securityonion/salt/elasticfleet/soc_elasticfleet.yaml

elasticfleet:
  enabled:
    description: You can enable or disable Elastic Fleet.
    advanced: True
    helpLink: elastic-fleet.html
  logging:
    zeek:
      excluded:
        description: This is a list of Zeek logs that are excluded from being shipped through the data processing pipeline. If you remove a log from this list, Elastic Agent will attempt to process it. If an ingest node pipeline is not available to process the logs, you may experience errors.
        forcedType: "[]string"
        helpLink: zeek.html 
  config:
    server:
      custom_fqdn:
        description: Custom FQDN for Agents to connect to. One per line.
        global: True
        helpLink: elastic-fleet.html
        advanced: True
        forcedType: "[]string"
      enable_auto_configuration:
        description: Enable auto-configuration of Logstash Outputs & Fleet Host URLs.
        global: True
        helpLink: elastic-fleet.html
        advanced: True
      endpoints_enrollment:
        description: Endpoint enrollment key.
        global: True
        helpLink: elastic-fleet.html
        sensitive: True
        advanced: True
      es_token:
        description: Elastic auth token.
        global: True
        helpLink: elastic-fleet.html
        sensitive: True
        advanced: True
      grid_enrollment:
        description: Grid enrollment key.
        global: True
        helpLink: elastic-fleet.html
        sensitive: True
        advanced: True
  optional_integrations:
    sublime_platform:
      enabled_nodes:
        description: Fleet nodes with the Sublime Platform integration enabled. Enter one per line.
        global: True
        helpLink: elastic-fleet.html
        advanced: True
        forcedType: "[]string"
      api_key:
        description: API key for Sublime Platform.
        global: True
        helpLink: elastic-fleet.html
        advanced: True
        forcedType: string
        sensitive: True
      base_url:
        description: Base URL for Sublime Platform.
        global: True
        helpLink: elastic-fleet.html
        advanced: True
        forcedType: string
      poll_interval:
        description: Poll interval for alerts from Sublime Platform.
        global: True
        helpLink: elastic-fleet.html
        advanced: True
        forcedType: string
      limit:
        description: The maximum number of message groups to return from Sublime Platform.
        global: True
        helpLink: elastic-fleet.html
        advanced: True
        forcedType: int