From 66afac30a91456b026f9a9f9281c6a80cb969f72 Mon Sep 17 00:00:00 2001
From: Arne Oslebo <arne.oslebo@uninett.no>
Date: Mon, 15 Feb 2021 15:51:13 +0100
Subject: [PATCH] fixed issues with the hive sso
---
group_vars/all/main.yml | 5 -----
group_vars/all/users.yml | 20 ++++---------------
roles/cortex/templates/application.conf.j2 | 4 ++--
.../templates/kibana_graphs.ndjson.j2 | 2 +-
roles/thehive/tasks/createusers.yml | 4 ++--
roles/thehive/tasks/organization.yml | 4 ++--
roles/thehive/templates/application.conf.j2 | 4 ++--
roles/thehive/templates/kibanauser.json | 2 +-
roles/thehive/templates/users.json | 6 +++---
utils/kibana_graphs2template.py | 2 +-
10 files changed, 18 insertions(+), 35 deletions(-)
diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index 7815c41..4740040 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -6,11 +6,6 @@ maxmind_key: ""
docker_build_dir: "{{playbook_dir}}/build"
-# TheHive Button plugin
-THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"
-THEHIVE_API_KEY: "5LymseWiurZBrQN8Kqp8O+9KniTL5cE0"
-THEHIVE_OWNER: "admin"
-
soctools_netname: "soctoolsnet"
soctools_network: "172.22.0.0/16"
diff --git a/group_vars/all/users.yml b/group_vars/all/users.yml
index 6710fa8..b0f97bc 100644
--- a/group_vars/all/users.yml
+++ b/group_vars/all/users.yml
@@ -1,16 +1,18 @@
---
+domain: "soctools.test"
+
soctools_users:
- firstname: "User1"
lastname: "SOC"
username: "user1"
- email: "user1@soctools.test"
+ email: "user1@{{domain}}"
DN: "CN=User1Soctools"
CN: "User1Soctools"
- firstname: "User2"
lastname: "SOC"
username: "user2"
- email: "user2@soctools.test"
+ email: "user2@{{domain}}"
DN: "CN=User2Soctools"
CN: "User2Soctools"
@@ -18,23 +20,9 @@ soctools_users:
ODFE_ADMIN_USERS:
- user1
-THEHIVE_ORGANIZATION: "uninett.no"
-
THEHIVE_KIBANA_USER:
username: "kibana"
name: "Kibana"
surname: "User"
roles: '["read", "write"]'
-
-THEHIVE_USERS:
- - user1:
- username: "user1"
- name: "User1"
- surname: "SOC"
- roles: '["read", "write", "admin"]'
- - user2:
- username: "user2"
- name: "User2"
- surname: "SOC"
- roles: '["read", "write", "admin"]'
diff --git a/roles/cortex/templates/application.conf.j2 b/roles/cortex/templates/application.conf.j2
index 00cd4e8..e872e5d 100644
--- a/roles/cortex/templates/application.conf.j2
+++ b/roles/cortex/templates/application.conf.j2
@@ -162,7 +162,7 @@ auth {
# organization = "org"
#}
# defaultRoles = ["read", "write", "admin"]
-# defaultOrganization = "uninett.no"
+# defaultOrganization = "{{domain}}"
#defaultRoles = ["read"]
#defaultOrganization = "csirt"
#groups {
@@ -184,7 +184,7 @@ auth {
organization = "org"
}
defaultRoles = ["read", "analyze"]
- defaultOrganization = "uninett.no"
+ defaultOrganization = "{{domain}}"
}
}
diff --git a/roles/odfekibana/templates/kibana_graphs.ndjson.j2 b/roles/odfekibana/templates/kibana_graphs.ndjson.j2
index 6093f09..0933c40 100644
--- a/roles/odfekibana/templates/kibana_graphs.ndjson.j2
+++ b/roles/odfekibana/templates/kibana_graphs.ndjson.j2
@@ -15,7 +15,7 @@
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": []\n}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top dst IP","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\n \"title\": \"Suricata alerts - top ip_dst_addr \",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMetricsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\",\n \"dimensions\": {\n \"metrics\": [\n {\n \"accessor\": 1,\n \"format\": {\n \"id\": \"number\"\n },\n \"params\": {},\n \"aggType\": \"cardinality\"\n }\n ],\n \"buckets\": [\n {\n \"accessor\": 0,\n \"format\": {\n \"id\": \"terms\",\n \"params\": {\n \"id\": \"string\",\n \"otherBucketLabel\": \"Other\",\n \"missingBucketLabel\": \"Missing\"\n }\n },\n \"params\": {},\n \"aggType\": \"terms\"\n }\n ]\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"alert.signature_id\",\n \"customLabel\": \"Unique\"\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"destination.ip.keyword\",\n \"order\": \"desc\",\n \"size\": 10,\n \"orderBy\": \"1\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"customLabel\": \"Dst IP\"\n }\n }\n ]\n}"},"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-02-10T09:07:04.193Z","version":"WzY2LDFd"}
