{% set es = salt['pillar.get']('global:url_base', '') %}
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}

alert:
- "modules.so.playbook-es.PlaybookESAlerter"

elasticsearch_host: "{{ es }}:9200"
elasticsearch_user: "{{ ES_USER }}"
elasticsearch_pass: "{{ ES_PASS }}"
play_title: ""
play_id: ""
event.module: "playbook"
event.dataset: "alert"
event.severity:
rule.category: 
play_url: "https://{{ es }}/playbook/issues/6000"
kibana_pivot: "https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))"
soc_pivot: "https://{{es}}/#/hunt"
sigma_level: ""