Fix yaml for idh,es,kib,esalert

salt/elastalert/init.sls

@@ -4,7 +4,7 @@
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls in allowed_states %}
 
-{% from 'elastalert/elastalert_config.map.jinja' import elastalert_defaults as elastalert_config with context %}
+{% from 'elastalert/elastalert_config.map.jinja' import ELASTALERT as elastalert_config with context %}
 
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}

salt/elastalert/soc_elastalert.yaml

@@ -1,25 +1,25 @@
 elastalert:
   config:
-    disable_rules_on_error: false
+    disable_rules_on_error:
       description: Disable rules on failure.
     run_every:
-      minutes: 3
+      minutes:
         description: Amount of time in minutes between searches.
     buffer_time:
-      minutes: 10
+      minutes:
         description: Amount of time in minutes to look through.
     old_query_limit:
-      minutes: 5
+      minutes:
         description: Amount of time in minutes between queries to start at the most recently run query.
-    es_conn_timeout: 55
+    es_conn_timeout:
       description: Timeout in seconds for connecting to and reading from Elasticsearch.
-    max_query_size: 5000
+    max_query_size:
       description: The maximum number of documents that will be downloaded from Elasticsearch in a single query.
     alert_time_limit:
-      days: 2
+      days:
         description: The retry window for failed alerts.
     index_settings:
-      shards: 1
+      shards:
         description: The amount of shards to use for elastalert.
-      replicas: 0
+      replicas:
         description: The amount of replicas for the Elastalert index.

salt/influxdb/soc_influxdb.yaml

@@ -1,16 +1,16 @@
 influxdb:
   retention_policies:
     so_short_term:
-      duration: 30d
+      duration:
         description: Amount of time to keep short term data.
-      shard_duration: 1d
+      shard_duration:
         description: Time range 
     so_long_term:
-      duration: 0d
+      duration:
         description: Amount of time to keep long term downsampled data.
-      shard_duration: 7d
+      shard_duration:
         description: Amount of the time range covered by the shard group.
   downsample:
     so_long_term:
-      resolution: 5m
+      resolution:
         description: Amount of time to turn into a single data point. 

salt/kibana/soc_kibana.yaml

@@ -1,5 +1,5 @@
 kibana:
   config:
     elasticsearch:
-      requestTimeout: 90000
+      requestTimeout:
         description: Request timeout length.