diff --git a/pillar/top.sls b/pillar/top.sls index 9e65257d0..e72e40e46 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -1,51 +1,22 @@ base: '*': - - patch.needs_restarting - - ntp.soc_ntp - - ntp.adv_ntp - - logrotate - docker.soc_docker - docker.adv_docker + - influxdb.token + - logrotate.soc_logrotate + - logrotate.adv_logrotate + - nginx.soc_nginx + - nginx.adv_nginx + - node_data.ips + - ntp.soc_ntp + - ntp.adv_ntp + - patch.needs_restarting + - patch.soc_patch + - patch.adv_patch - sensoroni.soc_sensoroni - sensoroni.adv_sensoroni - telegraf.soc_telegraf - telegraf.adv_telegraf - - influxdb.token - - node_data.ips - - '* and not *_eval and not *_import': - - logstash.nodes - - '*_eval or *_heavynode or *_sensor or *_standalone or *_import': - - match: compound - - zeek.soc_zeek - - zeek.adv_zeek - - bpf.soc_bpf - - bpf.adv_bpf - - suricata.soc_suricata - - suricata.adv_suricata - - '*_managersearch or *_heavynode': - - match: compound - - logstash - - logstash.manager - - logstash.search - - logstash.soc_logstash - - logstash.adv_logstash - - elasticsearch.index_templates - - elasticsearch.soc_elasticsearch - - elasticsearch.adv_elasticsearch - - curator.soc_curator - - curator.adv_curator - - '*_manager': - - logstash - - logstash.manager - - logstash.soc_logstash - - logstash.adv_logstash - - elasticsearch.index_templates - - curator.soc_curator - - curator.adv_curator '*_manager or *_managersearch': - match: compound @@ -62,8 +33,12 @@ base: - manager.adv_manager - idstools.soc_idstools - idstools.adv_idstools + - logstash.soc_logstash + - logstash.adv_logstash - soc.soc_soc - soc.adv_soc + - soctopus.soc_soctopus + - soctopus.adv_soctopus - kibana.soc_kibana - kibana.adv_kibana - kratos.soc_kratos @@ -80,6 +55,10 @@ base: - backup.adv_backup - firewall.soc_firewall - firewall.adv_firewall + - curator.soc_curator + - curator.adv_curator + - soctopus.soc_soctopus + - soctopus.adv_soctopus - minions.{{ grains.id }} - minions.adv_{{ grains.id }} @@ -87,6 +66,16 @@ base: - healthcheck.sensor - global.soc_global - global.adv_global + - strelka.soc_strelka + - strelka.adv_strelka + - zeek.soc_zeek + - zeek.adv_zeek + - bpf.soc_bpf + - bpf.adv_bpf + - pcap.soc_pcap + - pcap.adv_pcap + - suricata.soc_suricata + - suricata.adv_suricata - minions.{{ grains.id }} - minions.adv_{{ grains.id }} @@ -112,6 +101,13 @@ base: - idstools.soc_idstools - idstools.adv_idstools - soc.soc_soc + - soc.adv_soc + - soctopus.soc_soctopus + - soctopus.adv_soctopus + - strelka.soc_strelka + - strelka.adv_strelka + - curator.soc_curator + - curator.adv_curator - kratos.soc_kratos - kratos.adv_kratos - redis.soc_redis @@ -122,6 +118,14 @@ base: - backup.adv_backup - firewall.soc_firewall - firewall.adv_firewall + - zeek.soc_zeek + - zeek.adv_zeek + - bpf.soc_bpf + - bpf.adv_bpf + - pcap.soc_pcap + - pcap.adv_pcap + - suricata.soc_suricata + - suricata.adv_suricata - minions.{{ grains.id }} - minions.adv_{{ grains.id }} @@ -157,18 +161,50 @@ base: - manager.soc_manager - manager.adv_manager - soc.soc_soc + - soc.adv_soc + - soctopus.soc_soctopus + - soctopus.adv_soctopus + - strelka.soc_strelka + - strelka.adv_strelka + - curator.soc_curator + - curator.adv_curator - backup.soc_backup - backup.adv_backup - firewall.soc_firewall - firewall.adv_firewall + - zeek.soc_zeek + - zeek.adv_zeek + - bpf.soc_bpf + - bpf.adv_bpf + - pcap.soc_pcap + - pcap.adv_pcap + - suricata.soc_suricata + - suricata.adv_suricata - minions.{{ grains.id }} - minions.adv_{{ grains.id }} '*_heavynode': - elasticsearch.auth + - logstash.soc_logstash + - logstash.adv_logstash + - elasticsearch.soc_elasticsearch + - elasticsearch.adv_elasticsearch + - curator.soc_curator + - curator.adv_curator - global.soc_global - global.adv_global - redis.soc_redis + - redis.adv_redis + - zeek.soc_zeek + - zeek.adv_zeek + - bpf.soc_bpf + - bpf.adv_bpf + - pcap.soc_pcap + - pcap.adv_pcap + - suricata.soc_suricata + - suricata.adv_suricata + - strelka.soc_strelka + - strelka.adv_strelka - minions.{{ grains.id }} - minions.adv_{{ grains.id }} @@ -181,25 +217,19 @@ base: - minions.adv_{{ grains.id }} '*_searchnode': - - logstash - - logstash.search - logstash.soc_logstash - logstash.adv_logstash - - elasticsearch.index_templates - elasticsearch.soc_elasticsearch - elasticsearch.adv_elasticsearch {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %} - elasticsearch.auth {% endif %} - - redis.soc_redis - global.soc_global - global.adv_global - minions.{{ grains.id }} - minions.adv_{{ grains.id }} '*_receiver': - - logstash - - logstash.receiver - logstash.soc_logstash - logstash.adv_logstash {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %} @@ -229,6 +259,11 @@ base: - manager.soc_manager - manager.adv_manager - soc.soc_soc + - soc.adv_soc + - soctopus.soc_soctopus + - soctopus.adv_soctopus + - curator.soc_curator + - curator.adv_curator - global.soc_global - global.adv_global - backup.soc_backup @@ -241,6 +276,16 @@ base: - influxdb.adv_influxdb - firewall.soc_firewall - firewall.adv_firewall + - zeek.soc_zeek + - zeek.adv_zeek + - bpf.soc_bpf + - bpf.adv_bpf + - pcap.soc_pcap + - pcap.adv_pcap + - suricata.soc_suricata + - suricata.adv_suricata + - strelka.soc_strelka + - strelka.adv_strelka - minions.{{ grains.id }} - minions.adv_{{ grains.id }} @@ -249,13 +294,11 @@ base: - global.adv_global - backup.soc_backup - backup.adv_backup - - logstash - - logstash.fleet - logstash.soc_logstash - logstash.adv_logstash - minions.{{ grains.id }} - minions.adv_{{ grains.id }} - '*_workstation': + '*_desktop': - minions.{{ grains.id }} - minions.adv_{{ grains.id }}