CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-15 06:38:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Create & assign Heavy Node Fleet Policy

Browse Source
This commit is contained in:
Josh Brower
2023-06-23 15:49:03 -04:00
parent a9585b2a7f
commit bb0cfc5253
29 changed files with 447 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pillar/top.sls
-2
View File
@@ -189,8 +189,6 @@ base:
- logstash.adv_logstash - logstash.adv_logstash
- elasticsearch.soc_elasticsearch - elasticsearch.soc_elasticsearch
- elasticsearch.adv_elasticsearch - elasticsearch.adv_elasticsearch
- elasticagent.soc_elasticagent
- elasticagent.adv_elasticagent
- curator.soc_curator - curator.soc_curator
- curator.adv_curator - curator.adv_curator
- redis.soc_redis - redis.soc_redis
salt/elasticfleet/files/integrations/grid-nodes_general/elasticsearch-logs.json
+106
View File
@@ -0,0 +1,106 @@
{
"package": {
"name": "elasticsearch",
"version": ""
},
"name": "elasticsearch-logs",
"namespace": "default",
"description": "Elasticsearch Logs",
"policy_id": "so-grid-nodes_general",
"inputs": {
"elasticsearch-logfile": {
"enabled": true,
"streams": {
"elasticsearch.audit": {
"enabled": false,
"vars": {
"paths": [
"/var/log/elasticsearch/*_audit.json"
]
}
},
"elasticsearch.deprecation": {
"enabled": false,
"vars": {
"paths": [
"/var/log/elasticsearch/*_deprecation.json"
]
}
},
"elasticsearch.gc": {
"enabled": false,
"vars": {
"paths": [
"/var/log/elasticsearch/gc.log.[0-9]*",
"/var/log/elasticsearch/gc.log"
]
}
},
"elasticsearch.server": {
"enabled": true,
"vars": {
"paths": [
"/opt/so/log/elasticsearch/*.log"
]
}
},
"elasticsearch.slowlog": {
"enabled": false,
"vars": {
"paths": [
"/var/log/elasticsearch/*_index_search_slowlog.json",
"/var/log/elasticsearch/*_index_indexing_slowlog.json"
]
}
}
}
},
"elasticsearch-elasticsearch/metrics": {
"enabled": false,
"vars": {
"hosts": [
"http://localhost:9200"
],
"scope": "node"
},
"streams": {
"elasticsearch.stack_monitoring.ccr": {
"enabled": false
},
"elasticsearch.stack_monitoring.cluster_stats": {
"enabled": false
},
"elasticsearch.stack_monitoring.enrich": {
"enabled": false
},
"elasticsearch.stack_monitoring.index": {
"enabled": false
},
"elasticsearch.stack_monitoring.index_recovery": {
"enabled": false,
"vars": {
"active.only": true
}
},
"elasticsearch.stack_monitoring.index_summary": {
"enabled": false
},
"elasticsearch.stack_monitoring.ml_job": {
"enabled": false
},
"elasticsearch.stack_monitoring.node": {
"enabled": false
},
"elasticsearch.stack_monitoring.node_stats": {
"enabled": false
},
"elasticsearch.stack_monitoring.pending_tasks": {
"enabled": false
},
"elasticsearch.stack_monitoring.shard": {
"enabled": false
}
}
}
}
}
salt/elasticfleet/files/integrations/grid-nodes/idh-logs.json → salt/elasticfleet/files/integrations/grid-nodes_general/idh-logs.json
+1 -1
View File
@@ -6,7 +6,7 @@
"name": "idh-logs", "name": "idh-logs",
"namespace": "so", "namespace": "so",
"description": "IDH integration", "description": "IDH integration",
"policy_id": "so-grid-nodes", "policy_id": "so-grid-nodes_general",
"inputs": { "inputs": {
"logs-logfile": { "logs-logfile": {
"enabled": true, "enabled": true,
salt/elasticfleet/files/integrations/grid-nodes/import-evtx-logs.json → salt/elasticfleet/files/integrations/grid-nodes_general/import-evtx-logs.json
+1 -1
View File
@@ -6,7 +6,7 @@
"name": "import-evtx-logs", "name": "import-evtx-logs",
"namespace": "so", "namespace": "so",
"description": "Import Windows EVTX logs", "description": "Import Windows EVTX logs",
