Merge branch 'dev' into feature/generate-playbook-api-key

2026-02-21 14:35:27 +01:00 · 2020-10-02 08:39:09 -04:00
parent e98012ae2c c7fcdc8084
commit 39e14b3910
20 changed files with 199 additions and 317 deletions
--- a/salt/soctopus/files/SOCtopus.conf
+++ b/salt/soctopus/files/SOCtopus.conf
@@ -61,6 +61,9 @@ rtir_verifycert = no
 slack_url = YOURSLACKWORKSPACE
 slack_webhook = YOURSLACKWEBHOOK

+[soc]
+soc_url = http://{{MANAGER}}:9822
+
 [playbook]
 playbook_url = http://{{MANAGER}}:3200/playbook
 playbook_ext_url = https://{{MANAGER}}/playbook
--- a/salt/soctopus/files/templates/generic.template
+++ b/salt/soctopus/files/templates/generic.template
@@ -1,30 +1,6 @@
 {% set es = salt['pillar.get']('global:url_base', '') %}
-{% set hivehost = salt['pillar.get']('global:managerip', '') %}
-{% set hivekey = salt['pillar.get']('global:hivekey', '') %}
 alert:
 - "modules.so.playbook-es.PlaybookESAlerter"
- "hivealerter"
-
-hive_connection:
-  hive_host: http://{{hivehost}}
-  hive_port: 9000/thehive
-  hive_apikey: {{hivekey}}
-  
-hive_proxies:
-  http: ''
-  https: ''
-
-hive_alert_config:
-  title: "{rule[name]} - "
-  type: 'playbook'
-  source: 'SecurityOnion'
-  description: "`Play:` https://{{es}}/playbook/issues/6000 \n\n `View Event:` <https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{match[_id]}'),sort:!('@timestamp',desc))>  \n\n `Raw Data:` {match[message]}"
-  severity: 2
-  tags: ['playbook']
-  tlp: 3
-  status: 'New'
-  follow: True
-  caseTemplate: '5000'

 elasticsearch_host: "{{ es }}:9200"
 play_title: ""
--- a/salt/soctopus/files/templates/osquery.template
+++ b/salt/soctopus/files/templates/osquery.template
@@ -1,37 +1,6 @@
 {% set es = salt['pillar.get']('global:url_base', '') %}
-{% set hivehost = salt['pillar.get']('global:managerip', '') %}
-{% set hivekey = salt['pillar.get']('global:hivekey', '') %}
 alert:
 - "modules.so.playbook-es.PlaybookESAlerter"
- "hivealerter"
-
-hive_connection:
-  hive_host: http://{{hivehost}}
-  hive_port: 9000/thehive
-  hive_apikey: {{hivekey}}
-  
-hive_proxies:
-  http: ''
-  https: ''
-
-hive_observable_data_mapping:
-  - ip: '{match[osquery][EndpointIP1]}'
-  - ip: '{match[osquery][EndpointIP2]}'
-  - other: '{match[osquery][hostIdentifier]}'
-  - other: '{match[osquery][hostname]}'
-
-hive_alert_config:
-  title: "{rule[name]} -- {match[osquery][hostname]} -- {match[osquery][name]}"
-  type: 'osquery'
-  source: 'SecurityOnion'
-  description: "`Play:` https://{{es}}/playbook/issues/6000 \n\n `View Event:` <https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{match[_id]}'),sort:!('@timestamp',desc))>  \n\n `Hostname:` __{match[osquery][hostname]}__  `Live Query:`__[Pivot Link](https://{{es}}/fleet/queries/new?host_uuids={match[osquery][LiveQuery]})__ `Pack:`  __{match[osquery][name]}__ `Data:` {match[osquery][columns]}"
-  severity: 2
-  tags: ['playbook','osquery']
-  tlp: 3
-  status: 'New'
-  follow: True
-  caseTemplate: '5000'
-  
 
 elasticsearch_host: "{{ es }}:9200"
 play_title: ""