diff --git a/salt/common/nginx/nginx.conf.so-master b/salt/common/nginx/nginx.conf.so-master index 7999a7027..433af1228 100644 --- a/salt/common/nginx/nginx.conf.so-master +++ b/salt/common/nginx/nginx.conf.so-master @@ -113,6 +113,30 @@ http { } + location /playbook/ { + proxy_pass http://{{ masterip }}:3200/playbook/; + proxy_read_timeout 90; + proxy_connect_timeout 90; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Proxy ""; + + } + + location /navigator/ { + auth_basic "Security Onion"; + auth_basic_user_file /opt/so/conf/nginx/.htpasswd; + proxy_pass http://{{ masterip }}:4200/navigator/; + proxy_read_timeout 90; + proxy_connect_timeout 90; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Proxy ""; + + } + location /api/ { proxy_pass https://{{ masterip }}:8080/api/; proxy_read_timeout 90; diff --git a/salt/playbook/files/nav_layer_playbook.json b/salt/playbook/files/nav_layer_playbook.json new file mode 100644 index 000000000..69d8aa8d3 --- /dev/null +++ b/salt/playbook/files/nav_layer_playbook.json @@ -0,0 +1,33 @@ +{ + "name": "Playbook", + "version": "2.1", + "domain": "mitre-enterprise", + "description": "Current Coverage of Playbook", + "filters": { + "stages": ["act"], + "platforms": [ + "windows", + "linux", + "mac" + ] + }, + "sorting": 0, + "viewMode": 0, + "hideDisabled": "false", + "techniques": [{ + "techniqueID": "T1003", + "color": "#5AADFF", + "comment": "", + "enabled": "true", + "metadata": [] + }], + "gradient": { + "colors": ["#ff6666", "#ffe766", "#8ec843"], + "minValue": 0, + "maxValue": 100 + }, + "metadata": [], + "showTacticRowBackground": "false", + "tacticRowBackground": "#dddddd", + "selectTechniquesAcrossTactics": "true" +} diff --git a/salt/playbook/files/navigator_config.json b/salt/playbook/files/navigator_config.json new file mode 100644 index 000000000..7e132cbf8 --- /dev/null +++ b/salt/playbook/files/navigator_config.json @@ -0,0 +1,59 @@ +{%- set ip = salt['pillar.get']('static:masterip', '') %} + +{ + "enterprise_attack_url": "https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json", + "pre_attack_url": "https://raw.githubusercontent.com/mitre/cti/master/pre-attack/pre-attack.json", + "mobile_data_url": "https://raw.githubusercontent.com/mitre/cti/master/mobile-attack/mobile-attack.json", + "taxii_server": { + "enabled": false, + "url": "https://cti-taxii.mitre.org/", + "collections": { + "enterprise_attack": "95ecc380-afe9-11e4-9b6c-751b66dd541e", + "pre_attack": "062767bd-02d2-4b72-84ba-56caef0f8658", + "mobile_attack": "2f669986-b40b-4423-b720-4396ca6a462b" + } + }, + + "domain": "mitre-enterprise", + + "custom_context_menu_items": [ {"label": "view related plays","url": " https://{{ip}}/playbook/projects/playbook-prod/issues?utf8=%E2%9C%93&set_filter=1&sort=id%3Adesc&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=cf_27&op%5Bcf_27%5D=%3D&f%5B%5D=&c%5B%5D=status&c%5B%5D=cf_24&c%5B%5D=cf_25&c%5B%5D=cf_6&c%5B%5D=updated_on&group_by=&t%5B%5D=&v%5Bcf_27%5D%5B%5D=~Technique_ID~"}], + +"default_layers": { + "enabled": true, + "urls": [ + "assets/playbook.json" + ] + }, + + "comment_color": "yellow", + + "features": [ + {"name": "tabs", "enabled": true, "description": "Disable to remove the ability to open new tabs."}, + {"name": "selecting_techniques", "enabled": true, "description": "Disable to remove the ability to select techniques."}, + {"name": "header", "enabled": true, "description": "Disable to remove the header containing 'MITRE ATT&CK Navigator' and the link to the help page. The help page can still be accessed from the new tab menu."}, + {"name": "selection_controls", "enabled": true, "description": "Disable to to disable all subfeatures", "subfeatures": [ + {"name": "search", "enabled": true, "description": "Disable to remove the technique search panel from the interface."}, + {"name": "multiselect", "enabled": true, "description": "Disable to remove the multiselect panel from interface."