Merge pull request #8734 from Security-Onion-Solutions/funstuff

Updates for grafana

salt/elastalert/soc_elastalert.yaml

@@ -2,24 +2,33 @@ elastalert:
   config:
     disable_rules_on_error:
       description: Disable rules on failure.
+      global: True
     run_every:
       minutes:
         description: Amount of time in minutes between searches.
+        global: True
     buffer_time:
       minutes:
         description: Amount of time in minutes to look through.
+        global: True
     old_query_limit:
       minutes:
         description: Amount of time in minutes between queries to start at the most recently run query.
+        global: True
     es_conn_timeout:
       description: Timeout in seconds for connecting to and reading from Elasticsearch.
+      global: True
     max_query_size:
       description: The maximum number of documents that will be downloaded from Elasticsearch in a single query.
+      global: True
     alert_time_limit:
       days:
         description: The retry window for failed alerts.
+        global: True
     index_settings:
       shards:
         description: The amount of shards to use for elastalert.
+        global: True
       replicas:
         description: The amount of replicas for the Elastalert index.
+        global: True

salt/grafana/grafana_defaults.yaml

@@ -8,22 +8,21 @@ grafana:
       org_role: Viewer
     smtp:
       enabled: false
-#      host: localhost:25
+      host: localhost:25
-#      user: myuser
+      user: myuser
-      # If the password contains # or ; you have to wrap it with triple quotes wrapped by single quotes. Ex '"""#password;"""'
+      password: mypassword
-#      password: mypassword
+      cert_file: /etc/grafana/config/files/smtp_cert_file.crt
-#      cert_file: /etc/grafana/config/files/smtp_cert_file.crt
+      key_file: /etc/grafana/config/files/smtp_key_file.key
-#      key_file: /etc/grafana/config/files/smtp_key_file.key
+      skip_verify: false
-#      skip_verify: false
       from_address: admin@grafana.localhost
       from_name: Grafana
-#      ehlo_identity: dashboard.example.com
+      ehlo_identity: dashboard.example.com
-#    auth.ldap:
+    auth.ldap:
-#      enabled: false
+      enabled: false
-#      config_file: /etc/grafana/config/files/ldap.toml
+      config_file: /etc/grafana/config/files/ldap.toml
-#      allow_sign_up: true
+      allow_sign_up: true
-#    enterprise:
+    enterprise:
-#      license_path: /opt/so/conf/grafana/etc/files/license.jwt
+      license_path: /opt/so/conf/grafana/etc/files/license.jwt
   dashboards:
     overview:
       title: 'Security Onion Grid Overview'

salt/grafana/soc_grafana.yaml

@@ -0,0 +1,38 @@
+grafana:
+  config:
+    smtp:
+      enabled:
+        description: Enable the sending of emails from Grafana.
+        global: True
+      host: 
+        description: Hostname of the SMTP server.
+        global: True
+      user: 
+        description: User used to authenticate SMTP.
+        global: True
+      password: 
+        description: Password used to authenticate SMTP.
+        global: True
+        sensitive: True
+      cert_file: 
+        description: Location of cert file for SMTP.
+        global: True
+      key_file: 
+        description: Location of key file for SMTP.
+        global: True
+      skip_verify: 
+        description: Verify SSL certificates.
+        global: True
+      from_address: 
+        description: The email address you would like in the from field.
+        global: True
+      from_name: 
+        description: The name displayed for the from email address.
+        global: True
+      ehlo_identity: 
+        description: Used with servers with SMTP service extensions.
+        global: True
+    enterprise:
+      license_path: 
+        description: Path to enterprise license key.
+        global: True