Skip to content
Snippets Groups Projects
Commit 66afac30 authored by Arne Øslebø's avatar Arne Øslebø
Browse files

fixed issues with the hive sso

parent 042a3f66
No related branches found
No related tags found
No related merge requests found
...@@ -6,11 +6,6 @@ maxmind_key: "" ...@@ -6,11 +6,6 @@ maxmind_key: ""
docker_build_dir: "{{playbook_dir}}/build" docker_build_dir: "{{playbook_dir}}/build"
# TheHive Button plugin
THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"
THEHIVE_API_KEY: "5LymseWiurZBrQN8Kqp8O+9KniTL5cE0"
THEHIVE_OWNER: "admin"
soctools_netname: "soctoolsnet" soctools_netname: "soctoolsnet"
soctools_network: "172.22.0.0/16" soctools_network: "172.22.0.0/16"
......
--- ---
domain: "soctools.test"
soctools_users: soctools_users:
- firstname: "User1" - firstname: "User1"
lastname: "SOC" lastname: "SOC"
username: "user1" username: "user1"
email: "user1@soctools.test" email: "user1@{{domain}}"
DN: "CN=User1Soctools" DN: "CN=User1Soctools"
CN: "User1Soctools" CN: "User1Soctools"
- firstname: "User2" - firstname: "User2"
lastname: "SOC" lastname: "SOC"
username: "user2" username: "user2"
email: "user2@soctools.test" email: "user2@{{domain}}"
DN: "CN=User2Soctools" DN: "CN=User2Soctools"
CN: "User2Soctools" CN: "User2Soctools"
...@@ -18,23 +20,9 @@ soctools_users: ...@@ -18,23 +20,9 @@ soctools_users:
ODFE_ADMIN_USERS: ODFE_ADMIN_USERS:
- user1 - user1
THEHIVE_ORGANIZATION: "uninett.no"
THEHIVE_KIBANA_USER: THEHIVE_KIBANA_USER:
username: "kibana" username: "kibana"
name: "Kibana" name: "Kibana"
surname: "User" surname: "User"
roles: '["read", "write"]' roles: '["read", "write"]'
THEHIVE_USERS:
- user1:
username: "user1"
name: "User1"
surname: "SOC"
roles: '["read", "write", "admin"]'
- user2:
username: "user2"
name: "User2"
surname: "SOC"
roles: '["read", "write", "admin"]'
...@@ -162,7 +162,7 @@ auth { ...@@ -162,7 +162,7 @@ auth {
# organization = "org" # organization = "org"
#} #}
# defaultRoles = ["read", "write", "admin"] # defaultRoles = ["read", "write", "admin"]
# defaultOrganization = "uninett.no" # defaultOrganization = "{{domain}}"
#defaultRoles = ["read"] #defaultRoles = ["read"]
#defaultOrganization = "csirt" #defaultOrganization = "csirt"
#groups { #groups {
...@@ -184,7 +184,7 @@ auth { ...@@ -184,7 +184,7 @@ auth {
organization = "org" organization = "org"
} }
defaultRoles = ["read", "analyze"] defaultRoles = ["read", "analyze"]
defaultOrganization = "uninett.no" defaultOrganization = "{{domain}}"
} }
} }
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": []\n}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top dst IP","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\n \"title\": \"Suricata alerts - top ip_dst_addr \",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMetricsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\",\n \"dimensions\": {\n \"metrics\": [\n {\n \"accessor\": 1,\n \"format\": {\n \"id\": \"number\"\n },\n \"params\": {},\n \"aggType\": \"cardinality\"\n }\n ],\n \"buckets\": [\n {\n \"accessor\": 0,\n \"format\": {\n \"id\": \"terms\",\n \"params\": {\n \"id\": \"string\",\n \"otherBucketLabel\": \"Other\",\n \"missingBucketLabel\": \"Missing\"\n }\n },\n \"params\": {},\n \"aggType\": \"terms\"\n }\n ]\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"alert.signature_id\",\n \"customLabel\": \"Unique\"\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"destination.ip.keyword\",\n \"order\": \"desc\",\n \"size\": 10,\n \"orderBy\": \"1\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"customLabel\": \"Dst IP\"\n }\n }\n ]\n}"},"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-02-10T09:07:04.193Z","version":"WzY2LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": []\n}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top dst IP","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\n \"title\": \"Suricata alerts - top ip_dst_addr \",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMetricsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\",\n \"dimensions\": {\n \"metrics\": [\n {\n \"accessor\": 1,\n \"format\": {\n \"id\": \"number\"\n },\n \"params\": {},\n \"aggType\": \"cardinality\"\n }\n ],\n \"buckets\": [\n {\n \"accessor\": 0,\n \"format\": {\n \"id\": \"terms\",\n \"params\": {\n \"id\": \"string\",\n \"otherBucketLabel\": \"Other\",\n \"missingBucketLabel\": \"Missing\"\n }\n },\n \"params\": {},\n \"aggType\": \"terms\"\n }\n ]\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"alert.signature_id\",\n \"customLabel\": \"Unique\"\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"destination.ip.keyword\",\n \"order\": \"desc\",\n \"size\": 10,\n \"orderBy\": \"1\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"customLabel\": \"Dst IP\"\n }\n }\n ]\n}"},"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-02-10T09:07:04.193Z","version":"WzY2LDFd"}
