mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
85 lines
2.1 KiB
Plaintext
85 lines
2.1 KiB
Plaintext
{%- set MANAGER = salt['pillar.get']('manager:mainip', '') %}
|
|
{%- set URLBASE = salt['pillar.get']('global:url_base', '') %}
|
|
{%- set HIVEKEY = salt['pillar.get']('global:hivekey', '') %}
|
|
{%- set THEHIVEURL = salt['pillar.get']('global:hiveurl', '') %}
|
|
{%- set CORTEXKEY = salt['pillar.get']('global:cortexorguserkey', '') %}
|
|
{%- set PLAYBOOK_KEY = salt['pillar.get']('playbook:api_key', '') %}
|
|
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
|
|
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
|
|
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
|
|
{%- else %}
|
|
{%- set ES_USER = '' %}
|
|
{%- set ES_PASS = '' %}
|
|
{%- endif %}
|
|
|
|
[es]
|
|
es_url = https://{{MANAGER}}:9200
|
|
es_ip = {{MANAGER}}
|
|
es_user = {{ ES_USER }}
|
|
es_pass = "{{ ES_PASS }}"
|
|
es_index_pattern = so-*
|
|
es_verifycert = no
|
|
|
|
[cortex]
|
|
auto_analyze_alerts = no
|
|
cortex_url = https://{{THEHIVEURL}}/cortex/
|
|
cortex_key = {{ CORTEXKEY }}
|
|
supported_analyzers = Urlscan_io_Search,CERTatPassiveDNS
|
|
|
|
[fir]
|
|
fir_url = YOURFIRURL
|
|
fir_token = YOURFIRTOKEN
|
|
fir_actor = 3
|
|
fir_category = 3
|
|
fir_confidentiality = 1
|
|
fir_detection = 2
|
|
fir_plan = 8
|
|
fir_severity = 4
|
|
fir_verifycert = no
|
|
|
|
[grr]
|
|
grr_url = YOURGRRURL
|
|
grr_user = YOURGRRUSER
|
|
grr_pass = YOURGRRPASS
|
|
|
|
[hive]
|
|
hive_url = https://{{THEHIVEURL}}/thehive/
|
|
hive_key = {{ HIVEKEY }}
|
|
hive_tlp = 3
|
|
hive_verifycert = no
|
|
|
|
[misp]
|
|
misp_url = YOURMISPURL
|
|
misp_key = YOURMISPKEY
|
|
misp_verifycert = no
|
|
distrib = 0
|
|
threat = 4
|
|
analysis = 0
|
|
|
|
[rtir]
|
|
rtir_url = YOURRTIRURL
|
|
rtir_api = REST/1.0/
|
|
rtir_user = YOURRTIRUSER
|
|
rtir_pass = YOURRTIRPASS
|
|
rtir_queue = Incidents
|
|
rtir_creator = root
|
|
rtir_verifycert = no
|
|
|
|
[slack]
|
|
slack_url = YOURSLACKWORKSPACE
|
|
slack_webhook = YOURSLACKWEBHOOK
|
|
|
|
[soc]
|
|
soc_url = http://{{MANAGER}}:9822
|
|
|
|
[playbook]
|
|
playbook_url = http://{{MANAGER}}:3200/playbook
|
|
playbook_ext_url = https://{{URLBASE}}/playbook
|
|
playbook_key = {{ PLAYBOOK_KEY }}
|
|
playbook_verifycert = no
|
|
playbook_unit_test_index = playbook-testing
|
|
playbook_rulesets = {{ salt['pillar.get']('soctopus:playbook:rulesets')|join(",") }}
|
|
|
|
[log]
|
|
logfile = /var/log/SOCtopus/soctopus.log
|