admingit
/
Deploiement_Server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'af91299fea'
${ noResults }
Deploiement_Server/deployment-apps/Splunk_SA_CIM/default/datamodels.conf

330 lines
10 KiB
Raw Blame History

## per SPL-66827: data models and their acceleration params (datamodels.conf) must live in the same app
#####################
## Alerts
#####################
[Alerts]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,cloud
#####################
## Application State (Deprecated)
#####################
[Application_State]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 3-58/5 * * * *
acceleration.earliest_time = -1mon
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,listening,port,process,report,service,time,synchronize,update
#####################
## Authentication
#####################
[Authentication]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 3-58/5 * * * *
acceleration.earliest_time = -1y
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,default,insecure,cleartext,privileged,multifactor,cloud
#####################
## Certificates
#####################
[Certificates]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 3-58/5 * * * *
acceleration.earliest_time = -1y
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,ssl,tls,network,communicate,cloud
#####################
## Change
#####################
[Change]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 2-57/5 * * * *
acceleration.earliest_time = -1y
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,account,audit,endpoint,network,delete,cloud
## This datamodel has been deprecated
[Change_Analysis]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 2-57/5 * * * *
acceleration.earliest_time = -1y
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,account,audit,endpoint,network,delete
##########################
## Compute Inventory
##########################
[Compute_Inventory]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,cpu,default,interactive,memory,network,snapshot,storage,system,version,tools,user,virtual,cloud
##########################
## Databases
##########################
[Databases]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,instance,lock,query,session,stats,tablespace,cloud
##########################
## DLP
##########################
[DLP]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 2-57/5 * * * *
acceleration.earliest_time = -1y
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,cloud
##########################
## Data Access
##########################
[Data_Access]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 2-57/5 * * * *
acceleration.earliest_time = -1y
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,data,access
#####################
## Endpoint
#####################
[Endpoint]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 3-58/5 * * * *
acceleration.earliest_time = -1mon
acceleration.manual_rebuilds = true
acceleration.max_concurrent = 1
acceleration.schedule_priority = highest
tags_whitelist = pci,change,listening,port,process,report,service,time,synchronize,update,cloud
#####################
## Event Signatures
#####################
[Event_Signatures]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 4-59/5 * * * *
acceleration.earliest_time = -1mon
acceleration.manual_rebuilds = true
acceleration.max_concurrent = 1
acceleration.schedule_priority = highest
tags_whitelist =
#####################
## Email
#####################
[Email]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 3-58/5 * * * *
acceleration.earliest_time = -1y
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,delivery,content,filter,cloud
##########################
## Interprocess Messaging
##########################
[Interprocess_Messaging]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 4-59/5 * * * *
acceleration.earliest_time = -1y
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,cloud
##########################
## Intrusion Detection
##########################
[Intrusion_Detection]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 4-59/5 * * * *
acceleration.earliest_time = -1y
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,misconfiguration,pii,rogue,unauthorized-device,unencrypted,wireless,cloud
##########################
## JVM
##########################
[JVM]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,classloading,compilation,memory,os,runtime,threading,cloud
##########################
## Malware
##########################
[Malware]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 1-56/5 * * * *
acceleration.earliest_time = -1y
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,cloud
##########################
## Network Resolution
##########################
[Network_Resolution]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 2-57/5 * * * *
acceleration.earliest_time = -3mon
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,cloud
##########################
## Network Sessions
##########################
[Network_Sessions]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 2-57/5 * * * *
acceleration.earliest_time = -3mon
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,start,end,dhcp,vpn,cloud
##########################
## Network Traffic
##########################
[Network_Traffic]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 1-56/5 * * * *
acceleration.earliest_time = -3mon
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,cloud
##########################
## Performance
##########################
[Performance]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 4-59/5 * * * *
acceleration.earliest_time = -1mon
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = cpu,facilities,failure,memory,network,storage,success,os,time,synchronize,uptime,cloud
##########################
## Splunk Audit
##########################
[Splunk_Audit]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = */5 * * * *
acceleration.earliest_time = -1y
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,invocation,cloud
##########################
## Ticket Management
##########################
[Ticket_Management]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = */5 * * * *
acceleration.earliest_time = -1y
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,change,incident,problem,cloud
##########################
## Updates
##########################
[Updates]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 2-57/5 * * * *
acceleration.earliest_time = -1y
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,system,cloud
##########################
## Vulnerabilities
##########################
[Vulnerabilities]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = 1-56/5 * * * *
acceleration.earliest_time = -1y
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,misconfiguration,cloud
##########################
## Web
##########################
[Web]
acceleration = false
acceleration.allow_old_summaries = true
acceleration.cron_schedule = */5 * * * *
acceleration.earliest_time = -3mon
acceleration.manual_rebuilds = true
acceleration.schedule_priority = highest
tags_whitelist = pci,proxy,web_watchlist,cloud
Reference in new issue View Git Blame Copy Permalink