CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor for Elastic Upgrade

Browse Source
This commit is contained in:
DefensiveDepth
2024-08-23 11:36:47 -04:00
parent f01825166d
commit 0a5725a62e
3 changed files with 40 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/elasticfleet/files/integrations-dynamic/fleet-server/fleet-server.json
View File

@@ -1,5 +1,3 @@
{% from 'vars/globals.map.jinja' import GLOBALS %}
{
"package": {
"name": "fleet_server",
@@ -7,7 +5,7 @@
},
"name": "fleet_server-1",
"namespace": "default",
"policy_id": "FleetServer_{{ GLOBALS.hostname }}",
"policy_id": "FleetServer_hostname",
"vars": {},
"inputs": {
"fleet_server-fleet-server": {

20
salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-elastic-fleet-server
View File

@@ -6,18 +6,24 @@
. /usr/sbin/so-elastic-fleet-common
# Make the curl request to fetch the JSON data
# Get all the fleet policies
json_output=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -L -X GET "localhost:5601/api/fleet/agent_policies" -H 'kbn-xsrf: true')
# Extract the IDs that start with "FleetServer_" using jq
# Extract the IDs that start with "FleetServer_"
POLICY=$(echo "$json_output" | jq -r '.items[] | select(.id | startswith("FleetServer_")) | .id')
echo $POLICY
# Iterate over each ID in the POLICY variable and run the specified commands
# Iterate over each ID in the POLICY variable
for POLICYNAME in $POLICY; do
printf "\nUpdating Policy: $POLICYNAME\n"
# First get the Integration ID
elastic_fleet_integration_check "$POLICYNAME" "/opt/so/conf/elastic-fleet/integrations/fleet-server/fleet-server.json"
# Now update the integration policy
elastic_fleet_integration_update "$INTEGRATION_ID" "@/opt/so/conf/elastic-fleet/integrations/fleet-server/fleet-server.json"
# Modify the default integration policy to update the policy_id and an with the correct naming
UPDATED_INTEGRATION_POLICY=$(jq --arg policy_id "$POLICYNAME" --arg name "fleet_server-$POLICYNAME" '
.policy_id = $policy_id |
.name = $name' /opt/so/conf/elastic-fleet/integrations/fleet-server/fleet-server.json)
# Now update the integration policy using the modified JSON
elastic_fleet_integration_update "$INTEGRATION_ID" "$UPDATED_INTEGRATION_POLICY"
done