changed template

.ansible-sign/sha256sum.txt

@@ -53,7 +53,7 @@ fba914c608f1a6ccdad971355139b98f0670fc8e7d51d13dca7a6e65bdc82429  roles/snort_bu
 c14464aebb98e5f62dfcea72fb9eb5e78594cd400344af7e201091d7effe206e  roles/winlogbeat/defaults/main.yml
 a06c3bed9503b47cfa11d61ff3609dde83b4599b522160f5e14f13088df5ebaf  roles/winlogbeat/handlers/main.yml
 9780c8e92510aba03fff312c5cc461d8f1b866b269311e16628da76a95bfbafb  roles/winlogbeat/tasks/main.yml
-fb921fe466c7d458cbf8d6ea989aa146f0893de9999a3ce312f4d8c683dadc63  roles/winlogbeat/templates/winlogbeat.yml.j2
+7b80092df1fc17ea69aa8af7f05125f8d6c40ef898a841d69c57b3eab231a346  roles/winlogbeat/templates/winlogbeat.yml.j2
 f15fd50d2ee1d7cd5043153a707948b5897de8b1a544b226b33d493f4fe98f95  snortbuildconfig.yml
 117d2f3e9d48d0d59d5dcfca9c9829295c1039c7204784c68978778db75e288a  templates/cpu-rules.yml.j2
 ff3bc0d052a72eb88bf093b9a2b9f31946032ab78dc7c4c742017f161f38763f  templates/disk-rules.yml.j2

.ansible-sign/sha256sum.txt.sig

@@ -1,14 +1,14 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmUtgQoACgkQTiIiIXrU
-DNH9Ugv/WXoa+5MWWwJpzmTood70+69J14W+UmUOgRqZXty5JUEkA5sPfvnK4cTz
-ekcaPJn8sk5EcDiZF/qiUhN7qaPwi/vdji4D2G7bOYx/XSBolMuLi2u2XUtyWCNz
-TfaNzr8uChCDsYbtjB1NOOjtA+xPyEHMbRtRBuk+8XBRumPXwLoks9nPhDaOudWJ
-C9YG95BlGH5QvzvXnrzAKnFVVJRMYD90uYtOdtJRCQvY7m4XYCGXjE3SU6Ez0Gfh
-eE4EEbJRS3j7bjR3POHd6cOEqv11OdSRHeHweT3gqOmoY8GFyh9ANbDL4Gs4XrPE
-Hvg7HzNWiuWjkXi318I8+5dMzPs8EzoxV3pH3APawAnomqYRumjRw6OQvO2RIoQ4
-/RfFyPb+eOOg5PBH02CALBGZmvUmLjCzS+PJC//4ZoG+l8MM28c6kU9vUk6eWwFT
-v376GLuv8UUxl1T724nlUZmqptScu5NdSer6B6V+/BDrDTb/JwOe6oPJlwkBSKaP
-p8OdjHoa
-=ir6V
+iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmUtixkACgkQTiIiIXrU
+DNEO5wv+IRTH9hOeT29cEU9YtuBAPOKyXDaZLolvq/sI6tDvRm4Z3UAvUAVIs+G6
+K73fsKpj5vj3CUVGuw9i/f6/HCLSdg8doAcbCjhobRWSS0/eEjLhaUEQmGxVwuy5
+2jJV2FbsmOa38ZMT1T8WEX3vZzJehPK0035aNNBAJjJMZM7FV1w4D8nizSk2Imdc
+rkEyvlTXC6q3Yw8YpPoKYCR2ma8QX0ShClC2+P6JsfoBO7OftHY0n+XqsaXjwnwY
+LeLpezMtiXSiZlYErhIpGCPDOM32bO6v8B88p9GI9jOokaaPIjO/83EVcIysMNKA
+0Fo8p2mtWqIBUfdw562sNOMVP2K3uaKbwoZRQeBXQIhEozfOD5ztk/UcKmmX4IkQ
+WQe6CmX9EIRxz2apKbg2Gqlp2jcvOOTXytfdnuy8P1erPjSyrVscZ6MiCp1TVE1Q
+ORIku6Xq+gpsjVKeyW6A6vdr6hFXOotSaRHE+ICQa0MzNIDXpkOFMjKp97epZhQ7
+B+NJ1Cyi
+=Ds7g
 -----END PGP SIGNATURE-----

roles/winlogbeat/templates/winlogbeat.yml.j2

@@ -1,12 +1,44 @@
 ---
+###################### Winlogbeat Configuration  ########################
+
+# ======================== Winlogbeat specific options =========================
+
+# event_logs specifies a list of event logs to monitor as well as any
+# accompanying options. The YAML data type of event_logs is a list of
+# dictionaries.
 
-# Events
 winlogbeat.event_logs:
-  {{ winlogbeat_event_logs | to_json }}
+  - name: Application
+    ignore_older: 72h
+
+  - name: Security
+
+  - name: System
+
+  - name: Microsoft-Windows-Sysmon/Operational
+
+  - name: Windows PowerShell
+    event_id: 400, 403, 600, 800
+
+  - name: Microsoft-Windows-PowerShell/Operational
+    event_id: 4103, 4104, 4105, 4106
+
+  - name: ForwardedEvents
+    tags: [forwarded]
+
+  # ====================== Elasticsearch template settings =======================
 
 setup.template.settings:
   index.number_of_shards: 1
 
+# =================================== Kibana ===================================
+
+# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
+# This requires a Kibana endpoint configuration.
+setup.kibana:
+
+# ------------------------------ Kibana Output -------------------------------
+
 output.kafka:
   hosts: ["{{ kafkahost }}"]
 
@@ -18,6 +50,8 @@ output.kafka:
   compression: gzip
   max_message_tyes: 10000000
 
+# ================================= Processors =================================
+
 processors:
   - add_host_metadata:
       when.not.contains.tags: forwarded