CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-15 06:38:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

https://github.com/Security-Onion-Solutions/securityonion/issues/404

Browse Source
This commit is contained in:
m0duspwnens
2020-07-09 11:27:06 -04:00
parent 2c32c24bf0
commit 3cf31e2460
134 changed files with 609 additions and 609 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/soctopus/files/SOCtopus.conf
+6 -6
View File
@@ -1,10 +1,10 @@
{%- set MASTER = salt['pillar.get']('master:url_base', '') %}
{%- set MANAGER = salt['pillar.get']('manager:url_base', '') %}
{%- set HIVEKEY = salt['pillar.get']('static:hivekey', '') %}
{%- set CORTEXKEY = salt['pillar.get']('static:cortexorguserkey', '') %}
[es]
es_url = http://{{MASTER}}:9200
es_ip = {{MASTER}}
es_url = http://{{MANAGER}}:9200
es_ip = {{MANAGER}}
es_user = YOURESUSER
es_pass = YOURESPASS
es_index_pattern = so-*
@@ -12,7 +12,7 @@ es_verifycert = no
[cortex]
auto_analyze_alerts = no
cortex_url = https://{{MASTER}}/cortex/
cortex_url = https://{{MANAGER}}/cortex/
cortex_key = {{ CORTEXKEY }}
supported_analyzers = Urlscan_io_Search,CERTatPassiveDNS
@@ -33,7 +33,7 @@ grr_user = YOURGRRUSER
grr_pass = YOURGRRPASS
[hive]
hive_url = https://{{MASTER}}/thehive/
hive_url = https://{{MANAGER}}/thehive/
hive_key = {{ HIVEKEY }}
hive_tlp = 3
hive_verifycert = no
@@ -60,7 +60,7 @@ slack_url = YOURSLACKWORKSPACE
slack_webhook = YOURSLACKWEBHOOK
[playbook]
playbook_url = http://{{MASTER}}:3200/playbook
playbook_url = http://{{MANAGER}}:3200/playbook
playbook_key = de6639318502476f2fa5aa06f43f51fb389a3d7f
playbook_verifycert = no
playbook_unit_test_index = playbook-testing
salt/soctopus/files/templates/es-generic.template
+1 -1
View File
@@ -1,4 +1,4 @@
{% set ES = salt['pillar.get']('static:masterip', '') %}
{% set ES = salt['pillar.get']('static:managerip', '') %}
alert: modules.so.playbook-es.PlaybookESAlerter
elasticsearch_host: "{{ ES }}:9200"
salt/soctopus/files/templates/generic.template
+2 -2
View File
@@ -1,5 +1,5 @@
{% set es = salt['pillar.get']('static:masterip', '') %}
{% set hivehost = salt['pillar.get']('static:masterip', '') %}
{% set es = salt['pillar.get']('static:managerip', '') %}
{% set hivehost = salt['pillar.get']('static:managerip', '') %}
{% set hivekey = salt['pillar.get']('static:hivekey', '') %}
alert: hivealerter
salt/soctopus/files/templates/osquery.template
+2 -2
View File
@@ -1,5 +1,5 @@
{% set es = salt['pillar.get']('static:masterip', '') %}
{% set hivehost = salt['pillar.get']('static:masterip', '') %}
{% set es = salt['pillar.get']('static:managerip', '') %}
{% set hivehost = salt['pillar.get']('static:managerip', '') %}
{% set hivekey = salt['pillar.get']('static:hivekey', '') %}
alert: hivealerter
salt/soctopus/init.sls
+5 -5
View File
@@ -1,7 +1,7 @@
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{%- set MASTER_URL = salt['pillar.get']('master:url_base', '') %}
{%- set MASTER_IP = salt['pillar.get']('static:masterip', '') %}
{% set MANAGER = salt['grains.get']('manager') %}
{%- set MANAGER_URL = salt['pillar.get']('manager:url_base', '') %}
{%- set MANAGER_IP = salt['pillar.get']('static:managerip', '') %}
soctopusdir:
file.directory:
@@ -50,7 +50,7 @@ playbookrulessync:
so-soctopus:
docker_container.running:
- image: {{ MASTER }}:5000/soshybridhunter/so-soctopus:{{ VERSION }}
- image: {{ MANAGER }}:5000/soshybridhunter/so-soctopus:{{ VERSION }}
- hostname: soctopus
- name: so-soctopus
- binds:
@@ -61,4 +61,4 @@ so-soctopus:
- port_bindings:
- 0.0.0.0:7000:7000
- extra_hosts:
- {{MASTER_URL}}:{{MASTER_IP}}
- {{MANAGER_URL}}:{{MANAGER_IP}}