"policy_id": "so-grid-nodes", "policy_id": "so-grid-nodes_general",
"vars": {}, "vars": {},
"inputs": { "inputs": {
"logs-logfile": { "logs-logfile": {
salt/elasticfleet/files/integrations/grid-nodes/import-suricata-logs.json → salt/elasticfleet/files/integrations/grid-nodes_general/import-suricata-logs.json
+1 -1
View File
@@ -6,7 +6,7 @@
"name": "import-suricata-logs", "name": "import-suricata-logs",
"namespace": "so", "namespace": "so",
"description": "Import Suricata logs", "description": "Import Suricata logs",
"policy_id": "so-grid-nodes", "policy_id": "so-grid-nodes_general",
"inputs": { "inputs": {
"logs-logfile": { "logs-logfile": {
"enabled": true, "enabled": true,
salt/elasticfleet/files/integrations/grid-nodes_general/kratos-logs.json
+29
View File
@@ -0,0 +1,29 @@
{
"package": {
"name": "log",
"version": ""
},
"name": "kratos-logs",
"namespace": "so",
"description": "Kratos logs",
"policy_id": "so-grid-nodes_general",
"inputs": {
"logs-logfile": {
"enabled": true,
"streams": {
"log.log": {
"enabled": true,
"vars": {
"paths": [
"/opt/so/log/kratos/kratos.log"
],
"data_stream.dataset": "kratos",
"tags": ["so-kratos"],
"processors": "- decode_json_fields:\n fields: [\"message\"]\n target: \"\"\n add_error_key: true \n- add_fields:\n target: event\n fields:\n category: iam\n module: kratos",
"custom": "pipeline: kratos"
}
}
}
}
}
}
salt/elasticfleet/files/integrations/grid-nodes_general/osquery-grid-nodes.json
+20
View File
@@ -0,0 +1,20 @@
{
"package": {
"name": "osquery_manager",
"version": ""
},
"name": "osquery-grid-nodes",
"namespace": "default",
"policy_id": "so-grid-nodes_general",
"inputs": {
"osquery_manager-osquery": {
"enabled": true,
"streams": {
"osquery_manager.result": {
"enabled": true,
"vars": {}
}
}
}
}
}
salt/elasticfleet/files/integrations/grid-nodes_general/redis-logs.json
+76
View File
@@ -0,0 +1,76 @@
{
"package": {
"name": "redis",
"version": ""
},
"name": "redis-logs",
"namespace": "default",
"description": "Redis logs",
"policy_id": "so-grid-nodes_general",
"inputs": {
"redis-logfile": {
"enabled": true,
"streams": {
"redis.log": {
"enabled": true,
"vars": {
"paths": [
"/opt/so/log/redis/redis.log"
],
"tags": [
"redis-log"
],
"preserve_original_event": false
}
}
}
},
"redis-redis": {
"enabled": false,
"streams": {
"redis.slowlog": {
"enabled": false,
"vars": {
"hosts": [
"127.0.0.1:6379"
],
"password": ""
}
}
}
},
"redis-redis/metrics": {
"enabled": false,
"vars": {
"hosts": [
"127.0.0.1:6379"
],
"idle_timeout": "20s",
"maxconn": 10,
"network": "tcp",
"password": ""
},
"streams": {
"redis.info": {
"enabled": false,
"vars": {
"period": "10s"
}
},
"redis.key": {
"enabled": false,
"vars": {
"key.patterns": "- limit: 20\n pattern: *\n",
"period": "10s"
}
},
"redis.keyspace": {
"enabled": false,
"vars": {
"period": "10s"
}
}
}
}
}
}
salt/elasticfleet/files/integrations/grid-nodes_general/soc-auth-sync-logs.json
+29
View File
@@ -0,0 +1,29 @@
{
"package": {
"name": "log",
"version": ""
},
"name": "soc-auth-sync-logs",
"namespace": "so",
"description": "Security Onion - Elastic Auth Sync - Logs",
"policy_id": "so-grid-nodes_general",
"inputs": {
"logs-logfile": {
"enabled": true,
"streams": {
"log.log": {
"enabled": true,
"vars": {
"paths": [
"/opt/so/log/soc/sync.log"
],
"data_stream.dataset": "soc",
"tags": ["so-soc"],
"processors": "- dissect:\n tokenizer: \"%{event.action}\"\n field: \"message\"\n target_prefix: \"\"\n- add_fields:\n target: event\n fields:\n category: host\n module: soc\n dataset_temp: auth_sync",
