From 977f39cea7e59b34cb32549e3c48cb0f3736731f Mon Sep 17 00:00:00 2001
From: Josh Brower <josh@defensivedepth.com>
Date: Wed, 13 Nov 2019 09:47:04 -0500
Subject: [PATCH] Update generic.template

---
 salt/soctopus/files/templates/generic.template | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/salt/soctopus/files/templates/generic.template b/salt/soctopus/files/templates/generic.template
index 23b693258..e278afa2c 100644
--- a/salt/soctopus/files/templates/generic.template
+++ b/salt/soctopus/files/templates/generic.template
@@ -1,9 +1,6 @@
 {% set es = salt['pillar.get']('static:masterip', '') %}
 {% set hivehost = salt['pillar.get']('static:masterip', '') %}
 {% set hivekey = salt['pillar.get']('static:hivekey', '') %}
-es_host: {{es}}
-es_port: 9200
-
 alert: modules.so.thehive.TheHiveAlerter
 
 hive_connection:
@@ -16,11 +13,11 @@ hive_proxies:
 
 hive_alert_config:
   title: '{rule[name]}'
-  type: 'external'
+  type: 'playbook'
   source: 'SecurityOnion'
-  description: "`Play:` https://{{es}}/playbook/issues/6000 \n\n `Data:` {match[message]}"
+  description: "`Play:` https://{{es}}/playbook/issues/6000 \n\n `View Event:` <https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{match[_id]}'),sort:!('@timestamp',desc))>  \n\n `Raw Data:` {match[message]}"
   severity: 2
-  tags: ['elastalert', 'SecurityOnion']
+  tags: ['playbook']
   tlp: 3
   status: 'New'
   follow: True