Fix Kibana and friends

2025-12-06 17:22:49 +01:00 · 2023-04-26 13:30:23 -04:00
parent 4b73f859d1
commit b3f94961ea
3 changed files with 29 additions and 1 deletions
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -18,9 +18,12 @@ base:

  '*_eval or *_heavynode or *_sensor or *_standalone or *_import':
    - match: compound
-    - zeek
+    - zeek.soc_zeek
+    - zeek.adv_zeek
    - bpf.soc_bpf
    - bpf.adv_bpf
+    - suricata.soc_suricata
+    - suricata.adv_suricata

  '*_managersearch or *_heavynode':
    - match: compound
@@ -32,6 +35,8 @@ base:
    - elasticsearch.index_templates
    - elasticsearch.soc_elasticsearch
    - elasticsearch.adv_elasticsearch
+    - curator.soc_curator
+    - curator.adv_curator

  '*_manager':
    - logstash
@@ -39,6 +44,8 @@ base:
    - logstash.soc_logstash
    - logstash.adv_logstash
    - elasticsearch.index_templates
+    - curator.soc_curator
+    - curator.adv_curator

  '*_manager or *_managersearch':
    - match: compound
@@ -57,6 +64,8 @@ base:
    - idstools.adv_idstools
    - soc.soc_soc
    - soc.adv_soc
+    - kibana.soc_kibana
+    - kibana.adv_kibana
    - kratos.soc_kratos
    - kratos.adv_kratos
    - redis.soc_redis
@@ -65,6 +74,8 @@ base:
    - influxdb.adv_influxdb
    - elasticsearch.soc_elasticsearch
    - elasticsearch.adv_elasticsearch
+    - elastalert.soc_elastalert
+    - elastalert.adv_elastalert
    - backup.soc_backup
    - backup.adv_backup
    - firewall.soc_firewall
@@ -94,6 +105,8 @@ base:
    - kratos.soc_kratos
    - elasticsearch.soc_elasticsearch
    - elasticsearch.adv_elasticsearch
+    - elastalert.soc_elastalert
+    - elastalert.adv_elastalert
    - manager.soc_manager
    - manager.adv_manager
    - idstools.soc_idstools
@@ -139,6 +152,8 @@ base:
    - influxdb.adv_influxdb
    - elasticsearch.soc_elasticsearch
    - elasticsearch.adv_elasticsearch
+    - elastalert.soc_elastalert
+    - elastalert.adv_elastalert
    - manager.soc_manager
    - manager.adv_manager
    - soc.soc_soc
@@ -209,6 +224,8 @@ base:
    - kratos.soc_kratos
    - elasticsearch.soc_elasticsearch
    - elasticsearch.adv_elasticsearch
+    - elastalert.soc_elastalert
+    - elastalert.adv_elastalert
    - manager.soc_manager
    - manager.adv_manager
    - soc.soc_soc
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1336,6 +1336,11 @@ idh_pillar() {
 	touch $adv_idh_pillar_file
 }

+kibana_pillar() {
+	touch $adv_kibana_pillar_file
+	touch $kibana_pillar_file
+}
+
 logstash_pillar() {
 	# Create the logstash advanced pillar
 	touch $adv_logstash_pillar_file
--- a/setup/so-variables
+++ b/setup/so-variables
@@ -154,6 +154,12 @@ export manager_pillar_file
 adv_manager_pillar_file="$local_salt_dir/pillar/manager/adv_manager.sls"
 export adv_manager_pillar_file

+kibana_pillar_file="$local_salt_dir/pillar/kibana/soc_kibana.sls"
+export kibana_pillar_file
+
+adv_kibana_pillar_file="$local_salt_dir/pillar/kibana/adv_kibana.sls"
+export adv_kibana_pillar_file
+
 kratos_pillar_file="$local_salt_dir/pillar/kratos/soc_kratos.sls"
 export kratos_pillar_file