From 6e4ee26a58c7cb9b24d233aade9e4fd745adc3be Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 13 May 2020 16:34:35 -0400 Subject: [PATCH] Elastalert --> TheHive fixes --- salt/elastalert/files/elastalert_config.yaml | 2 +- salt/elastalert/files/rules/so/nids2hive.yaml | 6 +++--- salt/elastalert/init.sls | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/salt/elastalert/files/elastalert_config.yaml b/salt/elastalert/files/elastalert_config.yaml index e71f41bf8..2ecf08ffa 100644 --- a/salt/elastalert/files/elastalert_config.yaml +++ b/salt/elastalert/files/elastalert_config.yaml @@ -2,7 +2,7 @@ {% set esport = salt['pillar.get']('master:es_port', '') %} # This is the folder that contains the rule yaml files # Any .yaml file will be loaded as a rule -rules_folder: /etc/elastalert/rules/ +rules_folder: /opt/elastalert/rules/ # Sets whether or not ElastAlert should recursively descend # the rules directory - true or false diff --git a/salt/elastalert/files/rules/so/nids2hive.yaml b/salt/elastalert/files/rules/so/nids2hive.yaml index b7593b1d2..ee17cce38 100644 --- a/salt/elastalert/files/rules/so/nids2hive.yaml +++ b/salt/elastalert/files/rules/so/nids2hive.yaml @@ -23,13 +23,13 @@ filter: query_string: query: "event.module: suricata" -alert: modules.so.thehive.TheHiveAlerter +alert: hivealerter hive_connection: hive_host: http://{{hivehost}} - hive_port: 9000 + hive_port: 9000/thehive hive_apikey: {{hivekey}} - + hive_proxies: http: '' https: '' diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls index 83e7b5655..08cb0836d 100644 --- a/salt/elastalert/init.sls +++ b/salt/elastalert/init.sls @@ -118,7 +118,7 @@ so-elastalert: - user: elastalert - detach: True - binds: - - /opt/so/rules/elastalert:/opt/rules/:ro + - /opt/so/rules/elastalert:/opt/elastalert/rules/:ro - /opt/so/log/elastalert:/var/log/elastalert:rw - /opt/so/conf/elastalert/modules/:/opt/elastalert/modules/:ro - /opt/so/conf/elastalert/elastalert_config.yaml:/opt/config/elastalert_config.yaml:ro