{"id":42299718,"url":"https://github.com/certeu/moriohub","last_synced_at":"2026-01-27T10:20:28.196Z","repository":{"id":258966712,"uuid":"876001265","full_name":"certeu/moriohub","owner":"certeu","description":"No need to re-invent the observability wheel. What you need is perhaps already on Moriohub!","archived":false,"fork":false,"pushed_at":"2026-01-26T11:29:33.000Z","size":9866,"stargazers_count":2,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"develop","last_synced_at":"2026-01-27T01:08:39.915Z","etag":null,"topics":["detection-engineering","observability"],"latest_commit_sha":null,"homepage":"https://morio.it/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"eupl-1.2","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/certeu.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-10-21T08:31:12.000Z","updated_at":"2026-01-26T11:29:37.000Z","dependencies_parsed_at":"2025-01-06T17:27:59.733Z","dependency_job_id":"9e49df04-40ad-49e0-b8df-23dc83039ba4","html_url":"https://github.com/certeu/moriohub","commit_stats":null,"previous_names":["certeu/morio-templates","certeu/moriohub"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/certeu/moriohub","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/certeu%2Fmoriohub","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/certeu%2Fmoriohub/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/certeu%2Fmoriohub/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/certeu%2Fmoriohub/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/certeu","download_url":"https://codeload.github.com/certeu/moriohub/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/certeu%2Fmoriohub/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28811653,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T07:41:26.337Z","status":"ssl_error","status_checked_at":"2026-01-27T07:41:08.776Z","response_time":168,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["detection-engineering","observability"],"created_at":"2026-01-27T10:20:27.319Z","updated_at":"2026-01-27T10:20:28.189Z","avatar_url":"https://github.com/certeu.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003e [!Warning]\n\u003e\n\u003e ##### Morio is currently early-access alpha code.\n\u003e\n\u003e We are building this in the open, so feel free to look around,\n\u003e try it out, or [leave feedback](https://github.com/certeu/morio/discussions).\n\u003e\n\u003e That being said, you probably don't want to run this in production yet.\n\n# Morio Template Hub\n\nThis repository holds a curated collection of templates for\n[Morio](https://github/certeu/morio/).\n\nThere are four top-level folders here:\n\n- [bundles](#bundles): These bundle both client templates and collector overlays\n- [modules](#modules): These Morio client modules\n- [overlays](#overlays): These are Moriod settings overlays\n- [processors](#processors): These are stream processors for the tap service\n- [watchers](#watchers): These are monitors for the watcher service (heartbeat)\n\n\u003e [!Note]\n\u003e **This is a work in progress. YMMV.**\n\n## bundles\n\nThese are moriod configuration overlays that bundle multiple moriohub entries.\n\n## modules\n\nThe Morio client modules are stored in the `modules` folder.\n\nThese (Morio client) modules provide configuration for the different agents\nthat are bundled by the Morio client. These agents gather different types of\ndata:\n\n- `audit`: Audit info is collected by [Auditbeat][auditbeat]\n- `logs`: Collected by [Filebeat][filebeat]\n- `metrics`: Collected by [Metricbeat][metricbeat]\n\nGreat observability requires meticulous configuration of each of these agents.\nWhen you have more than a handful of system to configure -- whether it is a\ncouple dozen, hundreds, or even several thousands -- you will want to apply\nsome automation.\n\nMaintainability and (facilitating) automation are some of [Morio's design\ngoals](https://morio.it/docs/guides/goals/), so naturally we want to come up\nwith a way to take the gruntwork out of this, while still giving you the\nflexibility to fine-tune the configuration of your systems.\n\nThis repository exists to facilitate that, by providing a library of\nclient modules that you can use.\n\n\u003e [!tip]\n\u003e ##### Refer to the Preseeding Guide for all details\n\u003e To learn how you can ensure these modules are bundled with the Morio client,\n\u003e refer to [the preseeding\n\u003e guide](https://morio.it/docs/guides/settings/preseed/).\n\n### Rules governing client modules\n\nBelow are some rules to ensure each module plays nice within the Morio ecosystem:\n\n- Modules shall have a unique name that is descriptive\n- Modules that are platform-specific shall be prefixed by the platform they\n  support followed by a dash.. One of `linux-`, `macos-`, or `windows-`.\n- Modules that are platform-agnostic shall not have a platform prefix\n- Module names shall only use `[a-z][0-9]-`\n- Modules can provide one or more of the following files:\n  - `morio/audit/module-templates.d/[module-name].yaml`: The module\n     configuration for Auditbeat\n  - `morio/audit/rule-templates.d/[module-name].rules`: A single rules file for auditd\n  - `morio/audit/rule-templates.d/[module-name]-*.rules`: If a module utilzes multiple\n    rules files, prefix them with the module name and a dash\n  - `morio/logs/module-templates.d/[module-name].yaml`: The module configuration for\n    Filebeat. Create an empty placeholder file if your module only provide\n    inputs.\n  - `morio/logs/input-templates.d/[module-name].yaml`: The input configuration for\n    Filebeat\n  - `morio/metrics/module-templates.d/[module-name].yaml`: The configuration for\n    Metricbeat\n\n### Morio client module\n\nEach of the various beats agents takes a YAML file as configuration.\n\n\u003e The `rules` files used by Audutbeat are an exception, and this section does\n\u003e not apply to them.