CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-09 09:44:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e5a41b60ef1ed4707ba076cecee8ad75b3be043a
securityonion/salt/filebeat/modules/gcp.yml.disabled
Mike Reeves 0622c77a7f Add filebeat modules
2021-05-04 10:50:13 -04:00

77 lines
2.9 KiB
Plaintext
Raw Blame History

# Module: gcp
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-gcp.html
- module: gcp
vpcflow:
enabled: true
# Google Cloud project ID.
var.project_id: my-gcp-project-id
# Google Pub/Sub topic containing VPC flow logs. Stackdriver must be
# configured to use this topic as a sink for VPC flow logs.
var.topic: gcp-vpc-flowlogs
# Google Pub/Sub subscription for the topic. Filebeat will create this
# subscription if it does not exist.
var.subscription_name: filebeat-gcp-vpc-flowlogs-sub
# Credentials file for the service account with authorization to read from
# the subscription.
var.credentials_file: ${path.config}/gcp-service-account-xyz.json
# Set internal networks. This is used to classify network.direction based
# off of what networks are considered "internal" either base off of a CIDR
# block or named network conditions. If this is not specified, then traffic
# direction is determined by whether it is between source and destination
# instance information rather than IP.
#
# For a full list of network conditions see:
# https://www.elastic.co/guide/en/beats/filebeat/current/defining-processors.html#condition-network
#var.internal_networks: [ "private" ]
firewall:
enabled: true
# Google Cloud project ID.
var.project_id: my-gcp-project-id
# Google Pub/Sub topic containing firewall logs. Stackdriver must be
# configured to use this topic as a sink for firewall logs.
var.topic: gcp-vpc-firewall
# Google Pub/Sub subscription for the topic. Filebeat will create this
# subscription if it does not exist.
var.subscription_name: filebeat-gcp-firewall-sub
# Credentials file for the service account with authorization to read from
# the subscription.
var.credentials_file: ${path.config}/gcp-service-account-xyz.json
# Set internal networks. This is used to classify network.direction based
# off of what networks are considered "internal" either base off of a CIDR
# block or named network conditions. If this is not specified, then traffic
# is taken from the direction data in the rule_details event payload.
#
# For a full list of network conditions see:
# https://www.elastic.co/guide/en/beats/filebeat/current/defining-processors.html#condition-network
#var.internal_networks: [ "private" ]
audit:
enabled: true
# Google Cloud project ID.
var.project_id: my-gcp-project-id
# Google Pub/Sub topic containing firewall logs. Stackdriver must be
# configured to use this topic as a sink for firewall logs.
var.topic: gcp-vpc-audit
# Google Pub/Sub subscription for the topic. Filebeat will create this
# subscription if it does not exist.
var.subscription_name: filebeat-gcp-audit
# Credentials file for the service account with authorization to read from
# the subscription.
var.credentials_file: ${path.config}/gcp-service-account-xyz.json
Reference in New Issue View Git Blame Copy Permalink