CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

enabled/disable soc in ui

Browse Source
This commit is contained in:
m0duspwnens
2023-05-11 15:33:16 -04:00
parent a3b97b40ba
commit 8e18986671
11 changed files with 2256 additions and 2142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
salt/manager/tools/sbin/so-minion
View File

@@ -302,6 +302,13 @@ function add_soctopus_to_minion() {
" " >> $PILLARFILE " " >> $PILLARFILE
} }
function add_soc_to_minion() {
printf '%s\n'\
"soc:"\
" enabled: True"\
" " >> $PILLARFILE
}
function create_fleet_policy() { function create_fleet_policy() {
JSON_STRING=$( jq -n \ JSON_STRING=$( jq -n \
@@ -356,6 +363,7 @@ function createEVAL() {
add_influxdb_to_minion add_influxdb_to_minion
add_nginx_to_minion add_nginx_to_minion
add_soctopus_to_minion add_soctopus_to_minion
add_soc_to_minion
} }
function createSTANDALONE() { function createSTANDALONE() {
@@ -372,6 +380,7 @@ function createSTANDALONE() {
add_influxdb_to_minion add_influxdb_to_minion
add_nginx_to_minion add_nginx_to_minion
add_soctopus_to_minion add_soctopus_to_minion
add_soc_to_minion
} }
function createMANAGER() { function createMANAGER() {
@@ -386,6 +395,7 @@ function createMANAGER() {
add_influxdb_to_minion add_influxdb_to_minion
add_nginx_to_minion add_nginx_to_minion
add_soctopus_to_minion add_soctopus_to_minion
add_soc_to_minion
} }
function createMANAGERSEARCH() { function createMANAGERSEARCH() {
@@ -400,6 +410,7 @@ function createMANAGERSEARCH() {
add_influxdb_to_minion add_influxdb_to_minion
add_nginx_to_minion add_nginx_to_minion
add_soctopus_to_minion add_soctopus_to_minion
add_soc_to_minion
} }
function createIMPORT() { function createIMPORT() {
@@ -409,6 +420,7 @@ function createIMPORT() {
add_telegraf_to_minion add_telegraf_to_minion
add_influxdb_to_minion add_influxdb_to_minion
add_nginx_to_minion add_nginx_to_minion
add_soc_to_minion
} }
function createFLEET() { function createFLEET() {
@@ -418,6 +430,7 @@ function createFLEET() {
update_fleet_host_urls update_fleet_host_urls
update_logstash_outputs update_logstash_outputs
add_telegraf_to_minion add_telegraf_to_minion
add_nginx_to_minion
} }
function createIDH() { function createIDH() {
@@ -433,21 +446,18 @@ function createHEAVYNODE() {
add_redis_to_minion add_redis_to_minion
add_curator_to_minion add_curator_to_minion
add_telegraf_to_minion add_telegraf_to_minion
add_nginx_to_minion
} }
function createSENSOR() { function createSENSOR() {
add_sensor_to_minion add_sensor_to_minion
add_strelka_strelka_to_minion add_strelka_strelka_to_minion
add_telegraf_to_minion add_telegraf_to_minion
add_nginx_to_minion
} }
function createSEARCHNODE() { function createSEARCHNODE() {
add_elasticsearch_to_minion add_elasticsearch_to_minion
add_logstash_to_minion add_logstash_to_minion
add_telegraf_to_minion add_telegraf_to_minion
add_nginx_to_minion
updateMine updateMine
apply_ES_state apply_ES_state
} }