{"attributes":{"columns":["ip_dst_addr_misp","ip_dst_addr","alert.signature","ip_dst_addr_misp_url"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"destination.ip_misp>0\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Suricata Alerts Misp","version":1},"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"search":"7.4.0"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-02-10T09:09:17.354Z","version":"WzcwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": []\n}"},"savedSearchRefName":"search_0","title":"Dst IP in misp","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\n \"title\": \"Dst IP in misp\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMetricsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\",\n \"dimensions\": {\n \"metrics\": [\n {\n \"accessor\": 1,\n \"format\": {\n \"id\": \"number\"\n },\n \"params\": {},\n \"aggType\": \"count\"\n }\n ],\n \"buckets\": [\n {\n \"accessor\": 0,\n \"format\": {\n \"id\": \"terms\",\n \"params\": {\n \"id\": \"string\",\n \"otherBucketLabel\": \"Other\",\n \"missingBucketLabel\": \"Missing\"\n }\n },\n \"params\": {},\n \"aggType\": \"terms\"\n }\n ]\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"destination.ip.keyword\",\n \"order\": \"desc\",\n \"size\": 5,\n \"orderBy\": \"1\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"customLabel\": \"Signature\"\n }\n }\n ]\n}"},"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-02-10T09:08:15.862Z","version":"WzY4LDFd"}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": [],\n \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"Suricata alerts - the Hive","uiStateJSON":"{}","version":1,"visState":"{\n \"title\": \"Suricata alerts - the Hive\",\n \"type\": \"thehive_button\",\n \"params\": {\n \"url\": \"https://hive.gn4-3-wp8-soc.sunet.se/\",\n \"apikey\": \"5LymseWiurZBrQN8Kqp8O+9KniTL5cE0\",\n \"owner\": \"admin\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"source.ip.keyword\",\n \"order\": \"desc\",\n \"size\": 20,\n \"orderBy\": \"1\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\"\n }\n }\n ]\n}"},"id":"48992900-62d3-11ea-aaa3-bb2f31340783","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-02-10T09:10:21.209Z","version":"WzcyLDFd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": [],\n \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"Suricata alerts - the Hive","uiStateJSON":"{}","version":1,"visState":"{\n \"title\": \"Suricata alerts - the Hive\",\n \"type\": \"thehive_button\",\n \"params\": {\n \"url\": \"https://{{soctoolsproxy}}:9000\",\n \"apikey\": \"{{lookup('file', '{{playbook_dir}}/secrets/tokens/thehive_kibana_secret_key')}}\",\n \"owner\": \"{{THEHIVE_KIBANA_USER.username}}\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"source.ip.keyword\",\n \"order\": \"desc\",\n \"size\": 20,\n \"orderBy\": \"1\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\"\n }\n }\n ]\n}"},"id":"48992900-62d3-11ea-aaa3-bb2f31340783","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-02-10T09:10:21.209Z","version":"WzcyLDFd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":7,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":16,\"w\":48,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":7,\"w\":15,\"h\":9,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":15,\"y\":7,\"w\":9,\"h\":9,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":24,\"y\":7,\"w\":11,\"h\":9,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":39,\"y\":7,\"w\":9,\"h\":4,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"Suricata Alerts","version":1},"id":"368ddb80-0b7f-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"71a37750-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_0","type":"visualization"},{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_1","type":"search"},{"id":"d7d96e70-0b7d-11ea-bc07-2bc38b4c4b9b","name":"panel_2","type":"visualization"},{"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","name":"panel_3","type":"visualization"},{"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","name":"panel_4","type":"visualization"},{"id":"48992900-62d3-11ea-aaa3-bb2f31340783","name":"panel_5","type":"visualization"}],"type":"dashboard","updated_at":"2021-02-10T08:39:17.585Z","version":"WzE4LDFd"}
