diff --git a/salt/soctopus/files/SOCtopus.conf b/salt/soctopus/files/SOCtopus.conf index 3decfea2d..15ecd0290 100644 --- a/salt/soctopus/files/SOCtopus.conf +++ b/salt/soctopus/files/SOCtopus.conf @@ -3,7 +3,11 @@ {%- set CORTEXKEY = salt['pillar.get']('static:cortexorguserkey', '') %} [es] -es_url = http://{{ip}}:9200 +es_url = https://{{ip}}:9200 +es_user = YOURESUSER +es_pass = YOURESPASS +es_index_pattern = so-* +es_verifycert = no [cortex] auto_analyze_alerts = no @@ -20,6 +24,7 @@ fir_confidentiality = 1 fir_detection = 2 fir_plan = 8 fir_severity = 4 +fir_verifycert = no [grr] grr_url = YOURGRRURL @@ -30,12 +35,12 @@ grr_pass = YOURGRRPASS hive_url = https://{{ip}}/thehive/ hive_key = {{ HIVEKEY }} hive_tlp = 3 -hive_verifycert = False +hive_verifycert = no [misp] misp_url = YOURMISPURL misp_key = YOURMISPKEY -misp_verifycert = False +misp_verifycert = no distrib = 0 threat = 4 analysis = 0 @@ -47,6 +52,7 @@ rtir_user = YOURRTIRUSER rtir_pass = YOURRTIRPASS rtir_queue = Incidents rtir_creator = root +rtir_verifycert = no [slack] slack_url = YOURSLACKWORKSPACE @@ -55,6 +61,7 @@ slack_webhook = YOURSLACKWEBHOOK [playbook] playbook_url = https://{{ip}}/playbook playbook_key = a4a34538782804adfcb8dfae96262514ad70c37c +playbook_verifycert = no [log] logfile = /var/log/SOCtopus/soctopus.log diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls index 8a9506ba5..3ccf0dfa9 100644 --- a/salt/soctopus/init.sls +++ b/salt/soctopus/init.sls @@ -10,12 +10,22 @@ soctopusdir: soctopussync: file.recurse: - - name: /opt/so/conf/soctopus - - source: salt://soctopus/files + - name: /opt/so/conf/soctopus/templates + - source: salt://soctopus/files/templates - user: 939 - group: 939 - template: jinja +soctopusconf: + file.managed: + - name: /opt/so/conf/soctopus/SOCtopus.conf + - source: salt://soctopus/files/SOCtopus.conf + - user: 939 + - group: 939 + - replace: False + - mode: 600 + - template: jinja + soctopuslogdir: file.directory: - name: /opt/so/log/soctopus