Skip to content

Commit

Permalink
Merge pull request #13526 from Security-Onion-Solutions/feature/tenab…
Browse files Browse the repository at this point in the history 
…le_io

Add Tenable IO
  • Loading branch information
@weslambert
weslambert authored Aug 21, 2024
2 parents e772497 + dc197f6 commit 1ed73b6
Show file tree
Hide file tree
Showing 3 changed files with 192 additions and 0 deletions.
1 change: 1 addition & 0 deletions salt/elasticfleet/defaults.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@ elasticfleet:
- symantec_endpoint
- system
- tcp
- tenable_io
- tenable_sc
- ti_abusech
- ti_anomali
Expand Down
184 changes: 184 additions & 0 deletions salt/elasticsearch/defaults.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9282,6 +9282,190 @@ elasticsearch:
set_priority:
priority: 50
min_age: 30d
so-logs-tenable_io_x_asset:
index_sorting: False
index_template:
index_patterns:
- "logs-tenable_io.asset-*"
template:
settings:
index:
lifecycle:
name: so-logs-tenable_io.asset-logs
number_of_replicas: 0
composed_of:
- "logs-tenable_io.asset@package"
- "logs-tenable_io.asset@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
ignore_missing_component_templates:
- logs-tenable_io.asset@custom
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-tenable_io_x_plugin:
index_sorting: False
index_template:
index_patterns:
- "logs-tenable_io.plugin-*"
template:
settings:
index:
lifecycle:
name: so-logs-tenable_io.plugin-logs
number_of_replicas: 0
composed_of:
- "logs-tenable_io.plugin@package"
- "logs-tenable_io.plugin@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
ignore_missing_component_templates:
- logs-tenable_io.plugin@custom
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-tenable_io_x_scan:
index_sorting: False
index_template:
index_patterns:
- "logs-tenable_io.scan-*"
template:
settings:
index:
lifecycle:
name: so-logs-tenable_io.scan-logs
number_of_replicas: 0
composed_of:
- "logs-tenable_io.scan@package"
- "logs-tenable_io.scan@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
ignore_missing_component_templates:
- logs-tenable_io.scan@custom
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-tenable_io_x_vulnerability:
index_sorting: False
index_template:
index_patterns:
- "logs-tenable_io.vulnerability-*"
template:
settings:
index:
lifecycle:
name: so-logs-tenable_io.vulnerability-logs
number_of_replicas: 0
composed_of:
- "logs-tenable_io.vulnerability@package"
- "logs-tenable_io.vulnerability@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
ignore_missing_component_templates:
- logs-tenable_io.vulnerability@custom
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 30d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
so-logs-tenable_sc_x_asset:
index_sorting: false
index_template:
Expand Down
7 changes: 7 additions & 0 deletions salt/elasticsearch/soc_elasticsearch.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -466,6 +466,13 @@ elasticsearch:
so-logs-sonicwall_firewall_x_log: *indexSettings
so-logs-snort_x_log: *indexSettings
so-logs-symantec_endpoint_x_log: *indexSettings
so-logs-tenable_io_x_asset: *indexSettings
so-logs-tenable_io_x_plugin: *indexSettings
so-logs-tenable_io_x_scan: *indexSettings
so-logs-tenable_io_x_vulnerability: *indexSettings
so-logs-tenable_sc_x_asset: *indexSettings
so-logs-tenable_sc_x_plugin: *indexSettings
so-logs-tenable_sc_x_vulnerability: *indexSettings
so-logs-ti_abusech_x_malware: *indexSettings
so-logs-ti_abusech_x_malwarebazaar: *indexSettings
so-logs-ti_abusech_x_threatfox: *indexSettings
Expand Down

0 comments on commit 1ed73b6

Please sign in to comment.