CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

provide proper url for so-import-pcap based on redirect strategy chosen during setup - https://github.com/Security-Onion-Solutions/securityonion/issues/1039

Browse Source
This commit is contained in:
m0duspwnens
2020-08-14 15:28:47 -04:00
parent 0ba0c16c38
commit d963222f31
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
salt/common/tools/sbin/so-import-pcap
View File

@@ -15,10 +15,11 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
{% set MANAGER = salt['grains.get']('master') %}
{% set VERSION = salt['pillar.get']('global:soversion') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{%- set MANAGER = salt['grains.get']('master') %}
{%- set VERSION = salt['pillar.get']('global:soversion') %}
{%- set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{%- set MANAGERIP = salt['pillar.get']('global:managerip') -%}
{%- set URLBASE = salt['pillar.get']('global:url_base') %}
. /usr/sbin/so-common
@@ -212,7 +213,7 @@ cat << EOF
Import complete!
You can use the following hyperlink to view data in the time range of your import. You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser:
https://{{ MANAGERIP }}/#/hunt?q=import.id:${HASH}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC
https://{{ URLBASE }}/#/hunt?q=import.id:${HASH}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC
or you can manually set your Time Range to be (in UTC):
From: $START_OLDEST To: $END_NEWEST

2
setup/so-functions
View File

@@ -1028,7 +1028,6 @@ manager_pillar() {
" osquery: $OSQUERY"\
" thehive: $THEHIVE"\
" playbook: $PLAYBOOK"\
" url_base: $REDIRECTIT"\
""\
"elasticsearch:"\
" mainip: $MAINIP"\
@@ -1087,6 +1086,7 @@ manager_global() {
" proxy: $PROXY"\
" zeekversion: $ZEEKVERSION"\
" ids: $NIDS"\
" url_base: $REDIRECTIT"\
" managerip: $MAINIP" > "$global_pillar"
# Check if TheHive is enabled. If so, add creds and other details