From 693e3e69de31bb6a00cc241bd45732c60913802d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 25 Mar 2020 15:37:35 -0400 Subject: [PATCH 1/5] [fix] Manage soctopus.conf separately Resolves #419 --- salt/soctopus/init.sls | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls index 8a9506ba5..f4f88f26c 100644 --- a/salt/soctopus/init.sls +++ b/salt/soctopus/init.sls @@ -10,12 +10,21 @@ soctopusdir: soctopussync: file.recurse: - - name: /opt/so/conf/soctopus - - source: salt://soctopus/files + - name: /opt/so/conf/soctopus/templates + - source: salt://soctopus/files/templates - user: 939 - group: 939 - template: jinja +soctopusconf: + file.managed: + - name: /opt/so/conf/SOCtopus.conf + - source: salt://soctopus/files/SOCtopus.conf + - user: 939 + - group: 939 + - mode: 600 + - template: jinja + soctopuslogdir: file.directory: - name: /opt/so/log/soctopus From ecbd78c6a1be1686a5b0f0e7be684f955a05e37d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 25 Mar 2020 15:38:42 -0400 Subject: [PATCH 2/5] [feature] Add options to soctopus.conf Resolves #420 --- salt/soctopus/files/SOCtopus.conf | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/salt/soctopus/files/SOCtopus.conf b/salt/soctopus/files/SOCtopus.conf index 3decfea2d..c97e6b826 100644 --- a/salt/soctopus/files/SOCtopus.conf +++ b/salt/soctopus/files/SOCtopus.conf @@ -3,7 +3,12 @@ {%- set CORTEXKEY = salt['pillar.get']('static:cortexorguserkey', '') %} [es] -es_url = http://{{ip}}:9200 +es_url = https://{{ip}}:9200 +es_user = YOURESUSER +es_pass = YOURESPASS +es_index_pattern = logstash-* +es_verifycert = no + [cortex] auto_analyze_alerts = no @@ -20,6 +25,7 @@ fir_confidentiality = 1 fir_detection = 2 fir_plan = 8 fir_severity = 4 +fir_verifycert = no [grr] grr_url = YOURGRRURL @@ -30,12 +36,12 @@ grr_pass = YOURGRRPASS hive_url = https://{{ip}}/thehive/ hive_key = {{ HIVEKEY }} hive_tlp = 3 -hive_verifycert = False +hive_verifycert = no [misp] misp_url = YOURMISPURL misp_key = YOURMISPKEY -misp_verifycert = False +misp_verifycert = no distrib = 0 threat = 4 analysis = 0 @@ -47,6 +53,7 @@ rtir_user = YOURRTIRUSER rtir_pass = YOURRTIRPASS rtir_queue = Incidents rtir_creator = root +rtir_verifycert = no [slack] slack_url = YOURSLACKWORKSPACE @@ -55,6 +62,7 @@ slack_webhook = YOURSLACKWEBHOOK [playbook] playbook_url = https://{{ip}}/playbook playbook_key = a4a34538782804adfcb8dfae96262514ad70c37c +playbook_verifycert = no [log] logfile = /var/log/SOCtopus/soctopus.log From a8cdda84d1ec19991390c17ac83ce10705a0d9cc Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 31 Mar 2020 11:12:01 -0400 Subject: [PATCH 3/5] [fix] Put soctopus.conf in the right folder --- salt/soctopus/init.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls index f4f88f26c..3ccf0dfa9 100644 --- a/salt/soctopus/init.sls +++ b/salt/soctopus/init.sls @@ -18,10 +18,11 @@ soctopussync: soctopusconf: file.managed: - - name: /opt/so/conf/SOCtopus.conf + - name: /opt/so/conf/soctopus/SOCtopus.conf - source: salt://soctopus/files/SOCtopus.conf - user: 939 - group: 939 + - replace: False - mode: 600 - template: jinja From 13035a6c320ede8b5c7f6cc7e7106b060628effe Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 1 Apr 2020 13:35:11 -0400 Subject: [PATCH 4/5] [fix] Update soctopus default es-index-patter --- salt/soctopus/files/SOCtopus.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/soctopus/files/SOCtopus.conf b/salt/soctopus/files/SOCtopus.conf index c97e6b826..5419bcaaa 100644 --- a/salt/soctopus/files/SOCtopus.conf +++ b/salt/soctopus/files/SOCtopus.conf @@ -6,7 +6,7 @@ es_url = https://{{ip}}:9200 es_user = YOURESUSER es_pass = YOURESPASS -es_index_pattern = logstash-* +es_index_pattern = so-* es_verifycert = no From d626152e2ffab76a5b963241247132805b689afb Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 2 Apr 2020 20:53:22 -0400 Subject: [PATCH 5/5] [fix] Remove extra blank line --- salt/soctopus/files/SOCtopus.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/salt/soctopus/files/SOCtopus.conf b/salt/soctopus/files/SOCtopus.conf index 5419bcaaa..15ecd0290 100644 --- a/salt/soctopus/files/SOCtopus.conf +++ b/salt/soctopus/files/SOCtopus.conf @@ -9,7 +9,6 @@ es_pass = YOURESPASS es_index_pattern = so-* es_verifycert = no - [cortex] auto_analyze_alerts = no cortex_url = https://{{ip}}/cortex/