{% set es = salt['pillar.get']('global:managerip', '') %}
{% set hivehost = salt['pillar.get']('global:managerip', '') %}
{% set hivekey = salt['pillar.get']('global:hivekey', '') %}
alert: hivealerter

hive_connection:
  hive_host: http://{{hivehost}}
  hive_port: 9000/thehive
  hive_apikey: {{hivekey}}
  
hive_proxies:
  http: ''
  https: ''

hive_alert_config:
  title: '{rule[name]} - '
  type: 'playbook'
  source: 'SecurityOnion'
  description: "`Play:` https://{{es}}/playbook/issues/6000 \n\n `View Event:` <https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{match[_id]}'),sort:!('@timestamp',desc))>  \n\n `Raw Data:` {match[message]}"
  severity: 2
  tags: ['playbook']
  tlp: 3
  status: 'New'
  follow: True
  caseTemplate: '5000'

alert: modules.so.playbook-es.PlaybookESAlerter
elasticsearch_host: "{{ es }}:9200"
play_title: ""
event.module: "playbook"
event.dataset: "alert"
event.severity:
rule.category: 
play_url: "https://{{ es }}/playbook/issues/6000"
kibana_pivot: "https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))"
soc_pivot: "https://{{es}}/#/hunt"
sigma_level: ""