mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-28 11:53:37 +01:00
50 lines
1.3 KiB
Plaintext
50 lines
1.3 KiB
Plaintext
# Module: microsoft
|
|
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-microsoft.html
|
|
|
|
- module: microsoft
|
|
# ATP configuration
|
|
defender_atp:
|
|
enabled: true
|
|
# How often the API should be polled
|
|
#var.interval: 5m
|
|
|
|
# Oauth Client ID
|
|
#var.oauth2.client.id: ""
|
|
|
|
# Oauth Client Secret
|
|
#var.oauth2.client.secret: ""
|
|
|
|
# Oauth Token URL, should include the tenant ID
|
|
#var.oauth2.token_url: "https://login.microsoftonline.com/TENANT-ID/oauth2/token"
|
|
m365_defender:
|
|
enabled: true
|
|
# How often the API should be polled
|
|
#var.interval: 5m
|
|
|
|
# Oauth Client ID
|
|
#var.oauth2.client.id: ""
|
|
|
|
# Oauth Client Secret
|
|
#var.oauth2.client.secret: ""
|
|
|
|
# Oauth Token URL, should include the tenant ID
|
|
#var.oauth2.token_url: "https://login.microsoftonline.com/TENANT-ID/oauth2/token"
|
|
dhcp:
|
|
enabled: true
|
|
|
|
# Set which input to use between udp (default), tcp or file.
|
|
# var.input: udp
|
|
# var.syslog_host: localhost
|
|
# var.syslog_port: 9515
|
|
|
|
# Set paths for the log files when file input is used.
|
|
# var.paths:
|
|
|
|
# Toggle output of non-ECS fields (default true).
|
|
# var.rsa_fields: true
|
|
|
|
# Set custom timezone offset.
|
|
# "local" (default) for system timezone.
|
|
# "+02:00" for GMT+02:00
|
|
# var.tz_offset: local
|