rename node pillar to elasticsearch

salt/common/tools/sbin/so-elasticsearch-indices-rw

@@ -15,7 +15,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-IP={{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('node:mainint', salt['pillar.get']('host:mainint')))))[0] }}
+IP={{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}
 ESPORT=9200
 THEHIVEESPORT=9400
 

salt/curator/files/action/close.yml

@@ -1,5 +1,5 @@
 {%- if grains['role'] in ['so-node', 'so-searchnode', 'so-heavynode'] %}
-  {%- set cur_close_days = salt['pillar.get']('node:cur_close_days', '') -%}
+  {%- set cur_close_days = salt['pillar.get']('elasticsearch:cur_close_days', '') -%}
 {%- elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
   {%- set cur_close_days = salt['pillar.get']('master:cur_close_days', '') -%}
 {%- endif -%}

salt/curator/files/action/delete.yml

@@ -1,5 +1,5 @@
 {%- if grains['role'] in ['so-node', 'so-searchnode', 'so-heavynode'] %}
-  {%- set log_size_limit = salt['pillar.get']('node:log_size_limit', '') -%}
+  {%- set log_size_limit = salt['pillar.get']('elasticsearch:log_size_limit', '') -%}
 {%- elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
   {%- set log_size_limit = salt['pillar.get']('master:log_size_limit', '') -%}
 {%- endif %}

salt/curator/files/bin/so-curator-closed-delete-delete

@@ -2,9 +2,9 @@
 #!/bin/bash
 
 {%- if grains['role'] in ['so-node', 'so-searchnode', 'so-heavynode'] %}
-  {%- set ELASTICSEARCH_HOST = salt['pillar.get']('node:mainip', '') -%}  
-  {%- set ELASTICSEARCH_PORT = salt['pillar.get']('node:es_port', '') -%}
-  {%- set LOG_SIZE_LIMIT = salt['pillar.get']('node:log_size_limit', '') -%}
+  {%- set ELASTICSEARCH_HOST = salt['pillar.get']('elasticsearch:mainip', '') -%}  
+  {%- set ELASTICSEARCH_PORT = salt['pillar.get']('elasticsearch:es_port', '') -%}
+  {%- set LOG_SIZE_LIMIT = salt['pillar.get']('elasticsearch:log_size_limit', '') -%}
 {%- elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
   {%- set ELASTICSEARCH_HOST = salt['pillar.get']('master:mainip', '') -%}
   {%- set ELASTICSEARCH_PORT = salt['pillar.get']('master:es_port', '') -%}

salt/curator/files/curator.yml

@@ -1,5 +1,5 @@
 {% if grains['role'] in ['so-node', 'so-heavynode'] %}
-  {%- set elasticsearch = salt['pillar.get']('node:mainip', '') -%}
+  {%- set elasticsearch = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {% elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
   {%- set elasticsearch = salt['pillar.get']('master:mainip', '') -%}
 {%- endif %}

salt/elastalert/init.sls

@@ -20,7 +20,7 @@
   {% set esip = salt['pillar.get']('master:mainip', '') %}
   {% set esport = salt['pillar.get']('master:es_port', '') %}
 {% elif grains['role'] == 'so-node' %}
-  {% set esalert = salt['pillar.get']('node:elastalert', '0') %}
+  {% set esalert = salt['pillar.get']('elasticsearch:elastalert', '0') %}
 {% endif %}
 
 # Elastalert

salt/elasticsearch/files/elasticsearch.yml

@@ -12,7 +12,7 @@ path.logs: /var/log/elasticsearch
 action.destructive_requires_name: true
 {%- else %}
 {%- set esclustername = salt['grains.get']('host', '') %}
-{%- set nodeip = salt['pillar.get']('node:mainip', '') -%}
+{%- set nodeip = salt['pillar.get']('elasticsearch:mainip', '') -%}
 cluster.name: "{{ esclustername }}"
 network.host: 0.0.0.0
 discovery.zen.minimum_master_nodes: 1

salt/elasticsearch/init.sls

@@ -26,8 +26,8 @@
   {% set esclustername = salt['pillar.get']('master:esclustername', '') %}
   {% set esheap = salt['pillar.get']('master:esheap', '') %}
 {% elif grains['role'] in ['so-node','so-heavynode'] %}
-  {% set esclustername = salt['pillar.get']('node:esclustername', '') %}
-  {% set esheap = salt['pillar.get']('node:esheap', '') %}
+  {% set esclustername = salt['pillar.get']('elasticsearch:esclustername', '') %}
+  {% set esheap = salt['pillar.get']('elasticsearch:esheap', '') %}
 {% endif %}
 
 vm.max_map_count:

salt/firewall/hostgroups.yaml

@@ -19,4 +19,4 @@ firewall:
       ips:
         delete:
         insert:
-          - {{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('node:mainint', salt['pillar.get']('host:mainint')))))[0] }}
+          - {{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}

salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains.role == 'so-heavynode' %}
-{%- set MASTER = salt['pillar.get']('node:mainip', '') %}
+{%- set MASTER = salt['pillar.get']('elasticsearch:mainip', '') %}
 {%- else %}
 {%- set MASTER = salt['pillar.get']('static:masterip', '') %}
 {% endif -%}

salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics

salt/logstash/pipelines/config/so/9001_output_switch.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics

salt/logstash/pipelines/config/so/9002_output_import.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Updated by: Doug Burks
 # Last Update: 5/16/2017

salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics

salt/logstash/pipelines/config/so/9026_output_dhcp.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics

salt/logstash/pipelines/config/so/9029_output_esxi.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics

salt/logstash/pipelines/config/so/9030_output_greensql.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics

salt/logstash/pipelines/config/so/9031_output_iis.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics

salt/logstash/pipelines/config/so/9032_output_mcafee.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics

salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics

salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 
 filter {

salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Josh Brower
 # Last Update: 12/29/2018

salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics

salt/logstash/pipelines/config/so/9300_output_windows.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics

salt/logstash/pipelines/config/so/9301_output_dns_windows.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics

salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics

salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 
 output {

salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja

@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics

salt/mysql/init.sls

@@ -2,7 +2,7 @@
 {%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
-{% set MAINIP = salt['pillar.get']('node:mainip') %}
+{% set MAINIP = salt['pillar.get']('elasticsearch:mainip') %}
 {% set FLEETARCH = salt['grains.get']('role') %}
 
 {% if FLEETARCH == "so-fleet" %}

salt/playbook/init.sls

@@ -1,7 +1,7 @@
 {% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
-{% set MAINIP = salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('node:mainint', salt['pillar.get']('host:mainint')))))[0] %}
+{% set MAINIP = salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] %}
 {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
 {%- set PLAYBOOKPASS = salt['pillar.get']('secrets:playbook', None) -%}
 

salt/telegraf/etc/telegraf.conf

@@ -14,7 +14,7 @@
 # for numbers and booleans they should be plain (ie, $INT_VAR, $BOOL_VAR)
 
 {%- set MASTER = grains['master'] %}
-{% set NODEIP = salt['pillar.get']('node:mainip', '') %}
+{% set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %}
 {% set HELIX_API_KEY = salt['pillar.get']('fireeye:helix:api_key', '') %}
 {% set UNIQUEID = salt['pillar.get']('sensor:uniqueid', '') %}
 

salt/wazuh/files/agent/ossec.conf

@@ -1,7 +1,7 @@
 {%- if grains['role'] in ['so-master', 'so-eval', 'so-mastersearch', 'so-standalone'] %}
   {%- set ip = salt['pillar.get']('static:masterip', '') %}
 {%- elif grains['role'] == 'so-node' or grains['role'] == 'so-heavynode' %}
-  {%- set ip = salt['pillar.get']('node:mainip', '') %}
+  {%- set ip = salt['pillar.get']('elasticsearch:mainip', '') %}
 {%- elif grains['role'] == 'so-sensor' %}
   {%- set ip = salt['pillar.get']('sensor:mainip', '') %}
 {%- endif %}

salt/wazuh/files/agent/wazuh-register-agent

@@ -1,7 +1,7 @@
 {%- if grains['role'] in ['so-master', 'so-eval', 'so-mastersearch', 'so-standalone'] %}
   {%- set ip = salt['pillar.get']('static:masterip', '') %}
 {%- elif grains['role'] == 'so-node' or grains['role'] == 'so-heavynode' %}
-  {%- set ip = salt['pillar.get']('node:mainip', '') %}
+  {%- set ip = salt['pillar.get']('elasticsearch:mainip', '') %}
 {%- elif grains['role'] == 'so-sensor' %}
   {%- set ip = salt['pillar.get']('sensor:mainip', '') %}
 {%- endif %}