CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/dev' into issue/6811

Browse Source
This commit is contained in:
m0duspwnens
2022-01-11 09:48:31 -05:00
parent a8d1b9eb90 17509a9231
commit b5c274de10
2 changed files with 21 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/elasticsearch/init.sls
View File

@@ -24,6 +24,7 @@ include:
{% set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%} {% set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
{% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} {% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %}
{% set MANAGERIP = salt['pillar.get']('global:managerip') %} {% set MANAGERIP = salt['pillar.get']('global:managerip') %}
{% set ESMOUNT = salt ['pillar.get']('elasticsearch:extramount')%}
{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %} {% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %}
{% set esclustername = salt['pillar.get']('manager:esclustername') %} {% set esclustername = salt['pillar.get']('manager:esclustername') %}
@@ -288,6 +289,9 @@ so-elasticsearch:
- /opt/so/conf/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles:ro - /opt/so/conf/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles:ro
- /opt/so/conf/elasticsearch/users:/usr/share/elasticsearch/config/users:ro - /opt/so/conf/elasticsearch/users:/usr/share/elasticsearch/config/users:ro
{% endif %} {% endif %}
{% if ESMOUNT %}
- {{ ESMOUNT }}:/snapshots:rw
{% endif %}
- watch: - watch:
- file: cacertz - file: cacertz
- file: esyml - file: esyml

18
salt/elasticsearch/templates/so/so-common-template.json.jinja
View File

@@ -291,6 +291,14 @@
}, },
"event": { "event": {
"properties": { "properties": {
"acknowledged": {
"type": "boolean",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"action": { "action": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
@@ -331,6 +339,14 @@
"end": { "end": {
"type": "date" "type": "date"
}, },
"escalated": {
"type": "boolean",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"hash": { "hash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
@@ -397,7 +413,7 @@
}, },
"severity_label": { "severity_label": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword". "type": "keyword",
"fields": { "fields": {
"keyword": { "keyword": {
"type": "keyword" "type": "keyword"