Tweaked for sigmac backend change

2025-12-06 17:22:49 +01:00 · 2019-10-27 14:36:52 -04:00
parent 783a9cd102
commit 94e15ed502
1 changed files with 1 additions and 15 deletions
--- a/salt/soctopus/files/templates/generic.template
+++ b/salt/soctopus/files/templates/generic.template
@@ -3,20 +3,6 @@
 {% set hivekey = salt['pillar.get']('static:hivekey', '') %}
 es_host: {{es}}
 es_port: 9200
-name: Alert-Name
-type: frequency
-index: "*:logstash-*"
-num_events: 1
-timeframe:
-    minutes: 10
-buffer_time:
-    minutes: 10
-allow_buffer_time_overlap: true
-
-filter:
- query:
-   query_string:
-      query: 'select from test'

 alert: modules.so.thehive.TheHiveAlerter

@@ -32,7 +18,7 @@ hive_alert_config:
  title: '{rule[name]}'
  type: 'external'
  source: 'SecurityOnion'
-  description: '`Data:` {match[message]}'
+  description: "`Play:` https://{{es}}/playbook/issues/6000 \n\n `Data:` {match[message]}"
  severity: 2
  tags: ['elastalert', 'SecurityOnion']
  tlp: 3