From de047cea8e6cfebda32be848652f621db34a0b65 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 13 Sep 2022 13:56:37 -0400
Subject: [PATCH 1/2] Add Grafana annotation

---
 salt/elastalert/soc_elastalert.yaml | 11 ++++++++-
 salt/grafana/grafana_defaults.yaml  | 27 ++++++++++----------
 salt/grafana/soc_grafana.yaml       | 38 +++++++++++++++++++++++++++++
 3 files changed, 61 insertions(+), 15 deletions(-)
 create mode 100644 salt/grafana/soc_grafana.yaml

diff --git a/salt/elastalert/soc_elastalert.yaml b/salt/elastalert/soc_elastalert.yaml
index 4d381d9da..efc0058e7 100644
--- a/salt/elastalert/soc_elastalert.yaml
+++ b/salt/elastalert/soc_elastalert.yaml
@@ -2,24 +2,33 @@ elastalert:
   config:
     disable_rules_on_error:
       description: Disable rules on failure.
-    run_every:
+      global: True
+   run_every:
       minutes:
         description: Amount of time in minutes between searches.
+        global: True
     buffer_time:
       minutes:
         description: Amount of time in minutes to look through.
+        global: True
     old_query_limit:
       minutes:
         description: Amount of time in minutes between queries to start at the most recently run query.
+        global: True
     es_conn_timeout:
       description: Timeout in seconds for connecting to and reading from Elasticsearch.
+      global: True
     max_query_size:
       description: The maximum number of documents that will be downloaded from Elasticsearch in a single query.
+      global: True
     alert_time_limit:
       days:
         description: The retry window for failed alerts.
+        global: True
     index_settings:
       shards:
         description: The amount of shards to use for elastalert.
+        global: True
       replicas:
         description: The amount of replicas for the Elastalert index.
+        global: True
diff --git a/salt/grafana/grafana_defaults.yaml b/salt/grafana/grafana_defaults.yaml
index 024fd5dfd..b05775886 100644
--- a/salt/grafana/grafana_defaults.yaml
+++ b/salt/grafana/grafana_defaults.yaml
@@ -8,22 +8,21 @@ grafana:
       org_role: Viewer
     smtp:
       enabled: false
-#      host: localhost:25
-#      user: myuser
-      # If the password contains # or ; you have to wrap it with triple quotes wrapped by single quotes. Ex '"""#password;"""'
-#      password: mypassword
-#      cert_file: /etc/grafana/config/files/smtp_cert_file.crt
-#      key_file: /etc/grafana/config/files/smtp_key_file.key
-#      skip_verify: false
+      host: localhost:25
+      user: myuser
+      password: mypassword
+      cert_file: /etc/grafana/config/files/smtp_cert_file.crt
+      key_file: /etc/grafana/config/files/smtp_key_file.key
+      skip_verify: false
       from_address: admin@grafana.localhost
       from_name: Grafana
-#      ehlo_identity: dashboard.example.com
-#    auth.ldap:
-#      enabled: false
-#      config_file: /etc/grafana/config/files/ldap.toml
-#      allow_sign_up: true
-#    enterprise:
-#      license_path: /opt/so/conf/grafana/etc/files/license.jwt
+      ehlo_identity: dashboard.example.com
+    auth.ldap:
+      enabled: false
+      config_file: /etc/grafana/config/files/ldap.toml
+      allow_sign_up: true
+    enterprise:
+      license_path: /opt/so/conf/grafana/etc/files/license.jwt
   dashboards:
     overview:
       title: 'Security Onion Grid Overview'
diff --git a/salt/grafana/soc_grafana.yaml b/salt/grafana/soc_grafana.yaml
new file mode 100644
index 000000000..f9c291a74
--- /dev/null
+++ b/salt/grafana/soc_grafana.yaml
@@ -0,0 +1,38 @@
+grafana:
+  config:
+    smtp:
+      enabled:
+        description: Enable the sending of emails from Grafana.
+        global: True
+      host: 
+        description: Hostname of the SMTP server.
+        global: True
+      user: 
+        description: User used to authenticate SMTP.
+        global: True
+      password: 
+        description: Password used to authenticate SMTP.
+        global: True
+        sensitive: True
+      cert_file: 
+        description: Location of cert file for SMTP.
+        global: True
+      key_file: 
+        description: Location of key file for SMTP.
+        global: True
+      skip_verify: 
+        description: Verify SSL certificates.
+        global: True
+      from_address: 
+        description: The email address you would like in the from field.
+        global: True
+      from_name: 
+        description: The name displayed for the from email address.
+        global: True
+      ehlo_identity: 
+        description: Used with servers with SMTP service extensions.
+        global: True
+    enterprise:
+      license_path: 
+        description: Path to enterprise license key.
+        global: True

From 064b64f68a14ff4188c96e148a3a38606a1a0fad Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 13 Sep 2022 14:00:04 -0400
Subject: [PATCH 2/2] Add Grafana annotation

---
 salt/elastalert/soc_elastalert.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/elastalert/soc_elastalert.yaml b/salt/elastalert/soc_elastalert.yaml
index efc0058e7..5d9e386e8 100644
--- a/salt/elastalert/soc_elastalert.yaml
+++ b/salt/elastalert/soc_elastalert.yaml
@@ -3,7 +3,7 @@ elastalert:
     disable_rules_on_error:
       description: Disable rules on failure.
       global: True
-   run_every:
+    run_every:
       minutes:
         description: Amount of time in minutes between searches.
         global: True