mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
262 lines
5.6 KiB
YAML
262 lines
5.6 KiB
YAML
third_party_filebeat:
|
|
modules:
|
|
aws:
|
|
cloudtrail:
|
|
enabled: false
|
|
cloudwatch:
|
|
enabled: false
|
|
ec2:
|
|
enabled: false
|
|
elb:
|
|
enabled: false
|
|
s3access:
|
|
enabled: false
|
|
vpcflow:
|
|
enabled: false
|
|
azure:
|
|
activitylogs:
|
|
enabled: false
|
|
platformlogs:
|
|
enabled: false
|
|
auditlogs:
|
|
enabled: false
|
|
signinlogs:
|
|
enabled: false
|
|
barracuda:
|
|
waf:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9503
|
|
spamfirewall:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9524
|
|
bluecoat:
|
|
director:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9505
|
|
cef:
|
|
log:
|
|
enabled: false
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9003
|
|
checkpoint:
|
|
firewall:
|
|
enabled: false
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9505
|
|
cisco:
|
|
asa:
|
|
enabled: false
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9001
|
|
ftd:
|
|
enabled: false
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9003
|
|
ios:
|
|
enabled: false
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9002
|
|
nexus:
|
|
enabled: false
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9506
|
|
meraki:
|
|
enabled: false
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9525
|
|
umbrella:
|
|
enabled: false
|
|
amp:
|
|
enabled: false
|
|
cylance:
|
|
protect:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9508
|
|
f5:
|
|
bigipapm:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9504
|
|
bigipafm:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9528
|
|
fortinet:
|
|
firewall:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9004
|
|
clientendpoint:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9510
|
|
fortimail:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_port: 9350
|
|
gcp:
|
|
vpcflow:
|
|
enabled: false
|
|
firewall:
|
|
enabled: false
|
|
audit:
|
|
enabled: false
|
|
google_workspace:
|
|
saml:
|
|
enabled: false
|
|
user_accounts:
|
|
enabled: false
|
|
login:
|
|
enabled: false
|
|
admin:
|
|
enabled: false
|
|
drive:
|
|
enabled: false
|
|
groups:
|
|
enabled: false
|
|
imperva:
|
|
securesphere:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9511
|
|
infoblox:
|
|
nios:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9512
|
|
juniper:
|
|
junos:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9513
|
|
netscreen:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9523
|
|
srx:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9006
|
|
microsoft:
|
|
defender_atp:
|
|
enabled: false
|
|
m365_defender:
|
|
enabled: false
|
|
dhcp:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9515
|
|
misp:
|
|
threat:
|
|
enabled: false
|
|
netflow:
|
|
log:
|
|
enabled: false
|
|
var.netflow_host: 0.0.0.0
|
|
var.netflow_port: 2055
|
|
var.internal_networks:
|
|
- private
|
|
netscout:
|
|
sightline:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9502
|
|
o365:
|
|
audit:
|
|
enabled: false
|
|
okta:
|
|
system:
|
|
enabled: false
|
|
proofpoint:
|
|
emailsecurity:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9531
|
|
radware:
|
|
defensepro:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9518
|
|
snort:
|
|
log:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9532
|
|
snyk:
|
|
audit:
|
|
enabled: false
|
|
vulnerabilities:
|
|
enabled: false
|
|
sonicwall:
|
|
firewall:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9519
|
|
sophos:
|
|
xg:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9005
|
|
utm:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9533
|
|
squid:
|
|
log:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9520
|
|
tomcat:
|
|
log:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9501
|
|
threatintel:
|
|
abuseurl:
|
|
enabled: false
|
|
abusemalware:
|
|
enabled: false
|
|
misp:
|
|
enabled: false
|
|
malwarebazaar:
|
|
enabled: false
|
|
otx:
|
|
enabled: false
|
|
anomali:
|
|
enabled: false
|
|
anomalithreatstream:
|
|
enabled: false
|
|
zscaler:
|
|
zia:
|
|
enabled: false
|
|
var.input: udp
|
|
var.syslog_host: 0.0.0.0
|
|
var.syslog_port: 9521
|