{% set es = salt['pillar.get']('static:masterip', '') %}
{% set hivehost = salt['pillar.get']('static:masterip', '') %}
{% set hivekey = salt['pillar.get']('static:hivekey', '') %}
es_host: {{es}}
es_port: 9200

alert: modules.so.thehive.TheHiveAlerter

hive_connection:
  hive_host: https://{{hivehost}}/thehive/
  hive_apikey: {{hivekey}}

hive_proxies:
  http: ''
  https: ''

hive_alert_config:
  title: '{rule[name]}'
  type: 'external'
  source: 'SecurityOnion'
  description: "`Play:` https://{{es}}/playbook/issues/6000 \n\n `Data:` {match[message]}"
  severity: 2
  tags: ['elastalert', 'SecurityOnion']
  tlp: 3
  status: 'New'
  follow: True
  caseTemplate: '5000'