"custom": "pipeline: common"
}
}
}
}
}
}
salt/elasticfleet/files/integrations/grid-nodes_general/soc-salt-relay-logs.json
+29
View File
@@ -0,0 +1,29 @@
{
"package": {
"name": "log",
"version": ""
},
"name": "soc-salt-relay-logs",
"namespace": "so",
"description": "Security Onion - Salt Relay - Logs",
"policy_id": "so-grid-nodes_general",
"inputs": {
"logs-logfile": {
"enabled": true,
"streams": {
"log.log": {
"enabled": true,
"vars": {
"paths": [
"/opt/so/log/soc/salt-relay.log"
],
"data_stream.dataset": "soc",
"tags": ["so-soc"],
"processors": "- dissect:\n tokenizer: \"%{soc.ts} | %{event.action}\"\n field: \"message\"\n target_prefix: \"\"\n- add_fields:\n target: event\n fields:\n category: host\n module: soc\n dataset_temp: salt_relay",
"custom": "pipeline: common"
}
}
}
}
}
}
salt/elasticfleet/files/integrations/grid-nodes_general/soc-sensoroni-logs.json
+29
View File
@@ -0,0 +1,29 @@
{
"package": {
"name": "log",
"version": ""
},
"name": "soc-sensoroni-logs",
"namespace": "so",
"description": "Security Onion - Sensoroni - Logs",
"policy_id": "so-grid-nodes_general",
"inputs": {
"logs-logfile": {
"enabled": true,
"streams": {
"log.log": {
"enabled": true,
"vars": {
"paths": [
"/opt/so/log/sensoroni/sensoroni.log"
],
"data_stream.dataset": "soc",
"tags": [],
"processors": "- decode_json_fields:\n fields: [\"message\"]\n target: \"sensoroni\"\n process_array: true\n max_depth: 2\n add_error_key: true \n- add_fields:\n target: event\n fields:\n category: host\n module: soc\n dataset_temp: sensoroni\n- rename:\n fields:\n - from: \"sensoroni.fields.sourceIp\"\n to: \"source.ip\"\n - from: \"sensoroni.fields.status\"\n to: \"http.response.status_code\"\n - from: \"sensoroni.fields.method\"\n to: \"http.request.method\"\n - from: \"sensoroni.fields.path\"\n to: \"url.path\"\n - from: \"sensoroni.message\"\n to: \"event.action\"\n - from: \"sensoroni.level\"\n to: \"log.level\"\n ignore_missing: true",
"custom": "pipeline: common"
}
}
}
}
}
}
salt/elasticfleet/files/integrations/grid-nodes_general/soc-server-logs.json
+29
View File
@@ -0,0 +1,29 @@
{
"package": {
"name": "log",
"version": ""
},
"name": "soc-server-logs",
"namespace": "so",
"description": "Security Onion Console Logs",
"policy_id": "so-grid-nodes_general",
"inputs": {
"logs-logfile": {
"enabled": true,
"streams": {
"log.log": {
"enabled": true,
"vars": {
"paths": [
"/opt/so/log/soc/sensoroni-server.log"
],
"data_stream.dataset": "soc",
"tags": ["so-soc"],
"processors": "- decode_json_fields:\n fields: [\"message\"]\n target: \"soc\"\n process_array: true\n max_depth: 2\n add_error_key: true \n- add_fields:\n target: event\n fields:\n category: host\n module: soc\n dataset_temp: server\n- rename:\n fields:\n - from: \"soc.fields.sourceIp\"\n to: \"source.ip\"\n - from: \"soc.fields.status\"\n to: \"http.response.status_code\"\n - from: \"soc.fields.method\"\n to: \"http.request.method\"\n - from: \"soc.fields.path\"\n to: \"url.path\"\n - from: \"soc.message\"\n to: \"event.action\"\n - from: \"soc.level\"\n to: \"log.level\"\n ignore_missing: true",
"custom": "pipeline: common"
}
}
}
}
}
}
salt/elasticfleet/files/integrations/grid-nodes/strelka-logs.json → salt/elasticfleet/files/integrations/grid-nodes_general/strelka-logs.json
+1 -1
View File
@@ -6,7 +6,7 @@
"name": "strelka-logs", "name": "strelka-logs",
"namespace": "so", "namespace": "so",
"description": "Strelka logs", "description": "Strelka logs",
"policy_id": "so-grid-nodes", "policy_id": "so-grid-nodes_general",
