CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 10:42:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e2eaefab6eb30e4ca69050a3a8c33ea12b9800c8
securityonion/salt/elasticsearch/soc_elasticsearch.yaml
Mike Reeves 2bd9dd80e2 Move In Day
2022-09-07 09:06:25 -04:00

104 lines
4.2 KiB
YAML
Raw Blame History

elasticsearch:
config:
cluster:
name:
description: The name of the Security Onion Elasticsearch cluster, for identification purposes.
readonly: True
global: True
routing:
allocation:
disk:
threshold_enabled:
description: Specifies whether the Elasticsearch node will monitor the available disk space for low disk space conditions and take action to protect the cluster.
watermark:
low:
description: The lower percentage of used disk space representing a healthy node.
high:
description: The higher percentage of used disk space representing an unhealthy node.
flood_stage:
description: The max percentage of used disk space that will cause the node to take protective actions, such as blocking incoming events.
script:
max_compilations_rate:
description: Max rate of script compilations permitted in the Elasticsearch cluster. Larger values will consume more resources.
global: True
indices:
query:
bool:
max_clause_count:
description: Max number of boolean clauses per query.
global: True
index_settings:
so-aws: &indexSettings
warm:
description: Age (in days) of this index before it will move to warm storage, if warm nodes are present. Once moved, events on this index can take longer to fetch.
global: True
close:
description: Age (in days) of this index before it will be closed. Once closed, events on this index cannot be retrieved without first re-opening the index.
global: True
delete:
description: Age (in days) of this index before it will be deleted. Once deleted, events are permanently unrecoverable.
global: True
index_sorting:
description: Sorts the index by event time, at the cost of additional processing resource consumption.
global: True
index_template:
template:
settings:
index:
mapping:
total_fields:
limit:
description: Max number of fields that can exist on a single index. Larger values will consume more resources.
global: True
refresh_interval:
description: Seconds between index refreshes. Shorter intervals can cause query performance to suffer since this is a synchronous and resource-intensive operation.
global: True
number_of_shards:
description: Number of shards required for this index. Using multiple shards increases fault tolerance, but also increases storage and network costs.
global: True
number_of_replicas:
description: Number of replicas required for this index. Multiple replicas protects against data loss, while also increasing storage costs.
global: True
so-azure: *indexSettings
so-barracuda: *indexSettings
so-beats: *indexSettings
so-bluecoat: *indexSettings
so-cef: *indexSettings
so-checkpoint: *indexSettings
so-cisco: *indexSettings
so-cyberark: *indexSettings
so-cylance: *indexSettings
so-elasticsearch: *indexSettings
so-endgame: *indexSettings
so-f5: *indexSettings
so-firewall: *indexSettings
so-fortinet: *indexSettings
so-gcp: *indexSettings
so-google_workspace: *indexSettings
so-ids: *indexSettings
so-imperva: *indexSettings
so-import: *indexSettings
so-infoblox: *indexSettings
so-juniper: *indexSettings
so-kibana: *indexSettings
so-logstash: *indexSettings
so-microsoft: *indexSettings
so-misp: *indexSettings
so-netflow: *indexSettings
so-netscout: *indexSettings
so-o365: *indexSettings
so-okta: *indexSettings
so-osquery: *indexSettings
so-proofpoint: *indexSettings
so-radware: *indexSettings
so-redis: *indexSettings
so-snort: *indexSettings
so-snyk: *indexSettings
so-sonicwall: *indexSettings
so-sophos: *indexSettings
so-strelka: *indexSettings
so-syslog: *indexSettings
so-tomcat: *indexSettings
so-zeek: *indexSettings
so-zscaler: *indexSettings
Reference in New Issue View Git Blame Copy Permalink