Merge pull request #1193 from Security-Onion-Solutions/issue/1039

Issue/1039

salt/common/tools/sbin/so-import-pcap

@@ -15,10 +15,11 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-{% set MANAGER = salt['grains.get']('master') %}
-{% set VERSION = salt['pillar.get']('global:soversion') %}
-{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
+{%- set MANAGER = salt['grains.get']('master') %}
+{%- set VERSION = salt['pillar.get']('global:soversion') %}
+{%- set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {%- set MANAGERIP = salt['pillar.get']('global:managerip') -%}
+{%- set URLBASE = salt['pillar.get']('global:url_base') %}
 
 . /usr/sbin/so-common
 
@@ -212,7 +213,7 @@ cat << EOF
 Import complete!
 
 You can use the following hyperlink to view data in the time range of your import.  You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser:
-https://{{ MANAGERIP }}/#/hunt?q=import.id:${HASH}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC
+https://{{ URLBASE }}/#/hunt?q=import.id:${HASH}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC
 
 or you can manually set your Time Range to be (in UTC):
 From: $START_OLDEST    To: $END_NEWEST

salt/common/tools/sbin/so-kibana-config-export

@@ -3,7 +3,7 @@
 # {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager', False) -%}
 # {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node', False) -%}
 # {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', '') %}
-# {%- set MANAGER = salt['pillar.get']('manager:url_base', '') %}
+# {%- set MANAGER = salt['pillar.get']('global:url_base', '') %}
 #
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #

salt/elastalert/files/rules/so/suricata_thehive.yaml

@@ -1,7 +1,7 @@
 {% set es = salt['pillar.get']('global:managerip', '') %}
 {% set hivehost = salt['pillar.get']('global:managerip', '') %}
 {% set hivekey = salt['pillar.get']('global:hivekey', '') %}
-{% set MANAGER = salt['pillar.get']('manager:url_base', '') %}
+{% set MANAGER = salt['pillar.get']('global:url_base', '') %}
 
 # Elastalert rule to forward Suricata alerts from Security Onion to a specified TheHive instance.
 #

salt/elastalert/files/rules/so/wazuh_thehive.yaml

@@ -1,7 +1,7 @@
 {% set es = salt['pillar.get']('global:managerip', '') %}
 {% set hivehost = salt['pillar.get']('global:managerip', '') %}
 {% set hivekey = salt['pillar.get']('global:hivekey', '') %}
-{% set MANAGER = salt['pillar.get']('manager:url_base', '') %}
+{% set MANAGER = salt['pillar.get']('global:url_base', '') %}
 
 # Elastalert rule to forward high level Wazuh alerts from Security Onion to a specified TheHive instance.
 #

salt/fleet/event_gen-packages.sls

@@ -11,7 +11,7 @@
 {% elif FLEETNODE %}
    {% set HOSTNAME = grains.host  %}
 {% else %}
-   {% set HOSTNAME = salt['pillar.get']('manager:url_base')  %}
+   {% set HOSTNAME = salt['pillar.get']('global:url_base')  %}
 {% endif %}
 
 so/fleet:

salt/kibana/bin/so-kibana-config-load

@@ -1,7 +1,7 @@
 #!/bin/bash
 # {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager', False) -%}
 # {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node', False) -%}
-# {%- set MANAGER = salt['pillar.get']('manager:url_base', '') %}
+# {%- set MANAGER = salt['pillar.get']('global:url_base', '') %}
 
 KIBANA_VERSION="7.6.1"
 

salt/motd/files/so_motd.jinja

@@ -1,6 +1,6 @@
 {% set needs_restarting_check = salt['mine.get']('*', 'needs_restarting.check', tgt_type='glob') -%}
 {% set role = grains.id.split('_') | last -%}
-{% set url = salt['pillar.get']('manager:url_base') -%}
+{% set url = salt['pillar.get']('global:url_base') -%}
 
 {% if role in ['eval', 'managersearch', 'manager', 'standalone'] %}
 Access the Security Onion web interface at https://{{ url }}

salt/nginx/files/navigator_config.json

@@ -1,4 +1,4 @@
-{%- set URL_BASE = salt['pillar.get']('manager:url_base', '') %}
+{%- set URL_BASE = salt['pillar.get']('global:url_base', '') %}
 
 {
     "enterprise_attack_url": "https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json",

salt/soc/files/kratos/kratos.yaml

@@ -1,4 +1,4 @@
-{%- set WEBACCESS = salt['pillar.get']('manager:url_base', '') -%}
+{%- set WEBACCESS = salt['pillar.get']('global:url_base', '') -%}
 {%- set KRATOSKEY = salt['pillar.get']('kratos:kratoskey', '') -%}
 
 selfservice:

salt/soctopus/files/SOCtopus.conf

@@ -1,4 +1,4 @@
-{%- set MANAGER = salt['pillar.get']('manager:url_base', '') %}
+{%- set MANAGER = salt['pillar.get']('global:url_base', '') %}
 {%- set HIVEKEY = salt['pillar.get']('global:hivekey', '') %}
 {%- set CORTEXKEY = salt['pillar.get']('global:cortexorguserkey', '') %}
 

salt/soctopus/files/templates/generic.template

@@ -1,4 +1,4 @@
-{% set es = salt['pillar.get']('manager:url_base', '') %}
+{% set es = salt['pillar.get']('global:url_base', '') %}
 {% set hivehost = salt['pillar.get']('global:managerip', '') %}
 {% set hivekey = salt['pillar.get']('global:hivekey', '') %}
 alert:

salt/soctopus/files/templates/osquery.template

@@ -1,4 +1,4 @@
-{% set es = salt['pillar.get']('manager:url_base', '') %}
+{% set es = salt['pillar.get']('global:url_base', '') %}
 {% set hivehost = salt['pillar.get']('global:managerip', '') %}
 {% set hivekey = salt['pillar.get']('global:hivekey', '') %}
 alert:

salt/soctopus/init.sls

@@ -1,7 +1,7 @@
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
-{%- set MANAGER_URL = salt['pillar.get']('manager:url_base', '') %}
+{%- set MANAGER_URL = salt['pillar.get']('global:url_base', '') %}
 {%- set MANAGER_IP = salt['pillar.get']('global:managerip', '') %}
 
 soctopusdir:

setup/so-functions

@@ -1035,7 +1035,6 @@ manager_pillar() {
 		"  osquery: $OSQUERY"\
 		"  thehive: $THEHIVE"\
 		"  playbook: $PLAYBOOK"\
-		"  url_base: $REDIRECTIT"\
 		""\
 		"elasticsearch:"\
 		"  mainip: $MAINIP"\
@@ -1094,6 +1093,7 @@ manager_global() {
                 "  proxy: $PROXY"\
                 "  zeekversion: $ZEEKVERSION"\
                 "  ids: $NIDS"\
+				"  url_base: $REDIRECTIT"\
                 "  managerip: $MAINIP" > "$global_pillar"
 
         # Check if TheHive is enabled.  If so, add creds and other details