diff --git a/.ansible-sign/sha256sum.txt b/.ansible-sign/sha256sum.txt index 1f43b9e..f7c5dfe 100644 --- a/.ansible-sign/sha256sum.txt +++ b/.ansible-sign/sha256sum.txt @@ -50,10 +50,10 @@ fba914c608f1a6ccdad971355139b98f0670fc8e7d51d13dca7a6e65bdc82429 roles/snort_bu 4867d8a776e6249f0dba3b4563602f03e79396384e124922346e0c5c9e709382 roles/snort_config/tasks/main.yml 4b06e8935cd973bb813c24a6d48fcdce16a7443652687f3eb3c6f04ef0e1e617 roles/snort_config/templates/ids_confg_snort_rsyslog.conf.j2 8b62443eae2ab28f71575e92446c9306dc220416eba271f146554513d87e4c6a roles/snort_config/templates/snort.conf.j2 -c14464aebb98e5f62dfcea72fb9eb5e78594cd400344af7e201091d7effe206e roles/winlogbeat/defaults/main.yml +eec62140ff6f456fb2fd45adaa8f69866c23ca8ec124ab1abfea08bcca7dccc6 roles/winlogbeat/defaults/main.yml a06c3bed9503b47cfa11d61ff3609dde83b4599b522160f5e14f13088df5ebaf roles/winlogbeat/handlers/main.yml 9780c8e92510aba03fff312c5cc461d8f1b866b269311e16628da76a95bfbafb roles/winlogbeat/tasks/main.yml -7b80092df1fc17ea69aa8af7f05125f8d6c40ef898a841d69c57b3eab231a346 roles/winlogbeat/templates/winlogbeat.yml.j2 +e660b5b443d6d5eb425109179d47772f67c9127925888cb5b7e09ada2112b652 roles/winlogbeat/templates/winlogbeat.yml.j2 f15fd50d2ee1d7cd5043153a707948b5897de8b1a544b226b33d493f4fe98f95 snortbuildconfig.yml 117d2f3e9d48d0d59d5dcfca9c9829295c1039c7204784c68978778db75e288a templates/cpu-rules.yml.j2 ff3bc0d052a72eb88bf093b9a2b9f31946032ab78dc7c4c742017f161f38763f templates/disk-rules.yml.j2 diff --git a/.ansible-sign/sha256sum.txt.sig b/.ansible-sign/sha256sum.txt.sig index dac5b67..eb2b095 100644 --- a/.ansible-sign/sha256sum.txt.sig +++ b/.ansible-sign/sha256sum.txt.sig @@ -1,14 +1,14 @@ -----BEGIN PGP SIGNATURE----- -iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmUtofgACgkQTiIiIXrU -DNG1JgwAtBEgQZa38Jk+lImAspw8zJvqu0OAev9/0OYo55fM3MXQ8ErWzKmBB+lV -J6PSwCsSEfbKI4TyauVWIcOlhPmt1XnvdoZY6evAqNBIA9XXOAcj1ulijlRiCsDA -qmhr4sEkVv/M9p7ArNwODLU9knpYfL8Gduxch/BWvxRfBc18ekQagwn6/BwqrZBi -BcenG7CTexdA/Cwc21GEIJ+dHpEvJjLzZmeA7uFqDJHBXvaIno16+fe2K8/viYkY -IXmWZBayf1kxNMr8+FM5Nukd2OvQabFHXZHtkq/ULSP2Nthv4XgB96yhavnmnvSP -bqOukaAlRRmvDFM5JCWdewP3zDWr2kEU6OLC84LQ5/xXp9i0xvyTwX66y3O+pnFU -qwf2+GZz4/fiBWaqTXD44R+0IoyMiy/SGOJ1N/2snJgq5UAYnYldn9VE2agRKGwc -/BL9Vi22bUHmX6enuuRKwIVuiT1oBepM8asv72BDs7bquCnT1DHAGIhx0Ur0bjc1 -iMO7bc1l -=t8hZ +iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmUtpGoACgkQTiIiIXrU +DNGpYgv+Jx6yFMUIxszDwgvXbQnVZZIBcGermZ0R1piyGNEIRIjXrb71qAo85enp ++FuN5Q+NlifehCjrHK8jxIrVQFkTkWOskX29BbIu80Jq1F6RxPgzCbpxvpa1pwSB +jv2RBcJXYMUKr0tghUwysWnWM/An/vagz3a6+RMgcgLehG31VZeeMjsMCfBIEkun +aVRV0/bzjPZT9XXnfnP94fu57CZ2qrabTc1KrjAJmVghCbN6u6o6Y1Nf8Mu7pnEp +y4xAOTPtwBZV1tij5MEw9mvEzG7+O9ud85+nkc8X/fGS2rLAnz3SNkAWhTuxCnC1 +qgNMM/3WTqWL5Q0AkFTLVy9q2/O7mKOo2UBjLCgvdmz8ZY0y7d078zR4iAc0AvnM +Esm5HTsQlggqp6lVIFVFPd0vxO/haK8+6+i+rziNtIXZIHo1xcj//4G7tyjrsR1i +yP8EtcpkHn/f8qmDOWL5qK0dVZZXhMrsD6tEw1+v9JigJou10qtrunVvQOEvLkv2 +GDMW1qLj +=BiUS -----END PGP SIGNATURE----- diff --git a/roles/winlogbeat/defaults/main.yml b/roles/winlogbeat/defaults/main.yml index 21b60bf..c3574b5 100644 --- a/roles/winlogbeat/defaults/main.yml +++ b/roles/winlogbeat/defaults/main.yml @@ -3,16 +3,5 @@ winlogbeat_download_url_base: 'https://artifacts.elastic.co/downloads/beats/winl file_ext: '.zip' winlogbeat_download_file: 'winlogbeat-8.10.3-windows-x86_64' winlogbeat_install_location: "C:/Program Files/Winlogbeat" -winlogbeat_event_logs: - - name: Application - ignore_older: 72h - - name: Security - - name: System - - name: Microsoft-Windows-Sysmon/Operational - - name: Windows PowerShell - event_id: 400, 403, 600, 800 - - name: Microsoft-Windows-PowerShell/Operational - event_id: 4103, 4104, 4105, 4106 - - name: ForwardedEvents - tags: [forwarded] kafkahost: "192.168.89.155:9092" +kafkatopic: "windowslogs" diff --git a/roles/winlogbeat/templates/winlogbeat.yml.j2 b/roles/winlogbeat/templates/winlogbeat.yml.j2 index f64fa5e..6ff05dd 100644 --- a/roles/winlogbeat/templates/winlogbeat.yml.j2 +++ b/roles/winlogbeat/templates/winlogbeat.yml.j2 @@ -42,7 +42,7 @@ setup.kibana: output.kafka: hosts: ["{{ kafkahost }}"] - topic: 'windowslogs' + topic: '{{ kafkatopic }}' partition.round_robin: reachable_only: false