CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ad765200c3cb8ba0d54eeaa94ccb9c42df464696
securityonion/salt/elasticfleet/defaults.yaml
reyesj2 4f92b7ced1 add support for cloudflare_logpush integration
2025-01-13 09:23:05 -06:00

138 lines
2.5 KiB
YAML
Raw Blame History

elasticfleet:
enabled: False
enable_manager_output: True
config:
server:
custom_fqdn: []
enable_auto_configuration: True
endpoints_enrollment: ''
es_token: ''
grid_enrollment: ''
defend_filters:
enable_auto_configuration: False
logging:
zeek:
excluded:
- analyzer
- broker
- capture_loss
- cluster
- conn-summary
- console
- ecat_arp_info
- known_certs
- known_hosts
- known_services
- loaded_scripts
- ntp
- ocsp
- packet_filter
- reporter
- stats
- stderr
- stdout
packages:
- apache
- auditd
- auth0
- aws
- azure
- barracuda
- barracuda_cloudgen_firewall
- carbonblack_edr
- cef
- checkpoint
- cisco_asa
- cisco_duo
- cisco_ftd
- cisco_ios
- cisco_ise
- cisco_meraki
- cisco_secure_email_gateway
- cisco_umbrella
- citrix_adc
- citrix_waf
- cloudflare
- cloudflare_logpush
- crowdstrike
- darktrace
- elastic_agent
- elasticsearch
- endpoint
- f5_bigip
- fim
- fireeye
- fleet_server
- fortinet
- fortinet_fortigate
- gcp
- github
- google_workspace
- http_endpoint
- httpjson
- iis
- imperva_cloud_waf
- journald
- juniper
- juniper_srx
- kafka_log
- lastpass
- log
- m365_defender
- microsoft_defender_endpoint
- microsoft_dhcp
- microsoft_sqlserver
- mimecast
- mysql
- netflow
- nginx
- o365
- okta
- osquery_manager
- panw
- pfsense
- proofpoint_tap
- pulse_connect_secure
- redis
- sentinel_one
- snort
- snyk
- sonicwall_firewall
- sophos
- sophos_central
- symantec_endpoint
- system
- tcp
- tenable_io
- tenable_sc
- ti_abusech
- ti_anomali
- ti_cybersixgill
- ti_misp
- ti_opencti
- ti_otx
- ti_rapid7_threat_command
- ti_recordedfuture
- ti_threatq
- trendmicro
- trend_micro_vision_one
- udp
- vsphere
- windows
- winlog
- zscaler_zia
- zscaler_zpa
- 1password
optional_integrations:
sublime_platform:
enabled_nodes: []
api_key:
base_url: https://api.platform.sublimesecurity.com
poll_interval: 5m
limit: 100
kismet:
base_url: http://localhost:2501
poll_interval: 1m
api_key:
enabled_nodes: []
Reference in New Issue View Git Blame Copy Permalink