{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"class\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"class\",\"subType\":\"multi\"},{\"name\":\"level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"level\",\"subType\":\"multi\"},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"message\",\"subType\":\"multi\"},{\"name\":\"source_file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_file\",\"subType\":\"multi\"},{\"name\":\"source_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_host\",\"subType\":\"multi\"},{\"name\":\"stackTrace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"stackTrace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"stackTrace\",\"subType\":\"multi\"},{\"name\":\"thread\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"thread.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"thread\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"timestamp","title":"logs-nifi-*"},"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2021-02-10T08:39:17.585Z","version":"WzE5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"NiFi Logs - Histogram","uiStateJSON":"{\"vis\":{\"colors\":{\"ERROR\":\"#BF1B00\",\"WARN\":\"#CCA300\",\"INFO\":\"#1F78C1\"}}}","version":1,"visState":"{\"title\":\"NiFi Logs - Histogram\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-12-20T10:47:07.185Z\",\"max\":\"2020-12-21T10:47:07.185Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"bottom\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"level.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"085d3790-437a-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-02-10T08:39:17.585Z","version":"WzIwLDFd"}
diff --git a/roles/thehive/tasks/createusers.yml b/roles/thehive/tasks/createusers.yml
index 7125a0b..9179cc5 100644
--- a/roles/thehive/tasks/createusers.yml
+++ b/roles/thehive/tasks/createusers.yml
@@ -6,7 +6,7 @@
src: users.json
dest: /tmp/{{ item.username }}.json
with_items:
- - "{{ THEHIVE_USERS }}"
+ - "{{ soctools_users }}"
- name: create users
remote_user: root
@@ -14,4 +14,4 @@
args:
warn: false
with_items:
- - "{{ THEHIVE_USERS }}"
+ - "{{ soctools_users }}"
diff --git a/roles/thehive/tasks/organization.yml b/roles/thehive/tasks/organization.yml
index edfa059..03528a7 100644
--- a/roles/thehive/tasks/organization.yml
+++ b/roles/thehive/tasks/organization.yml
@@ -8,8 +8,8 @@
Authorization: "Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}"
body_format: form-urlencoded
body:
- name: "{{ THEHIVE_ORGANIZATION }}"
- description: "{{ THEHIVE_ORGANIZATION }}"
+ name: "{{ domain }}"
+ description: "{{ domain }}"
status_code: 201
ignore_errors: True
diff --git a/roles/thehive/templates/application.conf.j2 b/roles/thehive/templates/application.conf.j2
index b66cf81..7dfc7e1 100644
--- a/roles/thehive/templates/application.conf.j2
+++ b/roles/thehive/templates/application.conf.j2
@@ -85,7 +85,7 @@ auth {
// roles: "role"
// }
defaultRoles: ["read", "write", "admin"]
- defaultOrganization: "uninett.no"
+ defaultOrganization: "{{domain}}"
// defaultOrganization: "demo"
}
ws.ssl.trustManager {
@@ -99,7 +99,7 @@ auth {
}
# The format of logins must be valid email address format. If the provided login doesn't contain `@` the following
# domain is automatically appended
- defaultUserDomain: "uninett.no"
+ defaultUserDomain: "{{domain}}"
# defaultUserDomain: "thehive.local"
}
diff --git a/roles/thehive/templates/kibanauser.json b/roles/thehive/templates/kibanauser.json
index 5feebb3..5f8a562 100644
--- a/roles/thehive/templates/kibanauser.json
+++ b/roles/thehive/templates/kibanauser.json
@@ -2,5 +2,5 @@
"login": "{{ THEHIVE_KIBANA_USER.username }}",
"name": "{{ THEHIVE_KIBANA_USER.name }} {{ THEHIVE_KIBANA_USER.surname }}",
"roles": {{ THEHIVE_KIBANA_USER.roles }},
- "organisation": "{{ THEHIVE_ORGANIZATION }}"
+ "organisation": "{{ domain }}"
}
diff --git a/roles/thehive/templates/users.json b/roles/thehive/templates/users.json
index cba95d6..123f171 100644
--- a/roles/thehive/templates/users.json
+++ b/roles/thehive/templates/users.json
@@ -1,6 +1,6 @@
{
"login": "{{ item.username }}",
- "name": "{{ item.name }} {{ item.surname }}",
- "roles": {{ item.roles }},
- "organisation": "{{ THEHIVE_ORGANIZATION }}"
+ "name": "{{ item.firstname }} {{ item.lastname }}",
+ "roles": ["read", "write", "admin"],
+ "organisation": "{{ domain }}"
}
diff --git a/utils/kibana_graphs2template.py b/utils/kibana_graphs2template.py
index 302bb10..08d0ef0 100755
--- a/utils/kibana_graphs2template.py
+++ b/utils/kibana_graphs2template.py
@@ -11,7 +11,7 @@ r=open(args.graphsfile,"r")
w=open(args.templatefile,"w")
for line in r:
- line=re.sub(r'(^.*thehive_button\\\",\\\"params\\\":{\\\"url\\\":\\\")[^\\"]*(.*apikey\\\":\\\")[^\\\"]*(.*owner\\\":\\\")[^\\"]*(.*$)',"\g<1>{{THEHIVE_URL}}\g<2>{{THEHIVE_API_KEY}}\g<3>{{THEHIVE_OWNER}}\g<4>",line)
+ line=re.sub(r'(^.*thehive_button.*url\\":[^"].")[^\\"]*(.*apikey\\":[^"]*")[^\\"]*(.*owner\\":[^"]*")[^\\"]*(.*$)',"\g<1>https://{{soctoolsproxy}}:9000\g<2>{{lookup('file', '{{playbook_dir}}/secrets/tokens/thehive_kibana_secret_key')}}\g<3>{{THEHIVE_KIBANA_USER.username}}\g<4>",line)
line=re.sub(r"(^.*)https:\/\/[^\/]*(.*destination\.ip_misp\.keyword.*$)","\g<1>{{misp_url}}\g<2>",line)
w.write(line)
--
GitLab