CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10385 from Security-Onion-Solutions/feature/elastalert_eql

Browse Source 
Add initial support for EQL queries for Elastalert
This commit is contained in:
weslambert
2023-05-18 15:36:28 -04:00
committed by GitHub
parent 059f80bfc4 d3c7ea4805
commit c192ec9109
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/elastalert/defaults.yaml
View File

@@ -13,6 +13,7 @@ elastalert:
es_port: 9200
es_conn_timeout: 55
max_query_size: 5000
eql: true
use_ssl: true
verify_certs: false
writeback_index: elastalert_status

2
salt/elastalert/map.jinja
View File

@@ -8,7 +8,7 @@
{% set elastalert_pillar = salt['pillar.get']('elastalert:config', {}) %}
{% do ELASTALERTDEFAULTS.elastalert.config.update({'es_host': GLOBALS.manager}) %}
{% do ELASTALERTDEFAULTS.elastalert.config.update({'es_hosts': 'https://' + GLOBALS.manager + ':' + ELASTALERTDEFAULTS.elastalert.config.es_port|string}) %}
{% do ELASTALERTDEFAULTS.elastalert.config.update({'es_username': pillar.elasticsearch.auth.users.so_elastic_user.user}) %}
{% do ELASTALERTDEFAULTS.elastalert.config.update({'es_password': pillar.elasticsearch.auth.users.so_elastic_user.pass}) %}