paulmataruso/wazuh-docker-orginal
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-11-01 12:33:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

update wazuh-elastic template

Browse Source
This commit is contained in:
Jose Luis Ruiz
2017-02-15 15:53:22 +01:00
parent 9cec1ebcbe
commit d9c1f15900
3 changed files with 736 additions and 624 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docker-compose.yml
View File

@@ -12,8 +12,8 @@ services:
- "55000:55000"
networks:
- docker_elk
volumes:
- my-path:/var/ossec/data
# volumes:
# - my-path:/var/ossec/data
depends_on:
- elasticsearch
logstash:
@@ -41,8 +41,8 @@ services:
- "9300:9300"
environment:
ES_JAVA_OPTS: "-Xms2g -Xmx2g"
volumes:
- my-path:/var/ossec/data
# volumes:
# - my-path:/var/ossec/data
networks:
- docker_elk
kibana:

732
logstash/config/wazuh-elastic2-template.json Normal file
View File

@@ -0,0 +1,732 @@
{
"order": 0,
"template": "wazuh*",
"settings": {
"index.refresh_interval": "5s"
},
"mappings": {
"wazuh": {
"dynamic_templates": [
{
"notanalyzed": {
"match": "*",
"mapping": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
}
}
}
],
"properties": {
"@timestamp": {
"type": "date",
"format": "dateOptionalTime"
},
"@version": {
"type": "string"
},
"agent": {
"properties": {
"ip": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"id": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"name": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
}
}
},
"manager": {
"properties": {
"name": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
}
}
},
"dstuser": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"AlertsFile": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"full_log": {
"type": "string"
},
"previous_log": {
"type": "string"
},
"GeoLocation": {
"properties": {
"area_code": {
"type": "long"
},
"city_name": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"continent_code": {
"type": "string"
},
"coordinates": {
"type": "double"
},
"country_code2": {
"type": "string"
},
"country_code3": {
"type": "string"
},
"country_name": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"dma_code": {
"type": "long"
},
"ip": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"latitude": {
"type": "double"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "double"
},
"postal_code": {
"type": "string"
},
"real_region_name": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"region_name": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"timezone": {
"type": "string"
}
}
},
"host": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"syscheck": {
"properties": {
"path": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"sha1_before": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"sha1_after": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"uid_before": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"uid_after": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"gid_before": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"perm_before": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"perm_after": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"md5_after": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"md5_before": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"gname_after": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"gname_before": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"inode_after": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"inode_before": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"mtime_after": {
"type": "date",
"format": "dateOptionalTime",
"index": "not_analyzed",
"doc_values": "true"
},
"mtime_before": {
"type": "date",
"format": "dateOptionalTime",
"index": "not_analyzed",
"doc_values": "true"
},
"uname_after": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"uname_before": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"size_before": {
"type": "long",
"index": "not_analyzed",
"doc_values": "true"
},
"size_after": {
"type": "long",
"index": "not_analyzed",
"doc_values": "true"
},
"diff": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"event": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
}
}
},
"location": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"message": {
"type": "string"
},
"offset": {
"type": "string"
},
"rule": {
"properties": {
"description": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"groups": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"level": {
"type": "long",
"doc_values": "true"
},
"id": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"cve": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"info": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"frequency": {
"type": "long",
"doc_values": "true"
},
"firedtimes": {
"type": "long",
"doc_values": "true"
},
"cis": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"pci_dss": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
}
}
},
"decoder": {
"properties": {
"parent": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"name": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"ftscomment": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"fts": {
"type": "long",
"doc_values": "true"
},
"accumulate": {
"type": "long",
"doc_values": "true"
}
}
},
"srcip": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"protocol": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"action": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"dstip": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"dstport": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"srcuser": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"program_name": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"id": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"status": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"command": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"url": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"data": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"system_name": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"type": {
"type": "string"
},
"title": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"oscap": {
"properties": {
"check": {
"properties": {
"title": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"id": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"result": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"severity": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"description": {
"type": "string"
},
"rationale": {
"type": "string"
},
"references": {
"type": "string"
},
"identifiers": {
"type": "string"
},
"oval": {
"properties": {
"id": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
}
}
}
}
},
"scan": {
"properties": {
"id": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"content": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"benchmark": {
"properties": {
"id": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
}
}
},
"profile": {
"properties": {
"title": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"id": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
}
}
},
"score": {
"type": "double",
"doc_values": "true"
},
"return_code": {
"type": "long",
"doc_values": "true"
}
}
}
}
},
"audit": {
"properties": {
"type": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"id": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"syscall": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"exit": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"ppid": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"pid": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"auid": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"uid": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"gid": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"euid": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"suid": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"fsuid": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"egid": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"sgid": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"fsgid": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"tty": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"session": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"command": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"exe": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"key": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"cwd": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"directory": {
"properties": {
"name": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"inode": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"mode": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
}
}
},
"file": {
"properties": {
"name": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"inode": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"mode": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
}
}
},
"acct": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"dev": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"enforcing": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"list": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"old-auid": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"old-ses": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"old_enforcing": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"old_prom": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"op": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"prom": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"res": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"srcip": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"subj": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
},
"success": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true"
}
}
}
}
}
}
}