"inputs": { "inputs": {
"logs-logfile": { "logs-logfile": {
"enabled": true, "enabled": true,
salt/elasticfleet/files/integrations/grid-nodes/suricata-logs.json → salt/elasticfleet/files/integrations/grid-nodes_general/suricata-logs.json
+1 -1
View File
@@ -6,7 +6,7 @@
"name": "suricata-logs", "name": "suricata-logs",
"namespace": "so", "namespace": "so",
"description": "Suricata integration", "description": "Suricata integration",
"policy_id": "so-grid-nodes", "policy_id": "so-grid-nodes_general",
"inputs": { "inputs": {
"logs-logfile": { "logs-logfile": {
"enabled": true, "enabled": true,
salt/elasticfleet/files/integrations/grid-nodes/syslog-tcp-514.json → salt/elasticfleet/files/integrations/grid-nodes_general/syslog-tcp-514.json
+1 -1
View File
@@ -6,7 +6,7 @@
"name": "syslog-tcp-514", "name": "syslog-tcp-514",
"namespace": "so", "namespace": "so",
"description": "Syslog Over TCP Port 514", "description": "Syslog Over TCP Port 514",
"policy_id": "so-grid-nodes", "policy_id": "so-grid-nodes_general",
"inputs": { "inputs": {
"tcp-tcp": { "tcp-tcp": {
"enabled": true, "enabled": true,
salt/elasticfleet/files/integrations/grid-nodes/syslog-udp-514.json → salt/elasticfleet/files/integrations/grid-nodes_general/syslog-udp-514.json
+1 -1
View File
@@ -6,7 +6,7 @@
"name": "syslog-udp-514", "name": "syslog-udp-514",
"namespace": "so", "namespace": "so",
"description": "Syslog over UDP Port 514", "description": "Syslog over UDP Port 514",
"policy_id": "so-grid-nodes", "policy_id": "so-grid-nodes_general",
"inputs": { "inputs": {
"udp-udp": { "udp-udp": {
"enabled": true, "enabled": true,
salt/elasticfleet/files/integrations/grid-nodes_general/system-grid-nodes.json
+40
View File
@@ -0,0 +1,40 @@
{
"policy_id": "so-grid-nodes_general",
"package": {
"name": "system",
"version": ""
},
"name": "system-grid-nodes",
"namespace": "default",
"inputs": {
"system-logfile": {
"enabled": true,
"streams": {
"system.auth": {
"enabled": true,
"vars": {
"paths": [
"/var/log/auth.log*",
"/var/log/secure*"
]
}
},
"system.syslog": {
"enabled": true,
"vars": {
"paths": [
"/var/log/messages*",
"/var/log/syslog*"
]
}
}
}
},
"system-winlog": {
"enabled": false
},
"system-system/metrics": {
"enabled": false
}
}
}
salt/elasticfleet/files/integrations/grid-nodes/elasticsearch-logs.json → salt/elasticfleet/files/integrations/grid-nodes_heavy/elasticsearch-logs.json
+1 -1
View File
@@ -6,7 +6,7 @@
"name": "elasticsearch-logs", "name": "elasticsearch-logs",
"namespace": "default", "namespace": "default",
"description": "Elasticsearch Logs", "description": "Elasticsearch Logs",
"policy_id": "so-grid-nodes", "policy_id": "so-grid-nodes_heavy",
"inputs": { "inputs": {
"elasticsearch-logfile": { "elasticsearch-logfile": {
"enabled": true, "enabled": true,
salt/elasticfleet/files/integrations/grid-nodes/kratos-logs.json → salt/elasticfleet/files/integrations/grid-nodes_heavy/kratos-logs.json
+1 -1
View File
@@ -6,7 +6,7 @@
"name": "kratos-logs", "name": "kratos-logs",
"namespace": "so", "namespace": "so",
"description": "Kratos logs", "description": "Kratos logs",
"policy_id": "so-grid-nodes", "policy_id": "so-grid-nodes_heavy",
"inputs": { "inputs": {
"logs-logfile": { "logs-logfile": {
"enabled": true, "enabled": true,
salt/elasticfleet/files/integrations/grid-nodes/osquery-grid-nodes.json → salt/elasticfleet/files/integrations/grid-nodes_heavy/osquery-grid-nodes.json
+1 -1
View File
@@ -5,7 +5,7 @@
}, },
"name": "osquery-grid-nodes", "name": "osquery-grid-nodes",
"namespace": "default", "namespace": "default",