115
salt/soc/config.sls Normal file
View File

@@ -0,0 +1,115 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls.split('.')[0] in allowed_states %}
include:
- manager.sync_es_users
socdir:
file.directory:
- name: /opt/so/conf/soc
- user: 939
- group: 939
- makedirs: True
socdatadir:
file.directory:
- name: /nsm/soc/jobs
- user: 939
- group: 939
- makedirs: True
soclogdir:
file.directory:
- name: /opt/so/log/soc
- user: 939
- group: 939
- makedirs: True
socsaltdir:
file.directory:
- name: /opt/so/conf/soc/salt
- user: 939
- group: 939
- makedirs: True
socconfig:
file.managed:
- name: /opt/so/conf/soc/soc.json
- source: salt://soc/files/soc/soc.json.jinja
- user: 939
- group: 939
- mode: 600
- template: jinja
- show_changes: False
socmotd:
file.managed:
- name: /opt/so/conf/soc/motd.md
- source: salt://soc/files/soc/motd.md
- user: 939
- group: 939
- mode: 600
- template: jinja
socbanner:
file.managed:
- name: /opt/so/conf/soc/banner.md
- source: salt://soc/files/soc/banner.md
- user: 939
- group: 939
- mode: 600
- template: jinja
soc_sbin:
file.recurse:
- name: /usr/sbin
- source: salt://soc/tools/sbin
- user: 939
- group: 939
- file_mode: 755
#soc_sbin_jinja:
# file.recurse:
# - name: /usr/sbin
# - source: salt://soc/tools/sbin_jinja
# - user: 939
# - group: 939
# - file_mode: 755
# - template: jinja
soccustom:
file.managed:
- name: /opt/so/conf/soc/custom.js
- source: salt://soc/files/soc/custom.js
- user: 939
- group: 939
- mode: 600
- template: jinja
soccustomroles:
file.managed:
- name: /opt/so/conf/soc/custom_roles
- source: salt://soc/files/soc/custom_roles
- user: 939
- group: 939
- mode: 600
- template: jinja
socusersroles:
file.exists:
- name: /opt/so/conf/soc/soc_users_roles
- require:
- sls: manager.sync_es_users
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %}

21
salt/soc/defaults.map.jinja
View File

@@ -1,3 +1,8 @@
{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
https://securityonion.net/license; you may not use this file except in compliance with the
Elastic License 2.0. #}
{% import_yaml 'soc/defaults.yaml' as SOCDEFAULTS %} {% import_yaml 'soc/defaults.yaml' as SOCDEFAULTS %}
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{% from 'docker/docker.map.jinja' import DOCKER -%} {% from 'docker/docker.map.jinja' import DOCKER -%}
@@ -5,28 +10,28 @@
{% import_text 'influxdb/metrics_link.txt' as METRICS_LINK %} {% import_text 'influxdb/metrics_link.txt' as METRICS_LINK %}
{% for module, application_url in GLOBALS.application_urls.items() %} {% for module, application_url in GLOBALS.application_urls.items() %}
