From 33179141a1bd5cb4ba7ee4988de86853cc1a9de4 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 9 Jul 2020 16:11:33 -0400 Subject: [PATCH] Enable PCAP pivots from imports --- salt/common/tools/sbin/so-import-pcap | 5 ++++- salt/pcap/files/sensoroni.json | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-import-pcap b/salt/common/tools/sbin/so-import-pcap index 9e54820e0..0c99ede64 100755 --- a/salt/common/tools/sbin/so-import-pcap +++ b/salt/common/tools/sbin/so-import-pcap @@ -206,13 +206,16 @@ if [ "$INVALID_PCAPS" = "yes" ]; then echo "Please note! One or more pcaps was invalid! You can scroll up to see which ones were invalid." fi +START_OLDEST_SLASH=$(echo $START_OLDEST | sed -e 's/-/%2F/g') +END_NEWEST_SLASH=$(echo $END_NEWEST | sed -e 's/-/%2F/g') + if [ "$VALID_PCAPS" = "yes" ]; then cat << EOF Import complete! You can use the following hyperlink to view data in the time range of your import. You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser: -https://{{ MASTERIP }}/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:'${START_OLDEST}T00:00:00.000Z',mode:absolute,to:'${END_NEWEST}T00:00:00.000Z')) +https://{{ MASTERIP }}/#/hunt?q=%2a%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20PM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20PM or you can manually set your Time Range to be: From: $START_OLDEST To: $END_NEWEST diff --git a/salt/pcap/files/sensoroni.json b/salt/pcap/files/sensoroni.json index ed673d969..654148f2a 100644 --- a/salt/pcap/files/sensoroni.json +++ b/salt/pcap/files/sensoroni.json @@ -8,6 +8,7 @@ "serverUrl": "https://{{ MASTER }}/sensoroniagents", "verifyCert": false, "modules": { + "importer": {}, "statickeyauth": { "apiKey": "{{ SENSORONIKEY }}" },