\n\nTo balance the ease-of-use of having a library of templates you can re-use with\nthe requirement to be able to adapt the configuration to your specific needs,\nthis repository does not host YAML files but rather templates that can be\nconverted to YAML files by the Morio client (or by anyone utilizing\n[Mustache templates](https://mustache.github.io/).\n\nIn addition, the documentation for each template is included in the module file\nitself. \n\n### Module file structure\n\nLet's look at an example of a module file structure to make this all a bit more\ntangible::\n\n```yaml\n# This: {{ EXAMPLE }}\n# is a mustache tag.\n# The Morio client will replace it with whatever is stored in the EXAMPLE variable.\n#\n# The # prefix indicates that this block will only be rendered\n# when the variable following it is set.\n# So this: {{#MORIO_DOCS}}\n# Means that whatever follows will only be rendered when MORIO_DOCS is set.\n# To close such a block, use: {{/MORIO_DOCS}}\n{{#MORIO_DOCS}}\n# We are now inside a block that will only rendered when MORIO_DOCS is set.\n# We use this to extract the documentation info which is included in this block.\n# Your module files should follow this same structure.\n#\n# The 'about' key holds a description of the module. Multi-line is ok.\nabout: |-\n  A metricbeat module for Linux system\n\n  This leverages the `system` metricbeat module to gather basic data from a\n  Linux system.\n# The 'vars' key holds information about the vars used in this module.\nvars:\n  # The 'vars.local' key holds an object/map with name/description pairs\n  # for the vars that are specific to this file.\n  local:\n    LINUX_SYSTEM_FILESYSTEM_INTERVAL: The interval to use for filesystem data\n    LINUX_SYSTEM_INVENTORY_INTERVAL: The interval to use for inventory data\n    LINUX_SYSTEM_METRICSETS: The metricsets to collect on every tick\n    LINUX_SYSTEM_MOUNTPOINTS_IGNORE_REGEX: A regular expression of mountpoints for which to drop events\n  # The 'vars.global' key holds an array/slice of names of global Morio vars\n  # that are used by the module.\n  global:\n    - MORIO_TICK\n  # The 'vars.defaults' key holds on object/map with the name/values that should\n  # be set as default values for the module. This should only include local vars\n  # as the defaults of the global vars cannot be changed by a module.\n  # Note: This is not mere documentation. This will be used by the Morio client\n  # to set the defaults for these vars\n  defaults:\n    LINUX_SYSTEM_FILESYSTEM_INTERVAL: 10m\n    LINUX_SYSTEM_INVENTORY_INTERVAL: 8h\n    # Vars will typically hold a string, but it can also be an array:\n    LINUX_SYSTEM_METRICSETS_ALWAYS:\n      - cpu\n      - diskio\n      - load\n      - memory\n      - network\n      - service\n    # Make sure to quote your strings if there's a risk they will cause issues when parsing YAML\n    LINUX_SYSTEM_MOUNTPOINTS_IGNORE_REGEX: '^/(snap|sys|cgroup|proc|dev|etc|host|lib)($|/)'\n{{/MORIO_DOCS}}\n#\n# Just like the # prefix indicates that this block will only be rendered\n# when the variable following it is set, the ^ prefix does the opposite:\n# Only render this block when the variable following it is NOT set.\n# so this: {{^MORIO_DOCS}}\n# Means that whatever follows will only be rendered when MORIO_DOCS is NOT set.\n# When the Morio client templates out the configuration, MORIO_DOCS will not\n# be set, and thus the entire block above will be ignored, and this is where the\n# actual configuration starts.\n{{^MORIO_DOCS}}\n- module: system\n  # This is a global variable that controls the minimal time interval\n  # between subsequent collections of data.\n  period: {{ MORIO_TICK }}\n  # And this is a local variable that controls what metricsets should\n  # be collects.\n  # Using module variables like this allows people to use this template as-is\n  # without losing the ability to fine-tune the configuration.\n  metricsets: {{ LINUX_SYSTEM_METRICSETS_ALWAYS }}\n  service.state_filter: [ failed ]\n  processors:\n    - add_fields:\n        target: morio\n        fields:\n          # This variable will be set by the Morio client when templating out\n          # the configuration. It is a best practice to use this and avoid\n          # hard-coding the module name.\n          module: {{ MORIO_MODULE_NAME }}\n#\n# Here, this entire block is made conditional.\n# It will only be included when MORIO_TRACK_INVENTORY is set.\n{{#MORIO_TRACK_INVENTORY}}\n- module: system\n  # This uses a non-standard (slower) interval for which the module created a local var.\n  period: {{ LINUX_SYSTEM_INVENTORY_INTERVAL }}\n  metricsets:\n    - load\n    - memory\n  processors:\n    - add_host_metadata:\n        netinfo.enabled: true\n        cache.ttl: 60m\n    - add_fields:\n        target: morio\n        fields:\n          module: {{ MORIO_MODULE_NAME }}\n          inventory_update: true\n{{/MORIO_TRACK_INVENTORY}}\n{{/MORIO_DOCS}}\n# Do not forget to close your conditional blocks.\n```\n\n## overlays\n\nThe overlays are stored in the `overlays` folder.\n\nThese overlays extend the settings of a Morio collector.\nRefer to [the documentation on overlays][overlays] for all details.\n\n## processors\n\nThese are stram processors. They are stored in the `processors` folder.\n\n## watchers\n\nThe watchers are stored in hte `watchers` folder.\n\nFIXME: Write documentation on this.\n\n[auditbeat]: https://www.elastic.co/guide/en/beats/auditbeat/master/index.html\n[filebeat]: https://www.elastic.co/guide/en/beats/filebeat/master/index.html\n[metricbeat]: https://www.elastic.co/guide/en/beats/metricbeat/master/index.html\n[overlays]: https://morio.it/docs/guides/settings/preseed/#understanding-overlays\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcerteu%2Fmoriohub","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcerteu%2Fmoriohub","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcerteu%2Fmoriohub/lists"}