Merge pull request #865 from Security-Onion-Solutions/feature/cortex_custom

Feature/cortex custom

salt/thehive/etc/cortex-application.conf

@@ -127,4 +127,20 @@ analyzer {
   }
 }
 
+## RESPONDERS
+##
+responder {
+  # Directory that holds responders
+  urls = ["/Cortex-Analyzers/responders", "/custom-responders"]
+
+  fork-join-executor {
+    # Min number of threads available for analyze
+    parallelism-min = 2
+    # Parallelism (threads) ... ceil(available processors * factor)
+    parallelism-factor = 2.0
+    # Max number of threads available for analyze
+    parallelism-max = 4
+  }
+}
+
 # It's the end my friend. Happy hunting!

salt/thehive/init.sls

@@ -45,6 +45,20 @@ cortexconf:
     - group: 939
     - template: jinja
 
+cortexanalyzers:
+  file.directory:
+    - name: /opt/so/conf/cortex/custom-analyzers
+    - user: 939
+    - group: 939
+    - template: jinja
+
+cortexresponders:
+  file.directory:
+    - name: /opt/so/conf/cortex/custom-responders
+    - user: 939
+    - group: 939
+    - template: jinja
+
 # Install Elasticsearch
 
 # Made directory for ES data to live in
@@ -91,6 +105,8 @@ so-cortex:
     - user: 939
     - binds:
       - /opt/so/conf/thehive/etc/cortex-application.conf:/opt/cortex/conf/application.conf:ro
+      - /opt/so/conf/cortex/custom-analyzers:/custom-analyzers:ro
+      - /opt/so/conf/cortex/custom-responders:/custom-responders:ro
    - port_bindings:
       - 0.0.0.0:9001:9001