CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

merge with dev

Browse Source
This commit is contained in:
m0duspwnens
2022-01-13 09:44:26 -05:00
parent 389ff1a46d e123dd4bb2
commit 06c0cebb26
4 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/elasticsearch/config.map.jinja
View File

@@ -10,7 +10,7 @@
{% if salt['pillar.get']('nodestab', {}) %} {% if salt['pillar.get']('nodestab', {}) %}
{% do ESCONFIG.elasticsearch.config.node.update({'roles': ['master', 'data', 'remote_cluster_client']}) %} {% do ESCONFIG.elasticsearch.config.node.update({'roles': ['master', 'data', 'remote_cluster_client']}) %}
{% if HIGHLANDER %} {% if HIGHLANDER %}
{% do ESCONFIG.elasticsearch.config.node.roles.append('ml') %} {% do ESCONFIG.elasticsearch.config.node.roles.append('ml', 'transform') %}
{% endif %} {% endif %}
{% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [grains.master]}}) %} {% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [grains.master]}}) %}
{% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} {% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
@@ -23,7 +23,7 @@
{% else %} {% else %}
{% do ESCONFIG.elasticsearch.config.node.update({'roles': ['data', 'ingest']}) %} {% do ESCONFIG.elasticsearch.config.node.update({'roles': ['data', 'ingest']}) %}
{% if HIGHLANDER %} {% if HIGHLANDER %}
{% do ESCONFIG.elasticsearch.config.node.roles.extend(['ml', 'master']) %} {% do ESCONFIG.elasticsearch.config.node.roles.extend(['ml', 'master', 'transform']) %}
{% endif %} {% endif %}
{% do ESCONFIG.elasticsearch.config.node.attr.update({'box_type': 'hot'}) %} {% do ESCONFIG.elasticsearch.config.node.attr.update({'box_type': 'hot'}) %}
{% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [grains.master]}}) %} {% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [grains.master]}}) %}

5
salt/kibana/config.map.jinja
View File

@@ -1,4 +1,5 @@
{% import_yaml 'kibana/defaults.yaml' as KIBANACONFIG with context %} {% import_yaml 'kibana/defaults.yaml' as KIBANACONFIG with context %}
{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
{% if salt['pillar.get']('elasticsearch:auth:enabled', False) %} {% if salt['pillar.get']('elasticsearch:auth:enabled', False) %}
{% do KIBANACONFIG.kibana.config.elasticsearch.update({'username': salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user'), 'password': salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass')}) %} {% do KIBANACONFIG.kibana.config.elasticsearch.update({'username': salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user'), 'password': salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass')}) %}
@@ -12,4 +13,8 @@
{% do KIBANACONFIG.kibana.config.xpack.update({'reporting': {'encryptionKey': pillar['kibana']['secrets']['reporting']['encryptionKey']}}) %} {% do KIBANACONFIG.kibana.config.xpack.update({'reporting': {'encryptionKey': pillar['kibana']['secrets']['reporting']['encryptionKey']}}) %}
{% endif %} {% endif %}
{% if HIGHLANDER %}
{% do KIBANACONFIG.kibana.config.xpack.ml.update({'enabled': true}) %}
{% endif %}
{% set KIBANACONFIG = salt['pillar.get']('kibana:config', default=KIBANACONFIG.kibana.config, merge=True) %} {% set KIBANACONFIG = salt['pillar.get']('kibana:config', default=KIBANACONFIG.kibana.config, merge=True) %}