620
logstash/config/wazuh-elastic5-template.json
View File

@@ -1,620 +0,0 @@
{
"order": 0,
"template": "wazuh*",
"settings": {
"index.refresh_interval": "5s"
},
"mappings": {
"wazuh": {
"dynamic_templates": [
{
"notanalyzed": {
"match": "*",
"mapping": {
"type": "keyword",
"doc_values": "true"
}
}
}
],
"properties": {
"@timestamp": {
"type": "date",
"format": "dateOptionalTime"
},
"@version": {
"type": "text"
},
"agent": {
"properties": {
"ip": {
"type": "keyword",
"doc_values": "true"
},
"id": {
"type": "keyword",
"doc_values": "true"
},
"name": {
"type": "keyword",
"doc_values": "true"
}
}
},
"manager": {
"properties": {
"name": {
"type": "keyword",
"doc_values": "true"
}
}
},
"dstuser": {
"type": "keyword",
"doc_values": "true"
},
"AlertsFile": {
"type": "keyword",
"doc_values": "true"
},
"full_log": {
"type": "text"
},
"previous_log": {
"type": "text"
},
"GeoLocation": {
"properties": {
"area_code": {
"type": "long"
},
"city_name": {
"type": "keyword",
"doc_values": "true"
},
"continent_code": {
"type": "text"
},
"coordinates": {
"type": "double"
},
"country_code2": {
"type": "text"
},
"country_code3": {
"type": "text"
},
"country_name": {
"type": "keyword",
"doc_values": "true"
},
"dma_code": {
"type": "long"
},
"ip": {
"type": "keyword",
"doc_values": "true"
},
"latitude": {
"type": "double"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "double"
},
"postal_code": {
"type": "keyword"
},
"real_region_name": {
"type": "keyword",
"doc_values": "true"
},
"region_name": {
"type": "keyword",
"doc_values": "true"
},
"timezone": {
"type": "text"
}
}
},
"host": {
"type": "keyword",
"doc_values": "true"
},
"syscheck": {
"properties": {
"path": {
"type": "keyword",
"doc_values": "true"
},
"sha1_before": {
"type": "keyword",
"doc_values": "true"
},
"sha1_after": {
"type": "keyword",
"doc_values": "true"
},
"uid_before": {
"type": "keyword",
"doc_values": "true"
},
"uid_after": {
"type": "keyword",
"doc_values": "true"
},
"gid_before": {
"type": "keyword",
"doc_values": "true"
},
"gid_after": {
"type": "keyword",
"doc_values": "true"
},
"perm_before": {
"type": "keyword",
"doc_values": "true"
},
"perm_after": {
"type": "keyword",
"doc_values": "true"
},
"md5_after": {
"type": "keyword",
"doc_values": "true"
},
"md5_before": {
"type": "keyword",
"doc_values": "true"
},
"gname_after": {
"type": "keyword",
"doc_values": "true"
},
"gname_before": {
"type": "keyword",
"doc_values": "true"
},
"inode_after": {
"type": "keyword",
"doc_values": "true"
},
"inode_before": {
"type": "keyword",
"doc_values": "true"
},
"mtime_after": {
"type": "date",
"format": "dateOptionalTime",
"doc_values": "true"
},
"mtime_before": {
"type": "date",
"format": "dateOptionalTime",
"doc_values": "true"
},
"uname_after": {
"type": "keyword",
"doc_values": "true"