{% do SOCDEFAULTS.soc.server.modules[module].update({'hostUrl': application_url}) %} {% do SOCDEFAULTS.soc.config.server.modules[module].update({'hostUrl': application_url}) %}
{% endfor %} {% endfor %}
{# add nodes from the logstash:nodes pillar to soc.server.modules.elastic.remoteHostUrls #} {# add nodes from the logstash:nodes pillar to soc.server.modules.elastic.remoteHostUrls #}
{% for node_type, minions in salt['pillar.get']('logstash:nodes', {}).items() %} {% for node_type, minions in salt['pillar.get']('logstash:nodes', {}).items() %}
{% for m in minions.keys() %} {% for m in minions.keys() %}
{% do SOCDEFAULTS.soc.server.modules.elastic.remoteHostUrls.append(m) %} {% do SOCDEFAULTS.soc.config.server.modules.elastic.remoteHostUrls.append(m) %}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}
{% do SOCDEFAULTS.soc.server.modules.elastic.update({'username': GLOBALS.elasticsearch.auth.users.so_elastic_user.user, 'password': GLOBALS.elasticsearch.auth.users.so_elastic_user.pass}) %} {% do SOCDEFAULTS.soc.config.server.modules.elastic.update({'username': GLOBALS.elasticsearch.auth.users.so_elastic_user.user, 'password': GLOBALS.elasticsearch.auth.users.so_elastic_user.pass}) %}
{% do SOCDEFAULTS.soc.server.modules.influxdb.update({'hostUrl': 'https://' ~ GLOBALS.influxdb_host ~ ':8086'}) %} {% do SOCDEFAULTS.soc.config.server.modules.influxdb.update({'hostUrl': 'https://' ~ GLOBALS.influxdb_host ~ ':8086'}) %}
{% do SOCDEFAULTS.soc.server.modules.influxdb.update({'token': INFLUXDB_TOKEN}) %} {% do SOCDEFAULTS.soc.config.server.modules.influxdb.update({'token': INFLUXDB_TOKEN}) %}
{% for tool in SOCDEFAULTS.soc.server.client.tools %} {% for tool in SOCDEFAULTS.soc.config.server.client.tools %}
{% if tool.name == "toolInfluxDb" and METRICS_LINK | length > 0 %} {% if tool.name == "toolInfluxDb" and METRICS_LINK | length > 0 %}
{% do tool.update({'link': METRICS_LINK}) %} {% do tool.update({'link': METRICS_LINK}) %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% do SOCDEFAULTS.soc.server.modules.statickeyauth.update({'anonymousCidr': DOCKER.sorange, 'apiKey': pillar.sensoroni.sensoronikey}) %} {% do SOCDEFAULTS.soc.config.server.modules.statickeyauth.update({'anonymousCidr': DOCKER.sorange, 'apiKey': pillar.sensoroni.sensoronikey}) %}
{% do SOCDEFAULTS.soc.server.client.case.update({'analyzerNodeId': GLOBALS.hostname}) %} {% do SOCDEFAULTS.soc.config.server.client.case.update({'analyzerNodeId': GLOBALS.hostname}) %}
{% set SOCDEFAULTS = SOCDEFAULTS.soc %} {% set SOCDEFAULTS = SOCDEFAULTS.soc %}

