CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Elastic auth: Fun with Salt

Browse Source
This commit is contained in:
Jason Ertel
2021-06-16 17:52:22 -04:00
parent fefd2677fb
commit 2d34208269
33 changed files with 100 additions and 167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
salt/elastalert/defaults.yaml
View File

@@ -1,10 +1,5 @@
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
{%- else %}
{%- set ES_USER = '' %}
{%- set ES_PASS = '' %}
{%- endif %}
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
elastalert:
config:
rules_folder: /opt/elastalert/rules/
@@ -26,8 +21,10 @@ elastalert:
use_ssl: true
verify_certs: false
#es_send_get_body_as: GET
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
es_username: {{ ES_USER }}
es_password: {{ ES_PASS }}
{%- endif %}
writeback_index: elastalert_status
alert_time_limit:
days: 2