CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

seperate securitySolutions load

Browse Source
This commit is contained in:
m0duspwnens
2021-10-14 13:24:51 -04:00
parent ae9753326a
commit 78d30285b1
7 changed files with 61 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/kibana/bin/so-kibana-config-load
View File

@@ -5,14 +5,16 @@
if [ ! -z "$1" ]; then if [ ! -z "$1" ]; then
ndjson_template_file=$1 ndjson_template_file=$1
else else
ndjson_template_file='/opt/so/conf/kibana/saved_objects.ndjson.template' ndjson_template_file='/opt/so/conf/kibana/saved_objects.ndjson'
fi fi
if [ -f "$ndjson_template_file" ]; then if [ -f "$ndjson_template_file" ]; then
ndjson_file=$(echo $ndjson_template_file | sed -e "s/\.template$//") ndjson_file=$(echo $ndjson_template_file | sed -e "s/\.template$//")
# Copy template file # Copy template file
#cp /opt/so/conf/kibana/saved_objects.ndjson.template /opt/so/conf/kibana/saved_objects.ndjson #cp /opt/so/conf/kibana/saved_objects.ndjson.template /opt/so/conf/kibana/saved_objects.ndjson
cp "$ndjson_template_file" "$ndjson_file" if [ "$ndjson_template_file" != "$ndjson_file" ]; then
cp "$ndjson_template_file" "$ndjson_file"
fi
# SOCtopus and Manager # SOCtopus and Manager
if grep -lq 'PLACEHOLDER' "$ndjson_file"; then if grep -lq 'PLACEHOLDER' "$ndjson_file"; then

20
salt/kibana/files/config_saved_objects.ndjson
View File

@@ -1 +1,19 @@
{"attributes": {"buildNum":39457,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":100,"theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"securitySolution:defaultIndex": ["apm-*-transaction*","traces-apm*","auditbeat-*","endgame-*","filebeat-*","logs-*","packetbeat-*","winlogbeat-*","so-*"],"coreMigrationVersion":"7.15.0","id":"7.15.0","migrationVersion":{"config":"7.13.0"},"references":[],"sort":[1633625537804,2310],"type":"config","updated_at":"2021-10-07T16:52:17.804Z","version":"Wzg1NDE3LDVd"} {
"attributes": {
"buildNum": 39457,
"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29",
"defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645",
"discover:sampleSize": 100,
"theme:darkMode": true,
"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"
},
"coreMigrationVersion": "7.15.0",
"id": "7.15.0",
"migrationVersion": {
"config": "7.13.0"
},
"references": [],
"type": "config",
"updated_at": "2021-10-10T10:10:10.105Z",
"version": "WzI5NzUsMl0="
}

17
salt/kibana/files/securitySolution_saved_objects.ndjson Normal file
View File

@@ -0,0 +1,17 @@
{
"attributes": {
"buildNum": 39457,
"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29",
"defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645",
"securitySolution:defaultIndex": ["apm-*-transaction*", "traces-apm*", "auditbeat-*", "endgame-*", "filebeat-*", "logs-*", "packetbeat-*", "winlogbeat-*", "so-*"]
},
"coreMigrationVersion": "7.15.0",
"id": "7.15.0",
"migrationVersion": {
"config": "7.13.0"
},
"references": [],
"type": "config",
"updated_at": "2021-10-10T10:10:10.105Z",
"version": "WzI5NzUsMl0="
}

1
salt/kibana/so_default_load.sls → salt/kibana/so_config_load.sls
View File

@@ -1,6 +1,7 @@
include: include:
- kibana - kibana
- kibana.so_dashboard_load - kibana.so_dashboard_load
- kibana.so_securitySolution_load
config_saved_objects: config_saved_objects:
file.managed: file.managed:

4
salt/kibana/so_dashboard_load.sls
View File

@@ -3,14 +3,14 @@ include:
dashboard_saved_objects_template: dashboard_saved_objects_template:
file.managed: file.managed:
- name: /opt/so/conf/kibana/saved_objects.ndjson.template - name: /opt/so/conf/kibana/saved_objects.ndjson
- source: salt://kibana/files/saved_objects.ndjson - source: salt://kibana/files/saved_objects.ndjson
- user: 932 - user: 932
- group: 939 - group: 939
so-kiba-dashboard-load: so-kiba-dashboard-load:
cmd.run: cmd.run:
- name: /usr/sbin/so-kibana-config-load /opt/so/conf/kibana/saved_objects.ndjson.template - name: /usr/sbin/so-kibana-config-load /opt/so/conf/kibana/saved_objects.ndjson
- cwd: /opt/so - cwd: /opt/so
- require: - require:
- sls: kibana - sls: kibana

17
salt/kibana/so_securitySolution_load.sls Normal file
View File

@@ -0,0 +1,17 @@
include:
- kibana
securitySolution_saved_objects:
file.managed:
- name: /opt/so/conf/kibana/securitySolution_saved_objects.ndjson
- source: salt://kibana/files/securitySolution_saved_objects.ndjson
- user: 932
- group: 939
so-kiba-securitySolution_saved_objects-load:
cmd.run:
- name: /usr/sbin/so-kibana-config-load /opt/so/conf/kibana/securitySolution_saved_objects.ndjson
- cwd: /opt/so
- require:
- sls: kibana
- file: securitySolution_saved_objects

2
setup/so-setup
View File

@@ -811,7 +811,7 @@ echo "1" > /root/accept_changes
salt-call state.apply -l info soc >> $setup_log 2>&1 salt-call state.apply -l info soc >> $setup_log 2>&1
set_progress_str 70 "$(print_salt_state_apply 'kibana')" set_progress_str 70 "$(print_salt_state_apply 'kibana')"
salt-call state.apply -l info kibana.so_default_load >> $setup_log 2>&1 salt-call state.apply -l info kibana.so_config_load >> $setup_log 2>&1
set_progress_str 70 "Setting up default Space in Kibana" set_progress_str 70 "Setting up default Space in Kibana"
so-kibana-space-defaults >> $setup_log 2>&1 so-kibana-space-defaults >> $setup_log 2>&1