diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 42c7b43bf..5fbb1771f 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -765,29 +765,6 @@ upgrade_space() { fi } -thehive_maint() { - echo -n "Waiting for TheHive..." - COUNT=0 - THEHIVE_CONNECTED="no" - while [[ "$COUNT" -le 240 ]]; do - curl --output /dev/null --silent --head --fail -k "https://localhost/thehive/api/alert" - if [ $? -eq 0 ]; then - THEHIVE_CONNECTED="yes" - echo "connected!" - break - else - ((COUNT+=1)) - sleep 1 - echo -n "." - fi - done - if [ "$THEHIVE_CONNECTED" == "yes" ]; then - echo "Migrating thehive databases if needed." - curl -v -k -XPOST -L "https://localhost/thehive/api/maintenance/migrate" >> "$SOUP_LOG" 2>&1 - curl -v -k -XPOST -L "https://localhost/cortex/api/maintenance/migrate" >> "$SOUP_LOG" 2>&1 - fi -} - unmount_update() { cd /tmp umount /tmp/soagupdate @@ -1175,7 +1152,6 @@ main() { salt-call state.highstate -l info queue=True postupgrade_changes [[ $is_airgap -eq 0 ]] && unmount_update - thehive_maint echo "" echo "Upgrade to $NEWVERSION complete." diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 7f3731c75..2a5fe95f7 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -334,30 +334,6 @@ http { } {%- endif %} - - location /thehive/ { - proxy_pass http://{{ manager_ip }}:9000/thehive/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_http_version 1.1; # this is essential for chunked responses to work - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /cortex/ { - proxy_pass http://{{ manager_ip }}:9001/cortex/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_http_version 1.1; # this is essential for chunked responses to work - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } location /soctopus/ { auth_request /auth/sessions/whoami; diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index 4160a5a01..9b034ad57 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -1,8 +1,8 @@ {%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %} {%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') %} {%- set THEHIVEKEY = salt['pillar.get']('global:hivekey', '') %} +{%- set THEHIVEURL = salt['pillar.get']('global:hiveurl', '') %} {%- set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %} -{%- set THEHIVE = salt['pillar.get']('manager:thehive', '0') %} {%- set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %} {%- set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %} {%- set GRAFANA = salt['pillar.get']('manager:grafana', '0') %} @@ -91,7 +91,7 @@ }, {%- if CASE_MODULE == 'thehive' and THEHIVEKEY != '' %} "thehive": { - "hostUrl": "http://{{ MANAGERIP }}:9000/thehive", + "hostUrl": "http://{{ HIVEURL }}:9000/thehive", "key": "{{ THEHIVEKEY }}", "verifyCert": false }, @@ -140,9 +140,6 @@ {%- if PLAYBOOK == 0 %} "toolPlaybook", {%- endif %} - {%- if THEHIVE == 0 %} - "toolTheHive", - {%- endif %} {%- if not FLEETMANAGER and not FLEETNODE %} "toolFleet", {%- endif %} diff --git a/salt/soc/files/soc/tools.json b/salt/soc/files/soc/tools.json index 96d9a3f50..b53f112e5 100644 --- a/salt/soc/files/soc/tools.json +++ b/salt/soc/files/soc/tools.json @@ -4,6 +4,5 @@ { "name": "toolCyberchef", "description": "toolCyberchefHelp", "icon": "fa-external-link-alt", "target": "so-cyberchef", "link": "/cyberchef/" }, { "name": "toolPlaybook", "description": "toolPlaybookHelp", "icon": "fa-external-link-alt", "target": "so-playbook", "link": "/playbook/projects/detection-playbooks/issues/" }, { "name": "toolFleet", "description": "toolFleetHelp", "icon": "fa-external-link-alt", "target": "so-fleet", "link": "/fleet/" }, - { "name": "toolTheHive", "description": "toolTheHiveHelp", "icon": "fa-external-link-alt", "target": "so-thehive", "link": "/thehive/" }, { "name": "toolNavigator", "description": "toolNavigatorHelp", "icon": "fa-external-link-alt", "target": "so-navigator", "link": "/navigator/" } ] \ No newline at end of file diff --git a/salt/soctopus/files/SOCtopus.conf b/salt/soctopus/files/SOCtopus.conf index f45d2f5e3..b6b6825eb 100644 --- a/salt/soctopus/files/SOCtopus.conf +++ b/salt/soctopus/files/SOCtopus.conf @@ -1,6 +1,7 @@ {%- set MANAGER = salt['pillar.get']('manager:mainip', '') %} {%- set URLBASE = salt['pillar.get']('global:url_base', '') %} {%- set HIVEKEY = salt['pillar.get']('global:hivekey', '') %} +{%- set THEHIVEURL = salt['pillar.get']('global:hiveurl', '') %} {%- set CORTEXKEY = salt['pillar.get']('global:cortexorguserkey', '') %} {%- set PLAYBOOK_KEY = salt['pillar.get']('playbook:api_key', '') %} {%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} @@ -21,7 +22,7 @@ es_verifycert = no [cortex] auto_analyze_alerts = no -cortex_url = https://{{URLBASE}}/cortex/ +cortex_url = https://{{THEHIVEURL}}/cortex/ cortex_key = {{ CORTEXKEY }} supported_analyzers = Urlscan_io_Search,CERTatPassiveDNS @@ -42,7 +43,7 @@ grr_user = YOURGRRUSER grr_pass = YOURGRRPASS [hive] -hive_url = https://{{URLBASE}}/thehive/ +hive_url = https://{{THEHIVEURL}}/thehive/ hive_key = {{ HIVEKEY }} hive_tlp = 3 hive_verifycert = no diff --git a/setup/so-functions b/setup/so-functions index b71648fbe..5b4914941 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -153,18 +153,6 @@ check_admin_pass() { check_pass_match "$ADMINPASS1" "$ADMINPASS2" "APMATCH" } -check_hive_init() { - - wait_for_file /opt/so/state/thehive.txt 20 5 - local return_val=$? - if [[ $return_val -ne 0 ]]; then - return $return_val - fi - - docker stop so-thehive - docker rm so-thehive -} - check_manager_state() { echo "Checking state of manager services. This may take a moment..." retry 2 15 "__check_so_status" >> $setup_log 2>&1 && retry 2 15 "__check_salt_master" >> $setup_log 2>&1 && return 0 || return 1 @@ -1499,13 +1487,6 @@ generate_passwords(){ FLEETSAPASS=$(get_random_value) FLEETJWT=$(get_random_value) GRAFANAPASS=$(get_random_value) - if [[ "$THEHIVE" == "1" ]]; then - HIVEKEY=$(get_random_value) - HIVEPLAYSECRET=$(get_random_value) - CORTEXKEY=$(get_random_value) - CORTEXORGUSERKEY=$(get_random_value) - CORTEXPLAYSECRET=$(get_random_value) - fi SENSORONIKEY=$(get_random_value) KRATOSKEY=$(get_random_value) } @@ -1673,7 +1654,6 @@ manager_pillar() { " es_port: $node_es_port"\ " grafana: $GRAFANA"\ " osquery: $OSQUERY"\ - " thehive: $THEHIVE"\ " playbook: $PLAYBOOK"\ ""\ "elasticsearch:"\ @@ -1759,22 +1739,6 @@ manager_global() { " airgap: False"\ >> "$global_pillar" fi - # Check if TheHive is enabled. If so, add creds and other details - if [[ "$THEHIVE" == "1" ]]; then - printf '%s\n'\ - " hiveuser: '$WEBUSER'"\ - " hivepassword: '$WEBPASSWD1'"\ - " hivekey: '$HIVEKEY'"\ - " hiveplaysecret: '$HIVEPLAYSECRET'"\ - " cortexuser: '$WEBUSER'"\ - " cortexpassword: '$WEBPASSWD1'"\ - " cortexkey: '$CORTEXKEY'"\ - " cortexorgname: 'SecurityOnion'"\ - " cortexorguser: 'soadmin'"\ - " cortexorguserkey: '$CORTEXORGUSERKEY'"\ - " cortexplaysecret: '$CORTEXPLAYSECRET'" >> "$global_pillar" - fi - # Continue adding other details printf '%s\n'\ " fleet_custom_hostname: "\ diff --git a/setup/so-setup b/setup/so-setup index 9579df79d..e8709b668 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -440,7 +440,6 @@ if [[ $is_import ]]; then GRAFANA=${GRAFANA:-0} OSQUERY=${OSQUERY:-0} WAZUH=${WAZUH:-0} - THEHIVE=${THEHIVE:-0} PLAYBOOK=${PLAYBOOK:-0} fi @@ -937,11 +936,6 @@ echo "1" > /root/accept_changes salt-call state.apply -l info wazuh >> $setup_log 2>&1 fi - if [[ "$THEHIVE" = 1 ]]; then - set_progress_str 80 "$(print_salt_state_apply 'thehive')" - salt-call state.apply -l info thehive >> $setup_log 2>&1 - fi - if [[ "$STRELKA" = 1 ]]; then if [[ $is_sensor ]]; then set_progress_str 81 "$(print_salt_state_apply 'strelka')" @@ -1018,11 +1012,6 @@ else generate_repo_tarball >> "$setup_log" 2>&1 fi - if [[ $THEHIVE == 1 ]]; then - set_progress_str 99 'Waiting for TheHive to start up' - check_hive_init >> $setup_log 2>&1 - fi - if [[ -n $LEARN_LOGSCAN_ENABLE ]]; then set_progress_str 99 'Enabling logscan' so-learn enable logscan --apply >> $setup_log 2>&1