elasticfleet: enabled: False enable_manager_output: True config: server: custom_fqdn: [] enable_auto_configuration: True endpoints_enrollment: '' es_token: '' grid_enrollment: '' logging: zeek: excluded: - analyzer - broker - capture_loss - cluster - conn-summary - console - ecat_arp_info - known_certs - known_hosts - known_services - loaded_scripts - ntp - ocsp - packet_filter - reporter - stats - stderr - stdout packages: - apache - auditd - auth0 - aws - azure - barracuda - carbonblack_edr - checkpoint - cisco_asa - cisco_duo - cisco_ftd - cisco_ios - cisco_ise - cisco_meraki - cisco_umbrella - citrix_adc - citrix_waf - cloudflare - crowdstrike - darktrace - elastic_agent - elasticsearch - endpoint - f5_bigip - fim - fireeye - fleet_server - fortinet - fortinet_fortigate - gcp - github - google_workspace - http_endpoint - httpjson - iis - juniper - juniper_srx - kafka_log - lastpass - log - m365_defender - microsoft_defender_endpoint - microsoft_dhcp - microsoft_sqlserver - mimecast - mysql - netflow - nginx - o365 - okta - osquery_manager - panw - pfsense - proofpoint_tap - pulse_connect_secure - redis - sentinel_one - snort - snyk - sonicwall_firewall - sophos - sophos_central - symantec_endpoint - system - tcp - tenable_sc - ti_abusech - ti_anomali - ti_cybersixgill - ti_misp - ti_otx - ti_recordedfuture - ti_threatq - udp - vsphere - windows - winlog - zscaler_zia - zscaler_zpa - 1password optional_integrations: sublime_platform: enabled_nodes: [] api_key: base_url: https://api.platform.sublimesecurity.com poll_interval: 5m limit: 100