2
salt/soc/defaults.yaml
View File

@@ -1,4 +1,6 @@
soc: soc:
enabled: False
config:
logFilename: /opt/sensoroni/logs/sensoroni-server.log logFilename: /opt/sensoroni/logs/sensoroni-server.log
logLevel: info logLevel: info
actions: actions:

31
salt/soc/disabled.sls Normal file
View File

@@ -0,0 +1,31 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls.split('.')[0] in allowed_states %}
include:
- soc.sostatus
so-soc:
docker_container.absent:
- force: True
so-soc_so-status.disabled:
file.comment:
- name: /opt/so/conf/so-status/so-status.conf
- regex: ^so-soc$
salt-relay:
cron.absent:
- identifier: salt-relay
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %}

68
salt/soc/enabled.sls Normal file
View File

@@ -0,0 +1,68 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls.split('.')[0] in allowed_states %}
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% from 'docker/docker.map.jinja' import DOCKER %}
{% from 'soc/merged.map.jinja' import DOCKER_EXTRA_HOSTS %}
include:
- soc.config
- soc.sostatus
so-soc:
docker_container.running:
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-soc:{{ GLOBALS.so_version }}
- hostname: soc
- name: so-soc
- networks:
- sobridge:
- ipv4_address: {{ DOCKER.containers['so-soc'].ip }}
- binds:
- /nsm/soc/jobs:/opt/sensoroni/jobs:rw
- /opt/so/log/soc/:/opt/sensoroni/logs/:rw
- /opt/so/conf/soc/soc.json:/opt/sensoroni/sensoroni.json:ro
- /opt/so/conf/soc/motd.md:/opt/sensoroni/html/motd.md:ro
- /opt/so/conf/soc/banner.md:/opt/sensoroni/html/login/banner.md:ro
- /opt/so/conf/soc/custom.js:/opt/sensoroni/html/js/custom.js:ro
- /opt/so/conf/soc/custom_roles:/opt/sensoroni/rbac/custom_roles:ro
- /opt/so/conf/soc/soc_users_roles:/opt/sensoroni/rbac/users_roles:rw
- /opt/so/conf/soc/salt:/opt/sensoroni/salt:rw
- /opt/so/saltstack:/opt/so/saltstack:rw
- extra_hosts: {{ DOCKER_EXTRA_HOSTS }}
- port_bindings:
{% for BINDING in DOCKER.containers['so-soc'].port_bindings %}
- {{ BINDING }}
{% endfor %}
- watch:
- file: /opt/so/conf/soc/*
- require:
- file: socdatadir
- file: soclogdir
- file: socconfig
- file: socmotd
- file: socbanner
- file: soccustom
- file: soccustomroles
- file: socusersroles
delete_so-soc_so-status.disabled:
file.uncomment:
- name: /opt/so/conf/so-status/so-status.conf
- regex: ^so-soc$
salt-relay:
cron.present:
- name: 'ps -ef | grep salt-relay.sh | grep -v grep > /dev/null 2>&1 || /opt/so/saltstack/default/salt/soc/files/bin/salt-relay.sh >> /opt/so/log/soc/salt-relay.log 2>&1 &'
- identifier: salt-relay
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %}