12
salt/soc/files/soc/soc.json
View File

@@ -3,8 +3,8 @@
{%- set THEHIVEKEY = salt['pillar.get']('global:hivekey', '') %} {%- set THEHIVEKEY = salt['pillar.get']('global:hivekey', '') %}
{%- set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %} {%- set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
{%- set THEHIVE = salt['pillar.get']('manager:thehive', '0') %} {%- set THEHIVE = salt['pillar.get']('manager:thehive', '0') %}
{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %} {%- set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %} {%- set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
{%- set GRAFANA = salt['pillar.get']('manager:grafana', '0') %} {%- set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} {%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
{%- set API_TIMEOUT = salt['pillar.get']('sensoroni:api_timeout_ms', 0) %} {%- set API_TIMEOUT = salt['pillar.get']('sensoroni:api_timeout_ms', 0) %}
@@ -89,23 +89,23 @@
"refreshIntervalMs": 30000, "refreshIntervalMs": 30000,
"offlineThresholdMs": 900000 "offlineThresholdMs": 900000
}, },
{% if CASE_MODULE == 'thehive' and THEHIVEKEY != '' %} {%- if CASE_MODULE == 'thehive' and THEHIVEKEY != '' %}
"thehive": { "thehive": {
"hostUrl": "http://{{ MANAGERIP }}:9000/thehive", "hostUrl": "http://{{ MANAGERIP }}:9000/thehive",
"key": "{{ THEHIVEKEY }}", "key": "{{ THEHIVEKEY }}",
"verifyCert": false "verifyCert": false
}, },
{% elif CASE_MODULE == 'elasticcases' %} {%- elif CASE_MODULE == 'elasticcases' %}
"elasticcases": { "elasticcases": {
"hostUrl": "https://{{ MANAGERIP }}:5601", "hostUrl": "https://{{ MANAGERIP }}:5601",
"username": "{{ ES_USER }}", "username": "{{ ES_USER }}",
"password": "{{ ES_PASS }}", "password": "{{ ES_PASS }}",
}, },
{% elif CASE_MODULE == 'generichttp' %} {%- elif CASE_MODULE == 'generichttp' %}
"generichttp": { "generichttp": {
{{ GENERIC_CASE_CONFIG }} {{ GENERIC_CASE_CONFIG }}
}, },
{% endif %} {%- endif %}
"statickeyauth": { "statickeyauth": {
"anonymousCidr": "{{ DNET }}/24", "anonymousCidr": "{{ DNET }}/24",
"apiKey": "{{ SENSORONIKEY }}" "apiKey": "{{ SENSORONIKEY }}"

4
setup/so-whiptail
View File

@@ -213,7 +213,7 @@ whiptail_create_web_user() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
WEBUSER=$(whiptail --title "$whiptail_title" --inputbox \ WEBUSER=$(whiptail --title "$whiptail_title" --inputbox \
"Please enter an email address to create an administrator account for the web interface.\n\nThis will also be used for Elasticsearch, Kibana, TheHive, Cortex, and Fleet." 12 60 "$1" 3>&1 1>&2 2>&3) "Please enter an email address to create an administrator account for the web interface.\n\nThis will also be used for Elasticsearch, Kibana, and Fleet." 12 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -396,7 +396,6 @@ if [[ $is_eval ]]; then
GRAFANA "Enable Grafana for system monitoring" ON \ GRAFANA "Enable Grafana for system monitoring" ON \
OSQUERY "Enable Fleet with osquery" ON \ OSQUERY "Enable Fleet with osquery" ON \
WAZUH "Enable Wazuh" ON \ WAZUH "Enable Wazuh" ON \
THEHIVE "Enable TheHive" ON \
PLAYBOOK "Enable Playbook" ON \ PLAYBOOK "Enable Playbook" ON \
STRELKA "Enable Strelka" ON 3>&1 1>&2 2>&3) STRELKA "Enable Strelka" ON 3>&1 1>&2 2>&3)
else else
@@ -404,7 +403,6 @@ else
"$description" 20 75 7 \ "$description" 20 75 7 \
OSQUERY "Enable Fleet with osquery" ON \ OSQUERY "Enable Fleet with osquery" ON \
WAZUH "Enable Wazuh" ON \ WAZUH "Enable Wazuh" ON \
THEHIVE "Enable TheHive" ON \
PLAYBOOK "Enable Playbook" ON \ PLAYBOOK "Enable Playbook" ON \
STRELKA "Enable Strelka" ON 3>&1 1>&2 2>&3) STRELKA "Enable Strelka" ON 3>&1 1>&2 2>&3)
export "GRAFANA=1" export "GRAFANA=1"