be8d45 use curator defaults.yaml merged with pillar for actions 2022-10-21 10:38:32 -04:00
Wes
46dd4c2749 Rename component mappings and references for Security Onion 2022-09-20 20:33:06 +00:00
Wes
12e940f809 Change managed_by value from 'fleet' to 'security_onion' for Elastic Agent templates in defaults.yaml 2022-09-16 20:55:49 +00:00
Mike Reeves
b38f0fa996 Update watermark settings 2022-09-13 12:13:45 -04:00
weslambert
030f4d228a Add back Elastic Agent default templates 2022-09-12 15:10:24 -04:00
Mike Reeves
74ef6c0ed0 Fix yaml for idh,es,kib,esalert 2022-09-09 15:30:28 -04:00
Wes
86d60e444d Add Elastic Agent index/template configuration to defaults file 2022-09-08 00:20:22 +00:00
Josh Brower
8e368bdebe Merge in upstream dev 2022-05-06 20:01:07 -04:00
weslambert
542db5b7f5 Update defaults.yaml 2022-04-21 17:24:24 -04:00
weslambert
7128b04636 Remove indices.query.bool.max_clause_count because it is dynamically allocated in Elastic 8 2022-03-17 21:20:41 -04:00
Wes Lambert
c549b20221 Add DTC client mappings 2022-03-07 18:36:26 +00:00
weslambert
254cf53c2f Increase clause count to 3500 2022-03-04 10:36:37 -05:00
Wes Lambert
ffae22beef Add DTC syslog mappings for .keyword and add refs to defaults.yml 2022-03-04 13:04:11 +00:00
Wes Lambert
aa8d24b6cd Add DTC destination, source, and winlog mapping references to templates in defaults file 2022-03-03 13:42:20 +00:00
Wes Lambert
c5b16fdf3b Adjust field limit for now 2022-03-02 16:33:39 +00:00
Wes Lambert
038dc49098 Temporarily increase field limit before trimming efforts 2022-03-01 15:06:28 +00:00
Wes Lambert
08097fe9ec Add Playbook override mappings 2022-02-25 17:58:51 +00:00
weslambert
6a0ecb9e9c Add IDH and Kratos index templates 2022-02-23 12:13:46 -05:00
weslambert
6ee3287d2d Update component -> index association for file/scan mappings for Strelka 2022-02-18 08:12:34 -05:00
weslambert
185ea2fd99 Fix indent for so-netflow component template references 2022-02-16 14:46:12 -05:00
weslambert
1a53ec4372 Fix malformed copy/paste 2022-02-15 11:14:10 -05:00
Wes Lambert
dce3b7a874 Update defaults file to include ES index templates 2022-02-15 15:53:07 +00:00
Wes Lambert
ebce67060f Initial template refactor 2022-02-14 15:20:33 +00:00
Wes Lambert
9db1510b0e Initial composable template configuration and base mappings 2022-02-02 02:08:31 +00:00
weslambert
900d12b556 Add logger stanza to suppress deprecation warning messages for now due to current system index access warning messages flooding the ES log 2022-01-06 10:35:50 -05:00
weslambert
c1a88977cf Disable fielddata for _id field by default (since it is deprecated and can be memory-intensive) 2022-01-05 15:23:52 -05:00
m0duspwnens
0d074dafd4 add missing defaults 2021-09-17 09:52:50 -04:00
m0duspwnens
5526a2bc3a reduce defaults.yaml 2021-09-16 15:32:08 -04:00
m0duspwnens
e3e2e1d851 logic for truecluster to map file 2021-09-15 13:09:04 -04:00
m0duspwnens
551dba955c set roles empty list 2021-09-15 09:20:33 -04:00
m0duspwnens
f8ab0ac8a9 config changes 2021-09-13 15:04:39 -04:00
m0duspwnens
0ae09cc630 config changes 2021-09-13 09:49:56 -04:00
m0duspwnens
f06ab8b77d testing defaults.yaml 2021-09-09 08:55:36 -04:00
m0duspwnens
fd1e632386 cleanup yaml 2021-08-25 12:08:43 -04:00
m0duspwnens
0681d29bb0 starting es pillarization 2021-08-25 10:23:06 -04:00