CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move In Day

Browse Source
This commit is contained in:
Mike Reeves
2022-09-07 09:06:25 -04:00
parent dcb7b49dbe
commit 2bd9dd80e2
611 changed files with 8015 additions and 16211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pillar/logstash/init.sls
View File

@@ -3,6 +3,7 @@ logstash:
port_bindings:
- 0.0.0.0:3765:3765
- 0.0.0.0:5044:5044
- 0.0.0.0:5055:5055
- 0.0.0.0:5644:5644
- 0.0.0.0:6050:6050
- 0.0.0.0:6051:6051

1
pillar/logstash/manager.sls
View File

@@ -5,5 +5,6 @@ logstash:
- so/0009_input_beats.conf
- so/0010_input_hhbeats.conf
- so/0011_input_endgame.conf
- so/0012_input_elastic_agent.conf
- so/9999_output_redis.conf.jinja

2
pillar/logstash/nodes.sls
View File

@@ -2,7 +2,7 @@
{% set cached_grains = salt.saltutil.runner('cache.grains', tgt='*') %}
{% for minionid, ip in salt.saltutil.runner(
'mine.get',
tgt='G@role:so-manager or G@role:so-managersearch or G@role:so-standalone or G@role:so-node or G@role:so-heavynode or G@role:so-receiver or G@role:so-helix',
tgt='G@role:so-manager or G@role:so-managersearch or G@role:so-standalone or G@role:so-node or G@role:so-heavynode or G@role:so-receiver or G@role:so-helix ',
fun='network.ip_addrs',
tgt_type='compound') | dictsort()
%}

2
pillar/logstash/search.sls
View File

@@ -14,5 +14,5 @@ logstash:
- so/9700_output_strelka.conf.jinja
- so/9800_output_logscan.conf.jinja
- so/9801_output_rita.conf.jinja
- so/9802_output_kratos.conf.jinja
- so/9805_output_elastic_agent.conf.jinja
- so/9900_output_endgame.conf.jinja

119
pillar/top.sls
View File

@@ -2,6 +2,10 @@ base:
'*':
- patch.needs_restarting
- logrotate
- docker.soc_docker
- docker.adv_docker
- sensoroni.soc_sensoroni
- sensoroni.adv_sensoroni
'* and not *_eval and not *_import':
- logstash.nodes
@@ -24,113 +28,124 @@ base:
'*_manager or *_managersearch':
- match: compound
- data.*
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
- elasticsearch.auth
{% endif %}
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %}
{% endif %}
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %}
- kibana.secrets
{% endif %}
{% endif %}
- secrets
- global
- soc_global
- adv_global
- manager.soc_manager
- manager.adv_manager
- soc.soc_soc
- soc.adv_soc
- minions.{{ grains.id }}
- minions.adv_{{ grains.id }}
'*_sensor':
- zeeklogs
- zeek.zeeklogs
- healthcheck.sensor
- global
- soc_global
- adv_global
- minions.{{ grains.id }}
- minions.adv_{{ grains.id }}
'*_eval':
- data.*
- zeeklogs
- zeel.zeeklogs
- secrets
- healthcheck.eval
- elasticsearch.index_templates
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
- elasticsearch.auth
{% endif %}
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %}
{% endif %}
- kibana.secrets
{% endif %}
- global
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %}
- soc_global
{% endif %}
- elasticsearch.soc_elasticsearch
- manager.soc_manager
- soc.soc_soc
- minions.{{ grains.id }}
- minions.adv_{{ grains.id }}
'*_standalone':
- logstash
- logstash.manager
- logstash.search
- logstash.soc_logstash
- elasticsearch.index_templates
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
- elasticsearch.auth
{% endif %}
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %}
{% endif %}
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %}
- kibana.secrets
{% endif %}
- data.*
- zeeklogs
{% endif %}
- zeek.zeeklogs
- secrets
- healthcheck.standalone
- global
- minions.{{ grains.id }}
'*_node':
- global
- soc_global
- kratos.soc_kratos
- elasticsearch.soc_elasticsearch
- manager.soc_manager
- soc.soc_soc
- minions.{{ grains.id }}
- minions.adv_{{ grains.id }}
'*_heavynode':
- zeeklogs
- zeek.zeeklogs
- elasticsearch.auth
- global
- minions.{{ grains.id }}
'*_helixsensor':
- fireeye
- zeeklogs
- logstash
- logstash.helix
- global
- minions.{{ grains.id }}
'*_fleet':
- data.*
- secrets
- global
- soc_global
- minions.{{ grains.id }}
- minions.adv_{{ grains.id }}
'*_idh':
- data.*
- global
- soc_global
- adv_global
- minions.{{ grains.id }}
- minions.adv_{{ grains.id }}
'*_searchnode':
- logstash
- logstash.search
- elasticsearch.index_templates
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
- elasticsearch.auth
- global
{% endif %}
- soc_global
- adv_global
- minions.{{ grains.id }}
- minions.adv_{{ grains.id }}
- data.nodestab
'*_receiver':
- logstash
- logstash.receiver
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
- elasticsearch.auth
- global
{% endif %}
- soc_global
- adv_global
- minions.{{ grains.id }}
- minions.adv_{{ grains.id }}
'*_import':
- zeeklogs
- zeek.zeeklogs
- secrets
- elasticsearch.index_templates
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
- elasticsearch.auth
{% endif %}
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %}
{% endif %}
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %}
- kibana.secrets
{% endif %}
- global
{% endif %}
- soc_global
- adv_global
- manager.soc_manager
- minions.{{ grains.id }}
- minions.adv_{{ grains.id }}
'*_workstation':
- minions.{{ grains.id }}
- minions.adv_{{ grains.id }}