"policy_id": "so-grid-nodes", "policy_id": "so-grid-nodes_heavy",
"inputs": { "inputs": {
"osquery_manager-osquery": { "osquery_manager-osquery": {
"enabled": true, "enabled": true,
salt/elasticfleet/files/integrations/grid-nodes/redis-logs.json → salt/elasticfleet/files/integrations/grid-nodes_heavy/redis-logs.json
+1 -1
View File
@@ -6,7 +6,7 @@
"name": "redis-logs", "name": "redis-logs",
"namespace": "default", "namespace": "default",
"description": "Redis logs", "description": "Redis logs",
"policy_id": "so-grid-nodes", "policy_id": "so-grid-nodes_heavy",
"inputs": { "inputs": {
"redis-logfile": { "redis-logfile": {
"enabled": true, "enabled": true,
salt/elasticfleet/files/integrations/grid-nodes/soc-auth-sync-logs.json → salt/elasticfleet/files/integrations/grid-nodes_heavy/soc-auth-sync-logs.json
+1 -1
View File
@@ -6,7 +6,7 @@
"name": "soc-auth-sync-logs", "name": "soc-auth-sync-logs",
"namespace": "so", "namespace": "so",
"description": "Security Onion - Elastic Auth Sync - Logs", "description": "Security Onion - Elastic Auth Sync - Logs",
"policy_id": "so-grid-nodes", "policy_id": "so-grid-nodes_heavy",
"inputs": { "inputs": {
"logs-logfile": { "logs-logfile": {
"enabled": true, "enabled": true,
salt/elasticfleet/files/integrations/grid-nodes/soc-salt-relay-logs.json → salt/elasticfleet/files/integrations/grid-nodes_heavy/soc-salt-relay-logs.json
+1 -1
View File
@@ -6,7 +6,7 @@
"name": "soc-salt-relay-logs", "name": "soc-salt-relay-logs",
"namespace": "so", "namespace": "so",
"description": "Security Onion - Salt Relay - Logs", "description": "Security Onion - Salt Relay - Logs",
"policy_id": "so-grid-nodes", "policy_id": "so-grid-nodes_heavy",
"inputs": { "inputs": {
"logs-logfile": { "logs-logfile": {
"enabled": true, "enabled": true,
salt/elasticfleet/files/integrations/grid-nodes/soc-sensoroni-logs.json → salt/elasticfleet/files/integrations/grid-nodes_heavy/soc-sensoroni-logs.json
+1 -1
View File
@@ -6,7 +6,7 @@
"name": "soc-sensoroni-logs", "name": "soc-sensoroni-logs",
"namespace": "so", "namespace": "so",
"description": "Security Onion - Sensoroni - Logs", "description": "Security Onion - Sensoroni - Logs",
"policy_id": "so-grid-nodes", "policy_id": "so-grid-nodes_heavy",
"inputs": { "inputs": {
"logs-logfile": { "logs-logfile": {
"enabled": true, "enabled": true,
salt/elasticfleet/files/integrations/grid-nodes/soc-server-logs.json → salt/elasticfleet/files/integrations/grid-nodes_heavy/soc-server-logs.json
+1 -1
View File
@@ -6,7 +6,7 @@
"name": "soc-server-logs", "name": "soc-server-logs",
"namespace": "so", "namespace": "so",
"description": "Security Onion Console Logs", "description": "Security Onion Console Logs",
"policy_id": "so-grid-nodes", "policy_id": "so-grid-nodes_heavy",
"inputs": { "inputs": {
"logs-logfile": { "logs-logfile": {
"enabled": true, "enabled": true,
salt/elasticfleet/files/integrations/grid-nodes/system-grid-nodes.json → salt/elasticfleet/files/integrations/grid-nodes_heavy/system-grid-nodes.json
+1 -1
View File
@@ -1,5 +1,5 @@
{ {
"policy_id": "so-grid-nodes", "policy_id": "so-grid-nodes_heavy",
"package": { "package": {
"name": "system", "name": "system",
"version": "" "version": ""
salt/elasticfleet/install_agent_grid.sls
+10 -3
View File
@@ -2,17 +2,24 @@
# or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use # or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use
# this file except in compliance with the Elastic License 2.0. # this file except in compliance with the Elastic License 2.0.
