This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"cloud-audit-aws-2021.07" : { | |
"mappings" : { | |
"_meta" : { | |
"beat" : "filebeat", | |
"version" : "7.9.1" | |
}, | |
"dynamic_templates" : [ | |
{ | |
"labels" : { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"signals-aws-cloudtrail" : { | |
"description" : "Pipeline for AWS CloudTrail Logs", | |
"processors" : [ | |
{ | |
"rename" : { | |
"field" : "message", | |
"target_field" : "event.original" | |
} | |
}, | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[2021-06-03T21:51:07,374][DEBUG][logstash.javapipeline ] Starting pipeline {:pipeline_id=>"main"} | |
[2021-06-03T21:51:07,383][DEBUG][logstash.outputs.elasticsearch][main] Normalizing http path {:path=>nil, :normalized=>nil} | |
[2021-06-03T21:51:07,403][WARN ][logstash.outputs.elasticsearch][main] ** WARNING ** Detected UNSAFE options in elasticsearch output configuration! | |
** WARNING ** You have enabled encryption but DISABLED certificate verification. | |
** WARNING ** To make sure your data is secure change :ssl_certificate_verification to true | |
[2021-06-03T21:51:07,413][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://elastic:xxxxxx@es_host:9200/]}} | |
[2021-06-03T21:51:07,418][DEBUG][logstash.outputs.elasticsearch][main] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>https://elastic:xxxxxx@es_host:9200/, :path=>"/"} | |
[2021-06-03T21:51:07,468][WARN ][logstash.outputs.elasticsearch][main] Restored connection |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"cloud-audit-azure-2021.04" : { | |
"mappings" : { | |
"properties" : { | |
"@timestamp" : { | |
"type" : "date" | |
}, | |
"@version" : { | |
"type" : "text", | |
"fields" : { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PUT _ingest/pipeline/signals-azure-activitylogs-pipeline | |
{ | |
"description" : "Pipeline for parsing azure activity logs.", | |
"processors" : [ | |
{ | |
"rename" : { | |
"field" : "azure", | |
"target_field" : "azure-eventhub", | |
"ignore_missing" : true | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PUT _template/cloud-audit-azure | |
{ | |
"index_patterns": "cloud-audit-azure*", | |
"version" : 50001, | |
"settings" : { | |
"index.refresh_interval" : "5s" | |
}, | |
"mappings" : { | |
"properties" : { | |
"@timestamp" : { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PUT _ingest/pipeline/my-azure-activity-log | |
{ | |
"my-azure-activitylogs-azure-shared-pipeline" : { | |
"description" : "Pipeline for parsing azure activity logs.", | |
"processors" : [ | |
{ | |
"set" : { | |
"field" : "cloud.provider", | |
"value" : "azure" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
.0 | |
.1 | |
.2 | |
.3 | |
.tar | |
.tgz | |
.zip | |
.tar.gz | |
.rar | |
.cache |