CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-02-22 06:55:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove default Elastalert rules to stop automated alerts from being sent to thehive

Browse Source
This commit is contained in:
Jason Ertel
2020-09-30 15:06:54 -04:00
parent 5b16a65422
commit ff04bb507a
3 changed files with 7 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
salt/soc/files/soc/soc.json
View File

@@ -1,5 +1,6 @@
{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') -%}
{%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%}
{%- set THEHIVEKEY = salt['pillar.get']('global:hivekey', '') -%}
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
{
"logFilename": "/opt/sensoroni/logs/sensoroni-server.log",
@@ -24,7 +25,12 @@
"statickeyauth": {
"anonymousCidr": "172.17.0.0/24",
"apiKey": "{{ SENSORONIKEY }}"
}
},
"thehive": {
"hostUrl": "http://{{ MANAGERIP }}:9000/thehive",
"key": "{{ THEHIVEKEY }}",
"verifyCert": false
}
},
"client": {
"hunt": {
@@ -150,7 +156,6 @@
"actions": [
{ "name": "", "description": "actionHuntHelp", "icon": "fa-search", "link": "/#/hunt?q=\"{value}\" | groupby event.module event.dataset", "target": "" },
{ "name": "", "description": "actionPcapHelp", "icon": "fa-stream", "link": "/joblookup?esid={eventId}", "target": "" },
{ "name": "", "description": "actionAlertHelp", "icon": "fa-bell", "link": "/soctopus/thehive/alert/{eventId}", "target": "_blank" },
{ "name": "", "description": "actionGoogleHelp", "icon": "fab fa-google", "link": "https://www.google.com/search?q={value}", "target": "_blank" },
{ "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "", "link": "https://www.virustotal.com/gui/search/{value}", "target": "_blank" }
]
@@ -185,7 +190,6 @@
"actions": [
{ "name": "", "description": "actionHuntHelp", "icon": "fa-crosshairs", "link": "/#/hunt?q=\"{value}\" | groupby event.module event.dataset", "target": "_blank" },
{ "name": "", "description": "actionPcapHelp", "icon": "fa-stream", "link": "/joblookup?esid={eventId}", "target": "_blank" },
{ "name": "", "description": "actionAlertHelp", "icon": "fa-bell", "link": "/soctopus/thehive/alert/{eventId}", "target": "_blank" },
{ "name": "", "description": "actionGoogleHelp", "icon": "fab fa-google", "link": "https://www.google.com/search?q={value}", "target": "_blank" },
{ "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "", "link": "https://www.virustotal.com/gui/search/{value}", "target": "_blank" }
]