From fe690922de38a2d6ef9dd9da8afad312e39ad97e Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 30 Aug 2023 19:16:05 +0000 Subject: [PATCH 1/4] Add analyzer configuration to the defaults file --- salt/sensoroni/defaults.yaml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/salt/sensoroni/defaults.yaml b/salt/sensoroni/defaults.yaml index 4ccc11ce9..f53646ac2 100644 --- a/salt/sensoroni/defaults.yaml +++ b/salt/sensoroni/defaults.yaml @@ -8,3 +8,31 @@ sensoroni: node_checkin_interval_ms: 10000 sensoronikey: soc_host: + analyzers: + emailrep: + base_url: https://emailrep.io/ + api_key: + greynoise: + base_url: https://api.greynoise.io/ + api_key: + api_version: community + localfile: + file_path: [] + otx: + base_url: https://otx.alienvault.com/api/v1/ + api_key: + pulsedive: + base_url: https://pulsedive.com/api/ + api_key: + spamhaus: + lookup_host: zen.spamhaus.org + nameservers: [] + urlscan: + base_url: https://urlscan.io/api/v1/ + api_key: + enabled: False + visibility: public + timeout: 180 + virustotal: + base_url: https://www.virustotal.com/api/v3/search?query= + api_key: From 8cc19b0748c6804abe01abb8f7dd3df9dc23784f Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 30 Aug 2023 19:16:38 +0000 Subject: [PATCH 2/4] Add analyzer configuration description --- salt/sensoroni/soc_sensoroni.yaml | 142 ++++++++++++++++++++++++++++++ 1 file changed, 142 insertions(+) diff --git a/salt/sensoroni/soc_sensoroni.yaml b/salt/sensoroni/soc_sensoroni.yaml index 8a35272ea..6a728ef9c 100644 --- a/salt/sensoroni/soc_sensoroni.yaml +++ b/salt/sensoroni/soc_sensoroni.yaml @@ -37,3 +37,145 @@ sensoroni: helpLink: sensoroni.html global: True advanced: True + analyzers: + emailrep: + api_key: + description: API key for the EmailRep analyzer. + helpLink: sensoroni.html + global: True + sensitive: True + advanced: True + forcedType: string + base_url: + description: Base URL for the EmailRep analyzer. + helpLink: sensoroni.html + global: True + sensitive: False + advanced: True + forcedType: string + greynoise: + api_key: + description: API key for the GreyNoise analyzer. + helpLink: sensoroni.html + global: True + sensitive: True + advanced: True + forcedType: string + api_version: + description: API key for the GreyNoise analyzer. + helpLink: sensoroni.html + global: True + sensitive: False + advanced: True + forcedType: string + base_url: + description: Base URL for the GreyNoise analyzer. + helpLink: sensoroni.html + global: True + sensitive: False + advanced: True + forcedType: string + localfile: + file_path: + description: File path for the LocalFile analyzer. + helpLink: sensoroni.html + global: True + sensitive: False + advanced: True + forcedType: "[]string" + otx: + api_key: + description: API key for the OTX analyzer. + helpLink: sensoroni.html + global: True + sensitive: True + advanced: True + forcedType: string + base_url: + description: Base URL for the OTX analyzer. + helpLink: sensoroni.html + global: True + sensitive: False + advanced: True + forcedType: string + pulsedive: + api_key: + description: API key for the Pulsedive analyzer. + helpLink: sensoroni.html + global: True + sensitive: True + advanced: True + forcedType: string + base_url: + description: Base URL for the Pulsedive analyzer. + helpLink: sensoroni.html + global: True + sensitive: False + advanced: True + forcedType: string + spamhaus: + lookup_host: + description: Host to use for lookups. + helpLink: sensoroni.html + global: True + sensitive: False + advanced: True + forcedType: string + nameservers: + description: Nameservers used for queries. + helpLink: sensoroni.html + global: True + sensitive: False + advanced: True + forcedTypes: "[]string" + urlscan: + api_key: + description: API key for the Urlscan analyzer. + helpLink: sensoroni.html + global: True + sensitive: True + advanced: True + forcedType: string + base_url: + description: Base URL for the Urlscan analyzer. + helpLink: sensoroni.html + global: True + sensitive: False + advanced: True + forcedType: string + enabled: + description: Analyzer enabled + helpLink: sensoroni.html + global: True + sensitive: False + advanced: True + forcedType: bool + timeout: + description: Timeout for the Urlscan analyzer. + helpLink: sensoroni.html + global: True + sensitive: False + advanced: True + forcedType: int + visibility: + description: Type of visibility. + helpLink: sensoroni.html + global: True + sensitive: False + advanced: True + forcedType: string + virustotal: + api_key: + description: API key for the VirusTotal analyzer. + helpLink: sensoroni.html + global: True + sensitive: True + advanced: True + forcedType: string + base_url: + description: Base URL for the VirusTotal analyzer. + helpLink: sensoroni.html + global: True + sensitive: False + advanced: True + forcedType: string From 21e91a753701b2672fedc9a5025982b05138fb6b Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 30 Aug 2023 16:10:38 -0400 Subject: [PATCH 3/4] Fix api_version --- salt/sensoroni/soc_sensoroni.