}, + {"name": "deselect_all", "enabled": true, "description": "Disable to remove the deselect all button from the interface."} + ]}, + {"name": "layer_controls", "enabled": true, "description": "Disable to to disable all subfeatures", "subfeatures": [ + {"name": "layer_info", "enabled": true, "description": "Disable to remove the layer info (name, description and metadata) panel from the interface. Note that the layer can still be renamed in the tab."}, + {"name": "download_layer", "enabled": true, "description": "Disable to remove the button to download the layer."}, + {"name": "export_render", "enabled": true, "description": "Disable to the remove the button to render the current layer."}, + {"name": "export_excel", "enabled": true, "description": "Disable to the remove the button to export the current layer to MS Excel (.xlsx) format."}, + {"name": "filters", "enabled": true, "description": "Disable to the remove the filters panel from interface."}, + {"name": "sorting", "enabled": true, "description": "Disable to the remove the sorting button from the interface."}, + {"name": "color_setup", "enabled": true, "description": "Disable to the remove the color setup panel from interface, containing customization controls for scoring gradient and tactic row color."}, + {"name": "toggle_hide_disabled", "enabled": true, "description": "Disable to the remove the hide disabled techniques button from the interface."}, + {"name": "toggle_view_mode", "enabled": true, "description": "Disable to the remove the toggle view mode button from interface."}, + {"name": "legend", "enabled": true, "description": "Disable to the remove the legend panel from the interface."} + ]}, + {"name": "technique_controls", "enabled": true, "description": "Disable to to disable all subfeatures", "subfeatures": [ + {"name": "disable_techniques", "enabled": true, "description": "Disable to the remove the ability to disable techniques."}, + {"name": "manual_color", "enabled": true, "description": "Disable to the remove the ability to assign manual colors to techniques."}, + {"name": "scoring", "enabled": true, "description": "Disable to the remove the ability to score techniques."}, + {"name": "comments", "enabled": true, "description": "Disable to the remove the ability to add comments to techniques."}, + {"name": "clear_annotations", "enabled": true, "description": "Disable to remove the button to clear all annotations on the selected techniques."} + ]} + ] +} diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls new file mode 100644 index 000000000..fbaea191d --- /dev/null +++ b/salt/playbook/init.sls @@ -0,0 +1,49 @@ +navigatordefaultlayer: + file.manage: + - name: /opt/so/conf/playbook/nav_layer_playbook.json + - source: salt://playbook/files/nav_layer_playbook.json + - user: 939 + - group: 939 + - makedirs: True + - replace: False + - template: jinja + +navigatorconfig: + file.manage: + - name: /opt/so/conf/playbook/navigator_config.json + - source: salt://playbook/files/navigator_config.json + - user: 939 + - group: 939 + - makedirs: True + - template: jinja + +so-playbookimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-playbook:HH1.1.1 + +so-playbook: + docker_container.running: + - require: + - so-playbookimage + - image: soshybridhunter/so-playbook:HH1.1.1 + - hostname: playbook + - name: so-playbook + - port_bindings: + - 0.0.0.0:3200:3000 + +so-navigatorimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-navigator:HH1.1.1 + +so-navigator: + docker_container.running: + - require: + - so-navigatorimage + - image: soshybridhunter/so-navigator:HH1.1.1 + - hostname: navigator + - name: so-navigator + - binds: + - /opt/so/conf/playbook/navigator_config.json:/nav-app/src/assets/config.json:ro + - /opt/so/conf/playbook/nav_layer_playbook.json:/nav-app/src/assets/playbook.json:ro + - port_bindings: + - 0.0.0.0:4200:4200