Feature - low level alerts

2026-04-30 00:17:51 +02:00 · 2020-07-09 13:53:55 -04:00
parent 69ace6fbfa
commit 52f7111e1d
11 changed files with 57 additions and 32 deletions
@@ -1,7 +0,0 @@
-{% set ES = salt['pillar.get']('static:masterip', '') %}
-
-alert: modules.so.playbook-es.PlaybookESAlerter
-elasticsearch_host: "{{ ES }}:9200"
-play_title: ""
-play_url: "https://{{ ES }}/playbook/issues/6000"
-sigma_level: ""
@@ -1,6 +1,6 @@
-{% set es = salt['pillar.get']('static:masterip', '') %}
-{% set hivehost = salt['pillar.get']('static:masterip', '') %}
-{% set hivekey = salt['pillar.get']('static:hivekey', '') %}
+{%- set es = salt['pillar.get']('static:masterip', '') %}
+{%- set hivehost = salt['pillar.get']('static:masterip', '') %}
+{%- set hivekey = salt['pillar.get']('static:hivekey', '') %}
 alert: hivealerter

 hive_connection:
@@ -23,3 +23,15 @@ hive_alert_config:
  status: 'New'
  follow: True
  caseTemplate: '5000'
+
+alert: modules.so.playbook-es.PlaybookESAlerter
+elasticsearch_host: "{{ es }}:9200"
+play_title: ""
+event.module: "playbook"
+event.dataset: "alert"
+event.severity:
+rule.category: 
+play_url: "https://{{ es }}/playbook/issues/6000"
+kibana_pivot: "https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))"
+soc_pivot: "https://{{es}}/#/hunt"
+sigma_level: ""
@@ -31,3 +31,14 @@ hive_alert_config:
  caseTemplate: '5000'
  
 
+alert: modules.so.playbook-es.PlaybookESAlerter
+elasticsearch_host: "{{ es }}:9200"
+play_title: ""
+event.module: "playbook"
+event.dataset: "alert"
+event.severity:
+rule.category: 
+play_url: "https://{{ es }}/playbook/issues/6000"
+kibana_pivot: "https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))"
+soc_pivot: "https://{{es}}/#/hunt"
+sigma_level: ""