CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-31 05:13:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
4a18f8d18a7e52b5e48dc91ef90f4dfd419d9c9f
securityonion/salt/soc/files/soc/soc.json
Jason Ertel 31c04aabdd Disable MRU queries on dashboards
2022-05-09 15:06:43 -04:00

259 lines
10 KiB
JSON
Raw Blame History

{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
{%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') %}
{%- set THEHIVEKEY = salt['pillar.get']('global:hivekey', '') %}
{%- set THEHIVEURL = salt['pillar.get']('global:hiveurl', '') %}
{%- set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
{%- set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
{%- set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
{%- set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
{%- set API_TIMEOUT = salt['pillar.get']('sensoroni:api_timeout_ms', 0) %}
{%- set WEBSOCKET_TIMEOUT = salt['pillar.get']('sensoroni:websocket_timeout_ms', 0) %}
{%- set TIP_TIMEOUT = salt['pillar.get']('sensoroni:tip_timeout_ms', 0) %}
{%- set CACHE_EXPIRATION = salt['pillar.get']('sensoroni:cache_expiration_ms', 0) %}
{%- set ES_FIELDCAPS_CACHE = salt['pillar.get']('sensoroni:es_fieldcaps_cache_ms', '300000') %}
{%- import_json "soc/files/soc/alerts.queries.json" as alerts_queries %}
{%- import_json "soc/files/soc/alerts.eventfields.json" as alerts_eventfields %}
{%- import_json "soc/files/soc/hunt.queries.json" as hunt_queries %}
{%- import_json "soc/files/soc/hunt.eventfields.json" as hunt_eventfields %}
{%- import_json "soc/files/soc/dashboards.queries.json" as dashboards_queries %}
{%- import_json "soc/files/soc/cases.queries.json" as cases_queries %}
{%- import_json "soc/files/soc/cases.eventfields.json" as cases_eventfields %}
{%- import_json "soc/files/soc/menu.actions.json" as menu_actions %}
{%- import_json "soc/files/soc/tools.json" as tools %}
{%- import_json "soc/files/soc/presets.artifacttype.json" as presets_artifacttype %}
{%- import_json "soc/files/soc/presets.category.json" as presets_category %}
{%- import_json "soc/files/soc/presets.pap.json" as presets_pap %}
{%- import_json "soc/files/soc/presets.severity.json" as presets_severity %}
{%- import_json "soc/files/soc/presets.status.json" as presets_status %}
{%- import_json "soc/files/soc/presets.tag.json" as presets_tag %}
{%- import_json "soc/files/soc/presets.tlp.json" as presets_tlp %}
{%- set DNET = salt['pillar.get']('global:dockernet', '172.17.0.0') %}
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
{%- else %}
{%- set ES_USER = '' %}
{%- set ES_PASS = '' %}
{%- endif %}
{%- set ES_INDEX_PATTERNS = salt['pillar.get']('soc:es_index_patterns', '*:so-*') %}
{%- set CASE_MODULE = salt['pillar.get']('soc:case_module', 'soc') %}
{%- set HTTPCASE_CONFIG = salt['pillar.get']('soc:httpcase_config', '') %}
{
"logFilename": "/opt/sensoroni/logs/sensoroni-server.log",
"server": {
"bindAddress": "0.0.0.0:9822",
"baseUrl": "/",
"maxPacketCount": 5000,
"htmlDir": "html",
{%- if ISAIRGAP is sameas true %}
"airgapEnabled": true,
{%- else %}
"airgapEnabled": false,
{%- endif %}
"modules": {
"filedatastore": {
"jobDir": "jobs"
},
"kratos": {
"hostUrl": "http://{{ MANAGERIP }}:4434/"
},
"elastic": {
"hostUrl": "https://{{ MANAGERIP }}:9200",
{%- if salt['pillar.get']('nodestab', {}) %}
"remoteHostUrls": [
{%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
"https://{{ SN.split('_')|first }}:9200"{{ "," if not loop.last else ""}}
{%- endfor %}
],
{%- endif %}
"username": "{{ ES_USER }}",
"password": "{{ ES_PASS }}",
"index": "{{ ES_INDEX_PATTERNS }}",
"cacheMs": {{ ES_FIELDCAPS_CACHE }},
"verifyCert": false,
"casesEnabled": {{ 'true' if CASE_MODULE == 'soc' else 'false' }},
"timeoutMs": {{ API_TIMEOUT }}
},
"influxdb": {
{%- if grains['role'] in ['so-import'] or (grains['role'] == 'so-eval' and GRAFANA == 0) %}
"hostUrl": "",
{%- else %}
"hostUrl": "https://{{ MANAGERIP }}:8086",
{%- endif %}
"token": "",
"org": "",
"bucket": "telegraf",
"verifyCert": false
},
"sostatus": {
"refreshIntervalMs": 30000,
"offlineThresholdMs": 900000
},
{%- if CASE_MODULE == 'thehive' and THEHIVEKEY != '' %}
"thehive": {
"hostUrl": "http://{{ HIVEURL }}:9000/thehive",
"key": "{{ THEHIVEKEY }}",
"verifyCert": false
},
{%- elif CASE_MODULE == 'elasticcases' %}
"elasticcases": {
"hostUrl": "https://{{ MANAGERIP }}:5601",
"username": "{{ ES_USER }}",
"password": "{{ ES_PASS }}",
