Remove hive from more files

2025-12-21 16:33:08 +01:00 · 2022-03-15 09:37:58 -04:00
parent 81f0aa58b8
commit 9c80ff4f65
7 changed files with 5 additions and 103 deletions
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -765,29 +765,6 @@ upgrade_space() {
  fi  
 }

-thehive_maint() {
-  echo -n "Waiting for TheHive..."
-  COUNT=0
-  THEHIVE_CONNECTED="no"
-  while [[ "$COUNT" -le 240 ]]; do
-    curl --output /dev/null --silent --head --fail -k "https://localhost/thehive/api/alert"
-      if [ $? -eq 0 ]; then
-        THEHIVE_CONNECTED="yes"
-        echo "connected!"
-        break
-      else
-        ((COUNT+=1))
-        sleep 1
-        echo -n "."
-      fi
-  done
-  if [ "$THEHIVE_CONNECTED" == "yes" ]; then
-    echo "Migrating thehive databases if needed."
-    curl -v -k -XPOST -L "https://localhost/thehive/api/maintenance/migrate" >> "$SOUP_LOG" 2>&1
-    curl -v -k -XPOST -L "https://localhost/cortex/api/maintenance/migrate" >> "$SOUP_LOG" 2>&1
-  fi
-}
-
 unmount_update() {
  cd /tmp
  umount /tmp/soagupdate
@@ -1175,7 +1152,6 @@ main() {
    salt-call state.highstate -l info queue=True
    postupgrade_changes
    [[ $is_airgap -eq 0 ]] && unmount_update
-    thehive_maint

    echo ""
    echo "Upgrade to $NEWVERSION complete."
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -334,30 +334,6 @@ http {
 		}

 		{%- endif %}
-
-		location /thehive/ {
-			proxy_pass            http://{{ manager_ip }}:9000/thehive/;
-			proxy_read_timeout    90;
-			proxy_connect_timeout 90;
-			proxy_http_version    1.1; # this is essential for chunked responses to work
-			proxy_set_header      Host $host;
-			proxy_set_header      X-Real-IP $remote_addr;
-			proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
-			proxy_set_header      Proxy "";
-			proxy_set_header      X-Forwarded-Proto $scheme;
-		}
-
-		location /cortex/ {
-			proxy_pass            http://{{ manager_ip }}:9001/cortex/;
-			proxy_read_timeout    90;
-			proxy_connect_timeout 90;
-			proxy_http_version    1.1; # this is essential for chunked responses to work
-			proxy_set_header      Host $host;
-			proxy_set_header      X-Real-IP $remote_addr;
-			proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
-			proxy_set_header      Proxy "";
-			proxy_set_header      X-Forwarded-Proto $scheme;
-		}
 		
 		location /soctopus/ {
 			auth_request          /auth/sessions/whoami;
--- a/salt/soc/files/soc/soc.json
+++ b/salt/soc/files/soc/soc.json
@@ -1,8 +1,8 @@
 {%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
 {%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') %}
 {%- set THEHIVEKEY = salt['pillar.get']('global:hivekey', '') %}
+{%- set THEHIVEURL = salt['pillar.get']('global:hiveurl', '') %}
 {%- set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
-{%- set THEHIVE = salt['pillar.get']('manager:thehive', '0') %}
 {%- set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
 {%- set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
 {%- set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
@@ -91,7 +91,7 @@
      },
 {%- if CASE_MODULE == 'thehive' and THEHIVEKEY != '' %}
      "thehive": {
-        "hostUrl": "http://{{ MANAGERIP }}:9000/thehive",
+        "hostUrl": "http://{{ HIVEURL }}:9000/thehive",
        "key": "{{ THEHIVEKEY }}",
        "verifyCert": false
      },
@@ -140,9 +140,6 @@
        {%- if PLAYBOOK == 0 %}
          "toolPlaybook",
        {%- endif %}
-        {%- if THEHIVE == 0 %}
-          "toolTheHive",
-        {%- endif %}
        {%- if not FLEETMANAGER and not FLEETNODE %}
          "toolFleet",
        {%- endif %}
--- a/salt/soc/files/soc/tools.json
+++ b/salt/soc/files/soc/tools.json
@@ -4,6 +4,5 @@
  { "name": "toolCyberchef", "description": "toolCyberchefHelp", "icon": "fa-external-link-alt", "target": "so-cyberchef", "link": "/cyberchef/" },
  { "name": "toolPlaybook",  "description": "toolPlaybookHelp",  "icon": "fa-external-link-alt", "target": "so-playbook",  "link": "/playbook/projects/detection-playbooks/issues/" },
  { "name": "toolFleet",     "description": "toolFleetHelp",     "icon": "fa-external-link-alt", "target": "so-fleet",     "link": "/fleet/" },
-  { "name": "toolTheHive",   "description": "toolTheHiveHelp",   "icon": "fa-external-link-alt", "target": "so-thehive",   "link": "/thehive/" },
  { "name": "toolNavigator", "description": "toolNavigatorHelp", "icon": "fa-external-link-alt", "target": "so-navigator", "link": "/navigator/" }
 ]
--- a/salt/soctopus/files/SOCtopus.conf
+++ b/salt/soctopus/files/SOCtopus.conf
@@ -1,6 +1,7 @@
 {%- set MANAGER = salt['pillar.get']('manager:mainip', '') %}
 {%- set URLBASE = salt['pillar.get']('global:url_base', '') %}
 {%- set HIVEKEY = salt['pillar.get']('global:hivekey', '') %}
+{%- set THEHIVEURL = salt['pillar.get']('global:hiveurl', '') %}
 {%- set CORTEXKEY = salt['pillar.get']('global:cortexorguserkey', '') %}
 {%- set PLAYBOOK_KEY = salt['pillar.get']('playbook:api_key', '') %}
 {%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
@@ -21,7 +22,7 @@ es_verifycert = no

 [cortex]
 auto_analyze_alerts = no
-cortex_url = https://{{URLBASE}}/cortex/
+cortex_url = https://{{THEHIVEURL}}/cortex/
 cortex_key = {{ CORTEXKEY }}
 supported_analyzers = Urlscan_io_Search,CERTatPassiveDNS

@@ -42,7 +43,7 @@ grr_user = YOURGRRUSER
 grr_pass = YOURGRRPASS

 [hive]
-hive_url = https://{{URLBASE}}/thehive/
+hive_url = https://{{THEHIVEURL}}/thehive/
 hive_key = {{ HIVEKEY }}
 hive_tlp = 3
 hive_verifycert = no