mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-09 10:42:54 +01:00
68 lines
1.3 KiB
Plaintext
68 lines
1.3 KiB
Plaintext
{%- set MASTER = salt['pillar.get']('master:url_base', '') %}
|
|
{%- set HIVEKEY = salt['pillar.get']('static:hivekey', '') %}
|
|
{%- set CORTEXKEY = salt['pillar.get']('static:cortexorguserkey', '') %}
|
|
|
|
[es]
|
|
es_url = http://{{MASTER}}:9200
|
|
es_user = YOURESUSER
|
|
es_pass = YOURESPASS
|
|
es_index_pattern = so-*
|
|
es_verifycert = no
|
|
|
|
[cortex]
|
|
auto_analyze_alerts = no
|
|
cortex_url = https://{{MASTER}}/cortex/
|
|
cortex_key = {{ CORTEXKEY }}
|
|
supported_analyzers = Urlscan_io_Search,CERTatPassiveDNS
|
|
|
|
[fir]
|
|
fir_url = YOURFIRURL
|
|
fir_token = YOURFIRTOKEN
|
|
fir_actor = 3
|
|
fir_category = 3
|
|
fir_confidentiality = 1
|
|
fir_detection = 2
|
|
fir_plan = 8
|
|
fir_severity = 4
|
|
fir_verifycert = no
|
|
|
|
[grr]
|
|
grr_url = YOURGRRURL
|
|
grr_user = YOURGRRUSER
|
|
grr_pass = YOURGRRPASS
|
|
|
|
[hive]
|
|
hive_url = https://{{MASTER}}/thehive/
|
|
hive_key = {{ HIVEKEY }}
|
|
hive_tlp = 3
|
|
hive_verifycert = no
|
|
|
|
[misp]
|
|
misp_url = YOURMISPURL
|
|
misp_key = YOURMISPKEY
|
|
misp_verifycert = no
|
|
distrib = 0
|
|
threat = 4
|
|
analysis = 0
|
|
|
|
[rtir]
|
|
rtir_url = YOURRTIRURL
|
|
rtir_api = REST/1.0/
|
|
rtir_user = YOURRTIRUSER
|
|
rtir_pass = YOURRTIRPASS
|
|
rtir_queue = Incidents
|
|
rtir_creator = root
|
|
rtir_verifycert = no
|
|
|
|
[slack]
|
|
slack_url = YOURSLACKWORKSPACE
|
|
slack_webhook = YOURSLACKWEBHOOK
|
|
|
|
[playbook]
|
|
playbook_url = https://{{MASTER}}/playbook
|
|
playbook_key = de6639318502476f2fa5aa06f43f51fb389a3d7f
|
|
playbook_verifycert = no
|
|
|
|
[log]
|
|
logfile = /var/log/SOCtopus/soctopus.log
|