From 4cc2951ac4ff53e0f3007f8fa840d15d29ef8596 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 15 Apr 2020 17:34:54 -0400 Subject: [PATCH 1/2] Fix the Strelka redis --- salt/strelka/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls index fa981ab34..b9efef638 100644 --- a/salt/strelka/init.sls +++ b/salt/strelka/init.sls @@ -58,7 +58,7 @@ strelka_coordinator: docker_container.running: - image: {{ MASTER }}:5000/soshybridhunter/so-redis:{{ VERSION }} - name: so-strelka-coordinator - - command: redis-server --save "" --appendonly no + - entrypoint: redis-server --save "" --appendonly no - port_bindings: - 0.0.0.0:6380:6379 @@ -66,7 +66,7 @@ strelka_gatekeeper: docker_container.running: - image: {{ MASTER }}:5000/soshybridhunter/so-redis:{{ VERSION }} - name: so-strelka-gatekeeper - - command: redis-server --save "" --appendonly no --maxmemory-policy allkeys-lru + - entrypoint: redis-server --save "" --appendonly no --maxmemory-policy allkeys-lru - port_bindings: - 0.0.0.0:6381:6379 From 6332509a335628b562e12aecb6ae8d8f70ab5c13 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 15 Apr 2020 20:22:54 -0400 Subject: [PATCH 2/2] osquery pipeline fix --- salt/elasticsearch/files/ingest/osquery.query_result | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/elasticsearch/files/ingest/osquery.query_result b/salt/elasticsearch/files/ingest/osquery.query_result index 5d57d81d9..669cc35e5 100644 --- a/salt/elasticsearch/files/ingest/osquery.query_result +++ b/salt/elasticsearch/files/ingest/osquery.query_result @@ -2,7 +2,7 @@ "description" : "osquery", "processors" : [ { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "gsub": { "field": "message2.columns.data", "pattern": "\\\\xC2\\\\xAE", "replacement": "" } }, + { "gsub": { "field": "message2.columns.data", "pattern": "\\\\xC2\\\\xAE", "replacement": "", "ignore_missing": true } }, { "json": { "field": "message2.columns.data", "target_field": "message2.columns.winlog", "ignore_failure": true } }, { "script": { @@ -14,7 +14,7 @@ { "rename": { "field": "osquery.result.calendarTime", "target_field": "osquery.result.calendar_time", "ignore_missing": true } }, { "rename": { "field": "osquery.result.unixTime", "target_field": "osquery.result.unix_time", "ignore_missing": true } }, { "json": { "field": "message", "target_field": "message3", "ignore_failure": true } }, - { "gsub": { "field": "message3.columns.data", "pattern": "\\\\xC2\\\\xAE", "replacement": "" } }, + { "gsub": { "field": "message3.columns.data", "pattern": "\\\\xC2\\\\xAE", "replacement": "", "ignore_missing": true } }, { "json": { "field": "message3.columns.data", "target_field": "message3.columns.winlog", "ignore_failure": true } }, { "rename": { "field": "message3.columns.username", "target_field": "user.name", "ignore_missing": true } }, { "rename": { "field": "message3.columns.uid", "target_field": "user.uid", "ignore_missing": true } },