securityonion/salt/soctopus/files/templates/generic.template

{% set es = salt['pillar.get']('static:masterip', '') %}
{% set hivehost = salt['pillar.get']('static:masterip', '') %}
{% set hivekey = salt['pillar.get']('static:hivekey', '') %}
alert: modules.so.thehive.TheHiveAlerter

hive_connection:
  hive_host: https://{{hivehost}}/thehive/
  hive_apikey: {{hivekey}}

hive_proxies:
  http: ''
  https: ''

hive_alert_config:
  title: '{rule[name]}'
  type: 'playbook'
  source: 'SecurityOnion'
  description: "`Play:` https://{{es}}/playbook/issues/6000 \n\n `View Event:` <https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{match[_id]}'),sort:!('@timestamp',desc))>  \n\n `Raw Data:` {match[message]}"
  severity: 2
  tags: ['playbook']
  tlp: 3
  status: 'New'
  follow: True
  caseTemplate: '5000'