diff --git a/salt/elasticfleet/defaults.yaml b/salt/elasticfleet/defaults.yaml index 7d38838958..2c0fcb816f 100644 --- a/salt/elasticfleet/defaults.yaml +++ b/salt/elasticfleet/defaults.yaml @@ -76,6 +76,7 @@ elasticfleet: - pulse_connect_secure - redis - sentinel_one + - snort - snyk - sonicwall_firewall - sophos @@ -85,9 +86,12 @@ elasticfleet: - tcp - tenable_sc - ti_abusech + - ti_anomali + - ti_cybersixgill - ti_misp - ti_otx - ti_recordedfuture + - ti_threatq - udp - vsphere - windows diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 02c2529a60..66916acd1d 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -6737,6 +6737,50 @@ elasticsearch: set_priority: priority: 50 min_age: 30d + so-logs-snort_x_log: + index_sorting: False + index_template: + index_patterns: + - "logs-snort.log-*" + template: + settings: + index: + lifecycle: + name: so-logs-snort.log-logs + number_of_replicas: 0 + composed_of: + - "logs-snort.log@package" + - "logs-snort.log@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d so-logs-snyk_x_audit: index_sorting: false index_template: @@ -7622,6 +7666,94 @@ elasticsearch: set_priority: priority: 50 min_age: 30d + so-logs-ti_anomali_x_threatstream: + index_sorting: False + index_template: + index_patterns: + - "logs-ti_anomali.threatstream-*" + template: + settings: + index: + lifecycle: + name: so-logs-ti_anomali.threatstream-logs + number_of_replicas: 0 + composed_of: + - "logs-ti_anomali.threatstream@package" + - "logs-ti_anomali.threatstream@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-ti_cybersixgill_x_threat: + index_sorting: False + index_template: + index_patterns: + - "logs-ti_cybersixgill.threat-*" + template: + settings: + index: + lifecycle: + name: so-logs-ti_cybersixgill.threat-logs + number_of_replicas: 0 + composed_of: + - "logs-ti_cybersixgill.threat@package" + - "logs-ti_cybersixgill.threat@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d so-logs-ti_misp_x_threat: index_sorting: false index_template: @@ -7842,6 +7974,50 @@ elasticsearch: set_priority: priority: 50 min_age: 30d + so-logs-ti_threatq_x_threat: + index_sorting: False + index_template: + index_patterns: + - "logs-ti_threatq.threat-*" + template: + settings: + index: + lifecycle: + name: so-logs-ti_threatq.threat-logs + number_of_replicas: 0 + composed_of: + - "logs-ti_threatq.threat@package" + - "logs-ti_threatq.threat@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d so-logs-vsphere_x_log: index_sorting: False index_template: diff --git a/salt/elasticsearch/soc_elasticsearch.yaml b/salt/elasticsearch/soc_elasticsearch.yaml index 9d9b3d294e..0b93a6c1a6 100644 --- a/salt/elasticsearch/soc_elasticsearch.yaml +++ b/salt/elasticsearch/soc_elasticsearch.yaml @@ -407,16 +407,20 @@ elasticsearch: so-logs-sentinel_one_x_group: *indexSettings so-logs-sentinel_one_x_threat: *indexSettings so-logs-sonicwall_firewall_x_log: *indexSettings + so-logs-snort_x_log: *indexSettings so-logs-symantec_endpoint_x_log: *indexSettings so-logs-ti_abusech_x_malware: *indexSettings so-logs-ti_abusech_x_malwarebazaar: *indexSettings so-logs-ti_abusech_x_threatfox: *indexSettings so-logs-ti_abusech_x_url: *indexSettings + so-logs-ti_anomali_x_threatstream: *indexSettings + so-logs-ti_cybersixgill_x_threat: *indexSettings so-logs-ti_misp_x_threat: *indexSettings so-logs-ti_misp_x_threat_attributes: *indexSettings so-logs-ti_otx_x_threat: *indexSettings so-logs-ti_recordedfuture_x_latest_ioc-template: *indexSettings so-logs-ti_recordedfuture_x_threat: *indexSettings + so-logs-ti_threatq_x_threat: *indexSettings so-logs-zscaler_zia_x_alerts: *indexSettings so-logs-zscaler_zia_x_dns: *indexSettings so-logs-zscaler_zia_x_firewall: *indexSettings