},
"uname_before": {
"type": "keyword",
"doc_values": "true"
},
"size_before": {
"type": "long",
"doc_values": "true"
},
"size_after": {
"type": "long",
"doc_values": "true"
},
"diff": {
"type": "keyword",
"doc_values": "true"
},
"event": {
"type": "keyword",
"doc_values": "true"
}
}
},
"location": {
"type": "keyword",
"doc_values": "true"
},
"message": {
"type": "text"
},
"offset": {
"type": "keyword"
},
"rule": {
"properties": {
"description": {
"type": "keyword",
"doc_values": "true"
},
"groups": {
"type": "keyword",
"doc_values": "true"
},
"level": {
"type": "long",
"doc_values": "true"
},
"id": {
"type": "long",
"doc_values": "true"
},
"cve": {
"type": "keyword",
"doc_values": "true"
},
"info": {
"type": "keyword",
"doc_values": "true"
},
"frequency": {
"type": "long",
"doc_values": "true"
},
"firedtimes": {
"type": "long",
"doc_values": "true"
},
"cis": {
"type": "keyword",
"doc_values": "true"
},
"pci_dss": {
"type": "keyword",
"doc_values": "true"
}
}
},
"decoder": {
"properties": {
"parent": {
"type": "keyword",
"doc_values": "true"
},
"name": {
"type": "keyword",
"doc_values": "true"
},
"ftscomment": {
"type": "keyword",
"doc_values": "true"
},
"fts": {
"type": "long",
"doc_values": "true"
},
"accumulate": {
"type": "long",
"doc_values": "true"
}
}
},
"srcip": {
"type": "keyword",
"doc_values": "true"
},
"protocol": {
"type": "keyword",
"doc_values": "true"
},
"action": {
"type": "keyword",
"doc_values": "true"
},
"dstip": {
"type": "keyword",
"doc_values": "true"
},
"dstport": {
"type": "keyword",
"doc_values": "true"
},
"srcuser": {
"type": "keyword",
"doc_values": "true"
},
"program_name": {
"type": "keyword",
"doc_values": "true"
},
"id": {
"type": "keyword",
"doc_values": "true"
},
"status": {
"type": "keyword",
"doc_values": "true"
},
"command": {
"type": "keyword",
"doc_values": "true"
},
"url": {
"type": "keyword",
"doc_values": "true"
},
"data": {
"type": "keyword",
"doc_values": "true"
},
"system_name": {
"type": "keyword",
"doc_values": "true"
},
"type": {
"type": "text"
},
"title": {
"type": "keyword",
"doc_values": "true"
},
"oscap": {
"properties": {
"check.title": {
"type": "keyword",
"doc_values": "true"
},
"check.id": {
"type": "keyword",
"doc_values": "true"
},
"check.result": {
"type": "keyword",
"doc_values": "true"
},
"check.severity": {
"type": "keyword",
"doc_values": "true"
},
"check.description": {
"type": "text"
},
"check.rationale": {
"type": "text"
},
"check.references": {
"type": "text"
},
"check.identifiers": {
"type": "text"
},
"check.oval.id": {
"type": "keyword",
"doc_values": "true"
},
"scan.id": {
"type": "keyword",
"doc_values": "true"
},
"scan.content": {
"type": "keyword",
"doc_values": "true"
},
"scan.benchmark.id": {
"type": "keyword",
"doc_values": "true"
},
"scan.profile.title": {
"type": "keyword",
"doc_values": "true"
},
"scan.profile.id": {
"type": "keyword",
"doc_values": "true"
},
"scan.score": {
"type": "double",
"doc_values": "true"
},
"scan.return_code": {
"type": "long",
"doc_values": "true"
}
}
},
"audit": {
"properties": {
"type": {
"type": "keyword",
"doc_values": "true"
},
"id": {
"type": "keyword",
"doc_values": "true"
},
"syscall": {
"type": "keyword",
"doc_values": "true"
},
"exit": {
"type": "keyword",
"doc_values": "true"
},
"ppid": {
"type": "keyword",
"doc_values": "true"
},
"pid": {
"type": "keyword",
"doc_values": "true"
},
"auid": {
"type": "keyword",
"doc_values": "true"
},
"uid": {
"type": "keyword",
"doc_values": "true"
},
"gid": {
"type": "keyword",
"doc_values": "true"
},
"euid": {
"type": "keyword",
"doc_values": "true"
},
"suid": {
"type": "keyword",
"doc_values": "true"
},
"fsuid": {
"type": "keyword",
"doc_values": "true"
},
"egid": {
"type": "keyword",
"doc_values": "true"
},
"sgid": {
"type": "keyword",
"doc_values": "true"
},
"fsgid": {
"type": "keyword",
"doc_values": "true"
},
"tty": {
"type": "keyword",
"doc_values": "true"
},
"session": {
"type": "keyword",
"doc_values": "true"
},
"command": {
"type": "keyword",
"doc_values": "true"
},
"exe": {
"type": "keyword",
"doc_values": "true"
},
"key": {
"type": "keyword",
"doc_values": "true"
},
"cwd": {
"type": "keyword",
"doc_values": "true"
},
"directory.name": {
"type": "keyword",
"doc_values": "true"
},
"directory.inode": {
"type": "keyword",
"doc_values": "true"
},
"directory.mode": {
"type": "keyword",
"doc_values": "true"
},
"file.name": {
"type": "keyword",
"doc_values": "true"
},
"file.inode": {
"type": "keyword",
"doc_values": "true"
},
"file.mode": {
"type": "keyword",
"doc_values": "true"
},
"acct": {
"type": "keyword",
"doc_values": "true"
},
"dev": {
"type": "keyword",
"doc_values": "true"
},
"enforcing": {
"type": "keyword",
"doc_values": "true"
},
"list": {
"type": "keyword",
"doc_values": "true"
},
"old-auid": {
"type": "keyword",
"doc_values": "true"
},
"old-ses": {
"type": "keyword",
"doc_values": "true"
},
"old_enforcing": {
"type": "keyword",
"doc_values": "true"
},
"old_prom": {
"type": "keyword",
"doc_values": "true"
},
"op": {
"type": "keyword",
"doc_values": "true"
},
"prom": {
"type": "keyword",
"doc_values": "true"
},
"res": {
"type": "keyword",
"doc_values": "true"
},
"srcip": {
"type": "keyword",
"doc_values": "true"
},
"subj": {
"type": "keyword",
"doc_values": "true"
},
"success": {
"type": "keyword",
"doc_values": "true"
}
}
}
}
},
"agent": {
"properties": {
"@timestamp": {
"type": "date",
"format": "dateOptionalTime"
},
"status": {
"type": "keyword"
},
"ip": {
"type": "keyword"
},
"host": {
"type": "keyword"
},
"name": {
"type": "keyword"
},
"id": {
"type": "keyword"
}
}
}
}
}