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/sensoroni/soc_sensoroni.yaml b/salt/sensoroni/soc_sensoroni.yaml index 6a728ef9c..2d1536191 100644 --- a/salt/sensoroni/soc_sensoroni.yaml +++ b/salt/sensoroni/soc_sensoroni.yaml @@ -62,7 +62,7 @@ sensoroni: advanced: True forcedType: string api_version: - description: API key for the GreyNoise analyzer. + description: API version for the GreyNoise analyzer. helpLink: sensoroni.html global: True sensitive: False From 41300af944c1c537ef9bf99bb2411d80bafdbb4e Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 30 Aug 2023 16:30:32 -0400 Subject: [PATCH 4/4] Set global to false --- salt/sensoroni/soc_sensoroni.yaml | 38 +++++++++++++++---------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/salt/sensoroni/soc_sensoroni.yaml b/salt/sensoroni/soc_sensoroni.yaml index 2d1536191..eb63dbe25 100644 --- a/salt/sensoroni/soc_sensoroni.yaml +++ b/salt/sensoroni/soc_sensoroni.yaml @@ -42,14 +42,14 @@ sensoroni: api_key: description: API key for the EmailRep analyzer. helpLink: sensoroni.html - global: True + global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the EmailRep analyzer. helpLink: sensoroni.html - global: True + global: False sensitive: False advanced: True forcedType: string @@ -57,21 +57,21 @@ sensoroni: api_key: description: API key for the GreyNoise analyzer. helpLink: sensoroni.html - global: True + global: False sensitive: True advanced: True forcedType: string api_version: description: API version for the GreyNoise analyzer. helpLink: sensoroni.html - global: True + global: False sensitive: False advanced: True forcedType: string base_url: description: Base URL for the GreyNoise analyzer. helpLink: sensoroni.html - global: True + global: False sensitive: False advanced: True forcedType: string @@ -79,7 +79,7 @@ sensoroni: file_path: description: File path for the LocalFile analyzer. helpLink: sensoroni.html - global: True + global: False sensitive: False advanced: True forcedType: "[]string" @@ -87,14 +87,14 @@ sensoroni: api_key: description: API key for the OTX analyzer. helpLink: sensoroni.html - global: True + global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the OTX analyzer. helpLink: sensoroni.html - global: True + global: False sensitive: False advanced: True forcedType: string @@ -102,14 +102,14 @@ sensoroni: api_key: description: API key for the Pulsedive analyzer. helpLink: sensoroni.html - global: True + global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the Pulsedive analyzer. helpLink: sensoroni.html - global: True + global: False sensitive: False advanced: True forcedType: string @@ -117,14 +117,14 @@ sensoroni: lookup_host: description: Host to use for lookups. helpLink: sensoroni.html - global: True + global: False sensitive: False advanced: True forcedType: string nameservers: description: Nameservers used for queries. helpLink: sensoroni.html - global: True + global: False sensitive: False advanced: True forcedTypes: "[]string" @@ -132,35 +132,35 @@ sensoroni: api_key: description: API key for the Urlscan analyzer. helpLink: sensoroni.html - global: True + global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the Urlscan analyzer. helpLink: sensoroni.html - global: True + global: False sensitive: False advanced: True forcedType: string enabled: description: Analyzer enabled helpLink: sensoroni.html - global: True + global: False sensitive: False advanced: True forcedType: bool timeout: description: Timeout for the Urlscan analyzer. helpLink: sensoroni.html - global: True + global: False sensitive: False advanced: True forcedType: int visibility: description: Type of visibility. helpLink: sensoroni.html - global: True + global: False sensitive: False advanced: True forcedType: string @@ -168,14 +168,14 @@ sensoroni: api_key: description: API key for the VirusTotal analyzer. helpLink: sensoroni.html - global: True + global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the VirusTotal analyzer. helpLink: sensoroni.html - global: True + global: False sensitive: False advanced: True forcedType: string