CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Turn on SSL output

Browse Source
This commit is contained in:
Mike Reeves
2020-10-11 15:58:12 -04:00
parent 29c3948f95
commit a7bd1c2ce5
12 changed files with 51 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja
View File

@@ -13,6 +13,10 @@ output {
template_name => "so-zeek"
template => "/templates/so-zeek-template.json"
template_overwrite => true
{%- if salt['pillar.get']('nodestab', {}) %}
ssl => true
ssl_verification => false
{%- endif %}
}
}
}

4
salt/logstash/pipelines/config/so/9002_output_import.conf.jinja
View File

@@ -13,6 +13,10 @@ output {
template_name => "so-import"
template => "/templates/so-import-template.json"
template_overwrite => true
{%- if salt['pillar.get']('nodestab', {}) %}
ssl => true
ssl_verification => false
{%- endif %}
}
}
}

4
salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja
View File

@@ -12,6 +12,10 @@ output {
template_name => "so-flow"
template => "/templates/so-flow-template.json"
template_overwrite => true
{%- if salt['pillar.get']('nodestab', {}) %}
ssl => true
ssl_verification => false
{%- endif %}
}
}
}

4
salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja
View File

@@ -12,6 +12,10 @@ output {
template_name => "so-ids"
template => "/templates/so-ids-template.json"
template_overwrite => true
{%- if salt['pillar.get']('nodestab', {}) %}
ssl => true
ssl_verification => false
{%- endif %}
}
}
}

4
salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja
View File

@@ -13,6 +13,10 @@ output {
template_name => "so-syslog"
template => "/templates/so-syslog-template.json"
template_overwrite => true
{%- if salt['pillar.get']('nodestab', {}) %}
ssl => true
ssl_verification => false
{%- endif %}
}
}
}

4
salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja
View File

@@ -13,6 +13,10 @@ output {
template_name => "so-osquery"
template => "/templates/so-osquery-template.json"
template_overwrite => true
{%- if salt['pillar.get']('nodestab', {}) %}
ssl => true
ssl_verification => false
{%- endif %}
}
}
}

4
salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja
View File

@@ -12,6 +12,10 @@ output {
template_name => "so-firewall"
template => "/templates/so-firewall-template.json"
template_overwrite => true
{%- if salt['pillar.get']('nodestab', {}) %}
ssl => true
ssl_verification => false
{%- endif %}
}
}
}

4
salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja
View File

@@ -12,6 +12,10 @@ output {
index => "so-ids-%{+YYYY.MM.dd}"
template_name => "so-ids"
template => "/templates/so-ids-template.json"
{%- if salt['pillar.get']('nodestab', {}) %}
ssl => true
ssl_verification => false
{%- endif %}
}
}
}

4
salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja
View File

@@ -13,6 +13,10 @@ output {
template_name => "so-beats"
template => "/templates/so-beats-template.json"
template_overwrite => true
{%- if salt['pillar.get']('nodestab', {}) %}
ssl => true
ssl_verification => false
{%- endif %}
}
}
}

4
salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
View File

@@ -13,6 +13,10 @@ output {
template_name => "so-ossec"
template => "/templates/so-ossec-template.json"
template_overwrite => true
{%- if salt['pillar.get']('nodestab', {}) %}
ssl => true
ssl_verification => false
{%- endif %}
}
}
}

4
salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja
View File

@@ -13,6 +13,10 @@ output {
template_name => "so-strelka"
template => "/templates/so-strelka-template.json"
template_overwrite => true
{%- if salt['pillar.get']('nodestab', {}) %}
ssl => true
ssl_verification => false
{%- endif %}
}
}
}

8
salt/soc/init.sls
View File

@@ -56,10 +56,16 @@ so-soc:
- /opt/so/conf/soc/soc.json:/opt/sensoroni/sensoroni.json:ro
- /opt/so/conf/soc/changes.json:/opt/sensoroni/html/changes.json:ro
- /opt/so/log/soc/:/opt/sensoroni/logs/:rw
- extra_hosts:
{%- if salt['pillar.get']('nodestab', {}) %}
{%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
- {{ SN.split('_')|first }}:{{ SNDATA.ip }}
{%- endfor %}
{%- endif %}
- port_bindings:
- 0.0.0.0:9822:9822
- watch:
- file: /opt/so/conf/soc
- file: /opt/so/conf/soc/*
# Add Kratos Group
kratosgroup: