Merge pull request #5886 from Security-Onion-Solutions/feature/eg_pivot

Add EG pivot
2025-12-27 11:23:14 +01:00 · 2021-10-14 14:49:38 -04:00
parent 42a642b85c f1fafa015e
commit 490f7eaf81
3 changed files with 19 additions and 4 deletions
--- a/salt/soc/files/soc/menu.actions.json
+++ b/salt/soc/files/soc/menu.actions.json
@@ -1,3 +1,4 @@
+{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
 [
  { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "target": "", 
            "links": [
@@ -29,5 +30,12 @@
  { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "target": "_blank", 
            "links": [
              "https://www.virustotal.com/gui/search/{value}"
-					  ]}
+	    ]}
+ {%- if HIGHLANDER %}
+   {%- set EGHOST = salt['pillar.get']('soc:endgamehost', 'EGHOSTNOTPOPULATED') %}
+   ,{ "name": "Endgame", "description": "Endgame Endpoint Investigation and Response", "icon": "fa-external-link-alt", "target": "_blank",
+            "links": [
+              "https://{{ EGHOST }}/endpoints/{:agent.id}"
+            ]}
+ {% endif %}
 ]
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1421,7 +1421,7 @@ firewall_generate_templates() {
   
 	cp ../files/firewall/* /opt/so/saltstack/local/salt/firewall/ >> "$setup_log" 2>&1

-	for i in analyst beats_endpoint sensor manager minion osquery_endpoint search_node wazuh_endpoint; do
+	for i in analyst beats_endpoint endgame sensor manager minion osquery_endpoint search_node wazuh_endpoint; do
 		$default_salt_dir/salt/common/tools/sbin/so-firewall includehost "$i" 127.0.0.1
 	done

@@ -1640,6 +1640,13 @@ manager_pillar() {
 	printf '%s\n'\
 		"  kratoskey: '$KRATOSKEY'"\
 		"" >> "$pillar_file"
+
+        if [[ -n $ENDGAMEHOST ]]; then
+        	printf '%s\n'\
+			"soc:"\
+                	"  endgamehost: '$ENDGAMEHOST'"\
+                	"" >> "$pillar_file"
+	fi
 }

 manager_global() {
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -967,9 +967,9 @@ else
 			so-learn enable logscan --apply >> $setup_log 2>&1
 		fi

-		if [[ -n $ENDGAME_SMP_IP ]]; then
+		if [[ -n $ENDGAMEHOST ]]; then
                        set_progress_str 99 'Configuring firewall for Endgame SMP'
-                        so-firewall --apply includehost endgame $ENDGAME_SMP_IP   >> $setup_log 2>&1
+                        so-firewall --apply includehost endgame $ENDGAMEHOST   >> $setup_log 2>&1
                fi

 	} | whiptail_gauge_post_setup "Running post-installation steps..."