CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-02 17:37:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

If ES auth disabled ensure user/pass are blank

Browse Source
This commit is contained in:
Jason Ertel
2021-06-16 09:59:57 -04:00
parent 989f9dce42
commit 09fbb045a1
24 changed files with 173 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/soctopus/files/templates/generic.template
+8 -3
View File
@@ -1,6 +1,11 @@
{% set es = salt['pillar.get']('global:url_base', '') %}
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
{%- else %}
{%- set ES_USER = '' %}
{%- set ES_PASS = '' %}
{%- endif %}
alert:
- "modules.so.playbook-es.PlaybookESAlerter"
@@ -17,4 +22,4 @@ rule.category:
play_url: "https://{{ es }}/playbook/issues/6000"
kibana_pivot: "https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))"
soc_pivot: "https://{{es}}/#/hunt"
sigma_level: ""
sigma_level: ""