elasticfleet:
  enabled: False
  config:
    server:
      custom_fqdn: []
      enable_auto_configuration: True
      endpoints_enrollment: ''
      es_token: ''
      grid_enrollment: ''
  logging:
    zeek:
      excluded:
        - broker
        - capture_loss
        - cluster
        - console
        - ecat_arp_info
        - known_hosts
        - known_services
        - loaded_scripts
        - ntp
        - ocsp
        - packet_filter
        - reporter
        - stats
        - stderr
        - stdout
  packages:
    - auditd
    - aws
    - azure
    - barracuda
    - cisco_asa
    - cloudflare
    - crowdstrike
    - darktrace
    - elasticsearch
    - endpoint
    - f5_bigip
    - fleet_server
    - fim
    - fortinet
    - gcp
    - github
    - google_workspace
    - http_endpoint
    - httpjson
    - juniper
    - juniper_srx
    - kafka_log
    - lastpass
    - log
    - m365_defender
    - microsoft_defender_endpoint
    - microsoft_dhcp
    - netflow
    - o365
    - okta
    - osquery_manager
    - panw
    - pfsense
    - redis
    - sentinel_one
    - sonicwall_firewall
    - symantec_endpoint
    - system
    - tcp
    - ti_abusech
    - ti_misp
    - ti_otx
    - ti_recordedfuture
    - udp
    - windows
    - zscaler_zia
    - zscaler_zpa
    - 1password