{"attributes":{"columns":["ip_dst_addr_misp","ip_dst_addr","alert.signature","ip_dst_addr_misp_url"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"destination.ip_misp>0\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Suricata Alerts Misp","version":1},"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"search":"7.4.0"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-02-10T09:09:17.354Z","version":"WzcwLDFd"} {"attributes":{"columns":["ip_dst_addr_misp","ip_dst_addr","alert.signature","ip_dst_addr_misp_url"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"destination.ip_misp>0\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Suricata Alerts Misp","version":1},"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"search":"7.4.0"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-02-10T09:09:17.354Z","version":"WzcwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": []\n}"},"savedSearchRefName":"search_0","title":"Dst IP in misp","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\n \"title\": \"Dst IP in misp\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMetricsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\",\n \"dimensions\": {\n \"metrics\": [\n {\n \"accessor\": 1,\n \"format\": {\n \"id\": \"number\"\n },\n \"params\": {},\n \"aggType\": \"count\"\n }\n ],\n \"buckets\": [\n {\n \"accessor\": 0,\n \"format\": {\n \"id\": \"terms\",\n \"params\": {\n \"id\": \"string\",\n \"otherBucketLabel\": \"Other\",\n \"missingBucketLabel\": \"Missing\"\n }\n },\n \"params\": {},\n \"aggType\": \"terms\"\n }\n ]\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"destination.ip.keyword\",\n \"order\": \"desc\",\n \"size\": 5,\n \"orderBy\": \"1\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"customLabel\": \"Signature\"\n }\n }\n ]\n}"},"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-02-10T09:08:15.862Z","version":"WzY4LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": []\n}"},"savedSearchRefName":"search_0","title":"Dst IP in misp","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\n \"title\": \"Dst IP in misp\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMetricsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\",\n \"dimensions\": {\n \"metrics\": [\n {\n \"accessor\": 1,\n \"format\": {\n \"id\": \"number\"\n },\n \"params\": {},\n \"aggType\": \"count\"\n }\n ],\n \"buckets\": [\n {\n \"accessor\": 0,\n \"format\": {\n \"id\": \"terms\",\n \"params\": {\n \"id\": \"string\",\n \"otherBucketLabel\": \"Other\",\n \"missingBucketLabel\": \"Missing\"\n }\n },\n \"params\": {},\n \"aggType\": \"terms\"\n }\n ]\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"destination.ip.keyword\",\n \"order\": \"desc\",\n \"size\": 5,\n \"orderBy\": \"1\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"customLabel\": \"Signature\"\n }\n }\n ]\n}"},"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-02-10T09:08:15.862Z","version":"WzY4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": [],\n \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"Suricata alerts - the Hive","uiStateJSON":"{}","version":1,"visState":"{\n \"title\": \"Suricata alerts - the Hive\",\n \"type\": \"thehive_button\",\n \"params\": {\n \"url\": \"https://hive.gn4-3-wp8-soc.sunet.se/\",\n \"apikey\": \"5LymseWiurZBrQN8Kqp8O+9KniTL5cE0\",\n \"owner\": \"admin\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"source.ip.keyword\",\n \"order\": \"desc\",\n \"size\": 20,\n \"orderBy\": \"1\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\"\n }\n }\n ]\n}"},"id":"48992900-62d3-11ea-aaa3-bb2f31340783","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-02-10T09:10:21.209Z","version":"WzcyLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": [],\n \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"Suricata alerts - the Hive","uiStateJSON":"{}","version":1,"visState":"{\n \"title\": \"Suricata alerts - the Hive\",\n \"type\": \"thehive_button\",\n \"params\": {\n \"url\": \"https://{{soctoolsproxy}}:9000\",\n \"apikey\": \"{{lookup('file', '{{playbook_dir}}/secrets/tokens/thehive_kibana_secret_key')}}\",\n \"owner\": \"{{THEHIVE_KIBANA_USER.username}}\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"source.ip.keyword\",\n \"order\": \"desc\",\n \"size\": 20,\n \"orderBy\": \"1\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\"\n }\n }\n ]\n}"},"id":"48992900-62d3-11ea-aaa3-bb2f31340783","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-02-10T09:10:21.209Z","version":"WzcyLDFd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":7,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":16,\"w\":48,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":7,\"w\":15,\"h\":9,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":15,\"y\":7,\"w\":9,\"h\":9,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":24,\"y\":7,\"w\":11,\"h\":9,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":39,\"y\":7,\"w\":9,\"h\":4,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"Suricata Alerts","version":1},"id":"368ddb80-0b7f-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"71a37750-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_0","type":"visualization"},{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_1","type":"search"},{"id":"d7d96e70-0b7d-11ea-bc07-2bc38b4c4b9b","name":"panel_2","type":"visualization"},{"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","name":"panel_3","type":"visualization"},{"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","name":"panel_4","type":"visualization"},{"id":"48992900-62d3-11ea-aaa3-bb2f31340783","name":"panel_5","type":"visualization"}],"type":"dashboard","updated_at":"2021-02-10T08:39:17.585Z","version":"WzE4LDFd"} {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":7,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":16,\"w\":48,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":7,\"w\":15,\"h\":9,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":15,\"y\":7,\"w\":9,\"h\":9,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":24,\"y\":7,\"w\":11,\"h\":9,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":39,\"y\":7,\"w\":9,\"h\":4,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"Suricata Alerts","version":1},"id":"368ddb80-0b7f-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"71a37750-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_0","type":"visualization"},{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_1","type":"search"},{"id":"d7d96e70-0b7d-11ea-bc07-2bc38b4c4b9b","name":"panel_2","type":"visualization"},{"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","name":"panel_3","type":"visualization"},{"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","name":"panel_4","type":"visualization"},{"id":"48992900-62d3-11ea-aaa3-bb2f31340783","name":"panel_5","type":"visualization"}],"type":"dashboard","updated_at":"2021-02-10T08:39:17.585Z","version":"WzE4LDFd"}
{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"class\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"class\",\"subType\":\"multi\"},{\"name\":\"level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"level\",\"subType\":\"multi\"},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"message\",\"subType\":\"multi\"},{\"name\":\"source_file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_file\",\"subType\":\"multi\"},{\"name\":\"source_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_host\",\"subType\":\"multi\"},{\"name\":\"stackTrace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"stackTrace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"stackTrace\",\"subType\":\"multi\"},{\"name\":\"thread\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"thread.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"thread\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"timestamp","title":"logs-nifi-*"},"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2021-02-10T08:39:17.585Z","version":"WzE5LDFd"} {"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"class\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"class\",\"subType\":\"multi\"},{\"name\":\"level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"level\",\"subType\":\"multi\"},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"message\",\"subType\":\"multi\"},{\"name\":\"source_file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_file\",\"subType\":\"multi\"},{\"name\":\"source_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_host\",\"subType\":\"multi\"},{\"name\":\"stackTrace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"stackTrace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"stackTrace\",\"subType\":\"multi\"},{\"name\":\"thread\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"thread.