CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-15 21:52:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c68b87db566021d35e6624c53501a4fed6f46be1
securityonion/salt/fleet/files/packs/palantir/Fleet/Servers/options.yaml
Josh Brower 1ca290c766 osquery updates and fixes
2020-04-02 08:28:22 -04:00

59 lines
1.5 KiB
YAML
Raw Blame History

apiVersion: v1
kind: options
spec:
config:
decorators:
load:
- SELECT uuid AS host_uuid FROM system_info;
- SELECT hostname AS hostname FROM system_info;
file_paths:
binaries:
- /usr/bin/%%
- /usr/sbin/%%
- /bin/%%
- /sbin/%%
- /usr/local/bin/%%
- /usr/local/sbin/%%
configuration:
- /etc/passwd
- /etc/shadow
- /etc/ld.so.preload
- /etc/ld.so.conf
- /etc/ld.so.conf.d/%%
- /etc/pam.d/%%
- /etc/resolv.conf
- /etc/rc%/%%
- /etc/my.cnf
- /etc/modules
- /etc/hosts
- /etc/hostname
- /etc/fstab
- /etc/crontab
- /etc/cron%/%%
- /etc/init/%%
- /etc/rsyslog.conf
options:
audit_allow_config: true
audit_allow_sockets: true
audit_persist: true
disable_audit: false
events_expiry: 1
events_max: 500000
disable_distributed: false
disable_subscribers: user_events
distributed_interval: 10
distributed_plugin: tls
distributed_tls_max_attempts: 3
distributed_tls_read_endpoint: /api/v1/osquery/distributed/read
distributed_tls_write_endpoint: /api/v1/osquery/distributed/write
logger_min_status: 1
logger_plugin: tls
logger_snapshot_event_type: true
logger_tls_endpoint: /api/v1/osquery/log
logger_tls_period: 10
pack_delimiter: /
schedule_splay_percent: 10
watchdog_memory_limit: 350
watchdog_utilization_limit: 130
overrides: {}
Reference in New Issue View Git Blame Copy Permalink