CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add dep support for analyzers

Browse Source
This commit is contained in:
Jason Ertel
2022-03-31 13:59:35 -04:00
parent 1aba4da2bb
commit 48fbc2290f
2 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/sensoroni/files/sensoroni.json
View File

@@ -13,6 +13,12 @@
{%- set STENODEFAULT = False %}
{%- endif %}
{%- set STENOENABLED = salt['pillar.get']('steno:enabled', STENODEFAULT) %}
{%- if ROLE in ['eval', 'standalone', 'import', 'manager', 'managersearch'] %}
{%- set ANALYZEDEFAULT = True %}
{%- else %}
{%- set ANALYZEDEFAULT = False %}
{%- endif %}
{%- set ANALYZEENABLED = salt['pillar.get']('sensoroni:analyze_enabled', ANALYZEDEFAULT) %}
{
"logFilename": "/opt/sensoroni/logs/sensoroni.log",
"logLevel":"info",
@@ -26,10 +32,12 @@
"serverUrl": "https://{{ URLBASE }}/sensoroniagents",
"verifyCert": false,
"modules": {
{%- if ANALYZEENABLED %}
"analyze": {
"timeoutMs": {{ ANALYZE_TIMEOUT_MS }},
"parallelLimit": {{ ANALYZE_PARALLEL_LIMIT }}
},
{%- endif %}
"importer": {},
"statickeyauth": {
"apiKey": "{{ SENSORONIKEY }}"

17
salt/sensoroni/init.sls
View File

@@ -25,6 +25,13 @@ analyzersdir:
- group: 939
- makedirs: True
sitepackagesdir:
file.directory:
- name: /opt/so/conf/sensoroni/site-packages
- user: 939
- group: 939
- makedirs: True
sensoronilog:
file.directory:
- name: /opt/so/log/sensoroni
@@ -41,6 +48,15 @@ analyzerscripts:
- template: jinja
- source: salt://sensoroni/files/analyzers
sitepackages:
file.recurse:
- name: /opt/so/conf/sensoroni/site-packages
- user: 939
- group: 939
- file_mode: 755
- template: jinja
- source: salt://sensoroni/files/site-packages
so-sensoroni:
docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }}
@@ -52,6 +68,7 @@ so-sensoroni:
- /nsm/pcapout:/nsm/pcapout:rw
- /opt/so/conf/sensoroni/sensoroni.json:/opt/sensoroni/sensoroni.json:ro
- /opt/so/conf/sensoroni/analyzers:/opt/sensoroni/analyzers:ro
- /opt/so/conf/sensoroni/site-packages:/opt/sensoroni/site-packages:rw
- /opt/so/log/sensoroni:/opt/sensoroni/logs:rw
- watch:
- file: /opt/so/conf/sensoroni/sensoroni.json