CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 10:42:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
15eadd4f89b6511f723c2abe7d8b1cfac4d34b9a
securityonion/salt/soctopus/files/templates/osquery.template
Jason Ertel 09fbb045a1 If ES auth disabled ensure user/pass are blank
2021-06-16 09:59:57 -04:00

25 lines
930 B
Plaintext
Raw Blame History

{% set es = salt['pillar.get']('global:url_base', '') %}
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
{%- else %}
{%- set ES_USER = '' %}
{%- set ES_PASS = '' %}
{%- endif %}
alert:
- "modules.so.playbook-es.PlaybookESAlerter"
elasticsearch_host: "{{ es }}:9200"
elasticsearch_user: "{{ ES_USER }}"
elasticsearch_pass: "{{ ES_PASS }}"
play_title: ""
event.module: "playbook"
event.dataset: "alert"
event.severity:
rule.category:
play_url: "https://{{ es }}/playbook/issues/6000"
kibana_pivot: "https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))"
soc_pivot: "https://{{es}}/#/hunt"
sigma_level: ""
Reference in New Issue View Git Blame Copy Permalink