{% set es = salt['pillar.get']('global:url_base', '') %}

alert:
- "modules.so.playbook-es.PlaybookESAlerter"
 
elasticsearch_host: "{{ es }}:9200"
play_title: ""
event.module: "playbook"
event.dataset: "alert"
event.severity:
rule.category: 
play_url: "https://{{ es }}/playbook/issues/6000"
kibana_pivot: "https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))"
soc_pivot: "https://{{es}}/#/hunt"
sigma_level: ""