{%- set GRIDNODETOKEN = salt['pillar.get']('global:fleet_grid_enrollment_token') -%} {%- set GRIDNODETOKENGENERAL = salt['pillar.get']('global:fleet_grid_enrollment_token_general') -%}
{%- set GRIDNODETOKENHEAVY = salt['pillar.get']('global:fleet_grid_enrollment_token_heavy') -%}
{% set AGENT_STATUS = salt['service.available']('elastic-agent') %} {% set AGENT_STATUS = salt['service.available']('elastic-agent') %}
{% if not AGENT_STATUS %} {% if not AGENT_STATUS %}
{% if grains.role not in ['so-heavy'] %} {% if grains.role not in ['so-heavynode'] %}
run_installer: run_installer:
cmd.script: cmd.script:
- name: salt://elasticfleet/files/so_agent-installers/so-elastic-agent_linux_amd64 - name: salt://elasticfleet/files/so_agent-installers/so-elastic-agent_linux_amd64
- cwd: /opt/so - cwd: /opt/so
- args: -token={{ GRIDNODETOKEN }} - args: -token={{ GRIDNODETOKENGENERAL }}
{% else %}
run_installer:
cmd.script:
- name: salt://elasticfleet/files/so_agent-installers/so-elastic-agent_linux_amd64
- cwd: /opt/so
- args: -token={{ GRIDNODETOKENHEAVY }}
{% endif %} {% endif %}
{% endif %} {% endif %}
salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-load
+23 -4
View File
@@ -25,11 +25,30 @@ if [ ! -f /opt/so/state/eaintegrations.txt ]; then
fi fi
done done
# Grid Nodes # Grid Nodes - General
for INTEGRATION in /opt/so/conf/elastic-fleet/integrations/grid-nodes/*.json for INTEGRATION in /opt/so/conf/elastic-fleet/integrations/grid-nodes_general/*.json
do do
printf "\n\nGrid Nodes Policy - Loading $INTEGRATION\n" printf "\n\nGrid Nodes Policy_General - Loading $INTEGRATION\n"
elastic_fleet_integration_check "so-grid-nodes" "$INTEGRATION" elastic_fleet_integration_check "so-grid-nodes_general" "$INTEGRATION"
if [ -n "$INTEGRATION_ID" ]; then
printf "\n\nIntegration $NAME exists - Updating integration\n"
elastic_fleet_integration_update "$INTEGRATION_ID" "@$INTEGRATION"
else
printf "\n\nIntegration does not exist - Creating integration\n"
if [ "$NAME" != "elasticsearch-logs" ]; then
elastic_fleet_integration_create "@$INTEGRATION"
fi
fi
done
if [[ "$RETURN_CODE" != "1" ]]; then
touch /opt/so/state/eaintegrations.txt
fi
# Grid Nodes - Heavy
for INTEGRATION in /opt/so/conf/elastic-fleet/integrations/grid-nodes_heavy/*.json
do
printf "\n\nGrid Nodes Policy_Heavy - Loading $INTEGRATION\n"
elastic_fleet_integration_check "so-grid-nodes_heavy" "$INTEGRATION"
if [ -n "$INTEGRATION_ID" ]; then if [ -n "$INTEGRATION_ID" ]; then
printf "\n\nIntegration $NAME exists - Updating integration\n" printf "\n\nIntegration $NAME exists - Updating integration\n"
elastic_fleet_integration_update "$INTEGRATION_ID" "@$INTEGRATION" elastic_fleet_integration_update "$INTEGRATION_ID" "@$INTEGRATION"
salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup
+11 -5
View File
@@ -62,8 +62,11 @@ curl -K /opt/so/conf/elasticsearch/curl.config -L -X PUT "localhost:5601/api/fle
