Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into truclusterrator

VERIFY_ISO.md

@@ -1,18 +1,18 @@
-### 2.3.70-CURATOR ISO image built on 2021/08/20
+### 2.3.70-GRAFANA ISO image built on 2021/08/23
 
 
 
 ### Download and Verify
 
-2.3.70-CURATOR ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.70-CURATOR.iso
+2.3.70-GRAFANA ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.70-GRAFANA.iso
 
-MD5: E0F7882E37B1B6BC4F9A6C8FD6F213F6  
-SHA1: 82E1204BAD9489B275A083A642F175E352F9A332  
-SHA256: 147CA7F5082273EDCC32EF6322D86A04CCB2E96B3A7F0B01EFA8A029BD84C3D7 
+MD5: A16683FC8F2151C290E359FC6066B1F2  
+SHA1: A93329C103CCCE665968F246163FBE5D41EF0510  
+SHA256: 3ED0177CADF203324363916AA240A10C58DC3E9044A9ADE173A80674701A50A3 
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.70-CURATOR.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.70-GRAFANA.iso.sig
 
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.70-CURATOR.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.70-GRAFANA.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.70-CURATOR.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.70-GRAFANA.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.70-CURATOR.iso.sig securityonion-2.3.70-CURATOR.iso
+gpg --verify securityonion-2.3.70-GRAFANA.iso.sig securityonion-2.3.70-GRAFANA.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Fri 20 Aug 2021 01:23:59 PM EDT using RSA key ID FE507013
+gpg: Signature made Mon 23 Aug 2021 01:43:00 PM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.

salt/common/tools/sbin/so-playbook-import

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+ENABLEPLAY=${1:-False}
+
+docker exec so-soctopus /usr/local/bin/python -c "import playbook; print(playbook.play_import($ENABLEPLAY))"

salt/grafana/init.sls

@@ -12,16 +12,21 @@
 
 {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] or (grains.role == 'so-eval' and GRAFANA == 1) %}
 
+{% set ALLOWED_DASHBOARDS = ['overview', 'standalone', 'manager', 'managersearch', 'sensor', 'searchnode', 'heavynode', 'eval'] %}
 {% set DASHBOARDS = ['overview'] %}
 {% if grains.role == 'so-eval' %}
   {% do DASHBOARDS.append('eval') %}
 {% else %}
   {# Grab a unique listing of nodetypes that exists so that we create only the needed dashboards #}
   {% for dashboard in salt['cmd.shell']("ls /opt/so/saltstack/local/pillar/minions/|awk -F'_' {'print $2'}|awk -F'.' {'print $1'}").split() %}
-    {% do DASHBOARDS.append(dashboard) %}
+    {% if dashboard in ALLOWED_DASHBOARDS %}
+      {% do DASHBOARDS.append(dashboard) %}
+    {% endif %}
   {% endfor %}
 {% endif %}
 
+
+
 # Grafana all the things
 grafanadir:
   file.directory:

salt/soctopus/init.sls

@@ -10,7 +10,7 @@
 
 soctopusdir:
   file.directory:
-    - name: /opt/so/conf/soctopus
+    - name: /opt/so/conf/soctopus/sigma-import
     - user: 939
     - group: 939
     - makedirs: True
@@ -63,6 +63,7 @@ so-soctopus:
       - /opt/so/log/soctopus/:/var/log/SOCtopus/:rw
       - /opt/so/rules/elastalert/playbook:/etc/playbook-rules:rw
       - /opt/so/conf/navigator/nav_layer_playbook.json:/etc/playbook/nav_layer_playbook.json:rw
+      - /opt/so/conf/soctopus/sigma-import/:/SOCtopus/sigma-import/:rw    
       {% if ISAIRGAP is sameas true %}
       - /nsm/repo/rules/sigma:/soctopus/sigma
       {% endif %}