From 113fbdb863c1915c24e451ce23295d6509df44c0 Mon Sep 17 00:00:00 2001 From: weslambert Date: Tue, 17 Mar 2020 11:50:53 -0400 Subject: [PATCH 1/6] Update config.json --- salt/kibana/etc/config.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/kibana/etc/config.json b/salt/kibana/etc/config.json index 89cb1dcf5..15caf266f 100644 --- a/salt/kibana/etc/config.json +++ b/salt/kibana/etc/config.json @@ -1,7 +1,7 @@ { "attributes": { - "defaultIndex": "*:logstash-*", - "discover:sampleSize":"10", + "defaultIndex": "*:so-*", + "discover:sampleSize":"100", "dashboard:defaultDarkTheme":true, "timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\",\n \"mode\": \"quick\"\n}" } From 272649f3305e7748a77487b6d310a4bc091f9c43 Mon Sep 17 00:00:00 2001 From: weslambert Date: Tue, 17 Mar 2020 12:19:27 -0400 Subject: [PATCH 2/6] UI Dark Mode --- salt/kibana/etc/config.json | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/kibana/etc/config.json b/salt/kibana/etc/config.json index 15caf266f..c6e127437 100644 --- a/salt/kibana/etc/config.json +++ b/salt/kibana/etc/config.json @@ -3,6 +3,7 @@ "defaultIndex": "*:so-*", "discover:sampleSize":"100", "dashboard:defaultDarkTheme":true, + "theme:darkMode":true, "timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\",\n \"mode\": \"quick\"\n}" } } From c3055b0a03669d8b33793e14df2efb27609f8848 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 17 Mar 2020 15:23:55 -0400 Subject: [PATCH 3/6] Update Versions for Docker --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 7a516f95f..1f33c22d6 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -460,7 +460,7 @@ docker_registry() { } docker_seed_registry() { - VERSION="HH1.1.4" + VERSION="HH1.2.1" if [ $INSTALLTYPE != 'HELIXSENSOR' ]; then TRUSTED_CONTAINERS=( \ "so-acng:$VERSION" \ From 70f109af86a6cee8ae88362ff363cddaf3ff74ec Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Tue, 17 Mar 2020 21:29:28 +0000 Subject: [PATCH 4/6] elastic changes --- salt/kibana/etc/kibana.yml | 2 +- .../pipelines/config/so/9600_output_ossec.conf.jinja | 6 +++--- .../pipelines/config/so/9700_output_strelka.conf.jinja | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/salt/kibana/etc/kibana.yml b/salt/kibana/etc/kibana.yml index cdf102d12..b6b87dc2d 100644 --- a/salt/kibana/etc/kibana.yml +++ b/salt/kibana/etc/kibana.yml @@ -4,7 +4,7 @@ server.name: kibana server.host: "0" server.basePath: /kibana -elasticsearch.url: http://{{ ES }}:9200 +elasticsearch.hosts: [ "http://{{ ES }}:9200" ] #kibana.index: ".kibana" #elasticsearch.username: elastic #elasticsearch.password: changeme diff --git a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja index 28391b29a..b32cb44df 100644 --- a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja +++ b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja @@ -21,9 +21,9 @@ output { elasticsearch { pipeline => "%{event_type}" hosts => "{{ ES }}" - index => "so-ossec-%{+YYYY.MM.dd}" - template_name => "so-ossec" - template => "/so-ossec-template.json" + index => "so-common-%{+YYYY.MM.dd}" + template_name => "so-common" + template => "/so-common-template.json" template_overwrite => true } } diff --git a/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja b/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja index 48ed75f72..6c498c2bb 100644 --- a/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja +++ b/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja @@ -20,9 +20,9 @@ output { if [event_type] =~ "strelka" { elasticsearch { hosts => "{{ ES }}" - index => "so-strelka-%{+YYYY.MM.dd}" - template_name => "so-strelka" - template => "/so-strelka-template.json" + index => "so-common-%{+YYYY.MM.dd}" + template_name => "so-common" + template => "/so-common-template.json" template_overwrite => true } } From 4eac285fd9160672752b94328410650fee36fa78 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Tue, 17 Mar 2020 21:31:19 +0000 Subject: [PATCH 5/6] change soversion --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 1f33c22d6..bebac46c6 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -743,7 +743,7 @@ master_static() { touch /opt/so/saltstack/pillar/static.sls echo "static:" > /opt/so/saltstack/pillar/static.sls - echo " soversion: HH1.1.4" >> /opt/so/saltstack/pillar/static.sls + echo " soversion: HH1.2.1" >> /opt/so/saltstack/pillar/static.sls echo " hnmaster: $HNMASTER" >> /opt/so/saltstack/pillar/static.sls echo " ntpserver: $NTPSERVER" >> /opt/so/saltstack/pillar/static.sls echo " proxy: $PROXY" >> /opt/so/saltstack/pillar/static.sls From 29a493278540f11d58502845aae69515f0d090ec Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 18 Mar 2020 13:47:22 +0000 Subject: [PATCH 6/6] fix strelka pattern --- salt/logstash/pipelines/templates/so/so-common-template.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/logstash/pipelines/templates/so/so-common-template.json b/salt/logstash/pipelines/templates/so/so-common-template.json index 06ac47f66..90241924f 100644 --- a/salt/logstash/pipelines/templates/so/so-common-template.json +++ b/salt/logstash/pipelines/templates/so/so-common-template.json @@ -1,5 +1,5 @@ { - "index_patterns": ["so-ids-*", "so-firewall-*", "so-syslog-*", "so-zeek-*", "so-import-*", "so-ossec-*", "so-strelka", "so-beats-*"], + "index_patterns": ["so-ids-*", "so-firewall-*", "so-syslog-*", "so-zeek-*", "so-import-*", "so-ossec-*", "so-strelka-*", "so-beats-*"], "version":50001, "order" : 10, "settings":{