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"thread\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"timestamp","title":"logs-nifi-*"},"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2021-02-10T08:39:17.585Z","version":"WzE5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"NiFi Logs - Histogram","uiStateJSON":"{\"vis\":{\"colors\":{\"ERROR\":\"#BF1B00\",\"WARN\":\"#CCA300\",\"INFO\":\"#1F78C1\"}}}","version":1,"visState":"{\"title\":\"NiFi Logs - Histogram\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-12-20T10:47:07.185Z\",\"max\":\"2020-12-21T10:47:07.185Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"bottom\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"level.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"085d3790-437a-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-02-10T08:39:17.585Z","version":"WzIwLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"NiFi Logs - Histogram","uiStateJSON":"{\"vis\":{\"colors\":{\"ERROR\":\"#BF1B00\",\"WARN\":\"#CCA300\",\"INFO\":\"#1F78C1\"}}}","version":1,"visState":"{\"title\":\"NiFi Logs - Histogram\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-12-20T10:47:07.185Z\",\"max\":\"2020-12-21T10:47:07.185Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"bottom\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"level.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"085d3790-437a-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-02-10T08:39:17.585Z","version":"WzIwLDFd"}
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
src: users.json src: users.json
dest: /tmp/{{ item.username }}.json dest: /tmp/{{ item.username }}.json
with_items: with_items:
- "{{ THEHIVE_USERS }}" - "{{ soctools_users }}"
- name: create users - name: create users
remote_user: root remote_user: root
...@@ -14,4 +14,4 @@ ...@@ -14,4 +14,4 @@
args: args:
warn: false warn: false
with_items: with_items:
- "{{ THEHIVE_USERS }}" - "{{ soctools_users }}"
...@@ -8,8 +8,8 @@ ...@@ -8,8 +8,8 @@
Authorization: "Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}" Authorization: "Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}"
body_format: form-urlencoded body_format: form-urlencoded
body: body:
name: "{{ THEHIVE_ORGANIZATION }}" name: "{{ domain }}"
description: "{{ THEHIVE_ORGANIZATION }}" description: "{{ domain }}"
status_code: 201 status_code: 201
ignore_errors: True ignore_errors: True
...@@ -85,7 +85,7 @@ auth { ...@@ -85,7 +85,7 @@ auth {
// roles: "role" // roles: "role"
// } // }
defaultRoles: ["read", "write", "admin"] defaultRoles: ["read", "write", "admin"]
defaultOrganization: "uninett.no" defaultOrganization: "{{domain}}"
// defaultOrganization: "demo" // defaultOrganization: "demo"
} }
ws.ssl.trustManager { ws.ssl.trustManager {
...@@ -99,7 +99,7 @@ auth { ...@@ -99,7 +99,7 @@ auth {
} }
# The format of logins must be valid email address format. If the provided login doesn't contain `@` the following # The format of logins must be valid email address format. If the provided login doesn't contain `@` the following
# domain is automatically appended # domain is automatically appended
defaultUserDomain: "uninett.no" defaultUserDomain: "{{domain}}"
# defaultUserDomain: "thehive.local" # defaultUserDomain: "thehive.local"
} }
......
...@@ -2,5 +2,5 @@ ...@@ -2,5 +2,5 @@
"login": "{{ THEHIVE_KIBANA_USER.username }}", "login": "{{ THEHIVE_KIBANA_USER.username }}",
"name": "{{ THEHIVE_KIBANA_USER.name }} {{ THEHIVE_KIBANA_USER.surname }}", "name": "{{ THEHIVE_KIBANA_USER.name }} {{ THEHIVE_KIBANA_USER.surname }}",
"roles": {{ THEHIVE_KIBANA_USER.roles }}, "roles": {{ THEHIVE_KIBANA_USER.roles }},
"organisation": "{{ THEHIVE_ORGANIZATION }}" "organisation": "{{ domain }}"
} }
{ {
"login": "{{ item.username }}", "login": "{{ item.username }}",
"name": "{{ item.name }} {{ item.surname }}", "name": "{{ item.firstname }} {{ item.lastname }}",
"roles": {{ item.roles }}, "roles": ["read", "write", "admin"],
"organisation": "{{ THEHIVE_ORGANIZATION }}" "organisation": "{{ domain }}"
} }
...@@ -11,7 +11,7 @@ r=open(args.graphsfile,"r") ...@@ -11,7 +11,7 @@ r=open(args.graphsfile,"r")
w=open(args.templatefile,"w") w=open(args.templatefile,"w")
for line in r: for line in r:
line=re.sub(r'(^.*thehive_button\\\",\\\"params\\\":{\\\"url\\\":\\\")[^\\"]*(.*apikey\\\":\\\")[^\\\"]*(.*owner\\\":\\\")[^\\"]*(.*$)',"\g<1>{{THEHIVE_URL}}\g<2>{{THEHIVE_API_KEY}}\g<3>{{THEHIVE_OWNER}}\g<4>",line) line=re.sub(r'(^.*thehive_button.*url\\":[^"].")[^\\"]*(.*apikey\\":[^"]*")[^\\"]*(.*owner\\":[^"]*")[^\\"]*(.*$)',"\g<1>https://{{soctoolsproxy}}:9000\g<2>{{lookup('file', '{{playbook_dir}}/secrets/tokens/thehive_kibana_secret_key')}}\g<3>{{THEHIVE_KIBANA_USER.username}}\g<4>",line)
line=re.sub(r"(^.*)https:\/\/[^\/]*(.*destination\.ip_misp\.keyword.*$)","\g<1>{{misp_url}}\g<2>",line) line=re.sub(r"(^.*)https:\/\/[^\/]*(.*destination\.ip_misp\.keyword.*$)","\g<1>{{misp_url}}\g<2>",line)
w.write(line) w.write(line)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment