CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Perform Elastalert index check twice

Browse Source
This commit is contained in:
Wes Lambert
2022-07-19 14:48:19 +00:00
parent 4a7c994b66
commit f3a0ab0b2d
1 changed files with 23 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
salt/common/tools/sbin/soup
View File

@@ -850,28 +850,31 @@ up_to_2.3.140() {
echo echo
exit 1 exit 1
fi fi
CHECK_COUNT=0
# Delete Elastalert indices while [[ "$CHECK_COUNT" -le 2 ]]; do
for i in $(so-elasticsearch-query _cat/indices | grep elastalert | awk '{print $3}'); # Delete Elastalert indices
do for i in $(so-elasticsearch-query _cat/indices | grep elastalert | awk '{print $3}'); do
so-elasticsearch-query $i -XDELETE; so-elasticsearch-query $i -XDELETE;
done
# Check to ensure Elastalert indices are deleted
COUNT=0
ELASTALERT_INDICES_DELETED="no"
while [[ "$COUNT" -le 240 ]]; do
RESPONSE=$(so-elasticsearch-query elastalert*)
if [[ "$RESPONSE" == "{}" ]]; then
ELASTALERT_INDICES_DELETED="yes"
echo "Elastalert indices successfully deleted."
break
else
((COUNT+=1))
sleep 1
echo -n "."
fi
done
((CHECK_COUNT+=1))
done done
# Check to ensure Elastalert indices are deleted
COUNT=0
ELASTALERT_INDICES_DELETED="no"
while [[ "$COUNT" -le 240 ]]; do
RESPONSE=$(so-elasticsearch-query elastalert*)
if [[ "$RESPONSE" == "{}" ]]; then
ELASTALERT_INDICES_DELETED="yes"
echo "Elastalert indices successfully deleted."
break
else
((COUNT+=1))
sleep 1
echo -n "."
fi
done
# If we were unable to delete the Elastalert indices, exit the script # If we were unable to delete the Elastalert indices, exit the script
if [ "$ELASTALERT_INDICES_DELETED" == "no" ]; then if [ "$ELASTALERT_INDICES_DELETED" == "no" ]; then