CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

strelka ui things

Browse Source
This commit is contained in:
m0duspwnens
2023-03-16 16:32:41 -04:00
parent a36a6d5659
commit 2056ce37c6
6 changed files with 507 additions and 492 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
salt/strelka/defaults.yaml
View File

@@ -534,7 +534,6 @@ strelka:
coordinator:
addr: 'HOST:6380'
db: 0
rules:
enabled: True
repos:
@@ -557,3 +556,7 @@ strelka:
- gen_susp_xor.yar
- gen_webshells_ext_vars.yar
- configured_vulns_ext_vars.yar
filecheck:
historypath: '/nsm/strelka/history/'
strelkapath: '/nsm/strelka/unprocessed/'
logfile: '/opt/so/log/strelka/filecheck.log'

3
salt/strelka/filecheck/filecheck.yaml.jinja
View File

@@ -1 +1,2 @@
{{ FILECHECKCONFIG | yaml(false) }}
filecheck:
{{ FILECHECKCONFIG | yaml(false) | indent(width=2) }}

12
salt/strelka/filecheck/map.jinja
View File

@@ -1,12 +0,0 @@
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% import_yaml 'strelka/filecheck/defaults.yaml' as FILECHECKDEFAULTS %}
{% if GLOBALS.md_engine == "SURICATA" %}
{% set extract_path = '/nsm/suricata/extracted' %}
{% set filecheck_runas = 'suricata' %}
{% else %}
{% set extract_path = '/nsm/zeek/extracted/complete' %}
{% set filecheck_runas = 'socore' %}
{% endif %}
{% do FILECHECKDEFAULTS.filecheck.update({'extract_path': extract_path}) %}

2
salt/strelka/init.sls
View File

@@ -185,7 +185,7 @@ filecheck_conf:
- source: salt://strelka/filecheck/filecheck.yaml.jinja
- template: jinja
- defaults:
FILECHECKCONFIG: {{ FILECHECKDEFAULTS }}
FILECHECKCONFIG: {{ STRELKAMERGED.filecheck }}
filecheck_script:
file.managed:

10
salt/strelka/map.jinja
View File

@@ -17,4 +17,14 @@
{% set manager_coordinator_port = STRELKADEFAULTS.strelka.config.manager.coordinator.addr.split(':')[1] %}
{% do STRELKADEFAULTS.strelka.config.manager.coordinator.update({'addr': HOST ~ ':' ~ manager_coordinator_port}) %}
{% if GLOBALS.md_engine == "SURICATA" %}
{% set extract_path = '/nsm/suricata/extracted' %}
{% set filecheck_runas = 'suricata' %}
{% else %}
{% set extract_path = '/nsm/zeek/extracted/complete' %}
{% set filecheck_runas = 'socore' %}
{% endif %}
{% do STRELKADEFAULTS.strelka.filecheck.update({'extract_path': extract_path}) %}
{% set STRELKAMERGED = salt['pillar.get']('strelka', STRELKADEFAULTS.strelka, merge=True) %}

947
salt/strelka/soc_strelka.yaml
View File

File diff suppressed because it is too large Load Diff