mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-10 19:22:54 +01:00
38 lines
1008 B
YAML
38 lines
1008 B
YAML
apiVersion: v1
|
|
kind: options
|
|
spec:
|
|
config:
|
|
decorators:
|
|
load:
|
|
- SELECT uuid AS host_uuid FROM system_info;
|
|
- SELECT hostname AS hostname FROM system_info;
|
|
file_paths:
|
|
binaries:
|
|
- /usr/bin/%%
|
|
- /usr/sbin/%%
|
|
- /bin/%%
|
|
- /sbin/%%
|
|
- /usr/local/bin/%%
|
|
- /usr/local/sbin/%%
|
|
- /opt/bin/%%
|
|
- /opt/sbin/%%
|
|
configuration:
|
|
- /etc/%%
|
|
efi:
|
|
- /System/Library/CoreServices/boot.efi
|
|
options:
|
|
disable_distributed: false
|
|
disable_tables: windows_events
|
|
distributed_interval: 10
|
|
distributed_plugin: tls
|
|
distributed_tls_max_attempts: 3
|
|
distributed_tls_read_endpoint: /api/v1/osquery/distributed/read
|
|
distributed_tls_write_endpoint: /api/v1/osquery/distributed/write
|
|
logger_plugin: tls
|
|
logger_snapshot_event_type: true
|
|
logger_tls_endpoint: /api/v1/osquery/log
|
|
logger_tls_period: 10
|
|
pack_delimiter: /
|
|
schedule_splay_percent: 10
|
|
overrides: {}
|