From b73eb76c948df22a819279a3575dd101c83f6dbc Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Tue, 7 Dec 2021 11:51:02 -0500
Subject: [PATCH] Make case module dynamic

---
 salt/soc/files/soc/soc.json | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json
index 02128fd3c..dbe8218c3 100644
--- a/salt/soc/files/soc/soc.json
+++ b/salt/soc/files/soc/soc.json
@@ -27,6 +27,8 @@
 {%-   set ES_PASS = '' %}
 {%- endif %}
 {%- set ES_INDEX_PATTERNS = salt['pillar.get']('soc:es_index_patterns', '*:so-*') %}
+{%- set CASE_MODULE = salt['pillar.get']('soc:case_module', 'soc') %}
+{%- set GENERIC_CASE_CONFIG = salt['pillar.get']('soc:generic_case_config', '') %}
 {
   "logFilename": "/opt/sensoroni/logs/sensoroni-server.log",
   "server": {
@@ -57,9 +59,10 @@
         {%- endif %}
         "username": "{{ ES_USER }}",
         "password": "{{ ES_PASS }}",
-	"index": "{{ ES_INDEX_PATTERNS }}",
+	      "index": "{{ ES_INDEX_PATTERNS }}",
         "cacheMs": {{ ES_FIELDCAPS_CACHE }},
         "verifyCert": false,
+        "casesEnabled": {{ 'true' if CASEMODULE == 'soc' else 'false' }},
         "timeoutMs": {{ API_TIMEOUT }}
       },
       "influxdb": {
@@ -77,12 +80,22 @@
         "refreshIntervalMs": 30000,
         "offlineThresholdMs": 900000
       },
-{% if THEHIVEKEY != '' %}
+{% if CASEMODULE == 'thehive' and THEHIVEKEY != '' %}
       "thehive": {
         "hostUrl": "http://{{ MANAGERIP }}:9000/thehive",
         "key": "{{ THEHIVEKEY }}",
         "verifyCert": false
       },
+{% elif CASEMODULE == 'elasticcases' %}
+      "elasticcases": {
+        "hostUrl": "https://{{ MANAGERIP }}:5601",
+        "username": "{{ ES_USER }}",
+        "password": "{{ ES_PASS }}",
+      },
+{% elif CASEMODULE == 'generichttp' %}
+      "generichttp": {
+        {{ GENERIC_CASE_CONFIG }}
+      },
 {% endif %}
       "statickeyauth": {
         "anonymousCidr": "{{ DNET }}/24",
@@ -139,7 +152,8 @@
         "relativeTimeUnit": 30,
         "mostRecentlyUsedLimit": 5,
         "ackEnabled": false,
-        "escalateEnabled": {{ 'true' if THEHIVEKEY != '' else 'false' }},
+        "escalateEnabled": true,
+        "escalateRelatedEventsEnabled": {{ 'true' if CASEMODULE == 'soc' else 'false' }},
         "eventFields": {{ hunt_eventfields | json }},
         "queryBaseFilter": "",
         "queryToggleFilters": [],
@@ -159,7 +173,8 @@
         "relativeTimeUnit": 30,
         "mostRecentlyUsedLimit": 5,
         "ackEnabled": true,
-        "escalateEnabled": {{ 'true' if THEHIVEKEY != '' else 'false' }},
+        "escalateEnabled": true,
+        "escalateRelatedEventsEnabled": {{ 'true' if CASEMODULE == 'soc' else 'false' }},
         "eventFields": {{ alerts_eventfields | json }},
         "queryBaseFilter": "event.dataset:alert",
         "queryToggleFilters": [