Enable PCAP pivots from imports

2025-12-20 16:03:06 +01:00 · 2020-07-09 16:11:33 -04:00
parent 7b91704894
commit 33179141a1
2 changed files with 5 additions and 1 deletions
--- a/salt/common/tools/sbin/so-import-pcap
+++ b/salt/common/tools/sbin/so-import-pcap
@@ -206,13 +206,16 @@ if [ "$INVALID_PCAPS" = "yes" ]; then
  echo "Please note!  One or more pcaps was invalid!  You can scroll up to see which ones were invalid."
 fi

+START_OLDEST_SLASH=$(echo $START_OLDEST | sed -e 's/-/%2F/g')
+END_NEWEST_SLASH=$(echo $END_NEWEST | sed -e 's/-/%2F/g')
+
 if [ "$VALID_PCAPS" = "yes" ]; then
 cat << EOF

 Import complete!

 You can use the following hyperlink to view data in the time range of your import.  You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser:
-https://{{ MASTERIP }}/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:'${START_OLDEST}T00:00:00.000Z',mode:absolute,to:'${END_NEWEST}T00:00:00.000Z'))
+https://{{ MASTERIP }}/#/hunt?q=%2a%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20PM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20PM

 or you can manually set your Time Range to be:
 From: $START_OLDEST    To: $END_NEWEST
--- a/salt/pcap/files/sensoroni.json
+++ b/salt/pcap/files/sensoroni.json
@@ -8,6 +8,7 @@
    "serverUrl": "https://{{ MASTER }}/sensoroniagents",
    "verifyCert": false,
    "modules": {
+      "importer": {},
      "statickeyauth": {
        "apiKey": "{{ SENSORONIKEY }}"
      },