From 037d5d1c460e373b172e6837412307cd2dca41d8 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Fri, 9 Sep 2022 15:55:51 -0400
Subject: [PATCH] Fix yaml for idh,es,kib,esalert

---
 salt/elastalert/init.sls            |  2 +-
 salt/elastalert/soc_elastalert.yaml | 18 +++++++++---------
 salt/influxdb/soc_influxdb.yaml     | 10 +++++-----
 salt/kibana/soc_kibana.yaml         |  2 +-
 4 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls
index 3184c5c5c..309894b18 100644
--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -4,7 +4,7 @@
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls in allowed_states %}
 
-{% from 'elastalert/elastalert_config.map.jinja' import elastalert_defaults as elastalert_config with context %}
+{% from 'elastalert/elastalert_config.map.jinja' import ELASTALERT as elastalert_config with context %}
 
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
diff --git a/salt/elastalert/soc_elastalert.yaml b/salt/elastalert/soc_elastalert.yaml
index bb7f20300..4d381d9da 100644
--- a/salt/elastalert/soc_elastalert.yaml
+++ b/salt/elastalert/soc_elastalert.yaml
@@ -1,25 +1,25 @@
 elastalert:
   config:
-    disable_rules_on_error: false
+    disable_rules_on_error:
       description: Disable rules on failure.
     run_every:
-      minutes: 3
+      minutes:
         description: Amount of time in minutes between searches.
     buffer_time:
-      minutes: 10
+      minutes:
         description: Amount of time in minutes to look through.
     old_query_limit:
-      minutes: 5
+      minutes:
         description: Amount of time in minutes between queries to start at the most recently run query.
-    es_conn_timeout: 55
+    es_conn_timeout:
       description: Timeout in seconds for connecting to and reading from Elasticsearch.
-    max_query_size: 5000
+    max_query_size:
       description: The maximum number of documents that will be downloaded from Elasticsearch in a single query.
     alert_time_limit:
-      days: 2
+      days:
         description: The retry window for failed alerts.
     index_settings:
-      shards: 1
+      shards:
         description: The amount of shards to use for elastalert.
-      replicas: 0
+      replicas:
         description: The amount of replicas for the Elastalert index.
diff --git a/salt/influxdb/soc_influxdb.yaml b/salt/influxdb/soc_influxdb.yaml
index 5dc8ef763..8e52e9b02 100644
--- a/salt/influxdb/soc_influxdb.yaml
+++ b/salt/influxdb/soc_influxdb.yaml
@@ -1,16 +1,16 @@
 influxdb:
   retention_policies:
     so_short_term:
-      duration: 30d
+      duration:
         description: Amount of time to keep short term data.
-      shard_duration: 1d
+      shard_duration:
         description: Time range 
     so_long_term:
-      duration: 0d
+      duration:
         description: Amount of time to keep long term downsampled data.
-      shard_duration: 7d
+      shard_duration:
         description: Amount of the time range covered by the shard group.
   downsample:
     so_long_term:
-      resolution: 5m
+      resolution:
         description: Amount of time to turn into a single data point. 
\ No newline at end of file
diff --git a/salt/kibana/soc_kibana.yaml b/salt/kibana/soc_kibana.yaml
index 80e15df85..dd0e87734 100644
--- a/salt/kibana/soc_kibana.yaml
+++ b/salt/kibana/soc_kibana.yaml
@@ -1,5 +1,5 @@
 kibana:
   config:
     elasticsearch:
-      requestTimeout: 90000
+      requestTimeout:
         description: Request timeout length.