## per SPL-66827: data models and their acceleration params (datamodels.conf) must live in the same app ##################### ## Alerts ##################### [Alerts] acceleration = false acceleration.allow_old_summaries = true acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,cloud ##################### ## Application State (Deprecated) ##################### [Application_State] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 3-58/5 * * * * acceleration.earliest_time = -1mon acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,listening,port,process,report,service,time,synchronize,update ##################### ## Authentication ##################### [Authentication] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 3-58/5 * * * * acceleration.earliest_time = -1y acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,default,insecure,cleartext,privileged,multifactor,cloud ##################### ## Certificates ##################### [Certificates] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 3-58/5 * * * * acceleration.earliest_time = -1y acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,ssl,tls,network,communicate,cloud ##################### ## Change ##################### [Change] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 2-57/5 * * * * acceleration.earliest_time = -1y acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,account,audit,endpoint,network,delete,cloud ## This datamodel has been deprecated [Change_Analysis] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 2-57/5 * * * * acceleration.earliest_time = -1y acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,account,audit,endpoint,network,delete ########################## ## Compute Inventory ########################## [Compute_Inventory] acceleration = false acceleration.allow_old_summaries = true acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,cpu,default,interactive,memory,network,snapshot,storage,system,version,tools,user,virtual,cloud ########################## ## Databases ########################## [Databases] acceleration = false acceleration.allow_old_summaries = true acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,instance,lock,query,session,stats,tablespace,cloud ########################## ## DLP ########################## [DLP] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 2-57/5 * * * * acceleration.earliest_time = -1y acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,cloud ########################## ## Data Access ########################## [Data_Access] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 2-57/5 * * * * acceleration.earliest_time = -1y acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,data,access ##################### ## Endpoint ##################### [Endpoint] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 3-58/5 * * * * acceleration.earliest_time = -1mon acceleration.manual_rebuilds = true acceleration.max_concurrent = 1 acceleration.schedule_priority = highest tags_whitelist = pci,change,listening,port,process,report,service,time,synchronize,update,cloud ##################### ## Event Signatures ##################### [Event_Signatures] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 4-59/5 * * * * acceleration.earliest_time = -1mon acceleration.manual_rebuilds = true acceleration.max_concurrent = 1 acceleration.schedule_priority = highest tags_whitelist = ##################### ## Email ##################### [Email] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 3-58/5 * * * * acceleration.earliest_time = -1y acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,delivery,content,filter,cloud ########################## ## Interprocess Messaging ########################## [Interprocess_Messaging] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 4-59/5 * * * * acceleration.earliest_time = -1y acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,cloud ########################## ## Intrusion Detection ########################## [Intrusion_Detection] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 4-59/5 * * * * acceleration.earliest_time = -1y acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,misconfiguration,pii,rogue,unauthorized-device,unencrypted,wireless,cloud ########################## ## JVM ########################## [JVM] acceleration = false acceleration.allow_old_summaries = true acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,classloading,compilation,memory,os,runtime,threading,cloud ########################## ## Malware ########################## [Malware] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 1-56/5 * * * * acceleration.earliest_time = -1y acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,cloud ########################## ## Network Resolution ########################## [Network_Resolution] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 2-57/5 * * * * acceleration.earliest_time = -3mon acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,cloud ########################## ## Network Sessions ########################## [Network_Sessions] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 2-57/5 * * * * acceleration.earliest_time = -3mon acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,start,end,dhcp,vpn,cloud ########################## ## Network Traffic ########################## [Network_Traffic] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 1-56/5 * * * * acceleration.earliest_time = -3mon acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,cloud ########################## ## Performance ########################## [Performance] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 4-59/5 * * * * acceleration.earliest_time = -1mon acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = cpu,facilities,failure,memory,network,storage,success,os,time,synchronize,uptime,cloud ########################## ## Splunk Audit ########################## [Splunk_Audit] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = */5 * * * * acceleration.earliest_time = -1y acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,invocation,cloud ########################## ## Ticket Management ########################## [Ticket_Management] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = */5 * * * * acceleration.earliest_time = -1y acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,change,incident,problem,cloud ########################## ## Updates ########################## [Updates] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 2-57/5 * * * * acceleration.earliest_time = -1y acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,system,cloud ########################## ## Vulnerabilities ########################## [Vulnerabilities] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = 1-56/5 * * * * acceleration.earliest_time = -1y acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,misconfiguration,cloud ########################## ## Web ########################## [Web] acceleration = false acceleration.allow_old_summaries = true acceleration.cron_schedule = */5 * * * * acceleration.earliest_time = -3mon acceleration.manual_rebuilds = true acceleration.schedule_priority = highest tags_whitelist = pci,proxy,web_watchlist,cloud