mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-09 18:52:52 +01:00
102 lines
1.8 KiB
YAML
102 lines
1.8 KiB
YAML
elasticfleet:
|
|
enabled: False
|
|
config:
|
|
server:
|
|
custom_fqdn: []
|
|
enable_auto_configuration: True
|
|
endpoints_enrollment: ''
|
|
es_token: ''
|
|
grid_enrollment: ''
|
|
logging:
|
|
zeek:
|
|
excluded:
|
|
- broker
|
|
- capture_loss
|
|
- cluster
|
|
- conn-summary
|
|
- console
|
|
- ecat_arp_info
|
|
- known_certs
|
|
- known_hosts
|
|
- known_services
|
|
- loaded_scripts
|
|
- ntp
|
|
- ocsp
|
|
- packet_filter
|
|
- reporter
|
|
- stats
|
|
- stderr
|
|
- stdout
|
|
packages:
|
|
- apache
|
|
- auditd
|
|
- auth0
|
|
- aws
|
|
- azure
|
|
- barracuda
|
|
- carbonblack_edr
|
|
- checkpoint
|
|
- cisco_asa
|
|
- cisco_duo
|
|
- cisco_meraki
|
|
- cisco_umbrella
|
|
- cloudflare
|
|
- crowdstrike
|
|
- darktrace
|
|
- elasticsearch
|
|
- endpoint
|
|
- f5_bigip
|
|
- fim
|
|
- fireeye
|
|
- fleet_server
|
|
- fortinet
|
|
- fortinet_fortigate
|
|
- gcp
|
|
- github
|
|
- google_workspace
|
|
- http_endpoint
|
|
- httpjson
|
|
- juniper
|
|
- juniper_srx
|
|
- kafka_log
|
|
- lastpass
|
|
- log
|
|
- m365_defender
|
|
- microsoft_defender_endpoint
|
|
- microsoft_dhcp
|
|
- mimecast
|
|
- netflow
|
|
- o365
|
|
- okta
|
|
- osquery_manager
|
|
- panw
|
|
- pfsense
|
|
- pulse_connect_secure
|
|
- redis
|
|
- sentinel_one
|
|
- snyk
|
|
- sonicwall_firewall
|
|
- sophos
|
|
- sophos_central
|
|
- symantec_endpoint
|
|
- system
|
|
- tcp
|
|
- tenable_sc
|
|
- ti_abusech
|
|
- ti_misp
|
|
- ti_otx
|
|
- ti_recordedfuture
|
|
- udp
|
|
- vsphere
|
|
- windows
|
|
- zscaler_zia
|
|
- zscaler_zpa
|
|
- 1password
|
|
optional_integrations:
|
|
sublime_platform:
|
|
enabled_nodes: []
|
|
api_key:
|
|
base_url: https://api.platform.sublimesecurity.com
|
|
poll_interval: 5m
|
|
limit: 100
|