# Initial Endpoints Policy # Initial Endpoints Policy
elastic_fleet_policy_create "endpoints-initial" "Initial Endpoint Policy" "false" "1209600" elastic_fleet_policy_create "endpoints-initial" "Initial Endpoint Policy" "false" "1209600"
# Grid Nodes Policy # Grid Nodes - General Policy
elastic_fleet_policy_create "so-grid-nodes" "SO Grid Node Policy" "false" "1209600" elastic_fleet_policy_create "so-grid-nodes_general" "SO Grid Nodes - General Purpose" "false" "1209600"
# Grid Nodes - Heavy Node Policy
elastic_fleet_policy_create "so-grid-nodes_heavy" "SO Grid Nodes - Heavy Node" "false" "1209600"
# Load Integrations for default policies # Load Integrations for default policies
so-elastic-fleet-integration-policy-load so-elastic-fleet-integration-policy-load
@@ -81,7 +84,8 @@ curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fl
# Query for Enrollment Tokens for default policies # Query for Enrollment Tokens for default policies
ENDPOINTSENROLLMENTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq .list | jq -r -c '.[] | select(.policy_id | contains("endpoints-initial")) | .api_key') ENDPOINTSENROLLMENTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq .list | jq -r -c '.[] | select(.policy_id | contains("endpoints-initial")) | .api_key')
GRIDNODESENROLLMENTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq .list | jq -r -c '.[] | select(.policy_id | contains("so-grid-nodes")) | .api_key') GRIDNODESENROLLMENTOKENGENERAL=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq .list | jq -r -c '.[] | select(.policy_id | contains("so-grid-nodes_general")) | .api_key')
GRIDNODESENROLLMENTOKENHEAVY=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq .list | jq -r -c '.[] | select(.policy_id | contains("so-grid-nodes_heavy")) | .api_key')
# Store needed data in minion pillar # Store needed data in minion pillar
pillar_file=/opt/so/saltstack/local/pillar/minions/{{ GLOBALS.minion_id }}.sls pillar_file=/opt/so/saltstack/local/pillar/minions/{{ GLOBALS.minion_id }}.sls
@@ -92,13 +96,15 @@ printf '%s\n'\
" server:"\ " server:"\
" es_token: '$ESTOKEN'"\ " es_token: '$ESTOKEN'"\
" endpoints_enrollment: '$ENDPOINTSENROLLMENTOKEN'"\ " endpoints_enrollment: '$ENDPOINTSENROLLMENTOKEN'"\
" grid_enrollment: '$GRIDNODESENROLLMENTOKEN'"\ " grid_enrollment_general: '$GRIDNODESENROLLMENTOKENGENERAL'"\
" grid_enrollment_heavy: '$GRIDNODESENROLLMENTOKENHEAVY'"\
"" >> "$pillar_file" "" >> "$pillar_file"
#Store Grid Nodes Enrollment token in Global pillar #Store Grid Nodes Enrollment token in Global pillar
global_pillar_file=/opt/so/saltstack/local/pillar/global/soc_global.sls global_pillar_file=/opt/so/saltstack/local/pillar/global/soc_global.sls
printf '%s\n'\ printf '%s\n'\
" fleet_grid_enrollment_token: '$GRIDNODESENROLLMENTOKEN'"\ " fleet_grid_enrollment_token_general: '$GRIDNODESENROLLMENTOKENGENERAL'"\
" fleet_grid_enrollment_token_heavy: '$GRIDNODESENROLLMENTOKENHEAVY'"\
"" >> "$global_pillar_file" "" >> "$global_pillar_file"
# Call Elastic-Fleet Salt State # Call Elastic-Fleet Salt State