Merge pull request #671 from Security-Onion-Solutions/bugfix/elastalert

Elastalert --> TheHive fixes

salt/elastalert/files/elastalert_config.yaml

@@ -2,7 +2,7 @@
 {% set esport = salt['pillar.get']('master:es_port', '') %}
 # This is the folder that contains the rule yaml files
 # Any .yaml file will be loaded as a rule
-rules_folder: /etc/elastalert/rules/
+rules_folder: /opt/elastalert/rules/
 
 # Sets whether or not ElastAlert should recursively descend
 # the rules directory - true or false

salt/elastalert/files/rules/so/nids2hive.yaml

@@ -23,11 +23,11 @@ filter:
    query_string:
       query: "event.module: suricata"
 
-alert: modules.so.thehive.TheHiveAlerter
+alert: hivealerter
 
 hive_connection:
   hive_host: http://{{hivehost}}
-  hive_port: 9000
+  hive_port: 9000/thehive
   hive_apikey: {{hivekey}}
   
 hive_proxies:

salt/elastalert/init.sls

@@ -118,7 +118,7 @@ so-elastalert:
     - user: elastalert
     - detach: True
     - binds:
-      - /opt/so/rules/elastalert:/opt/rules/:ro
+      - /opt/so/rules/elastalert:/opt/elastalert/rules/:ro
       - /opt/so/log/elastalert:/var/log/elastalert:rw
       - /opt/so/conf/elastalert/modules/:/opt/elastalert/modules/:ro
       - /opt/so/conf/elastalert/elastalert_config.yaml:/opt/config/elastalert_config.yaml:ro