CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-26 22:47:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

add support for custom alerters

Browse Source
This commit is contained in:
Jason Ertel
2024-05-17 14:49:39 -04:00
parent aa0163349b
commit 1c4d36760a
4 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/elastalert/defaults.yaml
+1
View File
@@ -1,5 +1,6 @@
elastalert:
enabled: False
alerter_parameters: ""
config:
rules_folder: /opt/elastalert/rules/
scan_subdirectories: true
salt/elastalert/map.jinja
+5
View File
@@ -13,3 +13,8 @@
{% do ELASTALERTDEFAULTS.elastalert.config.update({'es_password': pillar.elasticsearch.auth.users.so_elastic_user.pass}) %}
{% set ELASTALERTMERGED = salt['pillar.get']('elastalert', ELASTALERTDEFAULTS.elastalert, merge=True) %}
{% set params = ELASTALERTMERGED.alerter_parameters | load_yaml %}
{% if params != None %}
{% do ELASTALERTMERGED.config.update(params) %}
{% endif %}
salt/elastalert/soc_elastalert.yaml
+8
View File
@@ -2,6 +2,14 @@ elastalert:
enabled:
description: You can enable or disable Elastalert.
helpLink: elastalert.html
alerter_parameters:
title: Alerter Parameters
description: Custom configuration parameters for additional, optional alerters that can be enabled for all Sigma rules. Filter for 'Additional Alerters' in this Configuration screen to find the setting that allows these alerters to be enabled within the SOC ElastAlert module. Use YAML format for these parameters, and reference the ElastAlert 2 documentation, located at https://elastalert2.readthedocs.io, for available alerters and their required configuration parameters.
global: True
multiline: True
syntax: yaml
helpLink: elastalert.html
forcedType: string
config:
disable_rules_on_error:
description: Disable rules on failure.