Merge pull request #865 from Security-Onion-Solutions/feature/cortex_custom

Feature/cortex custom
2025-12-06 17:22:49 +01:00 · 2020-06-17 09:22:42 -04:00
parent 6410087994 1beff65cc9
commit b489420002
2 changed files with 33 additions and 1 deletions
--- a/salt/thehive/etc/cortex-application.conf
+++ b/salt/thehive/etc/cortex-application.conf
@@ -127,4 +127,20 @@ analyzer {
  }
 }

+## RESPONDERS
+##
+responder {
+  # Directory that holds responders
+  urls = ["/Cortex-Analyzers/responders", "/custom-responders"]
+
+  fork-join-executor {
+    # Min number of threads available for analyze
+    parallelism-min = 2
+    # Parallelism (threads) ... ceil(available processors * factor)
+    parallelism-factor = 2.0
+    # Max number of threads available for analyze
+    parallelism-max = 4
+  }
+}
+
 # It's the end my friend. Happy hunting!
--- a/salt/thehive/init.sls
+++ b/salt/thehive/init.sls
@@ -45,6 +45,20 @@ cortexconf:
    - group: 939
    - template: jinja

+cortexanalyzers:
+  file.directory:
+    - name: /opt/so/conf/cortex/custom-analyzers
+    - user: 939
+    - group: 939
+    - template: jinja
+
+cortexresponders:
+  file.directory:
+    - name: /opt/so/conf/cortex/custom-responders
+    - user: 939
+    - group: 939
+    - template: jinja
+
 # Install Elasticsearch

 # Made directory for ES data to live in
@@ -91,7 +105,9 @@ so-cortex:
    - user: 939
    - binds:
      - /opt/so/conf/thehive/etc/cortex-application.conf:/opt/cortex/conf/application.conf:ro
-    - port_bindings:
+      - /opt/so/conf/cortex/custom-analyzers:/custom-analyzers:ro
+      - /opt/so/conf/cortex/custom-responders:/custom-responders:ro
+   - port_bindings:
      - 0.0.0.0:9001:9001

 cortexscript: