From 03e42a009a60078d3e25abfb127d87a9de29c76f Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Mon, 25 Mar 2019 16:12:24 +0000
Subject: [PATCH] SOCtopus: update config

---
 salt/soctopus/files/SOCtopus.conf | 43 ++++++++++++++++++++++++++++---
 1 file changed, 39 insertions(+), 4 deletions(-)

diff --git a/salt/soctopus/files/SOCtopus.conf b/salt/soctopus/files/SOCtopus.conf
index eb766755f..c1d580f3c 100644
--- a/salt/soctopus/files/SOCtopus.conf
+++ b/salt/soctopus/files/SOCtopus.conf
@@ -1,12 +1,47 @@
 {%- set ip = salt['pillar.get']('static:masterip', '') %}
 
 [es]
-es_url = http://{{ ip }}:9200
+es_url = http://{{ip}}:9200
+
+[fir]
+fir_url = YOURFIRURL
+fir_token = YOURFIRTOKEN
+fir_actor = 3
+fir_category = 3
+fir_confidentiality = 1
+fir_detection = 2
+fir_plan = 8
+fir_severity = 4
+
+[grr]
+grr_url = YOURGRRURL
+grr_user = YOURGRRUSER
+grr_pass = YOURGRRPASS
 
 [hive]
-hive_url = http://{{ ip }}:9000
-hive_key = YOURHIVEAPIKEYHERE -- TO LATER BE REPLACED BY JINJA
+hive_url = https://{{ip}}/thehive
+hive_key = YOURHIVEKEY
+tlp = 3
+
+[misp]
+misp_url = YOURMISPURL
+misp_key = YOURMISPKEY
+misp_verifycert = False 
+distrib = 0
+threat = 4
+analysis = 0
+
+[rtir]
+rtir_url = YOURRTIRURL
+rtir_api = REST/1.0/
+rtir_user = YOURRTIRUSER
+rtir_pass = YOURRTIRPASS
+rtir_queue = Incidents
+rtir_creator = root
+
+[slack]
+slack_url = YOURSLACKWORKSPACE
+slack_webhook = YOURSLACKWEBHOOK
 
 [log]
 logfile = /tmp/soctopus.log
-