2
salt/soc/files/soc/soc.json.jinja
View File

@@ -1,2 +1,2 @@
{% from 'soc/merged.map.jinja' import SOCMERGED -%} {% from 'soc/merged.map.jinja' import SOCMERGED -%}
{{ SOCMERGED | json(sort_keys=True, indent=4 * ' ') }} {{ SOCMERGED.config | json(sort_keys=True, indent=4 * ' ') }}

163
salt/soc/init.sls
View File

@@ -1,160 +1,13 @@
{% from 'allowed_states.map.jinja' import allowed_states %} # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
{% if sls in allowed_states %} # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'soc/config.map.jinja' import SOCMERGED %}
{% from 'docker/docker.map.jinja' import DOCKER %}
{% from 'soc/merged.map.jinja' import DOCKER_EXTRA_HOSTS %}
include: include:
- manager.sync_es_users {% if SOCMERGED.enabled %}
- soc.enabled
socdir:
file.directory:
- name: /opt/so/conf/soc
- user: 939
- group: 939
- makedirs: True
socdatadir:
file.directory:
- name: /nsm/soc/jobs
- user: 939
- group: 939
- makedirs: True
soclogdir:
file.directory:
- name: /opt/so/log/soc
- user: 939
- group: 939
- makedirs: True
socsaltdir:
file.directory:
- name: /opt/so/conf/soc/salt
- user: 939
- group: 939
- makedirs: True
socconfig:
file.managed:
- name: /opt/so/conf/soc/soc.json
- source: salt://soc/files/soc/soc.json.jinja
- user: 939
- group: 939
- mode: 600
- template: jinja
- show_changes: False
socmotd:
file.managed:
- name: /opt/so/conf/soc/motd.md
- source: salt://soc/files/soc/motd.md
- user: 939
- group: 939
- mode: 600
- template: jinja
socbanner:
file.managed:
- name: /opt/so/conf/soc/banner.md
- source: salt://soc/files/soc/banner.md
- user: 939
- group: 939
- mode: 600
- template: jinja
soc_sbin:
file.recurse:
- name: /usr/sbin
- source: salt://soc/tools/sbin
- user: 939
- group: 939
- file_mode: 755
#soc_sbin_jinja:
# file.recurse:
# - name: /usr/sbin
# - source: salt://soc/tools/sbin_jinja
# - user: 939
# - group: 939
# - file_mode: 755
# - template: jinja
soccustom:
file.managed:
- name: /opt/so/conf/soc/custom.js
- source: salt://soc/files/soc/custom.js
- user: 939
- group: 939
- mode: 600
- template: jinja
soccustomroles:
file.managed:
- name: /opt/so/conf/soc/custom_roles
- source: salt://soc/files/soc/custom_roles
- user: 939
- group: 939
- mode: 600
- template: jinja
socusersroles:
file.exists:
- name: /opt/so/conf/soc/soc_users_roles
- require:
- sls: manager.sync_es_users
salt-relay:
cron.present:
- name: 'ps -ef | grep salt-relay.sh | grep -v grep > /dev/null 2>&1 || /opt/so/saltstack/default/salt/soc/files/bin/salt-relay.sh >> /opt/so/log/soc/salt-relay.log 2>&1 &'
- identifier: salt-relay
so-soc:
docker_container.running:
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-soc:{{ GLOBALS.so_version }}
- hostname: soc
- name: so-soc
- networks:
- sobridge:
- ipv4_address: {{ DOCKER.containers['so-soc'].ip }}
- binds:
- /nsm/soc/jobs:/opt/sensoroni/jobs:rw
- /opt/so/log/soc/:/opt/sensoroni/logs/:rw
- /opt/so/conf/soc/soc.json:/opt/sensoroni/sensoroni.json:ro
- /opt/so/conf/soc/motd.md:/opt/sensoroni/html/motd.md:ro
- /opt/so/conf/soc/banner.md:/opt/sensoroni/html/login/banner.md:ro
- /opt/so/conf/soc/custom.js:/opt/sensoroni/html/js/custom.js:ro
- /opt/so/conf/soc/custom_roles:/opt/sensoroni/rbac/custom_roles:ro
- /opt/so/conf/soc/soc_users_roles:/opt/sensoroni/rbac/users_roles:rw
- /opt/so/conf/soc/salt:/opt/sensoroni/salt:rw
- /opt/so/saltstack:/opt/so/saltstack:rw
- extra_hosts: {{ DOCKER_EXTRA_HOSTS }}
- port_bindings:
{% for BINDING in DOCKER.containers['so-soc'].port_bindings %}
- {{ BINDING }}
{% endfor %}
- watch:
- file: /opt/so/conf/soc/*
- require:
- file: socdatadir
- file: soclogdir
- file: socconfig
- file: socmotd
- file: socbanner
- file: soccustom
- file: soccustomroles
- file: socusersroles
append_so-soc_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-soc
{% else %} {% else %}
- soc.disabled
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %} {% endif %}

