mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 01:02:46 +01:00
33 lines
1.2 KiB
Plaintext
33 lines
1.2 KiB
Plaintext
---
|
|
apiVersion: v1
|
|
kind: config
|
|
spec:
|
|
agent_options:
|
|
config:
|
|
decorators:
|
|
always:
|
|
- SELECT codename FROM os_version;
|
|
- SELECT uuid AS live_query FROM system_info;
|
|
- SELECT address AS endpoint_ip1 FROM interface_addresses where address not
|
|
like '%:%' and address not like '127%' and address not like '169%' order by
|
|
interface desc limit 1;
|
|
- SELECT address AS endpoint_ip2 FROM interface_addresses where address not
|
|
like '%:%' and address not like '127%' and address not like '169%' order by
|
|
interface asc limit 1;
|
|
- SELECT hardware_serial FROM system_info;
|
|
- SELECT hostname AS hostname FROM system_info;
|
|
options:
|
|
decorations_top_level: true
|
|
disable_distributed: false
|
|
distributed_interval: 10
|
|
distributed_plugin: tls
|
|
distributed_tls_max_attempts: 3
|
|
distributed_tls_read_endpoint: /api/v1/osquery/distributed/read
|
|
distributed_tls_write_endpoint: /api/v1/osquery/distributed/write
|
|
enable_windows_events_publisher: true
|
|
enable_windows_events_subscriber: true
|
|
pack_delimiter: _
|
|
host_settings:
|
|
enable_software_inventory: false
|
|
server_settings:
|
|
enable_analytics: false |