CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13945 from Security-Onion-Solutions/2.4/dev

Browse Source 
2.4/dev
This commit is contained in:
Jorge Reyes
2024-11-14 09:13:00 -06:00
committed by GitHub
parent e07c1e6958 ff00ddeb3c
commit dfd9108f39
2 changed files with 42 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
salt/elasticsearch/defaults.yaml
View File

@@ -111,15 +111,23 @@ elasticsearch:
match_mapping_type: string match_mapping_type: string
settings: settings:
index: index:
lifecycle:
name: so-case-logs
mapping: mapping:
total_fields: total_fields:
limit: 1500 limit: 1500
number_of_replicas: 0 number_of_replicas: 0
auto_expand_replicas: 0-2
number_of_shards: 1 number_of_shards: 1
refresh_interval: 30s refresh_interval: 30s
sort: sort:
field: '@timestamp' field: '@timestamp'
order: desc order: desc
policy:
phases:
hot:
actions: {}
min_age: 0ms
so-common: so-common:
close: 30 close: 30
delete: 365 delete: 365
@@ -258,15 +266,23 @@ elasticsearch:
match_mapping_type: string match_mapping_type: string
settings: settings:
index: index:
lifecycle:
name: so-detection-logs
mapping: mapping:
total_fields: total_fields:
limit: 1500 limit: 1500
number_of_replicas: 0 number_of_replicas: 0
auto_expand_replicas: 0-2
number_of_shards: 1 number_of_shards: 1
refresh_interval: 30s refresh_interval: 30s
sort: sort:
field: '@timestamp' field: '@timestamp'
order: desc order: desc
policy:
phases:
hot:
actions: {}
min_age: 0ms
so-endgame: so-endgame:
index_sorting: false index_sorting: false
index_template: index_template:

28
salt/manager/tools/sbin/soup
View File

@@ -520,7 +520,7 @@ post_to_2.4.110() {
} }
post_to_2.4.120() { post_to_2.4.120() {
echo "Nothing to apply" update_elasticsearch_index_settings
POSTVERSION=2.4.120 POSTVERSION=2.4.120
} }
@@ -718,7 +718,7 @@ up_to_2.4.120() {
add_hydra_pillars add_hydra_pillars
# this is needed for the new versionlock state # this is needed for the new versionlock state
mkdir /opt/so/saltstack/local/pillar/versionlock mkdir -p /opt/so/saltstack/local/pillar/versionlock
touch /opt/so/saltstack/local/pillar/versionlock/adv_versionlock.sls /opt/so/saltstack/local/pillar/versionlock/soc_versionlock.sls touch /opt/so/saltstack/local/pillar/versionlock/adv_versionlock.sls /opt/so/saltstack/local/pillar/versionlock/soc_versionlock.sls
# New Grid Integration added this release # New Grid Integration added this release
@@ -960,6 +960,30 @@ update_airgap_repo() {
createrepo /nsm/repo createrepo /nsm/repo
} }
update_elasticsearch_index_settings() {
# Update managed indices to reflect latest index template
for idx in "so-detection" "so-detectionhistory" "so-case" "so-casehistory"; do
ilm_name=$idx
if [ "$idx" = "so-detectionhistory" ]; then
ilm_name="so-detection"
elif [ "$idx" = "so-casehistory" ]; then
ilm_name="so-case"
fi
JSON_STRING=$( jq -n --arg ILM_NAME "$ilm_name" '{"settings": {"index.auto_expand_replicas":"0-2","index.lifecycle.name":($ILM_NAME + "-logs")}}')
echo "Checking if index \"$idx\" exists"
exists=$(curl -K /opt/so/conf/elasticsearch/curl.config -s -o /dev/null -w "%{http_code}" -k -L -H "Content-Type: application/json" "https://localhost:9200/$idx")
if [ $exists -eq 200 ]; then
echo "$idx index found..."
echo "Updating $idx index settings"
curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -H "Content-Type: application/json" "https://localhost:9200/$idx/_settings" -d "$JSON_STRING" -XPUT
echo -e "\n"
else
echo -e "Skipping $idx... index does not exist\n"
fi
done
}
update_salt_mine() { update_salt_mine() {
echo "Populating the mine with mine_functions for each host." echo "Populating the mine with mine_functions for each host."
set +e set +e