43
salt/soc/merged.map.jinja
View File

@@ -1,3 +1,8 @@
{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
https://securityonion.net/license; you may not use this file except in compliance with the
Elastic License 2.0. #}
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{% from 'soc/defaults.map.jinja' import SOCDEFAULTS with context %} {% from 'soc/defaults.map.jinja' import SOCDEFAULTS with context %}
{% from 'logstash/map.jinja' import LOGSTASH_NODES %} {% from 'logstash/map.jinja' import LOGSTASH_NODES %}
@@ -6,14 +11,14 @@
{% set SOCMERGED = salt['pillar.get']('soc', SOCDEFAULTS, merge=true) %} {% set SOCMERGED = salt['pillar.get']('soc', SOCDEFAULTS, merge=true) %}
{# if SOCMERGED.server.modules.cases == httpcase details come from the soc pillar #} {# if SOCMERGED.config.server.modules.cases == httpcase details come from the soc pillar #}
{% if SOCMERGED.server.modules.cases != 'soc' %} {% if SOCMERGED.config.server.modules.cases != 'soc' %}
{% do SOCMERGED.server.modules.elastic.update({'casesEnabled': false}) %} {% do SOCMERGED.config.server.modules.elastic.update({'casesEnabled': false}) %}
{% do SOCMERGED.server.client.update({'casesEnabled': false}) %} {% do SOCMERGED.config.server.client.update({'casesEnabled': false}) %}
{% do SOCMERGED.server.client.hunt.update({'escalateRelatedEventsEnabled': false}) %} {% do SOCMERGED.config.server.client.hunt.update({'escalateRelatedEventsEnabled': false}) %}
{% do SOCMERGED.server.client.alerts.update({'escalateRelatedEventsEnabled': false}) %} {% do SOCMERGED.config.server.client.alerts.update({'escalateRelatedEventsEnabled': false}) %}
{% if SOCMERGED.server.modules.cases == 'elasticcases' %} {% if SOCMERGED.config.server.modules.cases == 'elasticcases' %}
{% do SOCMERGED.server.modules.update({ {% do SOCMERGED.config.server.modules.update({
'elasticcases': { 'elasticcases': {
'hostUrl': 'https://' ~ GLOBALS.manager_ip ~ ':5601', 'hostUrl': 'https://' ~ GLOBALS.manager_ip ~ ':5601',
'username': GLOBALS.elasticsearch.auth.users.so_elastic_user.user, 'username': GLOBALS.elasticsearch.auth.users.so_elastic_user.user,
@@ -23,13 +28,13 @@
{% endif %} {% endif %}
{% endif %} {% endif %}
{# since cases is not a valid soc config item and only used for the map files, remove it from being placed in the config #} {# since cases is not a valid soc config item and only used for the map files, remove it from being placed in the config #}
{% do SOCMERGED.server.modules.pop('cases') %} {% do SOCMERGED.config.server.modules.pop('cases') %}
{% if pillar.manager.playbook == 0 %} {% if pillar.manager.playbook == 0 %}
{% do SOCMERGED.server.client.inactiveTools.append('toolPlaybook') %} {% do SOCMERGED.config.server.client.inactiveTools.append('toolPlaybook') %}
{% endif %} {% endif %}
{% set standard_actions = SOCMERGED.pop('actions') %} {% set standard_actions = SOCMERGED.config.pop('actions') %}
{% if pillar.global.endgamehost is defined %} {% if pillar.global.endgamehost is defined %}
{% set endgame_dict = { {% set endgame_dict = {
"name": "Endgame", "name": "Endgame",
@@ -42,12 +47,12 @@
{% do standard_actions.append(endgame_dict) %} {% do standard_actions.append(endgame_dict) %}
{% endif %} {% endif %}
{% do SOCMERGED.server.client.hunt.update({'actions': standard_actions}) %} {% do SOCMERGED.config.server.client.hunt.update({'actions': standard_actions}) %}
{% do SOCMERGED.server.client.dashboards.update({'actions': standard_actions}) %} {% do SOCMERGED.config.server.client.dashboards.update({'actions': standard_actions}) %}
{% do SOCMERGED.server.client.update({'job': {'actions': standard_actions}}) %} {% do SOCMERGED.config.server.client.update({'job': {'actions': standard_actions}}) %}
{% do SOCMERGED.server.client.alerts.update({'actions': standard_actions}) %} {% do SOCMERGED.config.server.client.alerts.update({'actions': standard_actions}) %}
{% do SOCMERGED.server.client.cases.update({'actions': standard_actions}) %} {% do SOCMERGED.config.server.client.cases.update({'actions': standard_actions}) %}
{% set standard_eventFields = SOCMERGED.pop('eventFields') %} {% set standard_eventFields = SOCMERGED.config.pop('eventFields') %}
{% do SOCMERGED.server.client.hunt.update({'eventFields': standard_eventFields}) %} {% do SOCMERGED.config.server.client.hunt.update({'eventFields': standard_eventFields}) %}
{% do SOCMERGED.server.client.dashboards.update({'eventFields': standard_eventFields}) %} {% do SOCMERGED.config.server.client.dashboards.update({'eventFields': standard_eventFields}) %}

4
salt/soc/soc_soc.yaml
View File

@@ -1,4 +1,8 @@
soc: soc:
enabled:
description: You can enable or disable SOC.
advanced: True
config:
licenseKey: licenseKey:
title: License Key title: License Key
description: Optional Security Onion license key to unlock enterprise features. description: Optional Security Onion license key to unlock enterprise features.

21
salt/soc/sostatus.sls Normal file
View File

@@ -0,0 +1,21 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls.split('.')[0] in allowed_states %}
append_so-soc_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-soc
- unless: grep -q so-soc /opt/so/conf/so-status/so-status.conf
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %}