mirror of
https://github.com/wazuh/wazuh-docker.git
synced 2025-10-24 16:43:45 +00:00
Compare commits
3 Commits
4.5
...
v3.9.4_7.2
Author | SHA1 | Date | |
---|---|---|---|
|
5da0553016 | ||
|
9f7cd94180 | ||
|
87895af5d9 |
@@ -57,7 +57,7 @@ In addition, a docker-compose file is provided to launch the containers mentione
|
||||
|
||||
* `stable` branch on correspond to the latest Wazuh-Docker stable version.
|
||||
* `master` branch contains the latest code, be aware of possible bugs on this branch.
|
||||
* `Wazuh.Version_ElasticStack.Version` (for example 3.9.3_7.2.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
|
||||
* `Wazuh.Version_ElasticStack.Version` (for example 3.9.4_7.2.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
|
||||
|
||||
## Credits and Thank you
|
||||
|
||||
|
@@ -13,7 +13,7 @@ fi
|
||||
|
||||
# Install Wazuh Filebeat Module
|
||||
|
||||
curl -s "https://packages-dev.wazuh.com/3.x/filebeat/${WAZUH_FILEBEAT_MODULE}" | tar -xvz -C /usr/share/filebeat/module
|
||||
curl -s "https://packages.wazuh.com/3.x/filebeat/${WAZUH_FILEBEAT_MODULE}" | tar -xvz -C /usr/share/filebeat/module
|
||||
mkdir -p /usr/share/filebeat/module/wazuh
|
||||
chmod 755 -R /usr/share/filebeat/module/wazuh
|
||||
|
||||
|
@@ -1,53 +1,16 @@
|
||||
# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
|
||||
filebeat.inputs:
|
||||
- type: log
|
||||
paths:
|
||||
- '/var/ossec/logs/alerts/alerts.json'
|
||||
|
||||
# Wazuh - Filebeat configuration file
|
||||
filebeat.modules:
|
||||
- module: wazuh
|
||||
alerts:
|
||||
enabled: true
|
||||
archives:
|
||||
enabled: false
|
||||
|
||||
setup.template.json.enabled: true
|
||||
setup.template.json.path: "/etc/filebeat/wazuh-template.json"
|
||||
setup.template.json.name: "wazuh"
|
||||
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
|
||||
setup.template.json.name: 'wazuh'
|
||||
setup.template.overwrite: true
|
||||
setup.ilm.enabled: false
|
||||
|
||||
processors:
|
||||
- decode_json_fields:
|
||||
fields: ['message']
|
||||
process_array: true
|
||||
max_depth: 200
|
||||
target: ''
|
||||
overwrite_keys: true
|
||||
- drop_fields:
|
||||
fields: ['message', 'ecs', 'beat', 'input_type', 'tags', 'count', '@version', 'log', 'offset', 'type', 'host']
|
||||
- rename:
|
||||
fields:
|
||||
- from: "data.aws.sourceIPAddress"
|
||||
to: "@src_ip"
|
||||
ignore_missing: true
|
||||
fail_on_error: false
|
||||
when:
|
||||
regexp:
|
||||
data.aws.sourceIPAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
|
||||
- rename:
|
||||
fields:
|
||||
- from: "data.srcip"
|
||||
to: "@src_ip"
|
||||
ignore_missing: true
|
||||
fail_on_error: false
|
||||
when:
|
||||
regexp:
|
||||
data.srcip: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
|
||||
- rename:
|
||||
fields:
|
||||
- from: "data.win.eventdata.ipAddress"
|
||||
to: "@src_ip"
|
||||
ignore_missing: true
|
||||
fail_on_error: false
|
||||
when:
|
||||
regexp:
|
||||
data.win.eventdata.ipAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
|
||||
|
||||
output.elasticsearch:
|
||||
hosts: ['http://elasticsearch:9200']
|
||||
#pipeline: geoip
|
||||
indices:
|
||||
- index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}'
|
||||
output.elasticsearch.hosts: ['http://elasticsearch:9200']
|
Reference in New Issue
Block a user