CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add Suricata metadata configuration

Browse Source
This commit is contained in:
Wes
2023-02-02 14:48:01 +00:00
parent eb7b6e78b9
commit 5fba3c5872
1 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
salt/suricata/suricata_config.map.jinja
View File

@@ -1,6 +1,11 @@
{% import_yaml 'suricata/defaults.yaml' as suricata_defaults with context %} {% import_yaml 'suricata/defaults.yaml' as suricata_defaults with context %}
{% import_yaml 'suricata/suricata_meta.yaml' as suricata_meta with context %}
{% set suricata_pillar = pillar.suricata %} {% set suricata_pillar = pillar.suricata %}
{% set surimerge = salt['defaults.merge'](suricata_defaults, suricata_pillar, in_place=False) %} {% set surimerge = salt['defaults.merge'](suricata_defaults, suricata_pillar, in_place=False) %}
{% set default_evelog_index = [] %}
{% set default_filestore_index = [] %}
{% set surimeta_evelog_index = [] %}
{% set surimeta_filestore_index = [] %}
{% load_yaml as afpacket %} {% load_yaml as afpacket %}
- interface: {{ surimerge.suricata.config['af-packet'].interface }} - interface: {{ surimerge.suricata.config['af-packet'].interface }}
@@ -20,3 +25,32 @@
{% endfor %} {% endfor %}
{% endload %} {% endload %}
{% do suricata_defaults.suricata.config.update({'outputs': outputs}) %} {% do suricata_defaults.suricata.config.update({'outputs': outputs}) %}
{# Find the index of eve-log so it can be updated later #}
{% for li in suricata_defaults.suricata.config.outputs %}
{% if 'eve-log' in li.keys() %}
{% do default_evelog_index.append(loop.index0) %}
{% endif %}
{% if 'file-store' in li.keys() %}
{% do default_filestore_index.append(loop.index0) %}
{% endif %}
{% endfor %}
{% set default_evelog_index = default_evelog_index[0] %}
{% set default_filestore_index = default_filestore_index[0] %}
{# Find the index of eve-log so it can be grabbed later #}
{% for li in suricata_meta.suricata.config.outputs %}
{% if 'eve-log' in li.keys() %}
{% do surimeta_evelog_index.append(loop.index0) %}
{% endif %}
{% if 'file-store' in li.keys() %}
{% do surimeta_filestore_index.append(loop.index0) %}
{% endif %}
{% endfor %}
{% set surimeta_evelog_index = surimeta_evelog_index[0] %}
{% set surimeta_filestore_index = surimeta_filestore_index[0] %}
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'SURICATA' %}
{% do suricata_defaults.suricata.config.outputs[default_evelog_index]['eve-log'].types.extend(suricata_meta.suricata.config.outputs[surimeta_evelog_index]['eve-log'].types) %}
{% do suricata_defaults.suricata.config.outputs[default_filestore_index]['file-store'].update({'enabled':suricata_meta.suricata.config.outputs[surimeta_filestore_index]['file-store']['enabled']}) %}
{% endif %}