Merge pull request #510 from Security-Onion-Solutions/feature/soctopus-conf

Feature/soctopus conf

salt/soctopus/files/SOCtopus.conf

@@ -3,7 +3,11 @@
 {%- set CORTEXKEY = salt['pillar.get']('static:cortexorguserkey', '') %}
 
 [es]
-es_url = http://{{ip}}:9200
+es_url = https://{{ip}}:9200
+es_user = YOURESUSER
+es_pass = YOURESPASS
+es_index_pattern = so-*
+es_verifycert = no
 
 [cortex]
 auto_analyze_alerts = no
@@ -20,6 +24,7 @@ fir_confidentiality = 1
 fir_detection = 2
 fir_plan = 8
 fir_severity = 4
+fir_verifycert = no
 
 [grr]
 grr_url = YOURGRRURL
@@ -30,12 +35,12 @@ grr_pass = YOURGRRPASS
 hive_url = https://{{ip}}/thehive/
 hive_key = {{ HIVEKEY }}
 hive_tlp = 3
-hive_verifycert = False
+hive_verifycert = no
 
 [misp]
 misp_url = YOURMISPURL
 misp_key = YOURMISPKEY
-misp_verifycert = False
+misp_verifycert = no
 distrib = 0
 threat = 4
 analysis = 0
@@ -47,6 +52,7 @@ rtir_user = YOURRTIRUSER
 rtir_pass = YOURRTIRPASS
 rtir_queue = Incidents
 rtir_creator = root
+rtir_verifycert = no
 
 [slack]
 slack_url = YOURSLACKWORKSPACE
@@ -55,6 +61,7 @@ slack_webhook = YOURSLACKWEBHOOK
 [playbook]
 playbook_url = https://{{ip}}/playbook
 playbook_key = a4a34538782804adfcb8dfae96262514ad70c37c
+playbook_verifycert = no
 
 [log]
 logfile = /var/log/SOCtopus/soctopus.log

salt/soctopus/init.sls

@@ -10,12 +10,22 @@ soctopusdir:
 
 soctopussync:
   file.recurse:
-    - name: /opt/so/conf/soctopus
-    - source: salt://soctopus/files
+    - name: /opt/so/conf/soctopus/templates
+    - source: salt://soctopus/files/templates
     - user: 939
     - group: 939
     - template: jinja
 
+soctopusconf:
+  file.managed:
+    - name: /opt/so/conf/soctopus/SOCtopus.conf
+    - source: salt://soctopus/files/SOCtopus.conf
+    - user: 939
+    - group: 939
+    - replace: False
+    - mode: 600
+    - template: jinja
+
 soctopuslogdir:
   file.directory:
     - name: /opt/so/log/soctopus