Pull in upstream changes

2026-01-12 11:11:22 +01:00 · 2023-01-27 07:53:53 -05:00
parent 29aa6dceed 83aad48e3a
commit a71cbcfc9b
174 changed files with 549 additions and 615 deletions
--- a/pillar/logstash/manager.sls
+++ b/pillar/logstash/manager.sls
@@ -2,9 +2,7 @@ logstash:
  pipelines:
    manager:
      config:
-        - so/0009_input_beats.conf      
-        - so/0010_input_hhbeats.conf
        - so/0011_input_endgame.conf
        - so/0012_input_elastic_agent.conf     
        - so/9999_output_redis.conf.jinja
-        
+        
--- a/pillar/logstash/receiver.sls
+++ b/pillar/logstash/receiver.sls
@@ -2,8 +2,7 @@ logstash:
  pipelines:
    receiver:
      config:
-        - so/0009_input_beats.conf      
-        - so/0010_input_hhbeats.conf
        - so/0011_input_endgame.conf
+        - so/0012_input_elastic_agent.conf
        - so/9999_output_redis.conf.jinja
-        
+        
--- a/pillar/logstash/search.sls
+++ b/pillar/logstash/search.sls
@@ -3,16 +3,5 @@ logstash:
    search:
      config:
        - so/0900_input_redis.conf.jinja
-        - so/9000_output_zeek.conf.jinja
-        - so/9002_output_import.conf.jinja
-        - so/9034_output_syslog.conf.jinja
-        - so/9050_output_filebeatmodules.conf.jinja
-        - so/9100_output_osquery.conf.jinja  
-        - so/9400_output_suricata.conf.jinja
-        - so/9500_output_beats.conf.jinja
-        - so/9600_output_ossec.conf.jinja
-        - so/9700_output_strelka.conf.jinja
-        - so/9800_output_logscan.conf.jinja
-        - so/9801_output_rita.conf.jinja
        - so/9805_output_elastic_agent.conf.jinja
        - so/9900_output_endgame.conf.jinja
--- a/pillar/node_data/ips.sls
+++ b/pillar/node_data/ips.sls
@@ -1,7 +1,5 @@
 {% set node_types = {} %}
 {% set manage_alived = salt.saltutil.runner('manage.alived', show_ip=True) %}
-{% set manager = grains.master %}
-{% set manager_type = manager.split('_')|last %}
 {% for minionid, ip in salt.saltutil.runner('mine.get', tgt='*', fun='network.ip_addrs', tgt_type='glob') | dictsort() %}
 {%   set hostname = minionid.split('_')[0] %}
 {%   set node_type = minionid.split('_')[1] %}
@@ -24,10 +22,10 @@

 node_data:
 {% for node_type, host_values in node_types.items() %}
-  {{node_type}}:
 {%   for hostname, details in host_values.items() %}
-    {{hostname}}:
-      ip: {{details.ip}}
-      alive: {{ details.alive }}
+  {{hostname}}:
+    ip: {{details.ip}}
+    alive: {{ details.alive }}
+    role: {{node_type}}
 {%   endfor %}
 {% endfor %}
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -10,6 +10,7 @@ base:
    - sensoroni.adv_sensoroni
    - telegraf.soc_telegraf
    - telegraf.adv_telegraf
+    - node_data.ips

  '* and not *_eval and not *_import':
    - logstash.nodes
@@ -23,11 +24,15 @@ base:
    - logstash
    - logstash.manager
    - logstash.search
+    - logstash.soc_logstash
+    - logstash.adv_logstash
    - elasticsearch.index_templates

  '*_manager':
    - logstash
    - logstash.manager
+    - logstash.soc_logstash
+    - logstash.adv_logstash
    - elasticsearch.index_templates

  '*_manager or *_managersearch':
@@ -51,6 +56,8 @@ base:
    - redis.adv_redis
    - influxdb.soc_influxdb
    - influxdb.adv_influxdb
+    - elasticsearch.soc_elasticsearch
+    - elasticsearch.adv_elasticsearch
    - backup.soc_backup
    - backup.adv_backup
    - minions.{{ grains.id }}
@@ -76,6 +83,7 @@ base:
    - soc_global
    - kratos.soc_kratos
    - elasticsearch.soc_elasticsearch
+    - elasticsearch.adv_elasticsearch
    - manager.soc_manager
    - soc.soc_soc
    - kratos.soc_kratos
@@ -94,6 +102,7 @@ base:
    - logstash.manager
    - logstash.search
    - logstash.soc_logstash
+    - logstash.adv_logstash
    - elasticsearch.index_templates
    {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
    - elasticsearch.auth
@@ -111,6 +120,7 @@ base:
    - influxdb.soc_influxdb
    - influxdb.adv_influxdb
    - elasticsearch.soc_elasticsearch
+    - elasticsearch.adv_elasticsearch
    - manager.soc_manager
    - soc.soc_soc
    - backup.soc_backup
@@ -134,6 +144,8 @@ base:
  '*_searchnode':
    - logstash
    - logstash.search
+    - logstash.soc_logstash
+    - logstash.adv_logstash
    - elasticsearch.index_templates
    {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
    - elasticsearch.auth
@@ -148,6 +160,8 @@ base:
  '*_receiver':
    - logstash
    - logstash.receiver
+    - logstash.soc_logstash
+    - logstash.adv_logstash
    {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
    - elasticsearch.auth
    {% endif %}
@@ -169,6 +183,7 @@ base:
    {% endif %}
    - kratos.soc_kratos
    - elasticsearch.soc_elasticsearch
+    - elasticsearch.adv_elasticsearch
    - manager.soc_manager
    - soc.soc_soc
    - soc_global