},
{%- elif CASE_MODULE == 'httpcase' %}
"httpcase": {
{{ HTTPCASE_CONFIG }}
},
{%- endif %}
"statickeyauth": {
"anonymousCidr": "{{ DNET }}/24",
"apiKey": "{{ SENSORONIKEY }}"
},
"staticrbac": {
"roleFiles": [
"rbac/permissions",
"rbac/roles",
"rbac/custom_roles"
],
"userFiles": [
"rbac/users_roles"
]
}
},
"client": {
{%- if ISAIRGAP is sameas true %}
"docsUrl": "/docs/",
"cheatsheetUrl": "/docs/cheatsheet.pdf",
"releaseNotesUrl": "/docs/#release-notes",
{%- else %}
"docsUrl": "https://docs.securityonion.net/en/2.3/",
"cheatsheetUrl": "https://github.com/Security-Onion-Solutions/securityonion-docs/raw/2.3/images/cheat-sheet/Security-Onion-Cheat-Sheet.pdf",
"releaseNotesUrl": "https://docs.securityonion.net/en/2.3/release-notes",
{%- endif %}
"apiTimeoutMs": {{ API_TIMEOUT }},
"webSocketTimeoutMs": {{ WEBSOCKET_TIMEOUT }},
"tipTimeoutMs": {{ TIP_TIMEOUT }},
"cacheExpirationMs": {{ CACHE_EXPIRATION }},
"casesEnabled": {{ 'true' if CASE_MODULE == 'soc' else 'false' }},
"inactiveTools": [
{%- if PLAYBOOK == 0 %}
"toolPlaybook",
{%- endif %}
{%- if not FLEETMANAGER and not FLEETNODE %}
"toolFleet",
{%- endif %}
{%- if GRAFANA == 0 %}
"toolGrafana",
{%- endif %}
"toolUnused"
],
"tools": {{ tools | json }},
"hunt": {
"advanced": true,
"groupItemsPerPage": 10,
"groupFetchLimit": 10,
"eventItemsPerPage": 10,
"eventFetchLimit": 100,
"relativeTimeValue": 24,
"relativeTimeUnit": 30,
"mostRecentlyUsedLimit": 5,
"ackEnabled": false,
"escalateEnabled": true,
"escalateRelatedEventsEnabled": {{ 'true' if CASE_MODULE == 'soc' else 'false' }},
"aggregationActionsEnabled": true,
"eventFields": {{ hunt_eventfields | json }},
"queryBaseFilter": "",
"queryToggleFilters": [
{ "name": "caseExcludeToggle", "filter": "NOT _index:\"*:so-case*\"", "enabled": true }
],
"queries": {{ hunt_queries | json }},
"actions": {{ menu_actions | json }}
},
"dashboards": {
"advanced": true,
"groupItemsPerPage": 10,
"groupFetchLimit": 10,
"eventItemsPerPage": 10,
"eventFetchLimit": 100,
"relativeTimeValue": 24,
"relativeTimeUnit": 30,
"mostRecentlyUsedLimit": 0,
"ackEnabled": false,
"escalateEnabled": true,
"escalateRelatedEventsEnabled": {{ 'true' if CASE_MODULE == 'soc' else 'false' }},
"aggregationActionsEnabled": false,
"eventFields": {{ hunt_eventfields | json }},
"queryBaseFilter": "",
"queryToggleFilters": [
{ "name": "caseExcludeToggle", "filter": "NOT _index:\"*:so-case*\"", "enabled": true }
],
"queries": {{ dashboards_queries | json }},
"actions": {{ menu_actions | json }}
},
"job": {
"actions": {{ menu_actions | json }}
},
"alerts": {
"advanced": false,
"groupItemsPerPage": 50,
"groupFetchLimit": 500,
"eventItemsPerPage": 50,
"eventFetchLimit": 500,
"relativeTimeValue": 24,
"relativeTimeUnit": 30,
"mostRecentlyUsedLimit": 5,
"ackEnabled": true,
"escalateEnabled": true,
"escalateRelatedEventsEnabled": {{ 'true' if CASE_MODULE == 'soc' else 'false' }},
"aggregationActionsEnabled": true,
"eventFields": {{ alerts_eventfields | json }},
"queryBaseFilter": "event.dataset:alert",
"queryToggleFilters": [
{ "name": "acknowledged", "filter": "event.acknowledged:true", "enabled": false, "exclusive": true },
{ "name": "escalated", "filter": "event.escalated:true", "enabled": false, "exclusive": true, "enablesToggles":["acknowledged"] }
],
"queries": {{ alerts_queries | json }},
"actions": {{ menu_actions | json }}
},
"cases": {
"advanced": false,
"groupItemsPerPage": 50,
"groupFetchLimit": 100,
"eventItemsPerPage": 50,
"eventFetchLimit": 500,
"relativeTimeValue": 12,
"relativeTimeUnit": 60,
"mostRecentlyUsedLimit": 5,
"ackEnabled": false,
"escalateEnabled": false,
"escalateRelatedEventsEnabled": false,
"aggregationActionsEnabled": false,
"viewEnabled": true,
"createLink": "/case/create",
"eventFields": {{ cases_eventfields | json }},
"queryBaseFilter": "_index:\"*:so-case\" AND so_kind:case",
"queryToggleFilters": [
],
"queries": {{ cases_queries | json }},
"actions": {{ menu_actions | json }}
},
"case": {
"mostRecentlyUsedLimit": 5,
"renderAbbreviatedCount": 30,
"analyzerNodeId": "{{ grains.host | lower }}",
"presets": {
"artifactType": {{ presets_artifacttype | json }},
"category": {{ presets_category | json }},
"pap": {{ presets_pap | json }},
"severity": {{ presets_severity | json }},
"status": {{ presets_status | json }},
"tags": {{ presets_tag | json }},
"tlp": {{ presets_tlp | json }}
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink