mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-07 01:32:47 +01:00
28 lines
676 B
Plaintext
28 lines
676 B
Plaintext
{% set es = salt['pillar.get']('static:masterip', '') %}
|
|
{% set hivehost = salt['pillar.get']('static:masterip', '') %}
|
|
{% set hivekey = salt['pillar.get']('static:hivekey', '') %}
|
|
es_host: {{es}}
|
|
es_port: 9200
|
|
|
|
alert: modules.so.thehive.TheHiveAlerter
|
|
|
|
hive_connection:
|
|
hive_host: https://{{hivehost}}/thehive/
|
|
hive_apikey: {{hivekey}}
|
|
|
|
hive_proxies:
|
|
http: ''
|
|
https: ''
|
|
|
|
hive_alert_config:
|
|
title: '{rule[name]}'
|
|
type: 'external'
|
|
source: 'SecurityOnion'
|
|
description: "`Play:` https://{{es}}/playbook/issues/6000 \n\n `Data:` {match[message]}"
|
|
severity: 2
|
|
tags: ['elastalert', 'SecurityOnion']
|
|
tlp: 3
|
|
status: 'New'
|
|
follow: True
|
|
caseTemplate: '5000'
|