CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'quickfix/helix' into dev

Browse Source
This commit is contained in:
m0duspwnens
2020-02-05 11:12:51 -05:00
parent 8148be6ec8 f042cb074f
commit d133222a86
6 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pillar/logstash/helix.sls Normal file
View File

@@ -0,0 +1,4 @@
logstash:
pipelines:
helix:
config: "/usr/share/logstash/pipelines/helix/*.conf"

3
pillar/top.sls
View File

@@ -48,6 +48,7 @@ base:
- static - static
- firewall.* - firewall.*
- fireeye - fireeye
- static
- brologs - brologs
- logstash.helix
- static
- minions.{{ grains.id }} - minions.{{ grains.id }}

4
salt/common/grafana/grafana_dashboards/eval/eval.json
View File

@@ -1395,7 +1395,7 @@
"condition": "AND", "condition": "AND",
"key": "container_name", "key": "container_name",
"operator": "=", "operator": "=",
"value": "so-bro" "value": "so-zeek"
} }
] ]
} }
@@ -1913,7 +1913,7 @@
"condition": "AND", "condition": "AND",
"key": "container_name", "key": "container_name",
"operator": "=", "operator": "=",
"value": "so-bro" "value": "so-zeek"
} }
] ]
} }

4
salt/common/grafana/grafana_dashboards/forward_nodes/sensor.json
View File

@@ -1396,7 +1396,7 @@
"condition": "AND", "condition": "AND",
"key": "container_name", "key": "container_name",
"operator": "=", "operator": "=",
"value": "so-bro" "value": "so-zeek"
} }
] ]
} }
@@ -1901,7 +1901,7 @@
"condition": "AND", "condition": "AND",
"key": "container_name", "key": "container_name",
"operator": "=", "operator": "=",
"value": "so-bro" "value": "so-zeek"
} }
] ]
} }

4
salt/common/telegraf/scripts/broloss.sh
View File

@@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
BROLOG=$(tac /host/nsm/bro/logs/packetloss.log | head -2) ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2)
declare RESULT=($BROLOG) declare RESULT=($ZEEKLOG)
CURRENTDROP=${RESULT[3]} CURRENTDROP=${RESULT[3]}
PASTDROP=${RESULT[9]} PASTDROP=${RESULT[9]}
DROPPED=$(($CURRENTDROP - $PASTDROP)) DROPPED=$(($CURRENTDROP - $PASTDROP))

1
setup/so-setup.sh
View File

@@ -197,7 +197,6 @@ if (whiptail_you_sure) ; then
patch_pillar >> $SETUPLOG 2>&1 patch_pillar >> $SETUPLOG 2>&1
echo "** Generating the FireEye pillar **" >> $SETUPLOG echo "** Generating the FireEye pillar **" >> $SETUPLOG
fireeye_pillar >> $SETUPLOG 2>&1 fireeye_pillar >> $SETUPLOG 2>&1
sensor_pillar >> $SETUPLOG 2>&1
echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX" echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
copy_minion_tmp_files >> $SETUPLOG 2>&1 copy_minion_tmp_files >> $SETUPLOG 2>&1
# Do a checkin to push the key up # Do a checkin to push the key up