CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-25 09:23:28 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a7b9b565fdbedbfcac9cbc118366f1b805a2dd29
securityonion/salt/soc/files/soc/soc.json

110 lines
4.0 KiB
JSON
Raw Blame History

{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
{%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') %}
{%- set THEHIVEKEY = salt['pillar.get']('global:hivekey', '') %}
{%- set FEATURES = salt['pillar.get']('elastic:features', False) %}
{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
{%- import_json "soc/files/soc/alerts.queries.json" as alerts_queries %}
{%- import_json "soc/files/soc/alerts.actions.json" as alerts_actions %}
{%- import_json "soc/files/soc/alerts.eventfields.json" as alerts_eventfields %}
{%- import_json "soc/files/soc/hunt.queries.json" as hunt_queries %}
{%- import_json "soc/files/soc/hunt.actions.json" as hunt_actions %}
{%- import_json "soc/files/soc/hunt.eventfields.json" as hunt_eventfields %}
{%- set DNET = salt['pillar.get']('global:dockernet', '172.17.0.0') %}
{
"logFilename": "/opt/sensoroni/logs/sensoroni-server.log",
"server": {
"bindAddress": "0.0.0.0:9822",
"baseUrl": "/",
"maxPacketCount": 5000,
"htmlDir": "html",
{%- if ISAIRGAP is sameas true %}
"airgapEnabled": true,
{%- else %}
"airgapEnabled": false,
{%- endif %}
"modules": {
"filedatastore": {
"jobDir": "jobs"
},
"kratos": {
"hostUrl": "http://{{ MANAGERIP }}:4434/"
},
"elastic": {
"hostUrl": "http://{{ MANAGERIP }}:9200",
{%- if salt['pillar.get']('nodestab', {}) %}
"remoteHostUrls": [
{%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
"https://{{ SN.split('_')|first }}:9200"{{ "," if not loop.last else ""}}
{%- endfor %}
],
{%- endif %}
"username": "",
"password": "",
"verifyCert": false
},
"sostatus": {
"refreshIntervalMs": 30000,
"offlineThresholdMs": 60000
},
{% if THEHIVEKEY != '' %}
"thehive": {
"hostUrl": "http://{{ MANAGERIP }}:9000/thehive",
"key": "{{ THEHIVEKEY }}",
"verifyCert": false
},
{% endif %}
"statickeyauth": {
"anonymousCidr": "{{ DNET }}/24",
"apiKey": "{{ SENSORONIKEY }}"
}
},
"client": {
{%- if ISAIRGAP is sameas true %}
"docsUrl": "/docs/",
"cheatsheetUrl": "/docs/cheatsheet.pdf",
{%- else %}
"docsUrl": "https://docs.securityonion.net/en/2.3/",
"cheatsheetUrl": "https://github.com/Security-Onion-Solutions/securityonion-docs/raw/2.3/images/cheat-sheet/Security-Onion-Cheat-Sheet.pdf",
{%- endif %}
"hunt": {
"advanced": true,
"groupItemsPerPage": 10,
"groupFetchLimit": 10,
"eventItemsPerPage": 10,
"eventFetchLimit": 100,
"relativeTimeValue": 24,
"relativeTimeUnit": 30,
"mostRecentlyUsedLimit": 5,
"ackEnabled": false,
"escalateEnabled": {{ 'true' if THEHIVEKEY != '' else 'false' }},
"eventFields": {{ hunt_eventfields | json }},
"queryBaseFilter": "",
"queryToggleFilters": [],
"queries": {{ hunt_queries | json }},
"actions": {{ hunt_actions | json }}
},
"alerts": {
"advanced": false,
"groupItemsPerPage": 50,
"groupFetchLimit": 500,
"eventItemsPerPage": 50,
"eventFetchLimit": 500,
"relativeTimeValue": 24,
"relativeTimeUnit": 30,
"mostRecentlyUsedLimit": 5,
"ackEnabled": true,
"escalateEnabled": {{ 'true' if THEHIVEKEY != '' else 'false' }},
"eventFields": {{ alerts_eventfields | json }},
"queryBaseFilter": "event.dataset:alert",
"queryToggleFilters": [
{ "name": "acknowledged", "filter": "event.acknowledged:true", "enabled": false, "exclusive": true },
{ "name": "escalated", "filter": "event.escalated:true", "enabled": false, "exclusive": true, "enablesToggles":["acknowledged"] }
],
"queries": {{ alerts_queries | json }},
"actions": {{ alerts_actions | json }}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink