diff --git a/HOWTOS.md b/HOWTOS.md
new file mode 100644
index 0000000000000000000000000000000000000000..ae4e2da7b96e93025bcb526dc317b2e7ff918896
--- /dev/null
+++ b/HOWTOS.md
@@ -0,0 +1,73 @@
+Howto's
+=======
+
+Modify main NiFi pipeline
+-------------------------
+
+To make modifications to the main NiFi pipeline and add it to the Ansible playbook, do the following in the soctool directory:
+
+* Make necesarry to the pipeline in the NiFi GUI
+* Copy flow.xml.gz file from one of the NiFi containers:
+ `docker cp soctools-nifi-1:/opt/nifi/nifi-current/conf/flow.xml.gz .`
+* Convert flowx.xml.gz to new template
+ `utils/flow2template.py flow.xml.gz roles/nifi/templates/flow.xml.j2`
+
+
+Update configuration files in docker containers using Ansible
+-------------------------------------------------------------
+To update configuration files for all docker containers together, run the following command:
+ ansible-playbook -i inventories soctools.yml -t update-config
+To update configuration files only for specific services, run the following commands:
+ ansible-playbook -i inventories soctools.yml -t update-keycloak-config
+ ansible-playbook -i inventories soctools.yml -t update-thehive-config
+ ansible-playbook -i inventories soctools.yml -t update-cortex-config
+ ansible-playbook -i inventories soctools.yml -t update-cassandra-config
+ ansible-playbook -i inventories soctools.yml -t update-haproxy-config
+ ansible-playbook -i inventories soctools.yml -t update-filebeat-config
+ ansible-playbook -i inventories soctools.yml -t update-nifi-config
+ ansible-playbook -i inventories soctools.yml -t update-odfees-config
+ ansible-playbook -i inventories soctools.yml -t update-odfekibana-config
+
+
+Restart services inside docker containers using Ansible
+-------------------------------------------------------
+To restart services for all docker containers together, run the following command:
+ ansible-playbook -i inventories soctools.yml -t restart
+To restart services only for specific docker containers, run the following commands:
+ ansible-playbook -i inventories soctools.yml -t restart-keycloak
+ ansible-playbook -i inventories soctools.yml -t restart-thehive
+ ansible-playbook -i inventories soctools.yml -t restart-cortex
+ ansible-playbook -i inventories soctools.yml -t restart-cassandra
+ ansible-playbook -i inventories soctools.yml -t restart-haproxy
+ ansible-playbook -i inventories soctools.yml -t restart-filebeat
+ ansible-playbook -i inventories soctools.yml -t restart-misp
+ ansible-playbook -i inventories soctools.yml -t restart-mysql
+ ansible-playbook -i inventories soctools.yml -t restart-nifi
+ ansible-playbook -i inventories soctools.yml -t restart-odfees
+ ansible-playbook -i inventories soctools.yml -t restart-odfekibana
+
+Stop services inside docker containers using Ansible
+----------------------------------------------------
+To stop services for all docker containers together, run the following command:
+ ansible-playbook -i inventories soctools.yml -t stop
+To stop services only for specific docker containers, run the following commands:
+ ansible-playbook -i inventories soctools.yml -t stop-keycloak
+ ansible-playbook -i inventories soctools.yml -t stop-thehive
+ ansible-playbook -i inventories soctools.yml -t stop-cortex
+ ansible-playbook -i inventories soctools.yml -t stop-cassandra
+ ansible-playbook -i inventories soctools.yml -t stop-haproxy
+ ansible-playbook -i inventories soctools.yml -t stop-filebeat
+ ansible-playbook -i inventories soctools.yml -t stop-misp
+ ansible-playbook -i inventories soctools.yml -t stop-mysql
+ ansible-playbook -i inventories soctools.yml -t stop-nifi
+ ansible-playbook -i inventories soctools.yml -t stop-odfees
+ ansible-playbook -i inventories soctools.yml -t stop-odfekibana
+
+Restart services inside docker containers manually
+--------------------------------------------------
+To restart services inside docker containers after changes in configuration files:
+ 1. Attache container: docker exec -it container_id_or_name bash (example: docker exec -it soctools-keycloak bash)
+ 2. List services and their statuses: supervisorctl status
+ 3. Restart service: supervisorctl restart supervisor_service_name (example: supervisorctl restart keycloak)
+ 4. Detach from container: exit
+
diff --git a/README.md b/README.md
index 967fa3f7e48937ed76b2e4a61ff2d77fa888801c..f44a4984173bae749d95a9cbcf4551c6461643e6 100644
--- a/README.md
+++ b/README.md
@@ -13,36 +13,45 @@ Log in and install ansible:
`yum -y install ansible git`
`ansible-galaxy collection install ansible.posix`
-Clone soctools:
-`git clone https://scm.uninett.no/geant-wp8-t3.1/soctools.git`
+Clone soctools:
+Temporary solution: Upload your ssh key to gitlab.geant.org
+`git clone git@gitlab.geant.org:gn4-3-wp8-t3.1-soc/soctools.git`
`cd soctools`
Install soctools:
-Edit group_vars/all/main.yml and change 'dslproxy' so that it point to the FQDN of the server.
+Edit group_vars/all/main.yml and change 'soctoolsproxy' so that it point to the FQDN of the server.
`vi group_vars/all/main.yml`
-The first entry in the soctools_users variable is the user with full admin privileges in NiFi and Kibana.
+Users are specified in the file:
+`group_vars/all/users.yml`
To configure the server running soctools, run the ansible playbook:
-`ansible-playbook -i soctools-inventory soctools_server.yml`
+`ansible-playbook -i inventories soctools_server.yml`
To build the Docker images needed, run the ansible playbook:
-`ansible-playbook -i soctools-inventory buildimages.yml`
+`ansible-playbook -i inventories buildimages.yml`
To build the CA needed for host and user certificates, run the ansible playbook:
-`ansible-playbook -i soctools-inventory buildca.yml`
+`ansible-playbook -i inventories buildca.yml`
-User certificates are can be found in the directory roles/ca/files/CA/private. Import into browser for authentication.
+If using soctools CA certificates provided with this installation, you first need to download and import root certificate found in secrets/CA/ca.crt
+For Windows, CA certificate should be installed in Trusted Root Certification Authorities store.
+
+User certificates are can be found in the directory secrets/certificates. Import into browser for authentication.
+For Windows, user certificate should be installed in Personal store. Passwords for the certificates can be found in the directory secrets/passwords.
To start the cluster, run the ansible playbook soctools.yml:
-`ansible-playbook -i soctools-inventory soctools.yml -t start`
+`ansible-playbook -i inventories soctools.yml -t start`
To stop the cluster, run the ansible playbook soctools.yml:
-`ansible-playbook -i soctools-inventory soctools.yml -t stop`
-
-The NiFi interface should now be available on port 9443 on the server.
-The OpenDistro for Elasticsearch interface should now be available on port 5601 on the server. To access preconfigured
-index patterns you have to switch to Global tenant.
-The Keycloak IdP interface should now be available on port 12443 on the server.
+`ansible-playbook -i inventories soctools.yml -t stop`
+
+Web interfaces are available on the following ports:
+ * 9443 - NiFi
+ * 5601 - Kibana
+ * 6443 - Misp : Default user/password: admin@admin.test/test
+ * 9000 - The Hive : Default user/password: admin@thehive.local/secret
+ * 9001 - Cortex
+ * 12443 - Keycloak : Default user/password: admin/Pass005
License
-------
diff --git a/buildca.yml b/buildca.yml
index b718286139aa329e0a343f4ff60624cdfc6b3c34..37ef902ce7086d5c92610d72eb86fa0e5022aec6 100644
--- a/buildca.yml
+++ b/buildca.yml
@@ -1,7 +1,7 @@
---
- name: Build certification authority
- hosts: dsldev
+ hosts: soctoolsmain
roles:
- ca
diff --git a/buildimages.yml b/buildimages.yml
index d30f905968d72cffd2aaf2973fcf65a33a3107b2..8a935836e253947d7181cf637718e66cb6b80b23 100644
--- a/buildimages.yml
+++ b/buildimages.yml
@@ -1,7 +1,7 @@
---
- name: Build docker images
- hosts: dsldev
+ hosts: soctoolsmain
roles:
- build
diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index c6adf5f95e0594287ec6815a4f43e6a95713922e..0c1c3d27ad556cea5d86f677becc8dddc0658312 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -1,124 +1,75 @@
---
-dslproxy: "dsoclab.gn4-3-wp8-soc.sunet.se"
+soctoolsproxy: "<CHANGE_ME:hostname>"
-# TheHive Button plugin
-THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"
-# here enter API key for default admin user
-THEHIVE_API_KEY: "bs2Jc3tGJqhVv0AYyX2NYlhMlorPz7mX"
-# ID of the default admin user
-THEHIVE_OWNER: "admin@thehive.local"
-
-# TheHive Create Organisation and Users
-# Login as default admin user and create API key, populate it here
-# thehive_admin_api: "KoHrKbIJm8XMsJxA9nZLs6YemCu76o3u"
-# thehive_writer: "[write]"
-
-#THEHIVE_API_KEY: "1gFdNhmUSxO3BRe1SBB5JYEvkW9UOo6s"
-THEHIVE_USERS:
- - kiril:
- username: "kiril"
- name: "Kiril"
- surname: "Kiroski"
- roles: '["read", "write", "admin"]'
- organization: "uninett.no"
- - temur:
- username: "temur"
- name: "Temur"
- surname: "Maisuradze"
- roles: '["read", "write", "admin"]'
- organization: "uninett.no"
+maxmind_key: ""
+docker_build_dir: "{{playbook_dir}}/build"
+# TheHive Button plugin
+THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"
+THEHIVE_API_KEY: "5LymseWiurZBrQN8Kqp8O+9KniTL5cE0"
+THEHIVE_OWNER: "admin"
soctools_netname: "soctoolsnet"
soctools_network: "172.22.0.0/16"
-repo: gn43-dsl
+repo: soctools
version: 7
suffix: a20201004
-haproxy_name: "dsoclab-haproxy"
+haproxy_name: "soctools-haproxy"
haproxy_version: "2.2"
haproxy_img: "{{repo}}/haproxy:{{version}}{{suffix}}"
HAPROXY_PROCESSES: "2"
-HAPROXY_STATS_PASS: "eiph2Eepaizicheelah3tei+bae3ohgh"
+
+FILEBEAT_VERSION: "7.9.3"
+FILEBEAT_OUTPUT_HOST: "{{soctoolsproxy}}"
+FILEBEAT_OUTPUT_PORT: "6000"
+FILEBEAT_CERT: "/opt/filebeat/filebeat.crt"
+FILEBEAT_KEY: "/opt/filebeat/filebeat.key"
temp_root: "/tmp/centosbuild"
openjdk_img: "{{repo}}/openjdk:{{version}}{{suffix}}"
-zookeeper_name: "dsoclab-zookeeper"
+zookeeper_name: "soctools-zookeeper"
zookeeper_img: "{{repo}}/zookeeper:{{version}}{{suffix}}"
-misp_name: "dsoclab-misp"
+misp_name: "soctools-misp"
misp_img: "{{repo}}/misp:{{version}}{{suffix}}"
+misp_url: "https://{{soctoolsproxy}}:6443"
nifi_img: "{{repo}}/nifi:{{version}}{{suffix}}"
-mysql_name: "dsoclab-mysql"
+mysql_name: "soctools-mysql"
mysql_img: "{{repo}}/mysql:{{version}}{{suffix}}"
-mysql_dbrootpass: "Pass006"
-cassandra_name: "dsoclab-cassandra"
+cassandra_name: "soctools-cassandra"
cassandra_img: "{{repo}}/cassandra:{{version}}{{suffix}}"
-thehive_name: "dsoclab-thehive"
+thehive_name: "soctools-thehive"
thehive_img: "{{repo}}/thehive:{{version}}{{suffix}}"
-# GENERATED WITH cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1
-thehive_secret_key: "LcnI9eKLo33711BmCnzf6UM1y05pdmj3dlADL81PxuffWqhobRoiiGFftjNPKpmM"
-cortex_name: "dsoclab-cortex"
+cortex_name: "soctools-cortex"
cortex_img: "{{repo}}/cortex:{{version}}{{suffix}}"
cortex_elasticsearch_mem: "256m"
-# GENERATED WITH cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1
-cortex_secret_key: "9CZ844IcAp5dHjsgU4iuaEssdopLcS6opzhVP3Ys4t4eRpNlHmwZdtfveLEXpM9D"
-cortex_odfe_pass: "Pass009"
-
-kspass: "Testing003"
-tspass: "Testing003"
sysctlconfig:
- - { key: "net.core.rmem_max", val: "2097152" }
- - { key: "net.core.wmem_max", val: "2097152" }
+ - { key: "net.core.rmem_max", val: "4194304" }
+ - { key: "net.core.wmem_max", val: "4194304" }
- { key: "vm.max_map_count" , val: "524288" }
nifi_javamem: "1g"
odfe_javamem: "512m"
-nifi_version: 1.11.4
+nifi_version: 1.12.1
nifi_repo: "https://archive.apache.org/dist"
ca_cn: "SOCTOOLS-CA"
-soctools_users:
- - firstname: "Bozidar"
- lastname: "Proevski"
- username: "bozidar.proevski"
- email: "bozidar.proevski@finki.ukim.mk"
- DN: "CN=Bozidar Proevski"
- CN: "Bozidar Proevski"
- password: "Pass001"
- - firstname: "Arne"
- lastname: "Oslebo"
- username: "arne.oslebo"
- email: "arne.oslebo@uninett.no"
- DN: "CN=Arne Oslebo"
- CN: "Arne Oslebo"
- password: "Pass002"
- - firstname: "Kiril"
- lastname: "Kjiroski"
- username: "kiril.kjiroski"
- email: "kiril.kjiroski@finki.ukim.mk"
- DN: "CN=Kiril Kjiroski"
- CN: "Kiril Kjiroski"
- password: "Pass003"
-
odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}"
odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}"
-# GENERATE 32-bit secure value
-odfekibana_cookie: "iroAm0ueIV7w6CS1WcJTwIV6R4d5RIAt"
-odfees_adminpass: "Pass004"
#elk_version: "oss-7.6.1"
elk_version: "oss-7.4.2"
#odfeplugin_version: "1.7.0.0"
@@ -129,16 +80,25 @@ openid_scope: profile
openid_subjkey: preferred_username
keycloak_img: "{{repo}}/keycloak:{{version}}{{suffix}}"
-keycloak_adminpass: "Pass005"
elastic_username: "admin"
-misp_token: ""
-misp_url: ""
-maxmind_key: ""
misp_dbname: "mispdb"
misp_dbuser: "misp"
-misp_dbpass: "Pass007"
-# misp_salt generated with: openssl rand -base64 32
-misp_salt: "wa2fJA2mGIn32IDl+uKrCJ069Mg3khDdGzFNv8DOwM0="
+
+services:
+ - mysql
+ - haproxy
+ - openjdk
+ - zookeeper
+ - nifi
+ - elasticsearch
+ - kibana
+ - odfees
+ - odfekibana
+ - keycloak
+ - misp
+ - cassandra
+ - thehive
+ - cortex
diff --git a/group_vars/all/users.yml b/group_vars/all/users.yml
new file mode 100644
index 0000000000000000000000000000000000000000..bc785e4800de9f8642c7236db63cbe5069f2826a
--- /dev/null
+++ b/group_vars/all/users.yml
@@ -0,0 +1,21 @@
+---
+
+soctools_users:
+ - firstname: "User1"
+ lastname: "SOC"
+ username: "user1"
+ email: "user1@soctools.test"
+ DN: "CN=User1Soctools"
+ CN: "User1Soctools"
+ - firstname: "User2"
+ lastname: "SOC"
+ username: "user2"
+ email: "user2@soctools.test"
+ DN: "CN=User2Soctools"
+ CN: "User2Soctools"
+
+# Minimum one user is required
+ODFE_ADMIN_USERS:
+ - user1
+
+
diff --git a/inventories/build/group_vars/all.yml b/inventories/build/group_vars/all.yml
deleted file mode 100644
index 704323666712c480e383ad2c4bf695794b1c6cb0..0000000000000000000000000000000000000000
--- a/inventories/build/group_vars/all.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-
-docker_image_path: images
-base_image: python:2.7-stretch
diff --git a/inventories/build/hosts.yml b/inventories/build/hosts.yml
deleted file mode 100644
index 485463850c4bf51c14826fb6b13adbad2a1a18ed..0000000000000000000000000000000000000000
--- a/inventories/build/hosts.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-all:
- hosts:
- nifi-image:
- ansible_connection: docker
- ansible_python_interpreter: /usr/bin/python
- localhost:
- ansible_python_interpreter: /usr/bin/python
- ansible_connection: local
- children:
- nifi:
- hosts:
- localhost:
diff --git a/inventories/cassandra b/inventories/cassandra
new file mode 100644
index 0000000000000000000000000000000000000000..65a4f3475d64e7d85474ef8f6831d9df949b6dee
--- /dev/null
+++ b/inventories/cassandra
@@ -0,0 +1,2 @@
+[cassandra]
+soctools-cassandra ansible_connection=docker
diff --git a/inventories/cortex b/inventories/cortex
new file mode 100644
index 0000000000000000000000000000000000000000..6a64e81773fe3de5f89dd23e65ed35d6fcf4bfdd
--- /dev/null
+++ b/inventories/cortex
@@ -0,0 +1,2 @@
+[cortex]
+soctools-cortex ansible_connection=docker
diff --git a/inventories/deploy/group_vars/haproxy.yml b/inventories/deploy/group_vars/haproxy.yml
deleted file mode 100644
index b53d50d6b11f23d908ad3fe74b42e70f318e2119..0000000000000000000000000000000000000000
--- a/inventories/deploy/group_vars/haproxy.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-index: haproxy
-scale: "{{ haproxy_scale | default('1')}}"
-docker:
- haproxy:
- image: haproxy:latest
- volumes:
- - /usr/local/etc/haproxy/:/usr/local/etc/haproxy:ro
- ports:
- - "80:80"
- source: pull
\ No newline at end of file
diff --git a/inventories/deploy/group_vars/nifi.yml b/inventories/deploy/group_vars/nifi.yml
deleted file mode 100644
index 5b718692a776eb9418de06d5c9bf18b8c1a5724b..0000000000000000000000000000000000000000
--- a/inventories/deploy/group_vars/nifi.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-index: nifi
-scale: "{{ nifi_scale | default('1')}}"
-docker:
- nifi:
-# image: nifi-soctools #For nifi image built by soctools
-# source: load
- image: apache/nifi:latest
- source: pull
- command: /opt/nifi/nifi-current/scripts/start.sh
- env:
- NIFI_HOME: "/opt/nifi/nifi-current"
- NIFI_LOG_DIR: "/opt/nifi/nifi-current/logs"
- NIFI_PID_DIR: "/opt/nifi/nifi-current/run"
- NIFI_CLUSTER_IS_NODE: "true"
- NIFI_ZK_CONNECT_STRING: "zookeeper_1:2181"
- NIFI_CLUSTER_NODE_PROTOCOL_PORT: "8082"
- NIFI_ELECTION_MAX_WAIT: "1 min"
- load_path: "{{ image_location }}/nifi-soctools.tar"
diff --git a/inventories/deploy/group_vars/zookeeper.yml b/inventories/deploy/group_vars/zookeeper.yml
deleted file mode 100644
index 5604be8138d47975f9e1ed6fb075ebc27d392e13..0000000000000000000000000000000000000000
--- a/inventories/deploy/group_vars/zookeeper.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-index: zookeeper
-scale: "{{ zookeeper_scale | default('1')}}"
-docker:
- zookeeper:
- image: zookeeper:latest
- source: pull
\ No newline at end of file
diff --git a/inventories/deploy/hosts.yml.example b/inventories/deploy/hosts.yml.example
deleted file mode 100644
index 7d85e5bdf3a5030bbfbd114016b78808000bcd73..0000000000000000000000000000000000000000
--- a/inventories/deploy/hosts.yml.example
+++ /dev/null
@@ -1,21 +0,0 @@
-all:
- hosts:
- host1:
- ansible_ssh_user: debian
- ansible_python_interpreter: /usr/bin/python
- become: yes
- children:
- soctools_server:
- hosts:
- host1:
- nifi:
- hosts:
- host1:
- nifi_scale: 3
- haproxy:
- hosts:
- host1:
- zookeeper:
- hosts:
- host1:
- zookeeper_scale: 3
\ No newline at end of file
diff --git a/inventories/elasticsearch b/inventories/elasticsearch
new file mode 100644
index 0000000000000000000000000000000000000000..73901fb0cd71e4434bd33159a45fc97c34ee98bb
--- /dev/null
+++ b/inventories/elasticsearch
@@ -0,0 +1,3 @@
+[odfeescontainers]
+soctools-odfe-1 ansible_connection=docker
+soctools-odfe-2 ansible_connection=docker
diff --git a/inventories/filebeat b/inventories/filebeat
new file mode 100644
index 0000000000000000000000000000000000000000..2add349aa63b05076383cb8d04f9ec27a4e1f309
--- /dev/null
+++ b/inventories/filebeat
@@ -0,0 +1,16 @@
+[filebeat]
+soctools-nifi-1 ansible_connection=docker FILEBEAT_FILES='["/opt/nifi/nifi-current/logs/nifi-app.log","/opt/nifi/nifi-current/logs/nifi-bootstrap.log","/opt/nifi/nifi-current/logs/nifi-user.log","/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="nifi" FILEBEAT_LOG_FORMAT="text"
+soctools-nifi-2 ansible_connection=docker FILEBEAT_FILES='["/opt/nifi/nifi-current/logs/nifi-app.log","/opt/nifi/nifi-current/logs/nifi-bootstrap.log","/opt/nifi/nifi-current/logs/nifi-user.log","/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="nifi" FILEBEAT_LOG_FORMAT="text"
+soctools-nifi-3 ansible_connection=docker FILEBEAT_FILES='["/opt/nifi/nifi-current/logs/nifi-app.log","/opt/nifi/nifi-current/logs/nifi-bootstrap.log","/opt/nifi/nifi-current/logs/nifi-user.log","/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="nifi" FILEBEAT_LOG_FORMAT="text"
+soctools-misp ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-php72/log/php-fpm/*.log","/var/opt/rh/rh-redis32/log/redis/redis.log","/var/log/httpd/*log","/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="misp" FILEBEAT_LOG_FORMAT="text"
+soctools-odfe-1 ansible_connection=docker FILEBEAT_FILES='["/usr/share/elasticsearch/logs/soctools-cluster_server.json"]' FILEBEAT_LOG_TYPE="elasticsearch" FILEBEAT_LOG_FORMAT="json"
+soctools-odfe-2 ansible_connection=docker FILEBEAT_FILES='["/usr/share/elasticsearch/logs/soctools-cluster_server.json"]' FILEBEAT_LOG_TYPE="elasticsearch" FILEBEAT_LOG_FORMAT="json"
+soctools-kibana ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/kibana_stdout.log"]' FILEBEAT_LOG_TYPE="kibana" FILEBEAT_LOG_FORMAT="json"
+soctools-keycloak ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="keycloak" FILEBEAT_LOG_FORMAT="json"
+soctools-mysql ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-mariadb103/log/mariadb/mariadb.log","/var/opt/rh/rh-mariadb103/lib/mysql/server_audit.log"]' FILEBEAT_LOG_TYPE="mysql" FILEBEAT_LOG_FORMAT="text"
+soctools-haproxy ansible_connection=docker FILEBEAT_SYSLOG_PORT=9000 FILEBEAT_LOG_TYPE="haproxy" FILEBEAT_LOG_FORMAT="text"
+soctools-zookeeper ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="zookeeper" FILEBEAT_LOG_FORMAT="text"
+soctools-cortex ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="cortex" FILEBEAT_LOG_FORMAT="text"
+soctools-thehive ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="thehive" FILEBEAT_LOG_FORMAT="text"
+soctools-cassandra ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="cassandra" FILEBEAT_LOG_FORMAT="text"
+
diff --git a/inventories/haproxy b/inventories/haproxy
new file mode 100644
index 0000000000000000000000000000000000000000..7ded04a5134a971fadf026b2d214fa2ce11e1ec4
--- /dev/null
+++ b/inventories/haproxy
@@ -0,0 +1,2 @@
+[haproxy]
+soctools-haproxy ansible_connection=docker
\ No newline at end of file
diff --git a/inventories/keycloak b/inventories/keycloak
new file mode 100644
index 0000000000000000000000000000000000000000..b998e8f6a613fd2feb0450a5ad11a0237c952ae6
--- /dev/null
+++ b/inventories/keycloak
@@ -0,0 +1,2 @@
+[keycloakcontainers]
+soctools-keycloak ansible_connection=docker
diff --git a/inventories/kibana b/inventories/kibana
new file mode 100644
index 0000000000000000000000000000000000000000..1f00ac6c362b94aaf698cb74343d1fbf2a402ab1
--- /dev/null
+++ b/inventories/kibana
@@ -0,0 +1,2 @@
+[odfekibanacontainers]
+soctools-kibana ansible_connection=docker
diff --git a/inventories/misp b/inventories/misp
new file mode 100644
index 0000000000000000000000000000000000000000..445ec1e88dde819705331e8a221d9540bf7cf34e
--- /dev/null
+++ b/inventories/misp
@@ -0,0 +1,2 @@
+[mispcontainers]
+soctools-misp ansible_connection=docker
diff --git a/inventories/mysql b/inventories/mysql
new file mode 100644
index 0000000000000000000000000000000000000000..6d0b3065b10647a34ff7eebc94dde8d3197788be
--- /dev/null
+++ b/inventories/mysql
@@ -0,0 +1,2 @@
+[mysql]
+soctools-mysql ansible_connection=docker
\ No newline at end of file
diff --git a/inventories/nifi b/inventories/nifi
new file mode 100644
index 0000000000000000000000000000000000000000..d434490139a0736c046257fdf260d503f76576ff
--- /dev/null
+++ b/inventories/nifi
@@ -0,0 +1,4 @@
+[nificontainers]
+soctools-nifi-1 ansible_connection=docker
+soctools-nifi-2 ansible_connection=docker
+soctools-nifi-3 ansible_connection=docker
diff --git a/inventories/soctools b/inventories/soctools
new file mode 100644
index 0000000000000000000000000000000000000000..46ea675635f842bbcae314c0c21ff55b3d3ab425
--- /dev/null
+++ b/inventories/soctools
@@ -0,0 +1,2 @@
+[soctoolsmain]
+localhost ansible_connection=local
diff --git a/inventories/thehive b/inventories/thehive
new file mode 100644
index 0000000000000000000000000000000000000000..6fd7b99444c07fac165fa5bca0ec19ec270db0ef
--- /dev/null
+++ b/inventories/thehive
@@ -0,0 +1,2 @@
+[thehive]
+soctools-thehive ansible_connection=docker
diff --git a/restart-soctools.yml b/restart-soctools.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5aa1c94116243ecdf120c17813677b9c59643630
--- /dev/null
+++ b/restart-soctools.yml
@@ -0,0 +1,52 @@
+---
+
+- name: Restart services for haproxy
+ hosts: haproxy
+ roles:
+ - haproxy
+
+- name: Restart services for mysql
+ hosts: mysql
+ roles:
+ - mysql
+
+- name: Restart services for Cassandra
+ hosts: cassandra
+ roles:
+ - cassandra
+
+- name: Restart services for Keycloak
+ hosts: keycloakcontainers
+ roles:
+ - keycloak
+
+- name: Restart services for NiFi
+ hosts: nificontainers
+ roles:
+ - nifi
+
+- name: Restart services for OpenDistro for Elasticsearch
+ hosts: odfeescontainers
+ roles:
+ - odfees
+
+- name: Restart services for OpenDistro Kibana for Elasticsearch
+ hosts: odfekibanacontainers
+ roles:
+ - odfekibana
+
+- name: Restart services for MISP
+ hosts: mispcontainers
+ roles:
+ - misp
+
+- name: Restart services for TheHive
+ hosts: thehive
+ roles:
+ - thehive
+
+- name: Restart services for Cortex
+ hosts: cortex
+ roles:
+ - cortex
+
diff --git a/roles/build/files/cassandra/cassandrasupervisord.conf b/roles/build/files/cassandra/cassandrasupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..6cef6509c659ff4d16d1abb8ecafaf34eb0b84e8
--- /dev/null
+++ b/roles/build/files/cassandra/cassandrasupervisord.conf
@@ -0,0 +1,44 @@
+[unix_http_server]
+file=/tmp/supervisor.sock
+
+[supervisord]
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:cassandra]
+directory=/usr/share/cassandra
+user=cassandra
+group=cassandra
+environment = CASSANDRA_HOME="/usr/share/cassandra",CASSANDRA_CONF="/usr/share/cassandra/conf",CASSANDRA_INCLUDE="/usr/share/cassandra/cassandra.in.sh"
+command=/bin/bash -c '/usr/sbin/cassandra -f'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/cassandra_stderr.log
+stdout_logfile = /var/log/supervisor/cassandra_stdout.log
+
+[program:filebeat]
+directory=/opt/filebeat
+user=root
+group=root
+command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/filebeat_stderr.log
+stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/cassandraDockerfile b/roles/build/files/cassandraDockerfile
deleted file mode 100644
index c1b73887b9bdfe51d27938507bf3280e7966fbc1..0000000000000000000000000000000000000000
--- a/roles/build/files/cassandraDockerfile
+++ /dev/null
@@ -1,35 +0,0 @@
-FROM gn43-dsl/openjdk:7a20201004
-
-USER root
-#COPY cassandra.repo /etc/yum.repos.d/cassandra.repo
-#COPY supervisord.conf /etc/supervisord.conf
-#COPY start.sh /start.sh
-RUN echo "[cassandra]" > /etc/yum.repos.d/cassandra.repo && \
- echo "name=Apache Cassandra" >> /etc/yum.repos.d/cassandra.repo && \
- echo "baseurl=https://downloads.apache.org/cassandra/redhat/311x/" >> /etc/yum.repos.d/cassandra.repo && \
- echo "gpgcheck=1" >> /etc/yum.repos.d/cassandra.repo && \
- echo "repo_gpgcheck=1" >> /etc/yum.repos.d/cassandra.repo && \
- echo "gpgkey=https://downloads.apache.org/cassandra/KEYS" >> /etc/yum.repos.d/cassandra.repo && \
- echo '#!/bin/bash' > /start.sh && \
- echo 'export CASSANDRA_HOME=/usr/share/cassandra' >> /start.sh && \
- echo 'export CASSANDRA_CONF=$CASSANDRA_HOME/conf' >> /start.sh && \
- echo 'export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh' >> /start.sh && \
- echo 'log_file=/var/log/cassandra/cassandra.log' >> /start.sh && \
- echo 'pid_file=/var/run/cassandra/cassandra.pid' >> /start.sh && \
- echo 'lock_file=/var/lock/subsys/cassandra' >> /start.sh && \
- echo 'CASSANDRA_PROG=/usr/sbin/cassandra' >> /start.sh && \
- echo '' >> /start.sh && \
- echo '$CASSANDRA_PROG -p $pid_file > $log_file 2>&1' >> /start.sh && \
- yum install -y epel-release && \
- yum install -y cassandra supervisor && \
- mkdir /usr/share/cassandra/conf && \
- cp -a /etc/cassandra/conf/* /usr/share/cassandra/conf && \
- chown -R cassandra:cassandra /usr/share/cassandra && \
- chown -R cassandra:cassandra /var/lib/cassandra && \
- sed -i -e 's,/etc/cassandra,/usr/share/cassandra,g' /usr/share/cassandra/cassandra.in.sh && \
- chmod a+x /start.sh && \
- yum -y clean all
-EXPOSE 7000 9042
-#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
-USER cassandra
-# ENTRYPOINT ["/start.sh"]
diff --git a/roles/build/files/cortex/cortexsupervisord.conf b/roles/build/files/cortex/cortexsupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..99e89e48ea30bcf6e76ba3527918a1d190ba148b
--- /dev/null
+++ b/roles/build/files/cortex/cortexsupervisord.conf
@@ -0,0 +1,56 @@
+[unix_http_server]
+file=/tmp/supervisor.sock
+
+[supervisord]
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:elasticsearch]
+directory=/usr/share/elasticsearch
+user=elasticsearch
+group=elasticsearch
+command=/bin/bash -c '/usr/share/elasticsearch/bin/elasticsearch'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/elasticsearch_stderr.log
+stdout_logfile = /var/log/supervisor/elasticsearch_stdout.log
+
+[program:cortex]
+directory=/opt/cortex
+user=cortex
+group=cortex
+command=/bin/bash -c '/opt/cortex/bin/cortex -Dconfig.file=/etc/cortex/application.conf -Dlogger.file=/etc/cortex/logback.xml -J-Xms1g -J-Xmx1g -Dpidfile.path=/dev/null'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/cortex_stderr.log
+stdout_logfile = /var/log/supervisor/cortex_stdout.log
+
+[program:filebeat]
+directory=/opt/filebeat
+user=root
+group=root
+command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/filebeat_stderr.log
+stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/cortexDockerfile b/roles/build/files/cortexDockerfile
deleted file mode 100644
index 014cdf01134d97139671c702bbc6dde96682ee8e..0000000000000000000000000000000000000000
--- a/roles/build/files/cortexDockerfile
+++ /dev/null
@@ -1,32 +0,0 @@
-FROM gn43-dsl/openjdk:7a20201004
-
-USER root
-#COPY thehive.repo /etc/yum.repos.d/thehive.repo
-#COPY supervisord.conf /etc/supervisord.conf
-#COPY start.sh /start.sh
-RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
- echo "enabled=1" >> /etc/yum.repos.d/thehive.repo && \
- echo "priority=1" >> /etc/yum.repos.d/thehive.repo && \
- echo "name=TheHive-Project RPM repository" >> /etc/yum.repos.d/thehive.repo && \
- echo "baseurl=http://rpm.thehive-project.org/stable/noarch" >> /etc/yum.repos.d/thehive.repo && \
- echo "gpgcheck=1" >> /etc/yum.repos.d/thehive.repo && \
- yum install -y epel-release && \
- rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
- rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
- yum install -y cortex supervisor daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch gcc-c++ whois && \
- rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.8.13.rpm && \
- chown -R elasticsearch:elasticsearch /etc/elasticsearch && \
- mkdir -p /home/cortex && \
- chown -R cortex:cortex /home/cortex && \
- chown -R cortex:cortex /etc/cortex && \
- cd /opt && \
- git clone https://github.com/TheHive-Project/Cortex-Analyzers && \
- chown -R cortex:cortex /opt/Cortex-Analyzers && \
- cd /opt/Cortex-Analyzers && \
- for I in analyzers/*/requirements.txt; do LC_ALL=en_US.UTF-8 pip3 install --no-cache-dir -U -r $I || true; done && \
- for I in responders/*/requirements.txt; do LC_ALL=en_US.UTF-8 pip3 install --no-cache-dir -U -r $I || true; done && \
- yum -y clean all
-EXPOSE 9001
-#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
-USER cortex
-# ENTRYPOINT ["/start.sh"]
diff --git a/roles/build/files/elasticDockerfile b/roles/build/files/elasticDockerfile
deleted file mode 100644
index dba40032af25404c9470cb7ca39cf3ccc43b4ff3..0000000000000000000000000000000000000000
--- a/roles/build/files/elasticDockerfile
+++ /dev/null
@@ -1,21 +0,0 @@
-FROM gn43-dsl/openjdk:7a20201004
-
-ENV PATH="/usr/share/elasticsearch/bin:${PATH}"
-
-RUN groupadd -g 1000 elasticsearch && \
- adduser -u 1000 -g 1000 -d /usr/share/elasticsearch elasticsearch
-
-WORKDIR /usr/share/elasticsearch
-
-RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
- rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-7.4.2-no-jdk-x86_64.rpm && \
- cp -a /etc/elasticsearch/ /usr/share/elasticsearch/config/ && \
- chown -R elasticsearch /usr/share/elasticsearch/config && \
- mkdir -p /usr/share/elasticsearch/data && \
- chown -R elasticsearch /usr/share/elasticsearch/data && \
- sed -i -e 's,ES_PATH_CONF=/etc/elasticsearch,ES_PATH_CONF=/usr/share/elasticsearch/config,g' /etc/sysconfig/elasticsearch
-
-EXPOSE 9200 9300
-USER elasticsearch
-ENTRYPOINT ["/bin/bash"]
-
diff --git a/roles/build/files/haproxy/haproxysupervisord.conf b/roles/build/files/haproxy/haproxysupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..2738cf2d75e4646aafc687fb855ded53414594c0
--- /dev/null
+++ b/roles/build/files/haproxy/haproxysupervisord.conf
@@ -0,0 +1,44 @@
+[unix_http_server]
+file=/tmp/supervisor.sock
+
+[supervisord]
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:haproxy]
+directory=/root
+user=root
+group=root
+command=/bin/bash -c '/usr/local/sbin/haproxy -f /usr/local/etc/haproxy/haproxy.cfg'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/haproxy_stderr.log
+stdout_logfile = /var/log/supervisor/haproxy_stdout.log
+
+
+[program:filebeat]
+directory=/opt/filebeat
+user=root
+group=root
+command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/filebeat_stderr.log
+stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/haproxyDockerfile b/roles/build/files/haproxyDockerfile
deleted file mode 100644
index f36d8f4cfb974f7a641bbf60d4473a0c39afa0f8..0000000000000000000000000000000000000000
--- a/roles/build/files/haproxyDockerfile
+++ /dev/null
@@ -1,71 +0,0 @@
-FROM gn43-dsl/centos:7a20201004
-
-ENV HAPROXY_VERSION 2.2.3
-ENV HAPROXY_URL https://www.haproxy.org/download/2.2/src/haproxy-2.2.3.tar.gz
-ENV HAPROXY_SHA256 7209db363d4dbecb21133f37b01048df666aebc14ff543525dbea79be202064e
-ENV OPENSSL_VERSION=1.0.2u
-
-
-# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments
-RUN \
- yum install -y epel-release && \
- yum update -y && \
- `# Install build tools. Note: perl needed to compile openssl...` \
- yum install -y \
- inotify-tools \
- wget \
- tar \
- gzip \
- make \
- gcc \
- perl \
- pcre-devel \
- zlib-devel \
- iptables \
- pcre2-devel \
- daemonize \
- pth-devel && \
- `# Install newest openssl...` \
- wget -O /tmp/openssl.tgz https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \
- tar -zxf /tmp/openssl.tgz -C /tmp && \
- cd /tmp/openssl-* && \
- ./config --prefix=/usr \
- --openssldir=/etc/ssl \
- --libdir=lib \
- no-shared zlib-dynamic && \
- make -j$(getconf _NPROCESSORS_ONLN) V= && make install_sw && \
- cd && rm -rf /tmp/openssl* && \
- `# Install HAProxy...` \
- && wget -O haproxy.tar.gz "$HAPROXY_URL" \
- && echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c \
- && mkdir -p /usr/src/haproxy \
- && tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1 \
- && rm haproxy.tar.gz \
- \
- && makeOpts=' \
- TARGET=linux-glibc \
- USE_GETADDRINFO=1 \
- USE_OPENSSL=1 \
- USE_PCRE2=1 USE_PCRE2_JIT=1 \
- USE_ZLIB=1 \
- \
- EXTRA_OBJS=" \
-# see https://github.com/docker-library/haproxy/issues/94#issuecomment-505673353 for more details about prometheus support
- contrib/prometheus-exporter/service-prometheus.o \
- " \
- ' \
- && nproc="$(nproc)" \
- && eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts" \
- && eval "make -C /usr/src/haproxy install-bin $makeOpts" \
- \
- && mkdir -p /usr/local/etc/haproxy \
- && cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors \
- && rm -rf /usr/src/haproxy
-
-ENTRYPOINT ["/bin/bash"]
-
-# https://www.haproxy.org/download/1.8/doc/management.txt
-# "4. Stopping and restarting HAProxy"
-# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed"
-# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process"
-STOPSIGNAL SIGUSR1
diff --git a/roles/build/files/keycloak/keycloaksupervisord.conf b/roles/build/files/keycloak/keycloaksupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..63694dc8cf6227d2540f4afb74af54ca18633d2d
--- /dev/null
+++ b/roles/build/files/keycloak/keycloaksupervisord.conf
@@ -0,0 +1,44 @@
+[unix_http_server]
+file=/tmp/supervisor.sock
+
+[supervisord]
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:keycloak]
+directory=/opt/jboss/keycloak
+user=jboss
+group=jboss
+#command=/opt/jboss/keycloak/bin/standalone.sh -b 0.0.0.0
+command=/bin/bash -c '/docker-java-home/jre/bin/java -D[Standalone] -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true -Dorg.jboss.boot.log.file=/opt/jboss/keycloak/standalone/log/server.log -Dlogging.configuration=file:/opt/jboss/keycloak/standalone/configuration/logging.properties -jar /opt/jboss/keycloak/jboss-modules.jar -mp /opt/jboss/keycloak/modules org.jboss.as.standalone -Djboss.home.dir=/opt/jboss/keycloak -Djboss.server.base.dir=/opt/jboss/keycloak/standalone -b 0.0.0.0'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/keycloak_stderr.log
+stdout_logfile = /var/log/supervisor/keycloak_stdout.log
+
+[program:filebeat]
+directory=/opt/filebeat
+user=root
+group=root
+command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/filebeat_stderr.log
+stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/keycloakDockerfile b/roles/build/files/keycloakDockerfile
deleted file mode 100644
index ba6e7c130c1ec511d49e743d068c43d9bde1dc85..0000000000000000000000000000000000000000
--- a/roles/build/files/keycloakDockerfile
+++ /dev/null
@@ -1,41 +0,0 @@
-FROM gn43-dsl/openjdk:7a20201004
-
-ENV KEYCLOAK_VERSION 10.0.1
-ENV JDBC_POSTGRES_VERSION 42.2.5
-ENV JBOSS_HOME /opt/jboss/keycloak
-
-ARG KEYCLOAK_DIST=https://downloads.jboss.org/keycloak/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz
-
-USER root
-
-#ADD //root/ansible-soctools-scm-uninett-no/soctools-buildtest-20201022/roles/build/templates/keycloak/keycloak-tools /opt/jboss/tools
-ADD keycloak-tools /opt/jboss/tools
-#ADD ../templates/keycloak/keycloak-tools /opt/jboss/tools
-RUN yum -y install openssl && yum -y clean all && \
- mkdir -p /opt/jboss/ && cd /opt/jboss/ && \
- curl -L $KEYCLOAK_DIST | tar zx && \
- mv /opt/jboss/keycloak-* /opt/jboss/keycloak && \
- mkdir -p /opt/jboss/keycloak/modules/system/layers/base/org/postgresql/jdbc/main && \
- cd /opt/jboss/keycloak/modules/system/layers/base/org/postgresql/jdbc/main && \
- curl -L https://repo1.maven.org/maven2/org/postgresql/postgresql/$JDBC_POSTGRES_VERSION/postgresql-$JDBC_POSTGRES_VERSION.jar > postgres-jdbc.jar && \
- cp /opt/jboss/tools/databases/postgres/module.xml . && \
- cd /opt/jboss/keycloak && \
- bin/jboss-cli.sh --file=/opt/jboss/tools/cli/standalone-configuration.cli && \
- rm -rf /opt/jboss/keycloak/standalone/configuration/standalone_xml_history && \
- rm -rf /opt/jboss/keycloak/standalone/tmp/auth && \
- rm -rf /opt/jboss/keycloak/domain/tmp/auth && \
- adduser -u 1000 -g 0 -d /opt/jboss jboss && \
- chown -R jboss:root /opt/jboss && \
- chmod -R g+rwX /opt/jboss && \
- mkdir -p /etc/x509/{https,ca} && chown -R jboss:root /etc/x509/{https,ca}
-
-ENV PATH="/opt/jboss/keycloak/bin:${PATH}"
-
-WORKDIR /opt/jboss/keycloak
-
-EXPOSE 8080
-EXPOSE 8443
-
-USER jboss
-ENTRYPOINT ["/bin/bash"]
-
diff --git a/roles/build/files/kibana/kibanasupervisord.conf b/roles/build/files/kibana/kibanasupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..2cceed0bc2c3da97bb7b6012a381430808a6f5ae
--- /dev/null
+++ b/roles/build/files/kibana/kibanasupervisord.conf
@@ -0,0 +1,43 @@
+[unix_http_server]
+file=/tmp/supervisor.sock
+
+[supervisord]
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:kibana]
+user=kibana
+group=kibana
+directory=/usr/share/kibana
+command=sh -c "/usr/share/kibana/bin/kibana -c /usr/share/kibana/config/kibana.yml"
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/kibana_stderr.log
+stdout_logfile = /var/log/supervisor/kibana_stdout.log
+
+[program:filebeat]
+directory=/opt/filebeat
+user=root
+group=root
+command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/filebeat_stderr.log
+stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/misp/misp_rh-php72-php-fpm b/roles/build/files/misp/misp_rh-php72-php-fpm
new file mode 100644
index 0000000000000000000000000000000000000000..2d67a51c4a2c69132897823a698bef39f4ee0fa6
--- /dev/null
+++ b/roles/build/files/misp/misp_rh-php72-php-fpm
@@ -0,0 +1,21 @@
+/var/opt/rh/rh-php72/log/php-fpm/error.log {
+ missingok
+ notifempty
+ sharedscripts
+ delaycompress
+ postrotate
+ /bin/kill -SIGUSR1 `cat /var/opt/rh/rh-php72/run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true
+ endscript
+}
+
+/var/opt/rh/rh-php72/log/php-fpm/www-*log {
+ su apache apache
+ create 600 apache apache
+ missingok
+ notifempty
+ sharedscripts
+ delaycompress
+ postrotate
+ /bin/kill -SIGUSR1 `cat /var/opt/rh/rh-php72/run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true
+ endscript
+}
diff --git a/roles/build/files/mispstart.sh b/roles/build/files/misp/mispstart.sh
similarity index 100%
rename from roles/build/files/mispstart.sh
rename to roles/build/files/misp/mispstart.sh
diff --git a/roles/build/files/misp/mispsupervisord.conf b/roles/build/files/misp/mispsupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..fce59b7aa8a838bd76824961dd7f881062460563
--- /dev/null
+++ b/roles/build/files/misp/mispsupervisord.conf
@@ -0,0 +1,83 @@
+[unix_http_server]
+file=/tmp/supervisor.sock
+
+[supervisord]
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
+user=root
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:cron]
+autostart=true
+autorestart=true
+command=crond -n
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/cron_stderr.log
+stdout_logfile = /var/log/supervisor/cron_stdout.log
+
+[program:php-fpm]
+# EnvironmentFile=/etc/opt/rh/rh-php72/sysconfig/php-fpm
+command=/opt/rh/rh-php72/root/usr/sbin/php-fpm --nodaemonize
+autostart=false
+autorestart=true
+
+[program:redis-server]
+process_name = redis-server
+directory = /var/opt/rh/rh-redis32/lib/redis/
+command=/opt/rh/rh-redis32/root/usr/bin/redis-server /etc/opt/rh/rh-redis32/redis.conf
+user=redis
+autostart=false
+autorestart=true
+
+[program:apache2]
+command=/usr/sbin/httpd -DFOREGROUND
+autostart=false
+autorestart=true
+
+[program:misp-modules]
+command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s && sleep infinity"
+user = apache
+autostart=false
+autorestart=unexpected
+startsecs = 0
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/misp-modules_stderr.log
+stdout_logfile = /var/log/supervisor/misp-modules_stdout.log
+
+[program:workers]
+command=/bin/bash -c "cleanup() { /var/www/MISP/app/Console/worker/stop.sh; }; trap 'echo signal received!; kill ${child_pid}; wait ${child_pid}; cleanup' SIGINT SIGTERM; /var/www/MISP/app/Console/worker/start.sh; sleep infinity & child_pid=$!; wait ${child_pid};"
+user=apache
+autostart=false
+autorestart=unexpected
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/workers_stderr.log
+stdout_logfile = /var/log/supervisor/workers_stdout.log
+
+[program:filebeat]
+directory=/opt/filebeat
+user=root
+group=root
+command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/filebeat_stderr.log
+stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/mispDockerfile b/roles/build/files/mispDockerfile
deleted file mode 100644
index 26f09fb32e6420b2cdcc83d1d7af3c436e730201..0000000000000000000000000000000000000000
--- a/roles/build/files/mispDockerfile
+++ /dev/null
@@ -1,84 +0,0 @@
-FROM gn43-dsl/centos:7a20201004
-
-USER root
-RUN yum install -y epel-release centos-release-scl scl-utils ; \
- yum install -y gcc git zip openssl supervisor rh-git218 httpd24 mod_ssl mod_auth_openidc rh-redis32 libxslt-devel zlib-devel libcaca-devel ssdeep-devel rh-php72 rh-php72-php-fpm rh-php72-php-devel rh-php72-php-mysqlnd rh-php72-php-mbstring rh-php72-php-xml rh-php72-php-bcmath rh-php72-php-opcache rh-php72-php-gd mariadb devtoolset-7 make cmake3 cppcheck libcxx-devel gpgme-devel openjpeg-devel gcc gcc-c++ poppler-cpp-devel pkgconfig python-devel redhat-rpm-config rubygem-rouge rubygem-asciidoctor zbar-devel opencv-devel wget screen rh-python36-mod_wsgi postfix curl make cmake python3 python3-devel python3-pip python3-yara python3-wheel python3-redis python3-zmq python3-setuptools redis sudo vim zip sqlite moreutils rng-tools libxml2-devel libxslt-devel zlib-devel libpqxx openjpeg2-devel ssdeep-devel ruby asciidoctor tesseract ImageMagick poppler-cpp-devel python36-virtualenv opencv-devel zbar zbar-devel ; \
- yum -y clean all ; \
- sed -i "s/max_execution_time = 30/max_execution_time = 300/" /etc/opt/rh/rh-php72/php.ini ; \
- sed -i "s/memory_limit = 128M/memory_limit = 2048M/" /etc/opt/rh/rh-php72/php.ini ; \
- sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/" /etc/opt/rh/rh-php72/php.ini ; \
- sed -i "s/post_max_size = 8M/post_max_size = 50M/" /etc/opt/rh/rh-php72/php.ini ; \
- mkdir -p /var/www/MISP ; \
- chown -R apache:apache /var/www/MISP
-
-USER apache
-WORKDIR /var/www/MISP
-RUN git clone https://github.com/MISP/MISP.git /var/www/MISP ; \
- git submodule update --init --recursive ; \
- git submodule foreach --recursive git config core.filemode false ; \
- git config core.filemode false
-
-USER root
-RUN pip3 install --upgrade pip ; \
- pip3 install git+https://github.com/CybOXProject/mixbox.git ; \
- pip3 install git+https://github.com/CybOXProject/python-cybox.git ; \
- pip3 install git+https://github.com/STIXProject/python-stix.git ; \
- pip3 install git+https://github.com/MAECProject/python-maec.git ; \
- pip3 install /var/www/MISP/cti-python-stix2 ; \
- pip3 install /var/www/MISP/PyMISP ; \
- pip3 install git+https://github.com/kbandla/pydeep.git ; \
- pip3 install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip ; \
- pip3 install jsonschema ; \
- pip3 install reportlab ; \
- pip3 install python-magic ; \
- pip3 install pyzmq ; \
- pip3 install redis
-
-USER apache
-WORKDIR /var/www/MISP
-RUN git submodule init ; \
- git submodule update
-
-USER root
-WORKDIR /usr/local/src
-RUN git clone https://github.com/MISP/misp-modules.git
-WORKDIR /usr/local/src/misp-modules
-RUN git checkout ; \
- # sudo pip3 install -I -r REQUIREMENTS ; \
- LANG=en_US.UTF-8 pip3 install -I -r REQUIREMENTS; \
- pip3 install -I . ; \
- mkdir /var/www/.composer && chown -R apache:apache /var/www/.composer ; \
- cd /tmp ; \
- wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz ; \
- tar zxvf ssdeep-2.14.1.tar.gz && cd ssdeep-2.14.1 && ./configure && make && make install ; \
- /usr/bin/scl enable rh-php72 "pecl install ssdeep" ; \
- echo "extension=ssdeep.so" > /etc/opt/rh/rh-php72/php.d/88-ssdeep.ini ; \
- cd
-
-USER apache
-WORKDIR /var/www/MISP/app
-RUN wget https://getcomposer.org/download/1.2.1/composer.phar -O composer.phar ; \
- COMPOSER_CACHE_DIR=/var/www/.composer /usr/bin/scl enable rh-php72 "php composer.phar require kamisama/cake-resque:4.1.2" ; \
- COMPOSER_CACHE_DIR=/var/www/.composer /usr/bin/scl enable rh-php72 "php composer.phar config vendor-dir Vendor" ; \
- COMPOSER_CACHE_DIR=/var/www/.composer /usr/bin/scl enable rh-php72 "php composer.phar install" ; \
- sed -i -e "s/bind 127.0.0.1/bind 0.0.0.0/" /etc/redis.conf ; \
- cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php ; \
- cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php ; \
- cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php ; \
- cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php ; \
- cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
-
-USER root
-COPY mispstart.sh /var/www/MISP/app/Console/worker/start.sh
-RUN chown -R apache:apache /var/www/MISP ; \
- chmod -R 750 /var/www/MISP ; \
- chmod -R g+ws /var/www/MISP/app/tmp ; \
- chmod -R g+ws /var/www/MISP/app/files ; \
- chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
-
-# 80/443 - MISP web server, 3306 - mysql, 6379 - redis, 6666 - MISP modules, 50000 - MISP ZeroMQ
-EXPOSE 80 443 6443 6379 6666 50000
-
-COPY mispsupervisord.conf /etc/supervisord.conf
-#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
-
diff --git a/roles/build/files/mispsupervisord.conf b/roles/build/files/mispsupervisord.conf
deleted file mode 100644
index fbd4dea3bbd292aa2eea51772ecc559dc0b51703..0000000000000000000000000000000000000000
--- a/roles/build/files/mispsupervisord.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-[supervisord]
-nodaemon=false
-user=root
-
-[program:php-fpm]
-# EnvironmentFile=/etc/opt/rh/rh-php72/sysconfig/php-fpm
-command=/opt/rh/rh-php72/root/usr/sbin/php-fpm --nodaemonize
-
-[program:redis-server]
-process_name = redis-server
-directory = /var/opt/rh/rh-redis32/lib/redis/
-command=/opt/rh/rh-redis32/root/usr/bin/redis-server /etc/opt/rh/rh-redis32/redis.conf
-user=redis
-
-[program:apache2]
-command=/usr/sbin/httpd -DFOREGROUND
-
-[program:misp-modules]
-command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s"
-user = apache
-startsecs = 0
-
-[program:workers]
-command=/bin/bash /var/www/MISP/app/Console/worker/start.sh
-user=apache
diff --git a/roles/build/files/mysql/mysqlsupervisord.conf b/roles/build/files/mysql/mysqlsupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..60d3109fc26d3b20de3d811482d1f6f2f2ed6a89
--- /dev/null
+++ b/roles/build/files/mysql/mysqlsupervisord.conf
@@ -0,0 +1,45 @@
+[unix_http_server]
+file=/tmp/supervisor.sock
+
+[supervisord]
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:mysql]
+user=mysql
+directory=/var/lib/mysql
+command=/opt/rh/rh-mariadb103/root/usr/libexec/mysqld-scl-helper enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysqld --basedir=/opt/rh/rh-mariadb103/root/usr --log-error=/var/opt/rh/rh-mariadb103/log/mariadb/mariadb.log
+
+[program:cron]
+autostart=true
+autorestart=true
+command=crond -n
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/cron_stderr.log
+stdout_logfile = /var/log/supervisor/cron_stdout.log
+
+[program:filebeat]
+directory=/opt/filebeat
+user=root
+group=root
+command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/filebeat_stderr.log
+stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/mysqlDockerfile b/roles/build/files/mysqlDockerfile
deleted file mode 100644
index 7c547b1e5959c3352c807b6ec9002673228709c6..0000000000000000000000000000000000000000
--- a/roles/build/files/mysqlDockerfile
+++ /dev/null
@@ -1,13 +0,0 @@
-FROM gn43-dsl/centos:7a20201004
-
-USER root
-RUN yum -y update && yum install -y epel-release centos-release-scl scl-utils && \
- yum install -y rh-mariadb103 python36-PyMySQL MySQL-python supervisor && \
- /usr/bin/scl enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysql-prepare-db-dir /var/opt/rh/rh-mariadb103/lib/mysql
-RUN yum clean all
-
-EXPOSE 3306
-COPY mysqlsupervisord.conf /etc/supervisord.conf
-
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
-
diff --git a/roles/build/files/mysqlsupervisord.conf b/roles/build/files/mysqlsupervisord.conf
deleted file mode 100644
index e44e9fe1189eae3241d8bb1001c3a081a386353c..0000000000000000000000000000000000000000
--- a/roles/build/files/mysqlsupervisord.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-[supervisord]
-loglevel=debug
-nodaemon=true
-[program:mysql]
-user=mysql
-directory=/var/lib/mysql
-command=/opt/rh/rh-mariadb103/root/usr/libexec/mysqld-scl-helper enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysqld --basedir=/opt/rh/rh-mariadb103/root/usr
diff --git a/roles/build/files/nifi/nifisupervisord.conf b/roles/build/files/nifi/nifisupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..dcfa15c6e07538c492047eda004bfaec585237a1
--- /dev/null
+++ b/roles/build/files/nifi/nifisupervisord.conf
@@ -0,0 +1,44 @@
+[unix_http_server]
+file=/tmp/supervisor.sock
+
+[supervisord]
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:nifi]
+directory=/opt/nifi/nifi-current
+user=nifi
+group=nifi
+command=/bin/bash -c '/opt/nifi/nifi-current/bin/nifi.sh run'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/nifi_stderr.log
+stdout_logfile = /var/log/supervisor/nifi_stdout.log
+
+
+[program:filebeat]
+directory=/opt/filebeat
+user=root
+group=root
+command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/filebeat_stderr.log
+stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/nifiDockerfile b/roles/build/files/nifiDockerfile
deleted file mode 100644
index c3ef342673bb0ddaec532229bf8f5d588a753526..0000000000000000000000000000000000000000
--- a/roles/build/files/nifiDockerfile
+++ /dev/null
@@ -1,97 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-FROM gn43-dsl/openjdk:7a20201004
-#LABEL maintainer="Apache NiFi <dev@nifi.apache.org>"
-#LABEL site="https://nifi.apache.org"
-
-ARG UID=1000
-ARG GID=1000
-ARG NIFI_VERSION=1.11.4
-ARG BASE_URL=https://archive.apache.org/dist
-ARG MIRROR_BASE_URL=${MIRROR_BASE_URL:-${BASE_URL}}
-ARG NIFI_BINARY_PATH=${NIFI_BINARY_PATH:-/nifi/${NIFI_VERSION}/nifi-${NIFI_VERSION}-bin.zip}
-ARG NIFI_TOOLKIT_BINARY_PATH=${NIFI_TOOLKIT_BINARY_PATH:-/nifi/${NIFI_VERSION}/nifi-toolkit-${NIFI_VERSION}-bin.zip}
-
-ENV NIFI_BASE_DIR=/opt/nifi
-ENV NIFI_HOME ${NIFI_BASE_DIR}/nifi-current
-ENV NIFI_TOOLKIT_HOME ${NIFI_BASE_DIR}/nifi-toolkit-current
-
-ENV NIFI_PID_DIR=${NIFI_HOME}/run
-ENV NIFI_LOG_DIR=${NIFI_HOME}/logs
-
-# ADD sh/ ${NIFI_BASE_DIR}/scripts/
-
-# Setup NiFi user and create necessary directories
-RUN groupadd -g ${GID} nifi || groupmod -n nifi `getent group ${GID} | cut -d: -f1` \
- && useradd --shell /bin/bash -u ${UID} -g ${GID} -m nifi \
- && mkdir -p ${NIFI_BASE_DIR} \
- && chown -R nifi:nifi ${NIFI_BASE_DIR} \
- && yum -y install jq xmlstarlet procps-ng
-
-USER nifi
-
-# Download, validate, and expand Apache NiFi Toolkit binary.
-RUN curl -fSL ${MIRROR_BASE_URL}/${NIFI_TOOLKIT_BINARY_PATH} -o ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip \
- && echo "$(curl ${BASE_URL}/${NIFI_TOOLKIT_BINARY_PATH}.sha256) *${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip" | sha256sum -c - \
- && unzip ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip -d ${NIFI_BASE_DIR} \
- && rm ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip \
- && mv ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION} ${NIFI_TOOLKIT_HOME} \
- && ln -s ${NIFI_TOOLKIT_HOME} ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}
-
-# Download, validate, and expand Apache NiFi binary.
-RUN curl -fSL ${MIRROR_BASE_URL}/${NIFI_BINARY_PATH} -o ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip \
- && echo "$(curl ${BASE_URL}/${NIFI_BINARY_PATH}.sha256) *${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip" | sha256sum -c - \
- && unzip ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip -d ${NIFI_BASE_DIR} \
- && rm ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip \
- && mv ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION} ${NIFI_HOME} \
- && mkdir -p ${NIFI_HOME}/conf \
- && mkdir -p ${NIFI_HOME}/database_repository \
- && mkdir -p ${NIFI_HOME}/flowfile_repository \
- && mkdir -p ${NIFI_HOME}/content_repository \
- && mkdir -p ${NIFI_HOME}/provenance_repository \
- && mkdir -p ${NIFI_HOME}/state \
- && mkdir -p ${NIFI_LOG_DIR} \
- && ln -s ${NIFI_HOME} ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}
-
-#VOLUME ${NIFI_LOG_DIR} \
-# ${NIFI_HOME}/conf \
-# ${NIFI_HOME}/database_repository \
-# ${NIFI_HOME}/flowfile_repository \
-# ${NIFI_HOME}/content_repository \
-# ${NIFI_HOME}/provenance_repository \
-# ${NIFI_HOME}/state
-
-# Clear nifi-env.sh in favour of configuring all environment variables in the Dockerfile
-RUN echo "#!/bin/sh\n" > $NIFI_HOME/bin/nifi-env.sh
-
-# Web HTTP(s) & Socket Site-to-Site Ports
-EXPOSE 8080 8443 10000 8000
-
-WORKDIR ${NIFI_HOME}
-
-# Apply configuration and start NiFi
-#
-# We need to use the exec form to avoid running our command in a subshell and omitting signals,
-# thus being unable to shut down gracefully:
-# https://docs.docker.com/engine/reference/builder/#entrypoint
-#
-# Also we need to use relative path, because the exec form does not invoke a command shell,
-# thus normal shell processing does not happen:
-# https://docs.docker.com/engine/reference/builder/#exec-form-entrypoint-example
-ENTRYPOINT ["/bin/bash"]
diff --git a/roles/build/files/odfees/odfesupervisord.conf b/roles/build/files/odfees/odfesupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..975b7cdcb388e0292b82abde53f0a593505bda3c
--- /dev/null
+++ b/roles/build/files/odfees/odfesupervisord.conf
@@ -0,0 +1,43 @@
+[unix_http_server]
+file=/tmp/supervisor.sock
+
+[supervisord]
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:odfe]
+user=elasticsearch
+group=elasticsearch
+directory=/usr/share/elasticsearch
+command=sh -c "/usr/share/elasticsearch/bin/elasticsearch"
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/elasticsearch_stderr.log
+stdout_logfile = /var/log/supervisor/elasticsearch_stdout.log
+
+[program:filebeat]
+directory=/opt/filebeat
+user=root
+group=root
+command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/filebeat_stderr.log
+stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/odfeesDockerfile b/roles/build/files/odfeesDockerfile
deleted file mode 100644
index fedbee116f53049f01eff626f04d0901f61a6095..0000000000000000000000000000000000000000
--- a/roles/build/files/odfeesDockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-FROM gn43-dsl/elasticsearch:7a20201004
-
-ENV PATH="/usr/share/elasticsearch/bin:${PATH}"
-
-USER root
-WORKDIR /usr/share/elasticsearch
-
-RUN for PLUGIN in \
- https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro_security-1.4.0.0.zip \
- https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-alerting/opendistro_alerting-1.4.0.0.zip \
- https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-sql/opendistro_sql-1.4.0.0.zip; \
- do bin/elasticsearch-plugin install -b ${PLUGIN}; done && \
- chown -R elasticsearch plugins/opendistro_security
-
-USER elasticsearch
-
diff --git a/roles/build/files/odfekibanaDockerfile b/roles/build/files/odfekibanaDockerfile
deleted file mode 100644
index 1945e272dbe7ad17523b795b3ae00d984fa822e5..0000000000000000000000000000000000000000
--- a/roles/build/files/odfekibanaDockerfile
+++ /dev/null
@@ -1,18 +0,0 @@
-FROM gn43-dsl/kibana:7a20201004
-
-ENV PATH="/usr/share/kibana/bin:${PATH}"
-
-USER root
-WORKDIR /usr/share/kibana
-
-RUN for PLUGIN in \
- https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-security/opendistro_security_kibana_plugin-1.4.0.0.zip \
- https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-alerting/opendistro-alerting-1.4.0.0.zip \
- https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-index-management/opendistro_index_management_kibana-1.4.0.0.zip; \
- do bin/kibana-plugin install --allow-root ${PLUGIN}; done
-
-ADD thehive_button /usr/share/kibana/plugins/thehive_button
-RUN chown -R kibana:kibana /usr/share/kibana/plugins/thehive_button
-
-USER kibana
-
diff --git a/roles/build/files/openjdkDockerfile b/roles/build/files/openjdkDockerfile
deleted file mode 100644
index 2d83f47915490b23565d16b38b19c44bd2dea498..0000000000000000000000000000000000000000
--- a/roles/build/files/openjdkDockerfile
+++ /dev/null
@@ -1,11 +0,0 @@
-FROM gn43-dsl/centos:7a20201004
-
-RUN yum update -y; \
- yum install -y wget unzip curl java-1.8.0-openjdk-headless.x86_64
-
-RUN ln -svT "/usr/lib/jvm/java-1.8.0-openjdk-$(rpm -q --queryformat "%{VERSION}-%{RELEASE}.%{ARCH}\n" java-1.8.0-openjdk-headless)" /docker-java-home
-ENV JAVA_HOME /docker-java-home/jre
-
-RUN yum clean all
-
-CMD ["/bin/bash"]
diff --git a/roles/build/files/thehive/thehivesupervisord.conf b/roles/build/files/thehive/thehivesupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..8fa1d9384573319fe465395cadc49db68c0a0cfb
--- /dev/null
+++ b/roles/build/files/thehive/thehivesupervisord.conf
@@ -0,0 +1,43 @@
+[unix_http_server]
+file=/tmp/supervisor.sock
+
+[supervisord]
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:thehive]
+directory=/opt/thehive
+user=thehive
+group=thehive
+command=/bin/bash -c '/opt/thehive/bin/thehive -Dconfig.file=/etc/thehive/application.conf -Dlogger.file=/etc/thehive/logback.xml -J-Xms1g -J-Xmx1g -Dpidfile.path=/dev/null'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/thehive_stderr.log
+stdout_logfile = /var/log/supervisor/thehive_stdout.log
+
+[program:filebeat]
+directory=/opt/filebeat
+user=root
+group=root
+command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/filebeat_stderr.log
+stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/thehiveDockerfile b/roles/build/files/thehiveDockerfile
deleted file mode 100644
index ce8ddb82f09b5629c48fad91cb7635b82aacea87..0000000000000000000000000000000000000000
--- a/roles/build/files/thehiveDockerfile
+++ /dev/null
@@ -1,24 +0,0 @@
-FROM gn43-dsl/openjdk:7a20201004
-
-USER root
-#COPY thehive.repo /etc/yum.repos.d/thehive.repo
-#COPY supervisord.conf /etc/supervisord.conf
-#COPY start.sh /start.sh
-RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
- echo "enabled=1" >> /etc/yum.repos.d/thehive.repo && \
- echo "priority=1" >> /etc/yum.repos.d/thehive.repo && \
- echo "name=TheHive-Project RPM repository" >> /etc/yum.repos.d/thehive.repo && \
- echo "baseurl=http://rpm.thehive-project.org/stable/noarch" >> /etc/yum.repos.d/thehive.repo && \
- echo "gpgcheck=1" >> /etc/yum.repos.d/thehive.repo && \
- yum install -y epel-release && \
- rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
- yum install -y thehive4 supervisor daemonize vim net-tools telnet htop && \
- mkdir -p /opt/thp_data/files/thehive && \
- chown -R thehive:thehive /opt/thp_data/files/thehive && \
- mkdir -p /home/thehive && \
- chown -R thehive:thehive /home/thehive /etc/thehive && \
- yum -y clean all
-EXPOSE 9000
-#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
-USER thehive
-# ENTRYPOINT ["/start.sh"]
diff --git a/roles/build/files/thehive_button/.eslintrc b/roles/build/files/thehive_button/.eslintrc
deleted file mode 100644
index 64eba86220ec489c9c364e9a443941d14a8d3b16..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/.eslintrc
+++ /dev/null
@@ -1,7 +0,0 @@
----
-extends: "@elastic/kibana"
-
-settings:
- import/resolver:
- '@elastic/eslint-import-resolver-kibana':
- rootPackageName: 'thehive_button'
diff --git a/roles/build/files/thehive_button/.kibana-plugin-helpers.json b/roles/build/files/thehive_button/.kibana-plugin-helpers.json
deleted file mode 100644
index 2c63c0851048d8f7bff41ecf0f8cee05f52fd120..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/.kibana-plugin-helpers.json
+++ /dev/null
@@ -1,2 +0,0 @@
-{
-}
diff --git a/roles/build/files/thehive_button/index.js b/roles/build/files/thehive_button/index.js
deleted file mode 100644
index fa69c75c30d7ee40f8d7089d6debd6cf69c8d402..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/index.js
+++ /dev/null
@@ -1,19 +0,0 @@
-import newCaseRoute from './server/routes/newcase';
-
-export default function (kibana) {
- return new kibana.Plugin({
- require: [], //['elasticsearch'],
- name: 'thehive_button',
- uiExports: {
- visTypes: [
- 'plugins/thehive_button/main',
- ],
- },
-
- init(server, options) { // eslint-disable-line no-unused-vars
- // Add server routes and initialize the plugin here
- newCaseRoute(server);
- }
- });
-}
-
diff --git a/roles/build/files/thehive_button/package.json b/roles/build/files/thehive_button/package.json
deleted file mode 100644
index e1c070d62c2e69b0f42fa4c5d47e1e8c0b408988..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/package.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
- "name": "thehive_button",
- "version": "1.0.0",
- "description": "Visualisation plugin which creates a simple button to create a new case in The Hive.",
- "main": "index.js",
- "kibana": {
- "version": "7.4.2"
- },
- "scripts": {
- "lint": "eslint .",
- "start": "plugin-helpers start",
- "build": "plugin-helpers build"
- },
- "dependencies": {
- "request": "^2.88.0",
- "@elastic/eui": "10.4.2",
- "react": "^16.8.0"
- },
- "devDependencies": {
- "@elastic/eslint-config-kibana": "link:../../packages/eslint-config-kibana",
- "@elastic/eslint-import-resolver-kibana": "link:../../packages/kbn-eslint-import-resolver-kibana",
- "@kbn/plugin-helpers": "link:../../packages/kbn-plugin-helpers",
- "babel-eslint": "^9.0.0",
- "eslint": "^5.6.0",
- "eslint-plugin-babel": "^5.2.0",
- "eslint-plugin-import": "^2.14.0",
- "eslint-plugin-jest": "^21.26.2",
- "eslint-plugin-jsx-a11y": "^6.1.2",
- "eslint-plugin-mocha": "^5.2.0",
- "eslint-plugin-no-unsanitized": "^3.0.2",
- "eslint-plugin-prefer-object-spread": "^1.2.1",
- "eslint-plugin-react": "^7.11.1",
- "expect.js": "^0.3.1"
- }
-}
diff --git a/roles/build/files/thehive_button/public/create_case.js b/roles/build/files/thehive_button/public/create_case.js
deleted file mode 100644
index fc8edd6f6f1e4ccb1b24ec5554e55e2d6503cf6c..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/public/create_case.js
+++ /dev/null
@@ -1,101 +0,0 @@
-// Functions to send data to Kibana endpoints
-
-import chrome from 'ui/chrome';
-
-// Create a new Case in The Hive via its API
-// Return a Promise which resolves to object with ID of the new case ('id' attr) or error message ('error' attr)
-export function createTheHiveCase(base_url, api_key, title, descr, severity, startDate, owner, flag, tlp, tags) {
- // Prepare data
- var data = JSON.stringify({
- "base_url": base_url,
- "api_key": api_key,
- "body": {
- "title": title,
- "description": descr,
- "severity": severity, // number: 1=low, 2=medium, 3=high
- "startDate": startDate,
- "owner": owner, // user name the case will be assigned to
- "flag": flag, // bool
- "tlp": tlp, // number: 0=white, 1=green, 2=amber, 3=red
- "tags": tags, // array of strings
- }
- });
- console.log("TheHiveButton: Sending request to API endpoint 'new_case':", data);
- var kibana_endpoint_url = chrome.addBasePath('/api/thehive_button/new_case');
-
- return new Promise(function (resolve, reject) {
- // Create AJAX request
- var xhr = new XMLHttpRequest();
-
- // Listener to process reply
- xhr.onreadystatechange = function () {
- if (this.readyState != 4) {
- return; // response not ready yet
- }
- if (this.status == 200) {
- const resp = JSON.parse(this.responseText);
- console.log("TheHiveButton: Response from backend:", resp);
- if ("error" in resp) {
- resolve({"error": resp.error});
- }
- else if (resp.status_code != 201) {
- resolve({"error": "Unexpected reply received from The Hive: [" + resp.status_code + "] " + resp.status_msg});
- }
- else {
- resolve({"id": resp.body.id}); // return ID of the new case
- }
- }
- else {
- console.log("TheHiveButton: Error " + this.status + ": " + this.statusText);
- resolve({"error": "Error " + this.status + ": " + this.statusText});
- }
- }
-
- // Send the AJAX request
- xhr.open("POST", kibana_endpoint_url);
- xhr.setRequestHeader("Content-Type", "application/json");
- xhr.setRequestHeader("kbn-xsrf", "thehive_plugin"); // this header must be set, although its content is probably irrelevant
- xhr.send(data);
- });
-}
-
-// Add observables to an existing Case in The Hive
-// (send the list of observables to our backend endpoint, it pushes them to The Hive)
-export function addCaseObservables(base_url, api_key, caseid, observables) {
- const kibana_endpoint_url = chrome.addBasePath('/api/thehive_button/add_observables');
- const data = JSON.stringify({
- "base_url": base_url,
- "api_key": api_key,
- "caseid": caseid,
- "observables": observables,
- });
- console.log("TheHiveButton: Sending request to API endpoint 'add_observables':", data);
-
- return new Promise(function (resolve, reject) {
- // Create AJAX request
- var xhr = new XMLHttpRequest();
-
- // Listener to process reply
- xhr.onreadystatechange = function () {
- if (this.readyState != 4) {
- return; // response not ready yet
- }
- if (this.status == 200) {
- const resp = JSON.parse(this.responseText);
- console.log("TheHiveButton: Response from backend:", resp);
- resolve(resp);
- }
- else {
- console.log("TheHiveButton: Error " + this.status + ": " + this.statusText);
- resolve({"error": "Error " + this.status + ": " + this.statusText});
- }
- }
-
- // Send the AJAX request
- xhr.open("POST", kibana_endpoint_url);
- xhr.setRequestHeader("Content-Type", "application/json");
- xhr.setRequestHeader("kbn-xsrf", "thehive_plugin"); // this header must be set, although its content is probably irrelevant
- xhr.send(data);
- });
-}
-
diff --git a/roles/build/files/thehive_button/public/env.js b/roles/build/files/thehive_button/public/env.js
deleted file mode 100644
index 4321b85f5ee1682abd17871889a165ae8d96b465..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/public/env.js
+++ /dev/null
@@ -1,4 +0,0 @@
-// Default plugin configuration
-export const THEHIVE_URL = 'https://hive.gn4-3-wp8-soc.sunet.se/';
-export const THEHIVE_API_KEY = '5LymseWiurZBrQN8Kqp8O+9KniTL5cE0';
-export const THEHIVE_OWNER = 'admin'; // default owner account of the created cases
diff --git a/roles/build/files/thehive_button/public/main.js b/roles/build/files/thehive_button/public/main.js
deleted file mode 100644
index ee46d73170d4fb43739c58468e3396caace6dcbe..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/public/main.js
+++ /dev/null
@@ -1,54 +0,0 @@
-import { THEHIVE_API_KEY, THEHIVE_URL, THEHIVE_OWNER } from './env';
-import { TheHiveButtonVisComponent } from './vis_controller';
-import { theHiveButtonRequestHandlerProvider } from './request_handler';
-import { optionsEditor } from './options_editor';
-
-import { VisFactoryProvider } from 'ui/vis/vis_factory';
-import { VisTypesRegistryProvider } from 'ui/registry/vis_types';
-import { DefaultEditorSize } from 'ui/vis/editor_size';
-
-
-function TheHiveButtonVisProvider(Private) {
- const VisFactory = Private(VisFactoryProvider);
-
- //console.log("default URL:", THEHIVE_URL);
- //console.log("default API key:", THEHIVE_API_KEY);
-
- return VisFactory.createReactVisualization({
- name: 'thehive_button',
- title: 'The Hive Case',
- icon: 'alert',
- description: 'A button to create a new Case in The Hive.',
- //requiresUpdateStatus: [Status.PARAMS, Status.RESIZE, Status.UI_STATE],
- visConfig: {
- component: TheHiveButtonVisComponent,
- defaults: {
- // add default parameters
- url: THEHIVE_URL,
- apikey: THEHIVE_API_KEY,
- owner: THEHIVE_OWNER,
- obsFields: [], // list of objects, e.g. {name: "clientip", type: "ip", cnt: 100}
- }
- },
- //editor: 'default',
- editorConfig: {
- optionTabs: [
- {
- name: "options",
- title: "Options",
- editor: optionsEditor,
- }
- ],
- defaultSize: DefaultEditorSize.LARGE,
- },
-// optionsTemplate: optionsEditor, //optionsTemplate,
-// //enableAutoApply: true,
-// },
- requestHandler: 'theHiveButtonRequestHandler', // own request handler
- responseHandler: 'none', // pass data as returned by requestHandler
- });
-}
-
-// register the provider with the visTypes registry
-VisTypesRegistryProvider.register(TheHiveButtonVisProvider);
-
diff --git a/roles/build/files/thehive_button/public/options_editor.js b/roles/build/files/thehive_button/public/options_editor.js
deleted file mode 100644
index 38762bd463115702a0c4f03f099434485f5d59dc..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/public/options_editor.js
+++ /dev/null
@@ -1,176 +0,0 @@
-import React from 'react';
-import {
- EuiForm,
- EuiFormRow,
- EuiTitle,
- EuiSpacer,
- EuiFieldText,
- EuiFieldNumber,
- EuiSelect,
- EuiFlexGroup,
- EuiFlexItem,
- EuiButton,
- EuiButtonIcon,
-} from '@elastic/eui';
-
-// Default data types in The Hive
-const DEFAULT_THE_HIVE_TYPES = [
- '',
- 'autonomous-system',
- 'domain',
- 'file',
- 'filename',
- 'fqdn',
- 'hash',
- 'ip',
- 'mail',
- 'mail_subject',
- 'regexp',
- 'registry',
- 'uri_path',
- 'url',
- 'user-agent',
- 'other',
-];
-
-// Options for EuiSelect for selection of field's data type in TheHive
-const typesOptions = DEFAULT_THE_HIVE_TYPES.map( dt => ({value: dt, text: dt}) );
-
-export function optionsEditor(props) {
- //console.log("editor render(), props:", props);
- const { stateParams, setValue, setValidity, vis } = props;
-
- // onClick/onChange handlers
- const obsAddNew = () => {
- const newObsFields = [...stateParams.obsFields, {name: "", type: "", cnt: 100}];
- // For some reason, first click on the button after editor is loaded does
- // nothing. Calling setValue twice here fixes it.
- setValue("obsFields", newObsFields);
- setValue("obsFields", newObsFields);
-// setValidity(false); // since new row is empty, form is always invalid
- };
- const obsRemove = (ix) => {
- let newArray = [...stateParams.obsFields];
- newArray.splice(ix, 1);
- setValue("obsFields", newArray);
-// validate();
- }
- const obsSetName = (ix, name) => {
- let newArray = [...stateParams.obsFields];
- newArray[ix].name = name;
- setValue("obsFields", newArray);
-// validate();
- }
- const obsSetType = (ix, type) => {
- let newArray = [...stateParams.obsFields];
- newArray[ix].type = type;
- setValue("obsFields", newArray);
-// validate();
- }
- const obsSetCnt = (ix, cnt) => {
- let newArray = [...stateParams.obsFields];
- newArray[ix].cnt = parseInt(cnt);
- setValue("obsFields", newArray);
-// validate();
- }
-// const validate = () => {
-// let valid = true;
-// for (let field of stateParams.obsFields) {
-// if (field.name == "" || field.type == "" || field.cnt == "") {
-// valid = false;
-// break;
-// }
-// }
-// // TODO check for duplicate fields
-// setValidity(valid);
-// }
-
- // Get list of all fields in index (except those beginning with "_" or "@")
- // and create "options" parameter for EuiSelect.
- // Also, fields with "aggregatable=false" are removed, as they can't be used
- // with "terms" aggregation we need.
- // See this for details: https://www.elastic.co/guide/en/elasticsearch/reference/7.x/fielddata.html
- // Empty field is added at the beginning, meaning "no selection yet".
- const fieldOptions = [{value: "", text: ""}].concat(
- vis.indexPattern.fields.raw.filter( f => (f.name[0] != "_" && f.name[0] != "@" && f.aggregatable) ).map( f => ({value: f.name, text: `${f.name} (${f.type})`}) )
- );
-
- return <EuiForm>
- <EuiFormRow fullWidth={true} label="Base URL of The Hive">
- <EuiFieldText
- fullWidth={true}
- value={stateParams.url}
- onChange={e => setValue('url', e.target.value)}
- isInvalid={stateParams.url == ""}
- />
- </EuiFormRow>
- <EuiFlexGroup>
- <EuiFlexItem grow={1}>
- <EuiFormRow label="API key to access The Hive" helpText="API key of a user with write permission.">
- <EuiFieldText
- fullWidth={true}
- value={stateParams.apikey}
- onChange={e => setValue('apikey', e.target.value)}
- isInvalid={stateParams.apikey == ""}
- />
- </EuiFormRow>
- </EuiFlexItem>
- <EuiFlexItem grow={1}>
- <EuiFormRow label="Assignee" helpText="User to assign created cases to. Must be a valid username from The Hive instance.">
- <EuiFieldText
- value={stateParams.owner}
- onChange={e => setValue('owner', e.target.value)}
- isInvalid={stateParams.owner == ""}
- />
- </EuiFormRow>
- </EuiFlexItem>
- </EuiFlexGroup>
- <EuiTitle size="s"><h3>Fields to get potential observables from ...</h3></EuiTitle>
- <EuiSpacer size="s" />
- {stateParams.obsFields.map( (field, ix) => (
- <EuiFlexGroup key={ix} gutterSize="s">
- <EuiFlexItem grow={3}>
- <EuiFormRow label="Field name">
- <EuiSelect
- options={fieldOptions}
- value={field.name}
- onChange={ e => obsSetName(ix, e.target.value) }
- isInvalid={field.name == ""}
- />
- </EuiFormRow>
- </EuiFlexItem>
- <EuiFlexItem grow={2}>
- <EuiFormRow label="Data type in The Hive">
- <EuiSelect
- options={typesOptions}
- value={field.type}
- onChange={ e => obsSetType(ix, e.target.value) }
- isInvalid={field.type == ""}
- />
- </EuiFormRow>
- </EuiFlexItem>
- <EuiFlexItem grow={1}>
- <EuiFormRow label="Max items shown">
- <EuiFieldNumber
- min={1}
- max={1000}
- value={parseInt(field.cnt)}
- onChange={ e => obsSetCnt(ix, e.target.value) }
- isInvalid={!(field.cnt > 0)}
- />
- </EuiFormRow>
- </EuiFlexItem>
- <EuiFlexItem grow={false}>
- <EuiFormRow hasEmptyLabelSpace>
- <EuiButtonIcon iconType="trash" iconSize="m" color="danger" aria-label="Remove field" onClick={ e => obsRemove(ix) } />
- </EuiFormRow>
- </EuiFlexItem>
- </EuiFlexGroup>
- ))}
- <EuiFlexGroup>
- <EuiFlexItem grow={false}>
- <EuiButton iconType="plusInCircleFilled" color="primary" onClick={obsAddNew}>Add new field ...</EuiButton>
- </EuiFlexItem>
- </EuiFlexGroup>
- </EuiForm>
-}
diff --git a/roles/build/files/thehive_button/public/options_template.html b/roles/build/files/thehive_button/public/options_template.html
deleted file mode 100644
index ef996577786150282c2ffb0d28652a3d1712842b..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/public/options_template.html
+++ /dev/null
@@ -1,8 +0,0 @@
-<div class="form-group">
- <p><label>Base URL of The Hive</label>
- <input ng-model="editorState.params.url" class=form-control /></p>
- <p><label>API key</label>
- <input ng-model="editorState.params.apikey" class=form-control /></p>
- <p><label>User name to use as the owner of cases created from here</label>
- <input ng-model="editorState.params.owner" class=form-control /></p>
-</div>
diff --git a/roles/build/files/thehive_button/public/request_handler.js b/roles/build/files/thehive_button/public/request_handler.js
deleted file mode 100644
index bdbb0f4ebee4ff5307a1bf549706bf1ecc92e11b..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/public/request_handler.js
+++ /dev/null
@@ -1,195 +0,0 @@
-import { CourierRequestHandlerProvider as courierRequestHandlerProvider } from 'ui/vis/request_handlers/courier';
-import { SearchSourceProvider } from 'ui/courier/search_source';
-import { RequestAdapter, DataAdapter } from 'ui/inspector/adapters';
-import { VisRequestHandlersRegistryProvider } from 'ui/registry/vis_request_handlers';
-import { AggConfig } from 'ui/vis/agg_config';
-import { AggConfigs } from 'ui/vis/agg_configs';
-import { getTime } from 'ui/timefilter/get_time';
-import { i18n } from '@kbn/i18n';
-import { has } from 'lodash';
-import { calculateObjectHash } from 'ui/vis/lib/calculate_object_hash';
-import { getRequestInspectorStats, getResponseInspectorStats } from 'ui/courier/utils/courier_inspector_utils';
-import chrome from 'ui/chrome';
-
-// Maximum number of unique values of each field (observables) to fetch
-const MAX_NUMBER_OF_TERMS = 5;
-
-const handleCourierRequest = courierRequestHandlerProvider().handler;
-
-// Register new RaquestHandlerProvider
-const theHiveButtonRequestHandlerProvider = function () {
- return {
- name: 'theHiveButtonRequestHandler',
- handler: theHiveButtonRequestHandler,
- }
-}
-VisRequestHandlersRegistryProvider.register(theHiveButtonRequestHandlerProvider);
-
-export {theHiveButtonRequestHandlerProvider, theHiveButtonRequestHandler};
-
-
-// The request handler function itself
-async function theHiveButtonRequestHandler(params) {
- //console.log("theHiveButtonRequestHandler params:", params);
-
- let index = params.index;
- let partialRows = params.partialRows;
- let metricsAtAllLevels = params.metricsAtAllLevels;
- let timeRange = params.timeRange;
- let query = params.query;
- let filters = params.filters;
- let inspectorAdapters = params.inspectorAdapters;
- let queryFilter = params.queryFilter;
- let forceFetch = params.forceFetch;
- // our own confiuration:
- // list of fields to get potential observables from
- // (each "field" is object {name: str, type: str, cnt: int})
- let obsFields = params.visParams.obsFields;
-
- // filter out invalid field specifications
- obsFields = obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt > 0) );
-
- if (obsFields.length == 0) {
- //console.log("theHiveButtonRequestHandler: Empty obsFields, nothing to do")
- return {} // no fields specified, nothing to do
- }
-
- // === Prepare request to ask for unique values of all selected fields ===
-
- // Construct a query for ElasticSearch
- // Get "terms" (most common unique values) for each field of obsFields
- const aggs_dsl = {}
- for (let field of obsFields) {
- aggs_dsl[field.name] = {
- terms: {
- field: field.name,
- size: field.cnt,
- order: {_count: "desc"}
- }
- };
- }
- //console.log("aggs_dsl:", aggs_dsl);
-
- // Create empty AggConfigs
- // (We could pass specifications of a metric and the buckets here,
- // but default processing functions assume multiple buckets are sub-buckets,
- // which is not what we want. So we must do a "hack" and manually create
- // query directly in format for ElasticSearch)
- const aggs = new AggConfigs(params.index, []);
-
- // === Some magic to get searchSource object ===
- // (inspired by https://github.com/fbaligand/kibana-enhanced-table/blob/7.4/public/data_load/enhanced-table-request-handler.js)
- // (I don't understand it, but it works)
-
- let $injector = await chrome.dangerouslyGetActiveInjector();
- let Private = $injector.get('Private');
- let SearchSource = Private(SearchSourceProvider);
- let searchSource = new SearchSource();
- searchSource.setField('index', index);
- searchSource.setField('size', 0);
-
- inspectorAdapters.requests = new RequestAdapter();
- inspectorAdapters.data = new DataAdapter();
-
-
- // === Execute query ===
- // We could call standard "courier" here, but it tries to convert the response
- // to a table, which fails in our case, so we copied the main code of courier
- // and modified it here.
-
- const abortSignal = false;
-
- const timeFilterSearchSource = searchSource.createChild({ callParentStartHandlers: true });
- const requestSearchSource = timeFilterSearchSource.createChild({ callParentStartHandlers: true });
-
- aggs.setTimeRange(timeRange);
-
- // For now we need to mirror the history of the passed search source, since
- // the request inspector wouldn't work otherwise.
- Object.defineProperty(requestSearchSource, 'history', {
- get() {
- return searchSource.history;
- },
- set(history) {
- return searchSource.history = history;
- }
- });
-
- // This has been modified to override DSL format by ours
-// requestSearchSource.setField('aggs', function () {
-// return aggs.toDsl(metricsAtAllLevels);
-// });
- requestSearchSource.setField('aggs', aggs_dsl);
-
- requestSearchSource.onRequestStart((searchSource, searchRequest) => {
- return aggs.onSearchRequestStart(searchSource, searchRequest);
- });
-
- if (timeRange) {
- timeFilterSearchSource.setField('filter', () => {
- return getTime(searchSource.getField('index'), timeRange);
- });
- }
-
- requestSearchSource.setField('filter', filters);
- requestSearchSource.setField('query', query);
-
- const reqBody = await requestSearchSource.getSearchRequestBody();
-
- const queryHash = calculateObjectHash(reqBody);
- // We only need to reexecute the query, if forceFetch was true or the hash of the request body has changed
- // since the last request
- const shouldQuery = forceFetch || (searchSource.lastQuery !== queryHash);
-
- if (shouldQuery) {
- inspectorAdapters.requests.reset();
- const request = inspectorAdapters.requests.start(
- i18n.translate('common.ui.vis.courier.inspector.dataRequest.title', { defaultMessage: 'Data' }),
- {
- description: i18n.translate('common.ui.vis.courier.inspector.dataRequest.description',
- { defaultMessage: 'This request queries Elasticsearch to fetch the data for the visualization.' }),
- }
- );
- request.stats(getRequestInspectorStats(requestSearchSource));
-
- try {
- // Abort any in-progress requests before fetching again
- if (abortSignal) {
- abortSignal.addEventListener('abort', () => requestSearchSource.cancelQueued());
- }
-
- const response = await requestSearchSource.fetch();
- //console.log("raw response:", response);
-
- searchSource.lastQuery = queryHash;
-
- request
- .stats(getResponseInspectorStats(searchSource, response))
- .ok({ json: response });
-
- searchSource.rawResponse = response;
- } catch(e) {
- // Log any error during request to the inspector
- request.error({ json: e });
- throw e;
- } finally {
- // Add the request body no matter if things went fine or not
- requestSearchSource.getSearchRequestBody().then(req => {
- request.json(req);
- });
- }
- }
-
- // === Copy of courier code ends here, now we parse the response ===
-
- const resp = searchSource.rawResponse;
- // Return as object containing a list of unique values (terms) for each
- // requested field
- let unique_values_lists = {}
- for (let field of obsFields) {
- unique_values_lists[field.name] = resp.aggregations[field.name].buckets.map( (x) => x.key );
- }
-
- //console.log("Final lists:", unique_values_lists);
- return unique_values_lists;
-}
diff --git a/roles/build/files/thehive_button/public/vis.less b/roles/build/files/thehive_button/public/vis.less
deleted file mode 100644
index b6f887afaef57a7674a0d0f06ee6f821a0fc015e..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/public/vis.less
+++ /dev/null
@@ -1,3 +0,0 @@
-.myvis-container-div {
- padding: 1em;
-}
diff --git a/roles/build/files/thehive_button/public/vis_controller.js b/roles/build/files/thehive_button/public/vis_controller.js
deleted file mode 100644
index 8b23222700ab072c9665442851982e11cdc56788..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/public/vis_controller.js
+++ /dev/null
@@ -1,555 +0,0 @@
-//import { Status } from 'ui/vis/update_status';
-import { toastNotifications } from 'ui/notify';
-import { createTheHiveCase, addCaseObservables } from './create_case';
-//import vis_template from './vis_template.html';
-
-import React, { Component } from 'react';
-import {
- EuiButton,
- EuiButtonEmpty,
- EuiModal,
- EuiModalBody,
- EuiModalFooter,
- EuiModalHeader,
- EuiModalHeaderTitle,
- EuiOverlayMask,
- EuiTitle,
- EuiFlexGroup,
- EuiFlexItem,
- EuiSpacer,
- EuiForm,
- EuiFormRow,
- EuiFieldText,
- EuiTextArea,
- EuiSuperSelect,
- EuiBasicTable,
- EuiCheckbox,
- makeId,
-} from '@elastic/eui';
-
-
-// ********** React components **********
-
-// Main React component - the root of visualization
-export class TheHiveButtonVisComponent extends Component {
- render() {
- //console.log("TheHiveButtonVisComponent.render(), props:", this.props);
- return (
- <div>
- <NewCaseButton params={this.props.vis.params} observables={this.props.visData} />
- </div>
- );
- }
-
- componentDidMount() {
- this.props.renderComplete();
- }
-
- componentDidUpdate() {
- this.props.renderComplete();
- }
-}
-
-// Button to show the pop-up window (modal)
-// Props:
-// .params - visualization parameters (from vis.params)
-// .observables - object with lists of potential observables to add to the Case
-// for each field in params.obsFields there should be a key in this object
-// containing list of observables (this is returned by request_handler)
-class NewCaseButton extends Component {
-
- constructor(props) {
- super(props);
- // Filter out invalid obsField specifications
- this.obsFields = props.params.obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt > 0) );
- //console.log("Filtered field specs:", this.obsFields);
-
- // The complete state is here, so it's kept even when modal is closed
- this.state = {
- isModalVisible: false,
- isWorking: false, // used to show a spinner on submit button
- ...this.create_initial_state(),
- }
-
- this.resetCnt = 0; // used to change Modal component key on each form reset
-
- // Each handler function in a class (method) must be "binded" this way
- this.closeModal = this.closeModal.bind(this);
- this.showModal = this.showModal.bind(this);
- this.resetForm = this.resetForm.bind(this);
-
- this.onTitleChange = this.onTitleChange.bind(this);
- this.onSeverityChange = this.onSeverityChange.bind(this);
- this.onTLPChange = this.onTLPChange.bind(this);
- this.onDescriptionChange = this.onDescriptionChange.bind(this);
-
- this.onObsSelectionChange = this.onObsSelectionChange.bind(this);
- this.onObsDataChange = this.onObsDataChange.bind(this);
-
- this.submitCase = this.submitCase.bind(this);
- }
-
- create_initial_state() {
- // create a new instance of initial state definition
- let initial_state = {
- // Case parameters
- title: "",
- description: "\n\n--\nCreated from Kibana",
- severity: "2", // medium
- tlp: "2", // amber
- tags: [], // TODO (not implemented yet)
- obsData: {}, // state of observables form fields (obsData->field->index->{descr,tlp,ioc,tags})
- obsSel: {}, // list of observable selections (obsSel->field->list_of_selected_indices)
- }
- // pre-fill state of each observable to defaults
- const initial_field_data = {descr: "", tlp: 2, ioc: false, tags: []};
- for (let field of this.obsFields) {
- const n_obs = this.props.observables[field.name].length;
- // fill obsData with new copies of initial_field_data
- initial_state.obsData[field.name] = new Array(n_obs).fill().map((_)=>({...initial_field_data}));
- // nothing is selected
- initial_state.obsSel[field.name] = new Array();
- }
- return initial_state;
- }
-
- componentDidUpdate(prevProps) {
- // If list of observables was updated or obsFields setting has changed,
- // reset the component state and precomputed variables.
- if (this.props.observables != prevProps.observables) {
- if (this.props.params.obsFields != prevProps.params.obsFields) {
- // when obsFields change, observables must change as well, so this "if"
- // can be inside the first one.
- // Filter out invalid obsField specifications
- this.obsFields = this.props.params.obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt && f.cnt > 0) );
- //console.log("Filtered field specs:", this.obsFields);
- }
- //console.log("New list of observables, resetting form.");
- this.resetForm();
- }
- }
-
- resetForm() {
- this.setState(this.create_initial_state());
- this.resetCnt += 1; // this changes the key of ModalContent, causing it to be replaced by new DOM elelments (otherwise, not all things are reset properly)
- this.forceUpdate();
- }
-
- closeModal() {
- this.setState({ isModalVisible: false });
- }
-
- showModal() {
- this.setState({ isModalVisible: true });
- }
-
- // Event handlers for change of case parameter
- onTitleChange(evt) {
- this.setState({title: evt.target.value});
- }
- onSeverityChange(value) {
- this.setState({severity: value});
- }
- onTLPChange(value) {
- this.setState({tlp: value});
- }
- onDescriptionChange(evt) {
- this.setState({description: evt.target.value});
- }
-
- // Event handler for observable (de)selection
- onObsSelectionChange(fieldName, selectedItems) {
- // Extract indices from the items and store them into state
- const selectedIndices = selectedItems.map(item4 => item4.i);
- this.setState((state, props) => {
- let newObsSel = {...this.state.obsSel};
- newObsSel[fieldName] = selectedIndices;
- return {obsSel: newObsSel};
- });
- }
-
- // Event handler for edit of a form field in observable row
- // - fieldName: which field (table of observables)
- // - ix: index of the observable in the field's table
- // - param: one of: descr,tlp,ioc,tags
- // - value: new value of the form field
- onObsDataChange(fieldName, ix, param, value) {
- this.setState((state, props) => {
- let newObsData = {...this.state.obsData};
- newObsData[fieldName][ix][param] = value;
- return {obsData: newObsData};
- });
- }
-
- // Render function
- render() {
- let modal;
- if (this.state.isModalVisible) {
- modal = <ModalContent
- resetCnt={this.resetCnt} // used to change "key" of modalBody, causing all form fields to be re-created (some things are not reset properly by reseting state only)
- close={this.closeModal}
- reset={this.resetForm}
- fields={this.obsFields}
- observables={this.props.observables}
- // form state
- title={this.state.title}
- description={this.state.description}
- severity={this.state.severity}
- tlp={this.state.tlp}
- tags={this.state.tags}
- obsData={this.state.obsData}
- obsSel={this.state.obsSel}
- spinner={this.state.isWorking}
- // event handlers
- onTitleChange={this.onTitleChange}
- onSeverityChange={this.onSeverityChange}
- onTLPChange={this.onTLPChange}
- onDescriptionChange={this.onDescriptionChange}
- onObsSelectionChange={this.onObsSelectionChange}
- onObsDataChange={this.onObsDataChange}
- submitCase={this.submitCase}
- />;
- }
- return (
- <div>
- <EuiButton fill iconType="alert" color="danger" onClick={this.showModal}>Create new Case ...</EuiButton>
- {modal}
- </div>
- );
- }
-
- // Submit case button handler
- async submitCase(evt) {
- const params = this.props.params;
-
- // Get case parameters
- const title = this.state.title;
- const descr = this.state.description;
- const severity = parseInt(this.state.severity);
- const start_date = null;
- const owner = params.owner;
- const flag = false;
- const tlp = parseInt(this.state.tlp);
- const tags = this.state.tags;
-
- if (!title) {
- toastNotifications.addDanger("Title can't be empty");
- return;
- }
-
- // Get list of selected observables and their params
- let observables = [];
- for (let field of this.obsFields) {
- let selectionIndices = [...this.state.obsSel[field.name]]; // make a copy
- selectionIndices.sort();
- for (let i = 0; i < selectionIndices.length; i++) {
- const j = selectionIndices[i]; // index of a selected obs. in the list of all observables
- // fill in observable definition according to model at
- // https://github.com/TheHive-Project/TheHiveDocs/blob/master/api/artifact.md
- const obs = {
- dataType: field.type,
- data: this.props.observables[field.name][j],
- message: this.state.obsData[field.name][j].descr,
- tlp: this.state.obsData[field.name][j].tlp,
- ioc: this.state.obsData[field.name][j].ioc,
- tags: this.state.obsData[field.name][j].tags,
- };
- observables.push(obs);
- }
- }
-
- //console.log("Selected observables:", observables);
-
- // Check '/' at the end of base URL, add it if needed
- let base_url = params.url;
- if (base_url[base_url.length-1] != "/") {
- base_url += "/";
- }
-
- // Show spinner at submit button
- this.setState({isWorking: true});
-
- // Submit request to create the case, handle response
- let resp;
- resp = await createTheHiveCase(base_url, params.apikey, title, descr, severity, start_date, owner, flag, tlp, tags);
-
- if ('error' in resp) {
- // Error contacting The Hive
- console.error("TheHiveButton: ERROR when trying to create new case:", resp.error);
- toastNotifications.addDanger("ERROR: " + resp.error);
- this.setState({isWorking: false}); // Hide spinner
- return;
- }
-
- console.log("TheHiveButton: Case created:", resp);
- const case_id = resp.id;
- const case_url = base_url + "index.html#/case/" + case_id + "/details";
-
- // Show notification
- let obs_text;
- if (observables.length > 0) {
- obs_text = "Adding " + observables.length + " observables in background ...";
- }
- else {
- obs_text = "(no observables added)";
- }
- toastNotifications.add({
- title: "Case created",
- color: "success",
- iconType: "checkInCircleFilled",
- text: (
- <div>
- <p><b><a href={case_url} target="_blank">Edit the new Case</a></b></p>
- <p>{obs_text}</p>
- </div>
- ),
- });
-
- // Close the popup window, reset form fields and hide spinner
- this.closeModal();
- this.resetForm();
- this.setState({isWorking: false});
-
- // Open a new window with the case in The Hive
- // (adding observables may take some time, so the case is opened first;
- // The Hive web is dynamic so the observables appear as they are added)
- window.open(case_url, '_blank');
-
- if (observables.length == 0)
- return;
-
- // Submit request to add observables
- console.log("TheHiveButton: adding " + observables.length + " observables ...");
- resp = await addCaseObservables(base_url, params.apikey, case_id, observables);
-
- if ('error' in resp) {
- console.error("TheHiveButton: ERROR when trying to add observables: " + resp.error);
- toastNotifications.addDanger("ERROR when trying to add observables: " + resp.error);
- }
- else {
- console.log("TheHiveButton: Done, observables added.");
- toastNotifications.add("Done, observables added.");
- }
- }
-}
-
-
-// The popup window with a form
-// props:
-// - spinner: when true, disable form and show a spinner over it
-class ModalContent extends Component {
- constructor(props) {
- super(props);
- // No state here, everything is in the parent class (NewCaseButton)
-
- // "Select" options
- this.severityOptions = [
- {value: "1", inputDisplay: "low"},
- {value: "2", inputDisplay: "medium"},
- {value: "3", inputDisplay: "high"},
- ];
- this.tlpOptions = [
- {value: "0", inputDisplay: "white"},
- {value: "1", inputDisplay: "green"},
- {value: "2", inputDisplay: "amber"},
- {value: "3", inputDisplay: "red"},
- ];
- }
-
- // Main render function
- render() {
- // TODO: replace Modal with Flyout?
-
- // Note: onClick on EuiOverlayMask causes close of modal when clicked outside,
- // implementation inspired by PR: https://github.com/elastic/eui/pull/3462/files#diff-c8fda532e48f75c94c343247cbc6b2d3R53-R60
- return (
- <EuiOverlayMask onClick={(evt) => {if (evt.target.classList.contains("euiOverlayMask")) this.props.close();} }>
- <EuiModal onClose={this.props.close} maxWidth={false} initialFocus="[name=title]">
- <EuiModalHeader>
- <EuiModalHeaderTitle>Create a new case in The Hive</EuiModalHeaderTitle>
- </EuiModalHeader>
-
- <EuiModalBody key={this.props.resetCnt}>
- <EuiForm style={{width: "800px"}}>
- <EuiFlexGroup>
- <EuiFlexItem grow={1}>
- <EuiFormRow label="Title" fullWidth>
- <EuiFieldText name="title" value={this.props.title} onChange={this.props.onTitleChange} required={true} fullWidth />
- </EuiFormRow>
- </EuiFlexItem>
- <EuiFlexItem grow={false}>
- <EuiFormRow label="Severity">
- <EuiSuperSelect
- options={this.severityOptions}
- valueOfSelected={this.props.severity}
- onChange={this.props.onSeverityChange}
- />
- </EuiFormRow>
- </EuiFlexItem>
- <EuiFlexItem grow={false}>
- <EuiFormRow label="TLP">
- <EuiSuperSelect
- prepend="TLP"
- options={this.tlpOptions}
- valueOfSelected={this.props.tlp}
- onChange={this.props.onTLPChange}
- />
- </EuiFormRow>
- </EuiFlexItem>
- </EuiFlexGroup>
- <EuiFormRow label="Description" fullWidth>
- <EuiTextArea
- defaultValue={this.props.description}
- onChange={this.props.onDescriptionChange}
- rows={4}
- fullWidth
- />
- </EuiFormRow>
-
- {this.props.fields.length > 0 && <EuiTitle size="s"><h3>Add observables from current query ...</h3></EuiTitle>}
- {this.props.fields.map((field,ix) => (
- <ObservablesTable
- key={field.name + ":" + this.props.resetCnt}
- fieldName={field.name}
- observables={this.props.observables[field.name]}
- obsData={this.props.obsData[field.name]}
- obsSel={this.props.obsSel[field.name]}
- onObsSelectionChange={this.props.onObsSelectionChange}
- onObsDataChange={this.props.onObsDataChange}
- />
- ))}
- </EuiForm>
- </EuiModalBody>
-
- <EuiModalFooter>
- <EuiButtonEmpty onClick={this.props.close}>Close</EuiButtonEmpty>
- <EuiButtonEmpty onClick={this.props.reset}>Reset</EuiButtonEmpty>
- <EuiButton onClick={this.props.submitCase} fill isLoading={this.props.spinner}>Create Case</EuiButton>
- </EuiModalFooter>
- </EuiModal>
- </EuiOverlayMask>
- );
- }
-}
-
-// Table of potential observables taken from a given field, allowing to select
-// which observables to send to The Hive.
-// Props:
-// fieldName - name of the field this table is for
-// observables - list of observable IDs of this field
-// obsData - array of objects specifying state of form fields in the table (.descr, .tlp, ...)
-// obsSel - array of indices of selected observables
-class ObservablesTable extends Component {
-
- constructor(props) {
- super(props);
-
- // Table columns definition
- this.columns = [
- {
- field: "id",
- name: "Observable",
- },
- {
- field: "descr",
- name: "Description",
- description: "Description of the observable in the context of the case",
- render: (value, item1) => (<EuiFieldText
- value={item1.descr}
- onChange={(e) => this.props.onObsDataChange(props.fieldName, item1.i, "descr", e.target.value)}
- disabled={!item1.selected}
- />)
- },
- /*{
- field: "tlp",
- name: "TLP",
- dataType: "number",
- // TODO render and process changes
- },*/
- {
- field: "ioc",
- name: "Is IOC",
- dataType: "boolean",
- description: "Indicates if the observable is an IOC",
- render: (value, item2) => (<EuiCheckbox
- id={"ioc-checkbox-"+item2.id}
- checked={item2.ioc}
- onChange={(e) => this.props.onObsDataChange(props.fieldName, item2.i, "ioc", e.target.checked)}
- disabled={!item2.selected}
- />)
- },
- /*{
- field: "tags",
- name: "Tags",
- // TODO render and process changes
- },*/
- ]
-
- // Create a reference to EuiBasicTable, so it's node can be accessed in componentDidMount
- this.tableRef = React.createRef();
- }
-
- render() {
- // Table data definition (convert props to format suitable for EuiBasicTable)
- const n_obs = this.props.observables.length;
- this.table_data = new Array(n_obs);
- for (let i = 0; i < n_obs; i++) {
- this.table_data[i] = {
- id: this.props.observables[i],
- descr: this.props.obsData[i].descr,
- tlp: this.props.obsData[i].tlp,
- ioc: this.props.obsData[i].ioc,
- tags: this.props.obsData[i].tags,
- // auxiliary fields, not shown in table:
- i: i, // row index
- selected: this.props.obsSel.includes(i),
- };
- }
-
- return (
- <>
- <EuiTitle size="xs"><h4>{this.props.fieldName}</h4></EuiTitle>
- <EuiBasicTable
- ref={this.tableRef}
- columns={this.columns}
- items={this.table_data}
- itemId={(item3) => item3.id}
- selection={ {onSelectionChange: (selectedItems) => this.props.onObsSelectionChange(this.props.fieldName, selectedItems) } }
- noItemsMessage="No observables found"
- rowProps={{
- // Hack to allow selection by clicking anywhere in the table row
- // (except input elements)
- onClick: (e) => {
- if (e.target.tagName != "INPUT") {
- // simulate click on the first checkbox in the row to (de)select the row
- e.currentTarget.querySelector("input").click();
- e.currentTarget.blur(); // without this the focus remains on the row after click (results in different color)
- }
- },
- tabIndex: "-1", // prevents focus on row by keyboard navigation
- }}
- />
- <EuiSpacer size="l" />
- </>
- )
- }
-
- componentDidMount() {
- // There's no way to specify initially selected items in EuiBasicTable by
- // props, but we may need to select some (in case a user selects some obs.,
- // closes the modal and opens it again).
- // However, the selection is stored as a 'selection' field of table's state,
- // so here we directly edit the state just after the table is created.
-
- // Prepare the 'selection' array - it should contain a list of selected row specifications
- let selection = [];
- for (let ix of this.props.obsSel) {
- selection.push(this.table_data[ix]);
- }
-
- // Get ref to EuiBasicTable element and update its state
- const table_node = this.tableRef.current;
- table_node.setState({selection: selection});
- }
-}
-
diff --git a/roles/build/files/thehive_button/server/routes/newcase.js b/roles/build/files/thehive_button/server/routes/newcase.js
deleted file mode 100644
index 175dee818c5569a5e5e02db31a6e443abe5f03fb..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/server/routes/newcase.js
+++ /dev/null
@@ -1,153 +0,0 @@
-const request = require('request');
-//const fs = require('fs');
-//const path = require('path');
-
-//const caFile = path.resolve(__dirname, '../../ca.cert.pem'); // TODO resolve where the CA file should be located / configured
-
-export default function (server) {
- server.route({
- path: '/api/thehive_button/new_case',
- method: 'POST',
- handler: newCaseHandler,
- });
- server.route({
- path: '/api/thehive_button/add_observables',
- method: 'POST',
- handler: addObservablesHandler,
- });
-}
-
-// Handler of ajax requests to create a new Case in The Hive
-function newCaseHandler(req, resp) {
- // Parse the request to get connection parameters
- // (everything is configured in forntend and sent as part of the request,
- // since I don't know how to configure the backend)
- var base_url = req.payload['base_url'];
- var api_key = req.payload['api_key'];
- var req_body = req.payload['body'];
-
- // check it's a valid URL with slash at the end
- if (!base_url) {
- return {'error': 'Base URL not set'};
- }
- if (!base_url.match(/https?:\/\/(([a-z\d.-]+)|((\d{1,3}\.){3}\d{1,3}))(\:\d+)?(\/[-a-z\d%_.~+]*)*\//i)) {
- //if (!base_url.match(/https?:\/\/.*\//)) {
- return {'error': 'Invalid base URL (it must begin with "http[s]" and end with "/")'};
- }
- if (!api_key) {
- return {'error': 'API key not set'};
- }
-
- return new Promise( function(resolve, reject) {
- request({
- method: 'POST',
- url: base_url + 'api/case',
- auth: {'bearer': api_key},
- json: true,
- body: req_body,
- //ca: fs.readFileSync(caFile), // TODO resolve the issue with custom CA, where to get its cert?
- rejectUnauthorized: false,
- },
- // handler of the reply from The Hive - just return as reply
- function (error, response, body) {
- // TODO: find out how to set response code, for now we always return sucess and encode original status code in the content
- if (error) {
- console.error("ERROR when trying to send request to The Hive:", error);
- resolve({'error': error.message});
- }
- else {
- if (response.statusCode < 200 || response.statusCode >= 300) {
- console.error("ERROR Unexpected reply received from The Hive:", response.statusCode, response.statusMessage, "\n", body)
- }
- resolve({
- 'status_code': response.statusCode,
- 'status_msg': response.statusMessage,
- 'body': body
- });
- }
- } // handler function
- ); // request()
- }); // Promise()
-}
-
-// Note:
-// There are two ways to create multiple Observables (artifacts) via The Hive API:
-// 1. post one request with an array of observables in "data" field
-// - this allows to create all in one request, but doesn't allow to set
-// different parameters (IOC, TLP, etc.) to different observables
-// 2. post each observable in a separate request
-// The second way is used here.
-
-// Handler of ajax requests to add Observables to a Case in The Hive
-function addObservablesHandler(req, resp) {
- // Parse the request to get connection parameters
- // (everything is configured in forntend and sent as part of the request,
- // since I don't know how to configure the backend)
- var base_url = req.payload['base_url'];
- var api_key = req.payload['api_key'];
-
- // check it's a valid URL with slash at the end
- if (!base_url) {
- return {'error': 'Base URL not set'};
- }
- if (!base_url.match(/https?:\/\/(([a-z\d.-]+)|((\d{1,3}\.){3}\d{1,3}))(\:\d+)?(\/[-a-z\d%_.~+]*)*\//i)) {
- //if (!base_url.match(/https?:\/\/.*\//)) {
- return {'error': 'Invalid base URL (it must begin with "http[s]" and end with "/")'};
- }
- // TODO add "/" to the end automatically
- if (!api_key) {
- return {'error': 'API key not set'};
- }
-
- const caseid = req.payload['caseid'];
- const observables = req.payload['observables']; // array of obersvable specifications
-
- return new Promise( async function(resolve, reject) {
- // Run one request for each observable
- // (A way to run multiple async tasks sequentially inspired by:
- // https://jrsinclair.com/articles/2019/how-to-run-async-js-in-parallel-or-sequential/ )
- const starterPromise = Promise.resolve(null);
- await observables.reduce(
- (p, obs) => p.then(() => addObservable(base_url, api_key, caseid, obs)),
- starterPromise
- ).catch((err_msg) => {
- console.error(err_msg); // log whole message
- resolve({'error': err_msg.split("\n", 1)[0]}); // send the first line to frontend
- return;
- }
- );
- resolve({});
- });
-}
-
-function addObservable(base_url, api_key, caseid, obs) {
- return new Promise( function(resolve, reject) {
- //console.log("Adding observable:", obs);
- request({
- method: 'POST',
- url: base_url + 'api/case/' + caseid + "/artifact",
- auth: {'bearer': api_key},
- json: true,
- body: obs,
- //ca: fs.readFileSync(caFile), // TODO resolve the issue with custom CA, where to get its cert?
- rejectUnauthorized: false,
- },
- // handler of the reply from The Hive - just return as reply
- function (error, response, body) {
- if (error) {
- reject("ERROR when trying to send request to The Hive: " + error);
- }
- else if (response.statusCode < 200 || response.statusCode >= 300) {
- reject("ERROR: Unexpected reply received from The Hive: " + response.statusCode + " " + response.statusMessage + "\n" + JSON.stringify(body));
- }
- else {
- // success - continue with the next observable
- resolve("OK");
- resolve({})
- }
- } // handler function
- ); // request()
- }); //Promise()
-}
-
-
diff --git a/roles/build/files/thehive_button/thehive_button/.eslintrc b/roles/build/files/thehive_button/thehive_button/.eslintrc
deleted file mode 100644
index 64eba86220ec489c9c364e9a443941d14a8d3b16..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/thehive_button/.eslintrc
+++ /dev/null
@@ -1,7 +0,0 @@
----
-extends: "@elastic/kibana"
-
-settings:
- import/resolver:
- '@elastic/eslint-import-resolver-kibana':
- rootPackageName: 'thehive_button'
diff --git a/roles/build/files/thehive_button/thehive_button/.kibana-plugin-helpers.json b/roles/build/files/thehive_button/thehive_button/.kibana-plugin-helpers.json
deleted file mode 100644
index 2c63c0851048d8f7bff41ecf0f8cee05f52fd120..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/thehive_button/.kibana-plugin-helpers.json
+++ /dev/null
@@ -1,2 +0,0 @@
-{
-}
diff --git a/roles/build/files/thehive_button/thehive_button/index.js b/roles/build/files/thehive_button/thehive_button/index.js
deleted file mode 100644
index fa69c75c30d7ee40f8d7089d6debd6cf69c8d402..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/thehive_button/index.js
+++ /dev/null
@@ -1,19 +0,0 @@
-import newCaseRoute from './server/routes/newcase';
-
-export default function (kibana) {
- return new kibana.Plugin({
- require: [], //['elasticsearch'],
- name: 'thehive_button',
- uiExports: {
- visTypes: [
- 'plugins/thehive_button/main',
- ],
- },
-
- init(server, options) { // eslint-disable-line no-unused-vars
- // Add server routes and initialize the plugin here
- newCaseRoute(server);
- }
- });
-}
-
diff --git a/roles/build/files/thehive_button/thehive_button/package.json b/roles/build/files/thehive_button/thehive_button/package.json
deleted file mode 100644
index e1c070d62c2e69b0f42fa4c5d47e1e8c0b408988..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/thehive_button/package.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
- "name": "thehive_button",
- "version": "1.0.0",
- "description": "Visualisation plugin which creates a simple button to create a new case in The Hive.",
- "main": "index.js",
- "kibana": {
- "version": "7.4.2"
- },
- "scripts": {
- "lint": "eslint .",
- "start": "plugin-helpers start",
- "build": "plugin-helpers build"
- },
- "dependencies": {
- "request": "^2.88.0",
- "@elastic/eui": "10.4.2",
- "react": "^16.8.0"
- },
- "devDependencies": {
- "@elastic/eslint-config-kibana": "link:../../packages/eslint-config-kibana",
- "@elastic/eslint-import-resolver-kibana": "link:../../packages/kbn-eslint-import-resolver-kibana",
- "@kbn/plugin-helpers": "link:../../packages/kbn-plugin-helpers",
- "babel-eslint": "^9.0.0",
- "eslint": "^5.6.0",
- "eslint-plugin-babel": "^5.2.0",
- "eslint-plugin-import": "^2.14.0",
- "eslint-plugin-jest": "^21.26.2",
- "eslint-plugin-jsx-a11y": "^6.1.2",
- "eslint-plugin-mocha": "^5.2.0",
- "eslint-plugin-no-unsanitized": "^3.0.2",
- "eslint-plugin-prefer-object-spread": "^1.2.1",
- "eslint-plugin-react": "^7.11.1",
- "expect.js": "^0.3.1"
- }
-}
diff --git a/roles/build/files/thehive_button/thehive_button/public/create_case.js b/roles/build/files/thehive_button/thehive_button/public/create_case.js
deleted file mode 100644
index fc8edd6f6f1e4ccb1b24ec5554e55e2d6503cf6c..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/thehive_button/public/create_case.js
+++ /dev/null
@@ -1,101 +0,0 @@
-// Functions to send data to Kibana endpoints
-
-import chrome from 'ui/chrome';
-
-// Create a new Case in The Hive via its API
-// Return a Promise which resolves to object with ID of the new case ('id' attr) or error message ('error' attr)
-export function createTheHiveCase(base_url, api_key, title, descr, severity, startDate, owner, flag, tlp, tags) {
- // Prepare data
- var data = JSON.stringify({
- "base_url": base_url,
- "api_key": api_key,
- "body": {
- "title": title,
- "description": descr,
- "severity": severity, // number: 1=low, 2=medium, 3=high
- "startDate": startDate,
- "owner": owner, // user name the case will be assigned to
- "flag": flag, // bool
- "tlp": tlp, // number: 0=white, 1=green, 2=amber, 3=red
- "tags": tags, // array of strings
- }
- });
- console.log("TheHiveButton: Sending request to API endpoint 'new_case':", data);
- var kibana_endpoint_url = chrome.addBasePath('/api/thehive_button/new_case');
-
- return new Promise(function (resolve, reject) {
- // Create AJAX request
- var xhr = new XMLHttpRequest();
-
- // Listener to process reply
- xhr.onreadystatechange = function () {
- if (this.readyState != 4) {
- return; // response not ready yet
- }
- if (this.status == 200) {
- const resp = JSON.parse(this.responseText);
- console.log("TheHiveButton: Response from backend:", resp);
- if ("error" in resp) {
- resolve({"error": resp.error});
- }
- else if (resp.status_code != 201) {
- resolve({"error": "Unexpected reply received from The Hive: [" + resp.status_code + "] " + resp.status_msg});
- }
- else {
- resolve({"id": resp.body.id}); // return ID of the new case
- }
- }
- else {
- console.log("TheHiveButton: Error " + this.status + ": " + this.statusText);
- resolve({"error": "Error " + this.status + ": " + this.statusText});
- }
- }
-
- // Send the AJAX request
- xhr.open("POST", kibana_endpoint_url);
- xhr.setRequestHeader("Content-Type", "application/json");
- xhr.setRequestHeader("kbn-xsrf", "thehive_plugin"); // this header must be set, although its content is probably irrelevant
- xhr.send(data);
- });
-}
-
-// Add observables to an existing Case in The Hive
-// (send the list of observables to our backend endpoint, it pushes them to The Hive)
-export function addCaseObservables(base_url, api_key, caseid, observables) {
- const kibana_endpoint_url = chrome.addBasePath('/api/thehive_button/add_observables');
- const data = JSON.stringify({
- "base_url": base_url,
- "api_key": api_key,
- "caseid": caseid,
- "observables": observables,
- });
- console.log("TheHiveButton: Sending request to API endpoint 'add_observables':", data);
-
- return new Promise(function (resolve, reject) {
- // Create AJAX request
- var xhr = new XMLHttpRequest();
-
- // Listener to process reply
- xhr.onreadystatechange = function () {
- if (this.readyState != 4) {
- return; // response not ready yet
- }
- if (this.status == 200) {
- const resp = JSON.parse(this.responseText);
- console.log("TheHiveButton: Response from backend:", resp);
- resolve(resp);
- }
- else {
- console.log("TheHiveButton: Error " + this.status + ": " + this.statusText);
- resolve({"error": "Error " + this.status + ": " + this.statusText});
- }
- }
-
- // Send the AJAX request
- xhr.open("POST", kibana_endpoint_url);
- xhr.setRequestHeader("Content-Type", "application/json");
- xhr.setRequestHeader("kbn-xsrf", "thehive_plugin"); // this header must be set, although its content is probably irrelevant
- xhr.send(data);
- });
-}
-
diff --git a/roles/build/files/thehive_button/thehive_button/public/env.js b/roles/build/files/thehive_button/thehive_button/public/env.js
deleted file mode 100644
index 4321b85f5ee1682abd17871889a165ae8d96b465..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/thehive_button/public/env.js
+++ /dev/null
@@ -1,4 +0,0 @@
-// Default plugin configuration
-export const THEHIVE_URL = 'https://hive.gn4-3-wp8-soc.sunet.se/';
-export const THEHIVE_API_KEY = '5LymseWiurZBrQN8Kqp8O+9KniTL5cE0';
-export const THEHIVE_OWNER = 'admin'; // default owner account of the created cases
diff --git a/roles/build/files/thehive_button/thehive_button/public/main.js b/roles/build/files/thehive_button/thehive_button/public/main.js
deleted file mode 100644
index ee46d73170d4fb43739c58468e3396caace6dcbe..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/thehive_button/public/main.js
+++ /dev/null
@@ -1,54 +0,0 @@
-import { THEHIVE_API_KEY, THEHIVE_URL, THEHIVE_OWNER } from './env';
-import { TheHiveButtonVisComponent } from './vis_controller';
-import { theHiveButtonRequestHandlerProvider } from './request_handler';
-import { optionsEditor } from './options_editor';
-
-import { VisFactoryProvider } from 'ui/vis/vis_factory';
-import { VisTypesRegistryProvider } from 'ui/registry/vis_types';
-import { DefaultEditorSize } from 'ui/vis/editor_size';
-
-
-function TheHiveButtonVisProvider(Private) {
- const VisFactory = Private(VisFactoryProvider);
-
- //console.log("default URL:", THEHIVE_URL);
- //console.log("default API key:", THEHIVE_API_KEY);
-
- return VisFactory.createReactVisualization({
- name: 'thehive_button',
- title: 'The Hive Case',
- icon: 'alert',
- description: 'A button to create a new Case in The Hive.',
- //requiresUpdateStatus: [Status.PARAMS, Status.RESIZE, Status.UI_STATE],
- visConfig: {
- component: TheHiveButtonVisComponent,
- defaults: {
- // add default parameters
- url: THEHIVE_URL,
- apikey: THEHIVE_API_KEY,
- owner: THEHIVE_OWNER,
- obsFields: [], // list of objects, e.g. {name: "clientip", type: "ip", cnt: 100}
- }
- },
- //editor: 'default',
- editorConfig: {
- optionTabs: [
- {
- name: "options",
- title: "Options",
- editor: optionsEditor,
- }
- ],
- defaultSize: DefaultEditorSize.LARGE,
- },
-// optionsTemplate: optionsEditor, //optionsTemplate,
-// //enableAutoApply: true,
-// },
- requestHandler: 'theHiveButtonRequestHandler', // own request handler
- responseHandler: 'none', // pass data as returned by requestHandler
- });
-}
-
-// register the provider with the visTypes registry
-VisTypesRegistryProvider.register(TheHiveButtonVisProvider);
-
diff --git a/roles/build/files/thehive_button/thehive_button/public/options_editor.js b/roles/build/files/thehive_button/thehive_button/public/options_editor.js
deleted file mode 100644
index 38762bd463115702a0c4f03f099434485f5d59dc..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/thehive_button/public/options_editor.js
+++ /dev/null
@@ -1,176 +0,0 @@
-import React from 'react';
-import {
- EuiForm,
- EuiFormRow,
- EuiTitle,
- EuiSpacer,
- EuiFieldText,
- EuiFieldNumber,
- EuiSelect,
- EuiFlexGroup,
- EuiFlexItem,
- EuiButton,
- EuiButtonIcon,
-} from '@elastic/eui';
-
-// Default data types in The Hive
-const DEFAULT_THE_HIVE_TYPES = [
- '',
- 'autonomous-system',
- 'domain',
- 'file',
- 'filename',
- 'fqdn',
- 'hash',
- 'ip',
- 'mail',
- 'mail_subject',
- 'regexp',
- 'registry',
- 'uri_path',
- 'url',
- 'user-agent',
- 'other',
-];
-
-// Options for EuiSelect for selection of field's data type in TheHive
-const typesOptions = DEFAULT_THE_HIVE_TYPES.map( dt => ({value: dt, text: dt}) );
-
-export function optionsEditor(props) {
- //console.log("editor render(), props:", props);
- const { stateParams, setValue, setValidity, vis } = props;
-
- // onClick/onChange handlers
- const obsAddNew = () => {
- const newObsFields = [...stateParams.obsFields, {name: "", type: "", cnt: 100}];
- // For some reason, first click on the button after editor is loaded does
- // nothing. Calling setValue twice here fixes it.
- setValue("obsFields", newObsFields);
- setValue("obsFields", newObsFields);
-// setValidity(false); // since new row is empty, form is always invalid
- };
- const obsRemove = (ix) => {
- let newArray = [...stateParams.obsFields];
- newArray.splice(ix, 1);
- setValue("obsFields", newArray);
-// validate();
- }
- const obsSetName = (ix, name) => {
- let newArray = [...stateParams.obsFields];
- newArray[ix].name = name;
- setValue("obsFields", newArray);
-// validate();
- }
- const obsSetType = (ix, type) => {
- let newArray = [...stateParams.obsFields];
- newArray[ix].type = type;
- setValue("obsFields", newArray);
-// validate();
- }
- const obsSetCnt = (ix, cnt) => {
- let newArray = [...stateParams.obsFields];
- newArray[ix].cnt = parseInt(cnt);
- setValue("obsFields", newArray);
-// validate();
- }
-// const validate = () => {
-// let valid = true;
-// for (let field of stateParams.obsFields) {
-// if (field.name == "" || field.type == "" || field.cnt == "") {
-// valid = false;
-// break;
-// }
-// }
-// // TODO check for duplicate fields
-// setValidity(valid);
-// }
-
- // Get list of all fields in index (except those beginning with "_" or "@")
- // and create "options" parameter for EuiSelect.
- // Also, fields with "aggregatable=false" are removed, as they can't be used
- // with "terms" aggregation we need.
- // See this for details: https://www.elastic.co/guide/en/elasticsearch/reference/7.x/fielddata.html
- // Empty field is added at the beginning, meaning "no selection yet".
- const fieldOptions = [{value: "", text: ""}].concat(
- vis.indexPattern.fields.raw.filter( f => (f.name[0] != "_" && f.name[0] != "@" && f.aggregatable) ).map( f => ({value: f.name, text: `${f.name} (${f.type})`}) )
- );
-
- return <EuiForm>
- <EuiFormRow fullWidth={true} label="Base URL of The Hive">
- <EuiFieldText
- fullWidth={true}
- value={stateParams.url}
- onChange={e => setValue('url', e.target.value)}
- isInvalid={stateParams.url == ""}
- />
- </EuiFormRow>
- <EuiFlexGroup>
- <EuiFlexItem grow={1}>
- <EuiFormRow label="API key to access The Hive" helpText="API key of a user with write permission.">
- <EuiFieldText
- fullWidth={true}
- value={stateParams.apikey}
- onChange={e => setValue('apikey', e.target.value)}
- isInvalid={stateParams.apikey == ""}
- />
- </EuiFormRow>
- </EuiFlexItem>
- <EuiFlexItem grow={1}>
- <EuiFormRow label="Assignee" helpText="User to assign created cases to. Must be a valid username from The Hive instance.">
- <EuiFieldText
- value={stateParams.owner}
- onChange={e => setValue('owner', e.target.value)}
- isInvalid={stateParams.owner == ""}
- />
- </EuiFormRow>
- </EuiFlexItem>
- </EuiFlexGroup>
- <EuiTitle size="s"><h3>Fields to get potential observables from ...</h3></EuiTitle>
- <EuiSpacer size="s" />
- {stateParams.obsFields.map( (field, ix) => (
- <EuiFlexGroup key={ix} gutterSize="s">
- <EuiFlexItem grow={3}>
- <EuiFormRow label="Field name">
- <EuiSelect
- options={fieldOptions}
- value={field.name}
- onChange={ e => obsSetName(ix, e.target.value) }
- isInvalid={field.name == ""}
- />
- </EuiFormRow>
- </EuiFlexItem>
- <EuiFlexItem grow={2}>
- <EuiFormRow label="Data type in The Hive">
- <EuiSelect
- options={typesOptions}
- value={field.type}
- onChange={ e => obsSetType(ix, e.target.value) }
- isInvalid={field.type == ""}
- />
- </EuiFormRow>
- </EuiFlexItem>
- <EuiFlexItem grow={1}>
- <EuiFormRow label="Max items shown">
- <EuiFieldNumber
- min={1}
- max={1000}
- value={parseInt(field.cnt)}
- onChange={ e => obsSetCnt(ix, e.target.value) }
- isInvalid={!(field.cnt > 0)}
- />
- </EuiFormRow>
- </EuiFlexItem>
- <EuiFlexItem grow={false}>
- <EuiFormRow hasEmptyLabelSpace>
- <EuiButtonIcon iconType="trash" iconSize="m" color="danger" aria-label="Remove field" onClick={ e => obsRemove(ix) } />
- </EuiFormRow>
- </EuiFlexItem>
- </EuiFlexGroup>
- ))}
- <EuiFlexGroup>
- <EuiFlexItem grow={false}>
- <EuiButton iconType="plusInCircleFilled" color="primary" onClick={obsAddNew}>Add new field ...</EuiButton>
- </EuiFlexItem>
- </EuiFlexGroup>
- </EuiForm>
-}
diff --git a/roles/build/files/thehive_button/thehive_button/public/options_template.html b/roles/build/files/thehive_button/thehive_button/public/options_template.html
deleted file mode 100644
index ef996577786150282c2ffb0d28652a3d1712842b..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/thehive_button/public/options_template.html
+++ /dev/null
@@ -1,8 +0,0 @@
-<div class="form-group">
- <p><label>Base URL of The Hive</label>
- <input ng-model="editorState.params.url" class=form-control /></p>
- <p><label>API key</label>
- <input ng-model="editorState.params.apikey" class=form-control /></p>
- <p><label>User name to use as the owner of cases created from here</label>
- <input ng-model="editorState.params.owner" class=form-control /></p>
-</div>
diff --git a/roles/build/files/thehive_button/thehive_button/public/request_handler.js b/roles/build/files/thehive_button/thehive_button/public/request_handler.js
deleted file mode 100644
index bdbb0f4ebee4ff5307a1bf549706bf1ecc92e11b..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/thehive_button/public/request_handler.js
+++ /dev/null
@@ -1,195 +0,0 @@
-import { CourierRequestHandlerProvider as courierRequestHandlerProvider } from 'ui/vis/request_handlers/courier';
-import { SearchSourceProvider } from 'ui/courier/search_source';
-import { RequestAdapter, DataAdapter } from 'ui/inspector/adapters';
-import { VisRequestHandlersRegistryProvider } from 'ui/registry/vis_request_handlers';
-import { AggConfig } from 'ui/vis/agg_config';
-import { AggConfigs } from 'ui/vis/agg_configs';
-import { getTime } from 'ui/timefilter/get_time';
-import { i18n } from '@kbn/i18n';
-import { has } from 'lodash';
-import { calculateObjectHash } from 'ui/vis/lib/calculate_object_hash';
-import { getRequestInspectorStats, getResponseInspectorStats } from 'ui/courier/utils/courier_inspector_utils';
-import chrome from 'ui/chrome';
-
-// Maximum number of unique values of each field (observables) to fetch
-const MAX_NUMBER_OF_TERMS = 5;
-
-const handleCourierRequest = courierRequestHandlerProvider().handler;
-
-// Register new RaquestHandlerProvider
-const theHiveButtonRequestHandlerProvider = function () {
- return {
- name: 'theHiveButtonRequestHandler',
- handler: theHiveButtonRequestHandler,
- }
-}
-VisRequestHandlersRegistryProvider.register(theHiveButtonRequestHandlerProvider);
-
-export {theHiveButtonRequestHandlerProvider, theHiveButtonRequestHandler};
-
-
-// The request handler function itself
-async function theHiveButtonRequestHandler(params) {
- //console.log("theHiveButtonRequestHandler params:", params);
-
- let index = params.index;
- let partialRows = params.partialRows;
- let metricsAtAllLevels = params.metricsAtAllLevels;
- let timeRange = params.timeRange;
- let query = params.query;
- let filters = params.filters;
- let inspectorAdapters = params.inspectorAdapters;
- let queryFilter = params.queryFilter;
- let forceFetch = params.forceFetch;
- // our own confiuration:
- // list of fields to get potential observables from
- // (each "field" is object {name: str, type: str, cnt: int})
- let obsFields = params.visParams.obsFields;
-
- // filter out invalid field specifications
- obsFields = obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt > 0) );
-
- if (obsFields.length == 0) {
- //console.log("theHiveButtonRequestHandler: Empty obsFields, nothing to do")
- return {} // no fields specified, nothing to do
- }
-
- // === Prepare request to ask for unique values of all selected fields ===
-
- // Construct a query for ElasticSearch
- // Get "terms" (most common unique values) for each field of obsFields
- const aggs_dsl = {}
- for (let field of obsFields) {
- aggs_dsl[field.name] = {
- terms: {
- field: field.name,
- size: field.cnt,
- order: {_count: "desc"}
- }
- };
- }
- //console.log("aggs_dsl:", aggs_dsl);
-
- // Create empty AggConfigs
- // (We could pass specifications of a metric and the buckets here,
- // but default processing functions assume multiple buckets are sub-buckets,
- // which is not what we want. So we must do a "hack" and manually create
- // query directly in format for ElasticSearch)
- const aggs = new AggConfigs(params.index, []);
-
- // === Some magic to get searchSource object ===
- // (inspired by https://github.com/fbaligand/kibana-enhanced-table/blob/7.4/public/data_load/enhanced-table-request-handler.js)
- // (I don't understand it, but it works)
-
- let $injector = await chrome.dangerouslyGetActiveInjector();
- let Private = $injector.get('Private');
- let SearchSource = Private(SearchSourceProvider);
- let searchSource = new SearchSource();
- searchSource.setField('index', index);
- searchSource.setField('size', 0);
-
- inspectorAdapters.requests = new RequestAdapter();
- inspectorAdapters.data = new DataAdapter();
-
-
- // === Execute query ===
- // We could call standard "courier" here, but it tries to convert the response
- // to a table, which fails in our case, so we copied the main code of courier
- // and modified it here.
-
- const abortSignal = false;
-
- const timeFilterSearchSource = searchSource.createChild({ callParentStartHandlers: true });
- const requestSearchSource = timeFilterSearchSource.createChild({ callParentStartHandlers: true });
-
- aggs.setTimeRange(timeRange);
-
- // For now we need to mirror the history of the passed search source, since
- // the request inspector wouldn't work otherwise.
- Object.defineProperty(requestSearchSource, 'history', {
- get() {
- return searchSource.history;
- },
- set(history) {
- return searchSource.history = history;
- }
- });
-
- // This has been modified to override DSL format by ours
-// requestSearchSource.setField('aggs', function () {
-// return aggs.toDsl(metricsAtAllLevels);
-// });
- requestSearchSource.setField('aggs', aggs_dsl);
-
- requestSearchSource.onRequestStart((searchSource, searchRequest) => {
- return aggs.onSearchRequestStart(searchSource, searchRequest);
- });
-
- if (timeRange) {
- timeFilterSearchSource.setField('filter', () => {
- return getTime(searchSource.getField('index'), timeRange);
- });
- }
-
- requestSearchSource.setField('filter', filters);
- requestSearchSource.setField('query', query);
-
- const reqBody = await requestSearchSource.getSearchRequestBody();
-
- const queryHash = calculateObjectHash(reqBody);
- // We only need to reexecute the query, if forceFetch was true or the hash of the request body has changed
- // since the last request
- const shouldQuery = forceFetch || (searchSource.lastQuery !== queryHash);
-
- if (shouldQuery) {
- inspectorAdapters.requests.reset();
- const request = inspectorAdapters.requests.start(
- i18n.translate('common.ui.vis.courier.inspector.dataRequest.title', { defaultMessage: 'Data' }),
- {
- description: i18n.translate('common.ui.vis.courier.inspector.dataRequest.description',
- { defaultMessage: 'This request queries Elasticsearch to fetch the data for the visualization.' }),
- }
- );
- request.stats(getRequestInspectorStats(requestSearchSource));
-
- try {
- // Abort any in-progress requests before fetching again
- if (abortSignal) {
- abortSignal.addEventListener('abort', () => requestSearchSource.cancelQueued());
- }
-
- const response = await requestSearchSource.fetch();
- //console.log("raw response:", response);
-
- searchSource.lastQuery = queryHash;
-
- request
- .stats(getResponseInspectorStats(searchSource, response))
- .ok({ json: response });
-
- searchSource.rawResponse = response;
- } catch(e) {
- // Log any error during request to the inspector
- request.error({ json: e });
- throw e;
- } finally {
- // Add the request body no matter if things went fine or not
- requestSearchSource.getSearchRequestBody().then(req => {
- request.json(req);
- });
- }
- }
-
- // === Copy of courier code ends here, now we parse the response ===
-
- const resp = searchSource.rawResponse;
- // Return as object containing a list of unique values (terms) for each
- // requested field
- let unique_values_lists = {}
- for (let field of obsFields) {
- unique_values_lists[field.name] = resp.aggregations[field.name].buckets.map( (x) => x.key );
- }
-
- //console.log("Final lists:", unique_values_lists);
- return unique_values_lists;
-}
diff --git a/roles/build/files/thehive_button/thehive_button/public/vis.less b/roles/build/files/thehive_button/thehive_button/public/vis.less
deleted file mode 100644
index b6f887afaef57a7674a0d0f06ee6f821a0fc015e..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/thehive_button/public/vis.less
+++ /dev/null
@@ -1,3 +0,0 @@
-.myvis-container-div {
- padding: 1em;
-}
diff --git a/roles/build/files/thehive_button/thehive_button/public/vis_controller.js b/roles/build/files/thehive_button/thehive_button/public/vis_controller.js
deleted file mode 100644
index 8b23222700ab072c9665442851982e11cdc56788..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/thehive_button/public/vis_controller.js
+++ /dev/null
@@ -1,555 +0,0 @@
-//import { Status } from 'ui/vis/update_status';
-import { toastNotifications } from 'ui/notify';
-import { createTheHiveCase, addCaseObservables } from './create_case';
-//import vis_template from './vis_template.html';
-
-import React, { Component } from 'react';
-import {
- EuiButton,
- EuiButtonEmpty,
- EuiModal,
- EuiModalBody,
- EuiModalFooter,
- EuiModalHeader,
- EuiModalHeaderTitle,
- EuiOverlayMask,
- EuiTitle,
- EuiFlexGroup,
- EuiFlexItem,
- EuiSpacer,
- EuiForm,
- EuiFormRow,
- EuiFieldText,
- EuiTextArea,
- EuiSuperSelect,
- EuiBasicTable,
- EuiCheckbox,
- makeId,
-} from '@elastic/eui';
-
-
-// ********** React components **********
-
-// Main React component - the root of visualization
-export class TheHiveButtonVisComponent extends Component {
- render() {
- //console.log("TheHiveButtonVisComponent.render(), props:", this.props);
- return (
- <div>
- <NewCaseButton params={this.props.vis.params} observables={this.props.visData} />
- </div>
- );
- }
-
- componentDidMount() {
- this.props.renderComplete();
- }
-
- componentDidUpdate() {
- this.props.renderComplete();
- }
-}
-
-// Button to show the pop-up window (modal)
-// Props:
-// .params - visualization parameters (from vis.params)
-// .observables - object with lists of potential observables to add to the Case
-// for each field in params.obsFields there should be a key in this object
-// containing list of observables (this is returned by request_handler)
-class NewCaseButton extends Component {
-
- constructor(props) {
- super(props);
- // Filter out invalid obsField specifications
- this.obsFields = props.params.obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt > 0) );
- //console.log("Filtered field specs:", this.obsFields);
-
- // The complete state is here, so it's kept even when modal is closed
- this.state = {
- isModalVisible: false,
- isWorking: false, // used to show a spinner on submit button
- ...this.create_initial_state(),
- }
-
- this.resetCnt = 0; // used to change Modal component key on each form reset
-
- // Each handler function in a class (method) must be "binded" this way
- this.closeModal = this.closeModal.bind(this);
- this.showModal = this.showModal.bind(this);
- this.resetForm = this.resetForm.bind(this);
-
- this.onTitleChange = this.onTitleChange.bind(this);
- this.onSeverityChange = this.onSeverityChange.bind(this);
- this.onTLPChange = this.onTLPChange.bind(this);
- this.onDescriptionChange = this.onDescriptionChange.bind(this);
-
- this.onObsSelectionChange = this.onObsSelectionChange.bind(this);
- this.onObsDataChange = this.onObsDataChange.bind(this);
-
- this.submitCase = this.submitCase.bind(this);
- }
-
- create_initial_state() {
- // create a new instance of initial state definition
- let initial_state = {
- // Case parameters
- title: "",
- description: "\n\n--\nCreated from Kibana",
- severity: "2", // medium
- tlp: "2", // amber
- tags: [], // TODO (not implemented yet)
- obsData: {}, // state of observables form fields (obsData->field->index->{descr,tlp,ioc,tags})
- obsSel: {}, // list of observable selections (obsSel->field->list_of_selected_indices)
- }
- // pre-fill state of each observable to defaults
- const initial_field_data = {descr: "", tlp: 2, ioc: false, tags: []};
- for (let field of this.obsFields) {
- const n_obs = this.props.observables[field.name].length;
- // fill obsData with new copies of initial_field_data
- initial_state.obsData[field.name] = new Array(n_obs).fill().map((_)=>({...initial_field_data}));
- // nothing is selected
- initial_state.obsSel[field.name] = new Array();
- }
- return initial_state;
- }
-
- componentDidUpdate(prevProps) {
- // If list of observables was updated or obsFields setting has changed,
- // reset the component state and precomputed variables.
- if (this.props.observables != prevProps.observables) {
- if (this.props.params.obsFields != prevProps.params.obsFields) {
- // when obsFields change, observables must change as well, so this "if"
- // can be inside the first one.
- // Filter out invalid obsField specifications
- this.obsFields = this.props.params.obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt && f.cnt > 0) );
- //console.log("Filtered field specs:", this.obsFields);
- }
- //console.log("New list of observables, resetting form.");
- this.resetForm();
- }
- }
-
- resetForm() {
- this.setState(this.create_initial_state());
- this.resetCnt += 1; // this changes the key of ModalContent, causing it to be replaced by new DOM elelments (otherwise, not all things are reset properly)
- this.forceUpdate();
- }
-
- closeModal() {
- this.setState({ isModalVisible: false });
- }
-
- showModal() {
- this.setState({ isModalVisible: true });
- }
-
- // Event handlers for change of case parameter
- onTitleChange(evt) {
- this.setState({title: evt.target.value});
- }
- onSeverityChange(value) {
- this.setState({severity: value});
- }
- onTLPChange(value) {
- this.setState({tlp: value});
- }
- onDescriptionChange(evt) {
- this.setState({description: evt.target.value});
- }
-
- // Event handler for observable (de)selection
- onObsSelectionChange(fieldName, selectedItems) {
- // Extract indices from the items and store them into state
- const selectedIndices = selectedItems.map(item4 => item4.i);
- this.setState((state, props) => {
- let newObsSel = {...this.state.obsSel};
- newObsSel[fieldName] = selectedIndices;
- return {obsSel: newObsSel};
- });
- }
-
- // Event handler for edit of a form field in observable row
- // - fieldName: which field (table of observables)
- // - ix: index of the observable in the field's table
- // - param: one of: descr,tlp,ioc,tags
- // - value: new value of the form field
- onObsDataChange(fieldName, ix, param, value) {
- this.setState((state, props) => {
- let newObsData = {...this.state.obsData};
- newObsData[fieldName][ix][param] = value;
- return {obsData: newObsData};
- });
- }
-
- // Render function
- render() {
- let modal;
- if (this.state.isModalVisible) {
- modal = <ModalContent
- resetCnt={this.resetCnt} // used to change "key" of modalBody, causing all form fields to be re-created (some things are not reset properly by reseting state only)
- close={this.closeModal}
- reset={this.resetForm}
- fields={this.obsFields}
- observables={this.props.observables}
- // form state
- title={this.state.title}
- description={this.state.description}
- severity={this.state.severity}
- tlp={this.state.tlp}
- tags={this.state.tags}
- obsData={this.state.obsData}
- obsSel={this.state.obsSel}
- spinner={this.state.isWorking}
- // event handlers
- onTitleChange={this.onTitleChange}
- onSeverityChange={this.onSeverityChange}
- onTLPChange={this.onTLPChange}
- onDescriptionChange={this.onDescriptionChange}
- onObsSelectionChange={this.onObsSelectionChange}
- onObsDataChange={this.onObsDataChange}
- submitCase={this.submitCase}
- />;
- }
- return (
- <div>
- <EuiButton fill iconType="alert" color="danger" onClick={this.showModal}>Create new Case ...</EuiButton>
- {modal}
- </div>
- );
- }
-
- // Submit case button handler
- async submitCase(evt) {
- const params = this.props.params;
-
- // Get case parameters
- const title = this.state.title;
- const descr = this.state.description;
- const severity = parseInt(this.state.severity);
- const start_date = null;
- const owner = params.owner;
- const flag = false;
- const tlp = parseInt(this.state.tlp);
- const tags = this.state.tags;
-
- if (!title) {
- toastNotifications.addDanger("Title can't be empty");
- return;
- }
-
- // Get list of selected observables and their params
- let observables = [];
- for (let field of this.obsFields) {
- let selectionIndices = [...this.state.obsSel[field.name]]; // make a copy
- selectionIndices.sort();
- for (let i = 0; i < selectionIndices.length; i++) {
- const j = selectionIndices[i]; // index of a selected obs. in the list of all observables
- // fill in observable definition according to model at
- // https://github.com/TheHive-Project/TheHiveDocs/blob/master/api/artifact.md
- const obs = {
- dataType: field.type,
- data: this.props.observables[field.name][j],
- message: this.state.obsData[field.name][j].descr,
- tlp: this.state.obsData[field.name][j].tlp,
- ioc: this.state.obsData[field.name][j].ioc,
- tags: this.state.obsData[field.name][j].tags,
- };
- observables.push(obs);
- }
- }
-
- //console.log("Selected observables:", observables);
-
- // Check '/' at the end of base URL, add it if needed
- let base_url = params.url;
- if (base_url[base_url.length-1] != "/") {
- base_url += "/";
- }
-
- // Show spinner at submit button
- this.setState({isWorking: true});
-
- // Submit request to create the case, handle response
- let resp;
- resp = await createTheHiveCase(base_url, params.apikey, title, descr, severity, start_date, owner, flag, tlp, tags);
-
- if ('error' in resp) {
- // Error contacting The Hive
- console.error("TheHiveButton: ERROR when trying to create new case:", resp.error);
- toastNotifications.addDanger("ERROR: " + resp.error);
- this.setState({isWorking: false}); // Hide spinner
- return;
- }
-
- console.log("TheHiveButton: Case created:", resp);
- const case_id = resp.id;
- const case_url = base_url + "index.html#/case/" + case_id + "/details";
-
- // Show notification
- let obs_text;
- if (observables.length > 0) {
- obs_text = "Adding " + observables.length + " observables in background ...";
- }
- else {
- obs_text = "(no observables added)";
- }
- toastNotifications.add({
- title: "Case created",
- color: "success",
- iconType: "checkInCircleFilled",
- text: (
- <div>
- <p><b><a href={case_url} target="_blank">Edit the new Case</a></b></p>
- <p>{obs_text}</p>
- </div>
- ),
- });
-
- // Close the popup window, reset form fields and hide spinner
- this.closeModal();
- this.resetForm();
- this.setState({isWorking: false});
-
- // Open a new window with the case in The Hive
- // (adding observables may take some time, so the case is opened first;
- // The Hive web is dynamic so the observables appear as they are added)
- window.open(case_url, '_blank');
-
- if (observables.length == 0)
- return;
-
- // Submit request to add observables
- console.log("TheHiveButton: adding " + observables.length + " observables ...");
- resp = await addCaseObservables(base_url, params.apikey, case_id, observables);
-
- if ('error' in resp) {
- console.error("TheHiveButton: ERROR when trying to add observables: " + resp.error);
- toastNotifications.addDanger("ERROR when trying to add observables: " + resp.error);
- }
- else {
- console.log("TheHiveButton: Done, observables added.");
- toastNotifications.add("Done, observables added.");
- }
- }
-}
-
-
-// The popup window with a form
-// props:
-// - spinner: when true, disable form and show a spinner over it
-class ModalContent extends Component {
- constructor(props) {
- super(props);
- // No state here, everything is in the parent class (NewCaseButton)
-
- // "Select" options
- this.severityOptions = [
- {value: "1", inputDisplay: "low"},
- {value: "2", inputDisplay: "medium"},
- {value: "3", inputDisplay: "high"},
- ];
- this.tlpOptions = [
- {value: "0", inputDisplay: "white"},
- {value: "1", inputDisplay: "green"},
- {value: "2", inputDisplay: "amber"},
- {value: "3", inputDisplay: "red"},
- ];
- }
-
- // Main render function
- render() {
- // TODO: replace Modal with Flyout?
-
- // Note: onClick on EuiOverlayMask causes close of modal when clicked outside,
- // implementation inspired by PR: https://github.com/elastic/eui/pull/3462/files#diff-c8fda532e48f75c94c343247cbc6b2d3R53-R60
- return (
- <EuiOverlayMask onClick={(evt) => {if (evt.target.classList.contains("euiOverlayMask")) this.props.close();} }>
- <EuiModal onClose={this.props.close} maxWidth={false} initialFocus="[name=title]">
- <EuiModalHeader>
- <EuiModalHeaderTitle>Create a new case in The Hive</EuiModalHeaderTitle>
- </EuiModalHeader>
-
- <EuiModalBody key={this.props.resetCnt}>
- <EuiForm style={{width: "800px"}}>
- <EuiFlexGroup>
- <EuiFlexItem grow={1}>
- <EuiFormRow label="Title" fullWidth>
- <EuiFieldText name="title" value={this.props.title} onChange={this.props.onTitleChange} required={true} fullWidth />
- </EuiFormRow>
- </EuiFlexItem>
- <EuiFlexItem grow={false}>
- <EuiFormRow label="Severity">
- <EuiSuperSelect
- options={this.severityOptions}
- valueOfSelected={this.props.severity}
- onChange={this.props.onSeverityChange}
- />
- </EuiFormRow>
- </EuiFlexItem>
- <EuiFlexItem grow={false}>
- <EuiFormRow label="TLP">
- <EuiSuperSelect
- prepend="TLP"
- options={this.tlpOptions}
- valueOfSelected={this.props.tlp}
- onChange={this.props.onTLPChange}
- />
- </EuiFormRow>
- </EuiFlexItem>
- </EuiFlexGroup>
- <EuiFormRow label="Description" fullWidth>
- <EuiTextArea
- defaultValue={this.props.description}
- onChange={this.props.onDescriptionChange}
- rows={4}
- fullWidth
- />
- </EuiFormRow>
-
- {this.props.fields.length > 0 && <EuiTitle size="s"><h3>Add observables from current query ...</h3></EuiTitle>}
- {this.props.fields.map((field,ix) => (
- <ObservablesTable
- key={field.name + ":" + this.props.resetCnt}
- fieldName={field.name}
- observables={this.props.observables[field.name]}
- obsData={this.props.obsData[field.name]}
- obsSel={this.props.obsSel[field.name]}
- onObsSelectionChange={this.props.onObsSelectionChange}
- onObsDataChange={this.props.onObsDataChange}
- />
- ))}
- </EuiForm>
- </EuiModalBody>
-
- <EuiModalFooter>
- <EuiButtonEmpty onClick={this.props.close}>Close</EuiButtonEmpty>
- <EuiButtonEmpty onClick={this.props.reset}>Reset</EuiButtonEmpty>
- <EuiButton onClick={this.props.submitCase} fill isLoading={this.props.spinner}>Create Case</EuiButton>
- </EuiModalFooter>
- </EuiModal>
- </EuiOverlayMask>
- );
- }
-}
-
-// Table of potential observables taken from a given field, allowing to select
-// which observables to send to The Hive.
-// Props:
-// fieldName - name of the field this table is for
-// observables - list of observable IDs of this field
-// obsData - array of objects specifying state of form fields in the table (.descr, .tlp, ...)
-// obsSel - array of indices of selected observables
-class ObservablesTable extends Component {
-
- constructor(props) {
- super(props);
-
- // Table columns definition
- this.columns = [
- {
- field: "id",
- name: "Observable",
- },
- {
- field: "descr",
- name: "Description",
- description: "Description of the observable in the context of the case",
- render: (value, item1) => (<EuiFieldText
- value={item1.descr}
- onChange={(e) => this.props.onObsDataChange(props.fieldName, item1.i, "descr", e.target.value)}
- disabled={!item1.selected}
- />)
- },
- /*{
- field: "tlp",
- name: "TLP",
- dataType: "number",
- // TODO render and process changes
- },*/
- {
- field: "ioc",
- name: "Is IOC",
- dataType: "boolean",
- description: "Indicates if the observable is an IOC",
- render: (value, item2) => (<EuiCheckbox
- id={"ioc-checkbox-"+item2.id}
- checked={item2.ioc}
- onChange={(e) => this.props.onObsDataChange(props.fieldName, item2.i, "ioc", e.target.checked)}
- disabled={!item2.selected}
- />)
- },
- /*{
- field: "tags",
- name: "Tags",
- // TODO render and process changes
- },*/
- ]
-
- // Create a reference to EuiBasicTable, so it's node can be accessed in componentDidMount
- this.tableRef = React.createRef();
- }
-
- render() {
- // Table data definition (convert props to format suitable for EuiBasicTable)
- const n_obs = this.props.observables.length;
- this.table_data = new Array(n_obs);
- for (let i = 0; i < n_obs; i++) {
- this.table_data[i] = {
- id: this.props.observables[i],
- descr: this.props.obsData[i].descr,
- tlp: this.props.obsData[i].tlp,
- ioc: this.props.obsData[i].ioc,
- tags: this.props.obsData[i].tags,
- // auxiliary fields, not shown in table:
- i: i, // row index
- selected: this.props.obsSel.includes(i),
- };
- }
-
- return (
- <>
- <EuiTitle size="xs"><h4>{this.props.fieldName}</h4></EuiTitle>
- <EuiBasicTable
- ref={this.tableRef}
- columns={this.columns}
- items={this.table_data}
- itemId={(item3) => item3.id}
- selection={ {onSelectionChange: (selectedItems) => this.props.onObsSelectionChange(this.props.fieldName, selectedItems) } }
- noItemsMessage="No observables found"
- rowProps={{
- // Hack to allow selection by clicking anywhere in the table row
- // (except input elements)
- onClick: (e) => {
- if (e.target.tagName != "INPUT") {
- // simulate click on the first checkbox in the row to (de)select the row
- e.currentTarget.querySelector("input").click();
- e.currentTarget.blur(); // without this the focus remains on the row after click (results in different color)
- }
- },
- tabIndex: "-1", // prevents focus on row by keyboard navigation
- }}
- />
- <EuiSpacer size="l" />
- </>
- )
- }
-
- componentDidMount() {
- // There's no way to specify initially selected items in EuiBasicTable by
- // props, but we may need to select some (in case a user selects some obs.,
- // closes the modal and opens it again).
- // However, the selection is stored as a 'selection' field of table's state,
- // so here we directly edit the state just after the table is created.
-
- // Prepare the 'selection' array - it should contain a list of selected row specifications
- let selection = [];
- for (let ix of this.props.obsSel) {
- selection.push(this.table_data[ix]);
- }
-
- // Get ref to EuiBasicTable element and update its state
- const table_node = this.tableRef.current;
- table_node.setState({selection: selection});
- }
-}
-
diff --git a/roles/build/files/thehive_button/thehive_button/server/routes/newcase.js b/roles/build/files/thehive_button/thehive_button/server/routes/newcase.js
deleted file mode 100644
index 175dee818c5569a5e5e02db31a6e443abe5f03fb..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive_button/thehive_button/server/routes/newcase.js
+++ /dev/null
@@ -1,153 +0,0 @@
-const request = require('request');
-//const fs = require('fs');
-//const path = require('path');
-
-//const caFile = path.resolve(__dirname, '../../ca.cert.pem'); // TODO resolve where the CA file should be located / configured
-
-export default function (server) {
- server.route({
- path: '/api/thehive_button/new_case',
- method: 'POST',
- handler: newCaseHandler,
- });
- server.route({
- path: '/api/thehive_button/add_observables',
- method: 'POST',
- handler: addObservablesHandler,
- });
-}
-
-// Handler of ajax requests to create a new Case in The Hive
-function newCaseHandler(req, resp) {
- // Parse the request to get connection parameters
- // (everything is configured in forntend and sent as part of the request,
- // since I don't know how to configure the backend)
- var base_url = req.payload['base_url'];
- var api_key = req.payload['api_key'];
- var req_body = req.payload['body'];
-
- // check it's a valid URL with slash at the end
- if (!base_url) {
- return {'error': 'Base URL not set'};
- }
- if (!base_url.match(/https?:\/\/(([a-z\d.-]+)|((\d{1,3}\.){3}\d{1,3}))(\:\d+)?(\/[-a-z\d%_.~+]*)*\//i)) {
- //if (!base_url.match(/https?:\/\/.*\//)) {
- return {'error': 'Invalid base URL (it must begin with "http[s]" and end with "/")'};
- }
- if (!api_key) {
- return {'error': 'API key not set'};
- }
-
- return new Promise( function(resolve, reject) {
- request({
- method: 'POST',
- url: base_url + 'api/case',
- auth: {'bearer': api_key},
- json: true,
- body: req_body,
- //ca: fs.readFileSync(caFile), // TODO resolve the issue with custom CA, where to get its cert?
- rejectUnauthorized: false,
- },
- // handler of the reply from The Hive - just return as reply
- function (error, response, body) {
- // TODO: find out how to set response code, for now we always return sucess and encode original status code in the content
- if (error) {
- console.error("ERROR when trying to send request to The Hive:", error);
- resolve({'error': error.message});
- }
- else {
- if (response.statusCode < 200 || response.statusCode >= 300) {
- console.error("ERROR Unexpected reply received from The Hive:", response.statusCode, response.statusMessage, "\n", body)
- }
- resolve({
- 'status_code': response.statusCode,
- 'status_msg': response.statusMessage,
- 'body': body
- });
- }
- } // handler function
- ); // request()
- }); // Promise()
-}
-
-// Note:
-// There are two ways to create multiple Observables (artifacts) via The Hive API:
-// 1. post one request with an array of observables in "data" field
-// - this allows to create all in one request, but doesn't allow to set
-// different parameters (IOC, TLP, etc.) to different observables
-// 2. post each observable in a separate request
-// The second way is used here.
-
-// Handler of ajax requests to add Observables to a Case in The Hive
-function addObservablesHandler(req, resp) {
- // Parse the request to get connection parameters
- // (everything is configured in forntend and sent as part of the request,
- // since I don't know how to configure the backend)
- var base_url = req.payload['base_url'];
- var api_key = req.payload['api_key'];
-
- // check it's a valid URL with slash at the end
- if (!base_url) {
- return {'error': 'Base URL not set'};
- }
- if (!base_url.match(/https?:\/\/(([a-z\d.-]+)|((\d{1,3}\.){3}\d{1,3}))(\:\d+)?(\/[-a-z\d%_.~+]*)*\//i)) {
- //if (!base_url.match(/https?:\/\/.*\//)) {
- return {'error': 'Invalid base URL (it must begin with "http[s]" and end with "/")'};
- }
- // TODO add "/" to the end automatically
- if (!api_key) {
- return {'error': 'API key not set'};
- }
-
- const caseid = req.payload['caseid'];
- const observables = req.payload['observables']; // array of obersvable specifications
-
- return new Promise( async function(resolve, reject) {
- // Run one request for each observable
- // (A way to run multiple async tasks sequentially inspired by:
- // https://jrsinclair.com/articles/2019/how-to-run-async-js-in-parallel-or-sequential/ )
- const starterPromise = Promise.resolve(null);
- await observables.reduce(
- (p, obs) => p.then(() => addObservable(base_url, api_key, caseid, obs)),
- starterPromise
- ).catch((err_msg) => {
- console.error(err_msg); // log whole message
- resolve({'error': err_msg.split("\n", 1)[0]}); // send the first line to frontend
- return;
- }
- );
- resolve({});
- });
-}
-
-function addObservable(base_url, api_key, caseid, obs) {
- return new Promise( function(resolve, reject) {
- //console.log("Adding observable:", obs);
- request({
- method: 'POST',
- url: base_url + 'api/case/' + caseid + "/artifact",
- auth: {'bearer': api_key},
- json: true,
- body: obs,
- //ca: fs.readFileSync(caFile), // TODO resolve the issue with custom CA, where to get its cert?
- rejectUnauthorized: false,
- },
- // handler of the reply from The Hive - just return as reply
- function (error, response, body) {
- if (error) {
- reject("ERROR when trying to send request to The Hive: " + error);
- }
- else if (response.statusCode < 200 || response.statusCode >= 300) {
- reject("ERROR: Unexpected reply received from The Hive: " + response.statusCode + " " + response.statusMessage + "\n" + JSON.stringify(body));
- }
- else {
- // success - continue with the next observable
- resolve("OK");
- resolve({})
- }
- } // handler function
- ); // request()
- }); //Promise()
-}
-
-
diff --git a/roles/build/files/zookeeper/zookeepersupervisord.conf b/roles/build/files/zookeeper/zookeepersupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..3089c9bdf608285cfbffeb6a31ff6fef8940a578
--- /dev/null
+++ b/roles/build/files/zookeeper/zookeepersupervisord.conf
@@ -0,0 +1,43 @@
+[unix_http_server]
+file=/tmp/supervisor.sock
+
+[supervisord]
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:zookeeper]
+directory=/opt/zookeeper
+user=root
+group=root
+command=/bin/bash -c '/opt/zookeeper/bin/zkServer.sh start-foreground'
+autostart=true
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/zookeeper_stderr.log
+stdout_logfile = /var/log/supervisor/zookeeper_stdout.log
+
+[program:filebeat]
+directory=/opt/filebeat
+user=root
+group=root
+command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/filebeat_stderr.log
+stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/zookeeperDockerfile b/roles/build/files/zookeeperDockerfile
deleted file mode 100644
index 33ea38ad66a5b006a77ee2c5fd396a285ff654f7..0000000000000000000000000000000000000000
--- a/roles/build/files/zookeeperDockerfile
+++ /dev/null
@@ -1,34 +0,0 @@
-FROM gn43-dsl/openjdk:7a20201004
-#LABEL maintainer="Apache NiFi <dev@nifi.apache.org>"
-#LABEL site="https://nifi.apache.org"
-
-#ARG UID=1000
-#ARG GID=1000
-ARG ZOOKEEPER_VERSION=3.5.5
-ARG BASE_URL=https://archive.apache.org/dist
-ARG MIRROR_BASE_URL=${MIRROR_BASE_URL:-${BASE_URL}}
-ARG ZOOKEEPER_BINARY_PATH=${ZOOKEEPER_BINARY_PATH:-/zookeeper/zookeeper-${ZOOKEEPER_VERSION}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz}
-
-ENV ZOOKEEPER_BASE_DIR=/opt
-
-#ENV ZOOKEEPER_PID_DIR=${ZOOKEEPER_HOME}/run
-#ENV ZOOKEEPER_LOG_DIR=${ZOOKEEPER_HOME}/logs
-
-# USER nifi
-
-# Download, validate, and expand Apache NiFi binary.
-RUN curl -fSL ${MIRROR_BASE_URL}/${ZOOKEEPER_BINARY_PATH} -o ${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz \
-# && echo "$(curl ${BASE_URL}/${ZOOKEEPER_BINARY_PATH}.sha512) *${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz" | sha256sum -c - \
- && tar -xzf ${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz -C ${ZOOKEEPER_BASE_DIR} \
- && mv ${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin ${ZOOKEEPER_BASE_DIR}/zookeeper \
- && rm ${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz \
- && cp ${ZOOKEEPER_BASE_DIR}/zookeeper/conf/zoo_sample.cfg ${ZOOKEEPER_BASE_DIR}/zookeeper/conf/zoo.cfg
-
-# Web HTTP(s) & Socket Site-to-Site Ports
-EXPOSE 2181 2888 3888
-
-WORKDIR ${ZOOKEEPER_BASE_DIR}/zookeeper
-
-ENTRYPOINT ["/opt/zookeeper/bin/zkServer.sh"]
-CMD ["start-foreground"]
-
diff --git a/roles/build/tasks/cassandra.yml b/roles/build/tasks/cassandra.yml
deleted file mode 100644
index 1c0a2c6930135fe01a0e9e872e036f6c911eccd3..0000000000000000000000000000000000000000
--- a/roles/build/tasks/cassandra.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: Configure the cassandra Dockerfile
- template:
- src: cassandra/Dockerfile.j2
- dest: "{{role_path}}/files/cassandraDockerfile"
-
-- name: Build cassandra image
- command: docker build -t {{repo}}/cassandra:{{version}}{{suffix}} -f {{role_path}}/files/cassandraDockerfile {{role_path}}/files
-
-
diff --git a/roles/build/tasks/centos.yml b/roles/build/tasks/centos.yml
index c7be287621104cc8eb257bf0734a5c2641b58c33..62a8fb1fbd84dce5a27660a24f9eab54b59d9b97 100644
--- a/roles/build/tasks/centos.yml
+++ b/roles/build/tasks/centos.yml
@@ -5,96 +5,115 @@
name: "{{repo}}/centos:{{version}}{{suffix}}"
register: centosimg
-#- name: Skip if image exists
-# meta: end_play
-# when: centosimg.images | length != 0
-
-# tags:
-# - start
-
-#- name: Assert CentOS image
-# assert:
-# that: centosimg.images | length == 0
-# fail_msg: "CentOS image already exists"
-
-- name: Build CentOS image
- when: centosimg.images | length == 0
- block:
- - name: Create etc tree in build directory
- file:
- path: '{{ temp_root}}/{{ item.path }}'
- state: directory
- mode: '{{ item.mode }}'
- with_filetree: templates/etcroot/
- when: item.state == 'directory'
-
- - name: Populate etc tree in build directory
- template:
- src: '{{ item.src }}'
- dest: '{{ temp_root}}/{{ item.path }}'
- force: yes
- with_filetree: templates/etcroot
- when: item.state == 'file'
-
- - name: Create dev tree in build directory
- command: mknod -m {{ item.mode }} {{ item.dev }} {{ item.type }} {{ item.major }} {{ item.minor }}
- args:
- creates: "{{ item.dev }}"
- with_items:
- - { mode: 600, dev: "{{temp_root}}/dev/console", type: c, major: 5, minor: 1 }
- - { mode: 600, dev: "{{temp_root}}/dev/initctl", type: p, major: '', minor: '' }
- - { mode: 666, dev: "{{temp_root}}/dev/full", type: c, major: 1, minor: 7 }
- - { mode: 666, dev: "{{temp_root}}/dev/null", type: c, major: 1, minor: 3 }
- - { mode: 666, dev: "{{temp_root}}/dev/ptmx", type: c, major: 5, minor: 2 }
- - { mode: 666, dev: "{{temp_root}}/dev/random", type: c, major: 1, minor: 8 }
- - { mode: 666, dev: "{{temp_root}}/dev/tty", type: c, major: 5, minor: 0 }
- - { mode: 666, dev: "{{temp_root}}/dev/tty0", type: c, major: 4, minor: 0 }
- - { mode: 666, dev: "{{temp_root}}/dev/urandom", type: c, major: 1, minor: 9 }
- - { mode: 666, dev: "{{temp_root}}/dev/zero", type: c, major: 1, minor: 5 }
-
- - name: Install centos-release in build directory
- yum:
- installroot: "{{ temp_root}}"
- name: centos-release
- state: present
-
- - name: Install Core CentOS in build directory
- yum:
- installroot: "{{ temp_root}}"
- name:
- - "@Core"
- - yum-plugin-ovl.noarch
- - epel-release
- state: present
-
- - name: Clean yum cache
- command: 'yum --installroot="{{ temp_root}}" -y clean all'
-
- - name: Remove unneeded directories
- file:
- path: "{{temp_root}}/{{item}}"
- state: absent
- with_items:
- - usr/share/cracklib
- - var/cache/yum
- - sbin/sln
- - etc/ld.so.cache
- - var/cache/ldconfig
- - usr/share/backgrounds
-
- - name: Create needed directories
- file:
- path: "{{temp_root}}/{{item}}"
- state: directory
- with_items:
- - var/cache/yum
- - var/cache/ldconfig
-
- - name: Import image in docker
- shell: tar --numeric-owner -c -C {{temp_root }} . | docker import - {{repo}}/centos:{{version}}{{suffix}}
-
- - name: Remove temp directory
- file:
- path: "{{temp_root}}"
- state: absent
-
+- name: Assert CentOS image
+ assert:
+ that: centosimg.images | length == 0
+ fail_msg: "CentOS image already exists"
+
+- name: Create etc tree in build directory
+ file:
+ path: '{{ temp_root}}/{{ item.path }}'
+ state: directory
+ mode: '{{ item.mode }}'
+ with_filetree: templates/etcroot/
+ when: item.state == 'directory'
+
+- name: Populate etc tree in build directory
+ template:
+ src: '{{ item.src }}'
+ dest: '{{ temp_root}}/{{ item.path }}'
+ force: yes
+ with_filetree: templates/etcroot
+ when: item.state == 'file'
+
+- name: Create dev tree in build directory
+ command: mknod -m {{ item.mode }} {{ item.dev }} {{ item.type }} {{ item.major }} {{ item.minor }}
+ args:
+ creates: "{{ item.dev }}"
+ with_items:
+ - { mode: 600, dev: "{{temp_root}}/dev/console", type: c, major: 5, minor: 1 }
+ - { mode: 600, dev: "{{temp_root}}/dev/initctl", type: p, major: '', minor: '' }
+ - { mode: 666, dev: "{{temp_root}}/dev/full", type: c, major: 1, minor: 7 }
+ - { mode: 666, dev: "{{temp_root}}/dev/null", type: c, major: 1, minor: 3 }
+ - { mode: 666, dev: "{{temp_root}}/dev/ptmx", type: c, major: 5, minor: 2 }
+ - { mode: 666, dev: "{{temp_root}}/dev/random", type: c, major: 1, minor: 8 }
+ - { mode: 666, dev: "{{temp_root}}/dev/tty", type: c, major: 5, minor: 0 }
+ - { mode: 666, dev: "{{temp_root}}/dev/tty0", type: c, major: 4, minor: 0 }
+ - { mode: 666, dev: "{{temp_root}}/dev/urandom", type: c, major: 1, minor: 9 }
+ - { mode: 666, dev: "{{temp_root}}/dev/zero", type: c, major: 1, minor: 5 }
+
+- name: Install centos-release in build directory
+ yum:
+ installroot: "{{ temp_root}}"
+ name: centos-release
+ state: present
+
+- name: Install Core CentOS in build directory
+ yum:
+ installroot: "{{ temp_root}}"
+ name:
+ - "@Core"
+ - yum-plugin-ovl.noarch
+ - epel-release
+ state: present
+
+- name: Install extra packages
+ yum:
+ installroot: "{{ temp_root }}"
+ name:
+ - daemonize
+ state: present
+
+- name: Clean yum cache
+ command: 'yum --installroot="{{ temp_root}}" -y clean all'
+
+- name: Remove unneeded directories
+ file:
+ path: "{{temp_root}}/{{item}}"
+ state: absent
+ with_items:
+ - usr/share/cracklib
+ - var/cache/yum
+ - sbin/sln
+ - etc/ld.so.cache
+ - var/cache/ldconfig
+ - usr/share/backgrounds
+
+- name: Create needed directories
+ file:
+ path: "{{temp_root}}/{{item}}"
+ state: directory
+ with_items:
+ - var/cache/yum
+ - var/cache/ldconfig
+
+- name: Download filebeat
+ get_url:
+ url: "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-{{ FILEBEAT_VERSION }}-linux-x86_64.tar.gz"
+ dest: "{{ temp_root}}/opt/filebeat.tar.gz"
+ mode: '0640'
+
+- name: Unarchive filebeat
+ unarchive:
+ src: "{{ temp_root}}/opt/filebeat.tar.gz"
+ dest: "{{ temp_root}}/opt/"
+ remote_src: yes
+
+- name: Delete filebeat archive
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - "{{ temp_root}}/opt/filebeat.tar.gz"
+
+- name: move filebeat directory to /opt/filebeat
+ command: "mv {{ temp_root}}/opt/filebeat-{{ FILEBEAT_VERSION }}-linux-x86_64 {{ temp_root}}/opt/filebeat"
+
+- name: Import image in docker
+ shell: tar --numeric-owner -c -C {{temp_root }} . | docker import - {{repo}}/centos:{{version}}{{suffix}}
+
+- name: Remove temp directory
+ file:
+ path: "{{temp_root}}"
+ state: absent
+
diff --git a/roles/build/tasks/cortex.yml b/roles/build/tasks/cortex.yml
deleted file mode 100644
index 9a5adbef67cf1fee1f7eb48f23e4d083a8c6631d..0000000000000000000000000000000000000000
--- a/roles/build/tasks/cortex.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: Configure the Cortex Dockerfile
- template:
- src: cortex/Dockerfile.j2
- dest: "{{role_path}}/files/cortexDockerfile"
-
-- name: Build the Cortex image
- command: docker build -t {{repo}}/cortex:{{version}}{{suffix}} -f {{role_path}}/files/cortexDockerfile {{role_path}}/files
-
-
diff --git a/roles/build/tasks/haproxy.yml b/roles/build/tasks/haproxy.yml
deleted file mode 100644
index 9cb45f840be6ad255b6420abcabc83fbed79b96a..0000000000000000000000000000000000000000
--- a/roles/build/tasks/haproxy.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-
-- name: Configure the haproxy Dockerfile
- template:
- src: haproxy/Dockerfile.j2
- dest: "{{role_path}}/files/haproxyDockerfile"
-
-- name: Build haproxy image
- command: docker build -t {{repo}}/haproxy:{{version}}{{suffix}} -f {{role_path}}/files/haproxyDockerfile {{role_path}}/files
-
diff --git a/roles/build/tasks/keycloak.yml b/roles/build/tasks/keycloak.yml
deleted file mode 100644
index f7a7c2b1989bf013e7a23a1646e7d7e62500098e..0000000000000000000000000000000000000000
--- a/roles/build/tasks/keycloak.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-
-- name: Configure the keycloak Dockerfile
- template:
- src: keycloak/Dockerfile.j2
- dest: "{{role_path}}/files/keycloakDockerfile"
-
-- name: Copy tools to build path
- command: "cp -av {{role_path}}/templates/keycloak/keycloak-tools/ {{role_path}}/files/keycloak-tools/"
-
-- name: Build keycloak image
- command: docker build -t {{repo}}/keycloak:{{version}}{{suffix}} -f {{role_path}}/files/keycloakDockerfile {{role_path}}/files
-
-- name: Remove tools from build path
- file:
- path: "{{role_path}}/files/keycloak-tools/"
- state: absent
-
diff --git a/roles/build/tasks/main.yml b/roles/build/tasks/main.yml
index 223766f87e2d7d1ae88de3d70dd7810a0dbdf091..eee4ba0ee19f8eda382bed26c1e9dacf11706469 100644
--- a/roles/build/tasks/main.yml
+++ b/roles/build/tasks/main.yml
@@ -2,19 +2,45 @@
- assert:
that:
- - "'CHANGE_ME' not in dslproxy"
+ - "'CHANGE_ME' not in soctoolsproxy"
fail_msg: "Review *all* settings in group_vars/all/main.yml"
- include: centos.yml
-- include: mysql.yml
-- include: haproxy.yml
-- include: openjdk.yml
-- include: zookeeper.yml
-- include: nifi.yml
-- include: odfees.yml
-- include: odfekibana.yml
-- include: keycloak.yml
-- include: misp.yml
-- include: cassandra.yml
-- include: thehive.yml
-- include: cortex.yml
+
+- name: Create main build dir
+ file:
+ path: "{{docker_build_dir}}"
+ state: directory
+
+- name: Create build dir
+ file:
+ path: "{{docker_build_dir}}/{{item}}"
+ state: directory
+ with_items: "{{services}}"
+
+- name: Configure the Dockerfile
+ template:
+ src: "{{item}}/Dockerfile.j2"
+ dest: "{{docker_build_dir}}/{{item}}/Dockerfile"
+ with_items: "{{services}}"
+
+- name: Copy thehive_button to build path
+ copy:
+ src: "{{role_path}}/templates/odfekibana/thehive_button"
+ dest: "{{docker_build_dir}}/odfekibana/"
+
+- name: Copy keycloak-tools to build path
+ copy:
+ src: "{{role_path}}/templates/keycloak/keycloak-tools"
+ dest: "{{docker_build_dir}}/keycloak/"
+
+- name: Copy build files
+ copy:
+ src: "files/{{item}}/"
+ dest: "{{docker_build_dir}}/{{item}}/"
+ with_items: "{{services}}"
+ ignore_errors: yes
+
+- name: Build image
+ command: docker build -t {{repo}}/{{item}}:{{version}}{{suffix}} -f {{docker_build_dir}}/{{item}}/Dockerfile {{docker_build_dir}}/{{item}}
+ with_items: "{{services}}"
diff --git a/roles/build/tasks/misp.yml b/roles/build/tasks/misp.yml
deleted file mode 100644
index d52c39c7d0292a5b6285fbc23220b3cf33be422d..0000000000000000000000000000000000000000
--- a/roles/build/tasks/misp.yml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-
-- name: Configure the misp Dockerfile
- template:
- src: misp/Dockerfile.j2
- dest: "{{role_path}}/files/mispDockerfile"
-
-- name: Configure the misp supervisor
- template:
- src: misp/supervisord.conf.j2
- dest: "{{role_path}}/files/mispsupervisord.conf"
-
-- name: Configure the misp worker startscript
- template:
- src: misp/start.sh.j2
- dest: "{{role_path}}/files/mispstart.sh"
-
-- name: Build misp image
- command: docker build -t {{repo}}/misp:{{version}}{{suffix}} -f {{role_path}}/files/mispDockerfile {{role_path}}/files
-
diff --git a/roles/build/tasks/mysql.yml b/roles/build/tasks/mysql.yml
deleted file mode 100644
index a0281907e39a5f8aaa59648b8eae0b90ce968f58..0000000000000000000000000000000000000000
--- a/roles/build/tasks/mysql.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-
-- name: Configure the mysql Dockerfile
- template:
- src: mysql/Dockerfile.j2
- dest: "{{role_path}}/files/mysqlDockerfile"
-
-- name: Configure the mysql supervisor
- template:
- src: mysql/supervisord.conf.j2
- dest: "{{role_path}}/files/mysqlsupervisord.conf"
-
-- name: Build mysql image
- command: docker build -t {{repo}}/mysql:{{version}}{{suffix}} -f {{role_path}}/files/mysqlDockerfile {{role_path}}/files
-
diff --git a/roles/build/tasks/nifi.yml b/roles/build/tasks/nifi.yml
deleted file mode 100644
index 423978d987b5ced99a995ddc5a3e733cf56504da..0000000000000000000000000000000000000000
--- a/roles/build/tasks/nifi.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: Configure the nifi Dockerfile
- template:
- src: nifi/Dockerfile.j2
- dest: "{{role_path}}/files/nifiDockerfile"
-
-- name: Build nifi image
- command: docker build -t {{repo}}/nifi:{{version}}{{suffix}} -f {{role_path}}/files/nifiDockerfile {{role_path}}/files
-
-
diff --git a/roles/build/tasks/odfees.yml b/roles/build/tasks/odfees.yml
deleted file mode 100644
index 5741223fdd61d30801eec2fc4c2bdbe1fdb7ed36..0000000000000000000000000000000000000000
--- a/roles/build/tasks/odfees.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-
-- name: Configure elasticsearch Dockerfile
- template:
- src: odfees/Dockerfile-elastic.j2
- dest: "{{role_path}}/files/elasticDockerfile"
-
-- name: Build elasticsearch image
- command: docker build -t {{repo}}/elasticsearch:{{version}}{{suffix}} -f {{role_path}}/files/elasticDockerfile {{role_path}}/files
-
-- name: Configure odfe elasticsearch Dockerfile
- template:
- src: odfees/Dockerfile-odfeelastic.j2
- dest: "{{role_path}}/files/odfeesDockerfile"
-
-- name: Build odfe elasticsearch image
- command: docker build -t {{repo}}/odfees:{{version}}{{suffix}} -f {{role_path}}/files/odfeesDockerfile {{role_path}}/files
-
diff --git a/roles/build/tasks/odfekibana.yml b/roles/build/tasks/odfekibana.yml
deleted file mode 100644
index 8e1980a7680f5f23b7370d61dba057e457430291..0000000000000000000000000000000000000000
--- a/roles/build/tasks/odfekibana.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-
-- name: Configure kibana Dockerfile
- template:
- src: odfekibana/Dockerfile-kibana.j2
- dest: "{{role_path}}/files/kibanaDockerfile"
-
-- name: Copy tools to build path
- command: "cp -av {{role_path}}/templates/odfekibana/thehive_button/ {{role_path}}/files/thehive_button/"
-
-- name: Build kibana image
- command: docker build -t {{repo}}/kibana:{{version}}{{suffix}} -f {{role_path}}/files/kibanaDockerfile {{role_path}}/files
-
-- name: Configure odfe kibana Dockerfile
- template:
- src: odfekibana/Dockerfile-odfekibana.j2
- dest: "{{role_path}}/files/odfekibanaDockerfile"
-
-- name: Build odfe kibana image
- command: docker build -t {{repo}}/odfekibana:{{version}}{{suffix}} -f {{role_path}}/files/odfekibanaDockerfile {{role_path}}/files
-
-
diff --git a/roles/build/tasks/openjdk.yml b/roles/build/tasks/openjdk.yml
deleted file mode 100644
index 8754ac7fdf7d6147ab522f936b8888a5fd5a7e60..0000000000000000000000000000000000000000
--- a/roles/build/tasks/openjdk.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: Configure the openjdk Dockerfile
- template:
- src: openjdk/Dockerfile.j2
- dest: "{{role_path}}/files/openjdkDockerfile"
-
-- name: Build openjdk image
- command: docker build -t {{repo}}/openjdk:{{version}}{{suffix}} -f {{role_path}}/files/openjdkDockerfile {{role_path}}/files
-
-
diff --git a/roles/build/tasks/thehive.yml b/roles/build/tasks/thehive.yml
deleted file mode 100644
index 35fe08ebf7d5da456a40f0a0de273d102d5eada2..0000000000000000000000000000000000000000
--- a/roles/build/tasks/thehive.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: Configure theHive Dockerfile
- template:
- src: thehive/Dockerfile.j2
- dest: "{{role_path}}/files/thehiveDockerfile"
-
-- name: Build theHive image
- command: docker build -t {{repo}}/thehive:{{version}}{{suffix}} -f {{role_path}}/files/thehiveDockerfile {{role_path}}/files
-
-
diff --git a/roles/build/tasks/zookeeper.yml b/roles/build/tasks/zookeeper.yml
deleted file mode 100644
index a61a6b397f8d1d34559da24f290df8ea93b85f94..0000000000000000000000000000000000000000
--- a/roles/build/tasks/zookeeper.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: Configure the zookeeper Dockerfile
- template:
- src: zookeeper/Dockerfile.j2
- dest: "{{role_path}}/files/zookeeperDockerfile"
-
-- name: Build zookeeper image
- command: docker build -t {{repo}}/zookeeper:{{version}}{{suffix}} -f {{role_path}}/files/zookeeperDockerfile {{role_path}}/files
-
-
diff --git a/roles/build/templates/cassandra/Dockerfile.j2 b/roles/build/templates/cassandra/Dockerfile.j2
index 94b0ca08c01de7c4b225bdcb81c7a35c2ffb33ff..f5d2a601c1526e9cf119c01bea5e36c2edf8223d 100644
--- a/roles/build/templates/cassandra/Dockerfile.j2
+++ b/roles/build/templates/cassandra/Dockerfile.j2
@@ -1,35 +1,20 @@
FROM {{repo}}/openjdk:{{version}}{{suffix}}
USER root
-#COPY cassandra.repo /etc/yum.repos.d/cassandra.repo
-#COPY supervisord.conf /etc/supervisord.conf
-#COPY start.sh /start.sh
RUN echo "[cassandra]" > /etc/yum.repos.d/cassandra.repo && \
echo "name=Apache Cassandra" >> /etc/yum.repos.d/cassandra.repo && \
echo "baseurl=https://downloads.apache.org/cassandra/redhat/311x/" >> /etc/yum.repos.d/cassandra.repo && \
echo "gpgcheck=1" >> /etc/yum.repos.d/cassandra.repo && \
echo "repo_gpgcheck=1" >> /etc/yum.repos.d/cassandra.repo && \
echo "gpgkey=https://downloads.apache.org/cassandra/KEYS" >> /etc/yum.repos.d/cassandra.repo && \
- echo '#!/bin/bash' > /start.sh && \
- echo 'export CASSANDRA_HOME=/usr/share/cassandra' >> /start.sh && \
- echo 'export CASSANDRA_CONF=$CASSANDRA_HOME/conf' >> /start.sh && \
- echo 'export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh' >> /start.sh && \
- echo 'log_file=/var/log/cassandra/cassandra.log' >> /start.sh && \
- echo 'pid_file=/var/run/cassandra/cassandra.pid' >> /start.sh && \
- echo 'lock_file=/var/lock/subsys/cassandra' >> /start.sh && \
- echo 'CASSANDRA_PROG=/usr/sbin/cassandra' >> /start.sh && \
- echo '' >> /start.sh && \
- echo '$CASSANDRA_PROG -p $pid_file > $log_file 2>&1' >> /start.sh && \
yum install -y epel-release && \
- yum install -y cassandra supervisor && \
+ yum install -y cassandra supervisor rsync && \
mkdir /usr/share/cassandra/conf && \
cp -a /etc/cassandra/conf/* /usr/share/cassandra/conf && \
chown -R cassandra:cassandra /usr/share/cassandra && \
chown -R cassandra:cassandra /var/lib/cassandra && \
sed -i -e 's,/etc/cassandra,/usr/share/cassandra,g' /usr/share/cassandra/cassandra.in.sh && \
- chmod a+x /start.sh && \
yum -y clean all
+COPY cassandrasupervisord.conf /etc/supervisord.conf
EXPOSE 7000 9042
-#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
-USER cassandra
-# ENTRYPOINT ["/start.sh"]
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/roles/build/templates/cassandra/cassandra.repo.j2 b/roles/build/templates/cassandra/cassandra.repo.j2
deleted file mode 100644
index 8fdb78c9a4e3868ea6693110941914adc511877e..0000000000000000000000000000000000000000
--- a/roles/build/templates/cassandra/cassandra.repo.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-[cassandra]
-name=Apache Cassandra
-baseurl=https://downloads.apache.org/cassandra/redhat/311x/
-gpgcheck=1
-repo_gpgcheck=1
-gpgkey=https://downloads.apache.org/cassandra/KEYS
diff --git a/roles/build/templates/cassandra/start.sh.j2 b/roles/build/templates/cassandra/start.sh.j2
deleted file mode 100644
index fa91e921956d5d2d6fa1be6812a9794071b20965..0000000000000000000000000000000000000000
--- a/roles/build/templates/cassandra/start.sh.j2
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-export CASSANDRA_HOME=/usr/share/cassandra
-export CASSANDRA_CONF=$CASSANDRA_HOME/conf
-export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh
-log_file=/var/log/cassandra/cassandra.log
-pid_file=/var/run/cassandra/cassandra.pid
-lock_file=/var/lock/subsys/cassandra
-CASSANDRA_PROG=/usr/sbin/cassandra
-
-$CASSANDRA_PROG -p $pid_file > $log_file 2>&1
diff --git a/roles/build/templates/cassandra/supervisord.conf.j2 b/roles/build/templates/cassandra/supervisord.conf.j2
deleted file mode 100644
index d1f405eb91d5bae99af653dae0d5c246ae723f08..0000000000000000000000000000000000000000
--- a/roles/build/templates/cassandra/supervisord.conf.j2
+++ /dev/null
@@ -1,10 +0,0 @@
-[supervisord]
-loglevel=debug
-nodaemon=true
-[program:cassandra]
-user=cassandra
-directory=/usr/share/cassandra
-stdout_logfile=/var/log/cassandra/cassandra.log
-redirect_stderr=true
-environment=CASSANDRA_HOME="/usr/share/cassandra",CASSANDRA_CONF="/usr/share/cassandra/conf",CASSANDRA_INCLUDE="$CASSANDRA_HOME/cassandra.in.sh"
-command=/usr/sbin/cassandra -p /var/run/cassandra/cassandra.pid
diff --git a/roles/build/templates/cortex/Dockerfile.j2 b/roles/build/templates/cortex/Dockerfile.j2
index d56dbf02c14be1e71860da43814eddc904aa7177..ceeb6a59132f30e1ca21978a4ee873b97f05e2d3 100644
--- a/roles/build/templates/cortex/Dockerfile.j2
+++ b/roles/build/templates/cortex/Dockerfile.j2
@@ -1,9 +1,6 @@
FROM {{repo}}/openjdk:{{version}}{{suffix}}
USER root
-#COPY thehive.repo /etc/yum.repos.d/thehive.repo
-#COPY supervisord.conf /etc/supervisord.conf
-#COPY start.sh /start.sh
RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
echo "enabled=1" >> /etc/yum.repos.d/thehive.repo && \
echo "priority=1" >> /etc/yum.repos.d/thehive.repo && \
@@ -13,7 +10,7 @@ RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
yum install -y epel-release && \
rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
- yum install -y cortex supervisor daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch gcc-c++ whois && \
+ yum install -y cortex supervisor rsync daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch gcc-c++ whois && \
rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.8.13.rpm && \
chown -R elasticsearch:elasticsearch /etc/elasticsearch && \
mkdir -p /home/cortex && \
@@ -27,6 +24,5 @@ RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
for I in responders/*/requirements.txt; do LC_ALL=en_US.UTF-8 pip3 install --no-cache-dir -U -r $I || true; done && \
yum -y clean all
EXPOSE 9001
-#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
-USER cortex
-# ENTRYPOINT ["/start.sh"]
+COPY cortexsupervisord.conf /etc/supervisord.conf
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/roles/build/templates/cortex/application.conf b/roles/build/templates/cortex/application.conf
index 0e28b4d0d71643d558b0d014be354985a02d19c7..afe42a610e0b4865af6e2d382cc88e46d7943882 100644
--- a/roles/build/templates/cortex/application.conf
+++ b/roles/build/templates/cortex/application.conf
@@ -17,7 +17,7 @@ search {
index = cortex3
# ElasticSearch instance address.
# For cluster, join address:port with ',': "http://ip1:9200,ip2:9200,ip3:9200"
- uri = "http://dsoclab-elastic:9200"
+ uri = "http://soctools-elastic:9200"
## Advanced configuration
# Scroll keepalive.
diff --git a/roles/build/templates/odfees/Dockerfile-elastic.j2 b/roles/build/templates/elasticsearch/Dockerfile.j2
similarity index 85%
rename from roles/build/templates/odfees/Dockerfile-elastic.j2
rename to roles/build/templates/elasticsearch/Dockerfile.j2
index dd2ad126108e11ad523a8357393f1810de46d650..6f273d635c0c0135bf99fc07efe06c37134c5379 100644
--- a/roles/build/templates/odfees/Dockerfile-elastic.j2
+++ b/roles/build/templates/elasticsearch/Dockerfile.j2
@@ -15,7 +15,8 @@ RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
chown -R elasticsearch /usr/share/elasticsearch/data && \
sed -i -e 's,ES_PATH_CONF=/etc/elasticsearch,ES_PATH_CONF=/usr/share/elasticsearch/config,g' /etc/sysconfig/elasticsearch
+RUN echo 'elasticsearch ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
+
EXPOSE 9200 9300
-USER elasticsearch
-ENTRYPOINT ["/bin/bash"]
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/roles/build/templates/haproxy/Dockerfile.j2 b/roles/build/templates/haproxy/Dockerfile.j2
index d9f84c4c3ec60e5593ab4a3ccffee1660585260e..6c34d74ce038ef6feaa1bde99b2d823a30a830a9 100644
--- a/roles/build/templates/haproxy/Dockerfile.j2
+++ b/roles/build/templates/haproxy/Dockerfile.j2
@@ -24,6 +24,8 @@ RUN \
iptables \
pcre2-devel \
daemonize \
+ supervisor \
+ rsync \
pth-devel && \
`# Install newest openssl...` \
wget -O /tmp/openssl.tgz https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \
@@ -62,10 +64,5 @@ RUN \
&& cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors \
&& rm -rf /usr/src/haproxy
-ENTRYPOINT ["/bin/bash"]
-
-# https://www.haproxy.org/download/1.8/doc/management.txt
-# "4. Stopping and restarting HAProxy"
-# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed"
-# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process"
-STOPSIGNAL SIGUSR1
+COPY haproxysupervisord.conf /etc/supervisord.conf
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/roles/build/templates/keycloak/Dockerfile.j2 b/roles/build/templates/keycloak/Dockerfile.j2
index d8c3b6b46b96dac244154889943bb2aad256605c..561a6466f121ee2462dab388ed99a580f16ba39c 100644
--- a/roles/build/templates/keycloak/Dockerfile.j2
+++ b/roles/build/templates/keycloak/Dockerfile.j2
@@ -11,7 +11,7 @@ USER root
#ADD /{{role_path}}/templates/keycloak/keycloak-tools /opt/jboss/tools
ADD keycloak-tools /opt/jboss/tools
#ADD ../templates/keycloak/keycloak-tools /opt/jboss/tools
-RUN yum -y install openssl && yum -y clean all && \
+RUN yum -y install openssl supervisor rsync && yum -y clean all && \
mkdir -p /opt/jboss/ && cd /opt/jboss/ && \
curl -L $KEYCLOAK_DIST | tar zx && \
mv /opt/jboss/keycloak-* /opt/jboss/keycloak && \
@@ -27,6 +27,7 @@ RUN yum -y install openssl && yum -y clean all && \
adduser -u 1000 -g 0 -d /opt/jboss jboss && \
chown -R jboss:root /opt/jboss && \
chmod -R g+rwX /opt/jboss && \
+ chmod a+x /opt/jboss/tools/x509.sh && \
mkdir -p /etc/x509/{https,ca} && chown -R jboss:root /etc/x509/{https,ca}
ENV PATH="/opt/jboss/keycloak/bin:${PATH}"
@@ -36,6 +37,8 @@ WORKDIR /opt/jboss/keycloak
EXPOSE 8080
EXPOSE 8443
-USER jboss
-ENTRYPOINT ["/bin/bash"]
+RUN echo 'jboss ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
+
+COPY keycloaksupervisord.conf /etc/supervisord.conf
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/roles/build/files/kibanaDockerfile b/roles/build/templates/kibana/Dockerfile.j2
similarity index 57%
rename from roles/build/files/kibanaDockerfile
rename to roles/build/templates/kibana/Dockerfile.j2
index 0f137e085aae12dbae9099256a584e71c0dc9fbd..ef2a4768f809d02b8320cb90963ea701cbddec16 100644
--- a/roles/build/files/kibanaDockerfile
+++ b/roles/build/templates/kibana/Dockerfile.j2
@@ -1,4 +1,7 @@
-FROM gn43-dsl/centos:7a20201004
+FROM {{repo}}/centos:{{version}}{{suffix}}
+
+RUN yum install -y supervisor
+RUN yum clean all
ENV PATH="/usr/share/kibana/bin:${PATH}"
@@ -8,11 +11,13 @@ RUN groupadd -g 1000 kibana && \
WORKDIR /usr/share/kibana
RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
- rpm -Uvh https://artifacts.elastic.co/downloads/kibana/kibana-oss-7.4.2-x86_64.rpm && \
+ rpm -Uvh https://artifacts.elastic.co/downloads/kibana/kibana-{{elk_version}}-x86_64.rpm && \
cp -a /etc/kibana/ /usr/share/kibana/config/ && \
chown -R kibana /usr/share/kibana/config/
+RUN echo 'kibana ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
+
EXPOSE 5601
-USER kibana
-ENTRYPOINT ["/bin/bash"]
+COPY kibanasupervisord.conf /etc/supervisord.conf
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/roles/build/templates/misp/Dockerfile.j2 b/roles/build/templates/misp/Dockerfile.j2
index b99d2a84cffc07c99a2622c5bba30c3e479a7425..85c96482f222cafeaf587b157dfda1eb28c84a43 100644
--- a/roles/build/templates/misp/Dockerfile.j2
+++ b/roles/build/templates/misp/Dockerfile.j2
@@ -2,7 +2,7 @@ FROM {{repo}}/centos:{{version}}{{suffix}}
USER root
RUN yum install -y epel-release centos-release-scl scl-utils ; \
- yum install -y gcc git zip openssl supervisor rh-git218 httpd24 mod_ssl mod_auth_openidc rh-redis32 libxslt-devel zlib-devel libcaca-devel ssdeep-devel rh-php72 rh-php72-php-fpm rh-php72-php-devel rh-php72-php-mysqlnd rh-php72-php-mbstring rh-php72-php-xml rh-php72-php-bcmath rh-php72-php-opcache rh-php72-php-gd mariadb devtoolset-7 make cmake3 cppcheck libcxx-devel gpgme-devel openjpeg-devel gcc gcc-c++ poppler-cpp-devel pkgconfig python-devel redhat-rpm-config rubygem-rouge rubygem-asciidoctor zbar-devel opencv-devel wget screen rh-python36-mod_wsgi postfix curl make cmake python3 python3-devel python3-pip python3-yara python3-wheel python3-redis python3-zmq python3-setuptools redis sudo vim zip sqlite moreutils rng-tools libxml2-devel libxslt-devel zlib-devel libpqxx openjpeg2-devel ssdeep-devel ruby asciidoctor tesseract ImageMagick poppler-cpp-devel python36-virtualenv opencv-devel zbar zbar-devel ; \
+ yum install -y gcc git zip openssl supervisor rsync rh-git218 httpd24 mod_ssl mod_auth_openidc rh-redis32 libxslt-devel zlib-devel libcaca-devel ssdeep-devel rh-php72 rh-php72-php-fpm rh-php72-php-devel rh-php72-php-mysqlnd rh-php72-php-mbstring rh-php72-php-xml rh-php72-php-bcmath rh-php72-php-opcache rh-php72-php-gd mariadb devtoolset-7 make cmake3 cppcheck libcxx-devel gpgme-devel openjpeg-devel gcc gcc-c++ poppler-cpp-devel pkgconfig python-devel redhat-rpm-config rubygem-rouge rubygem-asciidoctor zbar-devel opencv-devel wget screen rh-python36-mod_wsgi postfix curl make cmake python3 python3-devel python3-pip python3-yara python3-wheel python3-redis python3-zmq python3-setuptools redis sudo vim zip sqlite moreutils rng-tools libxml2-devel libxslt-devel zlib-devel libpqxx openjpeg2-devel ssdeep-devel ruby asciidoctor tesseract ImageMagick poppler-cpp-devel python36-virtualenv opencv-devel zbar zbar-devel ; \
yum -y clean all ; \
sed -i "s/max_execution_time = 30/max_execution_time = 300/" /etc/opt/rh/rh-php72/php.ini ; \
sed -i "s/memory_limit = 128M/memory_limit = 2048M/" /etc/opt/rh/rh-php72/php.ini ; \
@@ -76,9 +76,12 @@ RUN chown -R apache:apache /var/www/MISP ; \
chmod -R g+ws /var/www/MISP/app/files ; \
chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
+COPY misp_rh-php72-php-fpm /etc/logrotate.d/rh-php72-php-fpm
+
# 80/443 - MISP web server, 3306 - mysql, 6379 - redis, 6666 - MISP modules, 50000 - MISP ZeroMQ
EXPOSE 80 443 6443 6379 6666 50000
-COPY mispsupervisord.conf /etc/supervisord.conf
-#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+ENV PATH "$PATH:/opt/rh/rh-php72/root/bin/"
+COPY mispsupervisord.conf /etc/supervisord.conf
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/roles/build/templates/misp/supervisord.conf.j2 b/roles/build/templates/misp/supervisord.conf.j2
deleted file mode 100644
index fbd4dea3bbd292aa2eea51772ecc559dc0b51703..0000000000000000000000000000000000000000
--- a/roles/build/templates/misp/supervisord.conf.j2
+++ /dev/null
@@ -1,25 +0,0 @@
-[supervisord]
-nodaemon=false
-user=root
-
-[program:php-fpm]
-# EnvironmentFile=/etc/opt/rh/rh-php72/sysconfig/php-fpm
-command=/opt/rh/rh-php72/root/usr/sbin/php-fpm --nodaemonize
-
-[program:redis-server]
-process_name = redis-server
-directory = /var/opt/rh/rh-redis32/lib/redis/
-command=/opt/rh/rh-redis32/root/usr/bin/redis-server /etc/opt/rh/rh-redis32/redis.conf
-user=redis
-
-[program:apache2]
-command=/usr/sbin/httpd -DFOREGROUND
-
-[program:misp-modules]
-command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s"
-user = apache
-startsecs = 0
-
-[program:workers]
-command=/bin/bash /var/www/MISP/app/Console/worker/start.sh
-user=apache
diff --git a/roles/build/templates/mysql/Dockerfile.j2 b/roles/build/templates/mysql/Dockerfile.j2
index c7b7d23bf199b273f76110b320863916cf173c67..393eb3f8a06e049cbdb9b180f0cd4f093e7e86ab 100644
--- a/roles/build/templates/mysql/Dockerfile.j2
+++ b/roles/build/templates/mysql/Dockerfile.j2
@@ -2,7 +2,7 @@ FROM {{repo}}/centos:{{version}}{{suffix}}
USER root
RUN yum -y update && yum install -y epel-release centos-release-scl scl-utils && \
- yum install -y rh-mariadb103 python36-PyMySQL MySQL-python supervisor && \
+ yum install -y rh-mariadb103 python36-PyMySQL MySQL-python supervisor rsync && \
/usr/bin/scl enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysql-prepare-db-dir /var/opt/rh/rh-mariadb103/lib/mysql
RUN yum clean all
diff --git a/roles/build/templates/mysql/supervisord.conf.j2 b/roles/build/templates/mysql/supervisord.conf.j2
deleted file mode 100644
index e44e9fe1189eae3241d8bb1001c3a081a386353c..0000000000000000000000000000000000000000
--- a/roles/build/templates/mysql/supervisord.conf.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-[supervisord]
-loglevel=debug
-nodaemon=true
-[program:mysql]
-user=mysql
-directory=/var/lib/mysql
-command=/opt/rh/rh-mariadb103/root/usr/libexec/mysqld-scl-helper enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysqld --basedir=/opt/rh/rh-mariadb103/root/usr
diff --git a/roles/build/templates/nifi/Dockerfile.j2 b/roles/build/templates/nifi/Dockerfile.j2
index d3408b16d5a52ad7cb48463cd1f543d2ab25c327..63c51747ea349daa1509f556ee4c323043635c3c 100644
--- a/roles/build/templates/nifi/Dockerfile.j2
+++ b/roles/build/templates/nifi/Dockerfile.j2
@@ -44,6 +44,8 @@ RUN groupadd -g ${GID} nifi || groupmod -n nifi `getent group ${GID} | cut -d: -
&& chown -R nifi:nifi ${NIFI_BASE_DIR} \
&& yum -y install jq xmlstarlet procps-ng
+RUN echo 'nifi ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
+
USER nifi
# Download, validate, and expand Apache NiFi Toolkit binary.
@@ -94,4 +96,8 @@ WORKDIR ${NIFI_HOME}
# Also we need to use relative path, because the exec form does not invoke a command shell,
# thus normal shell processing does not happen:
# https://docs.docker.com/engine/reference/builder/#exec-form-entrypoint-example
-ENTRYPOINT ["/bin/bash"]
+USER root
+RUN yum install -y supervisor rsync
+RUN yum clean all
+COPY nifisupervisord.conf /etc/supervisord.conf
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/roles/build/templates/odfees/Dockerfile-odfeelastic.j2 b/roles/build/templates/odfees/Dockerfile.j2
similarity index 74%
rename from roles/build/templates/odfees/Dockerfile-odfeelastic.j2
rename to roles/build/templates/odfees/Dockerfile.j2
index 0803d0bf517d57ce14364bd35be194f6bdbae0cc..a4834a5e3caff38bd7f76182455a747638c2f952 100644
--- a/roles/build/templates/odfees/Dockerfile-odfeelastic.j2
+++ b/roles/build/templates/odfees/Dockerfile.j2
@@ -12,5 +12,8 @@ RUN for PLUGIN in \
do bin/elasticsearch-plugin install -b ${PLUGIN}; done && \
chown -R elasticsearch plugins/opendistro_security
-USER elasticsearch
-
+RUN echo 'elasticsearch ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
+RUN yum install -y supervisor rsync
+RUN yum clean all
+COPY odfesupervisord.conf /etc/supervisord.conf
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/roles/build/templates/odfekibana/Dockerfile-kibana.j2 b/roles/build/templates/odfekibana/Dockerfile-kibana.j2
index c443597ddd2a10457ce9163c7b4dd722f2d8790f..05a1c40b3ac3cb718e524cef5225102e7ece1e55 100644
--- a/roles/build/templates/odfekibana/Dockerfile-kibana.j2
+++ b/roles/build/templates/odfekibana/Dockerfile-kibana.j2
@@ -1,5 +1,8 @@
FROM {{repo}}/centos:{{version}}{{suffix}}
+RUN yum install -y supervisor rsync
+RUN yum clean all
+
ENV PATH="/usr/share/kibana/bin:${PATH}"
RUN groupadd -g 1000 kibana && \
@@ -12,7 +15,9 @@ RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
cp -a /etc/kibana/ /usr/share/kibana/config/ && \
chown -R kibana /usr/share/kibana/config/
+RUN echo 'kibana ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
+
EXPOSE 5601
-USER kibana
-ENTRYPOINT ["/bin/bash"]
+COPY kibanasupervisord.conf /etc/supervisord.conf
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2 b/roles/build/templates/odfekibana/Dockerfile.j2
similarity index 92%
rename from roles/build/templates/odfekibana/Dockerfile-odfekibana.j2
rename to roles/build/templates/odfekibana/Dockerfile.j2
index ee69568d34d6fe879de100414f8f3b96b2252d7f..61f325452efcdf5446437b5f391d8011997b5294 100644
--- a/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2
+++ b/roles/build/templates/odfekibana/Dockerfile.j2
@@ -14,5 +14,4 @@ RUN for PLUGIN in \
ADD thehive_button /usr/share/kibana/plugins/thehive_button
RUN chown -R kibana:kibana /usr/share/kibana/plugins/thehive_button
-USER kibana
-
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/roles/build/templates/thehive/Dockerfile.j2 b/roles/build/templates/thehive/Dockerfile.j2
index 773c7c2c7846ade845264764c68e22f36a0cf957..870e3ac179c6ee643639f63d0b69eff9ed900f95 100644
--- a/roles/build/templates/thehive/Dockerfile.j2
+++ b/roles/build/templates/thehive/Dockerfile.j2
@@ -1,9 +1,6 @@
FROM {{repo}}/openjdk:{{version}}{{suffix}}
USER root
-#COPY thehive.repo /etc/yum.repos.d/thehive.repo
-#COPY supervisord.conf /etc/supervisord.conf
-#COPY start.sh /start.sh
RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
echo "enabled=1" >> /etc/yum.repos.d/thehive.repo && \
echo "priority=1" >> /etc/yum.repos.d/thehive.repo && \
@@ -12,13 +9,12 @@ RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
echo "gpgcheck=1" >> /etc/yum.repos.d/thehive.repo && \
yum install -y epel-release && \
rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
- yum install -y thehive4 supervisor daemonize vim net-tools telnet htop && \
+ yum install -y thehive4 supervisor daemonize vim net-tools telnet htop rsync && \
mkdir -p /opt/thp_data/files/thehive && \
chown -R thehive:thehive /opt/thp_data/files/thehive && \
mkdir -p /home/thehive && \
chown -R thehive:thehive /home/thehive /etc/thehive && \
yum -y clean all
EXPOSE 9000
-#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
-USER thehive
-# ENTRYPOINT ["/start.sh"]
+COPY thehivesupervisord.conf /etc/supervisord.conf
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/roles/build/templates/thehive/start.sh b/roles/build/templates/thehive/start.sh
deleted file mode 100644
index fa91e921956d5d2d6fa1be6812a9794071b20965..0000000000000000000000000000000000000000
--- a/roles/build/templates/thehive/start.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-export CASSANDRA_HOME=/usr/share/cassandra
-export CASSANDRA_CONF=$CASSANDRA_HOME/conf
-export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh
-log_file=/var/log/cassandra/cassandra.log
-pid_file=/var/run/cassandra/cassandra.pid
-lock_file=/var/lock/subsys/cassandra
-CASSANDRA_PROG=/usr/sbin/cassandra
-
-$CASSANDRA_PROG -p $pid_file > $log_file 2>&1
diff --git a/roles/build/templates/thehive/supervisord.conf b/roles/build/templates/thehive/supervisord.conf
deleted file mode 100644
index d1f405eb91d5bae99af653dae0d5c246ae723f08..0000000000000000000000000000000000000000
--- a/roles/build/templates/thehive/supervisord.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-[supervisord]
-loglevel=debug
-nodaemon=true
-[program:cassandra]
-user=cassandra
-directory=/usr/share/cassandra
-stdout_logfile=/var/log/cassandra/cassandra.log
-redirect_stderr=true
-environment=CASSANDRA_HOME="/usr/share/cassandra",CASSANDRA_CONF="/usr/share/cassandra/conf",CASSANDRA_INCLUDE="$CASSANDRA_HOME/cassandra.in.sh"
-command=/usr/sbin/cassandra -p /var/run/cassandra/cassandra.pid
diff --git a/roles/build/templates/thehive/thehive.repo b/roles/build/templates/thehive/thehive.repo
deleted file mode 100644
index ff3806454fc41de2193c94a2a4da095b763d95bf..0000000000000000000000000000000000000000
--- a/roles/build/templates/thehive/thehive.repo
+++ /dev/null
@@ -1,7 +0,0 @@
-[thehive-project]
-enabled=1
-priority=1
-name=TheHive-Project RPM repository
-baseurl=http://rpm.thehive-project.org/stable/noarch
-gpgcheck=1
-
diff --git a/roles/build/templates/zookeeper/Dockerfile.j2 b/roles/build/templates/zookeeper/Dockerfile.j2
index 209069c8137b1ee53bac1fbecda2efc9f388e9e2..19ae977882802ec3725ce8f7875b4801786153cf 100644
--- a/roles/build/templates/zookeeper/Dockerfile.j2
+++ b/roles/build/templates/zookeeper/Dockerfile.j2
@@ -29,6 +29,8 @@ EXPOSE 2181 2888 3888
WORKDIR ${ZOOKEEPER_BASE_DIR}/zookeeper
-ENTRYPOINT ["/opt/zookeeper/bin/zkServer.sh"]
-CMD ["start-foreground"]
-
+#ENTRYPOINT ["/opt/zookeeper/bin/zkServer.sh"]
+#CMD ["start-foreground"]
+RUN yum install supervisor rsync -y
+COPY zookeepersupervisord.conf /etc/supervisord.conf
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/roles/ca/files/CA/.rnd b/roles/ca/files/CA/.rnd
deleted file mode 100644
index b7292db0335ef4cf2d62de2a5e033524b2ad01a1..0000000000000000000000000000000000000000
Binary files a/roles/ca/files/CA/.rnd and /dev/null differ
diff --git a/roles/ca/files/CA/ca.crt b/roles/ca/files/CA/ca.crt
deleted file mode 100644
index 04b1f203d036d2219c23c4ea3630115d68510eb8..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/ca.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
-BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
-UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
-Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
-M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
-c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
-tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
-ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
-8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
-EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
-JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
-z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
-XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
-CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
-nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
-GPiQTFGknE1U
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/01EC4DAD3E5E47CF4E4B98495932B337.pem b/roles/ca/files/CA/certs_by_serial/01EC4DAD3E5E47CF4E4B98495932B337.pem
deleted file mode 100644
index ad6921cea4ea5b8001bf8a8586b1e446dc752e9d..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/certs_by_serial/01EC4DAD3E5E47CF4E4B98495932B337.pem
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 01:ec:4d:ad:3e:5e:47:cf:4e:4b:98:49:59:32:b3:37
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:25 2020 GMT
- Not After : Oct 15 10:47:25 2023 GMT
- Subject: CN=dsoclab-nifi-1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:c3:af:ef:b7:a1:95:47:5f:55:ea:7e:e8:d6:fd:
- d5:e3:19:68:2e:72:1f:90:62:a8:79:76:d8:d2:f6:
- 51:df:71:80:37:5a:ec:7d:fb:6d:78:6e:37:fe:e5:
- 1b:c8:d5:73:e4:c9:a5:cb:e8:4a:48:26:c6:e0:a6:
- 5e:14:2c:90:b1:81:b2:69:31:e2:44:85:97:f5:60:
- 12:88:06:9d:8d:cf:4a:a2:77:b3:d9:ff:f3:41:40:
- 4c:21:e1:73:8d:98:82:2f:37:27:0c:24:d8:67:bd:
- c7:05:50:40:c5:a9:d0:e4:3f:bb:0c:72:29:7c:be:
- 06:01:96:03:b8:a0:42:c4:6f:6f:da:aa:17:34:5f:
- 5e:f3:73:0e:77:b5:7a:9a:59:e3:3c:d1:39:50:17:
- 2f:53:18:05:82:34:29:1b:19:56:2e:c2:db:24:79:
- 51:0f:a8:d9:66:3c:72:1e:a0:f7:03:d6:e9:e5:c6:
- b9:be:94:e4:84:bd:cd:93:26:eb:3b:17:bb:cd:e5:
- 58:25:f2:28:35:a4:b1:70:df:32:54:85:f6:3c:20:
- 9f:88:8b:5d:83:a2:c4:1e:31:d9:a1:76:1d:2e:3c:
- f8:78:64:a4:dd:3a:b2:56:65:bf:a8:2a:a8:ed:62:
- c9:62:2c:72:bd:9d:7e:6b:1f:80:ea:bc:33:60:47:
- d3:0f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 87:9A:8D:12:3A:69:8D:89:98:F6:95:D0:F2:ED:C3:DC:ED:A0:22:12
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-nifi-1, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 8d:23:38:a7:aa:d0:58:03:f2:98:19:da:62:c6:55:cb:d5:c5:
- 05:dd:55:c5:f9:41:46:ec:75:06:be:0a:0b:7b:0f:ac:10:dd:
- 86:bf:4f:6e:05:c1:7b:c1:1d:1c:ce:c7:f0:a9:0c:6e:79:fe:
- c2:49:18:d5:5d:4a:ae:c8:d8:ab:ec:45:95:94:c1:8b:30:da:
- 52:1a:42:3c:41:77:65:9e:8a:63:f5:52:c2:71:b7:e2:56:43:
- bd:89:3a:fa:14:bd:d7:7a:b2:60:43:82:c0:df:4a:e0:a7:02:
- fd:d7:f6:56:9a:0f:ad:f4:ee:00:06:fb:75:b9:96:63:c8:b3:
- 75:1f:c6:9d:3b:9d:1a:29:cd:09:f0:80:31:5c:4e:97:62:91:
- 73:84:aa:11:cc:4b:00:15:a1:92:62:2a:6b:d4:d6:4c:ed:a5:
- 89:fe:12:c9:d1:0b:48:b8:97:26:e4:5b:ab:da:fe:2d:54:ca:
- 55:23:8b:22:7f:a1:12:4a:21:3e:9e:bb:48:d6:82:b6:a2:cc:
- 83:15:5d:5f:c7:52:a1:01:01:70:60:3f:64:b4:1d:85:4f:56:
- b7:67:77:b8:ea:59:7a:85:ce:e3:4a:e1:d6:2f:e0:b2:60:44:
- 3a:08:3a:b5:0e:fc:88:ad:e5:a1:f1:a8:79:37:c4:52:02:f0:
- 5b:05:94:0e
------BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgIQAexNrT5eR89OS5hJWTKzNzANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjVaFw0yMzEwMTUx
-MDQ3MjVaMBkxFzAVBgNVBAMMDmRzb2NsYWItbmlmaS0xMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAw6/vt6GVR19V6n7o1v3V4xloLnIfkGKoeXbY0vZR
-33GAN1rsfftteG43/uUbyNVz5Mmly+hKSCbG4KZeFCyQsYGyaTHiRIWX9WASiAad
-jc9Konez2f/zQUBMIeFzjZiCLzcnDCTYZ73HBVBAxanQ5D+7DHIpfL4GAZYDuKBC
-xG9v2qoXNF9e83MOd7V6mlnjPNE5UBcvUxgFgjQpGxlWLsLbJHlRD6jZZjxyHqD3
-A9bp5ca5vpTkhL3NkybrOxe7zeVYJfIoNaSxcN8yVIX2PCCfiItdg6LEHjHZoXYd
-Ljz4eGSk3TqyVmW/qCqo7WLJYixyvZ1+ax+A6rwzYEfTDwIDAQABo4HcMIHZMAkG
-A1UdEwQCMAAwHQYDVR0OBBYEFIeajRI6aY2JmPaV0PLtw9ztoCISMEYGA1UdIwQ/
-MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
-Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
-BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1uaWZpLTGCHmRzb2NsYWIu
-Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAjSM4p6rQ
-WAPymBnaYsZVy9XFBd1VxflBRux1Br4KC3sPrBDdhr9PbgXBe8EdHM7H8KkMbnn+
-wkkY1V1KrsjYq+xFlZTBizDaUhpCPEF3ZZ6KY/VSwnG34lZDvYk6+hS913qyYEOC
-wN9K4KcC/df2VpoPrfTuAAb7dbmWY8izdR/GnTudGinNCfCAMVxOl2KRc4SqEcxL
-ABWhkmIqa9TWTO2lif4SydELSLiXJuRbq9r+LVTKVSOLIn+hEkohPp67SNaCtqLM
-gxVdX8dSoQEBcGA/ZLQdhU9Wt2d3uOpZeoXO40rh1i/gsmBEOgg6tQ78iK3lofGo
-eTfEUgLwWwWUDg==
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/1DD9AF5415359961C578D1B98BFA6E9F.pem b/roles/ca/files/CA/certs_by_serial/1DD9AF5415359961C578D1B98BFA6E9F.pem
deleted file mode 100644
index af57c1e1d395c9d3bdbf1f4c5c18458fdcc4e02d..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/certs_by_serial/1DD9AF5415359961C578D1B98BFA6E9F.pem
+++ /dev/null
@@ -1,84 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 1d:d9:af:54:15:35:99:61:c5:78:d1:b9:8b:fa:6e:9f
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:52 2020 GMT
- Not After : Oct 15 10:47:52 2023 GMT
- Subject: CN=Bozidar Proevski
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:9a:de:00:fd:f1:e9:b9:29:d9:58:d0:47:21:cf:
- 4b:67:17:f7:a9:02:93:17:cf:57:5b:6f:db:26:90:
- 30:09:0b:d9:c5:66:5e:f6:22:66:ab:48:06:aa:6c:
- 88:b3:fd:93:45:a4:60:c9:5f:2b:6c:af:db:68:5e:
- 27:e6:85:71:27:b7:20:52:61:df:14:1b:da:06:39:
- b2:21:20:4b:22:48:b7:4b:76:44:02:b1:89:5f:0e:
- 59:22:cb:b9:c9:1e:8d:a0:ac:28:5d:e5:ae:c8:ea:
- cc:05:20:a2:60:11:12:8d:6d:88:0a:73:e8:7c:68:
- 9c:48:2c:c9:a8:c6:9d:c3:3c:c1:e7:f4:07:f7:5b:
- 6e:42:3d:3d:0f:85:6f:e2:b9:88:a9:d0:02:84:b8:
- 19:6a:ae:13:a1:97:50:98:16:c8:0c:1b:bd:02:c8:
- 5f:a3:2f:73:7e:25:f8:8c:e7:92:43:c7:6a:75:bc:
- 85:ea:1c:47:28:ce:2c:9b:3a:8f:a8:07:e9:8c:8a:
- 75:3e:c1:97:32:ce:e3:c5:ca:1e:0a:d7:3c:77:0a:
- d2:ab:51:c3:e5:dc:37:90:1a:35:bf:a0:4a:aa:bd:
- 38:ef:9e:6d:f8:81:37:7f:d3:77:23:c6:5b:63:98:
- 64:07:2f:47:fd:7d:21:2f:57:c2:d8:44:00:c2:29:
- 22:79
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- A3:9F:29:21:E0:E5:18:E4:CB:4C:2D:7F:84:2F:AF:F2:49:F0:83:3A
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- ad:cb:66:5d:b7:29:e5:19:7b:7c:ae:23:50:58:34:db:c9:79:
- 39:de:57:83:34:03:6d:bc:bf:e2:31:79:9d:2b:a2:7a:e0:c4:
- c8:19:96:e0:20:f3:05:2a:a6:f4:b8:90:c4:ea:8d:5e:86:e1:
- 13:99:59:0f:da:c8:3d:96:0d:78:04:4f:26:9c:6a:7c:8e:50:
- 5a:30:f1:37:dc:26:99:28:35:f8:25:b9:4b:f8:d2:f0:d3:b5:
- 61:32:c9:9c:43:39:21:43:c1:de:0d:4d:8e:e5:6f:a1:58:e5:
- 01:84:d6:a5:de:88:2a:55:9f:ec:de:be:b1:13:61:33:dd:50:
- 19:89:dd:11:48:5e:c2:14:8d:69:8f:a9:43:73:80:71:8f:54:
- ba:da:74:b4:26:ec:5b:82:88:84:90:6d:f7:58:3f:78:d3:20:
- 5b:c3:9b:82:85:b7:ef:98:12:4f:ba:e8:38:f3:8c:af:85:91:
- 66:40:fe:a9:b2:fd:d6:76:ad:70:b7:b5:33:88:64:31:97:81:
- d9:c6:ec:47:9b:af:3f:31:c8:de:0c:cc:88:3d:b7:6f:6f:19:
- 24:f1:ae:ff:de:95:31:3f:38:e5:ed:a1:e1:e4:6b:54:1f:26:
- b8:53:79:cf:fe:89:ba:bc:35:a1:bc:2f:8a:07:a2:eb:0d:90:
- 72:ad:8a:60
------BEGIN CERTIFICATE-----
-MIIDUzCCAjugAwIBAgIQHdmvVBU1mWHFeNG5i/punzANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3NTJaFw0yMzEwMTUx
-MDQ3NTJaMBsxGTAXBgNVBAMMEEJvemlkYXIgUHJvZXZza2kwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQCa3gD98em5KdlY0Echz0tnF/epApMXz1dbb9sm
-kDAJC9nFZl72ImarSAaqbIiz/ZNFpGDJXytsr9toXifmhXEntyBSYd8UG9oGObIh
-IEsiSLdLdkQCsYlfDlkiy7nJHo2grChd5a7I6swFIKJgERKNbYgKc+h8aJxILMmo
-xp3DPMHn9Af3W25CPT0PhW/iuYip0AKEuBlqrhOhl1CYFsgMG70CyF+jL3N+JfiM
-55JDx2p1vIXqHEcoziybOo+oB+mMinU+wZcyzuPFyh4K1zx3CtKrUcPl3DeQGjW/
-oEqqvTjvnm34gTd/03cjxltjmGQHL0f9fSEvV8LYRADCKSJ5AgMBAAGjgZcwgZQw
-CQYDVR0TBAIwADAdBgNVHQ4EFgQUo58pIeDlGOTLTC1/hC+v8knwgzowRgYDVR0j
-BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
-T0xTLUNBggkAinSTJoBbQrcwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQD
-AgeAMA0GCSqGSIb3DQEBCwUAA4IBAQCty2ZdtynlGXt8riNQWDTbyXk53leDNANt
-vL/iMXmdK6J64MTIGZbgIPMFKqb0uJDE6o1ehuETmVkP2sg9lg14BE8mnGp8jlBa
-MPE33CaZKDX4JblL+NLw07VhMsmcQzkhQ8HeDU2O5W+hWOUBhNal3ogqVZ/s3r6x
-E2Ez3VAZid0RSF7CFI1pj6lDc4Bxj1S62nS0JuxbgoiEkG33WD940yBbw5uChbfv
-mBJPuug484yvhZFmQP6psv3Wdq1wt7UziGQxl4HZxuxHm68/McjeDMyIPbdvbxkk
-8a7/3pUxPzjl7aHh5GtUHya4U3nP/om6vDWhvC+KB6LrDZByrYpg
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/560A99C5A03FC4B9FC92FDC62F419BB9.pem b/roles/ca/files/CA/certs_by_serial/560A99C5A03FC4B9FC92FDC62F419BB9.pem
deleted file mode 100644
index a648174921d6bb3ffe09aaffedfee1e442fccce6..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/certs_by_serial/560A99C5A03FC4B9FC92FDC62F419BB9.pem
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 56:0a:99:c5:a0:3f:c4:b9:fc:92:fd:c6:2f:41:9b:b9
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:27 2020 GMT
- Not After : Oct 15 10:47:27 2023 GMT
- Subject: CN=dsoclab-odfe-2
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:c7:a5:e1:3f:e0:a3:22:69:f1:b4:15:5e:b9:3c:
- db:d7:44:bb:d9:c7:69:94:5b:c1:7d:a3:34:4d:3e:
- 88:0a:e2:8f:2e:d3:98:94:ae:b4:1f:49:a3:fd:4b:
- 27:16:70:ab:03:ab:cd:4c:02:2a:7b:ed:3a:ff:49:
- 49:2e:3b:88:f6:59:85:26:de:37:b4:47:9e:1c:be:
- a3:38:8e:b0:22:6b:ca:c5:12:e5:be:40:9c:57:7a:
- 4d:02:0c:db:13:c5:9d:d2:85:df:99:57:32:90:37:
- 54:08:16:46:01:54:da:0c:77:31:63:39:46:27:88:
- 3f:f4:ad:4e:e6:fd:0a:3e:9d:98:9a:53:98:90:be:
- 9b:ee:e3:b2:91:c7:7f:3f:a1:b9:62:f8:7a:1e:cc:
- b4:23:ed:82:a0:5c:ad:86:7b:50:53:c9:ec:57:04:
- 44:1c:12:f6:33:3f:68:42:f8:b7:2f:25:91:1c:aa:
- b0:df:17:6b:ed:6d:cc:6d:a7:d6:b7:07:6b:61:a5:
- 16:51:9f:02:07:ad:b2:42:42:ca:0b:b1:2e:c1:6e:
- 94:2d:3e:5e:88:48:8f:b6:8b:15:b0:48:8e:35:58:
- ea:b5:90:9c:fb:5a:fa:f5:c7:27:b7:11:30:7a:cb:
- 36:7c:4f:ea:52:00:47:40:e9:f0:ca:67:63:32:e0:
- 33:73
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- E6:41:BE:4B:A2:E1:07:EF:2A:FD:16:A7:B6:68:3D:0F:81:F5:15:80
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-odfe-2, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 84:64:d0:92:f6:96:07:be:f1:52:f6:49:15:cd:d0:99:ea:ca:
- 7f:06:a8:d2:68:e3:8e:c3:a3:a9:2d:f2:b7:4a:74:75:9f:02:
- b4:6f:77:14:ec:89:f9:a3:b5:35:c8:f2:ad:50:df:24:05:d3:
- 0a:a8:49:be:19:de:fc:84:a4:61:af:ff:c0:2c:f7:8b:11:87:
- 34:10:e3:dc:9b:d2:b8:66:0a:f7:3f:05:11:37:41:09:9f:3d:
- f3:a1:97:b7:62:64:db:5a:46:d9:5a:7a:c8:f7:79:e4:f8:61:
- 2e:5c:e8:82:8d:fc:0e:8d:a4:4f:fd:33:f1:76:0e:8d:21:f4:
- 00:5a:e1:a6:96:21:e0:bb:e4:e6:35:8e:b6:61:49:8a:f2:c1:
- 25:96:cf:c0:f6:e0:0a:0b:75:b5:d5:6c:be:ad:0c:a8:4b:33:
- 44:72:cc:ef:5f:db:09:e7:b9:6e:60:80:7d:02:e9:ab:06:81:
- 24:d3:9d:c3:de:f9:a1:f1:f7:77:ee:6d:49:ab:13:72:c6:62:
- 39:b2:80:32:07:20:51:a3:3e:1a:cf:b9:3a:bc:e3:a1:58:33:
- 22:6f:68:a9:e9:33:0b:8d:24:72:ea:e3:75:68:a3:69:11:a8:
- 2d:86:ed:f2:00:74:d6:d4:ab:fc:30:3f:68:6b:b6:d3:61:30:
- 51:84:09:da
------BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgIQVgqZxaA/xLn8kv3GL0GbuTANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
-MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWItb2RmZS0yMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAx6XhP+CjImnxtBVeuTzb10S72cdplFvBfaM0TT6I
-CuKPLtOYlK60H0mj/UsnFnCrA6vNTAIqe+06/0lJLjuI9lmFJt43tEeeHL6jOI6w
-ImvKxRLlvkCcV3pNAgzbE8Wd0oXfmVcykDdUCBZGAVTaDHcxYzlGJ4g/9K1O5v0K
-Pp2YmlOYkL6b7uOykcd/P6G5Yvh6Hsy0I+2CoFythntQU8nsVwREHBL2Mz9oQvi3
-LyWRHKqw3xdr7W3MbafWtwdrYaUWUZ8CB62yQkLKC7EuwW6ULT5eiEiPtosVsEiO
-NVjqtZCc+1r69ccntxEwess2fE/qUgBHQOnwymdjMuAzcwIDAQABo4HcMIHZMAkG
-A1UdEwQCMAAwHQYDVR0OBBYEFOZBvkui4QfvKv0Wp7ZoPQ+B9RWAMEYGA1UdIwQ/
-MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
-Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
-BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1vZGZlLTKCHmRzb2NsYWIu
-Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAhGTQkvaW
-B77xUvZJFc3QmerKfwao0mjjjsOjqS3yt0p0dZ8CtG93FOyJ+aO1NcjyrVDfJAXT
-CqhJvhne/ISkYa//wCz3ixGHNBDj3JvSuGYK9z8FETdBCZ8986GXt2Jk21pG2Vp6
-yPd55PhhLlzogo38Do2kT/0z8XYOjSH0AFrhppYh4Lvk5jWOtmFJivLBJZbPwPbg
-Cgt1tdVsvq0MqEszRHLM71/bCee5bmCAfQLpqwaBJNOdw975ofH3d+5tSasTcsZi
-ObKAMgcgUaM+Gs+5OrzjoVgzIm9oqekzC40kcurjdWijaRGoLYbt8gB01tSr/DA/
-aGu202EwUYQJ2g==
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/5969918F10EF8D2BAE46B26D6D629D8E.pem b/roles/ca/files/CA/certs_by_serial/5969918F10EF8D2BAE46B26D6D629D8E.pem
deleted file mode 100644
index 796e826426e3266b0a221d1c60110c897892b308..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/certs_by_serial/5969918F10EF8D2BAE46B26D6D629D8E.pem
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 59:69:91:8f:10:ef:8d:2b:ae:46:b2:6d:6d:62:9d:8e
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:26 2020 GMT
- Not After : Oct 15 10:47:26 2023 GMT
- Subject: CN=dsoclab-nifi-3
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:a7:48:a0:d3:ab:1e:8c:49:60:8b:b8:bd:9a:aa:
- 5c:09:62:01:79:89:c9:e5:5f:30:64:38:ca:f1:95:
- 2d:48:20:81:ef:60:aa:6f:d1:ef:b4:ac:89:8e:e9:
- f5:16:7d:64:07:b0:3b:75:c3:e1:e1:15:71:64:60:
- 8f:15:8e:16:8b:de:b8:97:79:a7:83:19:77:5b:aa:
- 36:82:37:b9:51:a7:95:b5:1f:ac:9d:81:c6:ec:fb:
- 14:3a:84:77:1e:9c:dd:3c:06:30:a1:5e:d0:8f:b0:
- c9:5a:13:ad:0e:56:57:bc:1d:3f:be:d7:4c:4b:37:
- a2:88:72:4d:1a:62:88:08:a0:57:bb:20:ce:7e:af:
- b7:72:f2:ee:86:1a:b1:28:3b:41:f4:d3:ea:14:74:
- 90:e1:33:41:1a:92:e2:2e:ec:d3:20:60:60:61:d6:
- fc:0e:3f:57:43:88:5f:10:29:20:51:40:46:ed:5d:
- 9f:d1:5a:e7:4b:52:f4:d4:23:60:4a:22:a7:92:6c:
- d4:cb:20:01:a6:b9:53:71:7a:71:02:e1:05:72:41:
- a5:42:9f:41:47:2c:30:7e:0c:b1:73:cc:f7:63:60:
- 27:3f:3d:36:93:14:aa:7e:12:ed:1b:f1:cb:4d:e8:
- 7c:32:20:50:f5:2d:7d:06:0a:93:cf:7a:85:2b:0b:
- a6:b1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- C9:B8:02:23:C4:2E:F5:FE:C9:34:45:77:33:0D:89:CE:D9:A3:30:2A
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-nifi-3, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 32:20:b3:1c:e1:c9:a4:19:75:14:32:1b:cd:c2:83:59:49:07:
- e3:b8:62:73:ec:4e:69:cb:9b:49:0d:f5:d0:ea:8b:b6:de:3e:
- 76:03:c4:e8:68:0f:01:96:aa:40:b2:1e:99:06:d2:75:f5:31:
- ec:b7:93:e6:1b:b0:ab:7e:1b:1d:65:46:6d:9f:ac:97:ed:55:
- 53:ca:53:00:5a:ca:c5:83:48:c3:2a:51:db:e7:e7:e1:40:4a:
- bf:b2:9d:d4:71:d4:54:84:2b:4b:d4:a2:22:73:95:e1:62:51:
- ce:e3:e2:f6:24:dd:40:08:07:01:6f:ee:27:3e:fc:17:1d:1f:
- 30:da:7f:37:78:7e:b8:af:d8:2c:d9:48:84:92:be:4e:8e:a7:
- b8:e6:9f:d4:91:5d:44:c9:8b:82:9f:13:eb:d5:2c:00:fa:ef:
- d6:49:ff:92:0d:83:22:57:45:4a:ac:b6:5e:a2:c6:c1:73:ff:
- f5:dd:a7:d8:79:9a:a7:96:33:b4:51:17:7f:80:6e:3b:52:a8:
- 61:53:ae:08:1f:02:5a:0c:5b:37:3c:3a:36:ee:74:e2:9e:df:
- df:01:b5:f6:d0:b8:fa:58:79:53:fd:70:9e:54:c3:6c:68:a7:
- 3f:b0:e4:20:a6:a8:2f:87:5a:8a:08:01:41:de:35:ed:5e:85:
- ae:dd:e0:3e
------BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgIQWWmRjxDvjSuuRrJtbWKdjjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjZaFw0yMzEwMTUx
-MDQ3MjZaMBkxFzAVBgNVBAMMDmRzb2NsYWItbmlmaS0zMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAp0ig06sejElgi7i9mqpcCWIBeYnJ5V8wZDjK8ZUt
-SCCB72Cqb9HvtKyJjun1Fn1kB7A7dcPh4RVxZGCPFY4Wi964l3mngxl3W6o2gje5
-UaeVtR+snYHG7PsUOoR3HpzdPAYwoV7Qj7DJWhOtDlZXvB0/vtdMSzeiiHJNGmKI
-CKBXuyDOfq+3cvLuhhqxKDtB9NPqFHSQ4TNBGpLiLuzTIGBgYdb8Dj9XQ4hfECkg
-UUBG7V2f0VrnS1L01CNgSiKnkmzUyyABprlTcXpxAuEFckGlQp9BRywwfgyxc8z3
-Y2AnPz02kxSqfhLtG/HLTeh8MiBQ9S19BgqTz3qFKwumsQIDAQABo4HcMIHZMAkG
-A1UdEwQCMAAwHQYDVR0OBBYEFMm4AiPELvX+yTRFdzMNic7ZozAqMEYGA1UdIwQ/
-MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
-Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
-BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1uaWZpLTOCHmRzb2NsYWIu
-Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAMiCzHOHJ
-pBl1FDIbzcKDWUkH47hic+xOacubSQ310OqLtt4+dgPE6GgPAZaqQLIemQbSdfUx
-7LeT5huwq34bHWVGbZ+sl+1VU8pTAFrKxYNIwypR2+fn4UBKv7Kd1HHUVIQrS9Si
-InOV4WJRzuPi9iTdQAgHAW/uJz78Fx0fMNp/N3h+uK/YLNlIhJK+To6nuOaf1JFd
-RMmLgp8T69UsAPrv1kn/kg2DIldFSqy2XqLGwXP/9d2n2Hmap5YztFEXf4BuO1Ko
-YVOuCB8CWgxbNzw6Nu504p7f3wG19tC4+lh5U/1wnlTDbGinP7DkIKaoL4daiggB
-Qd417V6Frt3gPg==
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/5DC4BC495FA076A813A4C23261640D92.pem b/roles/ca/files/CA/certs_by_serial/5DC4BC495FA076A813A4C23261640D92.pem
deleted file mode 100644
index a743bd0055110d9dbad79cdcc70e2ccfe946b100..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/certs_by_serial/5DC4BC495FA076A813A4C23261640D92.pem
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 5d:c4:bc:49:5f:a0:76:a8:13:a4:c2:32:61:64:0d:92
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:29 2020 GMT
- Not After : Oct 15 10:47:29 2023 GMT
- Subject: CN=dsoclab-cortex
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:cd:09:6b:14:33:4a:47:75:5b:d3:d9:67:3b:4d:
- ad:1f:a7:1f:33:ab:86:b1:aa:3b:09:ab:1a:a6:fb:
- a0:60:04:e3:68:33:0e:85:54:d1:70:61:8a:b9:d5:
- d6:b5:6c:c2:b3:36:02:94:b7:1d:18:93:5f:88:81:
- ff:2a:f4:99:58:6d:d7:96:e2:d2:64:77:b9:74:44:
- 3c:f0:fb:5b:0f:43:7d:38:5d:fe:b0:db:05:7a:a9:
- c5:10:24:75:13:c8:2d:da:69:be:e3:43:33:f0:28:
- 30:9a:53:f8:f8:d3:10:32:35:ec:1d:87:ab:1e:2c:
- b5:00:7c:9f:8f:61:e0:5d:56:15:8c:46:45:09:78:
- 02:78:10:c0:af:2f:25:6c:c2:5b:ed:5f:c1:33:0b:
- f8:c8:13:dc:df:c3:fc:05:90:ff:06:9e:cb:bc:1d:
- 2b:c2:57:f2:bd:aa:22:b3:4b:f5:ca:b2:b8:00:18:
- f1:14:10:b8:5e:69:9f:ed:fc:04:83:d9:2e:b7:9a:
- 8a:45:1c:54:71:8f:61:02:6a:8a:84:2f:67:df:92:
- 3a:0c:5f:e5:b6:e7:6c:27:69:1f:5b:06:d6:7f:e6:
- df:ab:2f:31:a5:cd:63:32:60:c0:07:50:6c:0d:39:
- cb:68:ae:3c:b2:da:0f:20:06:77:2c:28:ab:3a:30:
- 92:1b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 9A:0E:E1:26:13:A7:12:5F:A4:F1:41:C0:09:FC:AD:EB:4E:66:C2:50
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-cortex, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 27:2e:a1:0c:8d:fb:b1:36:ff:4e:ac:00:91:75:81:4b:20:79:
- 3f:da:1c:e1:80:b9:8c:6b:60:47:a5:8c:bf:1f:34:98:61:95:
- 00:bb:79:d4:9e:c8:fb:dc:fb:6a:48:b2:69:d1:1a:04:cc:52:
- ca:0b:48:01:3e:94:1e:68:0b:e3:4d:fa:12:c4:aa:ff:b6:5b:
- 0c:3c:80:21:fe:50:87:8a:14:3a:7d:e7:a3:5e:b6:dc:22:ba:
- cc:97:69:00:a8:78:08:dd:66:d1:cb:ca:28:41:b9:cc:8a:6b:
- 7c:40:b7:5e:1d:a1:88:5a:b3:fd:18:77:e9:c4:48:fd:38:8f:
- 06:6e:78:0e:f1:1a:1b:b2:6c:0a:df:38:11:e3:5a:3d:2a:5b:
- de:41:63:14:ab:25:8e:a6:9f:a8:b7:32:9e:dc:23:45:f3:6b:
- 6d:86:b7:17:b3:53:df:55:bd:cb:41:a1:b7:73:ae:21:1b:68:
- b3:b1:0a:e5:e6:0c:2a:77:76:23:f3:87:ee:5f:0e:6d:cd:3b:
- 94:9a:6f:f2:fd:4f:2d:72:a3:21:94:55:c0:4a:6c:2b:13:e3:
- 82:13:a5:1f:82:6b:ae:6e:e2:ec:eb:7a:25:6a:f2:9e:45:d7:
- 0a:7d:75:be:9d:f7:94:6f:ce:a5:27:d6:9b:dc:d2:12:54:64:
- 09:c4:f6:a9
------BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgIQXcS8SV+gdqgTpMIyYWQNkjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
-MDQ3MjlaMBkxFzAVBgNVBAMMDmRzb2NsYWItY29ydGV4MIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAzQlrFDNKR3Vb09lnO02tH6cfM6uGsao7Casapvug
-YATjaDMOhVTRcGGKudXWtWzCszYClLcdGJNfiIH/KvSZWG3XluLSZHe5dEQ88Ptb
-D0N9OF3+sNsFeqnFECR1E8gt2mm+40Mz8CgwmlP4+NMQMjXsHYerHiy1AHyfj2Hg
-XVYVjEZFCXgCeBDAry8lbMJb7V/BMwv4yBPc38P8BZD/Bp7LvB0rwlfyvaois0v1
-yrK4ABjxFBC4Xmmf7fwEg9kut5qKRRxUcY9hAmqKhC9n35I6DF/ltudsJ2kfWwbW
-f+bfqy8xpc1jMmDAB1BsDTnLaK48stoPIAZ3LCirOjCSGwIDAQABo4HcMIHZMAkG
-A1UdEwQCMAAwHQYDVR0OBBYEFJoO4SYTpxJfpPFBwAn8retOZsJQMEYGA1UdIwQ/
-MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
-Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
-BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1jb3J0ZXiCHmRzb2NsYWIu
-Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAJy6hDI37
-sTb/TqwAkXWBSyB5P9oc4YC5jGtgR6WMvx80mGGVALt51J7I+9z7akiyadEaBMxS
-ygtIAT6UHmgL4036EsSq/7ZbDDyAIf5Qh4oUOn3no1623CK6zJdpAKh4CN1m0cvK
-KEG5zIprfEC3Xh2hiFqz/Rh36cRI/TiPBm54DvEaG7JsCt84EeNaPSpb3kFjFKsl
-jqafqLcyntwjRfNrbYa3F7NT31W9y0Ght3OuIRtos7EK5eYMKnd2I/OH7l8Obc07
-lJpv8v1PLXKjIZRVwEpsKxPjghOlH4Jrrm7i7Ot6JWrynkXXCn11vp33lG/OpSfW
-m9zSElRkCcT2qQ==
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/61095C2C8D35EE291C99CEABD42B3CA4.pem b/roles/ca/files/CA/certs_by_serial/61095C2C8D35EE291C99CEABD42B3CA4.pem
deleted file mode 100644
index 0d474c2a1277de93ba6357ca841a7eac3b1cce44..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/certs_by_serial/61095C2C8D35EE291C99CEABD42B3CA4.pem
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 61:09:5c:2c:8d:35:ee:29:1c:99:ce:ab:d4:2b:3c:a4
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:29 2020 GMT
- Not After : Oct 15 10:47:29 2023 GMT
- Subject: CN=dsoclab-thehive
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ba:c5:4d:20:a4:60:b7:61:21:ed:16:a1:6f:72:
- c4:de:a1:00:c0:ef:fc:5d:a1:89:34:07:15:d2:b4:
- 3a:14:b8:95:75:8e:81:71:49:46:1d:c8:81:cb:f1:
- ec:c7:5a:12:f6:89:60:e4:c8:98:1a:61:c8:2d:12:
- 8f:73:ee:f8:9d:88:b5:7f:30:70:97:29:b4:ab:43:
- 2d:dc:db:a7:10:47:c7:b5:26:9b:11:85:fb:d3:27:
- 8f:3a:55:bc:ea:78:17:b8:89:10:a3:a4:10:60:39:
- c3:7f:42:25:a9:fe:84:7f:38:5e:f4:3d:c3:98:3d:
- 56:b9:ba:81:06:55:8d:65:12:f0:4e:23:88:1d:98:
- 0c:2f:6e:4f:67:fd:4e:67:39:91:b9:01:52:12:aa:
- 9e:bb:7a:c8:ea:8f:4a:2d:18:f8:69:9a:3a:a0:c8:
- 6e:e3:de:c6:db:be:4c:59:e0:cf:bc:34:4f:2c:b0:
- ef:3e:82:5a:df:68:be:b8:fb:cc:5f:6a:f2:3e:66:
- d4:c6:c5:f6:0b:67:e9:64:85:15:87:60:6f:dc:b4:
- 5b:13:6f:b0:9b:f8:f3:da:c1:91:9e:81:5f:16:ca:
- 9e:14:01:c1:1c:ce:2a:d3:c8:3c:0f:be:b1:37:aa:
- c9:08:68:2b:de:f9:44:6c:1e:90:a4:12:bc:f5:3c:
- 46:bd
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 5B:08:8E:F2:1B:8F:12:03:BA:31:02:9C:CE:CC:BC:9F:FC:19:D1:E1
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-thehive, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 7f:b2:fa:33:d6:e3:6c:57:8a:4a:9a:ef:8b:81:2b:df:f3:d6:
- fb:8c:bc:02:cf:71:54:a0:f2:0d:ae:3b:30:cf:5c:69:d7:d0:
- aa:cc:16:80:4d:9d:c8:1f:a7:98:9d:26:dc:ae:8e:24:2b:bc:
- c1:11:a6:8d:4f:ca:13:1f:7f:8f:4c:ef:dd:46:df:d6:97:0a:
- 88:51:4e:f7:46:aa:3d:e3:70:e9:19:e8:9f:7e:22:fa:b6:38:
- 30:00:0a:94:38:09:bf:b8:64:6c:c1:b7:05:6d:4f:f3:27:0c:
- df:04:ef:a1:4e:e8:2d:4c:06:d0:c0:4f:4f:da:d0:6d:b8:f2:
- b3:79:18:63:bd:62:83:53:55:38:94:d9:64:ca:e7:4d:71:ce:
- d1:05:6d:b1:6c:fb:1a:4c:b6:ef:70:2b:3d:9b:1d:66:d8:d9:
- 9f:f0:e5:48:29:50:e8:1b:1a:fb:b4:d2:5e:38:ec:05:45:c2:
- e7:de:9a:9d:aa:34:67:c5:66:18:e3:86:8b:0c:1a:c4:21:20:
- 7e:b7:ad:e2:0b:d0:0d:d4:76:e6:53:ca:77:bc:ce:d0:9b:7b:
- 7c:fd:42:94:da:63:d8:a7:52:d2:45:f2:d5:55:ef:37:f1:a5:
- 0e:ba:29:c9:b4:ce:99:45:04:21:2b:86:27:bb:c1:f2:86:9a:
- 7c:51:5c:3b
------BEGIN CERTIFICATE-----
-MIIDmDCCAoCgAwIBAgIQYQlcLI017ikcmc6r1Cs8pDANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
-MDQ3MjlaMBoxGDAWBgNVBAMMD2Rzb2NsYWItdGhlaGl2ZTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBALrFTSCkYLdhIe0WoW9yxN6hAMDv/F2hiTQHFdK0
-OhS4lXWOgXFJRh3Igcvx7MdaEvaJYOTImBphyC0Sj3Pu+J2ItX8wcJcptKtDLdzb
-pxBHx7UmmxGF+9MnjzpVvOp4F7iJEKOkEGA5w39CJan+hH84XvQ9w5g9Vrm6gQZV
-jWUS8E4jiB2YDC9uT2f9Tmc5kbkBUhKqnrt6yOqPSi0Y+GmaOqDIbuPextu+TFng
-z7w0Tyyw7z6CWt9ovrj7zF9q8j5m1MbF9gtn6WSFFYdgb9y0WxNvsJv489rBkZ6B
-XxbKnhQBwRzOKtPIPA++sTeqyQhoK975RGwekKQSvPU8Rr0CAwEAAaOB3TCB2jAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBRbCI7yG48SA7oxApzOzLyf/BnR4TBGBgNVHSME
-PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
-TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-CwYDVR0PBAQDAgWgMDoGA1UdEQQzMDGCD2Rzb2NsYWItdGhlaGl2ZYIeZHNvY2xh
-Yi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQB/svoz
-1uNsV4pKmu+LgSvf89b7jLwCz3FUoPINrjswz1xp19CqzBaATZ3IH6eYnSbcro4k
-K7zBEaaNT8oTH3+PTO/dRt/WlwqIUU73Rqo943DpGeiffiL6tjgwAAqUOAm/uGRs
-wbcFbU/zJwzfBO+hTugtTAbQwE9P2tBtuPKzeRhjvWKDU1U4lNlkyudNcc7RBW2x
-bPsaTLbvcCs9mx1m2Nmf8OVIKVDoGxr7tNJeOOwFRcLn3pqdqjRnxWYY44aLDBrE
-ISB+t63iC9AN1HbmU8p3vM7Qm3t8/UKU2mPYp1LSRfLVVe838aUOuinJtM6ZRQQh
-K4Ynu8Hyhpp8UVw7
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/7587FCE4CF3EC68117199076B12CD5D2.pem b/roles/ca/files/CA/certs_by_serial/7587FCE4CF3EC68117199076B12CD5D2.pem
deleted file mode 100644
index f83010441e252486cc934677a1e0a0de1ebe2328..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/certs_by_serial/7587FCE4CF3EC68117199076B12CD5D2.pem
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 75:87:fc:e4:cf:3e:c6:81:17:19:90:76:b1:2c:d5:d2
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:28 2020 GMT
- Not After : Oct 15 10:47:28 2023 GMT
- Subject: CN=dsoclab-misp
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:cf:b1:1b:e7:a2:ae:70:81:71:a5:57:46:14:2e:
- 47:64:89:4e:bd:7d:f0:82:2d:03:19:d6:87:44:b3:
- 42:bf:72:78:03:cc:91:98:5b:36:42:14:55:e2:82:
- 16:12:58:60:54:44:8f:15:f6:1b:1f:76:36:22:2e:
- e8:ac:d3:3c:0a:df:46:c7:f1:04:bc:3a:bf:fe:4b:
- 8f:2a:53:83:e3:50:82:06:09:fc:2a:fa:fe:94:a0:
- 7b:7f:c2:3e:0b:3e:dc:72:b8:94:10:0a:0b:90:fd:
- 45:76:29:85:52:bf:0f:20:43:78:fe:3b:d3:49:20:
- 8f:9a:a5:0c:89:bb:0e:97:f2:67:b0:2d:f0:17:53:
- 25:a6:9b:4b:64:0e:72:8a:bf:c9:e3:8e:41:bb:ed:
- f3:33:6a:55:5f:8d:52:84:fa:a3:67:1a:7b:71:fb:
- 90:f1:5f:61:df:44:ea:0b:77:88:f2:e5:c1:83:71:
- 58:c7:58:8a:9b:39:45:59:4e:e0:db:16:b6:96:72:
- 90:8c:ee:c2:13:75:ea:15:c6:6b:e2:dc:3a:de:c8:
- 07:de:18:84:2d:96:b6:c4:4c:e1:4a:4d:13:6f:6c:
- 9a:1d:e5:f9:6f:cc:7e:1b:4a:3a:75:1a:b9:37:b0:
- 6d:a0:1b:69:35:f1:b6:e6:c2:a5:d3:56:d3:57:c7:
- 0e:8b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 65:C5:56:88:65:AF:77:F1:53:B2:71:5E:16:10:D1:0B:30:FF:28:BE
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-misp, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 5a:57:76:90:fd:a5:0d:ea:b0:22:c9:02:2e:18:91:81:04:d1:
- f4:64:58:58:19:27:03:9b:5a:dc:de:6c:0e:fb:b7:76:eb:b1:
- 97:36:e2:c7:76:ef:7d:d8:00:c3:20:c0:3d:a7:cf:61:f8:16:
- 4c:96:4c:7c:c8:89:21:d6:d4:eb:3a:c1:3d:98:34:74:6e:39:
- 81:20:6f:9b:4b:8d:b9:35:60:c5:76:19:30:30:06:0f:89:b1:
- 1a:f6:c4:88:52:28:98:41:52:f1:9a:77:82:79:ae:c9:71:ba:
- d9:e5:e9:b7:ba:08:32:59:eb:5e:7d:11:e0:a8:27:20:91:46:
- 05:56:1e:e6:0b:4d:49:17:52:7f:4b:c4:a3:e0:cd:30:bd:4e:
- 6a:70:2a:f5:77:4d:d1:d6:64:13:8d:4b:1a:d3:0b:0f:8a:49:
- 1e:bf:b4:c0:4f:43:dc:92:e3:c0:f2:2f:4a:c8:30:45:fc:5a:
- d2:de:92:b2:a1:48:b8:da:ff:f4:0b:04:5d:5d:a7:30:d8:4b:
- ca:cf:0c:01:6a:50:45:5f:d4:a8:cf:dd:fa:f7:68:0c:4c:45:
- 47:be:3a:c2:39:bb:04:ff:62:a0:bc:91:a0:f2:2b:67:09:89:
- 5a:ff:e6:53:c1:89:18:12:a1:0f:5a:d7:e1:12:8b:88:88:89:
- ca:b0:30:27
------BEGIN CERTIFICATE-----
-MIIDkjCCAnqgAwIBAgIQdYf85M8+xoEXGZB2sSzV0jANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjhaFw0yMzEwMTUx
-MDQ3MjhaMBcxFTATBgNVBAMMDGRzb2NsYWItbWlzcDCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAM+xG+eirnCBcaVXRhQuR2SJTr198IItAxnWh0SzQr9y
-eAPMkZhbNkIUVeKCFhJYYFREjxX2Gx92NiIu6KzTPArfRsfxBLw6v/5LjypTg+NQ
-ggYJ/Cr6/pSge3/CPgs+3HK4lBAKC5D9RXYphVK/DyBDeP4700kgj5qlDIm7Dpfy
-Z7At8BdTJaabS2QOcoq/yeOOQbvt8zNqVV+NUoT6o2cae3H7kPFfYd9E6gt3iPLl
-wYNxWMdYips5RVlO4NsWtpZykIzuwhN16hXGa+LcOt7IB94YhC2WtsRM4UpNE29s
-mh3l+W/MfhtKOnUauTewbaAbaTXxtubCpdNW01fHDosCAwEAAaOB2jCB1zAJBgNV
-HRMEAjAAMB0GA1UdDgQWBBRlxVaIZa938VOycV4WENELMP8ovjBGBgNVHSMEPzA9
-gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
-Q0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYD
-VR0PBAQDAgWgMDcGA1UdEQQwMC6CDGRzb2NsYWItbWlzcIIeZHNvY2xhYi5nbjQt
-My13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQBaV3aQ/aUN6rAi
-yQIuGJGBBNH0ZFhYGScDm1rc3mwO+7d267GXNuLHdu992ADDIMA9p89h+BZMlkx8
-yIkh1tTrOsE9mDR0bjmBIG+bS425NWDFdhkwMAYPibEa9sSIUiiYQVLxmneCea7J
-cbrZ5em3uggyWetefRHgqCcgkUYFVh7mC01JF1J/S8Sj4M0wvU5qcCr1d03R1mQT
-jUsa0wsPikkev7TAT0PckuPA8i9KyDBF/FrS3pKyoUi42v/0CwRdXacw2EvKzwwB
-alBFX9Soz93692gMTEVHvjrCObsE/2KgvJGg8itnCYla/+ZTwYkYEqEPWtfhEouI
-iInKsDAn
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/7DFC33457573E8F16094A74E6B2F23F1.pem b/roles/ca/files/CA/certs_by_serial/7DFC33457573E8F16094A74E6B2F23F1.pem
deleted file mode 100644
index f47839f66eda87805afce110cf5d0c2e136e8abe..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/certs_by_serial/7DFC33457573E8F16094A74E6B2F23F1.pem
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 7d:fc:33:45:75:73:e8:f1:60:94:a7:4e:6b:2f:23:f1
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:27 2020 GMT
- Not After : Oct 15 10:47:27 2023 GMT
- Subject: CN=dsoclab-kibana
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ce:4f:c9:0f:84:4d:4e:7b:dc:11:90:c9:49:a8:
- f3:60:44:a8:25:1b:59:83:64:0b:d1:e0:bc:59:50:
- 22:a5:f5:88:7a:c8:40:65:e4:22:3d:77:d2:8f:9e:
- 30:17:80:5e:20:85:bc:70:67:61:cb:d8:e2:9f:9a:
- 7c:7b:a6:e8:4e:79:7b:cd:86:6e:26:52:37:45:b6:
- ab:b7:6f:40:8f:7a:55:8b:d1:91:cc:21:6f:55:37:
- 50:3b:72:1f:2d:3b:bf:75:47:91:88:6a:1c:ea:39:
- dd:8b:25:31:55:0e:bc:52:6f:bf:0b:96:ef:e3:12:
- 5c:da:63:22:54:e5:b3:95:8b:02:9e:57:3e:7b:4f:
- a0:f5:6f:07:a8:5b:45:7c:cb:34:83:77:34:a5:b1:
- ff:05:12:88:8f:cc:c4:05:5d:e9:e7:7d:2b:12:fa:
- bb:4d:25:f4:f7:04:e7:95:06:95:ea:a9:c4:75:4e:
- f7:03:67:2d:9c:9a:f4:01:f6:2a:8d:6c:6d:d0:59:
- a9:ce:1f:12:b1:76:39:c8:07:d4:20:73:1e:f3:9c:
- b9:67:83:3b:a8:7c:6e:fb:86:ea:3f:6a:8e:98:4c:
- 39:a9:d1:4d:be:9f:0a:43:49:1b:fd:09:67:b6:62:
- 71:fd:87:9a:63:25:00:aa:c7:a1:4d:23:12:e3:56:
- 0f:6f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 50:F3:7D:4F:B2:8C:A5:09:FD:64:CB:C1:97:F1:F8:49:C8:6B:30:4D
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-kibana, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- ae:be:82:6f:6d:e6:c4:cb:c3:2a:d9:d6:ee:11:52:a6:de:89:
- 9e:31:a3:e2:86:07:e9:d1:fe:95:c9:a2:38:90:df:05:ff:e5:
- 99:27:e8:d8:55:00:8a:85:b3:15:a5:e5:5b:ce:4e:4f:01:3b:
- 74:a4:b2:09:fc:6e:95:92:94:2f:76:0d:c7:97:1b:78:c1:08:
- 1e:3a:0e:fa:a6:ab:db:1e:22:26:86:39:f4:bb:89:a1:a1:d1:
- 55:f6:c3:ff:9b:a5:eb:1b:6a:84:8a:1d:3c:5f:7c:03:0d:08:
- 42:6f:d7:14:86:61:38:66:65:f7:c2:86:68:db:81:e9:41:0f:
- 82:cf:bb:be:fd:d7:94:48:cc:f8:cf:4a:40:ce:33:c4:75:51:
- 00:7e:c7:93:f6:3b:92:c1:5e:8a:ce:5f:2c:c2:f4:fe:ec:77:
- 9e:ea:30:d9:53:ee:f9:b9:fd:50:f5:6b:92:1c:57:d2:e0:f3:
- 05:d8:79:a9:63:16:13:09:cf:5f:39:dc:ec:43:e4:65:45:43:
- 65:e4:7c:39:a3:a2:81:47:ab:8f:57:a9:89:9d:56:4b:77:b1:
- 04:c8:9c:54:d2:5c:28:f5:d3:66:ae:9a:9c:a5:91:c7:eb:20:
- 69:fb:58:99:c7:5e:be:ec:4a:7a:62:09:fe:3b:30:f2:4a:d7:
- 1d:f9:0b:c3
------BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgIQffwzRXVz6PFglKdOay8j8TANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
-MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWIta2liYW5hMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAzk/JD4RNTnvcEZDJSajzYESoJRtZg2QL0eC8WVAi
-pfWIeshAZeQiPXfSj54wF4BeIIW8cGdhy9jin5p8e6boTnl7zYZuJlI3Rbart29A
-j3pVi9GRzCFvVTdQO3IfLTu/dUeRiGoc6jndiyUxVQ68Um+/C5bv4xJc2mMiVOWz
-lYsCnlc+e0+g9W8HqFtFfMs0g3c0pbH/BRKIj8zEBV3p530rEvq7TSX09wTnlQaV
-6qnEdU73A2ctnJr0AfYqjWxt0Fmpzh8SsXY5yAfUIHMe85y5Z4M7qHxu+4bqP2qO
-mEw5qdFNvp8KQ0kb/QlntmJx/YeaYyUAqsehTSMS41YPbwIDAQABo4HcMIHZMAkG
-A1UdEwQCMAAwHQYDVR0OBBYEFFDzfU+yjKUJ/WTLwZfx+EnIazBNMEYGA1UdIwQ/
-MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
-Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
-BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1raWJhbmGCHmRzb2NsYWIu
-Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEArr6Cb23m
-xMvDKtnW7hFSpt6JnjGj4oYH6dH+lcmiOJDfBf/lmSfo2FUAioWzFaXlW85OTwE7
-dKSyCfxulZKUL3YNx5cbeMEIHjoO+qar2x4iJoY59LuJoaHRVfbD/5ul6xtqhIod
-PF98Aw0IQm/XFIZhOGZl98KGaNuB6UEPgs+7vv3XlEjM+M9KQM4zxHVRAH7Hk/Y7
-ksFeis5fLML0/ux3nuow2VPu+bn9UPVrkhxX0uDzBdh5qWMWEwnPXznc7EPkZUVD
-ZeR8OaOigUerj1epiZ1WS3exBMicVNJcKPXTZq6anKWRx+sgaftYmcdevuxKemIJ
-/jsw8krXHfkLww==
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/8B69055F8586CEDD21660B2493412660.pem b/roles/ca/files/CA/certs_by_serial/8B69055F8586CEDD21660B2493412660.pem
deleted file mode 100644
index 56a67ac49f381e3f9c9db191d4b79dbbdeb58fc2..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/certs_by_serial/8B69055F8586CEDD21660B2493412660.pem
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 8b:69:05:5f:85:86:ce:dd:21:66:0b:24:93:41:26:60
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:25 2020 GMT
- Not After : Oct 15 10:47:25 2023 GMT
- Subject: CN=dsoclab-nifi-2
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ac:b7:4b:e2:d5:87:7f:8e:15:9b:cf:c0:17:eb:
- db:8c:e3:1b:83:c0:69:b9:06:91:a0:9b:c6:35:dc:
- 2f:e8:8c:72:28:50:02:82:c5:b1:eb:da:d9:e3:9d:
- 95:d2:d9:dd:e1:08:35:6d:83:73:95:98:ba:19:fd:
- 3e:04:67:9a:09:37:45:79:d3:1d:0b:ec:0a:43:cb:
- b8:24:cc:68:5c:ce:2e:ae:db:48:d8:6e:5a:f3:31:
- be:87:28:86:76:8e:8f:8d:68:95:1f:72:6c:65:4a:
- fc:9e:b8:7d:e2:83:e2:3d:b0:30:5d:c1:73:06:ae:
- 9b:f7:9a:54:b8:02:6b:82:90:11:08:3f:d6:5f:59:
- 5c:df:aa:25:59:c0:67:7a:fc:e1:f0:c9:4a:8b:e0:
- 31:b6:53:13:c2:bf:8c:4f:3a:e6:ed:11:30:a6:41:
- 26:ad:56:8f:03:0b:ad:87:6c:b2:73:c4:2e:41:3e:
- 99:1a:b6:29:6d:e0:dc:af:8f:45:6e:d5:69:17:0d:
- f1:58:a6:7e:8c:80:32:72:24:21:d2:e9:b4:44:23:
- f6:10:8f:9f:64:7f:ef:e6:ab:f1:43:94:d0:8a:97:
- 0e:e4:91:bd:86:b9:1f:42:f4:96:39:85:05:26:ed:
- 90:01:91:11:a3:1f:04:5b:46:ff:1b:a9:74:77:db:
- 18:03
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 1F:5E:EF:0E:58:69:FD:21:93:48:19:98:81:48:13:2E:FC:31:61:0C
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-nifi-2, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 21:2d:9b:f7:0c:74:cd:d4:30:b1:42:5b:32:98:d8:ef:9f:a9:
- 9b:1b:f0:54:67:c3:20:5b:f1:87:4d:ff:e4:a5:db:af:eb:34:
- 8a:b3:fa:d6:14:4a:3c:31:11:8f:09:b0:af:25:39:5a:5e:89:
- 32:cf:c7:48:68:f3:14:72:a0:35:15:ec:76:c7:bb:a7:5b:0c:
- d5:7e:5b:8c:d8:40:a2:5e:fa:f8:f2:cf:dd:56:65:7e:94:ef:
- b4:99:25:ba:9f:78:94:7d:54:0c:83:b9:cf:b8:b4:9d:78:6d:
- 62:e3:6c:98:1f:40:b9:35:3c:51:b5:9f:82:7b:1e:77:db:25:
- f2:71:df:3d:e9:56:93:86:fe:61:48:4f:db:76:5b:5f:b1:96:
- f9:46:72:5e:01:80:87:b5:be:b4:00:3b:37:7f:5e:44:d4:7e:
- c5:87:ed:40:6b:9e:f4:ca:1b:b0:4b:84:97:1f:07:0f:7c:8b:
- d2:7b:b1:3d:a7:f8:ae:39:07:34:50:41:70:1f:07:ba:a6:a2:
- 0d:ca:e5:7b:d4:77:2c:95:4d:16:0c:34:e0:a5:59:7f:43:c7:
- a0:dd:a0:f0:ed:75:5a:0f:61:76:52:34:ef:7c:a7:21:e4:de:
- 3a:24:cd:39:b6:77:3a:c8:f3:1f:09:2b:80:9a:f0:5d:7f:5e:
- 73:9d:73:eb
------BEGIN CERTIFICATE-----
-MIIDlzCCAn+gAwIBAgIRAItpBV+Fhs7dIWYLJJNBJmAwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI1WhcNMjMxMDE1
-MTA0NzI1WjAZMRcwFQYDVQQDDA5kc29jbGFiLW5pZmktMjCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAKy3S+LVh3+OFZvPwBfr24zjG4PAabkGkaCbxjXc
-L+iMcihQAoLFseva2eOdldLZ3eEINW2Dc5WYuhn9PgRnmgk3RXnTHQvsCkPLuCTM
-aFzOLq7bSNhuWvMxvocohnaOj41olR9ybGVK/J64feKD4j2wMF3Bcwaum/eaVLgC
-a4KQEQg/1l9ZXN+qJVnAZ3r84fDJSovgMbZTE8K/jE865u0RMKZBJq1WjwMLrYds
-snPELkE+mRq2KW3g3K+PRW7VaRcN8VimfoyAMnIkIdLptEQj9hCPn2R/7+ar8UOU
-0IqXDuSRvYa5H0L0ljmFBSbtkAGREaMfBFtG/xupdHfbGAMCAwEAAaOB3DCB2TAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBQfXu8OWGn9IZNIGZiBSBMu/DFhDDBGBgNVHSME
-PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
-TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-CwYDVR0PBAQDAgWgMDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0ygh5kc29jbGFi
-LmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBACEtm/cM
-dM3UMLFCWzKY2O+fqZsb8FRnwyBb8YdN/+Sl26/rNIqz+tYUSjwxEY8JsK8lOVpe
-iTLPx0ho8xRyoDUV7HbHu6dbDNV+W4zYQKJe+vjyz91WZX6U77SZJbqfeJR9VAyD
-uc+4tJ14bWLjbJgfQLk1PFG1n4J7HnfbJfJx3z3pVpOG/mFIT9t2W1+xlvlGcl4B
-gIe1vrQAOzd/XkTUfsWH7UBrnvTKG7BLhJcfBw98i9J7sT2n+K45BzRQQXAfB7qm
-og3K5XvUdyyVTRYMNOClWX9Dx6DdoPDtdVoPYXZSNO98pyHk3jokzTm2dzrI8x8J
-K4Ca8F1/XnOdc+s=
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/97D2D0CF2300C0A966D103CA89A99212.pem b/roles/ca/files/CA/certs_by_serial/97D2D0CF2300C0A966D103CA89A99212.pem
deleted file mode 100644
index 71baad05685f6d498afb76ee0ce3c737cb475275..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/certs_by_serial/97D2D0CF2300C0A966D103CA89A99212.pem
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 97:d2:d0:cf:23:00:c0:a9:66:d1:03:ca:89:a9:92:12
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:26 2020 GMT
- Not After : Oct 15 10:47:26 2023 GMT
- Subject: CN=dsoclab-odfe-1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:e5:46:f6:71:ce:a2:3f:61:5e:9b:f3:c6:61:88:
- 87:99:0a:ac:b8:e8:9d:3c:5f:8c:60:2b:41:5b:36:
- fb:39:0a:6f:a1:16:02:31:ac:0d:bd:0e:ff:95:59:
- d8:f1:21:6b:bd:96:d6:7b:79:01:d1:65:1c:ca:09:
- 22:50:30:01:ea:ed:b4:29:bf:b4:70:25:db:b3:1d:
- e9:73:ed:63:93:02:4c:90:22:04:6d:31:74:31:ae:
- 85:3c:12:8d:b3:f6:92:2f:de:75:75:8f:ca:a5:f2:
- a2:12:94:fb:e8:73:30:37:f1:7c:b5:4e:59:ab:71:
- 73:26:80:9a:46:8d:49:94:b0:09:e5:27:10:34:9d:
- c0:53:3b:fa:77:2e:06:c0:73:8e:0f:9a:1e:8c:27:
- 32:0c:eb:f2:d2:0c:a7:52:48:c6:ee:12:21:15:e3:
- 45:30:89:81:63:7f:bf:0a:5b:d1:05:c8:1c:fc:5f:
- bb:b8:82:2a:92:3b:3a:ae:19:9d:e9:a7:62:7c:0a:
- f2:c2:2a:e6:a8:d4:9b:0a:a8:a2:5a:ec:e5:a3:1a:
- 73:e0:83:3d:d2:e8:74:a9:0b:b0:e4:b0:fd:fe:ad:
- 1e:57:e8:0d:20:7c:aa:1f:31:69:b5:0d:8c:3f:1c:
- 8d:dc:d3:71:5b:f1:04:6a:ae:b9:2d:a8:be:28:11:
- f5:4b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- DB:92:49:8B:D9:27:41:85:16:AE:C9:CA:F6:8D:11:53:8B:EE:B0:5E
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-odfe-1, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 0f:83:fb:ba:2a:0d:aa:14:3f:3f:0b:00:be:f9:37:f4:7f:29:
- 1e:21:4e:18:07:e0:ae:e1:84:f7:cf:a1:21:a5:36:ba:77:6c:
- 0c:00:11:d5:7d:d8:31:b3:f5:cc:fd:6b:27:8f:99:5f:99:4c:
- 57:88:d0:1a:e7:66:6b:8a:fd:d1:01:e3:88:37:91:8c:7b:e9:
- e2:22:dd:80:62:64:9e:22:e7:25:b5:b9:89:45:e4:24:f5:19:
- c0:5d:10:50:57:80:66:23:0c:b1:8e:bd:b3:f1:fa:95:7e:6f:
- 04:d1:da:c2:e8:a1:b2:55:55:66:3a:bc:5b:71:50:8c:a8:56:
- 86:f4:a9:9c:c7:4b:d6:91:73:8e:a9:93:ef:e0:85:5e:5c:53:
- ae:b3:a7:a4:31:80:f3:b3:e4:03:ad:da:96:f0:14:7b:25:e4:
- ff:68:9b:8f:28:cd:fc:94:05:5f:38:80:84:d6:f5:d4:b7:bd:
- 43:79:bd:fb:f2:ce:30:73:01:e8:ee:ad:45:4a:ea:88:3f:d1:
- a2:ef:22:f5:49:cc:d4:27:22:3c:bc:1f:50:81:58:5a:65:9d:
- d6:14:3b:3f:b2:8f:90:35:2b:e7:1a:9b:58:db:96:06:9b:cf:
- 44:0b:f5:9f:aa:57:28:3c:ab:70:fa:bc:93:90:d9:94:d7:fe:
- 6f:fe:39:2a
------BEGIN CERTIFICATE-----
-MIIDlzCCAn+gAwIBAgIRAJfS0M8jAMCpZtEDyompkhIwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI2WhcNMjMxMDE1
-MTA0NzI2WjAZMRcwFQYDVQQDDA5kc29jbGFiLW9kZmUtMTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAOVG9nHOoj9hXpvzxmGIh5kKrLjonTxfjGArQVs2
-+zkKb6EWAjGsDb0O/5VZ2PEha72W1nt5AdFlHMoJIlAwAerttCm/tHAl27Md6XPt
-Y5MCTJAiBG0xdDGuhTwSjbP2ki/edXWPyqXyohKU++hzMDfxfLVOWatxcyaAmkaN
-SZSwCeUnEDSdwFM7+ncuBsBzjg+aHownMgzr8tIMp1JIxu4SIRXjRTCJgWN/vwpb
-0QXIHPxfu7iCKpI7Oq4ZnemnYnwK8sIq5qjUmwqoolrs5aMac+CDPdLodKkLsOSw
-/f6tHlfoDSB8qh8xabUNjD8cjdzTcVvxBGquuS2ovigR9UsCAwEAAaOB3DCB2TAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBTbkkmL2SdBhRauycr2jRFTi+6wXjBGBgNVHSME
-PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
-TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-CwYDVR0PBAQDAgWgMDkGA1UdEQQyMDCCDmRzb2NsYWItb2RmZS0xgh5kc29jbGFi
-LmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAA+D+7oq
-DaoUPz8LAL75N/R/KR4hThgH4K7hhPfPoSGlNrp3bAwAEdV92DGz9cz9ayePmV+Z
-TFeI0BrnZmuK/dEB44g3kYx76eIi3YBiZJ4i5yW1uYlF5CT1GcBdEFBXgGYjDLGO
-vbPx+pV+bwTR2sLoobJVVWY6vFtxUIyoVob0qZzHS9aRc46pk+/ghV5cU66zp6Qx
-gPOz5AOt2pbwFHsl5P9om48ozfyUBV84gITW9dS3vUN5vfvyzjBzAejurUVK6og/
-0aLvIvVJzNQnIjy8H1CBWFplndYUOz+yj5A1K+cam1jblgabz0QL9Z+qVyg8q3D6
-vJOQ2ZTX/m/+OSo=
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/A7217943DDD1145BC6F68CBA362CB35B.pem b/roles/ca/files/CA/certs_by_serial/A7217943DDD1145BC6F68CBA362CB35B.pem
deleted file mode 100644
index 4baf981ca39d7c8e6270b7823a40dd9e1661d9c3..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/certs_by_serial/A7217943DDD1145BC6F68CBA362CB35B.pem
+++ /dev/null
@@ -1,84 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- a7:21:79:43:dd:d1:14:5b:c6:f6:8c:ba:36:2c:b3:5b
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:52 2020 GMT
- Not After : Oct 15 10:47:52 2023 GMT
- Subject: CN=Arne Oslebo
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ce:4c:02:19:21:6e:1c:f2:ed:93:d8:fd:bc:1a:
- a4:c2:11:3b:e1:55:73:e5:26:92:d3:d9:e8:a6:dd:
- 7d:a2:1d:be:6a:7c:64:06:39:60:33:38:7d:6a:ca:
- 89:9d:e5:11:58:21:69:f3:3a:88:5e:ea:e5:2e:e1:
- 9d:bb:00:1f:59:19:69:4f:6b:32:3d:2f:1a:da:95:
- 3d:99:95:53:9f:b2:ea:db:13:48:63:2d:4a:dc:0c:
- 4b:a6:1c:4c:62:e2:d0:11:25:67:cb:80:52:02:e8:
- f8:3b:3c:eb:cb:f4:71:03:5a:be:d9:a0:49:fe:d1:
- 72:fe:4f:be:e1:ac:a1:ed:a5:15:06:f4:4e:c9:06:
- ab:9b:92:c2:3e:b9:58:0c:f4:15:0e:04:c0:91:1b:
- 85:73:9d:b6:97:a1:6c:70:0a:1a:a0:ce:4c:8d:ac:
- 29:e4:c5:17:00:26:03:44:32:a8:7b:83:52:49:43:
- 60:11:53:c8:1e:b8:eb:9f:1f:e3:13:54:81:77:c4:
- 47:4a:2e:20:8d:48:8c:91:2e:e0:d4:e5:37:0b:5c:
- bb:5f:40:37:92:e9:60:3b:a0:f9:98:7f:6d:b3:20:
- 92:3c:da:8c:f0:79:81:f2:ea:77:ba:b4:7b:06:54:
- 75:89:77:7e:ad:08:3a:ae:1e:dc:1c:11:63:08:43:
- 14:97
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- BA:57:27:B7:A6:72:56:05:70:2F:E2:6E:47:CA:0F:2F:C4:26:44:86
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 53:30:05:cf:78:2f:0b:25:a1:64:0a:94:06:11:9b:a8:07:d3:
- 5d:4f:0c:80:78:9c:cb:8e:07:d8:21:29:68:d0:ea:43:55:3f:
- 14:18:dc:40:cc:a4:84:da:11:24:07:71:35:63:49:3e:bc:10:
- 3a:93:cd:b8:61:22:e1:43:a8:d4:c5:2b:13:e4:27:62:00:f1:
- c8:31:d0:27:05:27:6b:0e:77:df:1b:f0:e5:6e:d9:0b:8a:9a:
- 0b:5f:97:20:2c:dd:e1:37:64:94:1a:9e:f7:a7:63:37:88:71:
- 0e:57:a2:da:10:1f:2c:a3:a9:e1:40:01:48:58:74:2e:b3:11:
- 8f:d1:21:30:49:b9:53:29:c5:92:85:85:6b:51:20:05:b4:c5:
- af:b9:b2:9b:a3:50:1d:59:ac:fa:bf:33:57:61:f4:f1:c3:ee:
- a2:9a:99:b2:04:de:8b:fc:d2:3c:58:38:ab:9d:d2:6d:f2:e3:
- 0c:69:a5:76:78:df:ae:c9:67:0a:97:55:3d:f0:8f:5a:5e:de:
- e6:56:1b:4e:66:c9:34:77:97:54:d4:66:e2:24:3c:f0:43:01:
- 24:05:0c:32:a0:65:38:09:53:6c:0e:38:ea:7c:b1:d6:51:11:
- 60:8f:28:9f:ab:13:d0:75:f3:93:13:f2:1e:a4:bd:18:ae:b0:
- 0f:f6:29:d4
------BEGIN CERTIFICATE-----
-MIIDTzCCAjegAwIBAgIRAKcheUPd0RRbxvaMujYss1swDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzUyWhcNMjMxMDE1
-MTA0NzUyWjAWMRQwEgYDVQQDDAtBcm5lIE9zbGVibzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAM5MAhkhbhzy7ZPY/bwapMIRO+FVc+UmktPZ6KbdfaId
-vmp8ZAY5YDM4fWrKiZ3lEVghafM6iF7q5S7hnbsAH1kZaU9rMj0vGtqVPZmVU5+y
-6tsTSGMtStwMS6YcTGLi0BElZ8uAUgLo+Ds868v0cQNavtmgSf7Rcv5PvuGsoe2l
-FQb0TskGq5uSwj65WAz0FQ4EwJEbhXOdtpehbHAKGqDOTI2sKeTFFwAmA0QyqHuD
-UklDYBFTyB64658f4xNUgXfER0ouII1IjJEu4NTlNwtcu19AN5LpYDug+Zh/bbMg
-kjzajPB5gfLqd7q0ewZUdYl3fq0IOq4e3BwRYwhDFJcCAwEAAaOBlzCBlDAJBgNV
-HRMEAjAAMB0GA1UdDgQWBBS6Vye3pnJWBXAv4m5Hyg8vxCZEhjBGBgNVHSMEPzA9
-gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
-Q0GCCQCKdJMmgFtCtzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4Aw
-DQYJKoZIhvcNAQELBQADggEBAFMwBc94LwsloWQKlAYRm6gH011PDIB4nMuOB9gh
-KWjQ6kNVPxQY3EDMpITaESQHcTVjST68EDqTzbhhIuFDqNTFKxPkJ2IA8cgx0CcF
-J2sOd98b8OVu2QuKmgtflyAs3eE3ZJQanvenYzeIcQ5XotoQHyyjqeFAAUhYdC6z
-EY/RITBJuVMpxZKFhWtRIAW0xa+5spujUB1ZrPq/M1dh9PHD7qKambIE3ov80jxY
-OKud0m3y4wxppXZ4367JZwqXVT3wj1pe3uZWG05myTR3l1TUZuIkPPBDASQFDDKg
-ZTgJU2wOOOp8sdZREWCPKJ+rE9B185MT8h6kvRiusA/2KdQ=
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/D27B43CB9BFB09CFCC86EFD1019A42FC.pem b/roles/ca/files/CA/certs_by_serial/D27B43CB9BFB09CFCC86EFD1019A42FC.pem
deleted file mode 100644
index 5be39cb377745bb5bc5303c2b7d55d44877f9260..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/certs_by_serial/D27B43CB9BFB09CFCC86EFD1019A42FC.pem
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- d2:7b:43:cb:9b:fb:09:cf:cc:86:ef:d1:01:9a:42:fc
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:30 2020 GMT
- Not After : Oct 15 10:47:30 2023 GMT
- Subject: CN=dsoclab-haproxy
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:c9:c7:22:33:0b:0b:0f:a0:8c:c4:a9:81:37:bd:
- 51:2f:47:32:fa:1b:88:45:b1:bb:11:43:3d:de:b3:
- 70:67:d7:8b:39:5a:8f:13:fb:2f:78:08:b1:b1:32:
- c6:d1:0e:e4:d3:2e:3a:db:84:db:d2:65:6b:26:24:
- 6c:d7:16:e5:a5:90:8e:02:46:13:02:0a:96:66:46:
- 87:b7:b0:ee:56:4c:3c:d8:ae:4c:7d:ef:5b:aa:6e:
- 01:8e:89:fe:4c:b9:de:6c:ba:e4:3f:8d:f8:d7:3a:
- ed:b2:29:9a:5b:ac:5a:86:66:05:f3:19:2f:59:8d:
- 7c:8b:6a:97:1e:43:8a:36:80:b2:e9:e1:84:f6:94:
- bc:13:11:31:b8:d2:5a:72:ed:68:c3:b1:37:e4:5b:
- 91:82:62:aa:13:f2:b6:e0:3a:aa:85:66:70:0a:a9:
- ad:5c:a7:52:ff:dc:f9:99:5e:e5:15:d5:0c:fe:cd:
- 27:cb:98:9e:5a:69:ca:71:74:31:e6:26:df:ec:d2:
- 42:43:b9:f3:04:8e:2c:7a:28:a6:f9:8e:ba:64:3c:
- 69:0e:ac:f5:dc:d5:f3:2a:50:47:50:d4:8c:f5:ee:
- 31:08:73:69:1f:ae:42:1d:52:84:5d:47:68:dd:a3:
- 1f:07:57:ec:3e:9e:0d:23:78:16:41:bc:68:f2:4f:
- e9:19
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 49:DC:74:02:17:71:C3:D0:A0:64:31:9E:60:2B:B4:38:43:62:DE:98
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-haproxy, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 04:a0:71:31:d2:11:93:09:96:c8:1b:2a:31:b8:b9:34:07:ac:
- 89:cb:b0:6c:b0:f0:17:5f:18:3c:a6:96:ca:b3:fa:c7:af:40:
- 17:e1:7e:e4:dc:ee:fe:5c:dc:86:40:b7:2f:9d:c0:9e:fd:16:
- 6b:85:ab:c2:a8:63:1f:fe:03:2b:89:6a:80:c9:2e:ae:cc:3d:
- 19:75:32:0e:56:57:16:27:02:51:49:1d:b3:78:aa:57:d3:00:
- 9b:93:fe:6d:a3:37:ad:26:35:57:e1:5f:90:bf:ef:30:bc:68:
- f3:bf:7c:59:69:4f:61:30:2d:48:66:a6:44:2a:51:63:6e:4f:
- a7:8f:96:7e:91:b2:b2:46:bc:97:1b:01:df:c0:24:5c:b2:aa:
- 8d:20:3a:25:5d:8a:1c:84:53:0d:d4:f6:d5:81:5d:30:de:c4:
- d7:fa:42:9c:79:68:92:56:b7:76:69:c6:c9:ad:07:47:a6:d2:
- 46:d4:a5:0c:10:a9:03:21:4d:56:40:e5:28:e3:fa:70:1b:23:
- 32:68:07:3d:d6:8a:3a:fb:6d:3b:a6:20:16:1b:09:f3:47:f0:
- 2a:4f:dc:97:86:56:37:96:42:1b:89:b8:76:1a:ab:7a:25:4e:
- e8:62:d9:a0:3b:ec:62:72:64:64:ca:87:9c:be:0a:08:09:52:
- ab:03:89:2b
------BEGIN CERTIFICATE-----
-MIIDmTCCAoGgAwIBAgIRANJ7Q8ub+wnPzIbv0QGaQvwwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzMwWhcNMjMxMDE1
-MTA0NzMwWjAaMRgwFgYDVQQDDA9kc29jbGFiLWhhcHJveHkwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDJxyIzCwsPoIzEqYE3vVEvRzL6G4hFsbsRQz3e
-s3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsmJGzXFuWlkI4CRhMCCpZmRoe3
-sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2yKZpbrFqGZgXzGS9ZjXyLapce
-Q4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT8rbgOqqFZnAKqa1cp1L/3PmZ
-XuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6KKb5jrpkPGkOrPXc1fMqUEdQ
-1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZBvGjyT+kZAgMBAAGjgd0wgdow
-CQYDVR0TBAIwADAdBgNVHQ4EFgQUSdx0Ahdxw9CgZDGeYCu0OENi3pgwRgYDVR0j
-BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
-T0xTLUNBggkAinSTJoBbQrcwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
-MAsGA1UdDwQEAwIFoDA6BgNVHREEMzAxgg9kc29jbGFiLWhhcHJveHmCHmRzb2Ns
-YWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEABKBx
-MdIRkwmWyBsqMbi5NAesicuwbLDwF18YPKaWyrP6x69AF+F+5Nzu/lzchkC3L53A
-nv0Wa4WrwqhjH/4DK4lqgMkursw9GXUyDlZXFicCUUkds3iqV9MAm5P+baM3rSY1
-V+FfkL/vMLxo8798WWlPYTAtSGamRCpRY25Pp4+WfpGyska8lxsB38AkXLKqjSA6
-JV2KHIRTDdT21YFdMN7E1/pCnHlokla3dmnGya0HR6bSRtSlDBCpAyFNVkDlKOP6
-cBsjMmgHPdaKOvttO6YgFhsJ80fwKk/cl4ZWN5ZCG4m4dhqreiVO6GLZoDvsYnJk
-ZMqHnL4KCAlSqwOJKw==
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/FE7583DEF2355A2C2BBA09720BD80948.pem b/roles/ca/files/CA/certs_by_serial/FE7583DEF2355A2C2BBA09720BD80948.pem
deleted file mode 100644
index 92b6893716cacfa9e7fb863ad4c4379077e7ac1e..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/certs_by_serial/FE7583DEF2355A2C2BBA09720BD80948.pem
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- fe:75:83:de:f2:35:5a:2c:2b:ba:09:72:0b:d8:09:48
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:28 2020 GMT
- Not After : Oct 15 10:47:28 2023 GMT
- Subject: CN=dsoclab-keycloak
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ea:a9:ea:6b:2f:6c:9c:9f:6d:9c:89:4e:01:ba:
- c6:c0:32:df:59:26:2b:95:f4:c2:3d:c8:7e:22:ce:
- b6:78:03:e8:22:28:81:9c:9a:a6:a7:ba:fd:05:66:
- a3:50:81:85:71:c1:d9:ea:bc:21:e1:5d:0a:87:7b:
- be:55:b0:7d:01:57:de:4c:fe:3a:c5:c9:54:77:2e:
- 15:fc:12:07:f8:ef:9f:7b:f7:09:01:70:75:53:3b:
- dc:b1:0c:65:4d:49:c4:fb:1d:42:20:6f:81:45:42:
- d3:db:1d:4c:57:1b:1d:3b:81:39:ee:b2:cf:95:4b:
- 29:d0:a8:39:98:d6:93:36:99:bf:c5:43:26:8d:4d:
- db:6d:24:3b:fc:16:76:a1:fd:6f:c6:19:11:c7:12:
- 0d:80:16:4c:88:da:2c:09:78:3d:1b:7c:6c:ec:db:
- 9e:01:50:5f:a3:56:7f:d4:3b:a4:26:d2:6d:42:7b:
- 88:4e:8d:64:ed:1e:1a:0e:05:58:65:58:47:83:60:
- 9e:b4:ed:15:ce:72:4f:a0:b5:22:dd:9f:a4:da:88:
- 86:fe:cb:84:6e:72:3d:00:42:da:8b:85:2a:f2:ef:
- d7:ee:bb:85:42:ba:b9:fb:d9:9d:d2:2c:58:0f:7c:
- 02:23:b7:46:d0:69:06:37:40:9d:58:74:89:ca:b7:
- 12:e5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- FD:C5:77:F8:79:AD:0A:7E:6A:A0:2E:3B:58:6A:9F:43:51:55:0B:DF
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-keycloak, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 9a:c0:35:a3:68:ec:ec:cc:c3:65:5a:bf:03:d0:ee:8d:a0:41:
- db:6d:89:3e:97:d4:90:7d:63:8e:73:37:43:ae:9a:e2:d0:2b:
- a7:5e:b2:88:9b:4d:8f:b6:81:bf:f6:46:a0:87:ca:77:ec:5c:
- af:cd:6b:d8:e8:60:5a:aa:86:be:64:d5:ad:e9:1e:41:7b:6a:
- df:01:1d:16:86:94:57:82:51:91:be:6b:d6:ae:f0:b9:8c:3d:
- 11:99:c4:93:eb:f7:fa:9e:a3:e3:f8:97:19:cf:63:55:6a:6e:
- 4f:e9:a2:64:a7:35:0d:7e:68:23:89:e1:c6:06:4b:34:67:38:
- 40:d1:81:b3:73:95:3a:3b:67:d2:5a:e4:8e:49:34:b1:ab:6f:
- b6:60:87:ac:55:5d:f5:59:c0:d5:d3:d8:de:3b:76:c9:41:28:
- b4:d7:23:ec:a2:3f:1d:3f:74:2e:f0:45:40:35:38:d1:06:50:
- b2:93:45:df:de:33:5e:0b:89:86:d8:c9:14:61:1c:d2:94:21:
- 1f:bf:df:32:f0:2f:91:52:b0:08:b7:b9:c2:b7:55:2b:ca:05:
- e4:eb:91:e1:63:45:5d:1a:6f:e8:76:07:89:e8:42:3e:ec:7b:
- 51:0e:a0:d5:8e:c3:3d:26:e3:45:b0:5b:61:d1:98:3b:c3:d4:
- 37:9f:c1:7c
------BEGIN CERTIFICATE-----
-MIIDmzCCAoOgAwIBAgIRAP51g97yNVosK7oJcgvYCUgwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI4WhcNMjMxMDE1
-MTA0NzI4WjAbMRkwFwYDVQQDDBBkc29jbGFiLWtleWNsb2FrMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qnqay9snJ9tnIlOAbrGwDLfWSYrlfTCPch+
-Is62eAPoIiiBnJqmp7r9BWajUIGFccHZ6rwh4V0Kh3u+VbB9AVfeTP46xclUdy4V
-/BIH+O+fe/cJAXB1UzvcsQxlTUnE+x1CIG+BRULT2x1MVxsdO4E57rLPlUsp0Kg5
-mNaTNpm/xUMmjU3bbSQ7/BZ2of1vxhkRxxINgBZMiNosCXg9G3xs7NueAVBfo1Z/
-1DukJtJtQnuITo1k7R4aDgVYZVhHg2CetO0VznJPoLUi3Z+k2oiG/suEbnI9AELa
-i4Uq8u/X7ruFQrq5+9md0ixYD3wCI7dG0GkGN0CdWHSJyrcS5QIDAQABo4HeMIHb
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFP3Fd/h5rQp+aqAuO1hqn0NRVQvfMEYGA1Ud
-IwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NU
-T09MUy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
-AjALBgNVHQ8EBAMCBaAwOwYDVR0RBDQwMoIQZHNvY2xhYi1rZXljbG9ha4IeZHNv
-Y2xhYi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQCa
-wDWjaOzszMNlWr8D0O6NoEHbbYk+l9SQfWOOczdDrpri0CunXrKIm02PtoG/9kag
-h8p37FyvzWvY6GBaqoa+ZNWt6R5Be2rfAR0WhpRXglGRvmvWrvC5jD0RmcST6/f6
-nqPj+JcZz2NVam5P6aJkpzUNfmgjieHGBks0ZzhA0YGzc5U6O2fSWuSOSTSxq2+2
-YIesVV31WcDV09jeO3bJQSi01yPsoj8dP3Qu8EVANTjRBlCyk0Xf3jNeC4mG2MkU
-YRzSlCEfv98y8C+RUrAIt7nCt1UrygXk65HhY0VdGm/odgeJ6EI+7HtRDqDVjsM9
-JuNFsFth0Zg7w9Q3n8F8
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/extensions.temp b/roles/ca/files/CA/extensions.temp
deleted file mode 100644
index 5680ec98c31b681502f8c828605876ce30e19995..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/extensions.temp
+++ /dev/null
@@ -1,15 +0,0 @@
-# X509 extensions added to every signed cert
-
-# This file is included for every cert signed, and by default does nothing.
-# It could be used to add values every cert should have, such as a CDP as
-# demonstrated in the following example:
-
-#crlDistributionPoints = URI:http://example.net/pki/my_ca.crl
-# X509 extensions for a client
-
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-extendedKeyUsage = clientAuth
-keyUsage = digitalSignature
-
diff --git a/roles/ca/files/CA/index.txt b/roles/ca/files/CA/index.txt
deleted file mode 100644
index 221d42dd9a77ccea288c5b3e083e699777e86d7e..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/index.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-V 231015104725Z 01EC4DAD3E5E47CF4E4B98495932B337 unknown /CN=dsoclab-nifi-1
-V 231015104725Z 8B69055F8586CEDD21660B2493412660 unknown /CN=dsoclab-nifi-2
-V 231015104726Z 5969918F10EF8D2BAE46B26D6D629D8E unknown /CN=dsoclab-nifi-3
-V 231015104726Z 97D2D0CF2300C0A966D103CA89A99212 unknown /CN=dsoclab-odfe-1
-V 231015104727Z 560A99C5A03FC4B9FC92FDC62F419BB9 unknown /CN=dsoclab-odfe-2
-V 231015104727Z 7DFC33457573E8F16094A74E6B2F23F1 unknown /CN=dsoclab-kibana
-V 231015104728Z FE7583DEF2355A2C2BBA09720BD80948 unknown /CN=dsoclab-keycloak
-V 231015104728Z 7587FCE4CF3EC68117199076B12CD5D2 unknown /CN=dsoclab-misp
-V 231015104729Z 61095C2C8D35EE291C99CEABD42B3CA4 unknown /CN=dsoclab-thehive
-V 231015104729Z 5DC4BC495FA076A813A4C23261640D92 unknown /CN=dsoclab-cortex
-V 231015104730Z D27B43CB9BFB09CFCC86EFD1019A42FC unknown /CN=dsoclab-haproxy
-V 231015104752Z 1DD9AF5415359961C578D1B98BFA6E9F unknown /CN=Bozidar Proevski
-V 231015104752Z A7217943DDD1145BC6F68CBA362CB35B unknown /CN=Arne Oslebo
diff --git a/roles/ca/files/CA/index.txt.attr b/roles/ca/files/CA/index.txt.attr
deleted file mode 100644
index 3a7e39e6ee60a25017c2fd64fed55b665faa387c..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/index.txt.attr
+++ /dev/null
@@ -1 +0,0 @@
-unique_subject = no
diff --git a/roles/ca/files/CA/index.txt.attr.old b/roles/ca/files/CA/index.txt.attr.old
deleted file mode 100644
index 3a7e39e6ee60a25017c2fd64fed55b665faa387c..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/index.txt.attr.old
+++ /dev/null
@@ -1 +0,0 @@
-unique_subject = no
diff --git a/roles/ca/files/CA/index.txt.old b/roles/ca/files/CA/index.txt.old
deleted file mode 100644
index 022f25472252e7019c5dc2c66f9ba279f0e2b11f..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/index.txt.old
+++ /dev/null
@@ -1,12 +0,0 @@
-V 231015104725Z 01EC4DAD3E5E47CF4E4B98495932B337 unknown /CN=dsoclab-nifi-1
-V 231015104725Z 8B69055F8586CEDD21660B2493412660 unknown /CN=dsoclab-nifi-2
-V 231015104726Z 5969918F10EF8D2BAE46B26D6D629D8E unknown /CN=dsoclab-nifi-3
-V 231015104726Z 97D2D0CF2300C0A966D103CA89A99212 unknown /CN=dsoclab-odfe-1
-V 231015104727Z 560A99C5A03FC4B9FC92FDC62F419BB9 unknown /CN=dsoclab-odfe-2
-V 231015104727Z 7DFC33457573E8F16094A74E6B2F23F1 unknown /CN=dsoclab-kibana
-V 231015104728Z FE7583DEF2355A2C2BBA09720BD80948 unknown /CN=dsoclab-keycloak
-V 231015104728Z 7587FCE4CF3EC68117199076B12CD5D2 unknown /CN=dsoclab-misp
-V 231015104729Z 61095C2C8D35EE291C99CEABD42B3CA4 unknown /CN=dsoclab-thehive
-V 231015104729Z 5DC4BC495FA076A813A4C23261640D92 unknown /CN=dsoclab-cortex
-V 231015104730Z D27B43CB9BFB09CFCC86EFD1019A42FC unknown /CN=dsoclab-haproxy
-V 231015104752Z 1DD9AF5415359961C578D1B98BFA6E9F unknown /CN=Bozidar Proevski
diff --git a/roles/ca/files/CA/issued/Arne Oslebo.crt b/roles/ca/files/CA/issued/Arne Oslebo.crt
deleted file mode 100644
index 4baf981ca39d7c8e6270b7823a40dd9e1661d9c3..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/issued/Arne Oslebo.crt
+++ /dev/null
@@ -1,84 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- a7:21:79:43:dd:d1:14:5b:c6:f6:8c:ba:36:2c:b3:5b
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:52 2020 GMT
- Not After : Oct 15 10:47:52 2023 GMT
- Subject: CN=Arne Oslebo
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ce:4c:02:19:21:6e:1c:f2:ed:93:d8:fd:bc:1a:
- a4:c2:11:3b:e1:55:73:e5:26:92:d3:d9:e8:a6:dd:
- 7d:a2:1d:be:6a:7c:64:06:39:60:33:38:7d:6a:ca:
- 89:9d:e5:11:58:21:69:f3:3a:88:5e:ea:e5:2e:e1:
- 9d:bb:00:1f:59:19:69:4f:6b:32:3d:2f:1a:da:95:
- 3d:99:95:53:9f:b2:ea:db:13:48:63:2d:4a:dc:0c:
- 4b:a6:1c:4c:62:e2:d0:11:25:67:cb:80:52:02:e8:
- f8:3b:3c:eb:cb:f4:71:03:5a:be:d9:a0:49:fe:d1:
- 72:fe:4f:be:e1:ac:a1:ed:a5:15:06:f4:4e:c9:06:
- ab:9b:92:c2:3e:b9:58:0c:f4:15:0e:04:c0:91:1b:
- 85:73:9d:b6:97:a1:6c:70:0a:1a:a0:ce:4c:8d:ac:
- 29:e4:c5:17:00:26:03:44:32:a8:7b:83:52:49:43:
- 60:11:53:c8:1e:b8:eb:9f:1f:e3:13:54:81:77:c4:
- 47:4a:2e:20:8d:48:8c:91:2e:e0:d4:e5:37:0b:5c:
- bb:5f:40:37:92:e9:60:3b:a0:f9:98:7f:6d:b3:20:
- 92:3c:da:8c:f0:79:81:f2:ea:77:ba:b4:7b:06:54:
- 75:89:77:7e:ad:08:3a:ae:1e:dc:1c:11:63:08:43:
- 14:97
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- BA:57:27:B7:A6:72:56:05:70:2F:E2:6E:47:CA:0F:2F:C4:26:44:86
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 53:30:05:cf:78:2f:0b:25:a1:64:0a:94:06:11:9b:a8:07:d3:
- 5d:4f:0c:80:78:9c:cb:8e:07:d8:21:29:68:d0:ea:43:55:3f:
- 14:18:dc:40:cc:a4:84:da:11:24:07:71:35:63:49:3e:bc:10:
- 3a:93:cd:b8:61:22:e1:43:a8:d4:c5:2b:13:e4:27:62:00:f1:
- c8:31:d0:27:05:27:6b:0e:77:df:1b:f0:e5:6e:d9:0b:8a:9a:
- 0b:5f:97:20:2c:dd:e1:37:64:94:1a:9e:f7:a7:63:37:88:71:
- 0e:57:a2:da:10:1f:2c:a3:a9:e1:40:01:48:58:74:2e:b3:11:
- 8f:d1:21:30:49:b9:53:29:c5:92:85:85:6b:51:20:05:b4:c5:
- af:b9:b2:9b:a3:50:1d:59:ac:fa:bf:33:57:61:f4:f1:c3:ee:
- a2:9a:99:b2:04:de:8b:fc:d2:3c:58:38:ab:9d:d2:6d:f2:e3:
- 0c:69:a5:76:78:df:ae:c9:67:0a:97:55:3d:f0:8f:5a:5e:de:
- e6:56:1b:4e:66:c9:34:77:97:54:d4:66:e2:24:3c:f0:43:01:
- 24:05:0c:32:a0:65:38:09:53:6c:0e:38:ea:7c:b1:d6:51:11:
- 60:8f:28:9f:ab:13:d0:75:f3:93:13:f2:1e:a4:bd:18:ae:b0:
- 0f:f6:29:d4
------BEGIN CERTIFICATE-----
-MIIDTzCCAjegAwIBAgIRAKcheUPd0RRbxvaMujYss1swDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzUyWhcNMjMxMDE1
-MTA0NzUyWjAWMRQwEgYDVQQDDAtBcm5lIE9zbGVibzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAM5MAhkhbhzy7ZPY/bwapMIRO+FVc+UmktPZ6KbdfaId
-vmp8ZAY5YDM4fWrKiZ3lEVghafM6iF7q5S7hnbsAH1kZaU9rMj0vGtqVPZmVU5+y
-6tsTSGMtStwMS6YcTGLi0BElZ8uAUgLo+Ds868v0cQNavtmgSf7Rcv5PvuGsoe2l
-FQb0TskGq5uSwj65WAz0FQ4EwJEbhXOdtpehbHAKGqDOTI2sKeTFFwAmA0QyqHuD
-UklDYBFTyB64658f4xNUgXfER0ouII1IjJEu4NTlNwtcu19AN5LpYDug+Zh/bbMg
-kjzajPB5gfLqd7q0ewZUdYl3fq0IOq4e3BwRYwhDFJcCAwEAAaOBlzCBlDAJBgNV
-HRMEAjAAMB0GA1UdDgQWBBS6Vye3pnJWBXAv4m5Hyg8vxCZEhjBGBgNVHSMEPzA9
-gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
-Q0GCCQCKdJMmgFtCtzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4Aw
-DQYJKoZIhvcNAQELBQADggEBAFMwBc94LwsloWQKlAYRm6gH011PDIB4nMuOB9gh
-KWjQ6kNVPxQY3EDMpITaESQHcTVjST68EDqTzbhhIuFDqNTFKxPkJ2IA8cgx0CcF
-J2sOd98b8OVu2QuKmgtflyAs3eE3ZJQanvenYzeIcQ5XotoQHyyjqeFAAUhYdC6z
-EY/RITBJuVMpxZKFhWtRIAW0xa+5spujUB1ZrPq/M1dh9PHD7qKambIE3ov80jxY
-OKud0m3y4wxppXZ4367JZwqXVT3wj1pe3uZWG05myTR3l1TUZuIkPPBDASQFDDKg
-ZTgJU2wOOOp8sdZREWCPKJ+rE9B185MT8h6kvRiusA/2KdQ=
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/Bozidar Proevski.crt b/roles/ca/files/CA/issued/Bozidar Proevski.crt
deleted file mode 100644
index af57c1e1d395c9d3bdbf1f4c5c18458fdcc4e02d..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/issued/Bozidar Proevski.crt
+++ /dev/null
@@ -1,84 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 1d:d9:af:54:15:35:99:61:c5:78:d1:b9:8b:fa:6e:9f
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:52 2020 GMT
- Not After : Oct 15 10:47:52 2023 GMT
- Subject: CN=Bozidar Proevski
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:9a:de:00:fd:f1:e9:b9:29:d9:58:d0:47:21:cf:
- 4b:67:17:f7:a9:02:93:17:cf:57:5b:6f:db:26:90:
- 30:09:0b:d9:c5:66:5e:f6:22:66:ab:48:06:aa:6c:
- 88:b3:fd:93:45:a4:60:c9:5f:2b:6c:af:db:68:5e:
- 27:e6:85:71:27:b7:20:52:61:df:14:1b:da:06:39:
- b2:21:20:4b:22:48:b7:4b:76:44:02:b1:89:5f:0e:
- 59:22:cb:b9:c9:1e:8d:a0:ac:28:5d:e5:ae:c8:ea:
- cc:05:20:a2:60:11:12:8d:6d:88:0a:73:e8:7c:68:
- 9c:48:2c:c9:a8:c6:9d:c3:3c:c1:e7:f4:07:f7:5b:
- 6e:42:3d:3d:0f:85:6f:e2:b9:88:a9:d0:02:84:b8:
- 19:6a:ae:13:a1:97:50:98:16:c8:0c:1b:bd:02:c8:
- 5f:a3:2f:73:7e:25:f8:8c:e7:92:43:c7:6a:75:bc:
- 85:ea:1c:47:28:ce:2c:9b:3a:8f:a8:07:e9:8c:8a:
- 75:3e:c1:97:32:ce:e3:c5:ca:1e:0a:d7:3c:77:0a:
- d2:ab:51:c3:e5:dc:37:90:1a:35:bf:a0:4a:aa:bd:
- 38:ef:9e:6d:f8:81:37:7f:d3:77:23:c6:5b:63:98:
- 64:07:2f:47:fd:7d:21:2f:57:c2:d8:44:00:c2:29:
- 22:79
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- A3:9F:29:21:E0:E5:18:E4:CB:4C:2D:7F:84:2F:AF:F2:49:F0:83:3A
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- ad:cb:66:5d:b7:29:e5:19:7b:7c:ae:23:50:58:34:db:c9:79:
- 39:de:57:83:34:03:6d:bc:bf:e2:31:79:9d:2b:a2:7a:e0:c4:
- c8:19:96:e0:20:f3:05:2a:a6:f4:b8:90:c4:ea:8d:5e:86:e1:
- 13:99:59:0f:da:c8:3d:96:0d:78:04:4f:26:9c:6a:7c:8e:50:
- 5a:30:f1:37:dc:26:99:28:35:f8:25:b9:4b:f8:d2:f0:d3:b5:
- 61:32:c9:9c:43:39:21:43:c1:de:0d:4d:8e:e5:6f:a1:58:e5:
- 01:84:d6:a5:de:88:2a:55:9f:ec:de:be:b1:13:61:33:dd:50:
- 19:89:dd:11:48:5e:c2:14:8d:69:8f:a9:43:73:80:71:8f:54:
- ba:da:74:b4:26:ec:5b:82:88:84:90:6d:f7:58:3f:78:d3:20:
- 5b:c3:9b:82:85:b7:ef:98:12:4f:ba:e8:38:f3:8c:af:85:91:
- 66:40:fe:a9:b2:fd:d6:76:ad:70:b7:b5:33:88:64:31:97:81:
- d9:c6:ec:47:9b:af:3f:31:c8:de:0c:cc:88:3d:b7:6f:6f:19:
- 24:f1:ae:ff:de:95:31:3f:38:e5:ed:a1:e1:e4:6b:54:1f:26:
- b8:53:79:cf:fe:89:ba:bc:35:a1:bc:2f:8a:07:a2:eb:0d:90:
- 72:ad:8a:60
------BEGIN CERTIFICATE-----
-MIIDUzCCAjugAwIBAgIQHdmvVBU1mWHFeNG5i/punzANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3NTJaFw0yMzEwMTUx
-MDQ3NTJaMBsxGTAXBgNVBAMMEEJvemlkYXIgUHJvZXZza2kwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQCa3gD98em5KdlY0Echz0tnF/epApMXz1dbb9sm
-kDAJC9nFZl72ImarSAaqbIiz/ZNFpGDJXytsr9toXifmhXEntyBSYd8UG9oGObIh
-IEsiSLdLdkQCsYlfDlkiy7nJHo2grChd5a7I6swFIKJgERKNbYgKc+h8aJxILMmo
-xp3DPMHn9Af3W25CPT0PhW/iuYip0AKEuBlqrhOhl1CYFsgMG70CyF+jL3N+JfiM
-55JDx2p1vIXqHEcoziybOo+oB+mMinU+wZcyzuPFyh4K1zx3CtKrUcPl3DeQGjW/
-oEqqvTjvnm34gTd/03cjxltjmGQHL0f9fSEvV8LYRADCKSJ5AgMBAAGjgZcwgZQw
-CQYDVR0TBAIwADAdBgNVHQ4EFgQUo58pIeDlGOTLTC1/hC+v8knwgzowRgYDVR0j
-BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
-T0xTLUNBggkAinSTJoBbQrcwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQD
-AgeAMA0GCSqGSIb3DQEBCwUAA4IBAQCty2ZdtynlGXt8riNQWDTbyXk53leDNANt
-vL/iMXmdK6J64MTIGZbgIPMFKqb0uJDE6o1ehuETmVkP2sg9lg14BE8mnGp8jlBa
-MPE33CaZKDX4JblL+NLw07VhMsmcQzkhQ8HeDU2O5W+hWOUBhNal3ogqVZ/s3r6x
-E2Ez3VAZid0RSF7CFI1pj6lDc4Bxj1S62nS0JuxbgoiEkG33WD940yBbw5uChbfv
-mBJPuug484yvhZFmQP6psv3Wdq1wt7UziGQxl4HZxuxHm68/McjeDMyIPbdvbxkk
-8a7/3pUxPzjl7aHh5GtUHya4U3nP/om6vDWhvC+KB6LrDZByrYpg
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-cortex.crt b/roles/ca/files/CA/issued/dsoclab-cortex.crt
deleted file mode 100644
index a743bd0055110d9dbad79cdcc70e2ccfe946b100..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/issued/dsoclab-cortex.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 5d:c4:bc:49:5f:a0:76:a8:13:a4:c2:32:61:64:0d:92
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:29 2020 GMT
- Not After : Oct 15 10:47:29 2023 GMT
- Subject: CN=dsoclab-cortex
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:cd:09:6b:14:33:4a:47:75:5b:d3:d9:67:3b:4d:
- ad:1f:a7:1f:33:ab:86:b1:aa:3b:09:ab:1a:a6:fb:
- a0:60:04:e3:68:33:0e:85:54:d1:70:61:8a:b9:d5:
- d6:b5:6c:c2:b3:36:02:94:b7:1d:18:93:5f:88:81:
- ff:2a:f4:99:58:6d:d7:96:e2:d2:64:77:b9:74:44:
- 3c:f0:fb:5b:0f:43:7d:38:5d:fe:b0:db:05:7a:a9:
- c5:10:24:75:13:c8:2d:da:69:be:e3:43:33:f0:28:
- 30:9a:53:f8:f8:d3:10:32:35:ec:1d:87:ab:1e:2c:
- b5:00:7c:9f:8f:61:e0:5d:56:15:8c:46:45:09:78:
- 02:78:10:c0:af:2f:25:6c:c2:5b:ed:5f:c1:33:0b:
- f8:c8:13:dc:df:c3:fc:05:90:ff:06:9e:cb:bc:1d:
- 2b:c2:57:f2:bd:aa:22:b3:4b:f5:ca:b2:b8:00:18:
- f1:14:10:b8:5e:69:9f:ed:fc:04:83:d9:2e:b7:9a:
- 8a:45:1c:54:71:8f:61:02:6a:8a:84:2f:67:df:92:
- 3a:0c:5f:e5:b6:e7:6c:27:69:1f:5b:06:d6:7f:e6:
- df:ab:2f:31:a5:cd:63:32:60:c0:07:50:6c:0d:39:
- cb:68:ae:3c:b2:da:0f:20:06:77:2c:28:ab:3a:30:
- 92:1b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 9A:0E:E1:26:13:A7:12:5F:A4:F1:41:C0:09:FC:AD:EB:4E:66:C2:50
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-cortex, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 27:2e:a1:0c:8d:fb:b1:36:ff:4e:ac:00:91:75:81:4b:20:79:
- 3f:da:1c:e1:80:b9:8c:6b:60:47:a5:8c:bf:1f:34:98:61:95:
- 00:bb:79:d4:9e:c8:fb:dc:fb:6a:48:b2:69:d1:1a:04:cc:52:
- ca:0b:48:01:3e:94:1e:68:0b:e3:4d:fa:12:c4:aa:ff:b6:5b:
- 0c:3c:80:21:fe:50:87:8a:14:3a:7d:e7:a3:5e:b6:dc:22:ba:
- cc:97:69:00:a8:78:08:dd:66:d1:cb:ca:28:41:b9:cc:8a:6b:
- 7c:40:b7:5e:1d:a1:88:5a:b3:fd:18:77:e9:c4:48:fd:38:8f:
- 06:6e:78:0e:f1:1a:1b:b2:6c:0a:df:38:11:e3:5a:3d:2a:5b:
- de:41:63:14:ab:25:8e:a6:9f:a8:b7:32:9e:dc:23:45:f3:6b:
- 6d:86:b7:17:b3:53:df:55:bd:cb:41:a1:b7:73:ae:21:1b:68:
- b3:b1:0a:e5:e6:0c:2a:77:76:23:f3:87:ee:5f:0e:6d:cd:3b:
- 94:9a:6f:f2:fd:4f:2d:72:a3:21:94:55:c0:4a:6c:2b:13:e3:
- 82:13:a5:1f:82:6b:ae:6e:e2:ec:eb:7a:25:6a:f2:9e:45:d7:
- 0a:7d:75:be:9d:f7:94:6f:ce:a5:27:d6:9b:dc:d2:12:54:64:
- 09:c4:f6:a9
------BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgIQXcS8SV+gdqgTpMIyYWQNkjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
-MDQ3MjlaMBkxFzAVBgNVBAMMDmRzb2NsYWItY29ydGV4MIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAzQlrFDNKR3Vb09lnO02tH6cfM6uGsao7Casapvug
-YATjaDMOhVTRcGGKudXWtWzCszYClLcdGJNfiIH/KvSZWG3XluLSZHe5dEQ88Ptb
-D0N9OF3+sNsFeqnFECR1E8gt2mm+40Mz8CgwmlP4+NMQMjXsHYerHiy1AHyfj2Hg
-XVYVjEZFCXgCeBDAry8lbMJb7V/BMwv4yBPc38P8BZD/Bp7LvB0rwlfyvaois0v1
-yrK4ABjxFBC4Xmmf7fwEg9kut5qKRRxUcY9hAmqKhC9n35I6DF/ltudsJ2kfWwbW
-f+bfqy8xpc1jMmDAB1BsDTnLaK48stoPIAZ3LCirOjCSGwIDAQABo4HcMIHZMAkG
-A1UdEwQCMAAwHQYDVR0OBBYEFJoO4SYTpxJfpPFBwAn8retOZsJQMEYGA1UdIwQ/
-MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
-Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
-BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1jb3J0ZXiCHmRzb2NsYWIu
-Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAJy6hDI37
-sTb/TqwAkXWBSyB5P9oc4YC5jGtgR6WMvx80mGGVALt51J7I+9z7akiyadEaBMxS
-ygtIAT6UHmgL4036EsSq/7ZbDDyAIf5Qh4oUOn3no1623CK6zJdpAKh4CN1m0cvK
-KEG5zIprfEC3Xh2hiFqz/Rh36cRI/TiPBm54DvEaG7JsCt84EeNaPSpb3kFjFKsl
-jqafqLcyntwjRfNrbYa3F7NT31W9y0Ght3OuIRtos7EK5eYMKnd2I/OH7l8Obc07
-lJpv8v1PLXKjIZRVwEpsKxPjghOlH4Jrrm7i7Ot6JWrynkXXCn11vp33lG/OpSfW
-m9zSElRkCcT2qQ==
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-haproxy.crt b/roles/ca/files/CA/issued/dsoclab-haproxy.crt
deleted file mode 100644
index 5be39cb377745bb5bc5303c2b7d55d44877f9260..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/issued/dsoclab-haproxy.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- d2:7b:43:cb:9b:fb:09:cf:cc:86:ef:d1:01:9a:42:fc
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:30 2020 GMT
- Not After : Oct 15 10:47:30 2023 GMT
- Subject: CN=dsoclab-haproxy
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:c9:c7:22:33:0b:0b:0f:a0:8c:c4:a9:81:37:bd:
- 51:2f:47:32:fa:1b:88:45:b1:bb:11:43:3d:de:b3:
- 70:67:d7:8b:39:5a:8f:13:fb:2f:78:08:b1:b1:32:
- c6:d1:0e:e4:d3:2e:3a:db:84:db:d2:65:6b:26:24:
- 6c:d7:16:e5:a5:90:8e:02:46:13:02:0a:96:66:46:
- 87:b7:b0:ee:56:4c:3c:d8:ae:4c:7d:ef:5b:aa:6e:
- 01:8e:89:fe:4c:b9:de:6c:ba:e4:3f:8d:f8:d7:3a:
- ed:b2:29:9a:5b:ac:5a:86:66:05:f3:19:2f:59:8d:
- 7c:8b:6a:97:1e:43:8a:36:80:b2:e9:e1:84:f6:94:
- bc:13:11:31:b8:d2:5a:72:ed:68:c3:b1:37:e4:5b:
- 91:82:62:aa:13:f2:b6:e0:3a:aa:85:66:70:0a:a9:
- ad:5c:a7:52:ff:dc:f9:99:5e:e5:15:d5:0c:fe:cd:
- 27:cb:98:9e:5a:69:ca:71:74:31:e6:26:df:ec:d2:
- 42:43:b9:f3:04:8e:2c:7a:28:a6:f9:8e:ba:64:3c:
- 69:0e:ac:f5:dc:d5:f3:2a:50:47:50:d4:8c:f5:ee:
- 31:08:73:69:1f:ae:42:1d:52:84:5d:47:68:dd:a3:
- 1f:07:57:ec:3e:9e:0d:23:78:16:41:bc:68:f2:4f:
- e9:19
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 49:DC:74:02:17:71:C3:D0:A0:64:31:9E:60:2B:B4:38:43:62:DE:98
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-haproxy, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 04:a0:71:31:d2:11:93:09:96:c8:1b:2a:31:b8:b9:34:07:ac:
- 89:cb:b0:6c:b0:f0:17:5f:18:3c:a6:96:ca:b3:fa:c7:af:40:
- 17:e1:7e:e4:dc:ee:fe:5c:dc:86:40:b7:2f:9d:c0:9e:fd:16:
- 6b:85:ab:c2:a8:63:1f:fe:03:2b:89:6a:80:c9:2e:ae:cc:3d:
- 19:75:32:0e:56:57:16:27:02:51:49:1d:b3:78:aa:57:d3:00:
- 9b:93:fe:6d:a3:37:ad:26:35:57:e1:5f:90:bf:ef:30:bc:68:
- f3:bf:7c:59:69:4f:61:30:2d:48:66:a6:44:2a:51:63:6e:4f:
- a7:8f:96:7e:91:b2:b2:46:bc:97:1b:01:df:c0:24:5c:b2:aa:
- 8d:20:3a:25:5d:8a:1c:84:53:0d:d4:f6:d5:81:5d:30:de:c4:
- d7:fa:42:9c:79:68:92:56:b7:76:69:c6:c9:ad:07:47:a6:d2:
- 46:d4:a5:0c:10:a9:03:21:4d:56:40:e5:28:e3:fa:70:1b:23:
- 32:68:07:3d:d6:8a:3a:fb:6d:3b:a6:20:16:1b:09:f3:47:f0:
- 2a:4f:dc:97:86:56:37:96:42:1b:89:b8:76:1a:ab:7a:25:4e:
- e8:62:d9:a0:3b:ec:62:72:64:64:ca:87:9c:be:0a:08:09:52:
- ab:03:89:2b
------BEGIN CERTIFICATE-----
-MIIDmTCCAoGgAwIBAgIRANJ7Q8ub+wnPzIbv0QGaQvwwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzMwWhcNMjMxMDE1
-MTA0NzMwWjAaMRgwFgYDVQQDDA9kc29jbGFiLWhhcHJveHkwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDJxyIzCwsPoIzEqYE3vVEvRzL6G4hFsbsRQz3e
-s3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsmJGzXFuWlkI4CRhMCCpZmRoe3
-sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2yKZpbrFqGZgXzGS9ZjXyLapce
-Q4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT8rbgOqqFZnAKqa1cp1L/3PmZ
-XuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6KKb5jrpkPGkOrPXc1fMqUEdQ
-1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZBvGjyT+kZAgMBAAGjgd0wgdow
-CQYDVR0TBAIwADAdBgNVHQ4EFgQUSdx0Ahdxw9CgZDGeYCu0OENi3pgwRgYDVR0j
-BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
-T0xTLUNBggkAinSTJoBbQrcwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
-MAsGA1UdDwQEAwIFoDA6BgNVHREEMzAxgg9kc29jbGFiLWhhcHJveHmCHmRzb2Ns
-YWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEABKBx
-MdIRkwmWyBsqMbi5NAesicuwbLDwF18YPKaWyrP6x69AF+F+5Nzu/lzchkC3L53A
-nv0Wa4WrwqhjH/4DK4lqgMkursw9GXUyDlZXFicCUUkds3iqV9MAm5P+baM3rSY1
-V+FfkL/vMLxo8798WWlPYTAtSGamRCpRY25Pp4+WfpGyska8lxsB38AkXLKqjSA6
-JV2KHIRTDdT21YFdMN7E1/pCnHlokla3dmnGya0HR6bSRtSlDBCpAyFNVkDlKOP6
-cBsjMmgHPdaKOvttO6YgFhsJ80fwKk/cl4ZWN5ZCG4m4dhqreiVO6GLZoDvsYnJk
-ZMqHnL4KCAlSqwOJKw==
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-keycloak.crt b/roles/ca/files/CA/issued/dsoclab-keycloak.crt
deleted file mode 100644
index 92b6893716cacfa9e7fb863ad4c4379077e7ac1e..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/issued/dsoclab-keycloak.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- fe:75:83:de:f2:35:5a:2c:2b:ba:09:72:0b:d8:09:48
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:28 2020 GMT
- Not After : Oct 15 10:47:28 2023 GMT
- Subject: CN=dsoclab-keycloak
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ea:a9:ea:6b:2f:6c:9c:9f:6d:9c:89:4e:01:ba:
- c6:c0:32:df:59:26:2b:95:f4:c2:3d:c8:7e:22:ce:
- b6:78:03:e8:22:28:81:9c:9a:a6:a7:ba:fd:05:66:
- a3:50:81:85:71:c1:d9:ea:bc:21:e1:5d:0a:87:7b:
- be:55:b0:7d:01:57:de:4c:fe:3a:c5:c9:54:77:2e:
- 15:fc:12:07:f8:ef:9f:7b:f7:09:01:70:75:53:3b:
- dc:b1:0c:65:4d:49:c4:fb:1d:42:20:6f:81:45:42:
- d3:db:1d:4c:57:1b:1d:3b:81:39:ee:b2:cf:95:4b:
- 29:d0:a8:39:98:d6:93:36:99:bf:c5:43:26:8d:4d:
- db:6d:24:3b:fc:16:76:a1:fd:6f:c6:19:11:c7:12:
- 0d:80:16:4c:88:da:2c:09:78:3d:1b:7c:6c:ec:db:
- 9e:01:50:5f:a3:56:7f:d4:3b:a4:26:d2:6d:42:7b:
- 88:4e:8d:64:ed:1e:1a:0e:05:58:65:58:47:83:60:
- 9e:b4:ed:15:ce:72:4f:a0:b5:22:dd:9f:a4:da:88:
- 86:fe:cb:84:6e:72:3d:00:42:da:8b:85:2a:f2:ef:
- d7:ee:bb:85:42:ba:b9:fb:d9:9d:d2:2c:58:0f:7c:
- 02:23:b7:46:d0:69:06:37:40:9d:58:74:89:ca:b7:
- 12:e5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- FD:C5:77:F8:79:AD:0A:7E:6A:A0:2E:3B:58:6A:9F:43:51:55:0B:DF
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-keycloak, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 9a:c0:35:a3:68:ec:ec:cc:c3:65:5a:bf:03:d0:ee:8d:a0:41:
- db:6d:89:3e:97:d4:90:7d:63:8e:73:37:43:ae:9a:e2:d0:2b:
- a7:5e:b2:88:9b:4d:8f:b6:81:bf:f6:46:a0:87:ca:77:ec:5c:
- af:cd:6b:d8:e8:60:5a:aa:86:be:64:d5:ad:e9:1e:41:7b:6a:
- df:01:1d:16:86:94:57:82:51:91:be:6b:d6:ae:f0:b9:8c:3d:
- 11:99:c4:93:eb:f7:fa:9e:a3:e3:f8:97:19:cf:63:55:6a:6e:
- 4f:e9:a2:64:a7:35:0d:7e:68:23:89:e1:c6:06:4b:34:67:38:
- 40:d1:81:b3:73:95:3a:3b:67:d2:5a:e4:8e:49:34:b1:ab:6f:
- b6:60:87:ac:55:5d:f5:59:c0:d5:d3:d8:de:3b:76:c9:41:28:
- b4:d7:23:ec:a2:3f:1d:3f:74:2e:f0:45:40:35:38:d1:06:50:
- b2:93:45:df:de:33:5e:0b:89:86:d8:c9:14:61:1c:d2:94:21:
- 1f:bf:df:32:f0:2f:91:52:b0:08:b7:b9:c2:b7:55:2b:ca:05:
- e4:eb:91:e1:63:45:5d:1a:6f:e8:76:07:89:e8:42:3e:ec:7b:
- 51:0e:a0:d5:8e:c3:3d:26:e3:45:b0:5b:61:d1:98:3b:c3:d4:
- 37:9f:c1:7c
------BEGIN CERTIFICATE-----
-MIIDmzCCAoOgAwIBAgIRAP51g97yNVosK7oJcgvYCUgwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI4WhcNMjMxMDE1
-MTA0NzI4WjAbMRkwFwYDVQQDDBBkc29jbGFiLWtleWNsb2FrMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qnqay9snJ9tnIlOAbrGwDLfWSYrlfTCPch+
-Is62eAPoIiiBnJqmp7r9BWajUIGFccHZ6rwh4V0Kh3u+VbB9AVfeTP46xclUdy4V
-/BIH+O+fe/cJAXB1UzvcsQxlTUnE+x1CIG+BRULT2x1MVxsdO4E57rLPlUsp0Kg5
-mNaTNpm/xUMmjU3bbSQ7/BZ2of1vxhkRxxINgBZMiNosCXg9G3xs7NueAVBfo1Z/
-1DukJtJtQnuITo1k7R4aDgVYZVhHg2CetO0VznJPoLUi3Z+k2oiG/suEbnI9AELa
-i4Uq8u/X7ruFQrq5+9md0ixYD3wCI7dG0GkGN0CdWHSJyrcS5QIDAQABo4HeMIHb
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFP3Fd/h5rQp+aqAuO1hqn0NRVQvfMEYGA1Ud
-IwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NU
-T09MUy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
-AjALBgNVHQ8EBAMCBaAwOwYDVR0RBDQwMoIQZHNvY2xhYi1rZXljbG9ha4IeZHNv
-Y2xhYi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQCa
-wDWjaOzszMNlWr8D0O6NoEHbbYk+l9SQfWOOczdDrpri0CunXrKIm02PtoG/9kag
-h8p37FyvzWvY6GBaqoa+ZNWt6R5Be2rfAR0WhpRXglGRvmvWrvC5jD0RmcST6/f6
-nqPj+JcZz2NVam5P6aJkpzUNfmgjieHGBks0ZzhA0YGzc5U6O2fSWuSOSTSxq2+2
-YIesVV31WcDV09jeO3bJQSi01yPsoj8dP3Qu8EVANTjRBlCyk0Xf3jNeC4mG2MkU
-YRzSlCEfv98y8C+RUrAIt7nCt1UrygXk65HhY0VdGm/odgeJ6EI+7HtRDqDVjsM9
-JuNFsFth0Zg7w9Q3n8F8
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-kibana.crt b/roles/ca/files/CA/issued/dsoclab-kibana.crt
deleted file mode 100644
index f47839f66eda87805afce110cf5d0c2e136e8abe..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/issued/dsoclab-kibana.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 7d:fc:33:45:75:73:e8:f1:60:94:a7:4e:6b:2f:23:f1
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:27 2020 GMT
- Not After : Oct 15 10:47:27 2023 GMT
- Subject: CN=dsoclab-kibana
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ce:4f:c9:0f:84:4d:4e:7b:dc:11:90:c9:49:a8:
- f3:60:44:a8:25:1b:59:83:64:0b:d1:e0:bc:59:50:
- 22:a5:f5:88:7a:c8:40:65:e4:22:3d:77:d2:8f:9e:
- 30:17:80:5e:20:85:bc:70:67:61:cb:d8:e2:9f:9a:
- 7c:7b:a6:e8:4e:79:7b:cd:86:6e:26:52:37:45:b6:
- ab:b7:6f:40:8f:7a:55:8b:d1:91:cc:21:6f:55:37:
- 50:3b:72:1f:2d:3b:bf:75:47:91:88:6a:1c:ea:39:
- dd:8b:25:31:55:0e:bc:52:6f:bf:0b:96:ef:e3:12:
- 5c:da:63:22:54:e5:b3:95:8b:02:9e:57:3e:7b:4f:
- a0:f5:6f:07:a8:5b:45:7c:cb:34:83:77:34:a5:b1:
- ff:05:12:88:8f:cc:c4:05:5d:e9:e7:7d:2b:12:fa:
- bb:4d:25:f4:f7:04:e7:95:06:95:ea:a9:c4:75:4e:
- f7:03:67:2d:9c:9a:f4:01:f6:2a:8d:6c:6d:d0:59:
- a9:ce:1f:12:b1:76:39:c8:07:d4:20:73:1e:f3:9c:
- b9:67:83:3b:a8:7c:6e:fb:86:ea:3f:6a:8e:98:4c:
- 39:a9:d1:4d:be:9f:0a:43:49:1b:fd:09:67:b6:62:
- 71:fd:87:9a:63:25:00:aa:c7:a1:4d:23:12:e3:56:
- 0f:6f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 50:F3:7D:4F:B2:8C:A5:09:FD:64:CB:C1:97:F1:F8:49:C8:6B:30:4D
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-kibana, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- ae:be:82:6f:6d:e6:c4:cb:c3:2a:d9:d6:ee:11:52:a6:de:89:
- 9e:31:a3:e2:86:07:e9:d1:fe:95:c9:a2:38:90:df:05:ff:e5:
- 99:27:e8:d8:55:00:8a:85:b3:15:a5:e5:5b:ce:4e:4f:01:3b:
- 74:a4:b2:09:fc:6e:95:92:94:2f:76:0d:c7:97:1b:78:c1:08:
- 1e:3a:0e:fa:a6:ab:db:1e:22:26:86:39:f4:bb:89:a1:a1:d1:
- 55:f6:c3:ff:9b:a5:eb:1b:6a:84:8a:1d:3c:5f:7c:03:0d:08:
- 42:6f:d7:14:86:61:38:66:65:f7:c2:86:68:db:81:e9:41:0f:
- 82:cf:bb:be:fd:d7:94:48:cc:f8:cf:4a:40:ce:33:c4:75:51:
- 00:7e:c7:93:f6:3b:92:c1:5e:8a:ce:5f:2c:c2:f4:fe:ec:77:
- 9e:ea:30:d9:53:ee:f9:b9:fd:50:f5:6b:92:1c:57:d2:e0:f3:
- 05:d8:79:a9:63:16:13:09:cf:5f:39:dc:ec:43:e4:65:45:43:
- 65:e4:7c:39:a3:a2:81:47:ab:8f:57:a9:89:9d:56:4b:77:b1:
- 04:c8:9c:54:d2:5c:28:f5:d3:66:ae:9a:9c:a5:91:c7:eb:20:
- 69:fb:58:99:c7:5e:be:ec:4a:7a:62:09:fe:3b:30:f2:4a:d7:
- 1d:f9:0b:c3
------BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgIQffwzRXVz6PFglKdOay8j8TANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
-MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWIta2liYW5hMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAzk/JD4RNTnvcEZDJSajzYESoJRtZg2QL0eC8WVAi
-pfWIeshAZeQiPXfSj54wF4BeIIW8cGdhy9jin5p8e6boTnl7zYZuJlI3Rbart29A
-j3pVi9GRzCFvVTdQO3IfLTu/dUeRiGoc6jndiyUxVQ68Um+/C5bv4xJc2mMiVOWz
-lYsCnlc+e0+g9W8HqFtFfMs0g3c0pbH/BRKIj8zEBV3p530rEvq7TSX09wTnlQaV
-6qnEdU73A2ctnJr0AfYqjWxt0Fmpzh8SsXY5yAfUIHMe85y5Z4M7qHxu+4bqP2qO
-mEw5qdFNvp8KQ0kb/QlntmJx/YeaYyUAqsehTSMS41YPbwIDAQABo4HcMIHZMAkG
-A1UdEwQCMAAwHQYDVR0OBBYEFFDzfU+yjKUJ/WTLwZfx+EnIazBNMEYGA1UdIwQ/
-MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
-Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
-BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1raWJhbmGCHmRzb2NsYWIu
-Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEArr6Cb23m
-xMvDKtnW7hFSpt6JnjGj4oYH6dH+lcmiOJDfBf/lmSfo2FUAioWzFaXlW85OTwE7
-dKSyCfxulZKUL3YNx5cbeMEIHjoO+qar2x4iJoY59LuJoaHRVfbD/5ul6xtqhIod
-PF98Aw0IQm/XFIZhOGZl98KGaNuB6UEPgs+7vv3XlEjM+M9KQM4zxHVRAH7Hk/Y7
-ksFeis5fLML0/ux3nuow2VPu+bn9UPVrkhxX0uDzBdh5qWMWEwnPXznc7EPkZUVD
-ZeR8OaOigUerj1epiZ1WS3exBMicVNJcKPXTZq6anKWRx+sgaftYmcdevuxKemIJ
-/jsw8krXHfkLww==
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-misp.crt b/roles/ca/files/CA/issued/dsoclab-misp.crt
deleted file mode 100644
index f83010441e252486cc934677a1e0a0de1ebe2328..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/issued/dsoclab-misp.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 75:87:fc:e4:cf:3e:c6:81:17:19:90:76:b1:2c:d5:d2
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:28 2020 GMT
- Not After : Oct 15 10:47:28 2023 GMT
- Subject: CN=dsoclab-misp
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:cf:b1:1b:e7:a2:ae:70:81:71:a5:57:46:14:2e:
- 47:64:89:4e:bd:7d:f0:82:2d:03:19:d6:87:44:b3:
- 42:bf:72:78:03:cc:91:98:5b:36:42:14:55:e2:82:
- 16:12:58:60:54:44:8f:15:f6:1b:1f:76:36:22:2e:
- e8:ac:d3:3c:0a:df:46:c7:f1:04:bc:3a:bf:fe:4b:
- 8f:2a:53:83:e3:50:82:06:09:fc:2a:fa:fe:94:a0:
- 7b:7f:c2:3e:0b:3e:dc:72:b8:94:10:0a:0b:90:fd:
- 45:76:29:85:52:bf:0f:20:43:78:fe:3b:d3:49:20:
- 8f:9a:a5:0c:89:bb:0e:97:f2:67:b0:2d:f0:17:53:
- 25:a6:9b:4b:64:0e:72:8a:bf:c9:e3:8e:41:bb:ed:
- f3:33:6a:55:5f:8d:52:84:fa:a3:67:1a:7b:71:fb:
- 90:f1:5f:61:df:44:ea:0b:77:88:f2:e5:c1:83:71:
- 58:c7:58:8a:9b:39:45:59:4e:e0:db:16:b6:96:72:
- 90:8c:ee:c2:13:75:ea:15:c6:6b:e2:dc:3a:de:c8:
- 07:de:18:84:2d:96:b6:c4:4c:e1:4a:4d:13:6f:6c:
- 9a:1d:e5:f9:6f:cc:7e:1b:4a:3a:75:1a:b9:37:b0:
- 6d:a0:1b:69:35:f1:b6:e6:c2:a5:d3:56:d3:57:c7:
- 0e:8b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 65:C5:56:88:65:AF:77:F1:53:B2:71:5E:16:10:D1:0B:30:FF:28:BE
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-misp, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 5a:57:76:90:fd:a5:0d:ea:b0:22:c9:02:2e:18:91:81:04:d1:
- f4:64:58:58:19:27:03:9b:5a:dc:de:6c:0e:fb:b7:76:eb:b1:
- 97:36:e2:c7:76:ef:7d:d8:00:c3:20:c0:3d:a7:cf:61:f8:16:
- 4c:96:4c:7c:c8:89:21:d6:d4:eb:3a:c1:3d:98:34:74:6e:39:
- 81:20:6f:9b:4b:8d:b9:35:60:c5:76:19:30:30:06:0f:89:b1:
- 1a:f6:c4:88:52:28:98:41:52:f1:9a:77:82:79:ae:c9:71:ba:
- d9:e5:e9:b7:ba:08:32:59:eb:5e:7d:11:e0:a8:27:20:91:46:
- 05:56:1e:e6:0b:4d:49:17:52:7f:4b:c4:a3:e0:cd:30:bd:4e:
- 6a:70:2a:f5:77:4d:d1:d6:64:13:8d:4b:1a:d3:0b:0f:8a:49:
- 1e:bf:b4:c0:4f:43:dc:92:e3:c0:f2:2f:4a:c8:30:45:fc:5a:
- d2:de:92:b2:a1:48:b8:da:ff:f4:0b:04:5d:5d:a7:30:d8:4b:
- ca:cf:0c:01:6a:50:45:5f:d4:a8:cf:dd:fa:f7:68:0c:4c:45:
- 47:be:3a:c2:39:bb:04:ff:62:a0:bc:91:a0:f2:2b:67:09:89:
- 5a:ff:e6:53:c1:89:18:12:a1:0f:5a:d7:e1:12:8b:88:88:89:
- ca:b0:30:27
------BEGIN CERTIFICATE-----
-MIIDkjCCAnqgAwIBAgIQdYf85M8+xoEXGZB2sSzV0jANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjhaFw0yMzEwMTUx
-MDQ3MjhaMBcxFTATBgNVBAMMDGRzb2NsYWItbWlzcDCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAM+xG+eirnCBcaVXRhQuR2SJTr198IItAxnWh0SzQr9y
-eAPMkZhbNkIUVeKCFhJYYFREjxX2Gx92NiIu6KzTPArfRsfxBLw6v/5LjypTg+NQ
-ggYJ/Cr6/pSge3/CPgs+3HK4lBAKC5D9RXYphVK/DyBDeP4700kgj5qlDIm7Dpfy
-Z7At8BdTJaabS2QOcoq/yeOOQbvt8zNqVV+NUoT6o2cae3H7kPFfYd9E6gt3iPLl
-wYNxWMdYips5RVlO4NsWtpZykIzuwhN16hXGa+LcOt7IB94YhC2WtsRM4UpNE29s
-mh3l+W/MfhtKOnUauTewbaAbaTXxtubCpdNW01fHDosCAwEAAaOB2jCB1zAJBgNV
-HRMEAjAAMB0GA1UdDgQWBBRlxVaIZa938VOycV4WENELMP8ovjBGBgNVHSMEPzA9
-gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
-Q0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYD
-VR0PBAQDAgWgMDcGA1UdEQQwMC6CDGRzb2NsYWItbWlzcIIeZHNvY2xhYi5nbjQt
-My13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQBaV3aQ/aUN6rAi
-yQIuGJGBBNH0ZFhYGScDm1rc3mwO+7d267GXNuLHdu992ADDIMA9p89h+BZMlkx8
-yIkh1tTrOsE9mDR0bjmBIG+bS425NWDFdhkwMAYPibEa9sSIUiiYQVLxmneCea7J
-cbrZ5em3uggyWetefRHgqCcgkUYFVh7mC01JF1J/S8Sj4M0wvU5qcCr1d03R1mQT
-jUsa0wsPikkev7TAT0PckuPA8i9KyDBF/FrS3pKyoUi42v/0CwRdXacw2EvKzwwB
-alBFX9Soz93692gMTEVHvjrCObsE/2KgvJGg8itnCYla/+ZTwYkYEqEPWtfhEouI
-iInKsDAn
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-nifi-1.crt b/roles/ca/files/CA/issued/dsoclab-nifi-1.crt
deleted file mode 100644
index ad6921cea4ea5b8001bf8a8586b1e446dc752e9d..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/issued/dsoclab-nifi-1.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 01:ec:4d:ad:3e:5e:47:cf:4e:4b:98:49:59:32:b3:37
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:25 2020 GMT
- Not After : Oct 15 10:47:25 2023 GMT
- Subject: CN=dsoclab-nifi-1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:c3:af:ef:b7:a1:95:47:5f:55:ea:7e:e8:d6:fd:
- d5:e3:19:68:2e:72:1f:90:62:a8:79:76:d8:d2:f6:
- 51:df:71:80:37:5a:ec:7d:fb:6d:78:6e:37:fe:e5:
- 1b:c8:d5:73:e4:c9:a5:cb:e8:4a:48:26:c6:e0:a6:
- 5e:14:2c:90:b1:81:b2:69:31:e2:44:85:97:f5:60:
- 12:88:06:9d:8d:cf:4a:a2:77:b3:d9:ff:f3:41:40:
- 4c:21:e1:73:8d:98:82:2f:37:27:0c:24:d8:67:bd:
- c7:05:50:40:c5:a9:d0:e4:3f:bb:0c:72:29:7c:be:
- 06:01:96:03:b8:a0:42:c4:6f:6f:da:aa:17:34:5f:
- 5e:f3:73:0e:77:b5:7a:9a:59:e3:3c:d1:39:50:17:
- 2f:53:18:05:82:34:29:1b:19:56:2e:c2:db:24:79:
- 51:0f:a8:d9:66:3c:72:1e:a0:f7:03:d6:e9:e5:c6:
- b9:be:94:e4:84:bd:cd:93:26:eb:3b:17:bb:cd:e5:
- 58:25:f2:28:35:a4:b1:70:df:32:54:85:f6:3c:20:
- 9f:88:8b:5d:83:a2:c4:1e:31:d9:a1:76:1d:2e:3c:
- f8:78:64:a4:dd:3a:b2:56:65:bf:a8:2a:a8:ed:62:
- c9:62:2c:72:bd:9d:7e:6b:1f:80:ea:bc:33:60:47:
- d3:0f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 87:9A:8D:12:3A:69:8D:89:98:F6:95:D0:F2:ED:C3:DC:ED:A0:22:12
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-nifi-1, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 8d:23:38:a7:aa:d0:58:03:f2:98:19:da:62:c6:55:cb:d5:c5:
- 05:dd:55:c5:f9:41:46:ec:75:06:be:0a:0b:7b:0f:ac:10:dd:
- 86:bf:4f:6e:05:c1:7b:c1:1d:1c:ce:c7:f0:a9:0c:6e:79:fe:
- c2:49:18:d5:5d:4a:ae:c8:d8:ab:ec:45:95:94:c1:8b:30:da:
- 52:1a:42:3c:41:77:65:9e:8a:63:f5:52:c2:71:b7:e2:56:43:
- bd:89:3a:fa:14:bd:d7:7a:b2:60:43:82:c0:df:4a:e0:a7:02:
- fd:d7:f6:56:9a:0f:ad:f4:ee:00:06:fb:75:b9:96:63:c8:b3:
- 75:1f:c6:9d:3b:9d:1a:29:cd:09:f0:80:31:5c:4e:97:62:91:
- 73:84:aa:11:cc:4b:00:15:a1:92:62:2a:6b:d4:d6:4c:ed:a5:
- 89:fe:12:c9:d1:0b:48:b8:97:26:e4:5b:ab:da:fe:2d:54:ca:
- 55:23:8b:22:7f:a1:12:4a:21:3e:9e:bb:48:d6:82:b6:a2:cc:
- 83:15:5d:5f:c7:52:a1:01:01:70:60:3f:64:b4:1d:85:4f:56:
- b7:67:77:b8:ea:59:7a:85:ce:e3:4a:e1:d6:2f:e0:b2:60:44:
- 3a:08:3a:b5:0e:fc:88:ad:e5:a1:f1:a8:79:37:c4:52:02:f0:
- 5b:05:94:0e
------BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgIQAexNrT5eR89OS5hJWTKzNzANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjVaFw0yMzEwMTUx
-MDQ3MjVaMBkxFzAVBgNVBAMMDmRzb2NsYWItbmlmaS0xMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAw6/vt6GVR19V6n7o1v3V4xloLnIfkGKoeXbY0vZR
-33GAN1rsfftteG43/uUbyNVz5Mmly+hKSCbG4KZeFCyQsYGyaTHiRIWX9WASiAad
-jc9Konez2f/zQUBMIeFzjZiCLzcnDCTYZ73HBVBAxanQ5D+7DHIpfL4GAZYDuKBC
-xG9v2qoXNF9e83MOd7V6mlnjPNE5UBcvUxgFgjQpGxlWLsLbJHlRD6jZZjxyHqD3
-A9bp5ca5vpTkhL3NkybrOxe7zeVYJfIoNaSxcN8yVIX2PCCfiItdg6LEHjHZoXYd
-Ljz4eGSk3TqyVmW/qCqo7WLJYixyvZ1+ax+A6rwzYEfTDwIDAQABo4HcMIHZMAkG
-A1UdEwQCMAAwHQYDVR0OBBYEFIeajRI6aY2JmPaV0PLtw9ztoCISMEYGA1UdIwQ/
-MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
-Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
-BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1uaWZpLTGCHmRzb2NsYWIu
-Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAjSM4p6rQ
-WAPymBnaYsZVy9XFBd1VxflBRux1Br4KC3sPrBDdhr9PbgXBe8EdHM7H8KkMbnn+
-wkkY1V1KrsjYq+xFlZTBizDaUhpCPEF3ZZ6KY/VSwnG34lZDvYk6+hS913qyYEOC
-wN9K4KcC/df2VpoPrfTuAAb7dbmWY8izdR/GnTudGinNCfCAMVxOl2KRc4SqEcxL
-ABWhkmIqa9TWTO2lif4SydELSLiXJuRbq9r+LVTKVSOLIn+hEkohPp67SNaCtqLM
-gxVdX8dSoQEBcGA/ZLQdhU9Wt2d3uOpZeoXO40rh1i/gsmBEOgg6tQ78iK3lofGo
-eTfEUgLwWwWUDg==
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-nifi-2.crt b/roles/ca/files/CA/issued/dsoclab-nifi-2.crt
deleted file mode 100644
index 56a67ac49f381e3f9c9db191d4b79dbbdeb58fc2..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/issued/dsoclab-nifi-2.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 8b:69:05:5f:85:86:ce:dd:21:66:0b:24:93:41:26:60
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:25 2020 GMT
- Not After : Oct 15 10:47:25 2023 GMT
- Subject: CN=dsoclab-nifi-2
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ac:b7:4b:e2:d5:87:7f:8e:15:9b:cf:c0:17:eb:
- db:8c:e3:1b:83:c0:69:b9:06:91:a0:9b:c6:35:dc:
- 2f:e8:8c:72:28:50:02:82:c5:b1:eb:da:d9:e3:9d:
- 95:d2:d9:dd:e1:08:35:6d:83:73:95:98:ba:19:fd:
- 3e:04:67:9a:09:37:45:79:d3:1d:0b:ec:0a:43:cb:
- b8:24:cc:68:5c:ce:2e:ae:db:48:d8:6e:5a:f3:31:
- be:87:28:86:76:8e:8f:8d:68:95:1f:72:6c:65:4a:
- fc:9e:b8:7d:e2:83:e2:3d:b0:30:5d:c1:73:06:ae:
- 9b:f7:9a:54:b8:02:6b:82:90:11:08:3f:d6:5f:59:
- 5c:df:aa:25:59:c0:67:7a:fc:e1:f0:c9:4a:8b:e0:
- 31:b6:53:13:c2:bf:8c:4f:3a:e6:ed:11:30:a6:41:
- 26:ad:56:8f:03:0b:ad:87:6c:b2:73:c4:2e:41:3e:
- 99:1a:b6:29:6d:e0:dc:af:8f:45:6e:d5:69:17:0d:
- f1:58:a6:7e:8c:80:32:72:24:21:d2:e9:b4:44:23:
- f6:10:8f:9f:64:7f:ef:e6:ab:f1:43:94:d0:8a:97:
- 0e:e4:91:bd:86:b9:1f:42:f4:96:39:85:05:26:ed:
- 90:01:91:11:a3:1f:04:5b:46:ff:1b:a9:74:77:db:
- 18:03
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 1F:5E:EF:0E:58:69:FD:21:93:48:19:98:81:48:13:2E:FC:31:61:0C
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-nifi-2, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 21:2d:9b:f7:0c:74:cd:d4:30:b1:42:5b:32:98:d8:ef:9f:a9:
- 9b:1b:f0:54:67:c3:20:5b:f1:87:4d:ff:e4:a5:db:af:eb:34:
- 8a:b3:fa:d6:14:4a:3c:31:11:8f:09:b0:af:25:39:5a:5e:89:
- 32:cf:c7:48:68:f3:14:72:a0:35:15:ec:76:c7:bb:a7:5b:0c:
- d5:7e:5b:8c:d8:40:a2:5e:fa:f8:f2:cf:dd:56:65:7e:94:ef:
- b4:99:25:ba:9f:78:94:7d:54:0c:83:b9:cf:b8:b4:9d:78:6d:
- 62:e3:6c:98:1f:40:b9:35:3c:51:b5:9f:82:7b:1e:77:db:25:
- f2:71:df:3d:e9:56:93:86:fe:61:48:4f:db:76:5b:5f:b1:96:
- f9:46:72:5e:01:80:87:b5:be:b4:00:3b:37:7f:5e:44:d4:7e:
- c5:87:ed:40:6b:9e:f4:ca:1b:b0:4b:84:97:1f:07:0f:7c:8b:
- d2:7b:b1:3d:a7:f8:ae:39:07:34:50:41:70:1f:07:ba:a6:a2:
- 0d:ca:e5:7b:d4:77:2c:95:4d:16:0c:34:e0:a5:59:7f:43:c7:
- a0:dd:a0:f0:ed:75:5a:0f:61:76:52:34:ef:7c:a7:21:e4:de:
- 3a:24:cd:39:b6:77:3a:c8:f3:1f:09:2b:80:9a:f0:5d:7f:5e:
- 73:9d:73:eb
------BEGIN CERTIFICATE-----
-MIIDlzCCAn+gAwIBAgIRAItpBV+Fhs7dIWYLJJNBJmAwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI1WhcNMjMxMDE1
-MTA0NzI1WjAZMRcwFQYDVQQDDA5kc29jbGFiLW5pZmktMjCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAKy3S+LVh3+OFZvPwBfr24zjG4PAabkGkaCbxjXc
-L+iMcihQAoLFseva2eOdldLZ3eEINW2Dc5WYuhn9PgRnmgk3RXnTHQvsCkPLuCTM
-aFzOLq7bSNhuWvMxvocohnaOj41olR9ybGVK/J64feKD4j2wMF3Bcwaum/eaVLgC
-a4KQEQg/1l9ZXN+qJVnAZ3r84fDJSovgMbZTE8K/jE865u0RMKZBJq1WjwMLrYds
-snPELkE+mRq2KW3g3K+PRW7VaRcN8VimfoyAMnIkIdLptEQj9hCPn2R/7+ar8UOU
-0IqXDuSRvYa5H0L0ljmFBSbtkAGREaMfBFtG/xupdHfbGAMCAwEAAaOB3DCB2TAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBQfXu8OWGn9IZNIGZiBSBMu/DFhDDBGBgNVHSME
-PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
-TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-CwYDVR0PBAQDAgWgMDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0ygh5kc29jbGFi
-LmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBACEtm/cM
-dM3UMLFCWzKY2O+fqZsb8FRnwyBb8YdN/+Sl26/rNIqz+tYUSjwxEY8JsK8lOVpe
-iTLPx0ho8xRyoDUV7HbHu6dbDNV+W4zYQKJe+vjyz91WZX6U77SZJbqfeJR9VAyD
-uc+4tJ14bWLjbJgfQLk1PFG1n4J7HnfbJfJx3z3pVpOG/mFIT9t2W1+xlvlGcl4B
-gIe1vrQAOzd/XkTUfsWH7UBrnvTKG7BLhJcfBw98i9J7sT2n+K45BzRQQXAfB7qm
-og3K5XvUdyyVTRYMNOClWX9Dx6DdoPDtdVoPYXZSNO98pyHk3jokzTm2dzrI8x8J
-K4Ca8F1/XnOdc+s=
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-nifi-3.crt b/roles/ca/files/CA/issued/dsoclab-nifi-3.crt
deleted file mode 100644
index 796e826426e3266b0a221d1c60110c897892b308..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/issued/dsoclab-nifi-3.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 59:69:91:8f:10:ef:8d:2b:ae:46:b2:6d:6d:62:9d:8e
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:26 2020 GMT
- Not After : Oct 15 10:47:26 2023 GMT
- Subject: CN=dsoclab-nifi-3
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:a7:48:a0:d3:ab:1e:8c:49:60:8b:b8:bd:9a:aa:
- 5c:09:62:01:79:89:c9:e5:5f:30:64:38:ca:f1:95:
- 2d:48:20:81:ef:60:aa:6f:d1:ef:b4:ac:89:8e:e9:
- f5:16:7d:64:07:b0:3b:75:c3:e1:e1:15:71:64:60:
- 8f:15:8e:16:8b:de:b8:97:79:a7:83:19:77:5b:aa:
- 36:82:37:b9:51:a7:95:b5:1f:ac:9d:81:c6:ec:fb:
- 14:3a:84:77:1e:9c:dd:3c:06:30:a1:5e:d0:8f:b0:
- c9:5a:13:ad:0e:56:57:bc:1d:3f:be:d7:4c:4b:37:
- a2:88:72:4d:1a:62:88:08:a0:57:bb:20:ce:7e:af:
- b7:72:f2:ee:86:1a:b1:28:3b:41:f4:d3:ea:14:74:
- 90:e1:33:41:1a:92:e2:2e:ec:d3:20:60:60:61:d6:
- fc:0e:3f:57:43:88:5f:10:29:20:51:40:46:ed:5d:
- 9f:d1:5a:e7:4b:52:f4:d4:23:60:4a:22:a7:92:6c:
- d4:cb:20:01:a6:b9:53:71:7a:71:02:e1:05:72:41:
- a5:42:9f:41:47:2c:30:7e:0c:b1:73:cc:f7:63:60:
- 27:3f:3d:36:93:14:aa:7e:12:ed:1b:f1:cb:4d:e8:
- 7c:32:20:50:f5:2d:7d:06:0a:93:cf:7a:85:2b:0b:
- a6:b1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- C9:B8:02:23:C4:2E:F5:FE:C9:34:45:77:33:0D:89:CE:D9:A3:30:2A
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-nifi-3, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 32:20:b3:1c:e1:c9:a4:19:75:14:32:1b:cd:c2:83:59:49:07:
- e3:b8:62:73:ec:4e:69:cb:9b:49:0d:f5:d0:ea:8b:b6:de:3e:
- 76:03:c4:e8:68:0f:01:96:aa:40:b2:1e:99:06:d2:75:f5:31:
- ec:b7:93:e6:1b:b0:ab:7e:1b:1d:65:46:6d:9f:ac:97:ed:55:
- 53:ca:53:00:5a:ca:c5:83:48:c3:2a:51:db:e7:e7:e1:40:4a:
- bf:b2:9d:d4:71:d4:54:84:2b:4b:d4:a2:22:73:95:e1:62:51:
- ce:e3:e2:f6:24:dd:40:08:07:01:6f:ee:27:3e:fc:17:1d:1f:
- 30:da:7f:37:78:7e:b8:af:d8:2c:d9:48:84:92:be:4e:8e:a7:
- b8:e6:9f:d4:91:5d:44:c9:8b:82:9f:13:eb:d5:2c:00:fa:ef:
- d6:49:ff:92:0d:83:22:57:45:4a:ac:b6:5e:a2:c6:c1:73:ff:
- f5:dd:a7:d8:79:9a:a7:96:33:b4:51:17:7f:80:6e:3b:52:a8:
- 61:53:ae:08:1f:02:5a:0c:5b:37:3c:3a:36:ee:74:e2:9e:df:
- df:01:b5:f6:d0:b8:fa:58:79:53:fd:70:9e:54:c3:6c:68:a7:
- 3f:b0:e4:20:a6:a8:2f:87:5a:8a:08:01:41:de:35:ed:5e:85:
- ae:dd:e0:3e
------BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgIQWWmRjxDvjSuuRrJtbWKdjjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjZaFw0yMzEwMTUx
-MDQ3MjZaMBkxFzAVBgNVBAMMDmRzb2NsYWItbmlmaS0zMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAp0ig06sejElgi7i9mqpcCWIBeYnJ5V8wZDjK8ZUt
-SCCB72Cqb9HvtKyJjun1Fn1kB7A7dcPh4RVxZGCPFY4Wi964l3mngxl3W6o2gje5
-UaeVtR+snYHG7PsUOoR3HpzdPAYwoV7Qj7DJWhOtDlZXvB0/vtdMSzeiiHJNGmKI
-CKBXuyDOfq+3cvLuhhqxKDtB9NPqFHSQ4TNBGpLiLuzTIGBgYdb8Dj9XQ4hfECkg
-UUBG7V2f0VrnS1L01CNgSiKnkmzUyyABprlTcXpxAuEFckGlQp9BRywwfgyxc8z3
-Y2AnPz02kxSqfhLtG/HLTeh8MiBQ9S19BgqTz3qFKwumsQIDAQABo4HcMIHZMAkG
-A1UdEwQCMAAwHQYDVR0OBBYEFMm4AiPELvX+yTRFdzMNic7ZozAqMEYGA1UdIwQ/
-MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
-Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
-BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1uaWZpLTOCHmRzb2NsYWIu
-Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAMiCzHOHJ
-pBl1FDIbzcKDWUkH47hic+xOacubSQ310OqLtt4+dgPE6GgPAZaqQLIemQbSdfUx
-7LeT5huwq34bHWVGbZ+sl+1VU8pTAFrKxYNIwypR2+fn4UBKv7Kd1HHUVIQrS9Si
-InOV4WJRzuPi9iTdQAgHAW/uJz78Fx0fMNp/N3h+uK/YLNlIhJK+To6nuOaf1JFd
-RMmLgp8T69UsAPrv1kn/kg2DIldFSqy2XqLGwXP/9d2n2Hmap5YztFEXf4BuO1Ko
-YVOuCB8CWgxbNzw6Nu504p7f3wG19tC4+lh5U/1wnlTDbGinP7DkIKaoL4daiggB
-Qd417V6Frt3gPg==
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-odfe-1.crt b/roles/ca/files/CA/issued/dsoclab-odfe-1.crt
deleted file mode 100644
index 71baad05685f6d498afb76ee0ce3c737cb475275..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/issued/dsoclab-odfe-1.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 97:d2:d0:cf:23:00:c0:a9:66:d1:03:ca:89:a9:92:12
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:26 2020 GMT
- Not After : Oct 15 10:47:26 2023 GMT
- Subject: CN=dsoclab-odfe-1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:e5:46:f6:71:ce:a2:3f:61:5e:9b:f3:c6:61:88:
- 87:99:0a:ac:b8:e8:9d:3c:5f:8c:60:2b:41:5b:36:
- fb:39:0a:6f:a1:16:02:31:ac:0d:bd:0e:ff:95:59:
- d8:f1:21:6b:bd:96:d6:7b:79:01:d1:65:1c:ca:09:
- 22:50:30:01:ea:ed:b4:29:bf:b4:70:25:db:b3:1d:
- e9:73:ed:63:93:02:4c:90:22:04:6d:31:74:31:ae:
- 85:3c:12:8d:b3:f6:92:2f:de:75:75:8f:ca:a5:f2:
- a2:12:94:fb:e8:73:30:37:f1:7c:b5:4e:59:ab:71:
- 73:26:80:9a:46:8d:49:94:b0:09:e5:27:10:34:9d:
- c0:53:3b:fa:77:2e:06:c0:73:8e:0f:9a:1e:8c:27:
- 32:0c:eb:f2:d2:0c:a7:52:48:c6:ee:12:21:15:e3:
- 45:30:89:81:63:7f:bf:0a:5b:d1:05:c8:1c:fc:5f:
- bb:b8:82:2a:92:3b:3a:ae:19:9d:e9:a7:62:7c:0a:
- f2:c2:2a:e6:a8:d4:9b:0a:a8:a2:5a:ec:e5:a3:1a:
- 73:e0:83:3d:d2:e8:74:a9:0b:b0:e4:b0:fd:fe:ad:
- 1e:57:e8:0d:20:7c:aa:1f:31:69:b5:0d:8c:3f:1c:
- 8d:dc:d3:71:5b:f1:04:6a:ae:b9:2d:a8:be:28:11:
- f5:4b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- DB:92:49:8B:D9:27:41:85:16:AE:C9:CA:F6:8D:11:53:8B:EE:B0:5E
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-odfe-1, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 0f:83:fb:ba:2a:0d:aa:14:3f:3f:0b:00:be:f9:37:f4:7f:29:
- 1e:21:4e:18:07:e0:ae:e1:84:f7:cf:a1:21:a5:36:ba:77:6c:
- 0c:00:11:d5:7d:d8:31:b3:f5:cc:fd:6b:27:8f:99:5f:99:4c:
- 57:88:d0:1a:e7:66:6b:8a:fd:d1:01:e3:88:37:91:8c:7b:e9:
- e2:22:dd:80:62:64:9e:22:e7:25:b5:b9:89:45:e4:24:f5:19:
- c0:5d:10:50:57:80:66:23:0c:b1:8e:bd:b3:f1:fa:95:7e:6f:
- 04:d1:da:c2:e8:a1:b2:55:55:66:3a:bc:5b:71:50:8c:a8:56:
- 86:f4:a9:9c:c7:4b:d6:91:73:8e:a9:93:ef:e0:85:5e:5c:53:
- ae:b3:a7:a4:31:80:f3:b3:e4:03:ad:da:96:f0:14:7b:25:e4:
- ff:68:9b:8f:28:cd:fc:94:05:5f:38:80:84:d6:f5:d4:b7:bd:
- 43:79:bd:fb:f2:ce:30:73:01:e8:ee:ad:45:4a:ea:88:3f:d1:
- a2:ef:22:f5:49:cc:d4:27:22:3c:bc:1f:50:81:58:5a:65:9d:
- d6:14:3b:3f:b2:8f:90:35:2b:e7:1a:9b:58:db:96:06:9b:cf:
- 44:0b:f5:9f:aa:57:28:3c:ab:70:fa:bc:93:90:d9:94:d7:fe:
- 6f:fe:39:2a
------BEGIN CERTIFICATE-----
-MIIDlzCCAn+gAwIBAgIRAJfS0M8jAMCpZtEDyompkhIwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI2WhcNMjMxMDE1
-MTA0NzI2WjAZMRcwFQYDVQQDDA5kc29jbGFiLW9kZmUtMTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAOVG9nHOoj9hXpvzxmGIh5kKrLjonTxfjGArQVs2
-+zkKb6EWAjGsDb0O/5VZ2PEha72W1nt5AdFlHMoJIlAwAerttCm/tHAl27Md6XPt
-Y5MCTJAiBG0xdDGuhTwSjbP2ki/edXWPyqXyohKU++hzMDfxfLVOWatxcyaAmkaN
-SZSwCeUnEDSdwFM7+ncuBsBzjg+aHownMgzr8tIMp1JIxu4SIRXjRTCJgWN/vwpb
-0QXIHPxfu7iCKpI7Oq4ZnemnYnwK8sIq5qjUmwqoolrs5aMac+CDPdLodKkLsOSw
-/f6tHlfoDSB8qh8xabUNjD8cjdzTcVvxBGquuS2ovigR9UsCAwEAAaOB3DCB2TAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBTbkkmL2SdBhRauycr2jRFTi+6wXjBGBgNVHSME
-PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
-TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-CwYDVR0PBAQDAgWgMDkGA1UdEQQyMDCCDmRzb2NsYWItb2RmZS0xgh5kc29jbGFi
-LmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAA+D+7oq
-DaoUPz8LAL75N/R/KR4hThgH4K7hhPfPoSGlNrp3bAwAEdV92DGz9cz9ayePmV+Z
-TFeI0BrnZmuK/dEB44g3kYx76eIi3YBiZJ4i5yW1uYlF5CT1GcBdEFBXgGYjDLGO
-vbPx+pV+bwTR2sLoobJVVWY6vFtxUIyoVob0qZzHS9aRc46pk+/ghV5cU66zp6Qx
-gPOz5AOt2pbwFHsl5P9om48ozfyUBV84gITW9dS3vUN5vfvyzjBzAejurUVK6og/
-0aLvIvVJzNQnIjy8H1CBWFplndYUOz+yj5A1K+cam1jblgabz0QL9Z+qVyg8q3D6
-vJOQ2ZTX/m/+OSo=
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-odfe-2.crt b/roles/ca/files/CA/issued/dsoclab-odfe-2.crt
deleted file mode 100644
index a648174921d6bb3ffe09aaffedfee1e442fccce6..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/issued/dsoclab-odfe-2.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 56:0a:99:c5:a0:3f:c4:b9:fc:92:fd:c6:2f:41:9b:b9
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:27 2020 GMT
- Not After : Oct 15 10:47:27 2023 GMT
- Subject: CN=dsoclab-odfe-2
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:c7:a5:e1:3f:e0:a3:22:69:f1:b4:15:5e:b9:3c:
- db:d7:44:bb:d9:c7:69:94:5b:c1:7d:a3:34:4d:3e:
- 88:0a:e2:8f:2e:d3:98:94:ae:b4:1f:49:a3:fd:4b:
- 27:16:70:ab:03:ab:cd:4c:02:2a:7b:ed:3a:ff:49:
- 49:2e:3b:88:f6:59:85:26:de:37:b4:47:9e:1c:be:
- a3:38:8e:b0:22:6b:ca:c5:12:e5:be:40:9c:57:7a:
- 4d:02:0c:db:13:c5:9d:d2:85:df:99:57:32:90:37:
- 54:08:16:46:01:54:da:0c:77:31:63:39:46:27:88:
- 3f:f4:ad:4e:e6:fd:0a:3e:9d:98:9a:53:98:90:be:
- 9b:ee:e3:b2:91:c7:7f:3f:a1:b9:62:f8:7a:1e:cc:
- b4:23:ed:82:a0:5c:ad:86:7b:50:53:c9:ec:57:04:
- 44:1c:12:f6:33:3f:68:42:f8:b7:2f:25:91:1c:aa:
- b0:df:17:6b:ed:6d:cc:6d:a7:d6:b7:07:6b:61:a5:
- 16:51:9f:02:07:ad:b2:42:42:ca:0b:b1:2e:c1:6e:
- 94:2d:3e:5e:88:48:8f:b6:8b:15:b0:48:8e:35:58:
- ea:b5:90:9c:fb:5a:fa:f5:c7:27:b7:11:30:7a:cb:
- 36:7c:4f:ea:52:00:47:40:e9:f0:ca:67:63:32:e0:
- 33:73
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- E6:41:BE:4B:A2:E1:07:EF:2A:FD:16:A7:B6:68:3D:0F:81:F5:15:80
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-odfe-2, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 84:64:d0:92:f6:96:07:be:f1:52:f6:49:15:cd:d0:99:ea:ca:
- 7f:06:a8:d2:68:e3:8e:c3:a3:a9:2d:f2:b7:4a:74:75:9f:02:
- b4:6f:77:14:ec:89:f9:a3:b5:35:c8:f2:ad:50:df:24:05:d3:
- 0a:a8:49:be:19:de:fc:84:a4:61:af:ff:c0:2c:f7:8b:11:87:
- 34:10:e3:dc:9b:d2:b8:66:0a:f7:3f:05:11:37:41:09:9f:3d:
- f3:a1:97:b7:62:64:db:5a:46:d9:5a:7a:c8:f7:79:e4:f8:61:
- 2e:5c:e8:82:8d:fc:0e:8d:a4:4f:fd:33:f1:76:0e:8d:21:f4:
- 00:5a:e1:a6:96:21:e0:bb:e4:e6:35:8e:b6:61:49:8a:f2:c1:
- 25:96:cf:c0:f6:e0:0a:0b:75:b5:d5:6c:be:ad:0c:a8:4b:33:
- 44:72:cc:ef:5f:db:09:e7:b9:6e:60:80:7d:02:e9:ab:06:81:
- 24:d3:9d:c3:de:f9:a1:f1:f7:77:ee:6d:49:ab:13:72:c6:62:
- 39:b2:80:32:07:20:51:a3:3e:1a:cf:b9:3a:bc:e3:a1:58:33:
- 22:6f:68:a9:e9:33:0b:8d:24:72:ea:e3:75:68:a3:69:11:a8:
- 2d:86:ed:f2:00:74:d6:d4:ab:fc:30:3f:68:6b:b6:d3:61:30:
- 51:84:09:da
------BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgIQVgqZxaA/xLn8kv3GL0GbuTANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
-MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWItb2RmZS0yMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAx6XhP+CjImnxtBVeuTzb10S72cdplFvBfaM0TT6I
-CuKPLtOYlK60H0mj/UsnFnCrA6vNTAIqe+06/0lJLjuI9lmFJt43tEeeHL6jOI6w
-ImvKxRLlvkCcV3pNAgzbE8Wd0oXfmVcykDdUCBZGAVTaDHcxYzlGJ4g/9K1O5v0K
-Pp2YmlOYkL6b7uOykcd/P6G5Yvh6Hsy0I+2CoFythntQU8nsVwREHBL2Mz9oQvi3
-LyWRHKqw3xdr7W3MbafWtwdrYaUWUZ8CB62yQkLKC7EuwW6ULT5eiEiPtosVsEiO
-NVjqtZCc+1r69ccntxEwess2fE/qUgBHQOnwymdjMuAzcwIDAQABo4HcMIHZMAkG
-A1UdEwQCMAAwHQYDVR0OBBYEFOZBvkui4QfvKv0Wp7ZoPQ+B9RWAMEYGA1UdIwQ/
-MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
-Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
-BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1vZGZlLTKCHmRzb2NsYWIu
-Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAhGTQkvaW
-B77xUvZJFc3QmerKfwao0mjjjsOjqS3yt0p0dZ8CtG93FOyJ+aO1NcjyrVDfJAXT
-CqhJvhne/ISkYa//wCz3ixGHNBDj3JvSuGYK9z8FETdBCZ8986GXt2Jk21pG2Vp6
-yPd55PhhLlzogo38Do2kT/0z8XYOjSH0AFrhppYh4Lvk5jWOtmFJivLBJZbPwPbg
-Cgt1tdVsvq0MqEszRHLM71/bCee5bmCAfQLpqwaBJNOdw975ofH3d+5tSasTcsZi
-ObKAMgcgUaM+Gs+5OrzjoVgzIm9oqekzC40kcurjdWijaRGoLYbt8gB01tSr/DA/
-aGu202EwUYQJ2g==
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-thehive.crt b/roles/ca/files/CA/issued/dsoclab-thehive.crt
deleted file mode 100644
index 0d474c2a1277de93ba6357ca841a7eac3b1cce44..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/issued/dsoclab-thehive.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 61:09:5c:2c:8d:35:ee:29:1c:99:ce:ab:d4:2b:3c:a4
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:29 2020 GMT
- Not After : Oct 15 10:47:29 2023 GMT
- Subject: CN=dsoclab-thehive
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ba:c5:4d:20:a4:60:b7:61:21:ed:16:a1:6f:72:
- c4:de:a1:00:c0:ef:fc:5d:a1:89:34:07:15:d2:b4:
- 3a:14:b8:95:75:8e:81:71:49:46:1d:c8:81:cb:f1:
- ec:c7:5a:12:f6:89:60:e4:c8:98:1a:61:c8:2d:12:
- 8f:73:ee:f8:9d:88:b5:7f:30:70:97:29:b4:ab:43:
- 2d:dc:db:a7:10:47:c7:b5:26:9b:11:85:fb:d3:27:
- 8f:3a:55:bc:ea:78:17:b8:89:10:a3:a4:10:60:39:
- c3:7f:42:25:a9:fe:84:7f:38:5e:f4:3d:c3:98:3d:
- 56:b9:ba:81:06:55:8d:65:12:f0:4e:23:88:1d:98:
- 0c:2f:6e:4f:67:fd:4e:67:39:91:b9:01:52:12:aa:
- 9e:bb:7a:c8:ea:8f:4a:2d:18:f8:69:9a:3a:a0:c8:
- 6e:e3:de:c6:db:be:4c:59:e0:cf:bc:34:4f:2c:b0:
- ef:3e:82:5a:df:68:be:b8:fb:cc:5f:6a:f2:3e:66:
- d4:c6:c5:f6:0b:67:e9:64:85:15:87:60:6f:dc:b4:
- 5b:13:6f:b0:9b:f8:f3:da:c1:91:9e:81:5f:16:ca:
- 9e:14:01:c1:1c:ce:2a:d3:c8:3c:0f:be:b1:37:aa:
- c9:08:68:2b:de:f9:44:6c:1e:90:a4:12:bc:f5:3c:
- 46:bd
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 5B:08:8E:F2:1B:8F:12:03:BA:31:02:9C:CE:CC:BC:9F:FC:19:D1:E1
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-thehive, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 7f:b2:fa:33:d6:e3:6c:57:8a:4a:9a:ef:8b:81:2b:df:f3:d6:
- fb:8c:bc:02:cf:71:54:a0:f2:0d:ae:3b:30:cf:5c:69:d7:d0:
- aa:cc:16:80:4d:9d:c8:1f:a7:98:9d:26:dc:ae:8e:24:2b:bc:
- c1:11:a6:8d:4f:ca:13:1f:7f:8f:4c:ef:dd:46:df:d6:97:0a:
- 88:51:4e:f7:46:aa:3d:e3:70:e9:19:e8:9f:7e:22:fa:b6:38:
- 30:00:0a:94:38:09:bf:b8:64:6c:c1:b7:05:6d:4f:f3:27:0c:
- df:04:ef:a1:4e:e8:2d:4c:06:d0:c0:4f:4f:da:d0:6d:b8:f2:
- b3:79:18:63:bd:62:83:53:55:38:94:d9:64:ca:e7:4d:71:ce:
- d1:05:6d:b1:6c:fb:1a:4c:b6:ef:70:2b:3d:9b:1d:66:d8:d9:
- 9f:f0:e5:48:29:50:e8:1b:1a:fb:b4:d2:5e:38:ec:05:45:c2:
- e7:de:9a:9d:aa:34:67:c5:66:18:e3:86:8b:0c:1a:c4:21:20:
- 7e:b7:ad:e2:0b:d0:0d:d4:76:e6:53:ca:77:bc:ce:d0:9b:7b:
- 7c:fd:42:94:da:63:d8:a7:52:d2:45:f2:d5:55:ef:37:f1:a5:
- 0e:ba:29:c9:b4:ce:99:45:04:21:2b:86:27:bb:c1:f2:86:9a:
- 7c:51:5c:3b
------BEGIN CERTIFICATE-----
-MIIDmDCCAoCgAwIBAgIQYQlcLI017ikcmc6r1Cs8pDANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
-MDQ3MjlaMBoxGDAWBgNVBAMMD2Rzb2NsYWItdGhlaGl2ZTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBALrFTSCkYLdhIe0WoW9yxN6hAMDv/F2hiTQHFdK0
-OhS4lXWOgXFJRh3Igcvx7MdaEvaJYOTImBphyC0Sj3Pu+J2ItX8wcJcptKtDLdzb
-pxBHx7UmmxGF+9MnjzpVvOp4F7iJEKOkEGA5w39CJan+hH84XvQ9w5g9Vrm6gQZV
-jWUS8E4jiB2YDC9uT2f9Tmc5kbkBUhKqnrt6yOqPSi0Y+GmaOqDIbuPextu+TFng
-z7w0Tyyw7z6CWt9ovrj7zF9q8j5m1MbF9gtn6WSFFYdgb9y0WxNvsJv489rBkZ6B
-XxbKnhQBwRzOKtPIPA++sTeqyQhoK975RGwekKQSvPU8Rr0CAwEAAaOB3TCB2jAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBRbCI7yG48SA7oxApzOzLyf/BnR4TBGBgNVHSME
-PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
-TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-CwYDVR0PBAQDAgWgMDoGA1UdEQQzMDGCD2Rzb2NsYWItdGhlaGl2ZYIeZHNvY2xh
-Yi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQB/svoz
-1uNsV4pKmu+LgSvf89b7jLwCz3FUoPINrjswz1xp19CqzBaATZ3IH6eYnSbcro4k
-K7zBEaaNT8oTH3+PTO/dRt/WlwqIUU73Rqo943DpGeiffiL6tjgwAAqUOAm/uGRs
-wbcFbU/zJwzfBO+hTugtTAbQwE9P2tBtuPKzeRhjvWKDU1U4lNlkyudNcc7RBW2x
-bPsaTLbvcCs9mx1m2Nmf8OVIKVDoGxr7tNJeOOwFRcLn3pqdqjRnxWYY44aLDBrE
-ISB+t63iC9AN1HbmU8p3vM7Qm3t8/UKU2mPYp1LSRfLVVe838aUOuinJtM6ZRQQh
-K4Ynu8Hyhpp8UVw7
------END CERTIFICATE-----
diff --git a/roles/ca/files/CA/openssl-easyrsa.cnf b/roles/ca/files/CA/openssl-easyrsa.cnf
deleted file mode 100644
index 11394147697414e4d5fac6329cfdc8210ab98d8a..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/openssl-easyrsa.cnf
+++ /dev/null
@@ -1,140 +0,0 @@
-# For use with Easy-RSA 3.1 and OpenSSL or LibreSSL
-
-RANDFILE = $ENV::EASYRSA_PKI/.rnd
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = $ENV::EASYRSA_PKI # Where everything is kept
-certs = $dir # Where the issued certs are kept
-crl_dir = $dir # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-new_certs_dir = $dir/certs_by_serial # default place for new certs.
-
-certificate = $dir/ca.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/ca.key # The private key
-RANDFILE = $dir/.rand # private random number file
-
-x509_extensions = basic_exts # The extentions to add to the cert
-
-# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
-# is designed for will. In return, we get the Issuer attached to CRLs.
-crl_extensions = crl_ext
-
-default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for
-default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL
-default_md = $ENV::EASYRSA_DIGEST # use public key default MD
-preserve = no # keep passed DN ordering
-
-# This allows to renew certificates which have not been revoked
-unique_subject = no
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_anything
-
-# For the 'anything' policy, which defines allowed DN fields
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-name = optional
-emailAddress = optional
-
-####################################################################
-# Easy-RSA request handling
-# We key off $DN_MODE to determine how to format the DN
-[ req ]
-default_bits = $ENV::EASYRSA_KEY_SIZE
-default_keyfile = privkey.pem
-default_md = $ENV::EASYRSA_DIGEST
-distinguished_name = $ENV::EASYRSA_DN
-x509_extensions = easyrsa_ca # The extentions to add to the self signed cert
-
-# A placeholder to handle the $EXTRA_EXTS feature:
-#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
-
-####################################################################
-# Easy-RSA DN (Subject) handling
-
-# Easy-RSA DN for cn_only support:
-[ cn_only ]
-commonName = Common Name (eg: your user, host, or server name)
-commonName_max = 64
-commonName_default = $ENV::EASYRSA_REQ_CN
-
-# Easy-RSA DN for org support:
-[ org ]
-countryName = Country Name (2 letter code)
-countryName_default = $ENV::EASYRSA_REQ_COUNTRY
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE
-
-localityName = Locality Name (eg, city)
-localityName_default = $ENV::EASYRSA_REQ_CITY
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = $ENV::EASYRSA_REQ_ORG
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-organizationalUnitName_default = $ENV::EASYRSA_REQ_OU
-
-commonName = Common Name (eg: your user, host, or server name)
-commonName_max = 64
-commonName_default = $ENV::EASYRSA_REQ_CN
-
-emailAddress = Email Address
-emailAddress_default = $ENV::EASYRSA_REQ_EMAIL
-emailAddress_max = 64
-
-####################################################################
-# Easy-RSA cert extension handling
-
-# This section is effectively unused as the main script sets extensions
-# dynamically. This core section is left to support the odd usecase where
-# a user calls openssl directly.
-[ basic_exts ]
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-
-# The Easy-RSA CA extensions
-[ easyrsa_ca ]
-
-# PKIX recommendations:
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This could be marked critical, but it's nice to support reading by any
-# broken clients who attempt to do so.
-basicConstraints = CA:true
-
-# Limit key usage to CA tasks. If you really want to use the generated pair as
-# a self-signed cert, comment this out.
-keyUsage = cRLSign, keyCertSign
-
-# nsCertType omitted by default. Let's try to let the deprecated stuff die.
-# nsCertType = sslCA
-
-# CRL extensions.
-[ crl_ext ]
-
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
diff --git a/roles/ca/files/CA/private/Arne Oslebo.key b/roles/ca/files/CA/private/Arne Oslebo.key
deleted file mode 100644
index 677703bcfe457628ee511c934138eb469254b706..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/private/Arne Oslebo.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDOTAIZIW4c8u2T
-2P28GqTCETvhVXPlJpLT2eim3X2iHb5qfGQGOWAzOH1qyomd5RFYIWnzOohe6uUu
-4Z27AB9ZGWlPazI9LxralT2ZlVOfsurbE0hjLUrcDEumHExi4tARJWfLgFIC6Pg7
-POvL9HEDWr7ZoEn+0XL+T77hrKHtpRUG9E7JBqubksI+uVgM9BUOBMCRG4VznbaX
-oWxwChqgzkyNrCnkxRcAJgNEMqh7g1JJQ2ARU8geuOufH+MTVIF3xEdKLiCNSIyR
-LuDU5TcLXLtfQDeS6WA7oPmYf22zIJI82ozweYHy6ne6tHsGVHWJd36tCDquHtwc
-EWMIQxSXAgMBAAECggEAe0rx9hMEvEhztOj6vHEwBsxF/WYU3d8v4W1anl/BtiIQ
-q5OsNAwWcoZQboKdvMAqnYFa0QMqfY/laR9uJVTtZ1LIna5zWB3O7tRC/IdCcy97
-LXNYz+1B0EGI9L306SSlNZolbnpCiXqy4LSIOFzfLiIN7gLeNmz3TQZcDoQeQuhT
-SA42/6EW1GFWWlFjqFy/W9X9VY3AHZAuf4M9Sv5YK6L7w8dwv190F/JXZz/7z0ad
-ElDfUh09xqsfvFhqvAzpWkGglhh6Ns9DGfH4bueoHZ0gF3nbdLxfpPp4eyRv/Ox4
-Ozf0E0snyJPG2N93Pluks5BKnC8yYYAvGo6hE2/wAQKBgQD2nrK2XCvh36uQIhGe
-iGIzRFGeeKB4jt4ZAM45PryrzBqtXMnndV8V4WoZkPRl5D8/HmoeMVbA6Bb1zdLy
-SDLs/U0IquMe8K6QR+F+wjWFLebu+aNaPsKnu8fJOVmDmNGReX7q3thTja+rcSDA
-5h5dEi9viM0OsRl2Xf5zLuzUSQKBgQDWJLDem/cV7vyrB3r60EeVSY9pwj0AD7oZ
-Tbcx2DuibP6ojvsDpUDbh3nuIlu69jRO0kl0rdCVnoWu3eaerDtFKd8EUsoQJv9B
-CV+rD4xoNa/1C+1DggIyAcTrAGxTS+Z/qsgVBy1YGLWtdaqg1TZI47F7m+fVtZRZ
-BMgW8lLh3wKBgQCRltRHxZf+Sw28E/C01yypuT45wFpzcVv6BLi5oKi+/soM6Acl
-heuxPhZlq2YsNJeFyo2470WYsirDx1MtxqORtmNgp4lW/Zz//f9H1pzD13pKP8NI
-hl5hqQBjcWC/yFqHd+MOAqpQgQdgvXMpjXAFX7PzMx5i+vfeIdUR6HTVSQKBgQCR
-fVAljjVrU3mbAXQOX9+ij9297tfe6NB5TJHAbbbmfcLu5mWobmgIPp0aq4FDHu8e
-9kQt38GtRYxx6BU9jKqgLPh2SYE7RCN8HlA/Okscqg0oIbhLe1LegtE1EI6IcTLj
-XjaeAshN6EvW0/DfYLyG/RuibaQvUDS/3j3LSUwCZQKBgGbI4n8JyQx0N5N7seLH
-E874B33QrURfoZqm1Pu03jWzzupzIL3Li+osgS/IAeh2tscCifaWX4eop973NGUe
-FfSGoQal+iQStVoEhKG79k5q3Yut8YFNt0Oy6tYrl7rWm5kSdok97u10lylPJKJY
-jryMaRsmZMcFRwby70+VtnoW
------END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/Arne Oslebo.p12 b/roles/ca/files/CA/private/Arne Oslebo.p12
deleted file mode 100644
index 273c8018b7bed8f691d9e9c24f5fa9d6425a0e79..0000000000000000000000000000000000000000
Binary files a/roles/ca/files/CA/private/Arne Oslebo.p12 and /dev/null differ
diff --git a/roles/ca/files/CA/private/Bozidar Proevski.key b/roles/ca/files/CA/private/Bozidar Proevski.key
deleted file mode 100644
index 8a141bb9744a155880cb97a7512e228c251611f2..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/private/Bozidar Proevski.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCa3gD98em5KdlY
-0Echz0tnF/epApMXz1dbb9smkDAJC9nFZl72ImarSAaqbIiz/ZNFpGDJXytsr9to
-XifmhXEntyBSYd8UG9oGObIhIEsiSLdLdkQCsYlfDlkiy7nJHo2grChd5a7I6swF
-IKJgERKNbYgKc+h8aJxILMmoxp3DPMHn9Af3W25CPT0PhW/iuYip0AKEuBlqrhOh
-l1CYFsgMG70CyF+jL3N+JfiM55JDx2p1vIXqHEcoziybOo+oB+mMinU+wZcyzuPF
-yh4K1zx3CtKrUcPl3DeQGjW/oEqqvTjvnm34gTd/03cjxltjmGQHL0f9fSEvV8LY
-RADCKSJ5AgMBAAECggEABfbe2ujiM3tlH4KF+stdAA9wPlYXDCe0GZVpP0b2UqLe
-NDgJGDmi8p3Hg/DCIwx1C42VHKxJo9nx/UcDCmHBReJLoGCcks2vy+WU8qmnux5J
-0OIxJFlqDPske66U7SX8FmAK/fLGlH5WdSwYlNKTgFbjkmN8ZK4ytqTi71kW4ln5
-VUlXPd9FYlHc29u4qXJeaRLj9PIz/6FxYl0Ub13dXV8hfVEG8JaeosFjOhZqpgLg
-t1oNaPrKBywYvJ1P+PKfX7lsFV6dllpaosP1j0OEjAVZ3USOAyVgMHmKqqvCynlg
-IuKKF169bsJAb02KKtz1RMY3/Tao3VboHIGSNFSM8QKBgQDOALdl8uRaLSFHjJ6x
-UQWks+Hzs8eCC4qJ39Yj7Eqznat3GmZwc6S5/1s414VAOz8lX1S+xKLEiuxRH1kL
-etFRpGGA7XBHGI7EpRiHc4jyuzt/vMDZyA1Hh8iSsr03uDA5okVi6YWM647b/byU
-Xl9aWZzqX72RDerikpRPMvERgwKBgQDAdCar1Y3flctOl4iRatpya3PWCLVDNGTA
-88/m2DEGtwJxRdhfztNsrXIao8WkwPkvW+fnS5c6M8cXDOph3j5E56xsH4w+9vXG
-+eN0/w6ci1ajZtCu6fCttwCVPBu5dzMSWAfNmnYbnnFQvzHLCV5ZbR3Z0dDMLM7o
-2gD3JdynUwKBgD+aBQWa6lnVGTNH/S7tvvpM93QQi4ZhHdLXovvQVngCNBA/vGT3
-r2IlrvprwB5GrIZTWozTlRVtduzM6ucacknsoJX3uPSaZmncNyiKyTt4BzS3CCu1
-EjSFfa2dNcJgQbNpoFablrodeCv/uRttz67LgCD0kkiYrW5qpxOUvM0VAoGBAKbx
-msIgg+tZs3y/clZCjLAIifk2oJZlkqjWVph3HUAn7NR5tBKYBUsWwg5d1oruYro0
-TVyUc+CnHaLfL0oqUXXQSf+Y9j2AWP97sVXCEti0/jjMbWXtxTvLrZPHCn296u2U
-s2AlByM6NC3JTNZFkDSetPBIU4lprSrMQV4i19/FAoGAe7iRaTkcmMZaE1cvZs2j
-Uv2TzZrXtj9MWtjxV7Tu1NrAcMV2WG4FJHxt+2V30beUrWFlg647Wo62ww2ylrze
-kyQoE0/eccfGI6z7qh8D8026xAoh7oeoLubhzFszz/dqOfJPiUv1GyzyD2m2kSvZ
-DlY3mCb9rL+6jbbXcS+7Iuw=
------END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/Bozidar Proevski.p12 b/roles/ca/files/CA/private/Bozidar Proevski.p12
deleted file mode 100644
index 24010a64063a960d554cd4e895e17b9e2e62362a..0000000000000000000000000000000000000000
Binary files a/roles/ca/files/CA/private/Bozidar Proevski.p12 and /dev/null differ
diff --git a/roles/ca/files/CA/private/ca.key b/roles/ca/files/CA/private/ca.key
deleted file mode 100644
index 3c45faa018da0516d63a00a2604f9792344c3913..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/private/ca.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAtRmQxWST0ewGJIRLAfVOqrSvuNHYtyjnk8EaLCe4bz9RUI8J
-yAt+wVJVateShIEUwnF4Cx9AnbcwtUZM/gFAi8ikzhpjQqpr8jHBEnabqCNTVC5L
-9EHmFzI+ENS4dEZXamaRK99lH7FaMATz4YowFJVQB3iS744v7Z1LyPvvZ6NocdN1
-AIY0zDOfQL4mLEU9w1JHIjUpZacFfuwdqYJ6UYM7G1Rj9nIXmmkWBvQwG0Uy6wLV
-cTtFiXP8zRkqb17jsgSt9P6cBjL4TRj3nJBJUqQ32nqbgPGQ3H2ijZNJBAb8yJVK
-6WQZr7QXOQ5qXxAZUpOVCv9F0m5ShOXTqpVnNQIDAQABAoIBAFg1QJd0mq9Hx+In
-caVdh1iMM37Q7z6fNNR53LafDi1ZaNDVKs1+E9ozsRkeMOZLPQJMZEz+humK3bWd
-rUiW8YpkSyl8HtbMzVElPMYycTSfKCo7dpFdO6YWubZW9hTkYhWYKaN15vpd1vDG
-qMc1GKAd7eIFr4Pw/JU+5TfaxkvysCuih6Q6/MZwddM61eCZO6VBYMf0k94RHn0I
-gIY4hCeyJQ3RoIpzZr4XqUAGdLOvTmzPSTlqT4g7RVgsGQT1p6yG3o42kev0l+Y4
-L92dA25xWeHirWkaQLRj46tX4un67SWA8OkxwA1D49i3keIfhRjsa0d3YELmV8tG
-60l6RcECgYEA6alfHn3zGMw7npN4V/iGEwv7Y4xDcDPdlWTCQ8Btc8XanHuVxcTu
-bENrMouddeM6GI6sz7GVg4vXVyPXa0ZCBPIK61ArS8aNlmggqRd86pgQRWkgCVi2
-gXANwrV6NZNXYZ3X+glIljlRoqlNm7rH9hMQ2KwUW02Q9AdclgvpfQUCgYEAxmnM
-leiSy+s0H/0Wo+LdvpC1NaZPTML6N8cmjwH9xe2mcsGI2a8EQdfqMHE6aWTuHErj
-I3juwSDSBbPlQsf0nRku+qMuLTzsVbCVfG9NiYr5YPxdT7LnW/F/Kuxyn3mW1wgD
-WXi4DM0muRPskw6c8f604crFShSpszLTcYE12HECgYA/exlxgkxiR1JHQc9nLwjV
-8eJpaDkGKcEgjlBM8eGKm41KCDVnlpoj5akhAVdVKNemxlRi1N9G7t4hOYaUCXF0
-QIIA7jXlD1t2KnH9Hnl8jrWU9fuTLnve7J+Ab6d1GMObrLN5pb4HuijYpWCFV5ht
-3T4tb4rUR12DPuDDjxbvNQKBgGEzb4B5IYE4xp5tNGwxNgSni76urOakFkTBEYi5
-pwMR+5r4aPyLmwBOsHHu5ni/c070+PVlx0FhvMICcWwX3SQhNDyhOHv8/qK0EWeW
-d1vMc4Mp3uSudl06n9v9XeH2hQju6gUo+LF8x12f/yPD4utCpoZ++cvi94fMfH18
-mU5hAoGADsoT85//n1VPQLysZpW6FjYIp8quuGS94FAdkiQVKa7u6vO/Vy19ZxFI
-7Cub8sg+e80wGakCCEi22AN6RwJyV9R8ec8ct+K/HeNqujKoDZN6ZDQzXo0a/vgj
-BibssPr6+b3DVE+/e2qlfzjwQA+GqcSmP70fmg8tGlKbZwwBJxk=
------END RSA PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-cortex.key b/roles/ca/files/CA/private/dsoclab-cortex.key
deleted file mode 100644
index 827da545bbbd7bdc9b8c8527f8dfb4b086ba5221..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/private/dsoclab-cortex.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDNCWsUM0pHdVvT
-2Wc7Ta0fpx8zq4axqjsJqxqm+6BgBONoMw6FVNFwYYq51da1bMKzNgKUtx0Yk1+I
-gf8q9JlYbdeW4tJkd7l0RDzw+1sPQ304Xf6w2wV6qcUQJHUTyC3aab7jQzPwKDCa
-U/j40xAyNewdh6seLLUAfJ+PYeBdVhWMRkUJeAJ4EMCvLyVswlvtX8EzC/jIE9zf
-w/wFkP8Gnsu8HSvCV/K9qiKzS/XKsrgAGPEUELheaZ/t/ASD2S63mopFHFRxj2EC
-aoqEL2ffkjoMX+W252wnaR9bBtZ/5t+rLzGlzWMyYMAHUGwNOctorjyy2g8gBncs
-KKs6MJIbAgMBAAECggEAIdhGJqV4w2bp64Rdd/qQc0Mg8WSE7VrOOABYe+vZQ0BL
-UW3sHbIsiEJxpc9Yi8YSNYba0jWPxfi9skjTGAIcNe6bwbpbRF5G7Jw++wBivZhE
-WUOawRLGSsMvVkTOVp+agg0mh1kWf7QCodbuqBQe/krMWOuGIYr7rcLki8R6Rq2d
-WuW8Kf697ciklh/6cyy1J6axe1LNT906lYvyRock246KbN517wWw7/fu47Mb2fdC
-U6beFxbmbc5vk4lrViE7gSNkY97Vr/uXW9xlyRzvpNJuzZrm00CgNF1MnOnwf3l1
-k8kc63RMkUJGVWcxo5ubzLXpv4CnnmUNPfaSx+CeUQKBgQDuUT8JOu2vfzAC2VOQ
-OfKR4NgMQ8fnK6T67zpLDeNUAGW+hBi62ewD8xxRse0j/rWXgvADBE1GplPXicZI
-Q0o0VgIiL3NFQgCP7rvtPGE9VQXHYgd+ULKCHcPEBwonlbAhiHSwVnBqSFoqWdj+
-SHiBn4AD1ARoD6WSEVi3X6UU/QKBgQDcQATvzbbcr41vQHm9u1O7v0slk306A4yY
-ItXk+GbtLEoLAiLy7n0REKybZAzniuLCDAQ1h1bWLkqRle26XqVfg3YaxGpoJODy
-gPgr2Hi4Y/lcFrwRThUHEu8eaUWVRtY3B9Rgi5VjLVqydgI3/AFWdlzIVkhBeN0w
-MOtKdEg69wKBgG+wD/TJcz8+QkfzhiAfqDkJwPbuhS8n2yfnGdC274UcspI44kYf
-f2bSdsEqu9KUupIJQWaIi5bCuKRY415Wet5QOKvAxSr+JblOzy/9jizqPc0VeiGO
-vDoSrP6ftfibRHJSuy0xNXn58pfKh9GUMTW+hIZGxNHoE1aDXqqB3qIZAoGBAIIc
-A46SDLNDtZ6CDSjrD6T6dW8GONTboeOBuK+hmlQDdN4Z7gFqp1E8c2r8aK8jmZ8e
-MCJbCA5QnFZyplQRc0oAQ/W+EEnjd0tqqrBkGbR7wqQG/iSO5tcd9UoW0DdF+Gfb
-5Tb/XkmPUmPYWKkv4q5sD5V9ewPKXYgJbgW2ubCzAoGACfaFTBM3zZ2rqjJUk8+F
-fGcuDeh/ZFk4MgcN5nbdKHwyXDhBlUY1FzLZlKi5J1lRyTInZUP8KYnXogw757Md
-oa5wPlnw0a6VSHX1ZZUwa0yz1Rrv5M5CA4vyNBENCaHELKLoRWwbAook1gFie6cV
-nrCXNbsWttgWkzqLDWkPT5M=
------END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-cortex.p12 b/roles/ca/files/CA/private/dsoclab-cortex.p12
deleted file mode 100644
index 252b3e7ef466cf7a4090ab3d5c551bd8dcaf5e5f..0000000000000000000000000000000000000000
Binary files a/roles/ca/files/CA/private/dsoclab-cortex.p12 and /dev/null differ
diff --git a/roles/ca/files/CA/private/dsoclab-haproxy.key b/roles/ca/files/CA/private/dsoclab-haproxy.key
deleted file mode 100644
index abcca5eaafc03ebe472bc28a09ae04de65e2fa7f..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/private/dsoclab-haproxy.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJxyIzCwsPoIzE
-qYE3vVEvRzL6G4hFsbsRQz3es3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsm
-JGzXFuWlkI4CRhMCCpZmRoe3sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2y
-KZpbrFqGZgXzGS9ZjXyLapceQ4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT
-8rbgOqqFZnAKqa1cp1L/3PmZXuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6
-KKb5jrpkPGkOrPXc1fMqUEdQ1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZB
-vGjyT+kZAgMBAAECggEAUcxwiNDJQySK7I7q23XcG5Z5i/rtW5OZin3/7vA/eVlg
-D3gu2KLTs42Su4siHk4zZYkwQx2xH7INpgDOPsQBhQT9DN7rhcBVCFE/Y7BObp2p
-bQ375HHMb2L5Lpeyh9gx21JIhZtAbcBt6/QBp3hPmnxxnQNwtpUtEDe923714PHD
-SfJ1Nd+mgeJ3ShPrk2jhcDdU82/mQrk5eH8M5QJqlTEWCvBgJaKhBf89T2XrX8jf
-oPzeVijOqgLg49QEtAPmI98GlE1OAp3boFx4/QA/s76pgWZhYIm1hcm1AguYhQvJ
-bi96IgdgVQQp/y7L+ix8zsq+YRxwPuCSBl+9BotYoQKBgQDm4neNC87XV4RhGuHG
-w8WpFXFe1uOucPfyfTMmjifh61GZa4aWgBQByBQxBs729MOr9TFrNApTGWPO8Lag
-ANnREyNndaUAUFgtCdY7Gc99deWyIx861aAVU7GGIFVkCo3OK0twbbyzqOj+B+H8
-c/P1tXXMayt/gPVuRDj7sq90VwKBgQDfuh6Clxa2sq0GdKsRkiDXaY8eZxJZchYw
-+0MsYQjX8hPOGn0YWGy14ppE7JEPTEWSRuzCf5cwem/em8AIESgdCUWcGkgcQO5n
-DvZeXrHHpVrTmGE5xEVNYrD/NPY7VizUsyLNvn5yC4hyByWkwLV+AUGpACE3HP2s
-7xTakmmoDwKBgHKEfXuuEafptrVbWgT2cYHOKu85crDBQ5o40zgaZlm+GDkahiT7
-3fCMRseScvE2sh8GfL6Jj11sSH8KEesGwQLclUDpry+aqkGckW+6+5lk8ssKdKD/
-+GjbnD/EpdX7Dh7mhoJ7S49pBjeJvWM0OBr1KDp+JZMWaaWJnSHqnO/9AoGAXvM4
-m6fP5f3y3PiK2cwwz/tm2DpaWUfID0Wz/pO4Ex4UNbacPMbabF8dpf7Ymat/I1Oi
-i/FmkxaDf/COEV5mrdwPhO7Kh+MuyuJYwThjLx4IbCERsliQKQWnpMgvcINkR2k3
-biZYt8IZSHusCD4ZSL7zxOvfLOrK5qgZK6JT4RUCgYEAk94TNC+rYRZOfOIaYA7+
-K1qTQAe8tawTBlKauXptWCzMFtMSEwozuHuxgnyAS/uRUKFMgRk00KrSvnuyGEBX
-5QxqqhBOMvGDs672q/kVZ5C9M06+y5+Zpg0Mf3r+zOBqB5tCASnl2KfOCZkAt8rV
-kyb4KyOsi81/fpVM/WeOL7w=
------END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-keycloak.key b/roles/ca/files/CA/private/dsoclab-keycloak.key
deleted file mode 100644
index 8c5ebed5a514facf489a59ce2a2e487c6a0da78f..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/private/dsoclab-keycloak.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDqqeprL2ycn22c
-iU4BusbAMt9ZJiuV9MI9yH4izrZ4A+giKIGcmqanuv0FZqNQgYVxwdnqvCHhXQqH
-e75VsH0BV95M/jrFyVR3LhX8Egf475979wkBcHVTO9yxDGVNScT7HUIgb4FFQtPb
-HUxXGx07gTnuss+VSynQqDmY1pM2mb/FQyaNTdttJDv8Fnah/W/GGRHHEg2AFkyI
-2iwJeD0bfGzs254BUF+jVn/UO6Qm0m1Ce4hOjWTtHhoOBVhlWEeDYJ607RXOck+g
-tSLdn6TaiIb+y4Rucj0AQtqLhSry79fuu4VCurn72Z3SLFgPfAIjt0bQaQY3QJ1Y
-dInKtxLlAgMBAAECggEBAIj6HCLq8NxP15zLLSSnUQK571PLix+iWovT74UD4tEV
-frgJqvat81/vL2iqq+P/ZtSrUjfKD4DMXawOGGFOfvl8v/9zWv0+8zYKSbz1DYBK
-525mGfSkH2gxhjY2xR8jU389ae8jB3NVefLqHDiwVBT67sUdzTwZPtRUjiJgBliU
-soJCsCutHAy7GW68N79F0BQItHhjMt02fYybnFxNvBntD4lodZDn7K9iqBoZPduX
-TBsH1FcwZQyvQuiUlJgjUFM//5zrZUMjErv+3ev5c/WdpY4ycbo6VVBGZouVbyeX
-RAWeDUE1nrsEsLBSnTkXVInFjPS6mBxsIi/+hlf6XCECgYEA+bWYDKPgelSe8ii5
-mK94wcLr6MybO+GrBHT4lIP1UggGsvPtXTifNvgGrYx90gmmL6F9QWHE+4lxyh5L
-yEXCTHXl4QopgZCxWnnKekz0ma0lFlGYGr4KA0Z3Ntp+sCb/hcqVW/n24wVhNnmo
-z3ztlSI/GY3B598R7dO9sR/RoYkCgYEA8JNKbTegmeeaAyBehEPy3eajAiT6759p
-7m6Ml1P6IC3Ff3fllJrNWRi+JDKnJF9SUePOVWLWSgYSJyFLoiWK1CzoyLPdbcW9
-Ap9XNzD/aoDi6DBbKCFhRpBCsmTPnT8eFvA9PhuYY60w2UoM7byH+i2aJ1Do3izl
-tLsHJbcT230CgYEA5S4Sl/9MBlpl6xEPjh/2L7drdyVaj/IFWLjWcNBPtnMhWtrf
-joBqODQZRO09iSlL+kk3wWsvNEEoS33UxcGomy5Vxl3iTET1UXmYKPk6QVUVRc+r
-T1f9rpXc0l5kid2xBSUyQdFAE4obd7jfA1fAYfClgxmEzv//34xHfCoc5ykCgYEA
-01sD00pA3ZXc+AwzHY64y3z6D0M/9s+d+GzFNZoAsM6lqaRDXbhW2oTjX9fkgg8A
-upMiTl/kFeqZfilBUnYbLuc5qEJlMjC8KpakwAdbDk2njAgXvfz9gknxXts0j1jJ
-bauokm0aB9A7j1sAWsj8ya3QtePegnr9YDfEQr1CQ90CgYBfAQaYG9ldXcxTlERG
-jOGu0bh9DtnmwsenwTZQD4mNHpvL0MkmIQxR5FAL8XXbNBq50zCiOapLLrhdqbh0
-ih3WoOdqxLIDQtAJYs3ANhOmEAxvQPxpPKhRHRKPGXxyzgW9zeQ08GpYoR/M7VRF
-TypqufvopzWOpbxpgbfiJQmd8g==
------END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-keycloak.p12 b/roles/ca/files/CA/private/dsoclab-keycloak.p12
deleted file mode 100644
index 41e7ba3a2fe1ed26a9e29ffe24a723a5812760d3..0000000000000000000000000000000000000000
Binary files a/roles/ca/files/CA/private/dsoclab-keycloak.p12 and /dev/null differ
diff --git a/roles/ca/files/CA/private/dsoclab-kibana.key b/roles/ca/files/CA/private/dsoclab-kibana.key
deleted file mode 100644
index 9eec2e4fa77aee5162699b82640aad24869304a8..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/private/dsoclab-kibana.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDOT8kPhE1Oe9wR
-kMlJqPNgRKglG1mDZAvR4LxZUCKl9Yh6yEBl5CI9d9KPnjAXgF4ghbxwZ2HL2OKf
-mnx7puhOeXvNhm4mUjdFtqu3b0CPelWL0ZHMIW9VN1A7ch8tO791R5GIahzqOd2L
-JTFVDrxSb78Llu/jElzaYyJU5bOViwKeVz57T6D1bweoW0V8yzSDdzSlsf8FEoiP
-zMQFXennfSsS+rtNJfT3BOeVBpXqqcR1TvcDZy2cmvQB9iqNbG3QWanOHxKxdjnI
-B9Qgcx7znLlngzuofG77huo/ao6YTDmp0U2+nwpDSRv9CWe2YnH9h5pjJQCqx6FN
-IxLjVg9vAgMBAAECggEBAKJC7gdeLs8Da1oFXcqpLoEQfo5wrD5CeWlgL8Ku3BFa
-wzSOOtfoTWW6z8hUyc4yD9XUWRiutqP0uIh+oFlANIVD1rMWf5t0HjSeLv/eaBBw
-Tsfg06KQyVdkYZ3fa9XPoA1FdJitnIA7cpr1bY9QP502djNPSux0jMLWJTJQVqXN
-fXykLoIvB8xIPWbJAJMgF75turJMFT3wGN+qjCzbsZqIHmqp4eaKoH4Mz+Y6SJcA
-uSzCdGKVPxHUVZbtkXn5GZXFx5YQ0wwRHJRWQ6Fn49HtKc5vBc7PN8fG18+s3DA2
-BR7MLgIaHGBKsnJgcOOZQiRCQP/uBBEIxIF0qU3h5UECgYEA6aiUvvBNcShCRaaH
-Wf5GpYTT1ANNv5+3sCTy4KKt3yCxyyn5ENEFL1i8w6/LffGIAsoLnoEcxWV/fhLy
-ZH5FzIYxlR/w2rddUyOXENx/9CWw/IhL91U9525JCJ0B0TBkZ9842ORX7kcI8+0g
-4oaC5bDYTZotAto4ftNIzmfznesCgYEA4gnREIl4nv9v28x5aUS+HhSpsH9kkVrr
-FQ0amCJSHu4U9J39MXS3Fju3rlmZG59J9ymEQ4tr0Hq3S+tsTy4hP5d67/KtoxKr
-3smyKduX6gfOmEy3TjCSc+OMebM7lX0crX2+0JCm355yDC8fxdAGxpmqYvwmVw9Q
-NbIb2mHR/40CgYEAjshlnQhbSnq/hLBupZ+srBivGS+rox2Gsizh/kNq3J6uBuhv
-Osd/0572Ot6CC0Q9SPcOgp2DZ1zOu8v4M1C2dnTKd8Y8+Gp0rQlilvsndZpSvP7M
-7Sc53OKX3puTMLHRqWfO5TskQIdIAUc2gTaRZqragxFj0App25ZhN0BurmECgYEA
-uM8L5vhu7ZitjUk17zKsOo3sW4kc4ZczY4fOOZq+B9niukm+LMRfuUbkHCHXg/UN
-lY6VPGBuqwraeLEoYei2eHbSpgKFozHt4f6Is55+K3Nsn6sBqGUgKK5gOVSon8Wm
-P9byvzW1qlmyp3GUCbjXAWO8IqhEdKPpka1pBnk6KDUCgYAhGqRGJ7NG4+Wz/0/5
-Z/IQeEsLO4lB7EuIADn9udmrYgYqv7sHDzhIUOviJPRgf2ag68LEXXZsC029famu
-/wbhD6pw1yq0QKGDcgH/LzHL9+74TqRlT7drPyOFPqOGPKtc88wL/aXRC90n7dsT
-jFEbunnLOfUUjgxXiJpNU0FtjQ==
------END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-kibana.p12 b/roles/ca/files/CA/private/dsoclab-kibana.p12
deleted file mode 100644
index f9e8737d615ab77c25857cf3b3c8eb2d77f03104..0000000000000000000000000000000000000000
Binary files a/roles/ca/files/CA/private/dsoclab-kibana.p12 and /dev/null differ
diff --git a/roles/ca/files/CA/private/dsoclab-misp.key b/roles/ca/files/CA/private/dsoclab-misp.key
deleted file mode 100644
index 9b8a5d677ac4cfa58bdee7fe6fec0d74c30240ab..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/private/dsoclab-misp.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDPsRvnoq5wgXGl
-V0YULkdkiU69ffCCLQMZ1odEs0K/cngDzJGYWzZCFFXighYSWGBURI8V9hsfdjYi
-Luis0zwK30bH8QS8Or/+S48qU4PjUIIGCfwq+v6UoHt/wj4LPtxyuJQQCguQ/UV2
-KYVSvw8gQ3j+O9NJII+apQyJuw6X8mewLfAXUyWmm0tkDnKKv8njjkG77fMzalVf
-jVKE+qNnGntx+5DxX2HfROoLd4jy5cGDcVjHWIqbOUVZTuDbFraWcpCM7sITdeoV
-xmvi3DreyAfeGIQtlrbETOFKTRNvbJod5flvzH4bSjp1Grk3sG2gG2k18bbmwqXT
-VtNXxw6LAgMBAAECggEBAIb/4VqMVQTOLvfBJc0iU8eWtLbZMMb8ySI3Xs+aEc3t
-cvNNOmolB7ymCTllQ0GDboH32mX1BaZKqV9IzHbiCwoqHZEDKgfLzFZX+OQTSwwr
-nYidXur1IRuswPnHYZrfrl1net5+GQyShF8NGBs0E3nuQaxHaMwEvTNRCzhPfWnn
-u/g3IExtSdE/XSxRnTGRQqSnMAf9OXs9bw/iTSR5cQO2mW/dRLr4aUCQOJ5Hx4mO
-ub172vkNeNwOSUzc9FjtZyQZOtn25WoS7SusK7y9ToDqqR5OcI5M+kxq+fQo8Wvu
-XlIeOvTKTHOBaih6QYEzHo9zq893I/c0xiOmfOr0v7kCgYEA7WQ7g5z+2Lyt35Sq
-XmzyQyAEbx+PMPc7yTQC62YuvpEAaDFDHMphDw1zM2mraLO+2IuBuDz7CTlsf1zl
-xwEJoEZa3odRi2McpqiUVQgJYD+bCUv35J8X93K4/7tLHvXDJQ3BKBNNoLHxjD5P
-SlR5xBCFwZiiXAkquWpZaaWAbg0CgYEA3/jjf723dlWRrVcG/m7VJrhTWq10Jltp
-8y786INKU1IUrwqFt7ph4c9/Jbop40QVkJKzsPojzWreDf3EZYGnBVhOLA5p4MC0
-X1ZTzN86dn1Y3SDCopGnJVP8X2EdDGfsTkfXxOjRCzSPOyZzxzseACw9WWAmullU
-zQs4K6/4YPcCgYB117znb8bepoMVqwILz79PbRRmaV82qnRGRAhy/I2V0ftGvbWY
-FCqsQzv9uKX7WscRTed+It9nS9c9PkteR3iU1HgFYV0seW3emW7Q6yVkXw7CRbDw
-D73g+1U0ta/r1Yoi2boZ/8MYU10aBlBsEJVFrAIKAZAPagmIc2+hTyP6/QKBgQDX
-FHSr3C0NJzkhA7zEovxwFXx+TKmImCqTjKD0S/gZMW6JdYpZmFOc/Jz2RuMoyt4G
-msqSfnPZNPIO744liC8zM8zGBAVq/sN39je9OvUyikbG+0nNwh+H+jIWCfVST44e
-0mEDSCxPHWcaf1+ZiEzUD6fOZ0Zpl5WW3lpPocncmwKBgQDIR7uJctv3UZkEO+oq
-g1Q4jLUYJFUb/3fk1mEmpq+b90e/xQMqZHlu/KHiHcKrukdWj67d/LY4mrw4DebR
-PTgdj9e0O8V9M7BYxDN+zEYrvmmY4A+tg07zm8aqmhCNKpOMsW0MkKFFuRiMkiCh
-bopZVfjdd+d/56vLZW+GSBaCew==
------END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-misp.p12 b/roles/ca/files/CA/private/dsoclab-misp.p12
deleted file mode 100644
index 34e63cf61702da91592e85b97cc2c41066f4089a..0000000000000000000000000000000000000000
Binary files a/roles/ca/files/CA/private/dsoclab-misp.p12 and /dev/null differ
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-1.key b/roles/ca/files/CA/private/dsoclab-nifi-1.key
deleted file mode 100644
index 2d054afbf080153a8869b097e3385dcc2fc0e709..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/private/dsoclab-nifi-1.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDr++3oZVHX1Xq
-fujW/dXjGWguch+QYqh5dtjS9lHfcYA3Wux9+214bjf+5RvI1XPkyaXL6EpIJsbg
-pl4ULJCxgbJpMeJEhZf1YBKIBp2Nz0qid7PZ//NBQEwh4XONmIIvNycMJNhnvccF
-UEDFqdDkP7sMcil8vgYBlgO4oELEb2/aqhc0X17zcw53tXqaWeM80TlQFy9TGAWC
-NCkbGVYuwtskeVEPqNlmPHIeoPcD1unlxrm+lOSEvc2TJus7F7vN5Vgl8ig1pLFw
-3zJUhfY8IJ+Ii12DosQeMdmhdh0uPPh4ZKTdOrJWZb+oKqjtYsliLHK9nX5rH4Dq
-vDNgR9MPAgMBAAECggEAJ4fH/il3FXbtzTQb5ypZ5cmBITjOpYU4kWjvvhYiTegI
-xaXpdj2vTI+/Yg94QGbWRZZylrFzKAYlUMZq5Npn1GPl3ZhFJCB0pQ3mUHI9q6L/
-abiSrWwmAL1zY7i+dhEj41PZ4Hsk+Df/F1Sx8PwwBZvWNlpthRSB9BoQ4GAHfNTH
-qkJPz7IZ8ZCWZRRve71+h7rBSJVnrz3iWUmKgGigFWErD/vW0PpD4apGkwe9egkR
-2MDvf+x/QQ1vudzYHJEkKg2OMdsKokLmoJGmSh3Cq1dswAjnBqM+MPXUklHK6gZm
-L3x3GwBowQSVI/EHJT6MeMyZSGAwJlouX0oN/Prg2QKBgQDkY2ZTbV7ih1wgIJDS
-hKYqo7swHOo84JaMtz2FZBfv7KdYYUwAQObPD7jnrvV6EqI6yIOfo0WN28obz6fw
-rgugYeAlFka5g1Gg5fTGCgWIy8yTm5RvOrNn7lOsE8xx1dPuSqniCtTHjGVqc0EJ
-6yL+uZSKfL3Mgfli/RHTXmcv1QKBgQDbWHE5ZyudNF61xHAn6sFjESSOwLA4LsIG
-qeZN0l1WIZjwq33HrK9YK4F3k7AySYGlla03rOWVArM13fAPlNq+1WRZ4a6iArdx
-s3Wri9b7spzxz+OD9e+sPMjR3+odSAamZyWzk0++F+wQlu13rCX2kNO71laWOrSE
-u6vvmg+NUwKBgQClMYxy7ZoDCdtF1ahKzO2Py+v6Sf/XVq8uSt/x2stBnBAS6hVZ
-3ZfUz090LOWbjVzQXfZugl8t03slkJatjIYWVJUW3jz7tBNX6NyaXedQ4fAwGAlO
-Rsw7cXQN9CgdcoefRVwJhsIPL+qvC3xQm0YtrrfVT5LNGHn08o1xMEg8nQKBgBDy
-3Iza8/vJuCfDbgcnlJnbEUAWk4dD1ao+JpWM07l8Dx1JowZyyXm+otpihxLbqzDo
-R+Itce/5rW9UHuCVV/G2+3IWhi/ulc4rV8RRoeMBAi+NKL9hmYtthvbwnl502k6x
-WbBuiZLetlbx0peUrbpHppS1Eyu4jYpUFg0Fkn4RAoGAZsuipVjJpM/nj+aS6aUJ
-+FNYaqZRsSpad/IY509ZD9G8lf/ANNxjwZuX4P3Im/m3772LcCe2LEv4f8sOfaF6
-wz/noWgJxaTqSaNmugNDhPJpXTgdgsTeqnq20MtHrpi4ZXUs21CDsJph5dlS/gWl
-AQQhj15wJkiYTHv093f2vaY=
------END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-1.p12 b/roles/ca/files/CA/private/dsoclab-nifi-1.p12
deleted file mode 100644
index 0076ad1207c243f877de929e2424ed953f60469c..0000000000000000000000000000000000000000
Binary files a/roles/ca/files/CA/private/dsoclab-nifi-1.p12 and /dev/null differ
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-2.key b/roles/ca/files/CA/private/dsoclab-nifi-2.key
deleted file mode 100644
index a6d173357217a1ecec773826d1b017655a4f3b7f..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/private/dsoclab-nifi-2.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCst0vi1Yd/jhWb
-z8AX69uM4xuDwGm5BpGgm8Y13C/ojHIoUAKCxbHr2tnjnZXS2d3hCDVtg3OVmLoZ
-/T4EZ5oJN0V50x0L7ApDy7gkzGhczi6u20jYblrzMb6HKIZ2jo+NaJUfcmxlSvye
-uH3ig+I9sDBdwXMGrpv3mlS4AmuCkBEIP9ZfWVzfqiVZwGd6/OHwyUqL4DG2UxPC
-v4xPOubtETCmQSatVo8DC62HbLJzxC5BPpkatilt4Nyvj0Vu1WkXDfFYpn6MgDJy
-JCHS6bREI/YQj59kf+/mq/FDlNCKlw7kkb2GuR9C9JY5hQUm7ZABkRGjHwRbRv8b
-qXR32xgDAgMBAAECggEAIutEGm5VYMKXN9M+4Rc8YjWgYHjMZy4ezzvvTQBhZ0DN
-67yRZWMW37p1hwFbQy/tHgwM0UFcYwhnx81ddoKDsA1OrJy0KK7mPGK5ribtiqXc
-5llLVwaouLZ78NOOq/WSrGJSk/MMW0ZX4LcoLF3BpfszLCFqYhV3Tw4Sxskmd1TY
-DAIJ8P0mcAuiEw1G2VuVEsy8c6Ojkp/cJZudlhUk4J/Dqzhq3XcdRu+IoTOg1FTY
-Tw6aW0dwW9niZWaTCzksjnsY6ydIoe6v2GMiCOzCnfmogAgfuTH8Hg2oDvJDqFel
-zXNwxn52Q7HMvySnDn5j2BAYOyfybNkUDvjq170BkQKBgQDfwI+q22h24zg6ZLiC
-0AlqdKNliU1qdtaXu1bU1Mm0/9/o70+TP6GUDeZ0xJVPDpgf/qULaY8k2H4Ucb7i
-PNCPVYNF21qd591qaZA3i/YDNbXmzYNgy+hCPjY9+jW+DBEKOMDSCbUgUP9RJpNj
-CgEadH2xvumPeuLLhFwnmDn3XQKBgQDFm7tWnpUiyOVWcdEZ+xXPiqRr3JZFcjHk
-N3vSOVsS0xjaYPbyBnUNiw8Mxdm0xmaCCDHjv7lmIOCEUtD1YU/bp/e6UqvAULg7
-UasrT0h63eQPxS4tLpDaIjk5Zk7A/NFAHoTKrtbZEs1YONL8ltkrqOYUv4jaX1ae
-76f+1/s23wKBgAUDDzTIjWJ8XHoSX3+uoUddLXvMw4sq9kuXyq4hxhLj2GQjWCj4
-N+pVFWBwNtf6f7XXwmKrDqXIo6pZkekHa7SKOdKKw1DeLLuBedWEsRIJVfXBjLvS
-VXWGZzikLif/pTIRa2BJD2GV7uImdw603ql1Cou8twabvhDI+jd41XORAoGAW8b2
-fUZt8Zfom/uEqFJrUNcNgmMTD/H3pgz23y5wVA/jDRnX15SULNQXC1GgyUsUNPRl
-Z2eWTg6a+BoWnsCxfE1Iyyq2Rj23MyW9IAJUoWwJDiIATk/ASu92MGiJzywca3FB
-L3mAo5UN9hl+NH5DIvnw0lYa04FQE8Uu+zeIn3UCgYAgWQECDVgkUgoTtUZBmUAT
-wL5cXXfmDnMNLVn2TJNQRDvLMkdI0naQ94Dxvky6BIbSqaKx67PA3I7yRIDUYhGZ
-RM4RC0WpGtjxYmWyHkdClGLAJjSp4RPDUcCNAqmQhTySGCL4gBMalERbDzo16SSM
-lyWQP3MOrilDi/GjbUi3JA==
------END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-2.p12 b/roles/ca/files/CA/private/dsoclab-nifi-2.p12
deleted file mode 100644
index fdbd25a1e50851b8ea865781bc903dcc78a1cc8f..0000000000000000000000000000000000000000
Binary files a/roles/ca/files/CA/private/dsoclab-nifi-2.p12 and /dev/null differ
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-3.key b/roles/ca/files/CA/private/dsoclab-nifi-3.key
deleted file mode 100644
index 4c508b05ddb691868f07f9952a5352a9a9a247a7..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/private/dsoclab-nifi-3.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCnSKDTqx6MSWCL
-uL2aqlwJYgF5icnlXzBkOMrxlS1IIIHvYKpv0e+0rImO6fUWfWQHsDt1w+HhFXFk
-YI8VjhaL3riXeaeDGXdbqjaCN7lRp5W1H6ydgcbs+xQ6hHcenN08BjChXtCPsMla
-E60OVle8HT++10xLN6KIck0aYogIoFe7IM5+r7dy8u6GGrEoO0H00+oUdJDhM0Ea
-kuIu7NMgYGBh1vwOP1dDiF8QKSBRQEbtXZ/RWudLUvTUI2BKIqeSbNTLIAGmuVNx
-enEC4QVyQaVCn0FHLDB+DLFzzPdjYCc/PTaTFKp+Eu0b8ctN6HwyIFD1LX0GCpPP
-eoUrC6axAgMBAAECggEAIwh9zfZvTlfrpTdKVgLJhZmFz4tAwg2eV87hCZkBQ7Kz
-I4uuBf8EYWUk5c4vasdV1JpeyXn9ayMPfUMPlCcOp7o8FFUA9N63dXX/NmQvJl+f
-ZbA9eTr9ixHGGb82Jy4Y0wJE2va9XOpcMMYgHvmMJDRH7lKugq4jFspBRX5PGOcM
-6MxlzOSEcPZFrccDFcVJIU57rJ3HO85mF8OUmQoReA7SH9qNLFFtERrsgCSkWlwq
-+Pdz+FwkK2tmSBU6+4J2YTyJ0AvF5DUex8tf6rAD7H1AGz70VEFumlbjyz+OZgsS
-oeoAFRm6Uzoo2kU7mB3fPpA2oCGVWVIY6fgHbyZHsQKBgQDR0L/WuzeTpYB3oXbX
-2rPcbZVa/wK0Evl1dfj1UZUBqazkVntMVko02Xt5RHt8FTaorTqi2ieEGfcbOonn
-cSZzChPNCvyr6MJJHRcqNP4pgxd4b1LfP8sCLZTvi7HdBA1DPamgWuiKOkqGghHs
-38BX7SPz3/gTxEjwCE7g9970FQKBgQDMGy+CjGI8btlbKBK4LkebuGGWgWUIXa+V
-2OhoEZzIwDQf6LotauA8pdljTeeQ0VG4kO365hN2v5bL02SOCo3ciaLkQ2tQhRNt
-1xSDoKf2ipbjFZr9o6uDHGtVKZF1B20j48vEWBu5EEZ8yf7L68BWBm/RCVeN32oL
-jpmIMySDLQKBgQCwbv/CzDASAkwjTS2omgpBRA0iNerKDmKjeY7ei7nnag0u/eI0
-8SL5iiCgewvz7crG0NTL+PLdzQ/UX8dzTdztQ/4eoCyVSueFn+bI4UMRGWF1Lvfb
-L8PAkx/4x9nLZwrYDlRDue5tvlLJBTuZmxYdWhavjxkHVjmXTwU1fHqJeQKBgQCO
-Rgj5FEhJ3e8PFsDtt/zcdEs6MVou2bdSWc+u80/5s9jhwUU98Xj7bZQ6H4ziKrav
-U/8/XG+G4AgKboFybbLzXtG4EbLVft3LPBilpDBQr8x74IyYbyVYEFBVHdOx4wpV
-8S0R4WT5vHmV9OvyU5RPos8AxGVOlMSD59Pn19aExQKBgFTfUARZ/liWznEU8X5Q
-krL97ge1+oaqQBI0iS3jmi8cfRNpwWFxc+uRgHW5WybGC9PxV/n3yu1i4wIyrwfC
-g4f0HH19x+VTFs9+H09wudytJh0K8LLTns5G3Nu3WW+o0gtJDQDcAxijvEr2jn08
-qnSQ95GLsDqLTauqOMzEyhM8
------END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-3.p12 b/roles/ca/files/CA/private/dsoclab-nifi-3.p12
deleted file mode 100644
index 4d4b23daaa41114bb1ab95eea974f0c2618dbbeb..0000000000000000000000000000000000000000
Binary files a/roles/ca/files/CA/private/dsoclab-nifi-3.p12 and /dev/null differ
diff --git a/roles/ca/files/CA/private/dsoclab-odfe-1.key b/roles/ca/files/CA/private/dsoclab-odfe-1.key
deleted file mode 100644
index f10604dac97618a3da392c9eb505dae7ce87a0da..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/private/dsoclab-odfe-1.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDlRvZxzqI/YV6b
-88ZhiIeZCqy46J08X4xgK0FbNvs5Cm+hFgIxrA29Dv+VWdjxIWu9ltZ7eQHRZRzK
-CSJQMAHq7bQpv7RwJduzHelz7WOTAkyQIgRtMXQxroU8Eo2z9pIv3nV1j8ql8qIS
-lPvoczA38Xy1TlmrcXMmgJpGjUmUsAnlJxA0ncBTO/p3LgbAc44Pmh6MJzIM6/LS
-DKdSSMbuEiEV40UwiYFjf78KW9EFyBz8X7u4giqSOzquGZ3pp2J8CvLCKuao1JsK
-qKJa7OWjGnPggz3S6HSpC7DksP3+rR5X6A0gfKofMWm1DYw/HI3c03Fb8QRqrrkt
-qL4oEfVLAgMBAAECggEAGkUQNaf8VRC9+1ZqE4DGMJXVhnY4ldNIzTgHjAD3tehp
-M+bGp5RUGqZeSGl7/tzacGWY+5q4x5ozOz7irJdjkNxdeS8a6IKd8p7pwbugXha0
-WQtcwHobGxoo7+IcVFNbGpr9kFPCX1M2mLRzTIXuL2q+5DMu+QLNs8qmYpELrjpp
-wiY3yQ6zcv4ndWJloMWo+CzTXq+Gh0L7cWB8dk9NOGu0dAF1HIVokvud+xUejyIB
-2bBN/J9ErGBX366C5yqzMei1JhDXBT7N3XATs/i5tx5jHxO9/G7Psz6Ka7wQ2XlF
-9gY9AndkXGFNt/YnKpvN+h39caH7lRvC/AADwidsYQKBgQD+dHoAUKrCKfrHDazQ
-gQRPGNOY/J9anHhKvPKUwkoY8VZ2MDqB1uwSWioambx2CVc81eeHWmRQUAp7Qw94
-p9DWhqcPdhqGZDRQGSolw8uXnSLKLkJ0f1VxRv7B16wwLyaMgdcwn0JaZ0iaQqwk
-VX7V3OnRpbaji+7pkoJUetbyOwKBgQDmq1mSa8G+/5K8CURJz6K7/ItI29VCFm4t
-ggeQ2QdjpCEhg7b5wyW7Y+CjbWoUx/zKnT4FFX213Ca3TaOKn/sU2lu0J7AP4A85
-yV6JizecpU/aDsAelezO4PfpAdHiUN49lWt6VCTWzOM/+hKdLE1GVpOfqBCtEEYZ
-DJwS8JdIMQKBgHm9Sl16OqhYo1W20jaTc3dQXnQ0cR1N/TNswPaxGfhjBsXW/zb9
-l8aUAs7lPMiQYX+Gq5YThijykoE0rWNBjuYEWEtKaxhfOrQTxhl5Wp+4G1v10++e
-uEdQ+zPMtuH6vQu+VzE5EOrlvVOokGl1yhAR+IBIM2B945k2ckpu1wXfAoGAEGtY
-B+UluGvGzR23v61I/yqd24TSbE7ebtzXnwbj0MLpHNKcXrD2aZ1VayyppWsK4n1I
-4eHCvgQ6uUeMgZybqcNVTcCZdrfTPaDI2u+O+NaHlZUBNewkHCHFY8+eWga5mxac
-vOtqZ+PTtUUeuBNkOMKG5ZF4BmmnI7dTEMIRcrECgYEA0LJjKYwHmqHXe7Yel/f5
-6U3fQka70cpS0hg9T1qHlC2A8Goj4p2uchJmRkH3uYd0FTtImkoiAqksnWu949pI
-YFdI65eKm/7a7Pmoy0C7TMM6pN2ibbN7XBoZ7bZ6Fj6FI74MLgUBUIwMyKXWRhTX
-RWpegcD8h8CCEagLjZ6PN3I=
------END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-odfe-1.p12 b/roles/ca/files/CA/private/dsoclab-odfe-1.p12
deleted file mode 100644
index ed4bd60a1d96595774f510ecfd8c864a09e8d338..0000000000000000000000000000000000000000
Binary files a/roles/ca/files/CA/private/dsoclab-odfe-1.p12 and /dev/null differ
diff --git a/roles/ca/files/CA/private/dsoclab-odfe-2.key b/roles/ca/files/CA/private/dsoclab-odfe-2.key
deleted file mode 100644
index 6b56b08c72d66f58917d079dadd02f0bac21718e..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/private/dsoclab-odfe-2.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDHpeE/4KMiafG0
-FV65PNvXRLvZx2mUW8F9ozRNPogK4o8u05iUrrQfSaP9SycWcKsDq81MAip77Tr/
-SUkuO4j2WYUm3je0R54cvqM4jrAia8rFEuW+QJxXek0CDNsTxZ3Shd+ZVzKQN1QI
-FkYBVNoMdzFjOUYniD/0rU7m/Qo+nZiaU5iQvpvu47KRx38/obli+HoezLQj7YKg
-XK2Ge1BTyexXBEQcEvYzP2hC+LcvJZEcqrDfF2vtbcxtp9a3B2thpRZRnwIHrbJC
-QsoLsS7BbpQtPl6ISI+2ixWwSI41WOq1kJz7Wvr1xye3ETB6yzZ8T+pSAEdA6fDK
-Z2My4DNzAgMBAAECggEBAJlsPTQ0cckRd1/3iCp7vUmplV5fYyBSftgI4jl2E1+i
-CXxnuPqRYvQkSDRvW2NgQ9t3XDXL+E/x14O1EtrHf5Io6y0aWd5dpwDZ816UMIDT
-KyjVQ943kq2a27D2piiElarhnBofq0iubBIm47dEOKiZtEdXDTV1/AgQYvEZhZTl
-dZWsX21gP6YbMgGE/ZFz2tMjFlaK/f0XygJd64gGwwt0wzhBnJsb5Nf1nyrqfuNk
-XIKXQCBx3IbFxxHSd0LxeokYR1+nWcdw2i2T396UjlFJn4n58oPJEQSQAuq5RXHe
-aJDCiPLx16Hx0sqSgwXfjptXwdxYt7DQKYZkYHdUZtkCgYEA44g/xK6aUJWfhc5n
-QeOAB/maCa6GmSaGhvjIjOVu2nimmHl4jBF3Fi6FyWG8Tqj7XBgDaByuLBy5NIAQ
-+/cQ3IGMHlI7SboQRllmsUMrCApOFyENBn5V+2dyCIRIqzstYHWGefv9ElrCroZa
-a/XZrDGO2zj3psoaKwat+b9i710CgYEA4KCC2NnP7henjH/rDbQfebIg+NSBeSn4
-1PDh37p3vm0gIclhygWS9vL1ERlvt9N3o272ago9jM+PaVK9fFBiqGuMU8X0/2qx
-LnPppWUKY3WKPkDKSBgz5J5jkTTneL6wPLY0saHB8Ob4zIKpfh8dsIXBwmiYsmO1
-x+q+HAL7EQ8CgYAjKZsxOgp/CaBtfUhX1mCi2uADPwVuBZYkpa3YmFxZRuv4BE2s
-18Yfl3D1fjUrstGlmdBs9oG0L3wvsNrvFW91pE+TIAIpkqeRN5+3JToxM+Z9jI4G
-wt9mysXEqyzPyYVpsr/lehvSClSrw/eVV5kcE0yQdG1RSUph+9ZHElynwQKBgEcy
-+WaM27iHLOd+4F1um49yY7sbeJKUODgeximpLC1i3412DJYBYE0AQ6eQ3XVyBPj7
-wgVoi4vneniS7lbKEAt8U3V2SKrxAYpM2WFAfqN57UDAPp3Ndh1gCwVKtJf0MV59
-DoTDVfrq6y+/tsOwTzPVoc3iY4wfyM2+XVX5p+UHAoGABD84C3yYWYZ9gBkEkXHH
-jjKUcDCWUTcbErUtaloI9AU+Fw3XP+H21b1ahblQ8JtGcGIosYLOGreZyjN/gVJO
-Us14LTFkYwnSQMJ0KLmfZ2qEL89xl8fIFbjmccJUmW01F1y2M9yZVTVeNiAiq/VL
-j+8aCEyjHb06KrRCjseb1u4=
------END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-odfe-2.p12 b/roles/ca/files/CA/private/dsoclab-odfe-2.p12
deleted file mode 100644
index 106170ff7a325bccade7cfecf2f60642e866a4a0..0000000000000000000000000000000000000000
Binary files a/roles/ca/files/CA/private/dsoclab-odfe-2.p12 and /dev/null differ
diff --git a/roles/ca/files/CA/private/dsoclab-thehive.key b/roles/ca/files/CA/private/dsoclab-thehive.key
deleted file mode 100644
index 6d4d8bb01b413adbe679481a68241bfe71a1c9dc..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/private/dsoclab-thehive.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6xU0gpGC3YSHt
-FqFvcsTeoQDA7/xdoYk0BxXStDoUuJV1joFxSUYdyIHL8ezHWhL2iWDkyJgaYcgt
-Eo9z7vidiLV/MHCXKbSrQy3c26cQR8e1JpsRhfvTJ486VbzqeBe4iRCjpBBgOcN/
-QiWp/oR/OF70PcOYPVa5uoEGVY1lEvBOI4gdmAwvbk9n/U5nOZG5AVISqp67esjq
-j0otGPhpmjqgyG7j3sbbvkxZ4M+8NE8ssO8+glrfaL64+8xfavI+ZtTGxfYLZ+lk
-hRWHYG/ctFsTb7Cb+PPawZGegV8Wyp4UAcEczirTyDwPvrE3qskIaCve+URsHpCk
-Erz1PEa9AgMBAAECggEARJH9cBeJfqoFp6LgYCd1yfq4aR1yvPl6gwR66aHLlSHz
-lXZdZbcuK+8aYEMQ2FvkjGkBjt1qonz13j5rNngtBMFVST4CiC0CrMH8S5LFMj/4
-PTTQR822F971QciKlFbE9rYzyrCIZpuuf8FMTK4p/P84NVmbvv/+IDAuAKJWSB3b
-TXVeYzqET/cENXrNZNsTMHVoPAudtsHXXa5w3yXJXhTlRQrjMtMHgV+H1O2iOvi5
-IAJUm2HVmGON9aqQKZlzYvx9txSBRczEwQK+fLPoXGEG/KhskiBPMU0y9a60SV5F
-Oi94zzBCOSf/k+C4+EhkvfSq727ZFs60zGcoEW7rzQKBgQD08umyOtqJEB6dk5hg
-RA1mc3qx332Li0Ep9ciPD0oOyt9H/pQBMYHlV4Vf26dmjxg7XMPqB38topjbnVcY
-r1QigQ8tnHXktcO1tUpx6MhTkN4sBH9dvZE4TdBiarlcThgnuCfZUhjyfyr715tR
-BIC8TA9bd/6oUaf/zd0S4aGcEwKBgQDDMnKe7PoDlHtjxaiDs8VLRRgNKocT/jaD
-SZ5j5a1e+fvIK+lqpW7pXT/AlBVvxC6ke2Zb1csgndgF0p45ZO9WsB5fV3x8AREM
-zIvrqpH4hdRBEF7o1syVDMXmTQLsPOLzj6B2UC5mpqoo2GkI9yyXpJhNR0kqzkDy
-Pclu3xZL7wKBgQCZsFAxI/w6Q4LyG8lfnVNLFOnG8RM0mwsn6K8OE+nDnka6RWFX
-3lhCLcfhfVBraR0rIelKzaleWMbQBMjBFEEV5SRA2gqele1V9YngLs6CoELGG4xO
-pMKZMTmuhogHAnjlcwaNtJUykdfGbGFnVAvyGUcJfSCrO5DNT72GO0vLQQKBgQCF
-WyPf2/r7Eygxg8qbH+h8ghnqdNGQIS9RBqzFhxapOpR/rzBrAdcCbAiwIvt6Pke3
-a+8Ecs2x3OTHJZufjovNZ8l4TaboeToSynQVb5UGezgFs4+D96wRcIaLzrVefEJ5
-L/jqm+D3lInQGfm4fFXkzDiZI0ijjAHm/btumc771QKBgBTu4KvY6rzgmHbymux1
-+tr+xl3/Nb29XQJHpZV+hgFGg1+aWaR9c0WXz9mKovBanEUHJb5khqFQDFZuWMNG
-tNQ1JbwTXwxmAfVJbLYbSHnuePkh+qtpmTVa3H5NdRBI/062/Km6Rxcf5JljB8/J
-k+SqVxdKSTfaWxGqyyAZgVis
------END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-thehive.p12 b/roles/ca/files/CA/private/dsoclab-thehive.p12
deleted file mode 100644
index 4651a2126460e39b52b3c9404b73b982758cf006..0000000000000000000000000000000000000000
Binary files a/roles/ca/files/CA/private/dsoclab-thehive.p12 and /dev/null differ
diff --git a/roles/ca/files/CA/reqs/Arne Oslebo.req b/roles/ca/files/CA/reqs/Arne Oslebo.req
deleted file mode 100644
index dcf639293b92b30d5786fe09e9e1b6306274e43d..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/reqs/Arne Oslebo.req
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICWzCCAUMCAQAwFjEUMBIGA1UEAwwLQXJuZSBPc2xlYm8wggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDOTAIZIW4c8u2T2P28GqTCETvhVXPlJpLT2eim
-3X2iHb5qfGQGOWAzOH1qyomd5RFYIWnzOohe6uUu4Z27AB9ZGWlPazI9LxralT2Z
-lVOfsurbE0hjLUrcDEumHExi4tARJWfLgFIC6Pg7POvL9HEDWr7ZoEn+0XL+T77h
-rKHtpRUG9E7JBqubksI+uVgM9BUOBMCRG4VznbaXoWxwChqgzkyNrCnkxRcAJgNE
-Mqh7g1JJQ2ARU8geuOufH+MTVIF3xEdKLiCNSIyRLuDU5TcLXLtfQDeS6WA7oPmY
-f22zIJI82ozweYHy6ne6tHsGVHWJd36tCDquHtwcEWMIQxSXAgMBAAGgADANBgkq
-hkiG9w0BAQsFAAOCAQEAg1Qb6ZHRANNpMip4Swkowrq8EqkMwnaei5l9ODVzlYa9
-Wo5f+kiGVMnza76E40/OOTRT8624hZEbaOzh2bLRd/9MCxE3oGWeSVtu/MOkN0f4
-vERTql3zlcIzOmQHXp2obtJXdpSt+8jlYbFQm9HV9k6qCnv+k9zjkIEkNaZ26NIa
-CzsR4d6J5l9B9eEnpZHEcbtD5SyB8pde3d5lGDkJ7tdwVc874cbxSA/402lOf6Gh
-5huX7ID1xN92VHEdtiwtOkcWjtzp87Dr0GxlFd9u48ctOmvfvxL/wBPXAYDnwLrB
-d89p+JzRZzr8eRj5KCEW2W7AbOVpaL05IBAR6a/4GQ==
------END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/Bozidar Proevski.req b/roles/ca/files/CA/reqs/Bozidar Proevski.req
deleted file mode 100644
index cde307a9f149d38650af558e1c9ac2150c93a326..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/reqs/Bozidar Proevski.req
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICYDCCAUgCAQAwGzEZMBcGA1UEAwwQQm96aWRhciBQcm9ldnNraTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJreAP3x6bkp2VjQRyHPS2cX96kCkxfP
-V1tv2yaQMAkL2cVmXvYiZqtIBqpsiLP9k0WkYMlfK2yv22heJ+aFcSe3IFJh3xQb
-2gY5siEgSyJIt0t2RAKxiV8OWSLLuckejaCsKF3lrsjqzAUgomAREo1tiApz6Hxo
-nEgsyajGncM8wef0B/dbbkI9PQ+Fb+K5iKnQAoS4GWquE6GXUJgWyAwbvQLIX6Mv
-c34l+IznkkPHanW8heocRyjOLJs6j6gH6YyKdT7BlzLO48XKHgrXPHcK0qtRw+Xc
-N5AaNb+gSqq9OO+ebfiBN3/TdyPGW2OYZAcvR/19IS9XwthEAMIpInkCAwEAAaAA
-MA0GCSqGSIb3DQEBCwUAA4IBAQBI2j+FMBWk7pwuvK10IHSgJl+MW/PS4LALPy00
-QCo6DUrkN3EsIY+wsY+jCUS2VGTlOehilOywH/RpmhFBxT3N+NmSyRHPhCBAJAHF
-lmziZfPU25xOt/q5TAbBgEgWJuZuMVUEXY0EV/BxHyaZLPOFogXMijP6jhLxx3yg
-8XU3aWYyFu3Dl5wwvhgtgXN4Bt5jHK7y4Cy+ChrybXabU6x380XlBDnlBLCmLmPP
-ASQ+xzmacFGIY3SVqI1sHBgSMGueVQLWmGEgT3uD7mX0sD1teFR4MA6pySrkhJeg
-7kZiw1lMNnFziruBsrk0wfVK5X4fy13lfOBZEc0YgVykUklo
------END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-cortex.req b/roles/ca/files/CA/reqs/dsoclab-cortex.req
deleted file mode 100644
index 1959ae3968783dc47efbfd43251a6fa40b20d33e..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/reqs/dsoclab-cortex.req
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1jb3J0ZXgwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNCWsUM0pHdVvT2Wc7Ta0fpx8zq4axqjsJ
-qxqm+6BgBONoMw6FVNFwYYq51da1bMKzNgKUtx0Yk1+Igf8q9JlYbdeW4tJkd7l0
-RDzw+1sPQ304Xf6w2wV6qcUQJHUTyC3aab7jQzPwKDCaU/j40xAyNewdh6seLLUA
-fJ+PYeBdVhWMRkUJeAJ4EMCvLyVswlvtX8EzC/jIE9zfw/wFkP8Gnsu8HSvCV/K9
-qiKzS/XKsrgAGPEUELheaZ/t/ASD2S63mopFHFRxj2ECaoqEL2ffkjoMX+W252wn
-aR9bBtZ/5t+rLzGlzWMyYMAHUGwNOctorjyy2g8gBncsKKs6MJIbAgMBAAGgTDBK
-BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItY29ydGV4gh5kc29j
-bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBABmN
-TbZUl+mAgRYgyBhG8QxYAD8sLcKqPDrldqy/5qsGuLQSA4txQ7uEMFb9mr5RsjvA
-rsKljltvjmEMyLjOio00NanddY/qTAwqfk8VoPK49g0Sf1c73E/84JwhzjzTqR5v
-4Evckh4r2lrgtqos0sZHr5SUdYiMpAJ18WUAp+PCa6RydUt5+Upwu391lgjQpSr+
-M7DCM+KDSZ4X0eaSf6oFrfNA035FlDaHdRHGMIW5aE+fBXSXEU7EwgjCEMuy6iLR
-Arpjo8t2Kj5P+zJVXo5021VhWtTR221GI1v+JJxSkolHAziTohsj45m0jA1cCKbL
-bzpzNH/WwlpNEH7tWGs=
------END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-haproxy.req b/roles/ca/files/CA/reqs/dsoclab-haproxy.req
deleted file mode 100644
index 7377346b4e1b94227e731ebe0c462eada026a77e..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/reqs/dsoclab-haproxy.req
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICrDCCAZQCAQAwGjEYMBYGA1UEAwwPZHNvY2xhYi1oYXByb3h5MIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycciMwsLD6CMxKmBN71RL0cy+huIRbG7
-EUM93rNwZ9eLOVqPE/sveAixsTLG0Q7k0y4624Tb0mVrJiRs1xblpZCOAkYTAgqW
-ZkaHt7DuVkw82K5Mfe9bqm4Bjon+TLnebLrkP4341zrtsimaW6xahmYF8xkvWY18
-i2qXHkOKNoCy6eGE9pS8ExExuNJacu1ow7E35FuRgmKqE/K24DqqhWZwCqmtXKdS
-/9z5mV7lFdUM/s0ny5ieWmnKcXQx5ibf7NJCQ7nzBI4seiim+Y66ZDxpDqz13NXz
-KlBHUNSM9e4xCHNpH65CHVKEXUdo3aMfB1fsPp4NI3gWQbxo8k/pGQIDAQABoE0w
-SwYJKoZIhvcNAQkOMT4wPDA6BgNVHREEMzAxgg9kc29jbGFiLWhhcHJveHmCHmRz
-b2NsYWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEA
-afvEI0PRtJHdn9wjijMSmeFqcKb7LrV3cXKgMNlps/7+D9S3E2id457QpHLteOLn
-G7YOlL+xddxa/rn95ovL/p+qU4i4bPfE3tG/Yj6GclQTNb4JWocZq6ukgDzPaLPu
-7XyS42sreCN8QlDuHDM+lNpb4wyzyLVKV8pUGLn9QjskKvAFmwXNOV9X20RLSlAo
-NhOYFxCoiwcCT/wyOh83uh5FcGOzZOPrG/J95rV+RyYOQGttu2l00nDVTD7Gbjza
-tv30d2Gj6tJAxTqXZm99qJ8zi7wBgymX7uQoaw+D4uZqRCzUqgEe9j72N0Jh+yF0
-/wo9Lx4oVJj6GR0I7jY24Q==
------END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-keycloak.req b/roles/ca/files/CA/reqs/dsoclab-keycloak.req
deleted file mode 100644
index c9316cf972da90037dbf93717ca8dc9414257150..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/reqs/dsoclab-keycloak.req
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICrjCCAZYCAQAwGzEZMBcGA1UEAwwQZHNvY2xhYi1rZXljbG9hazCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOqp6msvbJyfbZyJTgG6xsAy31kmK5X0
-wj3IfiLOtngD6CIogZyapqe6/QVmo1CBhXHB2eq8IeFdCod7vlWwfQFX3kz+OsXJ
-VHcuFfwSB/jvn3v3CQFwdVM73LEMZU1JxPsdQiBvgUVC09sdTFcbHTuBOe6yz5VL
-KdCoOZjWkzaZv8VDJo1N220kO/wWdqH9b8YZEccSDYAWTIjaLAl4PRt8bOzbngFQ
-X6NWf9Q7pCbSbUJ7iE6NZO0eGg4FWGVYR4NgnrTtFc5yT6C1It2fpNqIhv7LhG5y
-PQBC2ouFKvLv1+67hUK6ufvZndIsWA98AiO3RtBpBjdAnVh0icq3EuUCAwEAAaBO
-MEwGCSqGSIb3DQEJDjE/MD0wOwYDVR0RBDQwMoIQZHNvY2xhYi1rZXljbG9ha4Ie
-ZHNvY2xhYi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IB
-AQAFuWENWuE+yIOLn3KkTz1HoJrOwzn6g/XkrhMcmQtRucKd9T1CMr384yWXkGcP
-f+BrrW/m2WSpPGikR6i+gW5aW1zKOtu+IABFpjsOcHTuKZGjsAgzSWXIffuNzrMt
-TvmOdtlez0sBmxPQ+JmpmNkGzSzEr/qnMxdxHonn17/pLV5P5Z4Dy5vMhTKlw32I
-1C6gD1yfjoF1nI0BWmu6vSih1IBApR2tdexa/gGZT68z1XncTD7zzUnPBoqWJjJf
-7NZ/HUxmQBcM4/sYNFnfx+XHY83Hm4+i2PS18SgC7WN+GTaGnOYdgLPbUGwCEv0t
-TnDRqK0EfRbr8E/6wCgkyhz6
------END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-kibana.req b/roles/ca/files/CA/reqs/dsoclab-kibana.req
deleted file mode 100644
index c7425201deb9b14a657ea917f997e047b37d6669..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/reqs/dsoclab-kibana.req
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1raWJhbmEwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOT8kPhE1Oe9wRkMlJqPNgRKglG1mDZAvR
-4LxZUCKl9Yh6yEBl5CI9d9KPnjAXgF4ghbxwZ2HL2OKfmnx7puhOeXvNhm4mUjdF
-tqu3b0CPelWL0ZHMIW9VN1A7ch8tO791R5GIahzqOd2LJTFVDrxSb78Llu/jElza
-YyJU5bOViwKeVz57T6D1bweoW0V8yzSDdzSlsf8FEoiPzMQFXennfSsS+rtNJfT3
-BOeVBpXqqcR1TvcDZy2cmvQB9iqNbG3QWanOHxKxdjnIB9Qgcx7znLlngzuofG77
-huo/ao6YTDmp0U2+nwpDSRv9CWe2YnH9h5pjJQCqx6FNIxLjVg9vAgMBAAGgTDBK
-BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWIta2liYW5hgh5kc29j
-bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAD3L
-9U2PcNoNGQu7wDkVblw29QoEkbm7yXvcXt5fFlcd85Tw3+Wig4fXC2AVLBxTvK7C
-1wLGTMVtQfzH7+H+xQvhiQG+Rz2dLD6K10sPK+Uj5iXZyyeb82cqw7QwaH40jCot
-uLgvSIIrChFWGijW0tHy2UmHjTh6+cPzwGe58yYXTK/OBJwbEKKox3IL9XtF3QJJ
-wNhuCYPNbNmy1qZQ7Fny9cCU+syHDRkJwIYBAcfKVvq4/L7txkYZasnoQqE8H2Tq
-UnCOD97mt85wXID6vhi8gqUvujr/NHqCIJqd4yZ3fi8/uxbK2Igw6sr4d1y90Dj5
-iUsJ9h+hlzojGLzqB98=
------END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-misp.req b/roles/ca/files/CA/reqs/dsoclab-misp.req
deleted file mode 100644
index 051c713561519155d72428452581bd9dc4b891e0..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/reqs/dsoclab-misp.req
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICpjCCAY4CAQAwFzEVMBMGA1UEAwwMZHNvY2xhYi1taXNwMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7Eb56KucIFxpVdGFC5HZIlOvX3wgi0DGdaH
-RLNCv3J4A8yRmFs2QhRV4oIWElhgVESPFfYbH3Y2Ii7orNM8Ct9Gx/EEvDq//kuP
-KlOD41CCBgn8Kvr+lKB7f8I+Cz7ccriUEAoLkP1FdimFUr8PIEN4/jvTSSCPmqUM
-ibsOl/JnsC3wF1MlpptLZA5yir/J445Bu+3zM2pVX41ShPqjZxp7cfuQ8V9h30Tq
-C3eI8uXBg3FYx1iKmzlFWU7g2xa2lnKQjO7CE3XqFcZr4tw63sgH3hiELZa2xEzh
-Sk0Tb2yaHeX5b8x+G0o6dRq5N7BtoBtpNfG25sKl01bTV8cOiwIDAQABoEowSAYJ
-KoZIhvcNAQkOMTswOTA3BgNVHREEMDAuggxkc29jbGFiLW1pc3CCHmRzb2NsYWIu
-Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAdn/gw4DW
-EuPNCWcDYqlXVmwo0a0Enf5awha/1A9IxU22Tl4jv7KOb+SFRRy6d2UURGP+12EB
-iUq7e27L9byhs2gR9xXrw4CQlLjZ7egRg4a6fW1YeL2gKU68PvppOyMGxxH0saCL
-LmAM5N8ClvujX8wvLudCXu/NNrsBwQGaQ5CXtysYXrV7FyHwkO7FP2CTbvGbyYj/
-WJT8g3P4RM3PKd7+7+mmNoqKCOySj1gnB6xEn0iPoBWRRcC/2SlyUXi6idG45C0p
-G04CKFxHJHn2x2nV+3Ym/1ctCTaxg5tGTrZ7Mw3Fkp2QGsmlQuq8ukeO0wTMJlyt
-41DA9acx/R0vAg==
------END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-nifi-1.req b/roles/ca/files/CA/reqs/dsoclab-nifi-1.req
deleted file mode 100644
index 6984cbb76e1391cc8e76c34ffbcf3407d5459cd3..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/reqs/dsoclab-nifi-1.req
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1uaWZpLTEwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDr++3oZVHX1XqfujW/dXjGWguch+QYqh5
-dtjS9lHfcYA3Wux9+214bjf+5RvI1XPkyaXL6EpIJsbgpl4ULJCxgbJpMeJEhZf1
-YBKIBp2Nz0qid7PZ//NBQEwh4XONmIIvNycMJNhnvccFUEDFqdDkP7sMcil8vgYB
-lgO4oELEb2/aqhc0X17zcw53tXqaWeM80TlQFy9TGAWCNCkbGVYuwtskeVEPqNlm
-PHIeoPcD1unlxrm+lOSEvc2TJus7F7vN5Vgl8ig1pLFw3zJUhfY8IJ+Ii12DosQe
-Mdmhdh0uPPh4ZKTdOrJWZb+oKqjtYsliLHK9nX5rH4DqvDNgR9MPAgMBAAGgTDBK
-BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0xgh5kc29j
-bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAHM0
-gTZ4mCfbnMSSETTVJM90A9LvYRYegrDd9iiyrHnA1ybJh4wfvmKYq1UfD04Q/wT5
-MT5ebLiCOtnicU1XtZIOdqVjrdHgYh5AiNuqGfWPTJ5714XtUfuV0U47iGgs8OtV
-W0C+DvWOm2v5xMs66QIMZRJObXiNjz/5NnigHAf0eyKj+fkmfB7oW3O28vD9drPk
-WCZYRFOTxEviwWAgapI5JCmlpvAu61gljYEDJhk7x+l2obOxEt1ibTJoobQCSt5U
-BF2ZBNI/nAKz6pQhj1bW25Gc5o2QM5bkv7uIzjHMprgGMKnJnbBZjEBdHKRxv7n7
-Pa0EZRioaWxc7VVDYbM=
------END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-nifi-2.req b/roles/ca/files/CA/reqs/dsoclab-nifi-2.req
deleted file mode 100644
index 31f0180a40f7d46e29d16f18b3226e56269f5506..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/reqs/dsoclab-nifi-2.req
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1uaWZpLTIwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCst0vi1Yd/jhWbz8AX69uM4xuDwGm5BpGg
-m8Y13C/ojHIoUAKCxbHr2tnjnZXS2d3hCDVtg3OVmLoZ/T4EZ5oJN0V50x0L7ApD
-y7gkzGhczi6u20jYblrzMb6HKIZ2jo+NaJUfcmxlSvyeuH3ig+I9sDBdwXMGrpv3
-mlS4AmuCkBEIP9ZfWVzfqiVZwGd6/OHwyUqL4DG2UxPCv4xPOubtETCmQSatVo8D
-C62HbLJzxC5BPpkatilt4Nyvj0Vu1WkXDfFYpn6MgDJyJCHS6bREI/YQj59kf+/m
-q/FDlNCKlw7kkb2GuR9C9JY5hQUm7ZABkRGjHwRbRv8bqXR32xgDAgMBAAGgTDBK
-BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0ygh5kc29j
-bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAG7p
-jsz6CmL0Am6fDwlnBWML8EMgYcBhhFyiemX+6hrGxZLeTXCfFn/rSKpA8oDTfNyf
-OK2BceBxePb4JJDzqkH3lAdqsuEqByJMnUQfEpLHEorXl1CN2iMaQ4F/1aX7H2g4
-dwtdYcHD/vsBu9bP3q4FM+SKE6GHcpgM+R6gyJ/yRhSWO2pmdbxSGM7MWRHc9XBz
-+8kJNwhraGqNRYlwruCFxtqL3iMyMzz0x9QS4To1T/klybmCxZ+JJaFTdZtD5fFa
-aL1/PoTJUl01ycxiL8nS0vVwh/UyFe/9c2z2OnUdJo2rsKp8NHRnHpkm8SfxYy/D
-J2jaavn1ViQDB7T8OUc=
------END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-nifi-3.req b/roles/ca/files/CA/reqs/dsoclab-nifi-3.req
deleted file mode 100644
index be09de63a31ae4519ae390fd681f8b97d05275d9..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/reqs/dsoclab-nifi-3.req
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1uaWZpLTMwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnSKDTqx6MSWCLuL2aqlwJYgF5icnlXzBk
-OMrxlS1IIIHvYKpv0e+0rImO6fUWfWQHsDt1w+HhFXFkYI8VjhaL3riXeaeDGXdb
-qjaCN7lRp5W1H6ydgcbs+xQ6hHcenN08BjChXtCPsMlaE60OVle8HT++10xLN6KI
-ck0aYogIoFe7IM5+r7dy8u6GGrEoO0H00+oUdJDhM0EakuIu7NMgYGBh1vwOP1dD
-iF8QKSBRQEbtXZ/RWudLUvTUI2BKIqeSbNTLIAGmuVNxenEC4QVyQaVCn0FHLDB+
-DLFzzPdjYCc/PTaTFKp+Eu0b8ctN6HwyIFD1LX0GCpPPeoUrC6axAgMBAAGgTDBK
-BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0zgh5kc29j
-bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAKKZ
-4Wy4xgX3E+O7mrt791MpRJTTl4qE0bgn54Y7Pzz2Do3SNeC7OpCtFHAVVfGDjpKY
-vac+9+rtdn21ttT7IjwOIao2vKUdxzbLhqM5onUDQmattCqvh5ewMtH4rVfbKg4C
-S7MlCb9tezg8zBx6T9ZO7eoTcIZwnS6jEoRhNABb1D46AAfEkW/4psXUpJ/e1Vv8
-UFt+mGqLIzZ2MLwINv7RM5koCEw/9WU4haEjJWvvTLmXVedV3eDidJCFQrNwRF68
-/VHLs21e+lZK7t0wAWGf/tzQOTzgy1AydtMI1cpRVFV1OcjEvSwjZProAVNjqBoq
-CHJSL39w3B0+e51cKUo=
------END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-odfe-1.req b/roles/ca/files/CA/reqs/dsoclab-odfe-1.req
deleted file mode 100644
index c680ab26ebc91c7b59863531443390ac7f630772..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/reqs/dsoclab-odfe-1.req
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1vZGZlLTEwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlRvZxzqI/YV6b88ZhiIeZCqy46J08X4xg
-K0FbNvs5Cm+hFgIxrA29Dv+VWdjxIWu9ltZ7eQHRZRzKCSJQMAHq7bQpv7RwJduz
-Helz7WOTAkyQIgRtMXQxroU8Eo2z9pIv3nV1j8ql8qISlPvoczA38Xy1TlmrcXMm
-gJpGjUmUsAnlJxA0ncBTO/p3LgbAc44Pmh6MJzIM6/LSDKdSSMbuEiEV40UwiYFj
-f78KW9EFyBz8X7u4giqSOzquGZ3pp2J8CvLCKuao1JsKqKJa7OWjGnPggz3S6HSp
-C7DksP3+rR5X6A0gfKofMWm1DYw/HI3c03Fb8QRqrrktqL4oEfVLAgMBAAGgTDBK
-BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItb2RmZS0xgh5kc29j
-bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAKzr
-ygHDc8j5mTfhtfsRGfnEGfZiLYCV6YGBDazc+JaQiKzRXb5FWWTPbWZ0EtiQyVJA
-J/yfkRQug6qQKLaNa22br7iP1LrPu0xQD6uTH9FgYu6J9YyfibBb0aav8em10JGQ
-fdW7AmpLRwdLVii+DwJURcd5GEBBYyRPJzwloQmktPoBsnQ1EATqcStasE6AVoGu
-1h2jlb6amEGJzUIe22CDuYs0SO5wHrn/t32EC4sub1I+jjmbiLo0r7uku1JAHT/C
-wL19wSfauW079sNjgBPgJkFbjIW8lC4VQe8X0YmCXT/d6dqsPc3mJPK3AojYZGaM
-Df8uQI9AQthiaGo1Yr8=
------END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-odfe-2.req b/roles/ca/files/CA/reqs/dsoclab-odfe-2.req
deleted file mode 100644
index e97a63925ee9173215adae268769715699bb0dda..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/reqs/dsoclab-odfe-2.req
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1vZGZlLTIwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHpeE/4KMiafG0FV65PNvXRLvZx2mUW8F9
-ozRNPogK4o8u05iUrrQfSaP9SycWcKsDq81MAip77Tr/SUkuO4j2WYUm3je0R54c
-vqM4jrAia8rFEuW+QJxXek0CDNsTxZ3Shd+ZVzKQN1QIFkYBVNoMdzFjOUYniD/0
-rU7m/Qo+nZiaU5iQvpvu47KRx38/obli+HoezLQj7YKgXK2Ge1BTyexXBEQcEvYz
-P2hC+LcvJZEcqrDfF2vtbcxtp9a3B2thpRZRnwIHrbJCQsoLsS7BbpQtPl6ISI+2
-ixWwSI41WOq1kJz7Wvr1xye3ETB6yzZ8T+pSAEdA6fDKZ2My4DNzAgMBAAGgTDBK
-BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItb2RmZS0ygh5kc29j
-bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAA0a
-Y6OxjtMpOkPMMTCOeMniiS4yzTxgfWe4ky6wOGE0E7ZXuQgb58CypGd7vJuUJvv2
-scIov+MH65NqswlHXoENSi1j042gc9+ce/Jr1MsLMwVW0JaY2fb5uxj8oi2GTcyF
-ldcLvD6Ga/zCcyttkMy3zidOlWUd0VsMJFyQl+N9BaiUOoNP3M0ux22FQ0a6OcG4
-GlsD0w59dx/jYKlmp0eKFQ7ogaYWu3O2X+BFMigGFq2rISd57WdEZk+K8ZGazNW8
-li3076e1DflticRO/uy7q9xzvuLFlfSFLoQgem8Zp9CgNJYfa/QVnfVQH7iZLm2K
-8AHzPPLphDavqr2iy5o=
------END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-thehive.req b/roles/ca/files/CA/reqs/dsoclab-thehive.req
deleted file mode 100644
index 1bcb0467ac08e107f3e7c80da3257c8335d48d0e..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/reqs/dsoclab-thehive.req
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICrDCCAZQCAQAwGjEYMBYGA1UEAwwPZHNvY2xhYi10aGVoaXZlMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusVNIKRgt2Eh7Rahb3LE3qEAwO/8XaGJ
-NAcV0rQ6FLiVdY6BcUlGHciBy/Hsx1oS9olg5MiYGmHILRKPc+74nYi1fzBwlym0
-q0Mt3NunEEfHtSabEYX70yePOlW86ngXuIkQo6QQYDnDf0Ilqf6Efzhe9D3DmD1W
-ubqBBlWNZRLwTiOIHZgML25PZ/1OZzmRuQFSEqqeu3rI6o9KLRj4aZo6oMhu497G
-275MWeDPvDRPLLDvPoJa32i+uPvMX2ryPmbUxsX2C2fpZIUVh2Bv3LRbE2+wm/jz
-2sGRnoFfFsqeFAHBHM4q08g8D76xN6rJCGgr3vlEbB6QpBK89TxGvQIDAQABoE0w
-SwYJKoZIhvcNAQkOMT4wPDA6BgNVHREEMzAxgg9kc29jbGFiLXRoZWhpdmWCHmRz
-b2NsYWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEA
-SrEnsOQ1zqalbv8SBBMBhRXlrKH74UUc8uhwqS9peQv0ILmJQqZ2FZx3HRyRcM2X
-30qhiND97sMs0H1D4ViDAk5lScX4LNCgPx7YhAVtxXAR8Y1An47GQHF2ln1veRGo
-UJ6kZO0VTnf0TSWAbEv2EwHIT6GsRiWv9xDebrtRByZXWEJF2z/PkAMfXOaYHu+9
-ZHc7oyHm06/iN9bC7n6dfPSq+odfuYKYc90Bc5pS/bOLZuUCNuWS8fZ1QdtaTAdK
-FGms4qBL3IIWWrKzxGBtCa0B/fvCrqrNENaE0J5In2nYiobU2A8wdAb3qCrMHsDW
-sXrXrXiWYjb0jUyMIOsKhg==
------END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/safessl-easyrsa.cnf b/roles/ca/files/CA/safessl-easyrsa.cnf
deleted file mode 100644
index 936ba8b4a76789eb9c7d2d01446cae2905c65965..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/safessl-easyrsa.cnf
+++ /dev/null
@@ -1,140 +0,0 @@
-# For use with Easy-RSA 3.1 and OpenSSL or LibreSSL
-
-RANDFILE = roles/ca/files/CA/.rnd
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = roles/ca/files/CA # Where everything is kept
-certs = roles/ca/files/CA # Where the issued certs are kept
-crl_dir = roles/ca/files/CA # Where the issued crl are kept
-database = roles/ca/files/CA/index.txt # database index file.
-new_certs_dir = roles/ca/files/CA/certs_by_serial # default place for new certs.
-
-certificate = roles/ca/files/CA/ca.crt # The CA certificate
-serial = roles/ca/files/CA/serial # The current serial number
-crl = roles/ca/files/CA/crl.pem # The current CRL
-private_key = roles/ca/files/CA/private/ca.key # The private key
-RANDFILE = roles/ca/files/CA/.rand # private random number file
-
-x509_extensions = basic_exts # The extentions to add to the cert
-
-# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
-# is designed for will. In return, we get the Issuer attached to CRLs.
-crl_extensions = crl_ext
-
-default_days = 1080 # how long to certify for
-default_crl_days= 180 # how long before next CRL
-default_md = sha256 # use public key default MD
-preserve = no # keep passed DN ordering
-
-# This allows to renew certificates which have not been revoked
-unique_subject = no
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_anything
-
-# For the 'anything' policy, which defines allowed DN fields
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-name = optional
-emailAddress = optional
-
-####################################################################
-# Easy-RSA request handling
-# We key off $DN_MODE to determine how to format the DN
-[ req ]
-default_bits = 2048
-default_keyfile = privkey.pem
-default_md = sha256
-distinguished_name = cn_only
-x509_extensions = easyrsa_ca # The extentions to add to the self signed cert
-
-# A placeholder to handle the $EXTRA_EXTS feature:
-#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
-
-####################################################################
-# Easy-RSA DN (Subject) handling
-
-# Easy-RSA DN for cn_only support:
-[ cn_only ]
-commonName = Common Name (eg: your user, host, or server name)
-commonName_max = 64
-commonName_default = ChangeMe
-
-# Easy-RSA DN for org support:
-[ org ]
-countryName = Country Name (2 letter code)
-countryName_default = US
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = California
-
-localityName = Locality Name (eg, city)
-localityName_default = San Francisco
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Copyleft Certificate Co
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-organizationalUnitName_default = My Organizational Unit
-
-commonName = Common Name (eg: your user, host, or server name)
-commonName_max = 64
-commonName_default = ChangeMe
-
-emailAddress = Email Address
-emailAddress_default = me@example.net
-emailAddress_max = 64
-
-####################################################################
-# Easy-RSA cert extension handling
-
-# This section is effectively unused as the main script sets extensions
-# dynamically. This core section is left to support the odd usecase where
-# a user calls openssl directly.
-[ basic_exts ]
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-
-# The Easy-RSA CA extensions
-[ easyrsa_ca ]
-
-# PKIX recommendations:
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This could be marked critical, but it's nice to support reading by any
-# broken clients who attempt to do so.
-basicConstraints = CA:true
-
-# Limit key usage to CA tasks. If you really want to use the generated pair as
-# a self-signed cert, comment this out.
-keyUsage = cRLSign, keyCertSign
-
-# nsCertType omitted by default. Let's try to let the deprecated stuff die.
-# nsCertType = sslCA
-
-# CRL extensions.
-[ crl_ext ]
-
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
diff --git a/roles/ca/files/CA/serial b/roles/ca/files/CA/serial
deleted file mode 100644
index a09a0c3783cdf79ac1c2fc8708b6d123c22e0f2b..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/serial
+++ /dev/null
@@ -1 +0,0 @@
-A7217943DDD1145BC6F68CBA362CB35C
diff --git a/roles/ca/files/CA/serial.old b/roles/ca/files/CA/serial.old
deleted file mode 100644
index 576257103e125420328f8dea4368ca88ed4e365f..0000000000000000000000000000000000000000
--- a/roles/ca/files/CA/serial.old
+++ /dev/null
@@ -1 +0,0 @@
-a7217943ddd1145bc6f68cba362cb35b
diff --git a/roles/ca/files/truststore/SOCTOOLS-CA.crt b/roles/ca/files/truststore/SOCTOOLS-CA.crt
deleted file mode 100644
index 04b1f203d036d2219c23c4ea3630115d68510eb8..0000000000000000000000000000000000000000
--- a/roles/ca/files/truststore/SOCTOOLS-CA.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
-BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
-UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
-Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
-M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
-c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
-tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
-ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
-8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
-EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
-JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
-z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
-XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
-CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
-nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
-GPiQTFGknE1U
------END CERTIFICATE-----
diff --git a/roles/ca/files/truststore/cacerts.jks b/roles/ca/files/truststore/cacerts.jks
deleted file mode 100644
index 9d4001b7d9a466941cda896b6bf145bf2f02020c..0000000000000000000000000000000000000000
Binary files a/roles/ca/files/truststore/cacerts.jks and /dev/null differ
diff --git a/roles/ca/tasks/main.yml b/roles/ca/tasks/main.yml
index 6ca350a28574cb3e5fb0accbe8244420c8303614..e851761376265268c0ea7af70ae65d47d789a43f 100644
--- a/roles/ca/tasks/main.yml
+++ b/roles/ca/tasks/main.yml
@@ -1,8 +1,18 @@
---
+- name: Create secret directory
+ file:
+ path: "{{playbook_dir}}/{{item}}"
+ state: directory
+ loop:
+ - secrets
+ - secrets/certificates
+ - secrets/tokens
+ - secrets/passwords
+
- name: Check for existing CA folder
stat:
- path: roles/ca/files/CA
+ path: "{{playbook_dir}}/secrets/CA"
register: capath
- name: build ca root key and cert
@@ -14,27 +24,19 @@
environment:
EASYRSA_BATCH: 1
EASYRSA_REQ_CN: "{{ ca_cn }}"
- EASYRSA_PKI: roles/ca/files/CA
+ EASYRSA_PKI: "{{playbook_dir}}/secrets/CA"
when: not capath.stat.exists
-- name: Copy cert to truststore
- copy:
- src: roles/ca/files/CA/ca.crt
- dest: "roles/ca/files/truststore/{{ ca_cn }}.crt"
-
- name: Remove previous truststore
file:
- path: roles/ca/files/truststore/cacerts.jks
+ path: '{{playbook_dir}}/secrets/CA/cacerts.jks'
state: absent
- name: Generate truststore
command: >
- docker run --rm -v {{role_path}}/files/truststore/:/opt/cafiles/:z
+ docker run --rm -v {{playbook_dir}}/secrets/CA/:/opt/cafiles/:z
"{{repo}}/openjdk:{{version}}{{suffix}}" keytool -import -noprompt -trustcacerts
- -alias "{{item}}" -file "/opt/cafiles/{{item}}.crt" -keystore /opt/cafiles/cacerts.jks -storepass "{{tspass}}"
- with_items:
- - "{{ ca_cn }}"
- #- GN43WP8T31_CA
+ -alias "{{ ca_cn }}" -file "/opt/cafiles/ca.crt" -keystore /opt/cafiles/cacerts.jks -storepass "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
- name: Check for existing host certificates
command: roles/ca/files/easyrsa/easyrsa show-cert {{item}}
@@ -47,16 +49,17 @@
- "{{ groups['thehive'] }}"
- "{{ groups['cortex'] }}"
- "{{ groups['haproxy'] }}"
+ - "filebeat"
environment:
EASYRSA_BATCH: 1
- EASYRSA_PKI: roles/ca/files/CA
+ EASYRSA_PKI: "{{playbook_dir}}/secrets/CA"
register: hostcerts
ignore_errors: true
- name: Generate host certificates
command: >
roles/ca/files/easyrsa/easyrsa
- --subject-alt-name="DNS:{{item}},DNS:{{dslproxy}}"
+ --subject-alt-name="DNS:{{item}},DNS:{{soctoolsproxy}}"
build-serverClient-full {{item}} nopass
with_items:
- "{{ groups['nificontainers'] }}"
@@ -67,9 +70,10 @@
- "{{ groups['thehive'] }}"
- "{{ groups['cortex'] }}"
- "{{ groups['haproxy'] }}"
+ - "filebeat"
environment:
EASYRSA_BATCH: 1
- EASYRSA_PKI: roles/ca/files/CA
+ EASYRSA_PKI: "{{playbook_dir}}/secrets/CA"
ignore_errors: true
loop_control:
index_var: my_idx
@@ -93,7 +97,7 @@
expect:
command: roles/ca/files/easyrsa/easyrsa export-p12 {{item}}
responses:
- Enter Export Password: "{{kspass}}"
+ Enter Export Password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
with_items:
- "{{ groups['nificontainers'] }}"
- "{{ groups['odfeescontainers'] }}"
@@ -104,145 +108,7 @@
- "{{ groups['mispcontainers'] }}"
environment:
EASYRSA_BATCH: 1
- EASYRSA_PKI: roles/ca/files/CA
-
-- name: Copy nifi host certs to nifi role
- copy:
- src: roles/ca/files/CA/private/{{item}}.p12
- dest: roles/nifi/files/{{item}}.p12
- with_items:
- - "{{ groups['nificontainers'] }}"
-
-- name: Copy odfees host certs to odfees role
- copy:
- src: roles/ca/files/CA/private/{{item}}.p12
- dest: roles/odfees/files/{{item}}.p12
- with_items:
- - "{{ groups['odfeescontainers'] }}"
-
-- name: Copy odfekibana host p12 certs to odfekibana role
- copy:
- src: roles/ca/files/CA/private/{{item}}.p12
- dest: roles/odfekibana/files/{{item}}.p12
- with_items:
- - "{{ groups['odfekibanacontainers'] }}"
-
-- name: Copy cortex host p12 certs to cortex role
- copy:
- src: roles/ca/files/CA/private/{{item}}.p12
- dest: roles/cortex/files/{{item}}.p12
- with_items:
- - "{{ groups['cortex'] }}"
-
-- name: Copy odfekibana host certs to odfekibana role
- copy:
- src: roles/ca/files/CA/issued/{{item}}.crt
- dest: roles/odfekibana/files/{{item}}.crt
- with_items:
- - "{{ groups['odfekibanacontainers'] }}"
-
-- name: Copy odfekibana host keys to odfekibana role
- copy:
- src: roles/ca/files/CA/private/{{item}}.key
- dest: roles/odfekibana/files/{{item}}.key
- with_items:
- - "{{ groups['odfekibanacontainers'] }}"
-
-- name: Copy haproxy host cert to haproxy role
- copy:
- src: roles/ca/files/CA/issued/{{item}}.crt
- dest: roles/haproxy/files/{{item}}.crt
- with_items:
- - "{{ groups['haproxy'] }}"
-
-- name: Copy haproxy host key to haproxy role
- copy:
- src: roles/ca/files/CA/private/{{item}}.key
- dest: roles/haproxy/files/{{item}}.key
- with_items:
- - "{{ groups['haproxy'] }}"
-
-- name: Copy keycloak host certs to keycloak role
- copy:
- src: roles/ca/files/CA/issued/{{item}}.crt
- dest: roles/keycloak/files/{{item}}.crt
- with_items:
- - "{{ groups['keycloakcontainers'] }}"
-
-- name: Copy keycloak host keys to keycloak role
- copy:
- src: roles/ca/files/CA/private/{{item}}.key
- dest: roles/keycloak/files/{{item}}.key
- with_items:
- - "{{ groups['keycloakcontainers'] }}"
-
-- name: Copy misp host certs to misp role
- copy:
- src: roles/ca/files/CA/issued/{{item}}.crt
- dest: roles/misp/files/{{item}}.crt
- with_items:
- - "{{ groups['mispcontainers'] }}"
-
-- name: Copy misp host keys to misp role
- copy:
- src: roles/ca/files/CA/private/{{item}}.key
- dest: roles/misp/files/{{item}}.key
- with_items:
- - "{{ groups['mispcontainers'] }}"
-
-- name: Copy thehive host cert to thehive role
- copy:
- src: roles/ca/files/CA/issued/{{item}}.crt
- dest: roles/thehive/files/{{item}}.crt
- with_items:
- - "{{ groups['thehive'] }}"
-
-- name: Copy thehive host key to thehive role
- copy:
- src: roles/ca/files/CA/private/{{item}}.key
- dest: roles/thehive/files/{{item}}.key
- with_items:
- - "{{ groups['thehive'] }}"
-
-- name: Copy cortex host cert to cortex role
- copy:
- src: roles/ca/files/CA/issued/{{item}}.crt
- dest: roles/cortex/files/{{item}}.crt
- with_items:
- - "{{ groups['cortex'] }}"
-
-- name: Copy cortex host key to cortex role
- copy:
- src: roles/ca/files/CA/private/{{item}}.key
- dest: roles/cortex/files/{{item}}.key
- with_items:
- - "{{ groups['cortex'] }}"
-
-- name: Copy truststore to roles
- copy:
- src: roles/ca/files/truststore/cacerts.jks
- dest: "roles/{{item}}/files/cacerts.jks"
- with_items:
- - nifi
- - odfees
- - odfekibana
- - keycloak
- - misp
- - cortex
- - thehive
-
-- name: Copy ca cert to roles
- copy:
- src: "roles/ca/files/truststore/{{ ca_cn }}.crt"
- dest: "roles/{{item}}/files/{{ ca_cn }}.crt"
- with_items:
- - nifi
- - odfees
- - odfekibana
- - keycloak
- - misp
- - thehive
- - cortex
+ EASYRSA_PKI: "{{playbook_dir}}/secrets/CA"
- name: Check for existing user certificates
command: roles/ca/files/easyrsa/easyrsa show-cert {{item.CN | regex_escape()}}
@@ -250,7 +116,7 @@
- "{{soctools_users}}"
environment:
EASYRSA_BATCH: 1
- EASYRSA_PKI: roles/ca/files/CA
+ EASYRSA_PKI: "{{playbook_dir}}/secrets/CA"
register: usercerts
ignore_errors: true
@@ -260,7 +126,7 @@
- "{{soctools_users}}"
environment:
EASYRSA_BATCH: 1
- EASYRSA_PKI: roles/ca/files/CA
+ EASYRSA_PKI: "{{playbook_dir}}/secrets/CA"
ignore_errors: true
loop_control:
index_var: my_idx
@@ -270,24 +136,17 @@
expect:
command: roles/ca/files/easyrsa/easyrsa export-p12 "{{item.CN}}"
responses:
- Enter Export Password: "{{item.password}}"
+ Enter Export Password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/{{item.CN}}')}}"
with_items:
- "{{soctools_users}}"
environment:
EASYRSA_BATCH: 1
- EASYRSA_PKI: roles/ca/files/CA
-
-- name: Copy user certs to odfees
- copy:
- src: "roles/ca/files/CA/private/{{ item.CN }}.p12"
- dest: "roles/odfees/files/{{ item.CN }}.p12"
- with_items:
- - "{{soctools_users}}"
+ EASYRSA_PKI: "{{playbook_dir}}/secrets/CA"
-- name: Copy user certs to odfekibana
+- name: Copy user certs to certificates
copy:
- src: "roles/ca/files/CA/private/{{ item.CN }}.p12"
- dest: "roles/odfekibana/files/{{ item.CN }}.p12"
+ src: "{{playbook_dir}}/secrets/CA/private/{{ item.CN }}.p12"
+ dest: "{{playbook_dir}}/secrets/certificates/{{ item.CN }}.p12"
with_items:
- "{{soctools_users}}"
diff --git a/roles/cassandra/tasks/main.yml b/roles/cassandra/tasks/main.yml
index 7912910a2ebcd07a79d6649b7529fae5bde3a0cf..f26e13b0d2279484dea86aa46ee76cb1b8088865 100644
--- a/roles/cassandra/tasks/main.yml
+++ b/roles/cassandra/tasks/main.yml
@@ -1,28 +1,17 @@
---
-- name: Configure Cassandra
- template:
- src: cassandra.yaml.j2
- dest: /usr/share/cassandra/conf/cassandra.yaml
+- include: start.yml
tags:
- - start
-
-- name: Start Cassandra
- command: "/start.sh"
+ - start
+- include: stop.yml
tags:
- - start
-
-- name: Wait for Cassandra
- wait_for:
- host: "{{groups['cassandra'][0]}}"
- port: 9042
- state: started
- delay: 5
+ - stop
+ - stop-cassandra
+- include: update-config.yml
tags:
- - start
-
-- name: Stop Cassandra
- command: "pkill -SIGTERM -F /var/run/cassandra/cassandra.pid"
+ - update-config
+ - update-cassandra-config
+- include: restart.yml
tags:
- - stop
-
+ - restart
+ - restart-cassandra
diff --git a/roles/cassandra/tasks/restart.yml b/roles/cassandra/tasks/restart.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b6e575bc1e4e2e1ebd6469bf05165ef0ba84a376
--- /dev/null
+++ b/roles/cassandra/tasks/restart.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Restart Cassandra
+ remote_user: root
+ command: "supervisorctl restart cassandra"
+
diff --git a/roles/cassandra/tasks/start.yml b/roles/cassandra/tasks/start.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1018944237cac5bfa616169d058ad0db794ea9f4
--- /dev/null
+++ b/roles/cassandra/tasks/start.yml
@@ -0,0 +1,27 @@
+---
+
+- name: Configure Cassandra
+ remote_user: cassandra
+ template:
+ src: cassandra.yaml.j2
+ dest: /usr/share/cassandra/conf/cassandra.yaml
+
+- name: Start Cassandra
+ remote_user: root
+ command: "supervisorctl start cassandra"
+
+- name: Wait for Cassandra
+ remote_user: root
+ wait_for:
+ host: "{{groups['cassandra'][0]}}"
+ port: 9042
+ state: started
+ delay: 5
+
+- name: Set Autostart for supervisord's services
+ replace:
+ path: /etc/supervisord.conf
+ regexp: '^autostart=false$'
+ replace: 'autostart=true'
+
+
diff --git a/roles/cassandra/tasks/stop.yml b/roles/cassandra/tasks/stop.yml
new file mode 100644
index 0000000000000000000000000000000000000000..29742c7021fa80cda54b419cde925309cb4cf8a5
--- /dev/null
+++ b/roles/cassandra/tasks/stop.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Stop Cassandra
+ remote_user: root
+ command: "supervisorctl stop cassandra"
+
diff --git a/roles/cassandra/tasks/update-config.yml b/roles/cassandra/tasks/update-config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ceb0b6003da6268a734cc15461ed264fb5e38485
--- /dev/null
+++ b/roles/cassandra/tasks/update-config.yml
@@ -0,0 +1,15 @@
+---
+
+- name: Configure Cassandra
+ remote_user: cassandra
+ template:
+ src: cassandra.yaml.j2
+ dest: /usr/share/cassandra/conf/cassandra.yaml
+
+- name: Wait for Cassandra
+ remote_user: root
+ wait_for:
+ host: "{{groups['cassandra'][0]}}"
+ port: 9042
+ state: started
+ delay: 5
diff --git a/roles/cortex/files/SOCTOOLS-CA.crt b/roles/cortex/files/SOCTOOLS-CA.crt
deleted file mode 100644
index 04b1f203d036d2219c23c4ea3630115d68510eb8..0000000000000000000000000000000000000000
--- a/roles/cortex/files/SOCTOOLS-CA.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
-BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
-UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
-Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
-M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
-c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
-tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
-ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
-8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
-EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
-JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
-z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
-XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
-CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
-nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
-GPiQTFGknE1U
------END CERTIFICATE-----
diff --git a/roles/cortex/files/cacerts.jks b/roles/cortex/files/cacerts.jks
deleted file mode 100644
index 9d4001b7d9a466941cda896b6bf145bf2f02020c..0000000000000000000000000000000000000000
Binary files a/roles/cortex/files/cacerts.jks and /dev/null differ
diff --git a/roles/cortex/files/cortexsecret b/roles/cortex/files/cortexsecret
deleted file mode 100644
index 3119d1268684d95f0882fb9be3d331e62b0e26bc..0000000000000000000000000000000000000000
--- a/roles/cortex/files/cortexsecret
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "value" : "06ca9734-9621-4c6d-bb04-8ee68e028dd9"
-}
\ No newline at end of file
diff --git a/roles/cortex/files/dsoclab-cortex.crt b/roles/cortex/files/dsoclab-cortex.crt
deleted file mode 100644
index a743bd0055110d9dbad79cdcc70e2ccfe946b100..0000000000000000000000000000000000000000
--- a/roles/cortex/files/dsoclab-cortex.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 5d:c4:bc:49:5f:a0:76:a8:13:a4:c2:32:61:64:0d:92
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:29 2020 GMT
- Not After : Oct 15 10:47:29 2023 GMT
- Subject: CN=dsoclab-cortex
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:cd:09:6b:14:33:4a:47:75:5b:d3:d9:67:3b:4d:
- ad:1f:a7:1f:33:ab:86:b1:aa:3b:09:ab:1a:a6:fb:
- a0:60:04:e3:68:33:0e:85:54:d1:70:61:8a:b9:d5:
- d6:b5:6c:c2:b3:36:02:94:b7:1d:18:93:5f:88:81:
- ff:2a:f4:99:58:6d:d7:96:e2:d2:64:77:b9:74:44:
- 3c:f0:fb:5b:0f:43:7d:38:5d:fe:b0:db:05:7a:a9:
- c5:10:24:75:13:c8:2d:da:69:be:e3:43:33:f0:28:
- 30:9a:53:f8:f8:d3:10:32:35:ec:1d:87:ab:1e:2c:
- b5:00:7c:9f:8f:61:e0:5d:56:15:8c:46:45:09:78:
- 02:78:10:c0:af:2f:25:6c:c2:5b:ed:5f:c1:33:0b:
- f8:c8:13:dc:df:c3:fc:05:90:ff:06:9e:cb:bc:1d:
- 2b:c2:57:f2:bd:aa:22:b3:4b:f5:ca:b2:b8:00:18:
- f1:14:10:b8:5e:69:9f:ed:fc:04:83:d9:2e:b7:9a:
- 8a:45:1c:54:71:8f:61:02:6a:8a:84:2f:67:df:92:
- 3a:0c:5f:e5:b6:e7:6c:27:69:1f:5b:06:d6:7f:e6:
- df:ab:2f:31:a5:cd:63:32:60:c0:07:50:6c:0d:39:
- cb:68:ae:3c:b2:da:0f:20:06:77:2c:28:ab:3a:30:
- 92:1b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 9A:0E:E1:26:13:A7:12:5F:A4:F1:41:C0:09:FC:AD:EB:4E:66:C2:50
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-cortex, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 27:2e:a1:0c:8d:fb:b1:36:ff:4e:ac:00:91:75:81:4b:20:79:
- 3f:da:1c:e1:80:b9:8c:6b:60:47:a5:8c:bf:1f:34:98:61:95:
- 00:bb:79:d4:9e:c8:fb:dc:fb:6a:48:b2:69:d1:1a:04:cc:52:
- ca:0b:48:01:3e:94:1e:68:0b:e3:4d:fa:12:c4:aa:ff:b6:5b:
- 0c:3c:80:21:fe:50:87:8a:14:3a:7d:e7:a3:5e:b6:dc:22:ba:
- cc:97:69:00:a8:78:08:dd:66:d1:cb:ca:28:41:b9:cc:8a:6b:
- 7c:40:b7:5e:1d:a1:88:5a:b3:fd:18:77:e9:c4:48:fd:38:8f:
- 06:6e:78:0e:f1:1a:1b:b2:6c:0a:df:38:11:e3:5a:3d:2a:5b:
- de:41:63:14:ab:25:8e:a6:9f:a8:b7:32:9e:dc:23:45:f3:6b:
- 6d:86:b7:17:b3:53:df:55:bd:cb:41:a1:b7:73:ae:21:1b:68:
- b3:b1:0a:e5:e6:0c:2a:77:76:23:f3:87:ee:5f:0e:6d:cd:3b:
- 94:9a:6f:f2:fd:4f:2d:72:a3:21:94:55:c0:4a:6c:2b:13:e3:
- 82:13:a5:1f:82:6b:ae:6e:e2:ec:eb:7a:25:6a:f2:9e:45:d7:
- 0a:7d:75:be:9d:f7:94:6f:ce:a5:27:d6:9b:dc:d2:12:54:64:
- 09:c4:f6:a9
------BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgIQXcS8SV+gdqgTpMIyYWQNkjANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
-MDQ3MjlaMBkxFzAVBgNVBAMMDmRzb2NsYWItY29ydGV4MIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAzQlrFDNKR3Vb09lnO02tH6cfM6uGsao7Casapvug
-YATjaDMOhVTRcGGKudXWtWzCszYClLcdGJNfiIH/KvSZWG3XluLSZHe5dEQ88Ptb
-D0N9OF3+sNsFeqnFECR1E8gt2mm+40Mz8CgwmlP4+NMQMjXsHYerHiy1AHyfj2Hg
-XVYVjEZFCXgCeBDAry8lbMJb7V/BMwv4yBPc38P8BZD/Bp7LvB0rwlfyvaois0v1
-yrK4ABjxFBC4Xmmf7fwEg9kut5qKRRxUcY9hAmqKhC9n35I6DF/ltudsJ2kfWwbW
-f+bfqy8xpc1jMmDAB1BsDTnLaK48stoPIAZ3LCirOjCSGwIDAQABo4HcMIHZMAkG
-A1UdEwQCMAAwHQYDVR0OBBYEFJoO4SYTpxJfpPFBwAn8retOZsJQMEYGA1UdIwQ/
-MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
-Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
-BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1jb3J0ZXiCHmRzb2NsYWIu
-Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAJy6hDI37
-sTb/TqwAkXWBSyB5P9oc4YC5jGtgR6WMvx80mGGVALt51J7I+9z7akiyadEaBMxS
-ygtIAT6UHmgL4036EsSq/7ZbDDyAIf5Qh4oUOn3no1623CK6zJdpAKh4CN1m0cvK
-KEG5zIprfEC3Xh2hiFqz/Rh36cRI/TiPBm54DvEaG7JsCt84EeNaPSpb3kFjFKsl
-jqafqLcyntwjRfNrbYa3F7NT31W9y0Ght3OuIRtos7EK5eYMKnd2I/OH7l8Obc07
-lJpv8v1PLXKjIZRVwEpsKxPjghOlH4Jrrm7i7Ot6JWrynkXXCn11vp33lG/OpSfW
-m9zSElRkCcT2qQ==
------END CERTIFICATE-----
diff --git a/roles/cortex/files/dsoclab-cortex.key b/roles/cortex/files/dsoclab-cortex.key
deleted file mode 100644
index 827da545bbbd7bdc9b8c8527f8dfb4b086ba5221..0000000000000000000000000000000000000000
--- a/roles/cortex/files/dsoclab-cortex.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDNCWsUM0pHdVvT
-2Wc7Ta0fpx8zq4axqjsJqxqm+6BgBONoMw6FVNFwYYq51da1bMKzNgKUtx0Yk1+I
-gf8q9JlYbdeW4tJkd7l0RDzw+1sPQ304Xf6w2wV6qcUQJHUTyC3aab7jQzPwKDCa
-U/j40xAyNewdh6seLLUAfJ+PYeBdVhWMRkUJeAJ4EMCvLyVswlvtX8EzC/jIE9zf
-w/wFkP8Gnsu8HSvCV/K9qiKzS/XKsrgAGPEUELheaZ/t/ASD2S63mopFHFRxj2EC
-aoqEL2ffkjoMX+W252wnaR9bBtZ/5t+rLzGlzWMyYMAHUGwNOctorjyy2g8gBncs
-KKs6MJIbAgMBAAECggEAIdhGJqV4w2bp64Rdd/qQc0Mg8WSE7VrOOABYe+vZQ0BL
-UW3sHbIsiEJxpc9Yi8YSNYba0jWPxfi9skjTGAIcNe6bwbpbRF5G7Jw++wBivZhE
-WUOawRLGSsMvVkTOVp+agg0mh1kWf7QCodbuqBQe/krMWOuGIYr7rcLki8R6Rq2d
-WuW8Kf697ciklh/6cyy1J6axe1LNT906lYvyRock246KbN517wWw7/fu47Mb2fdC
-U6beFxbmbc5vk4lrViE7gSNkY97Vr/uXW9xlyRzvpNJuzZrm00CgNF1MnOnwf3l1
-k8kc63RMkUJGVWcxo5ubzLXpv4CnnmUNPfaSx+CeUQKBgQDuUT8JOu2vfzAC2VOQ
-OfKR4NgMQ8fnK6T67zpLDeNUAGW+hBi62ewD8xxRse0j/rWXgvADBE1GplPXicZI
-Q0o0VgIiL3NFQgCP7rvtPGE9VQXHYgd+ULKCHcPEBwonlbAhiHSwVnBqSFoqWdj+
-SHiBn4AD1ARoD6WSEVi3X6UU/QKBgQDcQATvzbbcr41vQHm9u1O7v0slk306A4yY
-ItXk+GbtLEoLAiLy7n0REKybZAzniuLCDAQ1h1bWLkqRle26XqVfg3YaxGpoJODy
-gPgr2Hi4Y/lcFrwRThUHEu8eaUWVRtY3B9Rgi5VjLVqydgI3/AFWdlzIVkhBeN0w
-MOtKdEg69wKBgG+wD/TJcz8+QkfzhiAfqDkJwPbuhS8n2yfnGdC274UcspI44kYf
-f2bSdsEqu9KUupIJQWaIi5bCuKRY415Wet5QOKvAxSr+JblOzy/9jizqPc0VeiGO
-vDoSrP6ftfibRHJSuy0xNXn58pfKh9GUMTW+hIZGxNHoE1aDXqqB3qIZAoGBAIIc
-A46SDLNDtZ6CDSjrD6T6dW8GONTboeOBuK+hmlQDdN4Z7gFqp1E8c2r8aK8jmZ8e
-MCJbCA5QnFZyplQRc0oAQ/W+EEnjd0tqqrBkGbR7wqQG/iSO5tcd9UoW0DdF+Gfb
-5Tb/XkmPUmPYWKkv4q5sD5V9ewPKXYgJbgW2ubCzAoGACfaFTBM3zZ2rqjJUk8+F
-fGcuDeh/ZFk4MgcN5nbdKHwyXDhBlUY1FzLZlKi5J1lRyTInZUP8KYnXogw757Md
-oa5wPlnw0a6VSHX1ZZUwa0yz1Rrv5M5CA4vyNBENCaHELKLoRWwbAook1gFie6cV
-nrCXNbsWttgWkzqLDWkPT5M=
------END PRIVATE KEY-----
diff --git a/roles/cortex/files/dsoclab-cortex.p12 b/roles/cortex/files/dsoclab-cortex.p12
deleted file mode 100644
index 252b3e7ef466cf7a4090ab3d5c551bd8dcaf5e5f..0000000000000000000000000000000000000000
Binary files a/roles/cortex/files/dsoclab-cortex.p12 and /dev/null differ
diff --git a/roles/cortex/files/logback.xml b/roles/cortex/files/logback.xml
deleted file mode 100644
index 2dfba2682f91f345376aa4266794eacff13623d3..0000000000000000000000000000000000000000
--- a/roles/cortex/files/logback.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration debug="false">
-
- <conversionRule conversionWord="coloredLevel"
- converterClass="play.api.libs.logback.ColoredLevel"/>
-
- <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/cortex/application.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>/var/log/cortex/application.%i.log.zip</fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>10</maxIndex>
- </rollingPolicy>
- <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>%date [%level] from %logger in %thread - %message%n%xException</pattern>
- </encoder>
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>%coloredLevel %logger{15} - %message%n%xException{10}
- </pattern>
- </encoder>
- </appender>
-
- <appender name="ASYNCFILE" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="FILE"/>
- </appender>
-
- <appender name="ASYNCSTDOUT" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT"/>
- </appender>
-
- <logger name="play" level="DEBUG"/>
- <logger name="application" level="DEBUG"/>
-
- <logger name="com.gargoylesoftware.htmlunit.javascript" level="OFF"/>
-
- <root level="INFO">
- <appender-ref ref="ASYNCFILE"/>
- <appender-ref ref="ASYNCSTDOUT"/>
- </root>
-
-</configuration>
diff --git a/roles/cortex/tasks/main.yml b/roles/cortex/tasks/main.yml
index 06b263933c3516e73f091c9e27ed4503869807f3..5216d2c717a180540106714d58ae7d21241e4554 100644
--- a/roles/cortex/tasks/main.yml
+++ b/roles/cortex/tasks/main.yml
@@ -1,108 +1,17 @@
---
-- name: Copy cacert to ca-trust dir
- remote_user: root
- copy:
- src: "files/{{ca_cn}}.crt"
- dest: /etc/pki/ca-trust/source/anchors/ca.crt
+- include: start.yml
tags:
- - start
- - startcortex
-
-- name: Install cacert to root truststore
- remote_user: root
- command: "update-ca-trust"
- tags:
- - start
- - startcortex
-
-- name: Copy certificates in cortex conf dir
- copy:
- src: "{{ item }}"
- dest: "/etc/cortex/{{ item }}"
- mode: 0600
- with_items:
- - "{{ inventory_hostname }}.p12"
- - "{{ inventory_hostname }}.crt"
- - "{{ inventory_hostname }}.key"
- - cacerts.jks
- - "{{ca_cn}}.crt"
- tags:
- - start
- - startcortex
-
-- name: Get openid authkey
- set_fact:
- cortexsecret: "{{lookup('file', 'files/cortexsecret',convert_data=False) | from_json }}"
- tags:
- - start
-
-- name: Configure embedded Elasticsearch 6
- remote_user: root
- template:
- src: jvm.options.j2
- dest: /etc/elasticsearch/jvm.options
- tags:
- - start
- - startcortex
-
-- name: Start embedded Elasticsearch 6
- remote_user: root
- command: >
- daemonize
- -u elasticsearch
- -c /usr/share/elasticsearch
- -p /tmp/elasticsearch.pid
- -o /tmp/elasticsearch-stdout.log
- /usr/share/elasticsearch/bin/elasticsearch
+ - start
+- include: stop.yml
tags:
- - start
- - startcortex
-
-- name: Configure Cortex
- template:
- src: application.conf.j2
- dest: /etc/cortex/application.conf
+ - stop
+ - stop-cortex
+- include: update-config.yml
tags:
- - start
- - startcortex
-
-- name: Configure Cortex logging
- copy:
- src: logback.xml
- dest: /etc/cortex/logback.xml
+ - update-config
+ - update-cortex-config
+- include: restart.yml
tags:
- - start
-
-- name: Start Cortex
- command: >
- daemonize
- -c /opt/cortex
- -p /tmp/cortex.pid
- -o /tmp/cortex-stdout.log
- /opt/cortex/bin/cortex
- -Dconfig.file=/etc/cortex/application.conf
- -Dlogger.file=/etc/cortex/logback.xml
- -J-Xms1g
- -J-Xmx1g
- -Dpidfile.path=/dev/null
- tags:
- - start
- - startcortex
-
-- name: Wait for Cortex
- wait_for:
- host: "{{groups['cortex'][0]}}"
- port: 9001
- state: started
- delay: 5
- tags:
- - start
- - startcortex
-
-- name: Stop Cortex
- command: "pkill -SIGTERM -F /tmp/cortex.pid"
- tags:
- - stop
- - stopcortex
-
+ - restart
+ - restart-cortex
diff --git a/roles/cortex/tasks/restart.yml b/roles/cortex/tasks/restart.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d7b6e6a1adafb6aee4a590444b8d7cd3e67cd22d
--- /dev/null
+++ b/roles/cortex/tasks/restart.yml
@@ -0,0 +1,18 @@
+---
+
+- name: Restart Elasticsearch
+ remote_user: root
+ command: "supervisorctl restart elasticsearch"
+
+- name: Restart Cortex
+ remote_user: root
+ command: "supervisorctl restart cortex"
+
+- name: Wait for Cortex
+ remote_user: root
+ wait_for:
+ host: "{{groups['cortex'][0]}}"
+ port: 9001
+ state: started
+ delay: 5
+
diff --git a/roles/cortex/tasks/start.yml b/roles/cortex/tasks/start.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ddb37bc3f01c9a37165ecc98232d091d5ceb34d0
--- /dev/null
+++ b/roles/cortex/tasks/start.yml
@@ -0,0 +1,59 @@
+---
+
+- name: Copy cacert to ca-trust dir
+ remote_user: root
+ copy:
+ src: "{{playbook_dir}}/secrets/CA/ca.crt"
+ dest: /etc/pki/ca-trust/source/anchors/ca.crt
+
+- name: Install cacert to root truststore
+ remote_user: root
+ command: "update-ca-trust"
+
+- name: Copy certificates in cortex conf dir
+ remote_user: cortex
+ copy:
+ src: "{{ item }}"
+ dest: "/etc/cortex/"
+ mode: 0600
+ with_items:
+ - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12"
+ - "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt"
+ - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key"
+ - "{{playbook_dir}}/secrets/CA/cacerts.jks"
+ - "{{playbook_dir}}/secrets/CA/ca.crt"
+
+- name: Configure embedded Elasticsearch 6
+ remote_user: root
+ template:
+ src: jvm.options.j2
+ dest: /etc/elasticsearch/jvm.options
+
+- name: Start embedded Elasticsearch 6
+ remote_user: root
+ command: "supervisorctl start elasticsearch"
+
+- name: Configure Cortex
+ remote_user: cortex
+ template:
+ src: application.conf.j2
+ dest: /etc/cortex/application.conf
+
+- name: Start Cortex
+ remote_user: root
+ command: "supervisorctl start cortex"
+
+- name: Wait for Cortex
+ remote_user: root
+ wait_for:
+ host: "{{groups['cortex'][0]}}"
+ port: 9001
+ state: started
+ delay: 5
+
+- name: Set Autostart for supervisord's services
+ replace:
+ path: /etc/supervisord.conf
+ regexp: '^autostart=false$'
+ replace: 'autostart=true'
+
diff --git a/roles/cortex/tasks/stop.yml b/roles/cortex/tasks/stop.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ee4516b0631564e891ac80bc1d37d4d514090ed9
--- /dev/null
+++ b/roles/cortex/tasks/stop.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Stop Elasticsearch
+ remote_user: root
+ command: "supervisorctl stop elasticsearch"
+
+- name: Stop Cortex
+ remote_user: root
+ command: "supervisorctl stop cortex"
+
diff --git a/roles/cortex/tasks/update-config.yml b/roles/cortex/tasks/update-config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a49f24fe5e51ea8b1ab38ba4da00d4e6d8f9d853
--- /dev/null
+++ b/roles/cortex/tasks/update-config.yml
@@ -0,0 +1,14 @@
+---
+
+- name: Configure embedded Elasticsearch 6
+ remote_user: root
+ template:
+ src: jvm.options.j2
+ dest: /etc/elasticsearch/jvm.options
+
+- name: Configure Cortex
+ remote_user: cortex
+ template:
+ src: application.conf.j2
+ dest: /etc/cortex/application.conf
+
diff --git a/roles/cortex/templates/application.conf.j2 b/roles/cortex/templates/application.conf.j2
index 6d6d09c6808a308f791e19af61928cff430c3bdb..e45e446edc48c43d6c4e2a6ae7f9aa3f9b00f879 100644
--- a/roles/cortex/templates/application.conf.j2
+++ b/roles/cortex/templates/application.conf.j2
@@ -6,7 +6,7 @@
#
# IMPORTANT: If you deploy your application to several instances, make
# sure to use the same key.
-play.http.secret.key="{{cortex_secret_key}}"
+play.http.secret.key="{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_secret_key')}}"
## ElasticSearch
search {
@@ -34,18 +34,18 @@ search {
## ## Authentication configuration
## search.username = "cortex"
-## search.password = "{{cortex_odfe_pass}}"
+## search.password = "{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_odfe')}}"
##
## ## SSL configuration
## search.keyStore {
-## path = "/etc/cortex/dsoclab-cortex.p12"
+## path = "/etc/cortex/soctools-cortex.p12"
## type = "PKCS12" # or PKCS12
-## password = "{{kspass}}"
+## password = "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
## }
## search.trustStore {
## path = "/etc/cortex/cacerts.jks"
## type = "JKS" # or PKCS12
-## password = "{{tspass}}"
+## password = "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
## }
}
@@ -66,7 +66,7 @@ auth {
# the "ad" section below.
# - ldap : use LDAP to authenticate users. The associated configuration shall be done in the
# "ldap" section below.
- provider = [local,oauth2]
+ provider = [local]
ad {
# The Windows domain name in DNS format. This parameter is required if you do not use
@@ -108,84 +108,6 @@ auth {
# If 'true', use SSL to connect to the LDAP directory server.
#useSSL = true
}
- oauth2 {
- # URL of the authorization server
- clientId = "dsoclab-cortex"
- clientSecret = {{cortexsecret.value}}
- redirectUri = "https://{{dslproxy}}:9001/api/ssoLogin"
- responseType = "code"
- grantType = "authorization_code"
-
- # URL from where to get the access token
- authorizationUrl = "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/auth"
- authorizationHeader = "Bearer"
- tokenUrl = "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/token"
-
-
- # The endpoint from which to obtain user details using the OAuth token, after successful login
- userUrl = "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/userinfo"
- scope = "profile"
- userIdField = "email"
- #userUrl = "https://auth-site.com/api/User"
- #scope = ["openid profile"]
- }
-
- ws.ssl.trustManager {
- stores = [
- {
- type = "JKS" // JKS or PEM
- path = "cacerts.jks"
- password = "{{tspass}}"
- }
- ]
- }
-
-
- # Single-Sign On
- sso {
- # Autocreate user in database?
- autocreate = true
-
- # Autoupdate its profile and roles?
- autoupdate = true
-
- # Autologin user using SSO?
- autologin = true
-
- # Name of mapping class from user resource to backend user ('simple' or 'group')
- #mapper = group
- #mapper = simple
- #attributes {
- # login = "user"
- # name = "name"
- # groups = "groups"
- # organization = "org"
- #}
-# defaultRoles = ["read", "write", "admin"]
-# defaultOrganization = "uninett.no"
- #defaultRoles = ["read"]
- #defaultOrganization = "csirt"
- #groups {
- # # URL to retreive groups (leave empty if you are using OIDC)
- # #url = "https://auth-site.com/api/Groups"
- # # Group mappings, you can have multiple roles for each group: they are merged
- # mappings {
- # admin-profile-name = ["admin"]
- # editor-profile-name = ["write"]
- # reader-profile-name = ["read"]
- # }
- #}
-
- mapper = simple
- attributes {
- login = "user"
- name = "name"
- roles = "roles"
- organization = "org"
- }
- defaultRoles = ["read", "analyze"]
- defaultOrganization = "uninett.no"
- }
}
## ANALYZERS
diff --git a/roles/docker/tasks/cassandra.yml b/roles/docker/tasks/cassandra.yml
index a26bd28c104bc70cc17916496a1da8b68d978cd9..b913425d7171f5bb30f9b5a2434b521a09879ae6 100644
--- a/roles/docker/tasks/cassandra.yml
+++ b/roles/docker/tasks/cassandra.yml
@@ -10,7 +10,6 @@
networks_cli_compatible: yes
volumes:
- "{{cassandra_name}}:/var/lib/cassandra"
- entrypoint: "/bin/bash"
interactive: "yes"
with_items: "{{ groups['cassandra'] }}"
tags:
diff --git a/roles/docker/tasks/cortex.yml b/roles/docker/tasks/cortex.yml
index c8d7b1ea2fd7564d5e4829620e994773168d11c7..15a0732d1d90e4403f020e1edf868c34ab0d5dfc 100644
--- a/roles/docker/tasks/cortex.yml
+++ b/roles/docker/tasks/cortex.yml
@@ -12,7 +12,6 @@
# - "9001:9001"
volumes:
- "{{item}}:/var/lib/elasticsearch/"
- entrypoint: "/bin/bash"
interactive: "yes"
with_items: "{{ groups['cortex'] }}"
tags:
diff --git a/roles/docker/tasks/haproxy.yml b/roles/docker/tasks/haproxy.yml
index 10dc08e09d929ab86254e4bb37b962da8880338c..b0180761f4f3c18982f21d9f5b8307066146daed 100644
--- a/roles/docker/tasks/haproxy.yml
+++ b/roles/docker/tasks/haproxy.yml
@@ -15,9 +15,10 @@
- "9443:9443"
- "9200:9200"
- "7750:7750"
+ - "5000-5099:5000-5099"
+ - "6000-6099:6000-6099"
- "9000:9000"
- "9001:9001"
- entrypoint: "/bin/bash"
interactive: "yes"
tags:
- start
diff --git a/roles/docker/tasks/keycloak.yml b/roles/docker/tasks/keycloak.yml
index c910408f048a5fa76ace4a47ec1c2d32a314c21f..1fddf2a13aa6086a09ef7ad9c0f8ea1c7aa7b3b9 100644
--- a/roles/docker/tasks/keycloak.yml
+++ b/roles/docker/tasks/keycloak.yml
@@ -10,7 +10,6 @@
networks_cli_compatible: yes
published_ports:
- "12443:8443"
- entrypoint: "/bin/bash"
interactive: "yes"
with_items: "{{ groups['keycloakcontainers'] }}"
tags:
diff --git a/roles/docker/tasks/misp.yml b/roles/docker/tasks/misp.yml
index 34a42ad3c033abf3c58a1664a92205b9cb76f69e..f32e440eeff7e9d8c1406cf76bafde97aaba19d0 100644
--- a/roles/docker/tasks/misp.yml
+++ b/roles/docker/tasks/misp.yml
@@ -7,9 +7,8 @@
image: "{{ misp_img }}"
networks:
- name: "{{ soctools_netname}}"
- networks_cli_compatible: yes
- entrypoint: "/bin/bash"
interactive: "yes"
+ networks_cli_compatible: yes
published_ports:
- "6443:6443"
tags:
diff --git a/roles/docker/tasks/nifi.yml b/roles/docker/tasks/nifi.yml
index 7023444e9c0181dcde646dd0f1b4e55dc1f2b031..e85fb61a10993c070180291d6c1ff8d06c74dece 100644
--- a/roles/docker/tasks/nifi.yml
+++ b/roles/docker/tasks/nifi.yml
@@ -10,7 +10,6 @@
networks_cli_compatible: yes
volumes:
- "{{item}}:/opt/nifi/nifi-current/conf"
- entrypoint: "/bin/bash"
interactive: "yes"
with_items: "{{ groups['nificontainers'] }}"
tags:
diff --git a/roles/docker/tasks/odfees.yml b/roles/docker/tasks/odfees.yml
index d54ebd59216d12b7c42e15005b3f6b15fb9affa9..fa35ddd58f54e597b24c030636c34fb650f732b8 100644
--- a/roles/docker/tasks/odfees.yml
+++ b/roles/docker/tasks/odfees.yml
@@ -10,7 +10,6 @@
networks_cli_compatible: yes
volumes:
- "{{item}}:/usr/share/elasticsearch/data"
- entrypoint: "/bin/bash"
interactive: "yes"
with_items: "{{ groups['odfeescontainers'] }}"
tags:
diff --git a/roles/docker/tasks/odfekibana.yml b/roles/docker/tasks/odfekibana.yml
index c24611b8869d7b1163065721d600ae7318356ddc..a1c88a2932cd76350e3fedadbec1e2f5511d0748 100644
--- a/roles/docker/tasks/odfekibana.yml
+++ b/roles/docker/tasks/odfekibana.yml
@@ -10,7 +10,6 @@
networks_cli_compatible: yes
published_ports:
- "5601:5601"
- entrypoint: "/bin/bash"
interactive: "yes"
with_items: "{{ groups['odfekibanacontainers'] }}"
tags:
diff --git a/roles/docker/tasks/thehive.yml b/roles/docker/tasks/thehive.yml
index 30b11c82ba446fffadd57d3f4e102322e49bb0b8..68fdd3c3f21e711ee957feee298b24544e9bbc66 100644
--- a/roles/docker/tasks/thehive.yml
+++ b/roles/docker/tasks/thehive.yml
@@ -10,12 +10,10 @@
networks_cli_compatible: yes
# published_ports:
# - "9000:9000"
- entrypoint: "/bin/bash"
interactive: "yes"
with_items: "{{ groups['thehive'] }}"
tags:
- start
- - thehivestart
- name: Disconnect thehive containers from network and remove
docker_container:
@@ -24,4 +22,4 @@
with_items: "{{ groups['thehive'] }}"
tags:
- stop
- - thehivestop
+
diff --git a/roles/filebeat/README.md b/roles/filebeat/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..225dd44b9fc5b3abff7e9c68ff9e91d505cdd5f0
--- /dev/null
+++ b/roles/filebeat/README.md
@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+ - hosts: servers
+ roles:
+ - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).
diff --git a/roles/filebeat/defaults/main.yml b/roles/filebeat/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4a9a7a62e52d04774a78e3177a0df325d2949e66
--- /dev/null
+++ b/roles/filebeat/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for filebeat
diff --git a/roles/filebeat/files/.gitkeep b/roles/filebeat/files/.gitkeep
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/roles/filebeat/handlers/main.yml b/roles/filebeat/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..40c1d20b192d1b9993f0859ad4f07df6220f0efa
--- /dev/null
+++ b/roles/filebeat/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for filebeat
diff --git a/roles/filebeat/meta/main.yml b/roles/filebeat/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3a212a9364cdcb2e9f1f2841cd12b091e3f6e3a0
--- /dev/null
+++ b/roles/filebeat/meta/main.yml
@@ -0,0 +1,53 @@
+galaxy_info:
+ author: your name
+ description: your description
+ company: your company (optional)
+
+ # If the issue tracker for your role is not on github, uncomment the
+ # next line and provide a value
+ # issue_tracker_url: http://example.com/issue/tracker
+
+ # Choose a valid license ID from https://spdx.org - some suggested licenses:
+ # - BSD-3-Clause (default)
+ # - MIT
+ # - GPL-2.0-or-later
+ # - GPL-3.0-only
+ # - Apache-2.0
+ # - CC-BY-4.0
+ license: license (GPL-2.0-or-later, MIT, etc)
+
+ min_ansible_version: 2.4
+
+ # If this a Container Enabled role, provide the minimum Ansible Container version.
+ # min_ansible_container_version:
+
+ #
+ # Provide a list of supported platforms, and for each platform a list of versions.
+ # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+ # To view available platforms and versions (or releases), visit:
+ # https://galaxy.ansible.com/api/v1/platforms/
+ #
+ # platforms:
+ # - name: Fedora
+ # versions:
+ # - all
+ # - 25
+ # - name: SomePlatform
+ # versions:
+ # - all
+ # - 1.0
+ # - 7
+ # - 99.99
+
+ galaxy_tags: []
+ # List tags for your role here, one per line. A tag is a keyword that describes
+ # and categorizes the role. Users find roles by searching for tags. Be sure to
+ # remove the '[]' above, if you add tags to this list.
+ #
+ # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+ # Maximum 20 tags per role.
+
+dependencies: []
+ # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+ # if you add dependencies to this list.
+
\ No newline at end of file
diff --git a/roles/filebeat/tasks/main.yml b/roles/filebeat/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..02ac9c7ed8c8f4eba2c4a99295202d1acbd72090
--- /dev/null
+++ b/roles/filebeat/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+
+- include: start.yml
+ tags:
+ - start
+- include: stop.yml
+ tags:
+ - stop
+ - stop-filebeat
+- include: update-config.yml
+ tags:
+ - update-config
+ - update-filebeat-config
+- include: restart.yml
+ tags:
+ - restart
+ - restart-filebeat
diff --git a/roles/filebeat/tasks/restart.yml b/roles/filebeat/tasks/restart.yml
new file mode 100644
index 0000000000000000000000000000000000000000..cf2c893fe05c07d269572def4184a8d920ce33fe
--- /dev/null
+++ b/roles/filebeat/tasks/restart.yml
@@ -0,0 +1,8 @@
+---
+# tasks file for filebeat
+
+- name: Restart filebeat
+ remote_user: root
+ shell: "supervisorctl restart filebeat"
+ ignore_errors: yes
+
diff --git a/roles/filebeat/tasks/start.yml b/roles/filebeat/tasks/start.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1944c1f0ec815b4c1075035fc4dc77c2b948f926
--- /dev/null
+++ b/roles/filebeat/tasks/start.yml
@@ -0,0 +1,23 @@
+---
+# tasks file for filebeat
+
+- name: Copy filebeat certificates
+ copy:
+ src: "{{ item }}"
+ dest: "/opt/filebeat/"
+ mode: 0600
+ with_items:
+ - "{{playbook_dir}}/secrets/CA/issued/filebeat.crt"
+ - "{{playbook_dir}}/secrets/CA/private/filebeat.key"
+ become: true
+
+- name: Copy filebeat configuration file
+ template:
+ src: filebeat.yml.j2
+ dest: /opt/filebeat/filebeat.yml
+ become: true
+
+- name: Restart filebeat
+ remote_user: root
+ shell: "supervisorctl restart filebeat"
+ ignore_errors: yes
diff --git a/roles/filebeat/tasks/stop.yml b/roles/filebeat/tasks/stop.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c5d5dd69d19ba5d40666fe28af612d1363f45f41
--- /dev/null
+++ b/roles/filebeat/tasks/stop.yml
@@ -0,0 +1,8 @@
+---
+# tasks file for filebeat
+
+- name: Stop filebeat
+ remote_user: root
+ shell: "supervisorctl stop filebeat"
+ ignore_errors: yes
+
diff --git a/roles/filebeat/tasks/update-config.yml b/roles/filebeat/tasks/update-config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a4c4e304854c954ebb6129b08077d5aef10ced0b
--- /dev/null
+++ b/roles/filebeat/tasks/update-config.yml
@@ -0,0 +1,9 @@
+---
+# tasks file for filebeat
+
+- name: Copy filebeat configuration file
+ template:
+ src: filebeat.yml.j2
+ dest: /opt/filebeat/filebeat.yml
+ become: true
+
diff --git a/roles/filebeat/templates/filebeat.yml.j2 b/roles/filebeat/templates/filebeat.yml.j2
new file mode 100644
index 0000000000000000000000000000000000000000..78af99c2330bbe35e9500bb98c231c6d6be2bde8
--- /dev/null
+++ b/roles/filebeat/templates/filebeat.yml.j2
@@ -0,0 +1,35 @@
+filebeat.inputs:
+{% if FILEBEAT_FILES is defined %}
+- type: log
+ paths:
+{% for file in FILEBEAT_FILES %}
+ - {{ file }}
+{% endfor %}
+{% if FILEBEAT_LOG_FORMAT == 'json' %}
+ json.keys_under_root: true
+ json.overwrite_keys: true
+ json.add_error_key: true
+ json.message_key: log
+ multiline.pattern: '^{'
+ multiline.negate: true
+ multiline.match: after
+{% endif %}
+{% else %}
+- type: syslog
+ protocol.udp:
+ host: "localhost:{{ FILEBEAT_SYSLOG_PORT }}"
+{% endif %}
+ fields:
+ log_type: {{ FILEBEAT_LOG_TYPE }}
+
+filebeat.config.modules:
+ path: ${path.config}/modules.d/*.yml
+ reload.enabled: false
+
+output.logstash:
+ hosts: ["{{ FILEBEAT_OUTPUT_HOST }}:{{ FILEBEAT_OUTPUT_PORT }}"]
+ workers: 3
+ loadbalance: true
+ #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
+ #ssl.certificate: "{{ FILEBEAT_CERT }}""
+ #ssl.key: "{{ FILEBEAT_KEY }}"
diff --git a/roles/filebeat/tests/inventory b/roles/filebeat/tests/inventory
new file mode 100644
index 0000000000000000000000000000000000000000..878877b0776c44f55fc4e458f70840f31da5bb01
--- /dev/null
+++ b/roles/filebeat/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/roles/filebeat/tests/test.yml b/roles/filebeat/tests/test.yml
new file mode 100644
index 0000000000000000000000000000000000000000..12223ca87b8282eda378547b93ef39c83f837974
--- /dev/null
+++ b/roles/filebeat/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+ remote_user: root
+ roles:
+ - filebeat
diff --git a/roles/filebeat/vars/main.yml b/roles/filebeat/vars/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..137cdf365d907cc2f19027375f80730756bd9e37
--- /dev/null
+++ b/roles/filebeat/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for filebeat
diff --git a/roles/haproxy/files/.empty b/roles/haproxy/files/.empty
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/roles/haproxy/files/dsoclab-haproxy.crt b/roles/haproxy/files/dsoclab-haproxy.crt
deleted file mode 100644
index 5be39cb377745bb5bc5303c2b7d55d44877f9260..0000000000000000000000000000000000000000
--- a/roles/haproxy/files/dsoclab-haproxy.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- d2:7b:43:cb:9b:fb:09:cf:cc:86:ef:d1:01:9a:42:fc
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:30 2020 GMT
- Not After : Oct 15 10:47:30 2023 GMT
- Subject: CN=dsoclab-haproxy
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:c9:c7:22:33:0b:0b:0f:a0:8c:c4:a9:81:37:bd:
- 51:2f:47:32:fa:1b:88:45:b1:bb:11:43:3d:de:b3:
- 70:67:d7:8b:39:5a:8f:13:fb:2f:78:08:b1:b1:32:
- c6:d1:0e:e4:d3:2e:3a:db:84:db:d2:65:6b:26:24:
- 6c:d7:16:e5:a5:90:8e:02:46:13:02:0a:96:66:46:
- 87:b7:b0:ee:56:4c:3c:d8:ae:4c:7d:ef:5b:aa:6e:
- 01:8e:89:fe:4c:b9:de:6c:ba:e4:3f:8d:f8:d7:3a:
- ed:b2:29:9a:5b:ac:5a:86:66:05:f3:19:2f:59:8d:
- 7c:8b:6a:97:1e:43:8a:36:80:b2:e9:e1:84:f6:94:
- bc:13:11:31:b8:d2:5a:72:ed:68:c3:b1:37:e4:5b:
- 91:82:62:aa:13:f2:b6:e0:3a:aa:85:66:70:0a:a9:
- ad:5c:a7:52:ff:dc:f9:99:5e:e5:15:d5:0c:fe:cd:
- 27:cb:98:9e:5a:69:ca:71:74:31:e6:26:df:ec:d2:
- 42:43:b9:f3:04:8e:2c:7a:28:a6:f9:8e:ba:64:3c:
- 69:0e:ac:f5:dc:d5:f3:2a:50:47:50:d4:8c:f5:ee:
- 31:08:73:69:1f:ae:42:1d:52:84:5d:47:68:dd:a3:
- 1f:07:57:ec:3e:9e:0d:23:78:16:41:bc:68:f2:4f:
- e9:19
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 49:DC:74:02:17:71:C3:D0:A0:64:31:9E:60:2B:B4:38:43:62:DE:98
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-haproxy, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 04:a0:71:31:d2:11:93:09:96:c8:1b:2a:31:b8:b9:34:07:ac:
- 89:cb:b0:6c:b0:f0:17:5f:18:3c:a6:96:ca:b3:fa:c7:af:40:
- 17:e1:7e:e4:dc:ee:fe:5c:dc:86:40:b7:2f:9d:c0:9e:fd:16:
- 6b:85:ab:c2:a8:63:1f:fe:03:2b:89:6a:80:c9:2e:ae:cc:3d:
- 19:75:32:0e:56:57:16:27:02:51:49:1d:b3:78:aa:57:d3:00:
- 9b:93:fe:6d:a3:37:ad:26:35:57:e1:5f:90:bf:ef:30:bc:68:
- f3:bf:7c:59:69:4f:61:30:2d:48:66:a6:44:2a:51:63:6e:4f:
- a7:8f:96:7e:91:b2:b2:46:bc:97:1b:01:df:c0:24:5c:b2:aa:
- 8d:20:3a:25:5d:8a:1c:84:53:0d:d4:f6:d5:81:5d:30:de:c4:
- d7:fa:42:9c:79:68:92:56:b7:76:69:c6:c9:ad:07:47:a6:d2:
- 46:d4:a5:0c:10:a9:03:21:4d:56:40:e5:28:e3:fa:70:1b:23:
- 32:68:07:3d:d6:8a:3a:fb:6d:3b:a6:20:16:1b:09:f3:47:f0:
- 2a:4f:dc:97:86:56:37:96:42:1b:89:b8:76:1a:ab:7a:25:4e:
- e8:62:d9:a0:3b:ec:62:72:64:64:ca:87:9c:be:0a:08:09:52:
- ab:03:89:2b
------BEGIN CERTIFICATE-----
-MIIDmTCCAoGgAwIBAgIRANJ7Q8ub+wnPzIbv0QGaQvwwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzMwWhcNMjMxMDE1
-MTA0NzMwWjAaMRgwFgYDVQQDDA9kc29jbGFiLWhhcHJveHkwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDJxyIzCwsPoIzEqYE3vVEvRzL6G4hFsbsRQz3e
-s3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsmJGzXFuWlkI4CRhMCCpZmRoe3
-sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2yKZpbrFqGZgXzGS9ZjXyLapce
-Q4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT8rbgOqqFZnAKqa1cp1L/3PmZ
-XuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6KKb5jrpkPGkOrPXc1fMqUEdQ
-1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZBvGjyT+kZAgMBAAGjgd0wgdow
-CQYDVR0TBAIwADAdBgNVHQ4EFgQUSdx0Ahdxw9CgZDGeYCu0OENi3pgwRgYDVR0j
-BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
-T0xTLUNBggkAinSTJoBbQrcwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
-MAsGA1UdDwQEAwIFoDA6BgNVHREEMzAxgg9kc29jbGFiLWhhcHJveHmCHmRzb2Ns
-YWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEABKBx
-MdIRkwmWyBsqMbi5NAesicuwbLDwF18YPKaWyrP6x69AF+F+5Nzu/lzchkC3L53A
-nv0Wa4WrwqhjH/4DK4lqgMkursw9GXUyDlZXFicCUUkds3iqV9MAm5P+baM3rSY1
-V+FfkL/vMLxo8798WWlPYTAtSGamRCpRY25Pp4+WfpGyska8lxsB38AkXLKqjSA6
-JV2KHIRTDdT21YFdMN7E1/pCnHlokla3dmnGya0HR6bSRtSlDBCpAyFNVkDlKOP6
-cBsjMmgHPdaKOvttO6YgFhsJ80fwKk/cl4ZWN5ZCG4m4dhqreiVO6GLZoDvsYnJk
-ZMqHnL4KCAlSqwOJKw==
------END CERTIFICATE-----
diff --git a/roles/haproxy/files/dsoclab-haproxy.key b/roles/haproxy/files/dsoclab-haproxy.key
deleted file mode 100644
index abcca5eaafc03ebe472bc28a09ae04de65e2fa7f..0000000000000000000000000000000000000000
--- a/roles/haproxy/files/dsoclab-haproxy.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJxyIzCwsPoIzE
-qYE3vVEvRzL6G4hFsbsRQz3es3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsm
-JGzXFuWlkI4CRhMCCpZmRoe3sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2y
-KZpbrFqGZgXzGS9ZjXyLapceQ4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT
-8rbgOqqFZnAKqa1cp1L/3PmZXuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6
-KKb5jrpkPGkOrPXc1fMqUEdQ1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZB
-vGjyT+kZAgMBAAECggEAUcxwiNDJQySK7I7q23XcG5Z5i/rtW5OZin3/7vA/eVlg
-D3gu2KLTs42Su4siHk4zZYkwQx2xH7INpgDOPsQBhQT9DN7rhcBVCFE/Y7BObp2p
-bQ375HHMb2L5Lpeyh9gx21JIhZtAbcBt6/QBp3hPmnxxnQNwtpUtEDe923714PHD
-SfJ1Nd+mgeJ3ShPrk2jhcDdU82/mQrk5eH8M5QJqlTEWCvBgJaKhBf89T2XrX8jf
-oPzeVijOqgLg49QEtAPmI98GlE1OAp3boFx4/QA/s76pgWZhYIm1hcm1AguYhQvJ
-bi96IgdgVQQp/y7L+ix8zsq+YRxwPuCSBl+9BotYoQKBgQDm4neNC87XV4RhGuHG
-w8WpFXFe1uOucPfyfTMmjifh61GZa4aWgBQByBQxBs729MOr9TFrNApTGWPO8Lag
-ANnREyNndaUAUFgtCdY7Gc99deWyIx861aAVU7GGIFVkCo3OK0twbbyzqOj+B+H8
-c/P1tXXMayt/gPVuRDj7sq90VwKBgQDfuh6Clxa2sq0GdKsRkiDXaY8eZxJZchYw
-+0MsYQjX8hPOGn0YWGy14ppE7JEPTEWSRuzCf5cwem/em8AIESgdCUWcGkgcQO5n
-DvZeXrHHpVrTmGE5xEVNYrD/NPY7VizUsyLNvn5yC4hyByWkwLV+AUGpACE3HP2s
-7xTakmmoDwKBgHKEfXuuEafptrVbWgT2cYHOKu85crDBQ5o40zgaZlm+GDkahiT7
-3fCMRseScvE2sh8GfL6Jj11sSH8KEesGwQLclUDpry+aqkGckW+6+5lk8ssKdKD/
-+GjbnD/EpdX7Dh7mhoJ7S49pBjeJvWM0OBr1KDp+JZMWaaWJnSHqnO/9AoGAXvM4
-m6fP5f3y3PiK2cwwz/tm2DpaWUfID0Wz/pO4Ex4UNbacPMbabF8dpf7Ymat/I1Oi
-i/FmkxaDf/COEV5mrdwPhO7Kh+MuyuJYwThjLx4IbCERsliQKQWnpMgvcINkR2k3
-biZYt8IZSHusCD4ZSL7zxOvfLOrK5qgZK6JT4RUCgYEAk94TNC+rYRZOfOIaYA7+
-K1qTQAe8tawTBlKauXptWCzMFtMSEwozuHuxgnyAS/uRUKFMgRk00KrSvnuyGEBX
-5QxqqhBOMvGDs672q/kVZ5C9M06+y5+Zpg0Mf3r+zOBqB5tCASnl2KfOCZkAt8rV
-kyb4KyOsi81/fpVM/WeOL7w=
------END PRIVATE KEY-----
diff --git a/roles/haproxy/files/haproxy.cfg b/roles/haproxy/files/haproxy.cfg
deleted file mode 100644
index e102cf4d928a0f73102c86fa3e8372c1613bb9ac..0000000000000000000000000000000000000000
--- a/roles/haproxy/files/haproxy.cfg
+++ /dev/null
@@ -1,17 +0,0 @@
-global
- quiet
-
-defaults
- mode http
- maxconn 5000
-
- timeout connect 5s
- timeout client 20s
- timeout server 20s
-
-frontend public
- bind *:80
- default_backend apps
-
-backend apps
- server nifi_1 nifi_1:8080 check
diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml
index d8bcefb127b59568b20742ec123ca25130438ee6..00ff3573b0523cbc4c0f71d1514bc862117d7e6e 100644
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@@ -1,68 +1,17 @@
---
-# tasks file for haproxy
-- name: Copy haproxy configuration file
- template:
- src: haproxy.cfg.j2
- dest: /usr/local/etc/haproxy/haproxy.cfg
+- include: start.yml
tags:
- - start
-
-- name: Create required directories
- file:
- path: "{{ item }}"
- state: directory
- mode: 0755
- owner: root
- group: root
- with_items:
- - /opt/haproxy
- - /etc/ssl/haproxy
- tags:
- - start
-
-- name: Generate dhparam file for haproxy
- shell: "openssl dhparam -out /usr/local/etc/haproxy/dhparam.pem 2048"
+ - start
+- include: stop.yml
tags:
- - start
-
-- name: Copy haproxy certificates
- copy:
- src: "{{ item }}"
- dest: "/opt/haproxy/{{ item }}"
- mode: 0600
- with_items:
- - "{{ inventory_hostname }}.crt"
- - "{{ inventory_hostname }}.key"
+ - stop
+ - stop-haproxy
+- include: update-config.yml
tags:
- - start
-
-- name: Combine crt and key for haproxy
- assemble:
- src: /opt/haproxy
- dest: /etc/ssl/haproxy/{{ inventory_hostname }}.crt
- owner: root
- mode: 0600
+ - update-config
+ - update-haproxy-config
+- include: restart.yml
tags:
- - start
-
-- name: Delete temporary files and directory
- file:
- path: "{{ item }}"
- state: absent
- with_items:
- - /opt/haproxy/{{ inventory_hostname }}.crt
- - /opt/haproxy/{{ inventory_hostname }}.key
- - /opt/haproxy
- tags:
- - start
-
-- name: Start haproxy
- shell: "daemonize -c / -p /haproxy.pid /usr/local/sbin/haproxy -f /usr/local/etc/haproxy/haproxy.cfg"
- tags:
- - start
-
-#- name: Stop haproxy
-# tags:
-# - stop
-
+ - restart
+ - restart-haproxy
diff --git a/roles/haproxy/tasks/restart.yml b/roles/haproxy/tasks/restart.yml
new file mode 100644
index 0000000000000000000000000000000000000000..30c56b2caf98df9471bf019b08a636043290d946
--- /dev/null
+++ b/roles/haproxy/tasks/restart.yml
@@ -0,0 +1,6 @@
+---
+# tasks file for haproxy
+
+- name: Restart haproxy
+ shell: "supervisorctl restart haproxy"
+
diff --git a/roles/haproxy/tasks/start.yml b/roles/haproxy/tasks/start.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f33f0eab5622bbca1e9f73dfbe575322aebc9f1b
--- /dev/null
+++ b/roles/haproxy/tasks/start.yml
@@ -0,0 +1,55 @@
+---
+# tasks file for haproxy
+
+- name: Copy haproxy configuration file
+ template:
+ src: haproxy.cfg.j2
+ dest: /usr/local/etc/haproxy/haproxy.cfg
+
+- name: Create required directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ mode: 0755
+ owner: root
+ group: root
+ with_items:
+ - /opt/haproxy
+ - /etc/ssl/haproxy
+
+- name: Generate dhparam file for haproxy
+ shell: "openssl dhparam -out /usr/local/etc/haproxy/dhparam.pem 2048"
+
+- name: Copy haproxy certificates
+ copy:
+ src: "{{ item }}"
+ dest: "/opt/haproxy/"
+ mode: 0600
+ with_items:
+ - "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt"
+ - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key"
+
+- name: Combine crt and key for haproxy
+ assemble:
+ src: /opt/haproxy
+ dest: /etc/ssl/haproxy/{{ inventory_hostname }}.crt
+ owner: root
+ mode: 0600
+
+- name: Delete temporary files and directory
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - /opt/haproxy/{{ inventory_hostname }}.crt
+ - /opt/haproxy/{{ inventory_hostname }}.key
+ - /opt/haproxy
+
+- name: Start haproxy
+ shell: "supervisorctl start haproxy"
+
+- name: Set Autostart for supervisord's services
+ replace:
+ path: /etc/supervisord.conf
+ regexp: '^autostart=false$'
+ replace: 'autostart=true'
diff --git a/roles/haproxy/tasks/stop.yml b/roles/haproxy/tasks/stop.yml
new file mode 100644
index 0000000000000000000000000000000000000000..60f875fa3abae9f31a38e3e70b303ceb81ccd4b6
--- /dev/null
+++ b/roles/haproxy/tasks/stop.yml
@@ -0,0 +1,6 @@
+---
+# tasks file for haproxy
+
+- name: Stop haproxy
+ command: "supervisorctl stop haproxy"
+
diff --git a/roles/haproxy/tasks/update-config.yml b/roles/haproxy/tasks/update-config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..dc5cb8b945b946e99703bae873010e836317fa33
--- /dev/null
+++ b/roles/haproxy/tasks/update-config.yml
@@ -0,0 +1,8 @@
+---
+# tasks file for haproxy
+
+- name: Copy haproxy configuration file
+ template:
+ src: haproxy.cfg.j2
+ dest: /usr/local/etc/haproxy/haproxy.cfg
+
diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2
index e62740e78b24395594aeef2789b464eed20ecc7b..d566981a6c63627dddb93a94d562a497856c349e 100644
--- a/roles/haproxy/templates/haproxy.cfg.j2
+++ b/roles/haproxy/templates/haproxy.cfg.j2
@@ -1,6 +1,6 @@
global
#quiet
- log stdout format raw local0
+ log 127.0.0.1:9000 local0
nbproc {{ HAPROXY_PROCESSES }}
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
@@ -22,7 +22,7 @@ listen stats
stats hide-version
stats uri /
stats realm HAProxy Statistics
- stats auth haproxy:{{ HAPROXY_STATS_PASS }}
+ stats auth haproxy:{{lookup('password', '{{playbook_dir}}/secrets/passwords/haproxy_stats')}}
listen nifiserv
bind *:9443 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
@@ -31,6 +31,7 @@ listen nifiserv
fullconn 5000
balance source
option tcpka
+ option httplog
{% for nifihost in groups['nificontainers'] %}
server {{nifihost}} {{nifihost}}:9443 ssl check verify none
{% endfor %}
@@ -42,6 +43,7 @@ listen odfeserv
fullconn 5000
balance source
option tcpka
+ option httplog
{% for odfehost in groups['odfeescontainers'] %}
server {{odfehost}} {{odfehost}}:9200 ssl check verify none
{% endfor %}
@@ -53,6 +55,7 @@ listen keycloakserv
fullconn 5000
balance source
option tcpka
+ option httplog
{% for keycloakhost in groups['keycloakcontainers'] %}
server {{keycloakhost}} {{keycloakhost}}:8443 ssl check verify none
{% endfor %}
@@ -65,6 +68,7 @@ listen thehiveserv
balance source
option tcpka
option forwardfor
+ option httplog
{% for thehivehost in groups['thehive'] %}
server {{thehivehost}} {{thehivehost}}:9000 check verify none
{% endfor %}
@@ -77,6 +81,7 @@ listen cortexserv
balance source
option tcpka
option forwardfor
+ option httplog
{% for cortexhost in groups['cortex'] %}
server {{cortexhost}} {{cortexhost}}:9001 check verify none
{% endfor %}
@@ -90,6 +95,7 @@ listen nifiservtcp77{{port}}
balance source
option tcpka
option tcp-check
+ option tcplog
tcp-check connect port 77{{port}}
{% for nifihost in groups['nificontainers'] %}
server {{nifihost}} {{nifihost}}:77{{port}} check
@@ -106,6 +112,7 @@ listen nifiservtcp7771
balance source
option tcpka
option tcp-check
+ option tcplog
tcp-check connect port 7771
{% for nifihost in groups['nificontainers'] %}
server {{nifihost}} {{nifihost}}:7771 check
@@ -120,6 +127,7 @@ listen nifiservhttp{{port}}
fullconn 5000
balance source
option tcpka
+ option httplog
{% for nifihost in groups['nificontainers'] %}
server {{nifihost}} {{nifihost}}:{{port}} check
{% endfor %}
@@ -136,6 +144,7 @@ listen nifiservtcp{{port}}
balance source
option tcpka
option tcp-check
+ option tcplog
tcp-check connect port {{port}}
{% for nifihost in groups['nificontainers'] %}
server {{nifihost}} {{nifihost}}:{{port}} check
diff --git a/roles/keycloak/files/SOCTOOLS-CA.crt b/roles/keycloak/files/SOCTOOLS-CA.crt
deleted file mode 100644
index 04b1f203d036d2219c23c4ea3630115d68510eb8..0000000000000000000000000000000000000000
--- a/roles/keycloak/files/SOCTOOLS-CA.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
-BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
-UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
-Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
-M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
-c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
-tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
-ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
-8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
-EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
-JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
-z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
-XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
-CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
-nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
-GPiQTFGknE1U
------END CERTIFICATE-----
diff --git a/roles/keycloak/files/cacerts.jks b/roles/keycloak/files/cacerts.jks
deleted file mode 100644
index 9d4001b7d9a466941cda896b6bf145bf2f02020c..0000000000000000000000000000000000000000
Binary files a/roles/keycloak/files/cacerts.jks and /dev/null differ
diff --git a/roles/keycloak/files/dsoclab-keycloak.crt b/roles/keycloak/files/dsoclab-keycloak.crt
deleted file mode 100644
index 92b6893716cacfa9e7fb863ad4c4379077e7ac1e..0000000000000000000000000000000000000000
--- a/roles/keycloak/files/dsoclab-keycloak.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- fe:75:83:de:f2:35:5a:2c:2b:ba:09:72:0b:d8:09:48
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:28 2020 GMT
- Not After : Oct 15 10:47:28 2023 GMT
- Subject: CN=dsoclab-keycloak
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ea:a9:ea:6b:2f:6c:9c:9f:6d:9c:89:4e:01:ba:
- c6:c0:32:df:59:26:2b:95:f4:c2:3d:c8:7e:22:ce:
- b6:78:03:e8:22:28:81:9c:9a:a6:a7:ba:fd:05:66:
- a3:50:81:85:71:c1:d9:ea:bc:21:e1:5d:0a:87:7b:
- be:55:b0:7d:01:57:de:4c:fe:3a:c5:c9:54:77:2e:
- 15:fc:12:07:f8:ef:9f:7b:f7:09:01:70:75:53:3b:
- dc:b1:0c:65:4d:49:c4:fb:1d:42:20:6f:81:45:42:
- d3:db:1d:4c:57:1b:1d:3b:81:39:ee:b2:cf:95:4b:
- 29:d0:a8:39:98:d6:93:36:99:bf:c5:43:26:8d:4d:
- db:6d:24:3b:fc:16:76:a1:fd:6f:c6:19:11:c7:12:
- 0d:80:16:4c:88:da:2c:09:78:3d:1b:7c:6c:ec:db:
- 9e:01:50:5f:a3:56:7f:d4:3b:a4:26:d2:6d:42:7b:
- 88:4e:8d:64:ed:1e:1a:0e:05:58:65:58:47:83:60:
- 9e:b4:ed:15:ce:72:4f:a0:b5:22:dd:9f:a4:da:88:
- 86:fe:cb:84:6e:72:3d:00:42:da:8b:85:2a:f2:ef:
- d7:ee:bb:85:42:ba:b9:fb:d9:9d:d2:2c:58:0f:7c:
- 02:23:b7:46:d0:69:06:37:40:9d:58:74:89:ca:b7:
- 12:e5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- FD:C5:77:F8:79:AD:0A:7E:6A:A0:2E:3B:58:6A:9F:43:51:55:0B:DF
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-keycloak, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 9a:c0:35:a3:68:ec:ec:cc:c3:65:5a:bf:03:d0:ee:8d:a0:41:
- db:6d:89:3e:97:d4:90:7d:63:8e:73:37:43:ae:9a:e2:d0:2b:
- a7:5e:b2:88:9b:4d:8f:b6:81:bf:f6:46:a0:87:ca:77:ec:5c:
- af:cd:6b:d8:e8:60:5a:aa:86:be:64:d5:ad:e9:1e:41:7b:6a:
- df:01:1d:16:86:94:57:82:51:91:be:6b:d6:ae:f0:b9:8c:3d:
- 11:99:c4:93:eb:f7:fa:9e:a3:e3:f8:97:19:cf:63:55:6a:6e:
- 4f:e9:a2:64:a7:35:0d:7e:68:23:89:e1:c6:06:4b:34:67:38:
- 40:d1:81:b3:73:95:3a:3b:67:d2:5a:e4:8e:49:34:b1:ab:6f:
- b6:60:87:ac:55:5d:f5:59:c0:d5:d3:d8:de:3b:76:c9:41:28:
- b4:d7:23:ec:a2:3f:1d:3f:74:2e:f0:45:40:35:38:d1:06:50:
- b2:93:45:df:de:33:5e:0b:89:86:d8:c9:14:61:1c:d2:94:21:
- 1f:bf:df:32:f0:2f:91:52:b0:08:b7:b9:c2:b7:55:2b:ca:05:
- e4:eb:91:e1:63:45:5d:1a:6f:e8:76:07:89:e8:42:3e:ec:7b:
- 51:0e:a0:d5:8e:c3:3d:26:e3:45:b0:5b:61:d1:98:3b:c3:d4:
- 37:9f:c1:7c
------BEGIN CERTIFICATE-----
-MIIDmzCCAoOgAwIBAgIRAP51g97yNVosK7oJcgvYCUgwDQYJKoZIhvcNAQELBQAw
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI4WhcNMjMxMDE1
-MTA0NzI4WjAbMRkwFwYDVQQDDBBkc29jbGFiLWtleWNsb2FrMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qnqay9snJ9tnIlOAbrGwDLfWSYrlfTCPch+
-Is62eAPoIiiBnJqmp7r9BWajUIGFccHZ6rwh4V0Kh3u+VbB9AVfeTP46xclUdy4V
-/BIH+O+fe/cJAXB1UzvcsQxlTUnE+x1CIG+BRULT2x1MVxsdO4E57rLPlUsp0Kg5
-mNaTNpm/xUMmjU3bbSQ7/BZ2of1vxhkRxxINgBZMiNosCXg9G3xs7NueAVBfo1Z/
-1DukJtJtQnuITo1k7R4aDgVYZVhHg2CetO0VznJPoLUi3Z+k2oiG/suEbnI9AELa
-i4Uq8u/X7ruFQrq5+9md0ixYD3wCI7dG0GkGN0CdWHSJyrcS5QIDAQABo4HeMIHb
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFP3Fd/h5rQp+aqAuO1hqn0NRVQvfMEYGA1Ud
-IwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NU
-T09MUy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
-AjALBgNVHQ8EBAMCBaAwOwYDVR0RBDQwMoIQZHNvY2xhYi1rZXljbG9ha4IeZHNv
-Y2xhYi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQCa
-wDWjaOzszMNlWr8D0O6NoEHbbYk+l9SQfWOOczdDrpri0CunXrKIm02PtoG/9kag
-h8p37FyvzWvY6GBaqoa+ZNWt6R5Be2rfAR0WhpRXglGRvmvWrvC5jD0RmcST6/f6
-nqPj+JcZz2NVam5P6aJkpzUNfmgjieHGBks0ZzhA0YGzc5U6O2fSWuSOSTSxq2+2
-YIesVV31WcDV09jeO3bJQSi01yPsoj8dP3Qu8EVANTjRBlCyk0Xf3jNeC4mG2MkU
-YRzSlCEfv98y8C+RUrAIt7nCt1UrygXk65HhY0VdGm/odgeJ6EI+7HtRDqDVjsM9
-JuNFsFth0Zg7w9Q3n8F8
------END CERTIFICATE-----
diff --git a/roles/keycloak/files/dsoclab-keycloak.key b/roles/keycloak/files/dsoclab-keycloak.key
deleted file mode 100644
index 8c5ebed5a514facf489a59ce2a2e487c6a0da78f..0000000000000000000000000000000000000000
--- a/roles/keycloak/files/dsoclab-keycloak.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDqqeprL2ycn22c
-iU4BusbAMt9ZJiuV9MI9yH4izrZ4A+giKIGcmqanuv0FZqNQgYVxwdnqvCHhXQqH
-e75VsH0BV95M/jrFyVR3LhX8Egf475979wkBcHVTO9yxDGVNScT7HUIgb4FFQtPb
-HUxXGx07gTnuss+VSynQqDmY1pM2mb/FQyaNTdttJDv8Fnah/W/GGRHHEg2AFkyI
-2iwJeD0bfGzs254BUF+jVn/UO6Qm0m1Ce4hOjWTtHhoOBVhlWEeDYJ607RXOck+g
-tSLdn6TaiIb+y4Rucj0AQtqLhSry79fuu4VCurn72Z3SLFgPfAIjt0bQaQY3QJ1Y
-dInKtxLlAgMBAAECggEBAIj6HCLq8NxP15zLLSSnUQK571PLix+iWovT74UD4tEV
-frgJqvat81/vL2iqq+P/ZtSrUjfKD4DMXawOGGFOfvl8v/9zWv0+8zYKSbz1DYBK
-525mGfSkH2gxhjY2xR8jU389ae8jB3NVefLqHDiwVBT67sUdzTwZPtRUjiJgBliU
-soJCsCutHAy7GW68N79F0BQItHhjMt02fYybnFxNvBntD4lodZDn7K9iqBoZPduX
-TBsH1FcwZQyvQuiUlJgjUFM//5zrZUMjErv+3ev5c/WdpY4ycbo6VVBGZouVbyeX
-RAWeDUE1nrsEsLBSnTkXVInFjPS6mBxsIi/+hlf6XCECgYEA+bWYDKPgelSe8ii5
-mK94wcLr6MybO+GrBHT4lIP1UggGsvPtXTifNvgGrYx90gmmL6F9QWHE+4lxyh5L
-yEXCTHXl4QopgZCxWnnKekz0ma0lFlGYGr4KA0Z3Ntp+sCb/hcqVW/n24wVhNnmo
-z3ztlSI/GY3B598R7dO9sR/RoYkCgYEA8JNKbTegmeeaAyBehEPy3eajAiT6759p
-7m6Ml1P6IC3Ff3fllJrNWRi+JDKnJF9SUePOVWLWSgYSJyFLoiWK1CzoyLPdbcW9
-Ap9XNzD/aoDi6DBbKCFhRpBCsmTPnT8eFvA9PhuYY60w2UoM7byH+i2aJ1Do3izl
-tLsHJbcT230CgYEA5S4Sl/9MBlpl6xEPjh/2L7drdyVaj/IFWLjWcNBPtnMhWtrf
-joBqODQZRO09iSlL+kk3wWsvNEEoS33UxcGomy5Vxl3iTET1UXmYKPk6QVUVRc+r
-T1f9rpXc0l5kid2xBSUyQdFAE4obd7jfA1fAYfClgxmEzv//34xHfCoc5ykCgYEA
-01sD00pA3ZXc+AwzHY64y3z6D0M/9s+d+GzFNZoAsM6lqaRDXbhW2oTjX9fkgg8A
-upMiTl/kFeqZfilBUnYbLuc5qEJlMjC8KpakwAdbDk2njAgXvfz9gknxXts0j1jJ
-bauokm0aB9A7j1sAWsj8ya3QtePegnr9YDfEQr1CQ90CgYBfAQaYG9ldXcxTlERG
-jOGu0bh9DtnmwsenwTZQD4mNHpvL0MkmIQxR5FAL8XXbNBq50zCiOapLLrhdqbh0
-ih3WoOdqxLIDQtAJYs3ANhOmEAxvQPxpPKhRHRKPGXxyzgW9zeQ08GpYoR/M7VRF
-TypqufvopzWOpbxpgbfiJQmd8g==
------END PRIVATE KEY-----
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index 2bb6a62470c5e10d59be3a56109969f5fe802025..d7668ba48273ed7f841c5e4e868aaa4415817194 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -1,97 +1,17 @@
---
-- name: Copy certificates in keycloak x509 conf dir
- copy:
- src: "{{ item.local }}"
- dest: "{{ item.remote }}"
- mode: "{{ item.mode }}"
- with_items:
- - local: "files/{{ inventory_hostname }}.crt"
- remote: /etc/x509/https/tls.crt
- mode: '0644'
- - local: "files/{{ inventory_hostname }}.key"
- remote: /etc/x509/https/tls.key
- mode: '0600'
- - local: "files/{{ ca_cn }}.crt"
- remote: /etc/x509/ca/ca.crt
- mode: '0644'
- - local: "files/cacerts.jks"
- remote: /opt/jboss/keycloak/cacerts.jks
- mode: '0644'
- tags:
- - start
- - startkeycloak
-
-- name: Generate Keycloak secure config
- command: "/opt/jboss/tools/x509.sh"
- environment:
- X509_CA_BUNDLE: "/etc/x509/ca/ca.crt"
- tags:
- - start
- - startkeycloak
-
-- name: Set admin password
- command: /opt/jboss/keycloak/bin/add-user-keycloak.sh --user "admin" --password "{{keycloak_adminpass}}"
- ignore_errors: yes
- tags:
- - start
- - startkeycloak
-
-- name: Configure Keycloak start script
- template:
- src: "{{item}}.j2"
- dest: "/opt/jboss/tools/{{item}}"
- mode: 0750
- with_items:
- - startkeycloak.sh
- - initkeycloakrealm.sh
- tags:
- - start
- - startkeycloak
-
-
-- name: Start Keycloak IdP
- command: /opt/jboss/tools/startkeycloak.sh
- tags:
- - start
- - startkeycloak
-
-- name: Wait for Keycloak
- wait_for:
- host: "{{groups['keycloakcontainers'][0]}}"
- port: 8443
- state: started
- delay: 5
- tags:
- - start
- - startkeycloak
-
-- name: Initialize Keycloak realm
- command: /opt/jboss/tools/initkeycloakrealm.sh
- tags:
- - start
- - startkeycloak
-
-- name: Copy secrets from Keycloak
- fetch:
- src: "{{ item.remote }}"
- dest: "{{ item.local }}"
- flat: yes
- with_items:
- - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/nifisecret"
- local: "roles/nifi/files/nifisecret"
- - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/kibanasecret"
- local: "roles/odfekibana/files/kibanasecret"
- - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/thehivesecret"
- local: "roles/thehive/files/thehivesecret"
- - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/cortexsecret"
- local: "roles/cortex/files/cortexsecret"
- tags:
- - start
- - startkeycloak
-
-- name: Stop Keycloak
- command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
- tags:
- - stop
- - stopkeycloak
+- include: start.yml
+ tags:
+ - start
+- include: stop.yml
+ tags:
+ - stop
+ - stop-keycloak
+- include: update-config.yml
+ tags:
+ - update-config
+ - update-keycloak-config
+- include: restart.yml
+ tags:
+ - restart
+ - restart-keycloak
diff --git a/roles/keycloak/tasks/restart.yml b/roles/keycloak/tasks/restart.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4ea5519d0060b1f287c908e54b021b53c104e588
--- /dev/null
+++ b/roles/keycloak/tasks/restart.yml
@@ -0,0 +1,13 @@
+---
+
+- name: Restart Keycloak
+ remote_user: root
+ command: "supervisorctl restart keycloak"
+
+- name: Wait for Keycloak
+ remote_user: jboss
+ wait_for:
+ host: "{{groups['keycloakcontainers'][0]}}"
+ port: 8443
+ state: started
+ delay: 5
diff --git a/roles/keycloak/tasks/start.yml b/roles/keycloak/tasks/start.yml
new file mode 100644
index 0000000000000000000000000000000000000000..468cb2559c151b0b146a9f17cfa3980bc70b24a0
--- /dev/null
+++ b/roles/keycloak/tasks/start.yml
@@ -0,0 +1,96 @@
+---
+
+- name: Copy certificates in keycloak x509 conf dir
+ remote_user: jboss
+ copy:
+ src: "{{ item.local }}"
+ dest: "{{ item.remote }}"
+ mode: "{{ item.mode}}"
+ with_items:
+ - local: "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt"
+ remote: /etc/x509/https/tls.crt
+ mode: '0644'
+ - local: "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key"
+ remote: /etc/x509/https/tls.key
+ mode: '0600'
+ - local: "{{playbook_dir}}/secrets/CA/ca.crt"
+ remote: /etc/x509/ca/ca.crt
+ mode: '0644'
+ - local: "{{playbook_dir}}/secrets/CA/cacerts.jks"
+ remote: /opt/jboss/keycloak/cacerts.jks
+ mode: '0644'
+
+- name: Generate Keycloak secure config
+ remote_user: jboss
+ command: "/opt/jboss/tools/x509.sh"
+ environment:
+ X509_CA_BUNDLE: "/etc/x509/ca/ca.crt"
+
+- name: Set admin password
+ remote_user: jboss
+ command: /opt/jboss/keycloak/bin/add-user-keycloak.sh --user "admin" --password "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keykloak_admin')}}"
+ ignore_errors: True
+
+- name: Configure logging format
+ remote_user: jboss
+ lineinfile: #TODO: Change to community.general.xml
+ path: /opt/jboss/keycloak/standalone/configuration/standalone.xml
+ regexp: '.*<formatter name="PATTERN">.*'
+ line: "<formatter name=\"JSON\"><json-formatter date-format=\"yyyy-MM-dd'T'HH:mm:ss.SSS'Z'\" pretty-print=\"false\" print-details=\"true\" zone-id=\"UTC\"/></formatter><formatter name=\"PATTERN\">"
+
+- name: Enable event logging
+ remote_user: jboss
+ lineinfile:
+ path: /opt/jboss/keycloak/standalone/configuration/standalone.xml
+ regexp: '.*<spi name="eventsStore">.*'
+ line: '<spi name="eventsListener"><provider name="jboss-logging" enabled="true"><properties><property name="success-level" value="INFO"/><property name="error-level" value="WARN"/></properties></provider></spi><spi name="eventsStore">'
+
+- name: Specify logging format
+ remote_user: jboss
+ lineinfile:
+ path: /opt/jboss/keycloak/standalone/configuration/standalone.xml
+ regexp: ".*<named-formatter name=.*"
+ line: '<named-formatter name="JSON"/>'
+
+- name: Configure Keycloak start script
+ remote_user: jboss
+ template:
+ src: "{{item}}.j2"
+ dest: "/opt/jboss/tools/{{item}}"
+ mode: 0750
+ with_items:
+ - startkeycloak.sh
+ - initkeycloakrealm.sh
+
+- name: Start Keycloak IdP
+ remote_user: root
+ command: "supervisorctl start keycloak"
+
+- name: Wait for Keycloak
+ remote_user: jboss
+ wait_for:
+ host: "{{groups['keycloakcontainers'][0]}}"
+ port: 8443
+ state: started
+ delay: 5
+
+- name: Initialize Keycloak realm
+ remote_user: jboss
+ command: /opt/jboss/tools/initkeycloakrealm.sh
+
+- name: Copy secrets from Keycloak
+ remote_user: jboss
+ fetch:
+ src: "{{ item.remote }}"
+ dest: "{{ item.local }}"
+ flat: yes
+ with_items:
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/nifisecret"
+ local: "{{playbook_dir}}/secrets/tokens/nifisecret"
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/kibanasecret"
+ local: "{{playbook_dir}}/secrets/tokens/kibanasecret"
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/mispsecret"
+ local: "{{playbook_dir}}/secrets/tokens/mispsecret"
+
+- name: Set Autostart for supervisord's services
+ shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
diff --git a/roles/keycloak/tasks/stop.yml b/roles/keycloak/tasks/stop.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0f9c490c2263352235441f32f3674282d06e7fe0
--- /dev/null
+++ b/roles/keycloak/tasks/stop.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Stop Keycloak
+ remote_user: root
+ command: "supervisorctl stop keycloak"
diff --git a/roles/keycloak/tasks/update-config.yml b/roles/keycloak/tasks/update-config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c64229a7f6a580c619e2d87f30cb1d3304d3d008
--- /dev/null
+++ b/roles/keycloak/tasks/update-config.yml
@@ -0,0 +1,32 @@
+---
+
+- name: Configure Keycloak start script
+ remote_user: jboss
+ template:
+ src: "{{item}}.j2"
+ dest: "/opt/jboss/tools/{{item}}"
+ mode: 0750
+ with_items:
+ - startkeycloak.sh
+ - initkeycloakrealm.sh
+
+- name: Copy keycloak-tools
+ remote_user: jboss
+ synchronize:
+ src: roles/build/templates/keycloak/keycloak-tools/
+ dest: /opt/jboss/tools/
+
+- name: Copy secrets from Keycloak
+ remote_user: jboss
+ fetch:
+ src: "{{ item.remote }}"
+ dest: "{{ item.local }}"
+ flat: yes
+ with_items:
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/nifisecret"
+ local: "{{playbook_dir}}/secrets/tokens/nifisecret"
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/kibanasecret"
+ local: "{{playbook_dir}}/secrets/tokens/kibanasecret"
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/mispsecret"
+ local: "{{playbook_dir}}/secrets/tokens/mispsecret"
+
diff --git a/roles/keycloak/templates/initkeycloakrealm.sh.j2 b/roles/keycloak/templates/initkeycloakrealm.sh.j2
index d6fc9463d0bddd7f8f31587b6ecf7019d3f69428..3d790f2eb02af9dbb6644d50795d77788f8c0ba4 100644
--- a/roles/keycloak/templates/initkeycloakrealm.sh.j2
+++ b/roles/keycloak/templates/initkeycloakrealm.sh.j2
@@ -5,8 +5,8 @@ exec 7>&2
exec > /opt/jboss/keycloak/initkeycloak.log 2>&1
-kcadm.sh config truststore --trustpass {{tspass}} /opt/jboss/keycloak/cacerts.jks
-kcadm.sh config credentials --server https://{{groups['keycloakcontainers'][0]}}:8443/auth --realm master --user admin --password {{keycloak_adminpass}}
+kcadm.sh config truststore --trustpass {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}} /opt/jboss/keycloak/cacerts.jks
+kcadm.sh config credentials --server https://{{groups['keycloakcontainers'][0]}}:8443/auth --realm master --user admin --password "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keykloak_admin')}}"
kcadm.sh create realms -b '{ "enabled": "true", "id": "{{openid_realm}}", "realm": "{{openid_realm}}"}'
kcadm.sh create realms/{{openid_realm}}/authentication/flows/browser/copy -b '{ "id": "browser-x509", "newName": "X.509 Browser" }'
BROWSERFORM=$(kcadm.sh create realms/{{openid_realm}}/authentication/flows/X.509%20Browser/executions/execution -i -b '{ "provider": "auth-x509-client-username-form" }')
@@ -18,22 +18,18 @@ kcadm.sh create realms/{{openid_realm}}/groups -b '{"name":"GN43WP8T31"}'
{% for user in soctools_users %}
kcadm.sh create realms/{{openid_realm}}/users -b '{"enabled":true,"attributes":{"DN": ["{{user.DN}}"],"CN": ["{{user.CN}}"]},"username":"{{user.username}}","emailVerified":"","email":"{{user.email}}","firstName":"{{user.firstname}}","lastName":"{{user.lastname}}","groups": ["/GN43WP8T31"] }'
-kcadm.sh set-password -r {{openid_realm}} --username {{user.username}} --new-password {{user.password}}
+kcadm.sh set-password -r {{openid_realm}} --username {{user.username}} --new-password {{lookup('password', '{{playbook_dir}}/secrets/passwords/'+user.CN)}}
{% endfor %}
-NIFICLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-nifi","protocol":"openid-connect","clientAuthenticatorType": "client-secret","redirectUris": ["https://{{dslproxy}}:9443/*" ],"webOrigins": [], "publicClient": false }')
+NIFICLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"soctools-nifi","protocol":"openid-connect","clientAuthenticatorType": "client-secret","redirectUris": ["https://{{soctoolsproxy}}:9443/*" ],"webOrigins": [], "publicClient": false }')
kcadm.sh create realms/{{openid_realm}}/clients/${NIFICLIENT}/protocol-mappers/models -b '{"protocol":"openid-connect","config":{"id.token.claim":"true","access.token.claim":"true","userinfo.token.claim":"true","multivalued":"","aggregate.attrs":"","user.attribute":"DN","claim.name":"DN","jsonType.label":"String"},"name":"SendDN","protocolMapper":"oidc-usermodel-attribute-mapper"}'
kcadm.sh get realms/{{openid_realm}}/clients/${NIFICLIENT}/client-secret --fields value > /opt/jboss/keycloak/nifisecret
-KIBANACLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-kibana","protocol":"openid-connect","clientAuthenticatorType": "client-secret","rootUrl": "https://{{dslproxy}}:5601","adminUrl": "","redirectUris": ["https://{{dslproxy}}:5601", "https://{{dslproxy}}:5601/auth/openid/login", "https://{{dslproxy}}:5601/app/kibana" ],"webOrigins": [], "publicClient": false }')
+KIBANACLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"soctools-kibana","protocol":"openid-connect","clientAuthenticatorType": "client-secret","rootUrl": "https://{{soctoolsproxy}}:5601","adminUrl": "","redirectUris": ["https://{{soctoolsproxy}}:5601", "https://{{soctoolsproxy}}:5601/auth/openid/login", "https://{{soctoolsproxy}}:5601/app/kibana" ],"webOrigins": [], "publicClient": false }')
kcadm.sh get realms/{{openid_realm}}/clients/${KIBANACLIENT}/client-secret --fields value > /opt/jboss/keycloak/kibanasecret
-THEHIVECLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-thehive","protocol":"openid-connect","clientAuthenticatorType": "client-secret","adminUrl": "","redirectUris": ["https://{{dslproxy}}:9000/api/ssoLogin"],"webOrigins": [], "publicClient": false }')
-kcadm.sh get realms/{{openid_realm}}/clients/${THEHIVECLIENT}/client-secret --fields value > /opt/jboss/keycloak/thehivesecret
-
-CORTEXCLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-cortex","protocol":"openid-connect","clientAuthenticatorType": "client-secret","adminUrl": "","redirectUris": ["https://{{dslproxy}}:9001/api/ssoLogin"],"webOrigins": [], "publicClient": false }')
-kcadm.sh get realms/{{openid_realm}}/clients/${CORTEXCLIENT}/client-secret --fields value > /opt/jboss/keycloak/cortexsecret
-
+MISPCLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"soctools-misp","protocol":"openid-connect","clientAuthenticatorType": "client-secret","rootUrl": "https://{{soctoolsproxy}}:6443","adminUrl": "","redirectUris": ["https://{{soctoolsproxy}}:6443/users/login/keycloak"],"webOrigins": [], "publicClient": false }')
+kcadm.sh get realms/{{openid_realm}}/clients/${MISPCLIENT}/client-secret --fields value > /opt/jboss/keycloak/mispsecret
kcadm.sh config truststore --delete
diff --git a/roles/misp/files/SOCTOOLS-CA.crt b/roles/misp/files/SOCTOOLS-CA.crt
deleted file mode 100644
index 04b1f203d036d2219c23c4ea3630115d68510eb8..0000000000000000000000000000000000000000
--- a/roles/misp/files/SOCTOOLS-CA.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
-BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
-UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
-Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
-M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
-c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
-tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
-ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
-8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
-EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
-JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
-z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
-XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
-CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
-nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
-GPiQTFGknE1U
------END CERTIFICATE-----
diff --git a/roles/misp/files/cacerts.jks b/roles/misp/files/cacerts.jks
deleted file mode 100644
index 9d4001b7d9a466941cda896b6bf145bf2f02020c..0000000000000000000000000000000000000000
Binary files a/roles/misp/files/cacerts.jks and /dev/null differ
diff --git a/roles/misp/files/dsoclab-misp.crt b/roles/misp/files/dsoclab-misp.crt
deleted file mode 100644
index f83010441e252486cc934677a1e0a0de1ebe2328..0000000000000000000000000000000000000000
--- a/roles/misp/files/dsoclab-misp.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 75:87:fc:e4:cf:3e:c6:81:17:19:90:76:b1:2c:d5:d2
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:28 2020 GMT
- Not After : Oct 15 10:47:28 2023 GMT
- Subject: CN=dsoclab-misp
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:cf:b1:1b:e7:a2:ae:70:81:71:a5:57:46:14:2e:
- 47:64:89:4e:bd:7d:f0:82:2d:03:19:d6:87:44:b3:
- 42:bf:72:78:03:cc:91:98:5b:36:42:14:55:e2:82:
- 16:12:58:60:54:44:8f:15:f6:1b:1f:76:36:22:2e:
- e8:ac:d3:3c:0a:df:46:c7:f1:04:bc:3a:bf:fe:4b:
- 8f:2a:53:83:e3:50:82:06:09:fc:2a:fa:fe:94:a0:
- 7b:7f:c2:3e:0b:3e:dc:72:b8:94:10:0a:0b:90:fd:
- 45:76:29:85:52:bf:0f:20:43:78:fe:3b:d3:49:20:
- 8f:9a:a5:0c:89:bb:0e:97:f2:67:b0:2d:f0:17:53:
- 25:a6:9b:4b:64:0e:72:8a:bf:c9:e3:8e:41:bb:ed:
- f3:33:6a:55:5f:8d:52:84:fa:a3:67:1a:7b:71:fb:
- 90:f1:5f:61:df:44:ea:0b:77:88:f2:e5:c1:83:71:
- 58:c7:58:8a:9b:39:45:59:4e:e0:db:16:b6:96:72:
- 90:8c:ee:c2:13:75:ea:15:c6:6b:e2:dc:3a:de:c8:
- 07:de:18:84:2d:96:b6:c4:4c:e1:4a:4d:13:6f:6c:
- 9a:1d:e5:f9:6f:cc:7e:1b:4a:3a:75:1a:b9:37:b0:
- 6d:a0:1b:69:35:f1:b6:e6:c2:a5:d3:56:d3:57:c7:
- 0e:8b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 65:C5:56:88:65:AF:77:F1:53:B2:71:5E:16:10:D1:0B:30:FF:28:BE
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-misp, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 5a:57:76:90:fd:a5:0d:ea:b0:22:c9:02:2e:18:91:81:04:d1:
- f4:64:58:58:19:27:03:9b:5a:dc:de:6c:0e:fb:b7:76:eb:b1:
- 97:36:e2:c7:76:ef:7d:d8:00:c3:20:c0:3d:a7:cf:61:f8:16:
- 4c:96:4c:7c:c8:89:21:d6:d4:eb:3a:c1:3d:98:34:74:6e:39:
- 81:20:6f:9b:4b:8d:b9:35:60:c5:76:19:30:30:06:0f:89:b1:
- 1a:f6:c4:88:52:28:98:41:52:f1:9a:77:82:79:ae:c9:71:ba:
- d9:e5:e9:b7:ba:08:32:59:eb:5e:7d:11:e0:a8:27:20:91:46:
- 05:56:1e:e6:0b:4d:49:17:52:7f:4b:c4:a3:e0:cd:30:bd:4e:
- 6a:70:2a:f5:77:4d:d1:d6:64:13:8d:4b:1a:d3:0b:0f:8a:49:
- 1e:bf:b4:c0:4f:43:dc:92:e3:c0:f2:2f:4a:c8:30:45:fc:5a:
- d2:de:92:b2:a1:48:b8:da:ff:f4:0b:04:5d:5d:a7:30:d8:4b:
- ca:cf:0c:01:6a:50:45:5f:d4:a8:cf:dd:fa:f7:68:0c:4c:45:
- 47:be:3a:c2:39:bb:04:ff:62:a0:bc:91:a0:f2:2b:67:09:89:
- 5a:ff:e6:53:c1:89:18:12:a1:0f:5a:d7:e1:12:8b:88:88:89:
- ca:b0:30:27
------BEGIN CERTIFICATE-----
-MIIDkjCCAnqgAwIBAgIQdYf85M8+xoEXGZB2sSzV0jANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjhaFw0yMzEwMTUx
-MDQ3MjhaMBcxFTATBgNVBAMMDGRzb2NsYWItbWlzcDCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAM+xG+eirnCBcaVXRhQuR2SJTr198IItAxnWh0SzQr9y
-eAPMkZhbNkIUVeKCFhJYYFREjxX2Gx92NiIu6KzTPArfRsfxBLw6v/5LjypTg+NQ
-ggYJ/Cr6/pSge3/CPgs+3HK4lBAKC5D9RXYphVK/DyBDeP4700kgj5qlDIm7Dpfy
-Z7At8BdTJaabS2QOcoq/yeOOQbvt8zNqVV+NUoT6o2cae3H7kPFfYd9E6gt3iPLl
-wYNxWMdYips5RVlO4NsWtpZykIzuwhN16hXGa+LcOt7IB94YhC2WtsRM4UpNE29s
-mh3l+W/MfhtKOnUauTewbaAbaTXxtubCpdNW01fHDosCAwEAAaOB2jCB1zAJBgNV
-HRMEAjAAMB0GA1UdDgQWBBRlxVaIZa938VOycV4WENELMP8ovjBGBgNVHSMEPzA9
-gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
-Q0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYD
-VR0PBAQDAgWgMDcGA1UdEQQwMC6CDGRzb2NsYWItbWlzcIIeZHNvY2xhYi5nbjQt
-My13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQBaV3aQ/aUN6rAi
-yQIuGJGBBNH0ZFhYGScDm1rc3mwO+7d267GXNuLHdu992ADDIMA9p89h+BZMlkx8
-yIkh1tTrOsE9mDR0bjmBIG+bS425NWDFdhkwMAYPibEa9sSIUiiYQVLxmneCea7J
-cbrZ5em3uggyWetefRHgqCcgkUYFVh7mC01JF1J/S8Sj4M0wvU5qcCr1d03R1mQT
-jUsa0wsPikkev7TAT0PckuPA8i9KyDBF/FrS3pKyoUi42v/0CwRdXacw2EvKzwwB
-alBFX9Soz93692gMTEVHvjrCObsE/2KgvJGg8itnCYla/+ZTwYkYEqEPWtfhEouI
-iInKsDAn
------END CERTIFICATE-----
diff --git a/roles/misp/files/dsoclab-misp.key b/roles/misp/files/dsoclab-misp.key
deleted file mode 100644
index 9b8a5d677ac4cfa58bdee7fe6fec0d74c30240ab..0000000000000000000000000000000000000000
--- a/roles/misp/files/dsoclab-misp.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDPsRvnoq5wgXGl
-V0YULkdkiU69ffCCLQMZ1odEs0K/cngDzJGYWzZCFFXighYSWGBURI8V9hsfdjYi
-Luis0zwK30bH8QS8Or/+S48qU4PjUIIGCfwq+v6UoHt/wj4LPtxyuJQQCguQ/UV2
-KYVSvw8gQ3j+O9NJII+apQyJuw6X8mewLfAXUyWmm0tkDnKKv8njjkG77fMzalVf
-jVKE+qNnGntx+5DxX2HfROoLd4jy5cGDcVjHWIqbOUVZTuDbFraWcpCM7sITdeoV
-xmvi3DreyAfeGIQtlrbETOFKTRNvbJod5flvzH4bSjp1Grk3sG2gG2k18bbmwqXT
-VtNXxw6LAgMBAAECggEBAIb/4VqMVQTOLvfBJc0iU8eWtLbZMMb8ySI3Xs+aEc3t
-cvNNOmolB7ymCTllQ0GDboH32mX1BaZKqV9IzHbiCwoqHZEDKgfLzFZX+OQTSwwr
-nYidXur1IRuswPnHYZrfrl1net5+GQyShF8NGBs0E3nuQaxHaMwEvTNRCzhPfWnn
-u/g3IExtSdE/XSxRnTGRQqSnMAf9OXs9bw/iTSR5cQO2mW/dRLr4aUCQOJ5Hx4mO
-ub172vkNeNwOSUzc9FjtZyQZOtn25WoS7SusK7y9ToDqqR5OcI5M+kxq+fQo8Wvu
-XlIeOvTKTHOBaih6QYEzHo9zq893I/c0xiOmfOr0v7kCgYEA7WQ7g5z+2Lyt35Sq
-XmzyQyAEbx+PMPc7yTQC62YuvpEAaDFDHMphDw1zM2mraLO+2IuBuDz7CTlsf1zl
-xwEJoEZa3odRi2McpqiUVQgJYD+bCUv35J8X93K4/7tLHvXDJQ3BKBNNoLHxjD5P
-SlR5xBCFwZiiXAkquWpZaaWAbg0CgYEA3/jjf723dlWRrVcG/m7VJrhTWq10Jltp
-8y786INKU1IUrwqFt7ph4c9/Jbop40QVkJKzsPojzWreDf3EZYGnBVhOLA5p4MC0
-X1ZTzN86dn1Y3SDCopGnJVP8X2EdDGfsTkfXxOjRCzSPOyZzxzseACw9WWAmullU
-zQs4K6/4YPcCgYB117znb8bepoMVqwILz79PbRRmaV82qnRGRAhy/I2V0ftGvbWY
-FCqsQzv9uKX7WscRTed+It9nS9c9PkteR3iU1HgFYV0seW3emW7Q6yVkXw7CRbDw
-D73g+1U0ta/r1Yoi2boZ/8MYU10aBlBsEJVFrAIKAZAPagmIc2+hTyP6/QKBgQDX
-FHSr3C0NJzkhA7zEovxwFXx+TKmImCqTjKD0S/gZMW6JdYpZmFOc/Jz2RuMoyt4G
-msqSfnPZNPIO744liC8zM8zGBAVq/sN39je9OvUyikbG+0nNwh+H+jIWCfVST44e
-0mEDSCxPHWcaf1+ZiEzUD6fOZ0Zpl5WW3lpPocncmwKBgQDIR7uJctv3UZkEO+oq
-g1Q4jLUYJFUb/3fk1mEmpq+b90e/xQMqZHlu/KHiHcKrukdWj67d/LY4mrw4DebR
-PTgdj9e0O8V9M7BYxDN+zEYrvmmY4A+tg07zm8aqmhCNKpOMsW0MkKFFuRiMkiCh
-bopZVfjdd+d/56vLZW+GSBaCew==
------END PRIVATE KEY-----
diff --git a/roles/misp/tasks/config.yml b/roles/misp/tasks/config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..864c61dcf473417a13a27ff5debeaf4c5e3c900b
--- /dev/null
+++ b/roles/misp/tasks/config.yml
@@ -0,0 +1,93 @@
+---
+
+- name: Change password of default user
+ shell: "/var/www/MISP/app/Console/cake Password admin@admin.test {{ lookup('password', '{{playbook_dir}}/secrets/passwords/misp_admin') }}"
+
+- name: Configure MISP
+ shell: '/var/www/MISP/app/Console/cake Admin setSetting {{item.var}} {{item.value}}'
+ with_items:
+ - {"var":"Plugin.CustomAuth_enable","value":"true"}
+ - {"var":"Plugin.CustomAuth_header","value":"X_REMOTE_USER"}
+ - {"var":"Plugin.CustomAuth_disable_logout","value":"true"}
+ - {"var":"MISP.external_baseurl","value":"https://{{soctoolsproxy}}:6443"}
+ - {"var":"MISP.live","value":"true"}
+
+- name: Init default user
+ shell: '/var/www/MISP/app/Console/cake user_init | /usr/bin/tail -n1'
+ register: init_output
+ ignore_errors: True
+
+- name: Set API key fact
+ set_fact:
+ misp_api_key: "{{ init_output.stdout }}"
+ when: '"initialised" not in init_output.stdout'
+
+- name: Get API key
+ shell: '/var/www/MISP/app/Console/cake Admin getAuthkey admin@admin.test | /usr/bin/tail -n1'
+ register: get_output
+ ignore_errors: True
+ when: '"initialised" in init_output.stdout'
+
+- name: Set API key fact
+ set_fact:
+ misp_api_key: "{{ get_output.stdout }}"
+ when: '"initialised" in init_output.stdout'
+
+- name: add users
+ uri:
+ url: "https://{{soctoolsproxy}}:6443/admin/users/add/1"
+ method: POST
+ body_format: json
+ headers:
+ Authorization: "{{misp_api_key}}"
+ Accept: "application/json"
+ Content-type: "application/json"
+ body: '{"email": "{{item.email}}","org_id": "1","role_id": "1","external_auth_key":"{{item.email}}","external_auth_required":"1","change_pw": "0","external_auth_key":"{{item.email}}"}'
+ ignore_errors: yes #Ignore error when user already exists
+ with_items:
+ - "{{soctools_users}}"
+
+- name: Get user API key
+ shell: '/var/www/MISP/app/Console/cake Admin getAuthkey {{soctools_users[0].email}} | /usr/bin/tail -n1'
+ register: user_key
+
+- name: Store user API key
+ copy:
+ content: "{{ user_key.stdout }}"
+ dest: "{{playbook_dir}}/secrets/tokens/misp"
+ delegate_to: 127.0.0.1
+
+- name: Enable feed
+ uri:
+ url: "https://{{soctoolsproxy}}:6443/feeds/edit/1"
+ method: POST
+ body_format: json
+ headers:
+ Authorization: "{{misp_api_key}}"
+ Accept: "application/json"
+ Content-type: "application/json"
+ body: '{"enabled": true, "caching_enabled": true, "distribution": "1","publish": true}'
+
+- name: Fetch feed
+ shell: '/var/www/MISP/app/Console/cake Server {{item}} 1 all&'
+ with_items:
+ - fetchFeed
+ - cacheFeed
+
+- name: Add example event
+ uri:
+ url:
+ url: "https://{{soctoolsproxy}}:6443/events"
+ method: POST
+ body_format: json
+ headers:
+ Authorization: "{{misp_api_key}}"
+ Accept: "application/json"
+ Content-type: "application/json"
+ body: '{"Event":{"date":"{{ansible_date_time.date}}","threat_level_id":"1","info":"testevent","published":true,"analysis":"0","distribution":"0","Attribute":[{"type":"domain","category":"Network activity","to_ids":false,"distribution":"0","comment":"","value":"example.evil"},{"type":"ip-dst","category":"Network activity","to_ids":false,"distribution":"0","comment":"","value":"10.10.10.10"}]}}'
+
+- name: Set Autostart for supervisord services
+ replace:
+ path: /etc/supervisord.conf
+ regexp: '^autostart=false$'
+ replace: 'autostart=true'
diff --git a/roles/misp/tasks/main.yml b/roles/misp/tasks/main.yml
index 826e9dce14466e41450089a3720f28d4a4e54573..9b53c6c2b6dd1a2bc3207018e2524abfc390af9f 100644
--- a/roles/misp/tasks/main.yml
+++ b/roles/misp/tasks/main.yml
@@ -1,59 +1,19 @@
---
-- name: Copy certificates in apache cert dir
- copy:
- src: "{{ item.local }}"
- dest: "{{ item.remote }}"
- mode: "{{ item.mode}}"
- with_items:
- - local: "files/{{ inventory_hostname }}.crt"
- remote: /etc/ssl/certs/misp.crt
- mode: '0644'
- - local: "files/{{ inventory_hostname }}.key"
- remote: /etc/ssl/certs/misp.key
- mode: '0600'
- - local: "files/{{ ca_cn }}.crt"
- remote: /etc/ssl/certs/ca.crt
- mode: '0644'
+- include: start.yml
tags:
- - start
-
-- name: Configure Apache web server for misp
- template:
- src: misp.conf.j2
- dest: /etc/httpd/conf.d/misp.conf
- tags:
- - start
-
-- name: Configure MISP database access
- template:
- src: database.php.j2
- dest: /var/www/MISP/app/Config/database.php
- tags:
- - start
-
-- name: Configure MISP app
- template:
- src: config.php.j2
- dest: /var/www/MISP/app/Config/config.php
+ - start
+- include: config.yml
tags:
- - start
-
-- name: Configure MISP database initialization script
- template:
- src: checkdb.sh.j2
- dest: /var/www/MISP/checkdb.sh
- mode: '0700'
+ - start
+ - config
+- include: stop.yml
+ tags: stop
+- include: update-config.yml
tags:
- - start
-
-- name: Check if database is initialized
- command: /var/www/MISP/checkdb.sh
+ - update-config
+ - update-misp-config
+- include: restart.yml
tags:
- - start
-
-- name: Start MISP
- command: "/usr/bin/supervisord -c /etc/supervisord.conf"
- tags:
- - start
-
+ - restart
+ - restart-misp
diff --git a/roles/misp/tasks/restart.yml b/roles/misp/tasks/restart.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5878940540110fed2900248484f1fb6c0dc6b807
--- /dev/null
+++ b/roles/misp/tasks/restart.yml
@@ -0,0 +1,16 @@
+---
+
+- name: Restart php-fpm
+ command: "supervisorctl restart php-fpm"
+
+- name: Restart redis-server
+ command: "supervisorctl restart redis-server"
+
+- name: Restart apache2
+ command: "supervisorctl restart apache2"
+
+- name: Restart misp-modules
+ command: "supervisorctl restart misp-modules"
+
+- name: Restart workers
+ command: "supervisorctl restart workers"
diff --git a/roles/misp/tasks/start.yml b/roles/misp/tasks/start.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c07917fd83fe41509adf423109b20bfc9e781744
--- /dev/null
+++ b/roles/misp/tasks/start.yml
@@ -0,0 +1,73 @@
+---
+
+- name: Set PHP symbolic link
+ file:
+ src: /opt/rh/rh-php72/root/bin/php
+ dest: /usr/bin/php
+ state: link
+
+- name: Copy certificates
+ copy:
+ src: "{{ item.local }}"
+ dest: "{{ item.remote }}"
+ mode: "{{ item.mode}}"
+ with_items:
+ - local: "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt"
+ remote: /etc/ssl/certs/misp.crt
+ mode: '0644'
+ - local: "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key"
+ remote: /etc/ssl/certs/misp.key
+ mode: '0600'
+ - local: "{{playbook_dir}}/secrets/CA/ca.crt"
+ remote: /etc/ssl/certs/ca.crt
+ mode: '0644'
+ - local: "{{playbook_dir}}/secrets/CA/ca.crt"
+ remote: /etc/pki/ca-trust/source/anchors/ca.crt
+ mode: '0644'
+
+- name: Update CA trust
+ command: update-ca-trust
+
+- name: Get openid authkey
+ set_fact:
+ mispsecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/mispsecret',convert_data=False) | from_json }}"
+
+- name: Configure Apache web server for misp
+ template:
+ src: misp.conf.j2
+ dest: /etc/httpd/conf.d/misp.conf
+
+- name: Configure MISP database access
+ template:
+ src: database.php.j2
+ dest: /var/www/MISP/app/Config/database.php
+
+- name: Configure salt
+ lineinfile:
+ path: /var/www/MISP/app/Config/config.php
+ regexp: "'salt'.*=>"
+ line: "'salt' => '{{lookup('password', '{{playbook_dir}}/secrets/misp_salt')}}',"
+
+- name: Configure MISP database initialization script
+ template:
+ src: checkdb.sh.j2
+ dest: /var/www/MISP/checkdb.sh
+ mode: '0700'
+
+- name: Check if database is initialized
+ command: /var/www/MISP/checkdb.sh
+
+- name: Start php-fpm
+ command: "supervisorctl start php-fpm"
+
+- name: Start redis-server
+ command: "supervisorctl start redis-server"
+
+- name: Start apache2
+ command: "supervisorctl start apache2"
+
+- name: Start misp-modules
+ command: "supervisorctl start misp-modules"
+
+- name: Start workers
+ command: "supervisorctl start workers"
diff --git a/roles/misp/tasks/stop.yml b/roles/misp/tasks/stop.yml
new file mode 100644
index 0000000000000000000000000000000000000000..6a56d87d74255095f17ca8ac2db562596446f586
--- /dev/null
+++ b/roles/misp/tasks/stop.yml
@@ -0,0 +1,17 @@
+---
+- name: Stop php-fpm
+ command: "supervisorctl stop php-fpm"
+
+- name: Stop redis-server
+ command: "supervisorctl stop redis-server"
+
+- name: Stop apache2
+ command: "supervisorctl stop apache2"
+
+- name: Stop misp-modules
+ command: "supervisorctl stop misp-modules"
+
+- name: Stop workers
+ #command: "supervisorctl start workers"
+ command: 'su - -s /bin/bash -c "/var/www/MISP/app/Console/worker/stop.sh" apache'
+
diff --git a/roles/misp/tasks/update-config.yml b/roles/misp/tasks/update-config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..cd21505a47e530a967e3c44bd2a772d1b8d08bd7
--- /dev/null
+++ b/roles/misp/tasks/update-config.yml
@@ -0,0 +1,2 @@
+---
+
diff --git a/roles/misp/templates/checkdb.sh.j2 b/roles/misp/templates/checkdb.sh.j2
index 5aba69f866bb0343a8abbbadd3e6606213574123..c8eb4abac0fefe53b36d5ac6fb5e588e96a03054 100644
--- a/roles/misp/templates/checkdb.sh.j2
+++ b/roles/misp/templates/checkdb.sh.j2
@@ -1,5 +1,5 @@
#!/bin/bash -x
-MISPINIT=$(echo "SELECT COUNT(DISTINCT 'table_name') FROM information_schema.columns WHERE table_schema = '{{misp_dbname}}';" | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{misp_dbpass}} {{misp_dbname}})
+MISPINIT=$(echo "SELECT COUNT(DISTINCT 'table_name') FROM information_schema.columns WHERE table_schema = '{{misp_dbname}}';" | mysql -s -h {{mysql_name}} -u {{misp_dbuser}} -p{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}} {{misp_dbname}})
if [ ${MISPINIT} == "0" ]; then
- cat /var/www/MISP/INSTALL/MYSQL.sql | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{misp_dbpass}} {{misp_dbname}}
+ cat /var/www/MISP/INSTALL/MYSQL.sql | mysql -s -h {{mysql_name}} -u {{misp_dbuser}} -p{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}} {{misp_dbname}}
fi
diff --git a/roles/misp/templates/config.php.j2 b/roles/misp/templates/config.php.j2
deleted file mode 100644
index 46ca1ca0aadfb26b91e4c4469afcf8c967333288..0000000000000000000000000000000000000000
--- a/roles/misp/templates/config.php.j2
+++ /dev/null
@@ -1,84 +0,0 @@
-<?php
-$config = array (
- 'debug' => 0,
- 'MISP' =>
- array (
- 'baseurl' => 'https://{{dslproxy}}:6443',
- 'footermidleft' => '',
- 'footermidright' => '',
- 'org' => 'ORGNAME',
- 'showorg' => true,
- 'threatlevel_in_email_subject' => true,
- 'email_subject_TLP_string' => 'tlp:amber',
- 'email_subject_tag' => 'tlp',
- 'email_subject_include_tag_name' => true,
- 'background_jobs' => true,
- 'cached_attachments' => true,
- 'email' => 'email@address.com',
- 'contact' => 'email@address.com',
- 'cveurl' => 'https://cve.circl.lu/cve/',
- 'cweurl' => 'https://cve.circl.lu/cwe/',
- 'disablerestalert' => false,
- 'default_event_distribution' => '1',
- 'default_attribute_distribution' => 'event',
- 'tagging' => true,
- 'full_tags_on_event_index' => true,
- 'attribute_tagging' => true,
- 'full_tags_on_attribute_index' => true,
- 'footer_logo' => '',
- 'take_ownership_xml_import' => false,
- 'unpublishedprivate' => false,
- 'disable_emailing' => false,
- 'manage_workers' => true,
- 'Attributes_Values_Filter_In_Event' => 'id, uuid, value, comment, type, category, Tag.name',
- 'uuid' => '6ec3e533-99f9-42ac-952d-002664d1500f',
- 'live' => true,
- ),
- 'GnuPG' =>
- array (
- 'onlyencrypted' => false,
- 'email' => '',
- 'homedir' => '',
- 'password' => '',
- 'bodyonlyencrypted' => false,
- 'sign' => true,
- 'obscure_subject' => false,
- ),
- 'SMIME' =>
- array (
- 'enabled' => false,
- 'email' => '',
- 'cert_public_sign' => '',
- 'key_sign' => '',
- 'password' => '',
- ),
- 'Proxy' =>
- array (
- 'host' => '',
- 'port' => '',
- 'method' => '',
- 'user' => '',
- 'password' => '',
- ),
- 'SecureAuth' =>
- array (
- 'amount' => 5,
- 'expire' => 300,
- ),
- 'Security' =>
- array (
- 'level' => 'medium',
- 'salt' => '{{misp_salt}}',
- 'cipherSeed' => '',
- ),
- 'Session.defaults' => 'php',
- 'Session.timeout' => 60,
- 'Session.cookieTimeout' => 60,
- 'Session.autoRegenerate' => false,
- 'Session.checkAgent' => false,
- 'site_admin_debug' => NULL,
- 'Plugin' => NULL,
- 'CertAuth' => NULL,
- 'ApacheShibbAuth' => NULL,
- 'ApacheSecureAuth' => NULL,
-);
diff --git a/roles/misp/templates/database.php.j2 b/roles/misp/templates/database.php.j2
index 0cf1934f76488c257a3f68c2a4cf97ae58a8dead..867e5fb9e876d23e8d6552eab177a1e5121c8eff 100755
--- a/roles/misp/templates/database.php.j2
+++ b/roles/misp/templates/database.php.j2
@@ -63,11 +63,11 @@ class DATABASE_CONFIG {
'datasource' => 'Database/Mysql',
//'datasource' => 'Database/Postgres',
'persistent' => false,
- 'host' => '{{groups['mysql'][0]}}',
+ 'host' => '{{mysql_name}}',
'login' => '{{misp_dbuser}}',
'port' => 3306, // MySQL & MariaDB
//'port' => 5432, // PostgreSQL
- 'password' => '{{misp_dbpass}}',
+ 'password' => '{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}}',
'database' => '{{misp_dbname}}',
'prefix' => '',
'encoding' => 'utf8',
diff --git a/roles/misp/templates/misp.conf.j2 b/roles/misp/templates/misp.conf.j2
index 3a9cb85aa753ba49e5cdeec63daf64a76f46e340..2ca05216dba90d63323d1362325837dd83824fbd 100644
--- a/roles/misp/templates/misp.conf.j2
+++ b/roles/misp/templates/misp.conf.j2
@@ -1,7 +1,7 @@
Listen 6443 https
<VirtualHost *:6443>
-ServerAdmin admin@{{dslproxy}}
-ServerName {{dslproxy}}
+ServerAdmin admin@{{soctoolsproxy}}
+ServerName {{soctoolsproxy}}
DocumentRoot /var/www/MISP/app/webroot
<Directory /var/www/MISP/app/webroot>
Options -Indexes
@@ -10,15 +10,25 @@ AllowOverride all
DirectoryIndex index.php
-# ProxyPassMatch ^/info$ fcgi://127.0.0.1:9000/var/www/MISP/app/webroot/info.php
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/MISP/app/webroot/$1
-#<FilesMatch "\.php$">
-# SetHandler "proxy:fcgi://127.0.0.1:9000"
-# ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
-# AddHandler php72-fcgi .php
-# Action php72-fcgi /cgi-bin/php72.fcgi
-#</FilesMatch>
+SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+
+OIDCCryptoPassphrase {{lookup('password', '{{playbook_dir}}/secrets/passwords/misp_crypto')}}
+OIDCProviderMetadataURL https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration
+OIDCRedirectURI https://{{soctoolsproxy}}:6443/users/login/keycloak
+OIDCClientID soctools-misp
+OIDCScope "openid profile"
+OIDCClientSecret {{mispsecret.value}}
+OIDCRemoteUserClaim email
+OIDCProviderTokenEndpointAuth client_secret_basic
+
+<Location /users/login>
+ AuthType openid-connect
+ Require valid-user
+ RequestHeader set X-Remote-User %{OIDC_CLAIM_email}e
+</Location>
+
SSLEngine On
SSLCertificateFile /etc/ssl/certs/misp.crt
diff --git a/roles/misp/templates/mysql_secure.sql.j2 b/roles/misp/templates/mysql_secure.sql.j2
index 7b8dd283a33da8aab7f443985ea9f5f97fb6f5d6..dd8ffd5d96d8dcdc08ca9efca5b2f66f3fa82dc9 100644
--- a/roles/misp/templates/mysql_secure.sql.j2
+++ b/roles/misp/templates/mysql_secure.sql.j2
@@ -1,4 +1,4 @@
-UPDATE mysql.user SET Password=PASSWORD('{{mysql_dbrootpass}}') WHERE User='root';
+UPDATE mysql.user SET Password=PASSWORD('{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_root')}}') WHERE User='root';
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DROP DATABASE IF EXISTS test;
@@ -6,7 +6,7 @@ DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
CREATE DATABASE {{misp_dbname}};
{% for misp_host in groups['mispcontainers'] %}
-GRANT USAGE on *.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}' IDENTIFIED by '{{misp_dbpass}}';
+GRANT USAGE on *.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}' IDENTIFIED by '{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}}';
GRANT ALL PRIVILEGES on {{misp_dbname}}.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}';
{% endfor %}
diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml
index f915611043cb4f4d1aa7aa9b2d9c4b87539ad4c5..69395fe3e0562adca1f273db7d17f8e3b1451ee6 100644
--- a/roles/mysql/tasks/main.yml
+++ b/roles/mysql/tasks/main.yml
@@ -1,4 +1,20 @@
---
- include: secure.yml
+ tags:
+ - start
- include: misp.yml
+ tags:
+ - start
+- include: stop.yml
+ tags:
+ - stop
+ - stop-mysql
+- include: update-config.yml
+ tags:
+ - update-config
+ - update-mysql-config
+- include: restart.yml
+ tags:
+ - restart
+ - restart-mysql
diff --git a/roles/mysql/tasks/misp.yml b/roles/mysql/tasks/misp.yml
index 60e1d0a082f9036afb9295a5b9f8ad2e3713f843..c541e99243876ad9739ec4b52bc946b481ef6274 100644
--- a/roles/mysql/tasks/misp.yml
+++ b/roles/mysql/tasks/misp.yml
@@ -4,23 +4,26 @@
mysql_db:
name: "{{misp_dbname}}"
state: present
- tags:
- - start
- name: Create misp user
mysql_user:
name: "{{misp_dbuser}}"
- host: "{{item}}.{{soctools_netname}}"
- password: "{{misp_dbpass}}"
+ #host: "{{item}}.{{soctools_netname}}"
+ host: "%"
+ password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}}"
priv: "{{misp_dbname}}.*:ALL"
with_items: "{{groups['mispcontainers']}}"
- tags:
- - start
+
+- name: Set Autostart for supervisord's services
+ replace:
+ path: /etc/supervisord.conf
+ regexp: '^autostart=false$'
+ replace: 'autostart=true'
# CREATE DATABASE IF NOT EXISTS {{misp_dbname}};
# {% for misp_host in groups['mispcontainers'] %}
-# GRANT USAGE on *.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}' IDENTIFIED by '{{misp_dbpass}}';
+# GRANT USAGE on *.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}' IDENTIFIED by '{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}}';
# GRANT ALL PRIVILEGES on {{misp_dbname}}.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}';
# {% endfor %}
#
diff --git a/roles/mysql/tasks/restart.yml b/roles/mysql/tasks/restart.yml
new file mode 100644
index 0000000000000000000000000000000000000000..79a5ef40478116ae27a4d01452ff77d6495cbd59
--- /dev/null
+++ b/roles/mysql/tasks/restart.yml
@@ -0,0 +1,4 @@
+---
+
+- name: Restart MySQL
+ shell: "supervisorctl restart mysql"
diff --git a/roles/mysql/tasks/secure.yml b/roles/mysql/tasks/secure.yml
index 18f098e0bf61973914ca8e52e4de00a7e8a10652..80db96cf207efd2ba5b4ec0c5aa4828041a6e980 100644
--- a/roles/mysql/tasks/secure.yml
+++ b/roles/mysql/tasks/secure.yml
@@ -4,7 +4,7 @@
mysql_user:
name: root
host_all: yes
- password: "{{mysql_dbrootpass}}"
+ password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_root')}}"
tags:
- start
ignore_errors: true
@@ -54,7 +54,7 @@
#
#
#
-# UPDATE mysql.user SET Password=PASSWORD('{{mysql_dbrootpass}}') WHERE User='root';
+# UPDATE mysql.user SET Password=PASSWORD('{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_root')}}') WHERE User='root';
# DELETE FROM mysql.user WHERE User='';
# DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
# DROP DATABASE IF EXISTS test;
@@ -64,9 +64,9 @@
#
#
# #!/bin/bash -x
-# MISPINIT=$(echo "SELECT COUNT(DISTINCT 'table_name') FROM information_schema.columns WHERE table_schema = '{{misp_dbname}}';" | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{misp_dbpass}} {{misp_dbname}})
-# #MISPINIT=$(echo "select count(id) from users;" | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{misp_dbpass}} {{misp_dbname}})
+# MISPINIT=$(echo "SELECT COUNT(DISTINCT 'table_name') FROM information_schema.columns WHERE table_schema = '{{misp_dbname}}';" | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}} {{misp_dbname}})
+# #MISPINIT=$(echo "select count(id) from users;" | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}} {{misp_dbname}})
# if [ ${MISPINIT} == "0" ]; then
-# cat /var/www/MISP/INSTALL/MYSQL.sql | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{misp_dbpass}} {{misp_dbname}}
+# cat /var/www/MISP/INSTALL/MYSQL.sql | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}} {{misp_dbname}}
# touch /var/www/MISP/dbchecked-$(date +%Y%m%d_%H%M%S)
# fi
diff --git a/roles/mysql/tasks/stop.yml b/roles/mysql/tasks/stop.yml
new file mode 100644
index 0000000000000000000000000000000000000000..dcfc34a99ec56f67b192a0ab40ae019c3db96bcf
--- /dev/null
+++ b/roles/mysql/tasks/stop.yml
@@ -0,0 +1,4 @@
+---
+
+- name: Stop MySQL
+ shell: "supervisorctl stop mysql"
diff --git a/roles/mysql/tasks/update-config.yml b/roles/mysql/tasks/update-config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..cd21505a47e530a967e3c44bd2a772d1b8d08bd7
--- /dev/null
+++ b/roles/mysql/tasks/update-config.yml
@@ -0,0 +1,2 @@
+---
+
diff --git a/roles/mysql/templates/dotmy.cnf.j2 b/roles/mysql/templates/dotmy.cnf.j2
index 56feaea61621677a51089d18f6fea96fc3a30a4b..79fe59e355fa1a7d55872cdd80e0025bfc246f25 100644
--- a/roles/mysql/templates/dotmy.cnf.j2
+++ b/roles/mysql/templates/dotmy.cnf.j2
@@ -1,3 +1,3 @@
[client]
user=root
-password='{{mysql_dbrootpass}}'
+password='{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_root')}}'
diff --git a/roles/mysql/templates/mysql_secure.sql.j2 b/roles/mysql/templates/mysql_secure.sql.j2
index c1f602d390f8e986c6b8cf73664a2bde3a87fbbb..5b8474e9b0dc5dbcc27f013a771f2187fdc68b6a 100644
--- a/roles/mysql/templates/mysql_secure.sql.j2
+++ b/roles/mysql/templates/mysql_secure.sql.j2
@@ -1,4 +1,4 @@
-UPDATE mysql.user SET Password=PASSWORD('{{mysql_dbrootpass}}') WHERE User='root';
+UPDATE mysql.user SET Password=PASSWORD('{{playbook_dir}}/secrets/passwords/mysql_root')}}') WHERE User='root';
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DROP DATABASE IF EXISTS test;
@@ -6,9 +6,14 @@ DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
CREATE DATABASE IF NOT EXISTS {{misp_dbname}};
{% for misp_host in groups['mispcontainers'] %}
-GRANT USAGE on *.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}' IDENTIFIED by '{{misp_dbpass}}';
+GRANT USAGE on *.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}' IDENTIFIED by '{{playbook_dir}}/secrets/passwords/mysql_misp')}}';
GRANT ALL PRIVILEGES on {{misp_dbname}}.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}';
{% endfor %}
+INSTALL SONAME 'server_audit';
+SET GLOBAL server_audit_logging=ON;
+SET GLOBAL server_audit_file_rotate_now = ON;
+SET GLOBAl server_audit_file_rotations = 2;
+SET GLOABL audit_log_format = JSON;
FLUSH PRIVILEGES;
diff --git a/roles/nifi/files/CountriesWithRegionalCodes.csv b/roles/nifi/files/CountriesWithRegionalCodes.csv
new file mode 100644
index 0000000000000000000000000000000000000000..f9b67f9dfe618e9151c718c23ed568960b5e69cb
--- /dev/null
+++ b/roles/nifi/files/CountriesWithRegionalCodes.csv
@@ -0,0 +1,250 @@
+name,alpha-2,alpha-3,country-code,iso_3166-2,region,sub-region,intermediate-region,region-code,sub-region-code,intermediate-region-code
+Afghanistan,AF,AFG,004,ISO 3166-2:AF,Asia,Southern Asia,"",142,034,""
+Åland Islands,AX,ALA,248,ISO 3166-2:AX,Europe,Northern Europe,"",150,154,""
+Albania,AL,ALB,008,ISO 3166-2:AL,Europe,Southern Europe,"",150,039,""
+Algeria,DZ,DZA,012,ISO 3166-2:DZ,Africa,Northern Africa,"",002,015,""
+American Samoa,AS,ASM,016,ISO 3166-2:AS,Oceania,Polynesia,"",009,061,""
+Andorra,AD,AND,020,ISO 3166-2:AD,Europe,Southern Europe,"",150,039,""
+Angola,AO,AGO,024,ISO 3166-2:AO,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
+Anguilla,AI,AIA,660,ISO 3166-2:AI,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Antarctica,AQ,ATA,010,ISO 3166-2:AQ,"","","","","",""
+Antigua and Barbuda,AG,ATG,028,ISO 3166-2:AG,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Argentina,AR,ARG,032,ISO 3166-2:AR,Americas,Latin America and the Caribbean,South America,019,419,005
+Armenia,AM,ARM,051,ISO 3166-2:AM,Asia,Western Asia,"",142,145,""
+Aruba,AW,ABW,533,ISO 3166-2:AW,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Australia,AU,AUS,036,ISO 3166-2:AU,Oceania,Australia and New Zealand,"",009,053,""
+Austria,AT,AUT,040,ISO 3166-2:AT,Europe,Western Europe,"",150,155,""
+Azerbaijan,AZ,AZE,031,ISO 3166-2:AZ,Asia,Western Asia,"",142,145,""
+Bahamas,BS,BHS,044,ISO 3166-2:BS,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Bahrain,BH,BHR,048,ISO 3166-2:BH,Asia,Western Asia,"",142,145,""
+Bangladesh,BD,BGD,050,ISO 3166-2:BD,Asia,Southern Asia,"",142,034,""
+Barbados,BB,BRB,052,ISO 3166-2:BB,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Belarus,BY,BLR,112,ISO 3166-2:BY,Europe,Eastern Europe,"",150,151,""
+Belgium,BE,BEL,056,ISO 3166-2:BE,Europe,Western Europe,"",150,155,""
+Belize,BZ,BLZ,084,ISO 3166-2:BZ,Americas,Latin America and the Caribbean,Central America,019,419,013
+Benin,BJ,BEN,204,ISO 3166-2:BJ,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Bermuda,BM,BMU,060,ISO 3166-2:BM,Americas,Northern America,"",019,021,""
+Bhutan,BT,BTN,064,ISO 3166-2:BT,Asia,Southern Asia,"",142,034,""
+Bolivia (Plurinational State of),BO,BOL,068,ISO 3166-2:BO,Americas,Latin America and the Caribbean,South America,019,419,005
+"Bonaire, Sint Eustatius and Saba",BQ,BES,535,ISO 3166-2:BQ,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Bosnia and Herzegovina,BA,BIH,070,ISO 3166-2:BA,Europe,Southern Europe,"",150,039,""
+Botswana,BW,BWA,072,ISO 3166-2:BW,Africa,Sub-Saharan Africa,Southern Africa,002,202,018
+Bouvet Island,BV,BVT,074,ISO 3166-2:BV,Americas,Latin America and the Caribbean,South America,019,419,005
+Brazil,BR,BRA,076,ISO 3166-2:BR,Americas,Latin America and the Caribbean,South America,019,419,005
+British Indian Ocean Territory,IO,IOT,086,ISO 3166-2:IO,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Brunei Darussalam,BN,BRN,096,ISO 3166-2:BN,Asia,South-eastern Asia,"",142,035,""
+Bulgaria,BG,BGR,100,ISO 3166-2:BG,Europe,Eastern Europe,"",150,151,""
+Burkina Faso,BF,BFA,854,ISO 3166-2:BF,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Burundi,BI,BDI,108,ISO 3166-2:BI,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Cabo Verde,CV,CPV,132,ISO 3166-2:CV,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Cambodia,KH,KHM,116,ISO 3166-2:KH,Asia,South-eastern Asia,"",142,035,""
+Cameroon,CM,CMR,120,ISO 3166-2:CM,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
+Canada,CA,CAN,124,ISO 3166-2:CA,Americas,Northern America,"",019,021,""
+Cayman Islands,KY,CYM,136,ISO 3166-2:KY,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Central African Republic,CF,CAF,140,ISO 3166-2:CF,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
+Chad,TD,TCD,148,ISO 3166-2:TD,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
+Chile,CL,CHL,152,ISO 3166-2:CL,Americas,Latin America and the Caribbean,South America,019,419,005
+China,CN,CHN,156,ISO 3166-2:CN,Asia,Eastern Asia,"",142,030,""
+Christmas Island,CX,CXR,162,ISO 3166-2:CX,Oceania,Australia and New Zealand,"",009,053,""
+Cocos (Keeling) Islands,CC,CCK,166,ISO 3166-2:CC,Oceania,Australia and New Zealand,"",009,053,""
+Colombia,CO,COL,170,ISO 3166-2:CO,Americas,Latin America and the Caribbean,South America,019,419,005
+Comoros,KM,COM,174,ISO 3166-2:KM,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Congo,CG,COG,178,ISO 3166-2:CG,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
+"Congo, Democratic Republic of the",CD,COD,180,ISO 3166-2:CD,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
+Cook Islands,CK,COK,184,ISO 3166-2:CK,Oceania,Polynesia,"",009,061,""
+Costa Rica,CR,CRI,188,ISO 3166-2:CR,Americas,Latin America and the Caribbean,Central America,019,419,013
+Côte d'Ivoire,CI,CIV,384,ISO 3166-2:CI,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Croatia,HR,HRV,191,ISO 3166-2:HR,Europe,Southern Europe,"",150,039,""
+Cuba,CU,CUB,192,ISO 3166-2:CU,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Curaçao,CW,CUW,531,ISO 3166-2:CW,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Cyprus,CY,CYP,196,ISO 3166-2:CY,Asia,Western Asia,"",142,145,""
+Czechia,CZ,CZE,203,ISO 3166-2:CZ,Europe,Eastern Europe,"",150,151,""
+Denmark,DK,DNK,208,ISO 3166-2:DK,Europe,Northern Europe,"",150,154,""
+Djibouti,DJ,DJI,262,ISO 3166-2:DJ,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Dominica,DM,DMA,212,ISO 3166-2:DM,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Dominican Republic,DO,DOM,214,ISO 3166-2:DO,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Ecuador,EC,ECU,218,ISO 3166-2:EC,Americas,Latin America and the Caribbean,South America,019,419,005
+Egypt,EG,EGY,818,ISO 3166-2:EG,Africa,Northern Africa,"",002,015,""
+El Salvador,SV,SLV,222,ISO 3166-2:SV,Americas,Latin America and the Caribbean,Central America,019,419,013
+Equatorial Guinea,GQ,GNQ,226,ISO 3166-2:GQ,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
+Eritrea,ER,ERI,232,ISO 3166-2:ER,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Estonia,EE,EST,233,ISO 3166-2:EE,Europe,Northern Europe,"",150,154,""
+Eswatini,SZ,SWZ,748,ISO 3166-2:SZ,Africa,Sub-Saharan Africa,Southern Africa,002,202,018
+Ethiopia,ET,ETH,231,ISO 3166-2:ET,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Falkland Islands (Malvinas),FK,FLK,238,ISO 3166-2:FK,Americas,Latin America and the Caribbean,South America,019,419,005
+Faroe Islands,FO,FRO,234,ISO 3166-2:FO,Europe,Northern Europe,"",150,154,""
+Fiji,FJ,FJI,242,ISO 3166-2:FJ,Oceania,Melanesia,"",009,054,""
+Finland,FI,FIN,246,ISO 3166-2:FI,Europe,Northern Europe,"",150,154,""
+France,FR,FRA,250,ISO 3166-2:FR,Europe,Western Europe,"",150,155,""
+French Guiana,GF,GUF,254,ISO 3166-2:GF,Americas,Latin America and the Caribbean,South America,019,419,005
+French Polynesia,PF,PYF,258,ISO 3166-2:PF,Oceania,Polynesia,"",009,061,""
+French Southern Territories,TF,ATF,260,ISO 3166-2:TF,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Gabon,GA,GAB,266,ISO 3166-2:GA,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
+Gambia,GM,GMB,270,ISO 3166-2:GM,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Georgia,GE,GEO,268,ISO 3166-2:GE,Asia,Western Asia,"",142,145,""
+Germany,DE,DEU,276,ISO 3166-2:DE,Europe,Western Europe,"",150,155,""
+Ghana,GH,GHA,288,ISO 3166-2:GH,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Gibraltar,GI,GIB,292,ISO 3166-2:GI,Europe,Southern Europe,"",150,039,""
+Greece,GR,GRC,300,ISO 3166-2:GR,Europe,Southern Europe,"",150,039,""
+Greenland,GL,GRL,304,ISO 3166-2:GL,Americas,Northern America,"",019,021,""
+Grenada,GD,GRD,308,ISO 3166-2:GD,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Guadeloupe,GP,GLP,312,ISO 3166-2:GP,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Guam,GU,GUM,316,ISO 3166-2:GU,Oceania,Micronesia,"",009,057,""
+Guatemala,GT,GTM,320,ISO 3166-2:GT,Americas,Latin America and the Caribbean,Central America,019,419,013
+Guernsey,GG,GGY,831,ISO 3166-2:GG,Europe,Northern Europe,Channel Islands,150,154,830
+Guinea,GN,GIN,324,ISO 3166-2:GN,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Guinea-Bissau,GW,GNB,624,ISO 3166-2:GW,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Guyana,GY,GUY,328,ISO 3166-2:GY,Americas,Latin America and the Caribbean,South America,019,419,005
+Haiti,HT,HTI,332,ISO 3166-2:HT,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Heard Island and McDonald Islands,HM,HMD,334,ISO 3166-2:HM,Oceania,Australia and New Zealand,"",009,053,""
+Holy See,VA,VAT,336,ISO 3166-2:VA,Europe,Southern Europe,"",150,039,""
+Honduras,HN,HND,340,ISO 3166-2:HN,Americas,Latin America and the Caribbean,Central America,019,419,013
+Hong Kong,HK,HKG,344,ISO 3166-2:HK,Asia,Eastern Asia,"",142,030,""
+Hungary,HU,HUN,348,ISO 3166-2:HU,Europe,Eastern Europe,"",150,151,""
+Iceland,IS,ISL,352,ISO 3166-2:IS,Europe,Northern Europe,"",150,154,""
+India,IN,IND,356,ISO 3166-2:IN,Asia,Southern Asia,"",142,034,""
+Indonesia,ID,IDN,360,ISO 3166-2:ID,Asia,South-eastern Asia,"",142,035,""
+Iran (Islamic Republic of),IR,IRN,364,ISO 3166-2:IR,Asia,Southern Asia,"",142,034,""
+Iraq,IQ,IRQ,368,ISO 3166-2:IQ,Asia,Western Asia,"",142,145,""
+Ireland,IE,IRL,372,ISO 3166-2:IE,Europe,Northern Europe,"",150,154,""
+Isle of Man,IM,IMN,833,ISO 3166-2:IM,Europe,Northern Europe,"",150,154,""
+Israel,IL,ISR,376,ISO 3166-2:IL,Asia,Western Asia,"",142,145,""
+Italy,IT,ITA,380,ISO 3166-2:IT,Europe,Southern Europe,"",150,039,""
+Jamaica,JM,JAM,388,ISO 3166-2:JM,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Japan,JP,JPN,392,ISO 3166-2:JP,Asia,Eastern Asia,"",142,030,""
+Jersey,JE,JEY,832,ISO 3166-2:JE,Europe,Northern Europe,Channel Islands,150,154,830
+Jordan,JO,JOR,400,ISO 3166-2:JO,Asia,Western Asia,"",142,145,""
+Kazakhstan,KZ,KAZ,398,ISO 3166-2:KZ,Asia,Central Asia,"",142,143,""
+Kenya,KE,KEN,404,ISO 3166-2:KE,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Kiribati,KI,KIR,296,ISO 3166-2:KI,Oceania,Micronesia,"",009,057,""
+Korea (Democratic People's Republic of),KP,PRK,408,ISO 3166-2:KP,Asia,Eastern Asia,"",142,030,""
+"Korea, Republic of",KR,KOR,410,ISO 3166-2:KR,Asia,Eastern Asia,"",142,030,""
+Kuwait,KW,KWT,414,ISO 3166-2:KW,Asia,Western Asia,"",142,145,""
+Kyrgyzstan,KG,KGZ,417,ISO 3166-2:KG,Asia,Central Asia,"",142,143,""
+Lao People's Democratic Republic,LA,LAO,418,ISO 3166-2:LA,Asia,South-eastern Asia,"",142,035,""
+Latvia,LV,LVA,428,ISO 3166-2:LV,Europe,Northern Europe,"",150,154,""
+Lebanon,LB,LBN,422,ISO 3166-2:LB,Asia,Western Asia,"",142,145,""
+Lesotho,LS,LSO,426,ISO 3166-2:LS,Africa,Sub-Saharan Africa,Southern Africa,002,202,018
+Liberia,LR,LBR,430,ISO 3166-2:LR,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Libya,LY,LBY,434,ISO 3166-2:LY,Africa,Northern Africa,"",002,015,""
+Liechtenstein,LI,LIE,438,ISO 3166-2:LI,Europe,Western Europe,"",150,155,""
+Lithuania,LT,LTU,440,ISO 3166-2:LT,Europe,Northern Europe,"",150,154,""
+Luxembourg,LU,LUX,442,ISO 3166-2:LU,Europe,Western Europe,"",150,155,""
+Macao,MO,MAC,446,ISO 3166-2:MO,Asia,Eastern Asia,"",142,030,""
+Madagascar,MG,MDG,450,ISO 3166-2:MG,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Malawi,MW,MWI,454,ISO 3166-2:MW,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Malaysia,MY,MYS,458,ISO 3166-2:MY,Asia,South-eastern Asia,"",142,035,""
+Maldives,MV,MDV,462,ISO 3166-2:MV,Asia,Southern Asia,"",142,034,""
+Mali,ML,MLI,466,ISO 3166-2:ML,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Malta,MT,MLT,470,ISO 3166-2:MT,Europe,Southern Europe,"",150,039,""
+Marshall Islands,MH,MHL,584,ISO 3166-2:MH,Oceania,Micronesia,"",009,057,""
+Martinique,MQ,MTQ,474,ISO 3166-2:MQ,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Mauritania,MR,MRT,478,ISO 3166-2:MR,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Mauritius,MU,MUS,480,ISO 3166-2:MU,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Mayotte,YT,MYT,175,ISO 3166-2:YT,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Mexico,MX,MEX,484,ISO 3166-2:MX,Americas,Latin America and the Caribbean,Central America,019,419,013
+Micronesia (Federated States of),FM,FSM,583,ISO 3166-2:FM,Oceania,Micronesia,"",009,057,""
+"Moldova, Republic of",MD,MDA,498,ISO 3166-2:MD,Europe,Eastern Europe,"",150,151,""
+Monaco,MC,MCO,492,ISO 3166-2:MC,Europe,Western Europe,"",150,155,""
+Mongolia,MN,MNG,496,ISO 3166-2:MN,Asia,Eastern Asia,"",142,030,""
+Montenegro,ME,MNE,499,ISO 3166-2:ME,Europe,Southern Europe,"",150,039,""
+Montserrat,MS,MSR,500,ISO 3166-2:MS,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Morocco,MA,MAR,504,ISO 3166-2:MA,Africa,Northern Africa,"",002,015,""
+Mozambique,MZ,MOZ,508,ISO 3166-2:MZ,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Myanmar,MM,MMR,104,ISO 3166-2:MM,Asia,South-eastern Asia,"",142,035,""
+Namibia,NA,NAM,516,ISO 3166-2:NA,Africa,Sub-Saharan Africa,Southern Africa,002,202,018
+Nauru,NR,NRU,520,ISO 3166-2:NR,Oceania,Micronesia,"",009,057,""
+Nepal,NP,NPL,524,ISO 3166-2:NP,Asia,Southern Asia,"",142,034,""
+Netherlands,NL,NLD,528,ISO 3166-2:NL,Europe,Western Europe,"",150,155,""
+New Caledonia,NC,NCL,540,ISO 3166-2:NC,Oceania,Melanesia,"",009,054,""
+New Zealand,NZ,NZL,554,ISO 3166-2:NZ,Oceania,Australia and New Zealand,"",009,053,""
+Nicaragua,NI,NIC,558,ISO 3166-2:NI,Americas,Latin America and the Caribbean,Central America,019,419,013
+Niger,NE,NER,562,ISO 3166-2:NE,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Nigeria,NG,NGA,566,ISO 3166-2:NG,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Niue,NU,NIU,570,ISO 3166-2:NU,Oceania,Polynesia,"",009,061,""
+Norfolk Island,NF,NFK,574,ISO 3166-2:NF,Oceania,Australia and New Zealand,"",009,053,""
+North Macedonia,MK,MKD,807,ISO 3166-2:MK,Europe,Southern Europe,"",150,039,""
+Northern Mariana Islands,MP,MNP,580,ISO 3166-2:MP,Oceania,Micronesia,"",009,057,""
+Norway,NO,NOR,578,ISO 3166-2:NO,Europe,Northern Europe,"",150,154,""
+Oman,OM,OMN,512,ISO 3166-2:OM,Asia,Western Asia,"",142,145,""
+Pakistan,PK,PAK,586,ISO 3166-2:PK,Asia,Southern Asia,"",142,034,""
+Palau,PW,PLW,585,ISO 3166-2:PW,Oceania,Micronesia,"",009,057,""
+"Palestine, State of",PS,PSE,275,ISO 3166-2:PS,Asia,Western Asia,"",142,145,""
+Panama,PA,PAN,591,ISO 3166-2:PA,Americas,Latin America and the Caribbean,Central America,019,419,013
+Papua New Guinea,PG,PNG,598,ISO 3166-2:PG,Oceania,Melanesia,"",009,054,""
+Paraguay,PY,PRY,600,ISO 3166-2:PY,Americas,Latin America and the Caribbean,South America,019,419,005
+Peru,PE,PER,604,ISO 3166-2:PE,Americas,Latin America and the Caribbean,South America,019,419,005
+Philippines,PH,PHL,608,ISO 3166-2:PH,Asia,South-eastern Asia,"",142,035,""
+Pitcairn,PN,PCN,612,ISO 3166-2:PN,Oceania,Polynesia,"",009,061,""
+Poland,PL,POL,616,ISO 3166-2:PL,Europe,Eastern Europe,"",150,151,""
+Portugal,PT,PRT,620,ISO 3166-2:PT,Europe,Southern Europe,"",150,039,""
+Puerto Rico,PR,PRI,630,ISO 3166-2:PR,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Qatar,QA,QAT,634,ISO 3166-2:QA,Asia,Western Asia,"",142,145,""
+Réunion,RE,REU,638,ISO 3166-2:RE,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Romania,RO,ROU,642,ISO 3166-2:RO,Europe,Eastern Europe,"",150,151,""
+Russian Federation,RU,RUS,643,ISO 3166-2:RU,Europe,Eastern Europe,"",150,151,""
+Rwanda,RW,RWA,646,ISO 3166-2:RW,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Saint Barthélemy,BL,BLM,652,ISO 3166-2:BL,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+"Saint Helena, Ascension and Tristan da Cunha",SH,SHN,654,ISO 3166-2:SH,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Saint Kitts and Nevis,KN,KNA,659,ISO 3166-2:KN,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Saint Lucia,LC,LCA,662,ISO 3166-2:LC,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Saint Martin (French part),MF,MAF,663,ISO 3166-2:MF,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Saint Pierre and Miquelon,PM,SPM,666,ISO 3166-2:PM,Americas,Northern America,"",019,021,""
+Saint Vincent and the Grenadines,VC,VCT,670,ISO 3166-2:VC,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Samoa,WS,WSM,882,ISO 3166-2:WS,Oceania,Polynesia,"",009,061,""
+San Marino,SM,SMR,674,ISO 3166-2:SM,Europe,Southern Europe,"",150,039,""
+Sao Tome and Principe,ST,STP,678,ISO 3166-2:ST,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
+Saudi Arabia,SA,SAU,682,ISO 3166-2:SA,Asia,Western Asia,"",142,145,""
+Senegal,SN,SEN,686,ISO 3166-2:SN,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Serbia,RS,SRB,688,ISO 3166-2:RS,Europe,Southern Europe,"",150,039,""
+Seychelles,SC,SYC,690,ISO 3166-2:SC,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Sierra Leone,SL,SLE,694,ISO 3166-2:SL,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Singapore,SG,SGP,702,ISO 3166-2:SG,Asia,South-eastern Asia,"",142,035,""
+Sint Maarten (Dutch part),SX,SXM,534,ISO 3166-2:SX,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Slovakia,SK,SVK,703,ISO 3166-2:SK,Europe,Eastern Europe,"",150,151,""
+Slovenia,SI,SVN,705,ISO 3166-2:SI,Europe,Southern Europe,"",150,039,""
+Solomon Islands,SB,SLB,090,ISO 3166-2:SB,Oceania,Melanesia,"",009,054,""
+Somalia,SO,SOM,706,ISO 3166-2:SO,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+South Africa,ZA,ZAF,710,ISO 3166-2:ZA,Africa,Sub-Saharan Africa,Southern Africa,002,202,018
+South Georgia and the South Sandwich Islands,GS,SGS,239,ISO 3166-2:GS,Americas,Latin America and the Caribbean,South America,019,419,005
+South Sudan,SS,SSD,728,ISO 3166-2:SS,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Spain,ES,ESP,724,ISO 3166-2:ES,Europe,Southern Europe,"",150,039,""
+Sri Lanka,LK,LKA,144,ISO 3166-2:LK,Asia,Southern Asia,"",142,034,""
+Sudan,SD,SDN,729,ISO 3166-2:SD,Africa,Northern Africa,"",002,015,""
+Suriname,SR,SUR,740,ISO 3166-2:SR,Americas,Latin America and the Caribbean,South America,019,419,005
+Svalbard and Jan Mayen,SJ,SJM,744,ISO 3166-2:SJ,Europe,Northern Europe,"",150,154,""
+Sweden,SE,SWE,752,ISO 3166-2:SE,Europe,Northern Europe,"",150,154,""
+Switzerland,CH,CHE,756,ISO 3166-2:CH,Europe,Western Europe,"",150,155,""
+Syrian Arab Republic,SY,SYR,760,ISO 3166-2:SY,Asia,Western Asia,"",142,145,""
+"Taiwan, Province of China",TW,TWN,158,ISO 3166-2:TW,Asia,Eastern Asia,"",142,030,""
+Tajikistan,TJ,TJK,762,ISO 3166-2:TJ,Asia,Central Asia,"",142,143,""
+"Tanzania, United Republic of",TZ,TZA,834,ISO 3166-2:TZ,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Thailand,TH,THA,764,ISO 3166-2:TH,Asia,South-eastern Asia,"",142,035,""
+Timor-Leste,TL,TLS,626,ISO 3166-2:TL,Asia,South-eastern Asia,"",142,035,""
+Togo,TG,TGO,768,ISO 3166-2:TG,Africa,Sub-Saharan Africa,Western Africa,002,202,011
+Tokelau,TK,TKL,772,ISO 3166-2:TK,Oceania,Polynesia,"",009,061,""
+Tonga,TO,TON,776,ISO 3166-2:TO,Oceania,Polynesia,"",009,061,""
+Trinidad and Tobago,TT,TTO,780,ISO 3166-2:TT,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Tunisia,TN,TUN,788,ISO 3166-2:TN,Africa,Northern Africa,"",002,015,""
+Turkey,TR,TUR,792,ISO 3166-2:TR,Asia,Western Asia,"",142,145,""
+Turkmenistan,TM,TKM,795,ISO 3166-2:TM,Asia,Central Asia,"",142,143,""
+Turks and Caicos Islands,TC,TCA,796,ISO 3166-2:TC,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Tuvalu,TV,TUV,798,ISO 3166-2:TV,Oceania,Polynesia,"",009,061,""
+Uganda,UG,UGA,800,ISO 3166-2:UG,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Ukraine,UA,UKR,804,ISO 3166-2:UA,Europe,Eastern Europe,"",150,151,""
+United Arab Emirates,AE,ARE,784,ISO 3166-2:AE,Asia,Western Asia,"",142,145,""
+United Kingdom of Great Britain and Northern Ireland,GB,GBR,826,ISO 3166-2:GB,Europe,Northern Europe,"",150,154,""
+United States of America,US,USA,840,ISO 3166-2:US,Americas,Northern America,"",019,021,""
+United States Minor Outlying Islands,UM,UMI,581,ISO 3166-2:UM,Oceania,Micronesia,"",009,057,""
+Uruguay,UY,URY,858,ISO 3166-2:UY,Americas,Latin America and the Caribbean,South America,019,419,005
+Uzbekistan,UZ,UZB,860,ISO 3166-2:UZ,Asia,Central Asia,"",142,143,""
+Vanuatu,VU,VUT,548,ISO 3166-2:VU,Oceania,Melanesia,"",009,054,""
+Venezuela (Bolivarian Republic of),VE,VEN,862,ISO 3166-2:VE,Americas,Latin America and the Caribbean,South America,019,419,005
+Viet Nam,VN,VNM,704,ISO 3166-2:VN,Asia,South-eastern Asia,"",142,035,""
+Virgin Islands (British),VG,VGB,092,ISO 3166-2:VG,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Virgin Islands (U.S.),VI,VIR,850,ISO 3166-2:VI,Americas,Latin America and the Caribbean,Caribbean,019,419,029
+Wallis and Futuna,WF,WLF,876,ISO 3166-2:WF,Oceania,Polynesia,"",009,061,""
+Western Sahara,EH,ESH,732,ISO 3166-2:EH,Africa,Northern Africa,"",002,015,""
+Yemen,YE,YEM,887,ISO 3166-2:YE,Asia,Western Asia,"",142,145,""
+Zambia,ZM,ZMB,894,ISO 3166-2:ZM,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
+Zimbabwe,ZW,ZWE,716,ISO 3166-2:ZW,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
diff --git a/roles/nifi/files/SOCTOOLS-CA.crt b/roles/nifi/files/SOCTOOLS-CA.crt
deleted file mode 100644
index 04b1f203d036d2219c23c4ea3630115d68510eb8..0000000000000000000000000000000000000000
--- a/roles/nifi/files/SOCTOOLS-CA.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
-BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
-UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
-Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
-M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
-c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
-tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
-ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
-8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
-EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
-JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
-z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
-XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
-CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
-nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
-GPiQTFGknE1U
------END CERTIFICATE-----
diff --git a/roles/nifi/files/cacerts.jks b/roles/nifi/files/cacerts.jks
deleted file mode 100644
index 9d4001b7d9a466941cda896b6bf145bf2f02020c..0000000000000000000000000000000000000000
Binary files a/roles/nifi/files/cacerts.jks and /dev/null differ
diff --git a/roles/nifi/files/common-cacerts.jks b/roles/nifi/files/common-cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..200a005f89ab6e2ba316460b071979aa9f5b8c58
Binary files /dev/null and b/roles/nifi/files/common-cacerts.jks differ
diff --git a/roles/nifi/files/dsoclab-nifi-1.p12 b/roles/nifi/files/dsoclab-nifi-1.p12
deleted file mode 100644
index 0076ad1207c243f877de929e2424ed953f60469c..0000000000000000000000000000000000000000
Binary files a/roles/nifi/files/dsoclab-nifi-1.p12 and /dev/null differ
diff --git a/roles/nifi/files/dsoclab-nifi-2.p12 b/roles/nifi/files/dsoclab-nifi-2.p12
deleted file mode 100644
index fdbd25a1e50851b8ea865781bc903dcc78a1cc8f..0000000000000000000000000000000000000000
Binary files a/roles/nifi/files/dsoclab-nifi-2.p12 and /dev/null differ
diff --git a/roles/nifi/files/dsoclab-nifi-3.p12 b/roles/nifi/files/dsoclab-nifi-3.p12
deleted file mode 100644
index 4d4b23daaa41114bb1ab95eea974f0c2618dbbeb..0000000000000000000000000000000000000000
Binary files a/roles/nifi/files/dsoclab-nifi-3.p12 and /dev/null differ
diff --git a/roles/nifi/files/haproxy.groklib b/roles/nifi/files/haproxy.groklib
new file mode 100644
index 0000000000000000000000000000000000000000..37517af78809e9cf66aa4f1e95817457aec306ee
--- /dev/null
+++ b/roles/nifi/files/haproxy.groklib
@@ -0,0 +1,39 @@
+## These patterns were tested w/ haproxy-1.4.15
+
+## Documentation of the haproxy log formats can be found at the following links:
+## http://code.google.com/p/haproxy-docs/wiki/HTTPLogFormat
+## http://code.google.com/p/haproxy-docs/wiki/TCPLogFormat
+
+HAPROXYTIME (?!<[0-9])%{HOUR:haproxy_hour}:%{MINUTE:haproxy_minute}(?::%{SECOND:haproxy_second})(?![0-9])
+HAPROXYDATE %{MONTHDAY:haproxy_monthday}/%{MONTH:haproxy_month}/%{YEAR:haproxy_year}:%{HAPROXYTIME:haproxy_time}.%{INT:haproxy_milliseconds}
+
+# Override these default patterns to parse out what is captured in your haproxy.cfg
+HAPROXYCAPTUREDREQUESTHEADERS %{DATA:captured_request_headers}
+HAPROXYCAPTUREDRESPONSEHEADERS %{DATA:captured_response_headers}
+
+# Example:
+# These haproxy config lines will add data to the logs that are captured
+# by the patterns below. Place them in your custom patterns directory to
+# override the defaults.
+#
+# capture request header Host len 40
+# capture request header X-Forwarded-For len 50
+# capture request header Accept-Language len 50
+# capture request header Referer len 200
+# capture request header User-Agent len 200
+#
+# capture response header Content-Type len 30
+# capture response header Content-Encoding len 10
+# capture response header Cache-Control len 200
+# capture response header Last-Modified len 200
+#
+# HAPROXYCAPTUREDREQUESTHEADERS %{DATA:request_header_host}\|%{DATA:request_header_x_forwarded_for}\|%{DATA:request_header_accept_language}\|%{DATA:request_header_referer}\|%{DATA:request_header_user_agent}
+# HAPROXYCAPTUREDRESPONSEHEADERS %{DATA:response_header_content_type}\|%{DATA:response_header_content_encoding}\|%{DATA:response_header_cache_control}\|%{DATA:response_header_last_modified}
+
+# parse a haproxy 'httplog' line
+HAPROXYHTTPBASE %{IP:client.ip}:%{INT:client.port} \[%{HAPROXYDATE:timestamp}\] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server.domain} %{INT:time_request}/%{INT:time_queue}/%{INT:time_backend_connect}/%{INT:time_backend_response}/%{NOTSPACE:time_duration} %{INT:http_status_code} %{NOTSPACE:bytes_read} %{DATA:captured_request_cookie} %{DATA:captured_response_cookie} %{NOTSPACE:termination_state} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn}/%{NOTSPACE:retries} %{INT:srv_queue}/%{INT:backend_queue} (\{%{HAPROXYCAPTUREDREQUESTHEADERS}\})?( )?(\{%{HAPROXYCAPTUREDRESPONSEHEADERS}\})?( )?"(<BADREQ>|(%{WORD:http_verb} (%{URIPROTO:http_proto}://)?(?:%{USER:http_user}(?::[^@]*)?@)?(?:%{URIHOST:http_host})?(?:%{URIPATHPARAM:http_request})?( HTTP/%{NUMBER:http_version})?))?"
+
+HAPROXYHTTP (?:%{SYSLOGTIMESTAMP:syslog_timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) %{IPORHOST:syslog_server} %{SYSLOGPROG}: %{HAPROXYHTTPBASE}
+
+# parse a haproxy 'tcplog' line
+HAPROXYTCP (?:%{SYSLOGTIMESTAMP:syslog_timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) %{IPORHOST:syslog_server} %{SYSLOGPROG}: %{IP:client.ip}:%{INT:client.port} \[%{HAPROXYDATE:timestamp}\] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server_name} %{INT:time_queue}/%{INT:time_backend_connect}/%{NOTSPACE:time_duration} %{NOTSPACE:bytes_read} %{NOTSPACE:termination_state} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn}/%{NOTSPACE:retries} %{INT:srv_queue}/%{INT:backend_queue}
\ No newline at end of file
diff --git a/roles/nifi/files/nifisecret b/roles/nifi/files/nifisecret
deleted file mode 100644
index cbbcd4a597c58e86283a43a3b7acc6397c3a95ca..0000000000000000000000000000000000000000
--- a/roles/nifi/files/nifisecret
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "value" : "ccfda830-defc-4fec-85fc-9b2b7c98e8ba"
-}
\ No newline at end of file
diff --git a/roles/nifi/tasks/main.yml b/roles/nifi/tasks/main.yml
index ec0249ccf785f4a8e9c55e3330d63787735ac4f0..d4ab3ad3a89413bf3d6a848822562a5ccb6d92ca 100644
--- a/roles/nifi/tasks/main.yml
+++ b/roles/nifi/tasks/main.yml
@@ -1,151 +1,17 @@
---
-- name: Copy cacert to ca-trust dir
- remote_user: root
- copy:
- src: "files/{{ca_cn}}.crt"
- dest: /etc/pki/ca-trust/source/anchors/ca.crt
- tags:
- - start
-
-- name: Install cacert to root truststore
- remote_user: root
- command: "update-ca-trust"
- tags:
- - start
-
-- name: Copy certificates in NiFi conf dir
- copy:
- src: "{{ item }}"
- dest: "conf/{{ item }}"
- with_items:
- - "{{ inventory_hostname }}.p12"
- - cacerts.jks
- tags:
- - start
-
-- name: Configure flow.xml
- template:
- src: "flow.xml.j2"
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
- tags:
- - start
-
-- name: Gzip flow.xml
- archive:
- path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml.gz"
- format: gz
- tags:
- - start
-
-- name: Get openid authkey
- set_fact:
- nifisecret: "{{lookup('file', 'files/nifisecret',convert_data=False) | from_json }}"
- tags:
- - start
-
-- name: Configure NiFi boostrap properties
- template:
- src: bootstrap.conf.j2
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/bootstrap.conf"
- tags:
- - start
-
-- name: Configure NiFi properties for secure servers
- template:
- src: nifi.properties.j2
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/nifi.properties"
- tags:
- - start
-
-- name: Copy authorizations.xml
- copy:
- src: "authorizations.xml"
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/authorizations.xml"
- tags:
- - start
-
-- name: Configure users
- template:
- src: users.xml.j2
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/users.xml"
- tags:
- - start
-
-- name: Configure NiFi authorizers for secure servers
- template:
- src: authorizers.xml.j2
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/authorizers.xml"
- tags:
- - start
-
-- name: Create conf/enrich dir
- file: path={{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich state=directory
- tags:
- - start
-
-- name: Copy empty GeoLite2-City database
- copy:
- src: GeoLite2-City.mmdb
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/GeoLite2-City.mmdb"
- tags:
- - start
-
-- name: Download list of Tor exist nodes
- get_url:
- url: https://check.torproject.org/torbulkexitlist
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/tornodes.csv"
- tags:
- - start
-
-- name: Add header to tornodes.csv
- lineinfile:
- path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/tornodes.csv"
- line: 'ip_addr'
- insertbefore: BOF
+- include: start.yml
tags:
- start
-
-- name: Download umbrella-top-1m.csv
- get_url:
- url: http://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/umbrella-top-1m.csv"
+- include: stop.yml
tags:
- - start
-
-- name: Download alexa-top-1m.csv
- get_url:
- url: http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/alexa-top-1m.csv"
- tags:
- - start
-
-- name: Start NiFi
- command: "{{ ansible_facts.env['NIFI_HOME'] }}/bin/nifi.sh start"
+ - stop
+ - stop-nifi
+- include: update-config.yml
tags:
- - start
-
-#- name: check reachable hosts
-# gather_facts: no
-# tasks:
-# - command: ping -c1 {{ inventory_hostname }}
-# delegate_to: localhost
-# register: ping_result
-# ignore_errors: yes
-# - group_by: key=reachable
-# when: ping_result|success
-
-- name: Stop NiFi
- command: "{{ ansible_facts.env['NIFI_HOME'] }}/bin/nifi.sh stop"
+ - update-config
+ - update-nifi-config
+- include: restart.yml
tags:
- - stop
-
-#- name: Copy flow from NiFi
-# fetch:
-# src: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml.gz"
-# dest: "{{ role_path }}/files/flow-{{ inventory_hostname }}.xml.gz"
-# flat: yes
-# tags:
-# - stop
-
+ - restart
+ - restart-nifi
diff --git a/roles/nifi/tasks/restart.yml b/roles/nifi/tasks/restart.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d5434f2a368c8bfa115e96c39708d4c6764438b3
--- /dev/null
+++ b/roles/nifi/tasks/restart.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Restart NiFi
+ remote_user: root
+ command: "supervisorctl restart nifi"
+
diff --git a/roles/nifi/tasks/start.yml b/roles/nifi/tasks/start.yml
new file mode 100644
index 0000000000000000000000000000000000000000..99420a5984cbd451e2aeb462fc21737a7c5b7b2c
--- /dev/null
+++ b/roles/nifi/tasks/start.yml
@@ -0,0 +1,204 @@
+---
+
+- name: Copy cacert to ca-trust dir
+ remote_user: root
+ copy:
+ src: "{{playbook_dir}}/secrets/CA/ca.crt"
+ dest: /etc/pki/ca-trust/source/anchors/ca.crt
+
+- name: Install cacert to root truststore
+ remote_user: root
+ command: "update-ca-trust"
+
+- name: Copy certificates in NiFi conf dir
+ remote_user: nifi
+ copy:
+ src: "{{ item }}"
+ dest: "conf/"
+ with_items:
+ - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12"
+ - "{{playbook_dir}}/secrets/CA/cacerts.jks"
+ - common-cacerts.jks
+
+- name: Check if flow.xml already exists
+ remote_user: nifi
+ stat:
+ path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
+ register: flowfile
+
+- name: Configure flow.xml
+ remote_user: nifi
+ template:
+ src: "flow.xml.j2"
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
+ when: not flowfile.stat.exists
+
+- name: Gzip flow.xml
+ remote_user: nifi
+ archive:
+ path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml.gz"
+ format: gz
+ when: not flowfile.stat.exists
+
+- name: Get openid authkey
+ remote_user: nifi
+ set_fact:
+ nifisecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/nifisecret',convert_data=False)}}"
+
+- name: Configure NiFi boostrap properties
+ remote_user: nifi
+ template:
+ src: bootstrap.conf.j2
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/bootstrap.conf"
+
+- name: Configure NiFi properties for secure servers
+ remote_user: nifi
+ template:
+ src: nifi.properties.j2
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/nifi.properties"
+
+- name: Copy authorizations.xml
+ remote_user: nifi
+ copy:
+ src: "authorizations.xml"
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/authorizations.xml"
+
+- name: Configure users
+ remote_user: nifi
+ template:
+ src: users.xml.j2
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/users.xml"
+
+- name: Configure NiFi authorizers for secure servers
+ remote_user: nifi
+ template:
+ src: authorizers.xml.j2
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/authorizers.xml"
+
+- name: Create conf/enrich dir
+ remote_user: nifi
+ file: path={{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich state=directory
+
+- name: Create conf/enrich/freq dir
+ remote_user: nifi
+ file: path={{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/freq state=directory
+
+- name: Download freq processor
+ remote_user: nifi
+ get_url:
+ url: 'https://scm.uninett.no/geant-wp8-t3.1/nifi-processors/-/raw/master/scripts/freq/{{ item }}'
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/freq/"
+ with_items:
+ - alexa.json
+ - freq.py
+ - freqProcessor.py
+
+- name: Copy empty GeoLite2-City database
+ remote_user: nifi
+ copy:
+ src: GeoLite2-City.mmdb
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/GeoLite2-City.mmdb"
+
+- name: Copy CountriesWithRegionalCodes.csv
+ remote_user: nifi
+ copy:
+ src: CountriesWithRegionalCodes.csv
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/CountriesWithRegionalCodes.csv"
+
+- name: Copy grok libraries
+ copy:
+ src: haproxy.groklib
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/haproxy.groklib"
+
+- name: Create empty list of Tor nodes
+ remote_user: nifi
+ copy:
+ content: "ip_addr,value"
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/tornodes.csv"
+ force: no
+
+- name: Download umbrella-top-1m.csv.zip
+ remote_user: nifi
+ local_action:
+ module: get_url
+ url: http://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip
+ dest: "/tmp/umbrella-top-1m.csv.zip"
+ run_once: True
+
+- name: Unzip umbrella-top-1m.csv.zip
+ remote_user: nifi
+ local_action:
+ module: unarchive
+ src: "/tmp/umbrella-top-1m.csv.zip"
+ dest: "/tmp"
+ run_once: True
+
+- name: Copy umbrella-top-1m.csv
+ remote_user: nifi
+ copy:
+ src: "/tmp/top-1m.csv"
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/umbrella-top-1m.csv"
+
+- name: Add header to umbrella-top-1m.csv
+ remote_user: nifi
+ lineinfile:
+ path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/umbrella-top-1m.csv"
+ line: 'index,domain'
+ insertbefore: BOF
+
+- name: Download alexa-top-1m.csv.zip
+ remote_user: nifi
+ local_action:
+ module: get_url
+ url: http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
+ dest: "/tmp/alexa-top-1m.csv.zip"
+ run_once: True
+
+- name: Unzip alexa-top-1m.csv.zip
+ remote_user: nifi
+ local_action:
+ module: unarchive
+ src: "/tmp/alexa-top-1m.csv.zip"
+ dest: "/tmp"
+ run_once: True
+
+- name: Copy alexa-top-1m.csv
+ remote_user: nifi
+ copy:
+ src: "/tmp/top-1m.csv"
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/alexa-top-1m.csv"
+
+- name: Add header to alexa-top-1m.csv
+ remote_user: nifi
+ lineinfile:
+ path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/alexa-top-1m.csv"
+ line: 'index,domain'
+ insertbefore: BOF
+
+- name: Start NiFi
+ remote_user: root
+ command: "supervisorctl start nifi"
+
+#- name: check reachable hosts
+# gather_facts: no
+# tasks:
+# - command: ping -c1 {{ inventory_hostname }}
+# delegate_to: localhost
+# register: ping_result
+# ignore_errors: yes
+# - group_by: key=reachable
+# when: ping_result|success
+
+- name: Set Autostart for supervisord's services
+ replace:
+ path: /etc/supervisord.conf
+ regexp: '^autostart=false$'
+ replace: 'autostart=true'
+
+#- name: Copy flow from NiFi
+# fetch:
+# src: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml.gz"
+# dest: "{{ role_path }}/files/flow-{{ inventory_hostname }}.xml.gz"
+# flat: yes
+
diff --git a/roles/nifi/tasks/stop.yml b/roles/nifi/tasks/stop.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d6abd9a5bf0d555b0c3d531358c59b24a4044bbc
--- /dev/null
+++ b/roles/nifi/tasks/stop.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Stop NiFi
+ remote_user: root
+ command: "supervisorctl stop nifi"
+
diff --git a/roles/nifi/tasks/update-config.yml b/roles/nifi/tasks/update-config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ddadbd3efb8be28f5383b8a33612d0b52f0861bd
--- /dev/null
+++ b/roles/nifi/tasks/update-config.yml
@@ -0,0 +1,77 @@
+---
+
+- name: Check if flow.xml already exists
+ remote_user: nifi
+ stat:
+ path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
+ register: flowfile
+
+- name: Configure flow.xml
+ remote_user: nifi
+ template:
+ src: "flow.xml.j2"
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
+ when: not flowfile.stat.exists
+
+- name: Gzip flow.xml
+ remote_user: nifi
+ archive:
+ path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml.gz"
+ format: gz
+ when: not flowfile.stat.exists
+
+- name: Configure NiFi boostrap properties
+ remote_user: nifi
+ template:
+ src: bootstrap.conf.j2
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/bootstrap.conf"
+
+- name: Configure NiFi properties for secure servers
+ remote_user: nifi
+ template:
+ src: nifi.properties.j2
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/nifi.properties"
+
+- name: Copy authorizations.xml
+ remote_user: nifi
+ copy:
+ src: "authorizations.xml"
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/authorizations.xml"
+
+- name: Configure users
+ remote_user: nifi
+ template:
+ src: users.xml.j2
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/users.xml"
+
+- name: Configure NiFi authorizers for secure servers
+ remote_user: nifi
+ template:
+ src: authorizers.xml.j2
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/authorizers.xml"
+
+- name: Copy empty GeoLite2-City database
+ remote_user: nifi
+ copy:
+ src: GeoLite2-City.mmdb
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/GeoLite2-City.mmdb"
+
+- name: Copy CountriesWithRegionalCodes.csv
+ remote_user: nifi
+ copy:
+ src: CountriesWithRegionalCodes.csv
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/CountriesWithRegionalCodes.csv"
+
+- name: Copy grok libraries
+ copy:
+ src: haproxy.groklib
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/haproxy.groklib"
+
+- name: Create empty list of Tor nodes
+ remote_user: nifi
+ copy:
+ content: "ip_addr,value"
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/tornodes.csv"
+ force: no
+
diff --git a/roles/nifi/templates/flow.xml.j2 b/roles/nifi/templates/flow.xml.j2
index 20517182d06a1ba8cf6ab4063e8f1ff03b723d5b..ec452185ec9559dd620b084aaa89a74009cfc01e 100644
--- a/roles/nifi/templates/flow.xml.j2
+++ b/roles/nifi/templates/flow.xml.j2
@@ -8,16 +8,22 @@
<name>NiFi Flow</name>
<position x="0.0" y="0.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processGroup>
<id>41088add-955b-3611-a0de-2c18b79b678c</id>
<name>Data processing</name>
<position x="1216.0" y="256.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processGroup>
<id>fcbcacd1-542d-3a15-a5aa-9c1302328954</id>
<name>Enrichment</name>
<position x="384.0" y="720.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>01b66126-695a-3059-b179-f1bf85e8ca91</id>
<name>Check fqdn enrichment</name>
@@ -28,7 +34,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -59,7 +65,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -90,7 +96,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -130,6 +136,8 @@
<name>fqdn enrichment</name>
<position x="-202.47354083453774" y="596.1945491887745" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>2703fe3e-7e6a-310e-a010-b30898befa9b</id>
<name>Check fqdn2 enrichment</name>
@@ -140,7 +148,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -180,6 +188,8 @@
<name>Enrich fqdn2</name>
<position x="368.0" y="416.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<inputPort>
<id>0cdf1224-a6d5-3ac4-a4f5-27a7588f1d98</id>
<name>Input</name>
@@ -190,7 +200,7 @@
<outputPort>
<id>58b0935e-1c5b-3ad1-a2cc-7de4826170a6</id>
<name>Output</name>
- <position x="432.0" y="536.0" />
+ <position x="1096.0" y="528.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
@@ -199,6 +209,8 @@
<name>Umbrella</name>
<position x="379.1725199638772" y="224.3012562119061" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>0306116f-b13d-30fc-94b1-34f3c8ba95da</id>
<name>Umbrella fqdn1</name>
@@ -209,7 +221,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -333,14 +345,155 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
</processGroup>
+ <processGroup>
+ <id>f2263bf3-7929-182a-8971-2ac159d0cca9</id>
+ <name>Misp lookup</name>
+ <position x="1024.0" y="224.0" />
+ <comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
+ <processor>
+ <id>cadc3f2e-8e08-195c-898e-1b5fbcdf56e0</id>
+ <name>Misp fqdn2</name>
+ <position x="480.99999953064577" y="197.99999761468263" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.LookupRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>lookup-service</name>
+ <value>fa06ec39-7782-3ae3-8dfe-71d28c5240c3</value>
+ </property>
+ <property>
+ <name>result-record-path</name>
+ <value>${enrich_fqdn2}_misp</value>
+ </property>
+ <property>
+ <name>routing-strategy</name>
+ <value>route-to-success</value>
+ </property>
+ <property>
+ <name>result-contents</name>
+ <value>insert-entire-record</value>
+ </property>
+ <property>
+ <name>record-update-strategy</name>
+ <value>use-property</value>
+ </property>
+ <property>
+ <name>key</name>
+ <value>${enrich_fqdn2}</value>
+ </property>
+ </processor>
+ <inputPort>
+ <id>dca538c3-e563-1b63-8de2-edf46a599279</id>
+ <name>Input</name>
+ <position x="536.0" y="16.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <outputPort>
+ <id>a4ef3d87-6241-14a5-b543-1824b197991c</id>
+ <name>Output</name>
+ <position x="536.0" y="456.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <funnel>
+ <id>263b3963-3c73-1efc-8286-4e57645eefc2</id>
+ <position x="152.0" y="248.0" />
+ </funnel>
+ <connection>
+ <id>e47137a6-8c07-12bf-9d69-0e0c10b05088</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>cadc3f2e-8e08-195c-898e-1b5fbcdf56e0</sourceId>
+ <sourceGroupId>f2263bf3-7929-182a-8971-2ac159d0cca9</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>a4ef3d87-6241-14a5-b543-1824b197991c</destinationId>
+ <destinationGroupId>f2263bf3-7929-182a-8971-2ac159d0cca9</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>b4723c4d-5ed2-1f9e-bd7c-04076aa149cf</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>cadc3f2e-8e08-195c-898e-1b5fbcdf56e0</sourceId>
+ <sourceGroupId>f2263bf3-7929-182a-8971-2ac159d0cca9</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>263b3963-3c73-1efc-8286-4e57645eefc2</destinationId>
+ <destinationGroupId>f2263bf3-7929-182a-8971-2ac159d0cca9</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>60 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>edab3c6f-d21b-12a1-8b73-10c8012a3bd2</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>dca538c3-e563-1b63-8de2-edf46a599279</sourceId>
+ <sourceGroupId>f2263bf3-7929-182a-8971-2ac159d0cca9</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>cadc3f2e-8e08-195c-898e-1b5fbcdf56e0</destinationId>
+ <destinationGroupId>f2263bf3-7929-182a-8971-2ac159d0cca9</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
<connection>
- <id>fae5d513-1604-3fed-9adb-8ad19b5ab3c0</id>
+ <id>934921df-0175-1000-ffff-ffffeabcba7a</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>c8994201-98f4-31d2-a604-11c3b454df00</sourceId>
- <sourceGroupId>363fd695-1466-3404-ada3-036133ff8d15</sourceGroupId>
+ <sourceId>a4ef3d87-6241-14a5-b543-1824b197991c</sourceId>
+ <sourceGroupId>f2263bf3-7929-182a-8971-2ac159d0cca9</sourceGroupId>
<sourceType>OUTPUT_PORT</sourceType>
<destinationId>58b0935e-1c5b-3ad1-a2cc-7de4826170a6</destinationId>
<destinationGroupId>f9d9877a-de02-3374-9241-d3ca1939678b</destinationGroupId>
@@ -353,6 +506,26 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
+ <connection>
+ <id>fae5d513-1604-3fed-9adb-8ad19b5ab3c0</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>c8994201-98f4-31d2-a604-11c3b454df00</sourceId>
+ <sourceGroupId>363fd695-1466-3404-ada3-036133ff8d15</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>dca538c3-e563-1b63-8de2-edf46a599279</destinationId>
+ <destinationGroupId>f2263bf3-7929-182a-8971-2ac159d0cca9</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
<connection>
<id>0e265607-1619-3a73-ab02-79b296ea5cb4</id>
<name />
@@ -379,6 +552,8 @@
<name>Enrich fqdn1</name>
<position x="376.0" y="200.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<inputPort>
<id>f2cc04f8-56bc-3adb-8d72-6ad7f6e6e48c</id>
<name>Input</name>
@@ -389,7 +564,7 @@
<outputPort>
<id>12745a98-f547-38d2-9c50-a471e8cf6fc7</id>
<name>Output</name>
- <position x="432.0" y="536.0" />
+ <position x="1112.0" y="528.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
@@ -398,6 +573,8 @@
<name>Umbrella</name>
<position x="379.1725199638772" y="224.3012562119061" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>ce84ada1-58b8-3c28-bc5a-64fc4f39e008</id>
<name>Umbrella fqdn1</name>
@@ -408,7 +585,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -452,6 +629,7 @@
<name>key</name>
<value>${enrich_fqdn1}</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>c31f9f4a-becc-35c3-b9c0-b836d061e364</id>
@@ -467,10 +645,6 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>8811d4ff-bf71-38a6-8cf0-e5732840e1de</id>
- <position x="-1204.5503424650574" y="470.375701251353" />
- </funnel>
<connection>
<id>99b11d95-dfb3-34cf-8657-0c141d1e9f63</id>
<name />
@@ -511,19 +685,117 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
+ </processGroup>
+ <processGroup>
+ <id>1de23f54-e22a-19df-8dd2-9235ae248d29</id>
+ <name>Misp lookup</name>
+ <position x="1056.0" y="216.0" />
+ <comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
+ <processor>
+ <id>16d53f41-fc96-1292-b434-9a157e27eaf3</id>
+ <name>Misp fqdn1</name>
+ <position x="480.99999953064577" y="197.99999761468263" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.LookupRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>lookup-service</name>
+ <value>fa06ec39-7782-3ae3-8dfe-71d28c5240c3</value>
+ </property>
+ <property>
+ <name>result-record-path</name>
+ <value>${enrich_fqdn1}_misp</value>
+ </property>
+ <property>
+ <name>routing-strategy</name>
+ <value>route-to-success</value>
+ </property>
+ <property>
+ <name>result-contents</name>
+ <value>insert-entire-record</value>
+ </property>
+ <property>
+ <name>record-update-strategy</name>
+ <value>use-property</value>
+ </property>
+ <property>
+ <name>key</name>
+ <value>${enrich_fqdn1}</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <inputPort>
+ <id>844331e5-cd55-1c55-889b-d447dfba57a2</id>
+ <name>Input</name>
+ <position x="536.0" y="16.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <outputPort>
+ <id>e13e32a5-f5d5-1f5e-a38e-c1e19453fd31</id>
+ <name>Output</name>
+ <position x="536.0" y="456.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
<connection>
- <id>badc00ed-f022-3045-bcfd-8a4839fef4bf</id>
+ <id>6153303e-0c09-1d36-9b87-6c2d0a5ed15a</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>ce84ada1-58b8-3c28-bc5a-64fc4f39e008</sourceId>
- <sourceGroupId>c763d1fd-ae0f-3297-bab7-abf22759310d</sourceGroupId>
+ <sourceId>16d53f41-fc96-1292-b434-9a157e27eaf3</sourceId>
+ <sourceGroupId>1de23f54-e22a-19df-8dd2-9235ae248d29</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>8811d4ff-bf71-38a6-8cf0-e5732840e1de</destinationId>
- <destinationGroupId>c763d1fd-ae0f-3297-bab7-abf22759310d</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
+ <destinationId>e13e32a5-f5d5-1f5e-a38e-c1e19453fd31</destinationId>
+ <destinationGroupId>1de23f54-e22a-19df-8dd2-9235ae248d29</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>3a4133c4-bc18-1bb7-84a0-06b25aba73f4</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>844331e5-cd55-1c55-889b-d447dfba57a2</sourceId>
+ <sourceGroupId>1de23f54-e22a-19df-8dd2-9235ae248d29</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>16d53f41-fc96-1292-b434-9a157e27eaf3</destinationId>
+ <destinationGroupId>1de23f54-e22a-19df-8dd2-9235ae248d29</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -561,6 +833,26 @@
<sourceId>9b6cb318-b9e8-36f1-bd8a-17b2aa38343a</sourceId>
<sourceGroupId>c763d1fd-ae0f-3297-bab7-abf22759310d</sourceGroupId>
<sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>844331e5-cd55-1c55-889b-d447dfba57a2</destinationId>
+ <destinationGroupId>1de23f54-e22a-19df-8dd2-9235ae248d29</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>4f303cda-ab21-1acd-ffff-ffffcdd40e4b</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>e13e32a5-f5d5-1f5e-a38e-c1e19453fd31</sourceId>
+ <sourceGroupId>1de23f54-e22a-19df-8dd2-9235ae248d29</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
<destinationId>12745a98-f547-38d2-9c50-a471e8cf6fc7</destinationId>
<destinationGroupId>11b67527-3401-3961-97ba-425f721de3e0</destinationGroupId>
<destinationType>OUTPUT_PORT</destinationType>
@@ -679,6 +971,8 @@
<name>Custom enrichment</name>
<position x="-536.0" y="944.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<inputPort>
<id>2ba9db29-0172-1000-ffff-ffffc1aa6db2</id>
<name>Input</name>
@@ -719,6 +1013,8 @@
<name>IP enrichment</name>
<position x="-216.0" y="16.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>be9226d7-777f-3820-bf10-49e97e9b73cc</id>
<name>Check IP2 enrichment</name>
@@ -729,7 +1025,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -769,6 +1065,8 @@
<name>Enrich IP1</name>
<position x="-48.0" y="312.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<inputPort>
<id>ff302e29-64bb-3e10-b76e-91a13d2470d8</id>
<name>Input</name>
@@ -788,6 +1086,8 @@
<name>Misp lookup</name>
<position x="1160.0" y="136.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>68dc57d7-2016-3e27-ac1f-092c63909a63</id>
<name>Misp ip1</name>
@@ -798,7 +1098,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>16</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -842,6 +1142,7 @@
<name>key</name>
<value>${enrich_ip1}</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>57c1773b-65c7-3cdb-b161-a44fa977291a</id>
@@ -857,10 +1158,6 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>3f92a75f-ec3e-3f4c-9467-e5c0e981f032</id>
- <position x="-1312.0" y="792.0" />
- </funnel>
<connection>
<id>7f5a13cb-a049-385d-9ebc-3ef4aa8ff541</id>
<name />
@@ -901,32 +1198,14 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
- <connection>
- <id>d6c427a3-f4fb-39a5-b399-ebd9b0482039</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>68dc57d7-2016-3e27-ac1f-092c63909a63</sourceId>
- <sourceGroupId>9b3b9cc7-49bf-3b66-b213-09f2f5df634e</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>3f92a75f-ec3e-3f4c-9467-e5c0e981f032</destinationId>
- <destinationGroupId>9b3b9cc7-49bf-3b66-b213-09f2f5df634e</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
</processGroup>
<processGroup>
<id>88a2dcc1-ccce-3396-9f4d-bc1e31c70063</id>
<name>GeoIP</name>
<position x="480.0" y="144.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>fb1a97b2-5e15-3bca-9284-f23a9cc90eed</id>
<name>Add GeoIP fields</name>
@@ -937,7 +1216,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -985,18 +1264,19 @@
<name>pretty_print</name>
<value>false</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
<id>11668896-2c3e-3712-905a-eb406bf33c2a</id>
<name>GeoIP IP</name>
- <position x="-1192.0" y="424.0" />
+ <position x="-568.0" y="160.0" />
<styles />
<comment />
<class>org.apache.nifi.processors.GeoEnrichIPRecord</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-enrich-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>12</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -1057,7 +1337,63 @@
</property>
<autoTerminatedRelationship>original</autoTerminatedRelationship>
</processor>
- <inputPort>
+ <processor>
+ <id>349b3525-a821-1197-0000-00006e02758e</id>
+ <name>Contry code to region</name>
+ <position x="-1216.0" y="368.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.LookupRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>lookup-service</name>
+ <value>349b34c7-a821-1197-ffff-ffff85d82877</value>
+ </property>
+ <property>
+ <name>result-record-path</name>
+ <value>${enrich_ip1:substring(1):contains('/'):ifElse('${enrich_ip1:substringBeforeLast(\"/\")}',${enrich_ip1:append('_')}):append("/geo/region")}</value>
+ </property>
+ <property>
+ <name>routing-strategy</name>
+ <value>route-to-success</value>
+ </property>
+ <property>
+ <name>result-contents</name>
+ <value>insert-entire-record</value>
+ </property>
+ <property>
+ <name>record-update-strategy</name>
+ <value>use-property</value>
+ </property>
+ <property>
+ <name>key</name>
+ <value>${enrich_ip1:substring(1):contains('/'):ifElse('${enrich_ip1:substringBeforeLast(\"/\")}',${enrich_ip1:append('_')}):append("/geo/country_iso_code")}</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <inputPort>
<id>e6d573f8-a297-3611-a1ff-f1918a2cbabc</id>
<name>Data Input</name>
<position x="-1192.0" y="-32.0" />
@@ -1067,14 +1403,10 @@
<outputPort>
<id>17c34a1f-8048-366b-8ef4-107ce16a100e</id>
<name>Data output</name>
- <position x="-1160.0" y="752.0" />
+ <position x="-1168.0" y="656.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>b68c4522-cddb-30bf-8545-73a2644cd35e</id>
- <position x="-1560.0" y="336.0" />
- </funnel>
<connection>
<id>790863c1-3cfc-383f-ab9f-5d7ead5c0fe1</id>
<name />
@@ -1124,9 +1456,9 @@
<sourceId>11668896-2c3e-3712-905a-eb406bf33c2a</sourceId>
<sourceGroupId>88a2dcc1-ccce-3396-9f4d-bc1e31c70063</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>17c34a1f-8048-366b-8ef4-107ce16a100e</destinationId>
+ <destinationId>349b3525-a821-1197-0000-00006e02758e</destinationId>
<destinationGroupId>88a2dcc1-ccce-3396-9f4d-bc1e31c70063</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
+ <destinationType>PROCESSOR</destinationType>
<relationship>found</relationship>
<relationship>not found</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
@@ -1137,18 +1469,18 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>c831c34b-2a1a-3d24-963b-079b00961407</id>
+ <id>349b3542-a821-1197-0000-000059777de4</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>fb1a97b2-5e15-3bca-9284-f23a9cc90eed</sourceId>
+ <sourceId>349b3525-a821-1197-0000-00006e02758e</sourceId>
<sourceGroupId>88a2dcc1-ccce-3396-9f4d-bc1e31c70063</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>b68c4522-cddb-30bf-8545-73a2644cd35e</destinationId>
+ <destinationId>17c34a1f-8048-366b-8ef4-107ce16a100e</destinationId>
<destinationGroupId>88a2dcc1-ccce-3396-9f4d-bc1e31c70063</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -1162,6 +1494,8 @@
<name>Tor nodes lookup</name>
<position x="480.0" y="384.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>fd52d735-a256-3c52-9b90-fbe71f010fbe</id>
<name>Tor src IP</name>
@@ -1172,7 +1506,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>12</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -1194,7 +1528,7 @@
</property>
<property>
<name>lookup-service</name>
- <value>bf81debc-0171-1000-0000-00002936ae5a</value>
+ <value>bbd4d3a2-0175-1000-0000-00000b0fb8bd</value>
</property>
<property>
<name>result-record-path</name>
@@ -1216,6 +1550,7 @@
<name>key</name>
<value>${enrich_ip1}</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>eb136a03-4809-3d2f-a85e-e739ffa665cd</id>
@@ -1231,10 +1566,6 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>44794379-111e-3f28-bf84-bf5850f42587</id>
- <position x="-1412.2104124778762" y="829.0775745939713" />
- </funnel>
<connection>
<id>c681313a-f2c8-3439-8c00-70f9783fea67</id>
<name />
@@ -1275,26 +1606,6 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
- <connection>
- <id>ad32e629-d5a2-38b7-a50e-9acf0ad9d768</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>fd52d735-a256-3c52-9b90-fbe71f010fbe</sourceId>
- <sourceGroupId>3cb64c25-8af7-361d-b6e7-e002defe7411</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>44794379-111e-3f28-bf84-bf5850f42587</destinationId>
- <destinationGroupId>3cb64c25-8af7-361d-b6e7-e002defe7411</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
</processGroup>
<connection>
<id>3831c5df-c2a8-3a1b-9d67-8f37abf05365</id>
@@ -1382,6 +1693,8 @@
<name>Enrich IP2</name>
<position x="-56.0" y="584.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<inputPort>
<id>742a8211-a5e6-347d-9e79-25facc6b181e</id>
<name>Input</name>
@@ -1401,17 +1714,75 @@
<name>GeoIP and IPreg</name>
<position x="480.0" y="144.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
+ <processor>
+ <id>9ed935e9-7bd4-150a-913d-e6a4dedb2939</id>
+ <name>Contry code to region</name>
+ <position x="-1224.0" y="368.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.LookupRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>lookup-service</name>
+ <value>349b34c7-a821-1197-ffff-ffff85d82877</value>
+ </property>
+ <property>
+ <name>result-record-path</name>
+ <value>${enrich_ip2:substring(1):contains('/'):ifElse('${enrich_ip2:substringBeforeLast(\"/\")}',${enrich_ip2:append('_')}):append("/geo/region")}</value>
+ </property>
+ <property>
+ <name>routing-strategy</name>
+ <value>route-to-success</value>
+ </property>
+ <property>
+ <name>result-contents</name>
+ <value>insert-entire-record</value>
+ </property>
+ <property>
+ <name>record-update-strategy</name>
+ <value>use-property</value>
+ </property>
+ <property>
+ <name>key</name>
+ <value>${enrich_ip2:substring(1):contains('/'):ifElse('${enrich_ip2:substringBeforeLast(\"/\")}',${enrich_ip2:append('_')}):append("/geo/country_iso_code")}</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
<processor>
<id>e16581ea-ff17-3cec-bd39-b1fe52797bd2</id>
<name>GeoIP IP</name>
- <position x="-1232.0" y="432.0" />
+ <position x="-592.0" y="168.0" />
<styles />
<comment />
<class>org.apache.nifi.processors.GeoEnrichIPRecord</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-enrich-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>16</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -1482,7 +1853,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -1530,6 +1901,7 @@
<name>pretty_print</name>
<value>false</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>aa73b938-03ee-3d90-ba6f-0998b568ac36</id>
@@ -1545,23 +1917,19 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>8e8abe4a-9ed6-3ec8-9e9d-719242be1a2b</id>
- <position x="-1560.0" y="336.0" />
- </funnel>
<connection>
- <id>a4870f06-f96b-328a-83d8-4eeb6db5cc93</id>
+ <id>9ed935f0-7bd4-150a-ffff-ffffaed76b62</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>d467bca6-15df-38bb-8f9b-65ae1f9dceaa</sourceId>
+ <sourceId>9ed935e9-7bd4-150a-913d-e6a4dedb2939</sourceId>
<sourceGroupId>a8873c56-d149-34d1-8344-a35b339e6187</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>8e8abe4a-9ed6-3ec8-9e9d-719242be1a2b</destinationId>
+ <destinationId>0dbb2fcb-c11b-396e-8918-24d7121f7653</destinationId>
<destinationGroupId>a8873c56-d149-34d1-8344-a35b339e6187</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -1598,9 +1966,9 @@
<sourceId>e16581ea-ff17-3cec-bd39-b1fe52797bd2</sourceId>
<sourceGroupId>a8873c56-d149-34d1-8344-a35b339e6187</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>0dbb2fcb-c11b-396e-8918-24d7121f7653</destinationId>
+ <destinationId>9ed935e9-7bd4-150a-913d-e6a4dedb2939</destinationId>
<destinationGroupId>a8873c56-d149-34d1-8344-a35b339e6187</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
+ <destinationType>PROCESSOR</destinationType>
<relationship>found</relationship>
<relationship>not found</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
@@ -1636,6 +2004,8 @@
<name>Tor nodes lookup</name>
<position x="480.0" y="384.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>adae2d07-ad4f-38f2-9a8c-b7638863cac7</id>
<name>Tor src IP</name>
@@ -1646,7 +2016,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>16</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -1668,7 +2038,7 @@
</property>
<property>
<name>lookup-service</name>
- <value>bf81debc-0171-1000-0000-00002936ae5a</value>
+ <value>bbd4d3a2-0175-1000-0000-00000b0fb8bd</value>
</property>
<property>
<name>result-record-path</name>
@@ -1690,6 +2060,7 @@
<name>key</name>
<value>${enrich_ip2}</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>1c42374a-61ad-3d92-9f86-1f1ae9bae6d0</id>
@@ -1705,10 +2076,6 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>4bad43e2-bfed-3e45-a9d1-fdabb2ab85ea</id>
- <position x="-1403.592919640183" y="819.7224736847786" />
- </funnel>
<connection>
<id>0b2f9272-06fe-3a8c-a322-9972ac5c0466</id>
<name />
@@ -1749,34 +2116,14 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
- <connection>
- <id>fe67c36a-4ae0-3e30-8aad-a988a481df4b</id>
- <name />
- <bendPoints>
- <bendPoint x="-1088.0" y="832.0" />
- </bendPoints>
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>adae2d07-ad4f-38f2-9a8c-b7638863cac7</sourceId>
- <sourceGroupId>33258978-2057-3612-be77-0a763431ee29</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>4bad43e2-bfed-3e45-a9d1-fdabb2ab85ea</destinationId>
- <destinationGroupId>33258978-2057-3612-be77-0a763431ee29</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
</processGroup>
<processGroup>
<id>de2bc05d-fbd2-35bc-9192-b82041176492</id>
<name>Misp lookup</name>
<position x="1160.0" y="136.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>2cd2029e-53ae-3575-bf35-785203683c7f</id>
<name>Misp ip</name>
@@ -1787,7 +2134,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>12</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -1831,6 +2178,7 @@
<name>key</name>
<value>${enrich_ip2}</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>d6490898-79c0-3eb5-a102-718ff8ab68e6</id>
@@ -1846,10 +2194,6 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>d259fdb6-aa03-35b1-b439-b5baccc57a1e</id>
- <position x="-1264.0" y="784.0" />
- </funnel>
<connection>
<id>d2bfc9ce-5c85-3dc2-a0c5-83bbf0c77277</id>
<name />
@@ -1871,7 +2215,7 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>2475c41e-5711-3de0-bbec-2e977cd1f40a</id>
+ <id>2a95cb88-0177-1000-ffff-ffffc8a50166</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
@@ -1890,26 +2234,6 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
- <connection>
- <id>a7505eac-df84-3e17-8c40-687c159877a7</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>2cd2029e-53ae-3575-bf35-785203683c7f</sourceId>
- <sourceGroupId>de2bc05d-fbd2-35bc-9192-b82041176492</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>d259fdb6-aa03-35b1-b439-b5baccc57a1e</destinationId>
- <destinationGroupId>de2bc05d-fbd2-35bc-9192-b82041176492</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
</processGroup>
<connection>
<id>2ba90add-0172-1000-ffff-ffffb69e0af7</id>
@@ -2098,6 +2422,8 @@
<name>Domain enrichment</name>
<position x="-213.29739929099082" y="283.59665734060223" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>1957f5c3-b6cb-3c80-b527-1858c61ed111</id>
<name>Check domain2 enrichment</name>
@@ -2108,7 +2434,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -2148,6 +2474,8 @@
<name>Enrich domain1</name>
<position x="448.0" y="248.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<inputPort>
<id>bf74c1ba-45ad-3c0d-84c6-ec7ea7bdcdea</id>
<name>Input</name>
@@ -2158,7 +2486,7 @@
<outputPort>
<id>f270695c-edf6-3a9f-bc3a-10804f26f56f</id>
<name>Output</name>
- <position x="1232.0" y="600.0" />
+ <position x="528.0" y="864.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
@@ -2167,6 +2495,8 @@
<name>Entropy</name>
<position x="1152.0" y="288.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>bf907759-0171-1000-0000-0000022727cd</id>
<name>Calculate entropy on domain1</name>
@@ -2177,15 +2507,15 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-scripting-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
<penalizationPeriod>30 sec</penalizationPeriod>
<yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
+ <bulletinLevel>ERROR</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
@@ -2195,18 +2525,18 @@
</property>
<property>
<name>Script File</name>
- <value>/opt/nifi/nifi-current/conf/freq/freqProcessor.py</value>
+ <value>/opt/nifi/nifi-current/conf/enrich/freq/freqProcessor.py</value>
</property>
<property>
<name>Script Body</name>
</property>
<property>
<name>Module Directory</name>
- <value>/opt/nifi/nifi-current/conf/freq</value>
+ <value>/opt/nifi/nifi-current/conf/enrich/freq</value>
</property>
<property>
- <name>Frequency File</name>
- <value>/opt/nifi/nifi-current/conf/freq/alexa.json</value>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
</property>
<property>
<name>record-writer</name>
@@ -2217,17 +2547,18 @@
<value>${enrich_domain1}</value>
</property>
<property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ <name>Result Field 1</name>
+ <value>${enrich_domain1}_freq1</value>
</property>
<property>
<name>Result Field 2</name>
<value>${enrich_domain1}_freq2</value>
</property>
<property>
- <name>Result Field 1</name>
- <value>${enrich_domain1}_freq1</value>
+ <name>Frequency File</name>
+ <value>/opt/nifi/nifi-current/conf/enrich/freq/alexa.json</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>84dfe3a1-a6f4-3b80-9161-93a59b88ad8b</id>
@@ -2243,10 +2574,6 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>7297c375-d15a-36a2-a115-6b2680fbef2b</id>
- <position x="128.0" y="360.0" />
- </funnel>
<connection>
<id>2bea3770-0172-1000-ffff-ffff9cd568b2</id>
<name />
@@ -2267,38 +2594,18 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
- <connection>
- <id>bf938168-0171-1000-0000-00003e6fd9c5</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>bf907759-0171-1000-0000-0000022727cd</sourceId>
- <sourceGroupId>89e761fa-669e-30c2-9590-ab8f806ffaff</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>7297c375-d15a-36a2-a115-6b2680fbef2b</destinationId>
- <destinationGroupId>89e761fa-669e-30c2-9590-ab8f806ffaff</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
<connection>
<id>27f7d6f4-0172-1000-ffff-ffffc65ffd5e</id>
<name />
<bendPoints />
- <labelIndex>1</labelIndex>
+ <labelIndex>0</labelIndex>
<zIndex>0</zIndex>
<sourceId>84dfe3a1-a6f4-3b80-9161-93a59b88ad8b</sourceId>
<sourceGroupId>89e761fa-669e-30c2-9590-ab8f806ffaff</sourceGroupId>
<sourceType>INPUT_PORT</sourceType>
- <destinationId>2ef455b6-6c77-39ae-87bf-d21b988f4c52</destinationId>
+ <destinationId>bf907759-0171-1000-0000-0000022727cd</destinationId>
<destinationGroupId>89e761fa-669e-30c2-9590-ab8f806ffaff</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
+ <destinationType>PROCESSOR</destinationType>
<relationship />
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
@@ -2309,23 +2616,25 @@
</connection>
</processGroup>
<processGroup>
- <id>df54305f-551e-38ff-8e1c-a1c272c238c0</id>
- <name>Alexa</name>
- <position x="448.0" y="288.0" />
+ <id>9ed9363a-7bd4-150a-0000-00000cc58ac4</id>
+ <name>Misp lookup</name>
+ <position x="456.0" y="552.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
- <id>ccab62e9-53cd-3d5e-aca3-6fa2e1b95597</id>
- <name>Alexa domain1</name>
- <position x="-726.6263417228297" y="457.36850568010186" />
+ <id>9ed93644-7bd4-150a-0000-00003c8c3388</id>
+ <name>Misp domain1</name>
+ <position x="480.99999953064577" y="197.99999761468263" />
<styles />
<comment />
<class>org.apache.nifi.processors.standard.LookupRecord</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
- <maxConcurrentTasks>8</maxConcurrentTasks>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
<penalizationPeriod>30 sec</penalizationPeriod>
<yieldPeriod>1 sec</yieldPeriod>
@@ -2334,7 +2643,7 @@
<scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
- <runDurationNanos>25000000</runDurationNanos>
+ <runDurationNanos>0</runDurationNanos>
<property>
<name>record-reader</name>
<value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
@@ -2345,11 +2654,11 @@
</property>
<property>
<name>lookup-service</name>
- <value>282db77b-3118-3b3c-bbd1-e4260b1c6395</value>
+ <value>fa06ec39-7782-3ae3-8dfe-71d28c5240c3</value>
</property>
<property>
<name>result-record-path</name>
- <value>${enrich_domain1}_alexa</value>
+ <value>${enrich_domain1}_misp</value>
</property>
<property>
<name>routing-strategy</name>
@@ -2367,36 +2676,33 @@
<name>key</name>
<value>${enrich_domain1}</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
- <id>c7b3b6c4-6418-3dbe-a037-387e3c85cb19</id>
- <name>Input data</name>
- <position x="-673.6437977775172" y="241.37341901017993" />
+ <id>9ed93645-7bd4-150a-ffff-fffff6fa372f</id>
+ <name>Input</name>
+ <position x="536.0" y="16.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</inputPort>
<outputPort>
- <id>ff4ada2c-5f6f-33bc-ae0c-8cdb24dd2357</id>
- <name>Output data</name>
- <position x="-704.0" y="736.0" />
+ <id>9ed9364e-7bd4-150a-ffff-ffffa5012b2a</id>
+ <name>Output</name>
+ <position x="536.0" y="456.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>85764070-cd41-38a1-a352-929737e563c6</id>
- <position x="-1152.0" y="512.0" />
- </funnel>
<connection>
- <id>002d4937-dcb5-3cf1-8075-8d5533667510</id>
+ <id>9ed9364f-7bd4-150a-0000-000019b6beab</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>ccab62e9-53cd-3d5e-aca3-6fa2e1b95597</sourceId>
- <sourceGroupId>df54305f-551e-38ff-8e1c-a1c272c238c0</sourceGroupId>
+ <sourceId>9ed93644-7bd4-150a-0000-00003c8c3388</sourceId>
+ <sourceGroupId>9ed9363a-7bd4-150a-0000-00000cc58ac4</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>ff4ada2c-5f6f-33bc-ae0c-8cdb24dd2357</destinationId>
- <destinationGroupId>df54305f-551e-38ff-8e1c-a1c272c238c0</destinationGroupId>
+ <destinationId>9ed9364e-7bd4-150a-ffff-ffffa5012b2a</destinationId>
+ <destinationGroupId>9ed9363a-7bd4-150a-0000-00000cc58ac4</destinationGroupId>
<destinationType>OUTPUT_PORT</destinationType>
<relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
@@ -2407,18 +2713,18 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>1af92349-7a45-30ec-b6fc-6d881dcd8b26</id>
+ <id>9ed93647-7bd4-150a-0000-00000e5782ec</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>ccab62e9-53cd-3d5e-aca3-6fa2e1b95597</sourceId>
- <sourceGroupId>df54305f-551e-38ff-8e1c-a1c272c238c0</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>85764070-cd41-38a1-a352-929737e563c6</destinationId>
- <destinationGroupId>df54305f-551e-38ff-8e1c-a1c272c238c0</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
+ <sourceId>9ed93645-7bd4-150a-ffff-fffff6fa372f</sourceId>
+ <sourceGroupId>9ed9363a-7bd4-150a-0000-00000cc58ac4</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>9ed93644-7bd4-150a-0000-00003c8c3388</destinationId>
+ <destinationGroupId>9ed9363a-7bd4-150a-0000-00000cc58ac4</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -2426,7 +2732,105 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
- <connection>
+ </processGroup>
+ <processGroup>
+ <id>df54305f-551e-38ff-8e1c-a1c272c238c0</id>
+ <name>Alexa</name>
+ <position x="448.0" y="288.0" />
+ <comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
+ <processor>
+ <id>ccab62e9-53cd-3d5e-aca3-6fa2e1b95597</id>
+ <name>Alexa domain1</name>
+ <position x="-726.6263417228297" y="457.36850568010186" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.LookupRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>8</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>25000000</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>lookup-service</name>
+ <value>282db77b-3118-3b3c-bbd1-e4260b1c6395</value>
+ </property>
+ <property>
+ <name>result-record-path</name>
+ <value>${enrich_domain1}_alexa</value>
+ </property>
+ <property>
+ <name>routing-strategy</name>
+ <value>route-to-success</value>
+ </property>
+ <property>
+ <name>result-contents</name>
+ <value>insert-entire-record</value>
+ </property>
+ <property>
+ <name>record-update-strategy</name>
+ <value>use-property</value>
+ </property>
+ <property>
+ <name>key</name>
+ <value>${enrich_domain1}</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <inputPort>
+ <id>c7b3b6c4-6418-3dbe-a037-387e3c85cb19</id>
+ <name>Input data</name>
+ <position x="-673.6437977775172" y="241.37341901017993" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <outputPort>
+ <id>ff4ada2c-5f6f-33bc-ae0c-8cdb24dd2357</id>
+ <name>Output data</name>
+ <position x="-704.0" y="736.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <connection>
+ <id>002d4937-dcb5-3cf1-8075-8d5533667510</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>ccab62e9-53cd-3d5e-aca3-6fa2e1b95597</sourceId>
+ <sourceGroupId>df54305f-551e-38ff-8e1c-a1c272c238c0</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>ff4ada2c-5f6f-33bc-ae0c-8cdb24dd2357</destinationId>
+ <destinationGroupId>df54305f-551e-38ff-8e1c-a1c272c238c0</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
<id>8d7da7f5-2a03-32fd-9bd6-a3eec6e8351a</id>
<name />
<bendPoints />
@@ -2447,6 +2851,26 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
</processGroup>
+ <connection>
+ <id>9ed93675-7bd4-150a-0000-000017d6cf1e</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>9ed9364e-7bd4-150a-ffff-ffffa5012b2a</sourceId>
+ <sourceGroupId>9ed9363a-7bd4-150a-0000-00000cc58ac4</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>f270695c-edf6-3a9f-bc3a-10804f26f56f</destinationId>
+ <destinationGroupId>309911c5-0f97-37e4-8511-3c5639f5db10</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
<connection>
<id>ff7df1ed-63be-3637-aa15-094355c9711f</id>
<name />
@@ -2476,9 +2900,9 @@
<sourceId>2ef455b6-6c77-39ae-87bf-d21b988f4c52</sourceId>
<sourceGroupId>89e761fa-669e-30c2-9590-ab8f806ffaff</sourceGroupId>
<sourceType>OUTPUT_PORT</sourceType>
- <destinationId>f270695c-edf6-3a9f-bc3a-10804f26f56f</destinationId>
- <destinationGroupId>309911c5-0f97-37e4-8511-3c5639f5db10</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
+ <destinationId>9ed93645-7bd4-150a-ffff-fffff6fa372f</destinationId>
+ <destinationGroupId>9ed9363a-7bd4-150a-0000-00000cc58ac4</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
<relationship />
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
@@ -2513,6 +2937,8 @@
<name>Enrich domain2</name>
<position x="440.0" y="496.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<inputPort>
<id>0097ae66-e4c5-316c-b301-c8fd4481cbf4</id>
<name>Input</name>
@@ -2523,15 +2949,135 @@
<outputPort>
<id>1464f185-b2d5-3347-8aaa-89cfc91566f5</id>
<name>Output</name>
- <position x="1232.0" y="600.0" />
+ <position x="528.0" y="816.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
+ <processGroup>
+ <id>3514302f-5e74-1185-b5c5-edc034d911a6</id>
+ <name>Misp lookup</name>
+ <position x="448.0" y="520.0" />
+ <comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
+ <processor>
+ <id>2a1b3c82-c06f-1184-b6ec-245bb0032b5a</id>
+ <name>Misp domain1</name>
+ <position x="480.99999953064577" y="197.99999761468263" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.LookupRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>lookup-service</name>
+ <value>fa06ec39-7782-3ae3-8dfe-71d28c5240c3</value>
+ </property>
+ <property>
+ <name>result-record-path</name>
+ <value>${enrich_domain2}_misp</value>
+ </property>
+ <property>
+ <name>routing-strategy</name>
+ <value>route-to-success</value>
+ </property>
+ <property>
+ <name>result-contents</name>
+ <value>insert-entire-record</value>
+ </property>
+ <property>
+ <name>record-update-strategy</name>
+ <value>use-property</value>
+ </property>
+ <property>
+ <name>key</name>
+ <value>${enrich_domain2}</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <inputPort>
+ <id>7f5c3719-3707-1577-ad0d-945c5da3a77b</id>
+ <name>Input</name>
+ <position x="536.0" y="16.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <outputPort>
+ <id>af083d3d-f063-1506-a7fe-2c6f0864de22</id>
+ <name>Output</name>
+ <position x="536.0" y="456.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <connection>
+ <id>9cf430ed-a82c-1272-853f-4eeb68c144e2</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>2a1b3c82-c06f-1184-b6ec-245bb0032b5a</sourceId>
+ <sourceGroupId>3514302f-5e74-1185-b5c5-edc034d911a6</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>af083d3d-f063-1506-a7fe-2c6f0864de22</destinationId>
+ <destinationGroupId>3514302f-5e74-1185-b5c5-edc034d911a6</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>96023b7a-7902-1e45-91b0-0396e8bf647b</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>7f5c3719-3707-1577-ad0d-945c5da3a77b</sourceId>
+ <sourceGroupId>3514302f-5e74-1185-b5c5-edc034d911a6</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>2a1b3c82-c06f-1184-b6ec-245bb0032b5a</destinationId>
+ <destinationGroupId>3514302f-5e74-1185-b5c5-edc034d911a6</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
<processGroup>
<id>db261d6a-ab4a-3a2e-854a-cd42492788c5</id>
<name>Entropy</name>
<position x="1152.0" y="288.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>eff73930-f310-1a2e-b248-812b172b7415</id>
<name>Calculate entropy on domain2</name>
@@ -2542,13 +3088,13 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-scripting-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
<penalizationPeriod>30 sec</penalizationPeriod>
<yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
+ <bulletinLevel>ERROR</bulletinLevel>
<lossTolerant>false</lossTolerant>
<scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
@@ -2560,18 +3106,18 @@
</property>
<property>
<name>Script File</name>
- <value>/opt/nifi/nifi-current/conf/freq/freqProcessor.py</value>
+ <value>/opt/nifi/nifi-current/conf/enrich/freq/freqProcessor.py</value>
</property>
<property>
<name>Script Body</name>
</property>
<property>
<name>Module Directory</name>
- <value>/opt/nifi/nifi-current/conf/freq</value>
+ <value>/opt/nifi/nifi-current/conf/enrich/freq</value>
</property>
<property>
- <name>Frequency File</name>
- <value>/opt/nifi/nifi-current/conf/freq/alexa.json</value>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
</property>
<property>
<name>record-writer</name>
@@ -2582,17 +3128,18 @@
<value>${enrich_domain2}</value>
</property>
<property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ <name>Result Field 1</name>
+ <value>${enrich_domain2}_freq1</value>
</property>
<property>
<name>Result Field 2</name>
<value>${enrich_domain2}_freq2</value>
</property>
<property>
- <name>Result Field 1</name>
- <value>${enrich_domain2}_freq1</value>
+ <name>Frequency File</name>
+ <value>/opt/nifi/nifi-current/conf/enrich/freq/alexa.json</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>ecc214d7-667d-3d81-affa-93e712a87abe</id>
@@ -2608,22 +3155,18 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>1667ea62-481a-3dfb-8745-8033f80ab5a7</id>
- <position x="144.0" y="352.0" />
- </funnel>
<connection>
<id>bf99e121-0171-1000-0000-0000487c681e</id>
<name />
<bendPoints />
- <labelIndex>1</labelIndex>
+ <labelIndex>0</labelIndex>
<zIndex>0</zIndex>
<sourceId>ecc214d7-667d-3d81-affa-93e712a87abe</sourceId>
<sourceGroupId>db261d6a-ab4a-3a2e-854a-cd42492788c5</sourceGroupId>
<sourceType>INPUT_PORT</sourceType>
- <destinationId>10c439ea-f35c-3171-836c-d83af1403698</destinationId>
+ <destinationId>eff73930-f310-1a2e-b248-812b172b7415</destinationId>
<destinationGroupId>db261d6a-ab4a-3a2e-854a-cd42492788c5</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
+ <destinationType>PROCESSOR</destinationType>
<relationship />
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
@@ -2652,32 +3195,14 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
- <connection>
- <id>bf9a2f76-0171-1000-ffff-fffffcafce73</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>eff73930-f310-1a2e-b248-812b172b7415</sourceId>
- <sourceGroupId>db261d6a-ab4a-3a2e-854a-cd42492788c5</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>1667ea62-481a-3dfb-8745-8033f80ab5a7</destinationId>
- <destinationGroupId>db261d6a-ab4a-3a2e-854a-cd42492788c5</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
</processGroup>
<processGroup>
<id>bd4c02d9-77f7-3984-8aa0-ad78099693a7</id>
<name>Alexa</name>
<position x="448.0" y="288.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>4598e8b8-b54a-3855-b6b7-5ac2721745a2</id>
<name>Alexa domain1</name>
@@ -2688,7 +3213,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -2732,6 +3257,7 @@
<name>key</name>
<value>${enrich_domain2}</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>a7e674e2-60b2-3417-ad31-d69248774c3f</id>
@@ -2747,40 +3273,16 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>bf17534a-3723-3f7d-9ca1-dc1b61022e90</id>
- <position x="-1152.0" y="512.0" />
- </funnel>
<connection>
- <id>3264d31c-6569-3dde-b174-ddff9f7d3835</id>
+ <id>6580ec44-ce8d-3aaf-b7ba-ee4c4d67321b</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>4598e8b8-b54a-3855-b6b7-5ac2721745a2</sourceId>
+ <sourceId>a7e674e2-60b2-3417-ad31-d69248774c3f</sourceId>
<sourceGroupId>bd4c02d9-77f7-3984-8aa0-ad78099693a7</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>bf17534a-3723-3f7d-9ca1-dc1b61022e90</destinationId>
- <destinationGroupId>bd4c02d9-77f7-3984-8aa0-ad78099693a7</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>6580ec44-ce8d-3aaf-b7ba-ee4c4d67321b</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>a7e674e2-60b2-3417-ad31-d69248774c3f</sourceId>
- <sourceGroupId>bd4c02d9-77f7-3984-8aa0-ad78099693a7</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>4598e8b8-b54a-3855-b6b7-5ac2721745a2</destinationId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>4598e8b8-b54a-3855-b6b7-5ac2721745a2</destinationId>
<destinationGroupId>bd4c02d9-77f7-3984-8aa0-ad78099693a7</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
<relationship />
@@ -2853,13 +3355,13 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>7fcacebd-9235-37f8-9160-496d27d96a2d</id>
+ <id>96023b92-7902-1e45-0000-000012465abe</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>10c439ea-f35c-3171-836c-d83af1403698</sourceId>
- <sourceGroupId>db261d6a-ab4a-3a2e-854a-cd42492788c5</sourceGroupId>
+ <sourceId>af083d3d-f063-1506-a7fe-2c6f0864de22</sourceId>
+ <sourceGroupId>3514302f-5e74-1185-b5c5-edc034d911a6</sourceGroupId>
<sourceType>OUTPUT_PORT</sourceType>
<destinationId>1464f185-b2d5-3347-8aaa-89cfc91566f5</destinationId>
<destinationGroupId>464af303-e93a-32ed-a7ef-d3d553054447</destinationGroupId>
@@ -2872,6 +3374,26 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
+ <connection>
+ <id>7fcacebd-9235-37f8-9160-496d27d96a2d</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>10c439ea-f35c-3171-836c-d83af1403698</sourceId>
+ <sourceGroupId>db261d6a-ab4a-3a2e-854a-cd42492788c5</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>7f5c3719-3707-1577-ad0d-945c5da3a77b</destinationId>
+ <destinationGroupId>3514302f-5e74-1185-b5c5-edc034d911a6</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
</processGroup>
<connection>
<id>74a800f3-16dd-3368-8b95-b2f06c0e039e</id>
@@ -3202,16 +3724,16 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-lookup-services-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<enabled>true</enabled>
<property>
<name>csv-file</name>
- <value>/opt/nifi/nifi-current/conf/alexa-top-1m.csv</value>
+ <value>/opt/nifi/nifi-current/conf/enrich/alexa-top-1m.csv</value>
</property>
<property>
<name>CSV Format</name>
- <value>Default</value>
+ <value>default</value>
</property>
<property>
<name>Character Set</name>
@@ -3222,13 +3744,36 @@
<value>domain</value>
</property>
<property>
- <name>lookup-value-column</name>
- <value>index</value>
+ <name>ignore-duplicates</name>
+ <value>true</value>
</property>
<property>
- <name>ignore-duplicates</name>
+ <name>Value Separator</name>
+ <value>,</value>
+ </property>
+ <property>
+ <name>Quote Character</name>
+ <value>"</value>
+ </property>
+ <property>
+ <name>Quote Mode</name>
+ <value>MINIMAL</value>
+ </property>
+ <property>
+ <name>Comment Marker</name>
+ </property>
+ <property>
+ <name>Escape Character</name>
+ <value>\</value>
+ </property>
+ <property>
+ <name>Trim Fields</name>
<value>true</value>
</property>
+ <property>
+ <name>lookup-value-column</name>
+ <value>index</value>
+ </property>
</controllerService>
<controllerService>
<id>67289e27-a14d-3fa6-bcf9-91f7d2ae8d59</id>
@@ -3238,16 +3783,16 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-lookup-services-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<enabled>true</enabled>
<property>
<name>csv-file</name>
- <value>/opt/nifi/nifi-current/conf/umbrella-top-1m.csv</value>
+ <value>/opt/nifi/nifi-current/conf/enrich/umbrella-top-1m.csv</value>
</property>
<property>
<name>CSV Format</name>
- <value>Excel</value>
+ <value>default</value>
</property>
<property>
<name>Character Set</name>
@@ -3258,13 +3803,36 @@
<value>domain</value>
</property>
<property>
- <name>lookup-value-column</name>
- <value>index</value>
+ <name>ignore-duplicates</name>
+ <value>true</value>
</property>
<property>
- <name>ignore-duplicates</name>
+ <name>Value Separator</name>
+ <value>,</value>
+ </property>
+ <property>
+ <name>Quote Character</name>
+ <value>"</value>
+ </property>
+ <property>
+ <name>Quote Mode</name>
+ <value>MINIMAL</value>
+ </property>
+ <property>
+ <name>Comment Marker</name>
+ </property>
+ <property>
+ <name>Escape Character</name>
+ <value>\</value>
+ </property>
+ <property>
+ <name>Trim Fields</name>
<value>true</value>
</property>
+ <property>
+ <name>lookup-value-column</name>
+ <value>index</value>
+ </property>
</controllerService>
</processGroup>
<processGroup>
@@ -3272,6 +3840,8 @@
<name>Data input</name>
<position x="830.4597621124223" y="407.3463126314215" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<outputPort>
<id>21a9e277-2d80-359a-9c57-cb76d8962e6d</id>
<name>To data output</name>
@@ -3282,7 +3852,7 @@
<outputPort>
<id>20b01ab3-3a8d-3573-b95d-a4a45494050f</id>
<name>To enrichment</name>
- <position x="480.0" y="504.0" />
+ <position x="480.0" y="392.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
@@ -3291,6 +3861,8 @@
<name>Custom data inputs</name>
<position x="-504.0" y="952.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<outputPort>
<id>27d5dab2-0172-1000-ffff-ffffab5c50be</id>
<name>To data output</name>
@@ -3307,148 +3879,23 @@
</outputPort>
</processGroup>
<processGroup>
- <id>84607b52-9748-3d38-b519-b0a05cddd097</id>
- <name>Nifi logs</name>
- <position x="-496.0" y="136.0" />
+ <id>0c790562-0175-1000-ffff-ffffeaaeafc3</id>
+ <name>FileBeat</name>
+ <position x="-496.0" y="344.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
- <id>c1318ad1-0c35-3896-b32a-1ccd6c09864a</id>
- <name>Add source fields and fix timestamp</name>
- <position x="-2192.0" y="560.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.UpdateRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>94600c6c-704e-3ff8-a2a4-f2f25c71dc3b</value>
- </property>
- <property>
- <name>replacement-value-strategy</name>
- <value>literal-value</value>
- </property>
- <property>
- <name>/labels/source</name>
- <value>${tailfile.original.path}</value>
- </property>
- <property>
- <name>/labels/source_host</name>
- <value>${hostname()}</value>
- </property>
- <property>
- <name>/timestamp</name>
- <value>${field.value:toDate('yyyy-MM-dd HH:mm:ss,SSS'):format("yyyy-MM-dd'T'HH:mm:ss.SSSXXX")}</value>
- </property>
- </processor>
- <processor>
- <id>68663f14-f470-32ee-9cb3-224344d5ad6a</id>
- <name>UpdateAttribute</name>
- <position x="-2184.0" y="824.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.11.4</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Delete Attributes Expression</name>
- </property>
- <property>
- <name>Store State</name>
- <value>Do not store state</value>
- </property>
- <property>
- <name>Stateful Variables Initial Value</name>
- </property>
- <property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
- </property>
- <property>
- <name>data_index</name>
- <value>nifi-logs</value>
- </property>
- <property>
- <name>Authorization</name>
- <value>Bearer 874rPdPJ6qOSL6HvWcH8xxChqTJxiFtHp94puxh4MygY</value>
- </property>
- </processor>
- <processor>
- <id>716d22cb-8b81-342f-abe4-7cdfe2a980ff</id>
- <name>ConvertRecord</name>
- <position x="-2200.0" y="264.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.ConvertRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>e3e44ca0-6653-328b-9d3f-b8225312914b</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>94600c6c-704e-3ff8-a2a4-f2f25c71dc3b</value>
- </property>
- <property>
- <name>include-zero-record-flowfiles</name>
- <value>true</value>
- </property>
- </processor>
- <processor>
- <id>609a3835-5317-1c94-ad8f-1d9940869db4</id>
- <name>TailFile</name>
- <position x="-2200.0" y="8.0" />
+ <id>8962ad5a-0175-1000-ffff-ffffde6db5a6</id>
+ <name>RouteOnAttribute</name>
+ <position x="-1080.0" y="280.0" />
<styles />
<comment />
- <class>org.apache.nifi.processors.standard.TailFile</class>
+ <class>org.apache.nifi.processors.standard.RouteOnAttribute</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -3461,457 +3908,181 @@
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>tail-mode</name>
- <value>Single file</value>
- </property>
- <property>
- <name>File to Tail</name>
- <value>/opt/nifi/nifi-current/logs/nifi-user.log</value>
- </property>
- <property>
- <name>Rolling Filename Pattern</name>
- </property>
- <property>
- <name>tail-base-directory</name>
- </property>
- <property>
- <name>Initial Start Position</name>
- <value>Beginning of File</value>
- </property>
- <property>
- <name>File Location</name>
- <value>Local</value>
- </property>
- <property>
- <name>tailfile-recursive-lookup</name>
- <value>false</value>
- </property>
- <property>
- <name>tailfile-lookup-frequency</name>
- <value>10 minutes</value>
- </property>
- <property>
- <name>tailfile-maximum-age</name>
- <value>24 hours</value>
+ <name>Routing Strategy</name>
+ <value>Route to Property name</value>
</property>
- </processor>
- <processor>
- <id>9ecf3ce4-ae3c-1b06-96f9-5e9c59e51690</id>
- <name>TailFile</name>
- <position x="-1784.0" y="8.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.TailFile</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
<property>
- <name>tail-mode</name>
- <value>Single file</value>
+ <name>keycloak</name>
+ <value>${log_type:equals("keycloak")}</value>
</property>
<property>
- <name>File to Tail</name>
- <value>/opt/nifi/nifi-current/logs/nifi-bootstrap.log</value>
+ <name>kibana</name>
+ <value>${log_type:equals("kibana")}</value>
</property>
<property>
- <name>Rolling Filename Pattern</name>
+ <name>elasticsearch</name>
+ <value>${log_type:equals("elasticsearch")}</value>
</property>
<property>
- <name>tail-base-directory</name>
+ <name>suricata</name>
+ <value>${log_type:equals("suricata")}</value>
</property>
<property>
- <name>Initial Start Position</name>
- <value>Beginning of File</value>
+ <name>haproxy</name>
+ <value>${log_type:equals("haproxy")}</value>
</property>
<property>
- <name>File Location</name>
- <value>Local</value>
+ <name>mysql</name>
+ <value>${log_type:equals("mysql")}</value>
</property>
<property>
- <name>tailfile-recursive-lookup</name>
- <value>false</value>
+ <name>zeek</name>
+ <value>${log_type:equals("zeek")}</value>
</property>
<property>
- <name>tailfile-lookup-frequency</name>
- <value>10 minutes</value>
+ <name>nifi</name>
+ <value>${log_type:equals("nifi")}</value>
</property>
<property>
- <name>tailfile-maximum-age</name>
- <value>24 hours</value>
+ <name>zookeeper</name>
+ <value>${log_type:equals("zookeeper")}</value>
</property>
</processor>
- <processor>
- <id>1e796098-c064-371a-8147-d60b5d41a316</id>
- <name>TailFile</name>
- <position x="-2648.0" y="16.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.TailFile</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
+ <outputPort>
+ <id>bcb879d5-0175-1000-0000-000070879ad0</id>
+ <name>To data output</name>
+ <position x="-2480.0" y="336.0" />
+ <comments />
<scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>tail-mode</name>
- <value>Single file</value>
- </property>
- <property>
- <name>File to Tail</name>
- <value>/opt/nifi/nifi-current/logs/nifi-app.log</value>
- </property>
- <property>
- <name>Rolling Filename Pattern</name>
- </property>
- <property>
- <name>tail-base-directory</name>
- </property>
- <property>
- <name>Initial Start Position</name>
- <value>Beginning of File</value>
- </property>
- <property>
- <name>File Location</name>
- <value>Local</value>
- </property>
- <property>
- <name>tailfile-recursive-lookup</name>
- <value>false</value>
- </property>
- <property>
- <name>tailfile-lookup-frequency</name>
- <value>10 minutes</value>
- </property>
- <property>
- <name>tailfile-maximum-age</name>
- <value>24 hours</value>
- </property>
- </processor>
+ </outputPort>
<outputPort>
- <id>1ef39440-1985-3bbb-8e03-859a1c5ee4b1</id>
- <name>To storage</name>
- <position x="-2120.0" y="1064.0" />
+ <id>349b32fe-a821-1197-0000-00003a0b6fe5</id>
+ <name>To enrichment</name>
+ <position x="744.0" y="920.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>beabd3be-6f95-3369-9aa5-4631e6207ec5</id>
- <position x="-1572.2279720213353" y="320.16022816068823" />
- </funnel>
- <connection>
- <id>0261c39c-d823-3ab3-b680-2d0c2fa152e5</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>c1318ad1-0c35-3896-b32a-1ccd6c09864a</sourceId>
- <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>68663f14-f470-32ee-9cb3-224344d5ad6a</destinationId>
- <destinationGroupId>84607b52-9748-3d38-b519-b0a05cddd097</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>214adcbf-0175-1000-ffff-ffffaedeecef</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>9ecf3ce4-ae3c-1b06-96f9-5e9c59e51690</sourceId>
- <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>716d22cb-8b81-342f-abe4-7cdfe2a980ff</destinationId>
- <destinationGroupId>84607b52-9748-3d38-b519-b0a05cddd097</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>0a34d026-0761-3a6d-b261-377d20a40b5d</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>c1318ad1-0c35-3896-b32a-1ccd6c09864a</sourceId>
- <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>beabd3be-6f95-3369-9aa5-4631e6207ec5</destinationId>
- <destinationGroupId>84607b52-9748-3d38-b519-b0a05cddd097</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>266ad4f3-c827-337a-b3b5-28bccc8917fc</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>716d22cb-8b81-342f-abe4-7cdfe2a980ff</sourceId>
- <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>beabd3be-6f95-3369-9aa5-4631e6207ec5</destinationId>
- <destinationGroupId>84607b52-9748-3d38-b519-b0a05cddd097</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>0dc021fb-a375-3e48-a5fd-1b9d5c3ad9bd</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>1e796098-c064-371a-8147-d60b5d41a316</sourceId>
- <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>716d22cb-8b81-342f-abe4-7cdfe2a980ff</destinationId>
- <destinationGroupId>84607b52-9748-3d38-b519-b0a05cddd097</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>5bc3c82f-bfb5-3e6c-a7bf-141748391beb</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>716d22cb-8b81-342f-abe4-7cdfe2a980ff</sourceId>
- <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>c1318ad1-0c35-3896-b32a-1ccd6c09864a</destinationId>
- <destinationGroupId>84607b52-9748-3d38-b519-b0a05cddd097</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>32df885e-4eb1-38fd-bf6b-219725264cf4</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>68663f14-f470-32ee-9cb3-224344d5ad6a</sourceId>
- <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>1ef39440-1985-3bbb-8e03-859a1c5ee4b1</destinationId>
- <destinationGroupId>84607b52-9748-3d38-b519-b0a05cddd097</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>609a3840-5317-1c94-0000-00002897f5ab</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>609a3835-5317-1c94-ad8f-1d9940869db4</sourceId>
- <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>716d22cb-8b81-342f-abe4-7cdfe2a980ff</destinationId>
- <destinationGroupId>84607b52-9748-3d38-b519-b0a05cddd097</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <controllerService>
- <id>e3e44ca0-6653-328b-9d3f-b8225312914b</id>
- <name>Nifi logs GrokReader</name>
- <comment />
- <class>org.apache.nifi.grok.GrokReader</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-record-serialization-services-nar</artifact>
- <version>1.11.4</version>
- </bundle>
- <enabled>true</enabled>
- <property>
- <name>schema-access-strategy</name>
- <value>string-fields-from-grok-expression</value>
- </property>
- <property>
- <name>schema-registry</name>
- </property>
- <property>
- <name>schema-name</name>
- <value>${schema.name}</value>
- </property>
- <property>
- <name>schema-version</name>
- </property>
- <property>
- <name>schema-branch</name>
- </property>
- <property>
- <name>schema-text</name>
- <value>${avro.schema}</value>
- </property>
- <property>
- <name>Grok Pattern File</name>
- </property>
- <property>
- <name>Grok Expression</name>
- <value>%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} \[%{DATA:thread}\] %{DATA:class} %{GREEDYDATA:message}</value>
- </property>
- <property>
- <name>no-match-behavior</name>
- <value>append-to-previous-message</value>
- </property>
- </controllerService>
- </processGroup>
- <processGroup>
- <id>0c790562-0175-1000-ffff-ffffeaaeafc3</id>
- <name>FileBeat</name>
- <position x="-496.0" y="344.0" />
- <comment />
<processGroup>
- <id>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</id>
- <name>Suricata</name>
- <position x="-504.0" y="352.0" />
+ <id>89636688-0175-1000-ffff-ffffb1b28a38</id>
+ <name>Unknown data</name>
+ <position x="-448.0" y="64.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
- <id>19336e9e-3581-3d83-bb51-b9af2f5a6005</id>
- <name>Filter out DNS events</name>
- <position x="-371.62446124181497" y="672.8156960893323" />
+ <id>8963d0f9-0175-1000-0000-000054fbe086</id>
+ <name>UpdateAttribute</name>
+ <position x="392.0" y="248.0" />
<styles />
<comment />
- <class>org.apache.nifi.processors.standard.RouteOnAttribute</class>
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.12.1</version>
</bundle>
- <maxConcurrentTasks>3</maxConcurrentTasks>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
<penalizationPeriod>30 sec</penalizationPeriod>
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>Routing Strategy</name>
- <value>Route to Property name</value>
- </property>
- <property>
- <name>dns</name>
- <value>${event_type:contains("dns")}</value>
- </property>
- <property>
- <name>flow</name>
- <value>${event_type:contains("flow")}</value>
- </property>
- <property>
- <name>alert</name>
- <value>${event_type:contains("alert")}</value>
- </property>
- <property>
- <name>ssh</name>
- <value>${event_type:contains("ssh")}</value>
- </property>
- <property>
- <name>tls</name>
- <value>${event_type:contains("tls")}</value>
+ <name>Delete Attributes Expression</name>
</property>
<property>
- <name>http</name>
- <value>${event_type:contains("http")}</value>
+ <name>Store State</name>
+ <value>Do not store state</value>
</property>
<property>
- <name>stats</name>
- <value>${event_type:contains("stats")}</value>
+ <name>Stateful Variables Initial Value</name>
</property>
<property>
- <name>files</name>
- <value>${event_type:contains("file")}</value>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
</property>
<property>
- <name>smtp</name>
- <value>${event_type:contains("smtp")}</value>
+ <name>data_index</name>
+ <value>logs-filebeat-unknown</value>
</property>
- <autoTerminatedRelationship>smtp</autoTerminatedRelationship>
- <autoTerminatedRelationship>stats</autoTerminatedRelationship>
- <autoTerminatedRelationship>unmatched</autoTerminatedRelationship>
</processor>
+ <inputPort>
+ <id>89639d3d-0175-1000-ffff-ffffb446c257</id>
+ <name>Input</name>
+ <position x="444.0000243687773" y="80.00000220501622" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <outputPort>
+ <id>8963b202-0175-1000-0000-000022d64ba2</id>
+ <name>Output</name>
+ <position x="456.0" y="504.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <connection>
+ <id>8963e649-0175-1000-ffff-fffff03ab629</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>89639d3d-0175-1000-ffff-ffffb446c257</sourceId>
+ <sourceGroupId>89636688-0175-1000-ffff-ffffb1b28a38</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>8963d0f9-0175-1000-0000-000054fbe086</destinationId>
+ <destinationGroupId>89636688-0175-1000-ffff-ffffb1b28a38</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8963f112-0175-1000-0000-00000dfa15b5</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8963d0f9-0175-1000-0000-000054fbe086</sourceId>
+ <sourceGroupId>89636688-0175-1000-ffff-ffffb1b28a38</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>8963b202-0175-1000-0000-000022d64ba2</destinationId>
+ <destinationGroupId>89636688-0175-1000-ffff-ffffb1b28a38</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <processGroup>
+ <id>bc6be78f-0175-1000-ffff-ffffbcd0f569</id>
+ <name>NiFi logs</name>
+ <position x="-1904.0" y="264.0" />
+ <comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
- <id>d59eabae-f47a-3d88-a1c9-e15c156202d6</id>
- <name>Extract rrname</name>
- <position x="-369.29872149802804" y="897.6180433395261" />
+ <id>bc903708-0175-1000-0000-0000642abebf</id>
+ <name>Extract message</name>
+ <position x="352.0" y="280.0" />
<styles />
<comment />
- <class>org.apache.nifi.processors.standard.UpdateRecord</class>
+ <class>org.apache.nifi.processors.standard.ConvertRecord</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -3919,7 +4090,7 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
@@ -3929,36 +4100,25 @@
</property>
<property>
<name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>replacement-value-strategy</name>
- <value>record-path-value</value>
- </property>
- <property>
- <name>/rrname_length</name>
- <value>/dns/rrname</value>
+ <value>bc8e5957-0175-1000-0000-00003346421d</value>
</property>
<property>
- <name>/rrname_domain</name>
- <value>/dns/rrname</value>
- </property>
- <property>
- <name>/rrname_domain_length</name>
- <value>/dns/rrname</value>
+ <name>include-zero-record-flowfiles</name>
+ <value>true</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
- <id>24e1d8ed-10f4-3b46-958c-f2fb676e3192</id>
- <name>Remove unnecessary filebeat fields</name>
- <position x="-987.5658863682004" y="234.96963460665665" />
+ <id>bc91c66f-0175-1000-0000-00005c7f88ce</id>
+ <name>Convert to json</name>
+ <position x="1064.0" y="272.0" />
<styles />
<comment />
- <class>org.apache.nifi.processors.standard.JoltTransformJSON</class>
+ <class>org.apache.nifi.processors.standard.ConvertRecord</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -3966,59 +4126,35 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>jolt-transform</name>
- <value>jolt-transform-chain</value>
- </property>
- <property>
- <name>jolt-custom-class</name>
- </property>
- <property>
- <name>jolt-custom-modules</name>
- </property>
- <property>
- <name>jolt-spec</name>
- <value>[{
- "operation": "shift",
- "spec": {
- "*": {
- "json": {
- "*": {
- "@": "[#4].&"
- }
- },
- "host": {
- "name": "[#3].beat_host"
- },
- "source": "[#2].source"
- }
- }
-}]</value>
+ <name>record-reader</name>
+ <value>bc97858d-0175-1000-0000-0000130a84f8</value>
</property>
<property>
- <name>Transform Cache Size</name>
- <value>1</value>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
</property>
<property>
- <name>pretty_print</name>
- <value>false</value>
+ <name>include-zero-record-flowfiles</name>
+ <value>true</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
- <id>47757d9f-c23d-33ca-9c88-3c8722bd00a5</id>
- <name>Add rrname_domain++</name>
- <position x="-368.27336608185624" y="1138.9635842383886" />
+ <id>bcabbf11-0175-1000-0000-000037f4e3d3</id>
+ <name>UpdateAttribute</name>
+ <position x="1072.0" y="472.0" />
<styles />
<comment />
- <class>org.apache.nifi.processors.standard.UpdateRecord</class>
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4026,62 +4162,210 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ <name>Delete Attributes Expression</name>
</property>
<property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ <name>Store State</name>
+ <value>Do not store state</value>
</property>
<property>
- <name>replacement-value-strategy</name>
- <value>literal-value</value>
+ <name>Stateful Variables Initial Value</name>
+ </property>
+ <property>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
</property>
<property>
- <name>/rrname_length</name>
- <value>${field.value:length():toNumber()}</value>
+ <name>data_index</name>
+ <value>logs-nifi</value>
</property>
+ </processor>
+ <processor>
+ <id>bc9ffeb0-0175-1000-0000-00000a88d684</id>
+ <name>UpdateRecord</name>
+ <position x="352.0" y="472.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.UpdateRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
<property>
- <name>/ip_src_addr</name>
- <value>0.0.0.0</value>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
</property>
<property>
- <name>/src_ip</name>
- <value>0.0.0.0</value>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
</property>
<property>
- <name>/ip_dst_addr</name>
- <value>0.0.0.0</value>
+ <name>replacement-value-strategy</name>
+ <value>literal-value</value>
</property>
<property>
- <name>/rrname_domain</name>
- <value>${field.value:substringBeforeLast('.'):substringAfterLast('.'):append(${field.value:substringAfterLast('.'):prepend('.')})}</value>
+ <name>/labels/source_file</name>
+ <value>${source_file}</value>
</property>
<property>
- <name>/dest_ip</name>
- <value>0.0.0.0</value>
+ <name>/labels/source_host</name>
+ <value>${source_host}</value>
</property>
<property>
- <name>/rrname_domain_length</name>
- <value>${field.value:substringBeforeLast('.'):substringAfterLast('.'):append(${field.value:substringAfterLast('.'):prepend('.')}):length():toNumber()}</value>
+ <name>/timestamp</name>
+ <value>${field.value:toDate('yyyy-MM-dd HH:mm:ss,SSS'):format("yyyy-MM-dd'T'HH:mm:ss.SSSXXX")}</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
+ <inputPort>
+ <id>bc6c2159-0175-1000-ffff-ffffb4de4d47</id>
+ <name>Input</name>
+ <position x="397.9999517774115" y="110.99999315685733" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <outputPort>
+ <id>bca9636a-0175-1000-0000-000013fa95aa</id>
+ <name>Output</name>
+ <position x="1120.0" y="808.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <connection>
+ <id>bc90c7ac-0175-1000-ffff-fffffa80b534</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>bc903708-0175-1000-0000-0000642abebf</sourceId>
+ <sourceGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>bc91c66f-0175-1000-0000-00005c7f88ce</destinationId>
+ <destinationGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>bc924694-0175-1000-0000-00005b0604b6</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>bc91c66f-0175-1000-0000-00005c7f88ce</sourceId>
+ <sourceGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>bc9ffeb0-0175-1000-0000-00000a88d684</destinationId>
+ <destinationGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>bc6e1b20-0175-1000-ffff-ffff9e7dcb75</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>bc6c2159-0175-1000-ffff-ffffb4de4d47</sourceId>
+ <sourceGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>bc903708-0175-1000-0000-0000642abebf</destinationId>
+ <destinationGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>bcad2e36-0175-1000-0000-00002b6e8fe7</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>bcabbf11-0175-1000-0000-000037f4e3d3</sourceId>
+ <sourceGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>bca9636a-0175-1000-0000-000013fa95aa</destinationId>
+ <destinationGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>bca97855-0175-1000-ffff-ffffbd18cb66</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>bc9ffeb0-0175-1000-0000-00000a88d684</sourceId>
+ <sourceGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>bcabbf11-0175-1000-0000-000037f4e3d3</destinationId>
+ <destinationGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <processGroup>
+ <id>895eab20-0175-1000-0000-00007e13267d</id>
+ <name>Common ListenBeats</name>
+ <position x="-1096.0" y="0.0" />
+ <comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
- <id>e89b0470-bff2-323c-92e5-5fb2d3949070</id>
+ <id>71be315f-7e16-1cce-89f1-d5bd502f889f</id>
<name>Prepend [</name>
- <position x="-996.7179797450688" y="47.535499055489254" />
+ <position x="-1086.1517800521056" y="160.65881341602864" />
<styles />
<comment />
<class>org.apache.nifi.processors.standard.ReplaceText</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4089,7 +4373,7 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
@@ -4107,7 +4391,7 @@
</property>
<property>
<name>Maximum Buffer Size</name>
- <value>1 MB</value>
+ <value>2 MB</value>
</property>
<property>
<name>Replacement Strategy</name>
@@ -4121,18 +4405,19 @@
<name>Line-by-Line Evaluation Mode</name>
<value>All</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
- <id>fd6b6513-51f8-3a96-a764-13bd39ec7f84</id>
- <name>Partition records based on event_type</name>
- <position x="-382.59400260581754" y="446.9900134408068" />
+ <id>d3e43667-10ef-1528-b935-47c2f077f2c9</id>
+ <name>ListenBeats</name>
+ <position x="-616.0" y="-56.0" />
<styles />
<comment />
- <class>org.apache.nifi.processors.standard.PartitionRecord</class>
+ <class>org.apache.nifi.processors.beats.ListenBeats</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <artifact>nifi-beats-nar</artifact>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4140,35 +4425,65 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ <name>Local Network Interface</name>
</property>
<property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ <name>Port</name>
+ <value>6001</value>
</property>
<property>
- <name>event_type</name>
- <value>/event_type</value>
+ <name>Receive Buffer Size</name>
+ <value>65507 B</value>
+ </property>
+ <property>
+ <name>Max Size of Message Queue</name>
+ <value>10000</value>
+ </property>
+ <property>
+ <name>Max Size of Socket Buffer</name>
+ <value>2 MB</value>
+ </property>
+ <property>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>Max Batch Size</name>
+ <value>10000</value>
+ </property>
+ <property>
+ <name>Message Delimiter</name>
+ <value>,\n</value>
+ </property>
+ <property>
+ <name>Max Number of TCP Connections</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>SSL_CONTEXT_SERVICE</name>
+ <value>83443c00-b286-366a-b8e0-2f51527ab8e5</value>
+ </property>
+ <property>
+ <name>Client Auth</name>
+ <value>NONE</value>
</property>
- <autoTerminatedRelationship>original</autoTerminatedRelationship>
</processor>
<processor>
- <id>a88dab36-f543-32fc-8f45-aa11b99c0ff4</id>
- <name>Add standardized fields</name>
- <position x="-982.3277701858627" y="433.7665258942376" />
+ <id>6b9a3cb4-e697-1540-a5fb-ea71cfce8f41</id>
+ <name>Append ]</name>
+ <position x="-424.0" y="160.0" />
<styles />
<comment />
- <class>org.apache.nifi.processors.standard.UpdateRecord</class>
+ <class>org.apache.nifi.processors.standard.ReplaceText</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4176,50 +4491,51 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ <name>Regular Expression</name>
+ <value>(?s)(^.*$)</value>
</property>
<property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ <name>Replacement Value</name>
+ <value>]</value>
</property>
<property>
- <name>replacement-value-strategy</name>
- <value>record-path-value</value>
+ <name>Character Set</name>
+ <value>UTF-8</value>
</property>
<property>
- <name>/ip_dst_port</name>
- <value>/dest_port</value>
+ <name>Maximum Buffer Size</name>
+ <value>2 MB</value>
</property>
<property>
- <name>/ip_src_addr</name>
- <value>/src_ip</value>
+ <name>Replacement Strategy</name>
+ <value>Append</value>
</property>
<property>
- <name>/ip_dst_addr</name>
- <value>/dest_ip</value>
+ <name>Evaluation Mode</name>
+ <value>Entire text</value>
</property>
<property>
- <name>/ip_src_port</name>
- <value>/src_port</value>
+ <name>Line-by-Line Evaluation Mode</name>
+ <value>All</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
- <id>1a038948-9e9a-3523-b899-990077bfd575</id>
- <name>Convert timestamp</name>
- <position x="-385.7461824498648" y="233.13395543765722" />
+ <id>d64f3acd-54a6-1b39-b1af-cc0a26156d5b</id>
+ <name>ListenBeats</name>
+ <position x="-1076.9243538376497" y="-51.550721133258094" />
<styles />
<comment />
- <class>org.apache.nifi.processors.standard.UpdateRecord</class>
+ <class>org.apache.nifi.processors.beats.ListenBeats</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <artifact>nifi-beats-nar</artifact>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4227,46 +4543,64 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ <name>Local Network Interface</name>
</property>
<property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ <name>Port</name>
+ <value>6000</value>
</property>
<property>
- <name>replacement-value-strategy</name>
- <value>literal-value</value>
+ <name>Receive Buffer Size</name>
+ <value>1024kb</value>
</property>
<property>
- <name>/TLP</name>
- <value>AMBER</value>
+ <name>Max Size of Message Queue</name>
+ <value>10000</value>
</property>
<property>
- <name>/mime.type</name>
- <value>application/json</value>
+ <name>Max Size of Socket Buffer</name>
+ <value>4 MB</value>
</property>
<property>
- <name>/timestamp</name>
- <value>${field.value:replaceFirst('\+(\d\d)(\d\d)','+$1:$2')}</value>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>Max Batch Size</name>
+ <value>500</value>
+ </property>
+ <property>
+ <name>Message Delimiter</name>
+ <value>,\n</value>
+ </property>
+ <property>
+ <name>Max Number of TCP Connections</name>
+ <value>200</value>
+ </property>
+ <property>
+ <name>SSL_CONTEXT_SERVICE</name>
+ </property>
+ <property>
+ <name>Client Auth</name>
+ <value>NONE</value>
</property>
</processor>
<processor>
- <id>7eeb23aa-b112-3cc8-bb56-2ca20b456907</id>
- <name>Add enrichment attributes</name>
- <position x="-381.71987132795925" y="1362.5536493927905" />
+ <id>bb719fee-0175-1000-ffff-ffffb73dd31a</id>
+ <name>Rename @ fields</name>
+ <position x="-1080.0" y="360.0" />
<styles />
<comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <class>org.apache.nifi.processors.standard.JoltTransformJSON</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.11.4</version>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4274,170 +4608,54 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>Delete Attributes Expression</name>
+ <name>jolt-transform</name>
+ <value>jolt-transform-chain</value>
</property>
<property>
- <name>Store State</name>
- <value>Do not store state</value>
+ <name>jolt-custom-class</name>
</property>
<property>
- <name>Stateful Variables Initial Value</name>
+ <name>jolt-custom-modules</name>
</property>
<property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
- </property>
- <property>
- <name>enrich_domain1</name>
- <value>/rrname_domain</value>
- </property>
- <property>
- <name>enrich_fqdn1</name>
- <value>/dns/rrname</value>
- </property>
- </processor>
- <processor>
- <id>46cdd7aa-91f0-307c-90aa-65747e558f25</id>
- <name>Add attributes</name>
- <position x="-990.1194195007834" y="665.1839855126569" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.11.4</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Delete Attributes Expression</name>
- </property>
- <property>
- <name>Store State</name>
- <value>Do not store state</value>
- </property>
- <property>
- <name>Stateful Variables Initial Value</name>
- </property>
- <property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
- </property>
- <property>
- <name>data_id</name>
- <value>suricata-${event_type}</value>
- </property>
- <property>
- <name>data_index</name>
- <value>logs-${beats.sender:substringBeforeLast('/'):substringBeforeLast('.'):substringAfterLast('.')}-suricata-${event_type}</value>
- </property>
- <property>
- <name>data_type</name>
- <value>suricata</value>
- </property>
- <property>
- <name>enrich_ip2</name>
- <value>/ip_dst_addr</value>
- </property>
- <property>
- <name>enrich_ip1</name>
- <value>/ip_src_addr</value>
- </property>
- <property>
- <name>TLP</name>
- <value>AMBER</value>
- </property>
- </processor>
- <processor>
- <id>2b0f0d27-a69e-30c9-b3a6-1499ff955a30</id>
- <name>ListenBeats</name>
- <position x="-987.897149146032" y="-167.11494242687536" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.beats.ListenBeats</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-beats-nar</artifact>
- <version>1.11.4</version>
- </bundle>
- <maxConcurrentTasks>2</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>NONE</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Local Network Interface</name>
- </property>
- <property>
- <name>Port</name>
- <value>6101</value>
- </property>
- <property>
- <name>Receive Buffer Size</name>
- <value>65507 B</value>
- </property>
- <property>
- <name>Max Size of Message Queue</name>
- <value>100000</value>
- </property>
- <property>
- <name>Max Size of Socket Buffer</name>
- <value>10 MB</value>
- </property>
- <property>
- <name>Character Set</name>
- <value>UTF-8</value>
- </property>
- <property>
- <name>Max Batch Size</name>
- <value>5000</value>
- </property>
- <property>
- <name>Message Delimiter</name>
- <value>,\n</value>
- </property>
- <property>
- <name>Max Number of TCP Connections</name>
- <value>90</value>
+ <name>jolt-spec</name>
+ <value>[{
+ "operation": "shift",
+ "spec": {
+ "*": {
+ "\\@timestamp":"[&1].timestamp",
+ "\\@metadata":"[&1].metadata",
+ "*": "[&1].&"
+ }
+ }
+}]</value>
</property>
<property>
- <name>SSL_CONTEXT_SERVICE</name>
+ <name>Transform Cache Size</name>
+ <value>1</value>
</property>
<property>
- <name>Client Auth</name>
- <value>REQUIRED</value>
+ <name>pretty_print</name>
+ <value>false</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
- <id>be18c77e-5e4e-3552-ac9b-892ab69a9d49</id>
- <name>Append ]</name>
- <position x="-396.7049152015222" y="50.4274414148523" />
+ <id>896047e7-0175-1000-ffff-ffffc69204e4</id>
+ <name>PartitionRecord</name>
+ <position x="-424.0" y="368.0" />
<styles />
<comment />
- <class>org.apache.nifi.processors.standard.ReplaceText</class>
+ <class>org.apache.nifi.processors.standard.PartitionRecord</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4445,70 +4663,52 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>Regular Expression</name>
- <value>(?s)(^.*$)</value>
- </property>
- <property>
- <name>Replacement Value</name>
- <value>]</value>
- </property>
- <property>
- <name>Character Set</name>
- <value>UTF-8</value>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
</property>
<property>
- <name>Maximum Buffer Size</name>
- <value>1 MB</value>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
</property>
<property>
- <name>Replacement Strategy</name>
- <value>Append</value>
+ <name>log_type</name>
+ <value>/fields/log_type</value>
</property>
<property>
- <name>Evaluation Mode</name>
- <value>Entire text</value>
+ <name>source_host</name>
+ <value>/host/name</value>
</property>
<property>
- <name>Line-by-Line Evaluation Mode</name>
- <value>All</value>
+ <name>source_file</name>
+ <value>/log/file/path</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ <autoTerminatedRelationship>original</autoTerminatedRelationship>
</processor>
<outputPort>
- <id>055308a4-d020-39a9-9da4-b165796ef717</id>
- <name>To enrichment</name>
- <position x="-900.0911671813442" y="1418.3104443450675" />
+ <id>89620b1a-0175-1000-0000-000078566f34</id>
+ <name>Output</name>
+ <position x="-360.0" y="704.0" />
<comments />
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>d8f19295-5666-31a8-b701-52214c4db51d</id>
- <position x="-1500.995244929405" y="257.20806784146276" />
- </funnel>
- <funnel>
- <id>9e3adb6e-2266-390c-995d-76bc3aa5c3d8</id>
- <position x="283.72871497338747" y="273.4623850295515" />
- </funnel>
- <funnel>
- <id>c4afa3d5-0170-1000-ffff-ffffe437a306</id>
- <position x="396.10723355029654" y="1188.222598705122" />
- </funnel>
<connection>
- <id>d39ff93b-85e9-3c56-9f44-1916d1abcd9d</id>
+ <id>bb8aafca-0175-1000-0000-000038f8e9fc</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>a88dab36-f543-32fc-8f45-aa11b99c0ff4</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceId>896047e7-0175-1000-ffff-ffffc69204e4</sourceId>
+ <sourceGroupId>895eab20-0175-1000-0000-00007e13267d</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>fd6b6513-51f8-3a96-a764-13bd39ec7f84</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
+ <destinationId>89620b1a-0175-1000-0000-000078566f34</destinationId>
+ <destinationGroupId>895eab20-0175-1000-0000-00007e13267d</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
<relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
@@ -4518,18 +4718,18 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>c4ae2f82-0170-1000-ffff-ffff91d33f16</id>
+ <id>895f18a7-0175-1000-ffff-ffffbc2237fd</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>19336e9e-3581-3d83-bb51-b9af2f5a6005</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceId>71be315f-7e16-1cce-89f1-d5bd502f889f</sourceId>
+ <sourceGroupId>895eab20-0175-1000-0000-00007e13267d</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>d59eabae-f47a-3d88-a1c9-e15c156202d6</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationId>6b9a3cb4-e697-1540-a5fb-ea71cfce8f41</destinationId>
+ <destinationGroupId>895eab20-0175-1000-0000-00007e13267d</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
- <relationship>dns</relationship>
+ <relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -4538,16 +4738,16 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>a4471b0c-c924-31e0-9aa1-7cf56b1be0ed</id>
+ <id>895ee440-0175-1000-ffff-ffffd3ff3143</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>be18c77e-5e4e-3552-ac9b-892ab69a9d49</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceId>d64f3acd-54a6-1b39-b1af-cc0a26156d5b</sourceId>
+ <sourceGroupId>895eab20-0175-1000-0000-00007e13267d</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>24e1d8ed-10f4-3b46-958c-f2fb676e3192</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationId>71be315f-7e16-1cce-89f1-d5bd502f889f</destinationId>
+ <destinationGroupId>895eab20-0175-1000-0000-00007e13267d</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
<relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
@@ -4558,16 +4758,16 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>f9a8aee6-502f-3eb9-8806-8964276d4ca0</id>
+ <id>ac7a988a-0175-1000-ffff-ffff86c66751</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>24e1d8ed-10f4-3b46-958c-f2fb676e3192</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceId>d3e43667-10ef-1528-b935-47c2f077f2c9</sourceId>
+ <sourceGroupId>895eab20-0175-1000-0000-00007e13267d</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>1a038948-9e9a-3523-b899-990077bfd575</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationId>71be315f-7e16-1cce-89f1-d5bd502f889f</destinationId>
+ <destinationGroupId>895eab20-0175-1000-0000-00007e13267d</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
<relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
@@ -4578,343 +4778,36 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>e8ad07a6-cd62-3473-9b16-833cf43026a6</id>
+ <id>bb8a6c6c-0175-1000-0000-00000abdc8f9</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>2b0f0d27-a69e-30c9-b3a6-1499ff955a30</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceId>bb719fee-0175-1000-ffff-ffffb73dd31a</sourceId>
+ <sourceGroupId>895eab20-0175-1000-0000-00007e13267d</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>e89b0470-bff2-323c-92e5-5fb2d3949070</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationId>896047e7-0175-1000-ffff-ffffc69204e4</destinationId>
+ <destinationGroupId>895eab20-0175-1000-0000-00007e13267d</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
<relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>1 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>33baee02-9354-3b7f-a910-6220a5f6108f</id>
- <name />
- <bendPoints>
- <bendPoint x="-775.4788208007812" y="947.9116821289062" />
- </bendPoints>
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>19336e9e-3581-3d83-bb51-b9af2f5a6005</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>055308a4-d020-39a9-9da4-b165796ef717</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>alert</relationship>
- <relationship>files</relationship>
- <relationship>http</relationship>
- <relationship>ssh</relationship>
- <relationship>tls</relationship>
- <relationship>flow</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
<loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>c010a48c-a3af-3cfc-9693-9885925e763e</id>
+ <id>8961779d-0175-1000-0000-00003ef237de</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>fd6b6513-51f8-3a96-a764-13bd39ec7f84</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceId>6b9a3cb4-e697-1540-a5fb-ea71cfce8f41</sourceId>
+ <sourceGroupId>895eab20-0175-1000-0000-00007e13267d</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>46cdd7aa-91f0-307c-90aa-65747e558f25</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>3a82b9ea-a974-3750-ad78-275da67285e6</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>be18c77e-5e4e-3552-ac9b-892ab69a9d49</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>9e3adb6e-2266-390c-995d-76bc3aa5c3d8</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>c4afb718-0170-1000-0000-000061284251</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>d59eabae-f47a-3d88-a1c9-e15c156202d6</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>c4afa3d5-0170-1000-ffff-ffffe437a306</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>67789d5d-ebdc-390c-adc8-f2111f467ad4</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>fd6b6513-51f8-3a96-a764-13bd39ec7f84</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>9e3adb6e-2266-390c-995d-76bc3aa5c3d8</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>c4afc7bc-0170-1000-ffff-ffffae3762dd</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>47757d9f-c23d-33ca-9c88-3c8722bd00a5</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>c4afa3d5-0170-1000-ffff-ffffe437a306</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>f4bd2bed-88a1-396f-974b-19dcb5f40101</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>e89b0470-bff2-323c-92e5-5fb2d3949070</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>d8f19295-5666-31a8-b701-52214c4db51d</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>9b860d17-8918-3956-a8b2-54ec49231c37</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>47757d9f-c23d-33ca-9c88-3c8722bd00a5</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>7eeb23aa-b112-3cc8-bb56-2ca20b456907</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>98594ca0-2fce-349c-8432-94f4d021d1fe</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>e89b0470-bff2-323c-92e5-5fb2d3949070</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>be18c77e-5e4e-3552-ac9b-892ab69a9d49</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>d7ef534a-9fb6-3973-b2fa-2738705db47a</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>24e1d8ed-10f4-3b46-958c-f2fb676e3192</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>d8f19295-5666-31a8-b701-52214c4db51d</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>c31d92b9-0e34-387d-86df-9536bf2ed9c9</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>1a038948-9e9a-3523-b899-990077bfd575</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>a88dab36-f543-32fc-8f45-aa11b99c0ff4</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>7417695b-cbde-3637-bb24-2e265bb2817c</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>46cdd7aa-91f0-307c-90aa-65747e558f25</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>19336e9e-3581-3d83-bb51-b9af2f5a6005</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>3e181820-b214-399d-a0df-474d15e2f146</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>1a038948-9e9a-3523-b899-990077bfd575</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>9e3adb6e-2266-390c-995d-76bc3aa5c3d8</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>e9962c43-9689-39b9-a1ba-cd2eac598802</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>a88dab36-f543-32fc-8f45-aa11b99c0ff4</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>d8f19295-5666-31a8-b701-52214c4db51d</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>1f219054-ea65-3700-a503-2d24acf2c754</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>7eeb23aa-b112-3cc8-bb56-2ca20b456907</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>055308a4-d020-39a9-9da4-b165796ef717</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>8c6c7a60-0856-3a39-8ed6-6e7d0b98c0ae</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>d59eabae-f47a-3d88-a1c9-e15c156202d6</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>47757d9f-c23d-33ca-9c88-3c8722bd00a5</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationId>bb719fee-0175-1000-ffff-ffffb73dd31a</destinationId>
+ <destinationGroupId>895eab20-0175-1000-0000-00007e13267d</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
<relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
@@ -4926,21 +4819,23 @@
</connection>
</processGroup>
<processGroup>
- <id>83691174-683f-3c7c-8526-8fc00397aee1</id>
- <name>Zeek</name>
- <position x="-504.0" y="152.0" />
+ <id>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</id>
+ <name>Suricata</name>
+ <position x="-448.0" y="264.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
- <id>39492e6c-faf0-3bfa-bd16-51a1f8be4c71</id>
- <name>ListenBeats</name>
- <position x="-1114.9155421491096" y="263.01449694104195" />
+ <id>8d1bef35-0175-1000-0000-0000746fa33d</id>
+ <name>RouteOnAttribute</name>
+ <position x="-984.0" y="640.0" />
<styles />
<comment />
- <class>org.apache.nifi.processors.beats.ListenBeats</class>
+ <class>org.apache.nifi.processors.standard.RouteOnAttribute</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-beats-nar</artifact>
- <version>1.11.4</version>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4948,64 +4843,34 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>Local Network Interface</name>
- </property>
- <property>
- <name>Port</name>
- <value>6100</value>
- </property>
- <property>
- <name>Receive Buffer Size</name>
- <value>65507 B</value>
- </property>
- <property>
- <name>Max Size of Message Queue</name>
- <value>10000</value>
- </property>
- <property>
- <name>Max Size of Socket Buffer</name>
- <value>2 MB</value>
- </property>
- <property>
- <name>Character Set</name>
- <value>UTF-8</value>
- </property>
- <property>
- <name>Max Batch Size</name>
- <value>10000</value>
- </property>
- <property>
- <name>Message Delimiter</name>
- <value>,\n</value>
- </property>
- <property>
- <name>Max Number of TCP Connections</name>
- <value>100</value>
+ <name>Routing Strategy</name>
+ <value>Route to Property name</value>
</property>
<property>
- <name>SSL_CONTEXT_SERVICE</name>
+ <name>dns</name>
+ <value>${event_type:equals("dns")}</value>
</property>
<property>
- <name>Client Auth</name>
- <value>REQUIRED</value>
+ <name>tls</name>
+ <value>${event_type:equals("tls")}</value>
</property>
</processor>
<processor>
- <id>ac17155e-32f1-3be8-843e-00877c210519</id>
- <name>Prepend [</name>
- <position x="-1124.1429683635654" y="475.2240314903287" />
+ <id>24e1d8ed-10f4-3b46-958c-f2fb676e3192</id>
+ <name>Normalize fields</name>
+ <position x="-987.5658863682004" y="234.96963460665665" />
<styles />
<comment />
- <class>org.apache.nifi.processors.standard.ReplaceText</class>
+ <class>org.apache.nifi.processors.standard.JoltTransformJSON</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -5013,50 +4878,69 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>Regular Expression</name>
- <value>(?s)(^.*$)</value>
+ <name>jolt-transform</name>
+ <value>jolt-transform-chain</value>
</property>
<property>
- <name>Replacement Value</name>
- <value>[</value>
+ <name>jolt-custom-class</name>
</property>
<property>
- <name>Character Set</name>
- <value>UTF-8</value>
+ <name>jolt-custom-modules</name>
</property>
<property>
- <name>Maximum Buffer Size</name>
- <value>1 MB</value>
+ <name>jolt-spec</name>
+ <value>[{
+ "operation": "shift",
+ "spec": {
+ "*": {
+ "json": {
+ "*": "[&2].&"
+ },
+ "host": {
+ "name": "[&2].labels.source_host"
+ },
+ "source": "[&1].labels.source"
+ }
+ }
+}, {
+ "operation": "shift",
+ "spec": {
+ "*": {
+ "dest_ip":"[&1].destination.ip",
+ "dest_port":"[&1].destination.port",
+ "src_ip":"[&1].source.ip",
+ "src_port":"[&1].source.port",
+ "*": "[&1].&"
+ }
+ }
+}]</value>
</property>
<property>
- <name>Replacement Strategy</name>
- <value>Prepend</value>
+ <name>Transform Cache Size</name>
+ <value>1</value>
</property>
<property>
- <name>Evaluation Mode</name>
- <value>Entire text</value>
- </property>
- <property>
- <name>Line-by-Line Evaluation Mode</name>
- <value>All</value>
+ <name>pretty_print</name>
+ <value>false</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
- <id>fec43039-de5d-1e3b-850a-5e25d7b93c76</id>
- <name>UpdateAttribute</name>
- <position x="-1121.584644408096" y="913.629598069974" />
+ <id>fd6b6513-51f8-3a96-a764-13bd39ec7f84</id>
+ <name>Partition records based on event_type</name>
+ <position x="-382.59400260581754" y="446.9900134408068" />
<styles />
<comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <class>org.apache.nifi.processors.standard.PartitionRecord</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.11.4</version>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -5064,56 +4948,36 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>Delete Attributes Expression</name>
- </property>
- <property>
- <name>Store State</name>
- <value>Do not store state</value>
- </property>
- <property>
- <name>Stateful Variables Initial Value</name>
- </property>
- <property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
- </property>
- <property>
- <name>data_index</name>
- <value>logs-uninett-darknet</value>
- </property>
- <property>
- <name>mime.type</name>
- <value>application/json</value>
- </property>
- <property>
- <name>enrich_ip2</name>
- <value>/ip_dst_addr</value>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
</property>
<property>
- <name>enrich_ip1</name>
- <value>/ip_src_addr</value>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
</property>
<property>
- <name>TLP</name>
- <value>GREEN</value>
+ <name>event_type</name>
+ <value>/event_type</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ <autoTerminatedRelationship>original</autoTerminatedRelationship>
</processor>
<processor>
- <id>9027e415-c8cd-355e-af16-0c635f43832f</id>
- <name>Convert timestamp and add fields</name>
- <position x="-472.77987807459795" y="696.7530680701591" />
+ <id>1a038948-9e9a-3523-b899-990077bfd575</id>
+ <name>Convert timestamp</name>
+ <position x="-385.7461824498648" y="233.13395543765722" />
<styles />
<comment />
<class>org.apache.nifi.processors.standard.UpdateRecord</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -5121,7 +4985,7 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
@@ -5139,40 +5003,29 @@
</property>
<property>
<name>/TLP</name>
- <value>GREEN</value>
- </property>
- <property>
- <name>/data_type</name>
- <value>zeek</value>
- </property>
- <property>
- <name>/data_index</name>
- <value>logs-zeek-conn</value>
+ <value>AMBER</value>
</property>
<property>
<name>/mime.type</name>
<value>application/json</value>
</property>
- <property>
- <name>/data_id</name>
- <value>zeek_conn</value>
- </property>
<property>
<name>/timestamp</name>
- <value>${field.value:multiply(1000):format('yyyy-MM-dd HH:mm:ss.SSSZ'):replace(' ','T'):replaceFirst('\+(\d\d)(\d\d)','+$1:$2')}</value>
+ <value>${field.value:replaceFirst('\+(\d\d)(\d\d)','+$1:$2')}</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
- <id>3bf497f2-3aed-3465-b91c-72ef6e53f0ea</id>
- <name>Remove filebeat fields</name>
- <position x="-1121.1565561587029" y="706.9002449806696" />
+ <id>46cdd7aa-91f0-307c-90aa-65747e558f25</id>
+ <name>Add attributes</name>
+ <position x="-984.0" y="456.0" />
<styles />
<comment />
- <class>org.apache.nifi.processors.jolt.record.JoltTransformRecord</class>
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-jolt-record-nar</artifact>
- <version>1.11.4</version>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -5180,239 +5033,2517 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>jolt-record-record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>jolt-record-record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>jolt-record-transform</name>
- <value>jolt-transform-chain</value>
- </property>
- <property>
- <name>jolt-record-custom-class</name>
- </property>
- <property>
- <name>jolt-record-custom-modules</name>
+ <name>Delete Attributes Expression</name>
</property>
<property>
- <name>jolt-record-spec</name>
- <value>[
- {
- "operation": "shift",
- "spec": {
- "json": {
- "ts": "timestamp",
- "*": {
- "@": "&"
- }
- },
- "host": {
- "name": "host"
- },
- "source": "source"
- }
- },{
- "operation" : "modify-overwrite-beta",
- "spec" :
- {
- "timestamp": "=toString"
- }
- }
-]</value>
+ <name>Store State</name>
+ <value>Do not store state</value>
</property>
<property>
- <name>jolt-record-transform-cache-size</name>
- <value>1</value>
+ <name>Stateful Variables Initial Value</name>
</property>
- <autoTerminatedRelationship>original</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>06501f48-82c7-3c36-b99c-7368a322608b</id>
- <name>Append ]</name>
- <position x="-465.8393574027825" y="478.1159738496917" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.ReplaceText</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
<property>
- <name>Regular Expression</name>
- <value>(?s)(^.*$)</value>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
</property>
<property>
- <name>Replacement Value</name>
- <value>]</value>
+ <name>data_id</name>
+ <value>suricata-${event_type}</value>
</property>
<property>
- <name>Character Set</name>
- <value>UTF-8</value>
+ <name>data_index</name>
+ <value>logs-${beats.sender:substringBeforeLast('/'):substringBeforeLast('.'):substringAfterLast('.')}-suricata-${event_type}</value>
</property>
<property>
- <name>Maximum Buffer Size</name>
- <value>1 MB</value>
+ <name>data_type</name>
+ <value>suricata</value>
</property>
<property>
- <name>Replacement Strategy</name>
- <value>Append</value>
+ <name>enrich_ip2</name>
+ <value>/destination/ip</value>
</property>
<property>
- <name>Evaluation Mode</name>
- <value>Entire text</value>
+ <name>enrich_ip1</name>
+ <value>/source/ip</value>
</property>
<property>
- <name>Line-by-Line Evaluation Mode</name>
- <value>All</value>
+ <name>TLP</name>
+ <value>AMBER</value>
</property>
</processor>
+ <inputPort>
+ <id>8d13c952-0175-1000-0000-00007e8f4cae</id>
+ <name>Input</name>
+ <position x="-928.0" y="16.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
<outputPort>
- <id>a28a9e95-1003-3ea6-9af6-a334c1aec07c</id>
+ <id>055308a4-d020-39a9-9da4-b165796ef717</id>
<name>To enrichment</name>
- <position x="-1065.7090714972117" y="1164.8389289189608" />
+ <position x="-928.0" y="1208.0" />
<comments />
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>06521038-335b-3139-839d-ab43a013ce03</id>
- <position x="-1557.869726298236" y="758.8984861527665" />
- </funnel>
- <funnel>
- <id>c8c0a13d-0170-1000-ffff-ffff874141fa</id>
- <position x="248.5321508445502" y="703.4412774751572" />
- </funnel>
- <connection>
- <id>216d4dcf-f425-33d0-a5c1-5cdf1402162e</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>06501f48-82c7-3c36-b99c-7368a322608b</sourceId>
- <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>3bf497f2-3aed-3465-b91c-72ef6e53f0ea</destinationId>
- <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>3c739604-b69c-3e86-ba4c-a4739078837c</id>
- <name />
- <bendPoints />
- <labelIndex>0</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>9027e415-c8cd-355e-af16-0c635f43832f</sourceId>
- <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>c8c0a13d-0170-1000-ffff-ffff874141fa</destinationId>
- <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>295b97b9-1291-3a83-8191-78a300d0feaa</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>39492e6c-faf0-3bfa-bd16-51a1f8be4c71</sourceId>
- <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>ac17155e-32f1-3be8-843e-00877c210519</destinationId>
- <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>c8be8213-0170-1000-0000-0000695bc36c</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>fec43039-de5d-1e3b-850a-5e25d7b93c76</sourceId>
- <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>a28a9e95-1003-3ea6-9af6-a334c1aec07c</destinationId>
- <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>a056b363-8398-3877-8750-1bc9dcb9b1cd</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>ac17155e-32f1-3be8-843e-00877c210519</sourceId>
- <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>06501f48-82c7-3c36-b99c-7368a322608b</destinationId>
- <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <processGroup>
+ <id>8d1afcd0-0175-1000-ffff-ffffb3690a74</id>
+ <name>TLS events</name>
+ <position x="-384.0" y="872.0" />
+ <comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
+ <processor>
+ <id>9279850b-0175-1000-0000-00001e74d182</id>
+ <name>Copy SNI</name>
+ <position x="504.0" y="320.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.UpdateRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>replacement-value-strategy</name>
+ <value>record-path-value</value>
+ </property>
+ <property>
+ <name>/tls/sni_length</name>
+ <value>/tls/sni</value>
+ </property>
+ <property>
+ <name>/tls/sni_domain_length</name>
+ <value>/tls/sni</value>
+ </property>
+ <property>
+ <name>/tls/sni_domain</name>
+ <value>/tls/sni</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>349b3279-a821-1197-aaa6-7e5472dccbef</id>
+ <name>Add sni_domain ++</name>
+ <position x="504.0" y="544.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.UpdateRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>replacement-value-strategy</name>
+ <value>literal-value</value>
+ </property>
+ <property>
+ <name>/tls/sni_length</name>
+ <value>${field.value:length():toNumber()}</value>
+ </property>
+ <property>
+ <name>/tls/sni_domain_length</name>
+ <value>${field.value:substringBeforeLast('.'):substringAfterLast('.'):append(${field.value:substringAfterLast('.'):prepend('.')}):length():toNumber()}</value>
+ </property>
+ <property>
+ <name>/tls/sni_domain</name>
+ <value>${field.value:substringBeforeLast('.'):substringAfterLast('.'):append(${field.value:substringAfterLast('.'):prepend('.')})}</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>349b3291-a821-1197-0000-000032560c6a</id>
+ <name>Specify enrichment fields</name>
+ <position x="504.0" y="752.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Delete Attributes Expression</name>
+ </property>
+ <property>
+ <name>Store State</name>
+ <value>Do not store state</value>
+ </property>
+ <property>
+ <name>Stateful Variables Initial Value</name>
+ </property>
+ <property>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>enrich_domain1</name>
+ <value>/tls/sni_domain</value>
+ </property>
+ <property>
+ <name>enrich_fqdn1</name>
+ <value>/tls/sni</value>
+ </property>
+ </processor>
+ <inputPort>
+ <id>92795a59-0175-1000-ffff-ffff89bc5f21</id>
+ <name>Input</name>
+ <position x="552.9999060626994" y="144.00001181679164" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <outputPort>
+ <id>349b32d8-a821-1197-0000-000025a75a3b</id>
+ <name>Output</name>
+ <position x="552.0" y="976.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <connection>
+ <id>9279996e-0175-1000-0000-000037fbed8b</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>92795a59-0175-1000-ffff-ffff89bc5f21</sourceId>
+ <sourceGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>9279850b-0175-1000-0000-00001e74d182</destinationId>
+ <destinationGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>349b3297-a821-1197-0000-0000717807b6</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>349b3279-a821-1197-aaa6-7e5472dccbef</sourceId>
+ <sourceGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>349b3291-a821-1197-0000-000032560c6a</destinationId>
+ <destinationGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>349b327f-a821-1197-ffff-ffff8946a863</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>9279850b-0175-1000-0000-00001e74d182</sourceId>
+ <sourceGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>349b3279-a821-1197-aaa6-7e5472dccbef</destinationId>
+ <destinationGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>349b32da-a821-1197-0000-000047979e25</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>349b3291-a821-1197-0000-000032560c6a</sourceId>
+ <sourceGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>349b32d8-a821-1197-0000-000025a75a3b</destinationId>
+ <destinationGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <processGroup>
+ <id>8d1ad21f-0175-1000-0000-00003c540411</id>
+ <name>DNS events</name>
+ <position x="-1000.0" y="872.0" />
+ <comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
+ <processor>
+ <id>8d37fe91-0175-1000-ffff-ffffb5c4de34</id>
+ <name>Add rrname_domain++</name>
+ <position x="1056.0" y="568.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.UpdateRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>replacement-value-strategy</name>
+ <value>literal-value</value>
+ </property>
+ <property>
+ <name>/dns/rrname_domain</name>
+ <value>${field.value:substringBeforeLast('.'):substringAfterLast('.'):append(${field.value:substringAfterLast('.'):prepend('.')})}</value>
+ </property>
+ <property>
+ <name>/dns/rrname_length</name>
+ <value>${field.value:length():toNumber()}</value>
+ </property>
+ <property>
+ <name>/dns/rrname_domain_length</name>
+ <value>${field.value:substringBeforeLast('.'):substringAfterLast('.'):append(${field.value:substringAfterLast('.'):prepend('.')}):length():toNumber()}</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>8d312ef9-0175-1000-ffff-fffff23bbb0c</id>
+ <name>Route on DNS type</name>
+ <position x="1056.0" y="128.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.RouteOnAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Routing Strategy</name>
+ <value>Route to Property name</value>
+ </property>
+ <property>
+ <name>answer</name>
+ <value>${type:contains("answer")}</value>
+ </property>
+ </processor>
+ <processor>
+ <id>8d2262f6-0175-1000-0000-000029eaa6ef</id>
+ <name>Partition on dns message type</name>
+ <position x="432.0" y="136.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.PartitionRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>type</name>
+ <value>/dns/type</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ <autoTerminatedRelationship>original</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>8d36474f-0175-1000-0000-00003a8dd2d0</id>
+ <name>UpdateAttribute</name>
+ <position x="1056.0" y="768.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Delete Attributes Expression</name>
+ </property>
+ <property>
+ <name>Store State</name>
+ <value>Do not store state</value>
+ </property>
+ <property>
+ <name>Stateful Variables Initial Value</name>
+ </property>
+ <property>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>enrich_domain1</name>
+ <value>/dns/rrname_domain</value>
+ </property>
+ <property>
+ <name>enrich_fqdn1</name>
+ <value>/dns/rrname</value>
+ </property>
+ </processor>
+ <processor>
+ <id>8d34409e-0175-1000-ffff-ffff99eb371d</id>
+ <name>Extract rrname_domain++</name>
+ <position x="1056.0" y="368.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.UpdateRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>replacement-value-strategy</name>
+ <value>literal-value</value>
+ </property>
+ <property>
+ <name>/dns/rrname_domain</name>
+ <value>/dns/rrname</value>
+ </property>
+ <property>
+ <name>/dns/rrname_length</name>
+ <value>/dns/rrname</value>
+ </property>
+ <property>
+ <name>/dns/rrname_domain_length</name>
+ <value>/dns/rrname</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <inputPort>
+ <id>8d212c22-0175-1000-ffff-fffffbc39157</id>
+ <name>Input</name>
+ <position x="488.0" y="0.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <outputPort>
+ <id>8d211b58-0175-1000-0000-000003eb5f3b</id>
+ <name>Output</name>
+ <position x="448.0" y="808.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <connection>
+ <id>8d3979b7-0175-1000-ffff-ffffe2efe898</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8d37fe91-0175-1000-ffff-ffffb5c4de34</sourceId>
+ <sourceGroupId>8d1ad21f-0175-1000-0000-00003c540411</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>8d36474f-0175-1000-0000-00003a8dd2d0</destinationId>
+ <destinationGroupId>8d1ad21f-0175-1000-0000-00003c540411</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8d3afc9a-0175-1000-ffff-ffffe1ef144c</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8d36474f-0175-1000-0000-00003a8dd2d0</sourceId>
+ <sourceGroupId>8d1ad21f-0175-1000-0000-00003c540411</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>8d211b58-0175-1000-0000-000003eb5f3b</destinationId>
+ <destinationGroupId>8d1ad21f-0175-1000-0000-00003c540411</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8d30f240-0175-1000-ffff-ffffa4cc8a58</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8d212c22-0175-1000-ffff-fffffbc39157</sourceId>
+ <sourceGroupId>8d1ad21f-0175-1000-0000-00003c540411</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>8d2262f6-0175-1000-0000-000029eaa6ef</destinationId>
+ <destinationGroupId>8d1ad21f-0175-1000-0000-00003c540411</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8d3b1d93-0175-1000-ffff-ffffe953d6b9</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="568.0" y="400.0" />
+ </bendPoints>
+ <labelIndex>0</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8d312ef9-0175-1000-ffff-fffff23bbb0c</sourceId>
+ <sourceGroupId>8d1ad21f-0175-1000-0000-00003c540411</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>8d211b58-0175-1000-0000-000003eb5f3b</destinationId>
+ <destinationGroupId>8d1ad21f-0175-1000-0000-00003c540411</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>unmatched</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8d3821ce-0175-1000-0000-000046a72d11</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8d34409e-0175-1000-ffff-ffff99eb371d</sourceId>
+ <sourceGroupId>8d1ad21f-0175-1000-0000-00003c540411</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>8d37fe91-0175-1000-ffff-ffffb5c4de34</destinationId>
+ <destinationGroupId>8d1ad21f-0175-1000-0000-00003c540411</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8d3281c3-0175-1000-ffff-ffffed50fa50</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8d2262f6-0175-1000-0000-000029eaa6ef</sourceId>
+ <sourceGroupId>8d1ad21f-0175-1000-0000-00003c540411</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>8d312ef9-0175-1000-ffff-fffff23bbb0c</destinationId>
+ <destinationGroupId>8d1ad21f-0175-1000-0000-00003c540411</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8d3485f4-0175-1000-0000-0000175959ff</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8d312ef9-0175-1000-ffff-fffff23bbb0c</sourceId>
+ <sourceGroupId>8d1ad21f-0175-1000-0000-00003c540411</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>8d34409e-0175-1000-ffff-ffff99eb371d</destinationId>
+ <destinationGroupId>8d1ad21f-0175-1000-0000-00003c540411</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>answer</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <connection>
+ <id>349b32bb-a821-1197-ffff-ffff81dc7ff2</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8d1bef35-0175-1000-0000-0000746fa33d</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>92795a59-0175-1000-ffff-ffff89bc5f21</destinationId>
+ <destinationGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship>tls</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8d19c8d7-0175-1000-ffff-ffffe3aa385d</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>1a038948-9e9a-3523-b899-990077bfd575</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>46cdd7aa-91f0-307c-90aa-65747e558f25</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8d13df9c-0175-1000-0000-0000562b802e</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8d13c952-0175-1000-0000-00007e8f4cae</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>24e1d8ed-10f4-3b46-958c-f2fb676e3192</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>f9a8aee6-502f-3eb9-8806-8964276d4ca0</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>24e1d8ed-10f4-3b46-958c-f2fb676e3192</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>1a038948-9e9a-3523-b899-990077bfd575</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8d2364b0-0175-1000-ffff-ffffa2a4601f</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8d1bef35-0175-1000-0000-0000746fa33d</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>8d212c22-0175-1000-ffff-fffffbc39157</destinationId>
+ <destinationGroupId>8d1ad21f-0175-1000-0000-00003c540411</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship>dns</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8d1a6818-0175-1000-ffff-ffffeebd7e98</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>46cdd7aa-91f0-307c-90aa-65747e558f25</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>fd6b6513-51f8-3a96-a764-13bd39ec7f84</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>349b32e1-a821-1197-0000-00000d7cca30</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>349b32d8-a821-1197-0000-000025a75a3b</sourceId>
+ <sourceGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>055308a4-d020-39a9-9da4-b165796ef717</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8d1c1701-0175-1000-ffff-fffff7364622</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>fd6b6513-51f8-3a96-a764-13bd39ec7f84</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>8d1bef35-0175-1000-0000-0000746fa33d</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>9266feff-0175-1000-ffff-ffff8c7d68c1</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="-1208.0" y="952.0" />
+ </bendPoints>
+ <labelIndex>0</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8d1bef35-0175-1000-0000-0000746fa33d</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>055308a4-d020-39a9-9da4-b165796ef717</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>unmatched</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>9266e0c5-0175-1000-0000-00006aafc0f8</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8d211b58-0175-1000-0000-000003eb5f3b</sourceId>
+ <sourceGroupId>8d1ad21f-0175-1000-0000-00003c540411</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>055308a4-d020-39a9-9da4-b165796ef717</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <processGroup>
+ <id>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</id>
+ <name>Mysql</name>
+ <position x="-440.0" y="1272.0" />
+ <comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
+ <processor>
+ <id>14453e90-7646-1485-ffff-ffff81f3c683</id>
+ <name>Add header</name>
+ <position x="344.0" y="-8.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ReplaceText</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Regular Expression</name>
+ <value>(?s)(^.*$)</value>
+ </property>
+ <property>
+ <name>Replacement Value</name>
+ <value>timestamp,serverhost,username,host,connectionid,queryid,operation,database,object,retcode
+</value>
+ </property>
+ <property>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>Maximum Buffer Size</name>
+ <value>1 MB</value>
+ </property>
+ <property>
+ <name>Replacement Strategy</name>
+ <value>Prepend</value>
+ </property>
+ <property>
+ <name>Evaluation Mode</name>
+ <value>Entire text</value>
+ </property>
+ <property>
+ <name>Line-by-Line Evaluation Mode</name>
+ <value>All</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>e0bd3907-2d13-1407-b2dd-48591e65e59d</id>
+ <name>UpdateRecord</name>
+ <position x="-336.0" y="416.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.UpdateRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>replacement-value-strategy</name>
+ <value>literal-value</value>
+ </property>
+ <property>
+ <name>/event_type</name>
+ <value>log</value>
+ </property>
+ <property>
+ <name>/labels/source_host</name>
+ <value>${source_host}</value>
+ </property>
+ <property>
+ <name>/timestamp</name>
+ <value>${field.value:toDate('yyMMdd HH:mm:ss'):format("yyyy-MM-dd'T'HH:mm:ss.SSSXXX")}</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>50813f6b-a5f6-1a98-8ae4-115134714332</id>
+ <name>UpdateRecord</name>
+ <position x="352.0" y="472.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.UpdateRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>replacement-value-strategy</name>
+ <value>literal-value</value>
+ </property>
+ <property>
+ <name>/event_type</name>
+ <value>audit</value>
+ </property>
+ <property>
+ <name>/labels/source_host</name>
+ <value>${source_host}</value>
+ </property>
+ <property>
+ <name>/timestamp</name>
+ <value>${field.value:toDate('yyyyMMdd HH:mm:ss'):format("yyyy-MM-dd'T'HH:mm:ss.SSSXXX")}</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>e4353681-23e9-15af-0000-000032ea35e3</id>
+ <name>RouteOnAttribute</name>
+ <position x="-352.0" y="0.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.RouteOnAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Routing Strategy</name>
+ <value>Route to Property name</value>
+ </property>
+ <property>
+ <name>audit</name>
+ <value>${source_file:contains("audit")}</value>
+ </property>
+ </processor>
+ <processor>
+ <id>f92d3f77-958a-1344-bd3b-7c93457e5c12</id>
+ <name>Extract message</name>
+ <position x="-360.0" y="-216.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ConvertRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>bc8e5957-0175-1000-0000-00003346421d</value>
+ </property>
+ <property>
+ <name>include-zero-record-flowfiles</name>
+ <value>true</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>92693a34-99da-1004-adfb-bdf4aa7e1c30</id>
+ <name>Convert to json</name>
+ <position x="352.0" y="240.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ConvertRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>14453a95-7646-1485-0000-00002c675762</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>include-zero-record-flowfiles</name>
+ <value>false</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>48723b8e-fae0-14e6-afdc-85c239646dc0</id>
+ <name>UpdateAttribute</name>
+ <position x="-320.0" y="648.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Delete Attributes Expression</name>
+ </property>
+ <property>
+ <name>Store State</name>
+ <value>Do not store state</value>
+ </property>
+ <property>
+ <name>Stateful Variables Initial Value</name>
+ </property>
+ <property>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>data_index</name>
+ <value>logs-mysql</value>
+ </property>
+ <property>
+ <name>enrich_ip1</name>
+ <value>/client.ip</value>
+ </property>
+ </processor>
+ <processor>
+ <id>14453a41-7646-1485-b398-28f819de4a45</id>
+ <name>Convert to json</name>
+ <position x="-336.0" y="200.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ConvertRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>70ea12d7-0176-1000-ffff-ffffee2ee306</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>include-zero-record-flowfiles</name>
+ <value>false</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <inputPort>
+ <id>7f683020-779c-1bc9-85da-5bad079d5d9d</id>
+ <name>Input</name>
+ <position x="-312.0" y="-336.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <outputPort>
+ <id>bcbb33ba-112e-1f53-8982-d5ae9f0e701f</id>
+ <name>Output</name>
+ <position x="-256.0" y="960.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <connection>
+ <id>14453eaa-7646-1485-0000-000070b97065</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>14453e90-7646-1485-ffff-ffff81f3c683</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>92693a34-99da-1004-adfb-bdf4aa7e1c30</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>e43535a1-23e9-15af-9f98-2061dd6f97d6</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>92693a34-99da-1004-adfb-bdf4aa7e1c30</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>50813f6b-a5f6-1a98-8ae4-115134714332</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>70e77065-0176-1000-0000-00001479fdf4</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>e0bd3907-2d13-1407-b2dd-48591e65e59d</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>48723b8e-fae0-14e6-afdc-85c239646dc0</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>cf95350a-de6c-1a4b-8183-8f9cfa11449a</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>7f683020-779c-1bc9-85da-5bad079d5d9d</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>f92d3f77-958a-1344-bd3b-7c93457e5c12</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>14453fcf-7646-1485-ffff-ffff952df142</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>e4353681-23e9-15af-0000-000032ea35e3</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>14453e90-7646-1485-ffff-ffff81f3c683</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>audit</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>3e21311d-dc5c-143f-b39e-d8fb8c9fd36d</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>50813f6b-a5f6-1a98-8ae4-115134714332</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>48723b8e-fae0-14e6-afdc-85c239646dc0</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>14453a4b-7646-1485-ffff-fffffc8f5285</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>e4353681-23e9-15af-0000-000032ea35e3</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>14453a41-7646-1485-b398-28f819de4a45</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>unmatched</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>7fe931b3-82b3-1699-b49a-d380dd14a5b8</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>48723b8e-fae0-14e6-afdc-85c239646dc0</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>bcbb33ba-112e-1f53-8982-d5ae9f0e701f</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>a35e3744-5906-1ee9-abc4-205356ca01d1</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>f92d3f77-958a-1344-bd3b-7c93457e5c12</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>e4353681-23e9-15af-0000-000032ea35e3</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>70e8f3cb-0176-1000-0000-00006d2cdbf5</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>14453a41-7646-1485-b398-28f819de4a45</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>e0bd3907-2d13-1407-b2dd-48591e65e59d</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <processGroup>
+ <id>5d04357e-423c-1ab5-a7a4-44565abfed7f</id>
+ <name>Haproxy</name>
+ <position x="-448.0" y="664.0" />
+ <comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
+ <processor>
+ <id>c9763c4c-7186-1460-871a-b5fd00ca3241</id>
+ <name>UpdateRecord</name>
+ <position x="352.0" y="472.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.UpdateRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>replacement-value-strategy</name>
+ <value>literal-value</value>
+ </property>
+ <property>
+ <name>/labels/source_host</name>
+ <value>${source_host}</value>
+ </property>
+ <property>
+ <name>/timestamp</name>
+ <value>${field.value:toDate('dd/MMM/yyyy:HH:mm:ss.SSS'):format("yyyy-MM-dd'T'HH:mm:ss.SSSXXX")}</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>e4c8356d-54ad-15b5-94fe-799d9465aa51</id>
+ <name>Extract message</name>
+ <position x="352.0" y="280.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ConvertRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>bc8e5957-0175-1000-0000-00003346421d</value>
+ </property>
+ <property>
+ <name>include-zero-record-flowfiles</name>
+ <value>true</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>f6e63fd3-6150-1d72-a58a-46b43bc5d5c2</id>
+ <name>Convert to json</name>
+ <position x="1064.0" y="272.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ConvertRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>56ebe0aa-0176-1000-ffff-ffffbd212f01</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>include-zero-record-flowfiles</name>
+ <value>false</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>7fbd38e8-60a2-1503-8a6c-ffc6b156b3b0</id>
+ <name>UpdateAttribute</name>
+ <position x="1072.0" y="472.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Delete Attributes Expression</name>
+ </property>
+ <property>
+ <name>Store State</name>
+ <value>Do not store state</value>
+ </property>
+ <property>
+ <name>Stateful Variables Initial Value</name>
+ </property>
+ <property>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>data_index</name>
+ <value>logs-haproxy</value>
+ </property>
+ <property>
+ <name>enrich_ip1</name>
+ <value>/client.ip</value>
+ </property>
+ </processor>
+ <inputPort>
+ <id>65a33e05-e157-1bfc-8741-adf11b3df720</id>
+ <name>Input</name>
+ <position x="397.9999517774115" y="110.99999315685733" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <outputPort>
+ <id>328b35e2-eb52-1f47-b84d-52941eff8a07</id>
+ <name>Output</name>
+ <position x="1120.0" y="808.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <connection>
+ <id>960f3ac9-95dc-103d-a70a-ca3b070851a4</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>7fbd38e8-60a2-1503-8a6c-ffc6b156b3b0</sourceId>
+ <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>328b35e2-eb52-1f47-b84d-52941eff8a07</destinationId>
+ <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>0ecb3e12-768e-1896-a850-2a2bec52eb95</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>c9763c4c-7186-1460-871a-b5fd00ca3241</sourceId>
+ <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>7fbd38e8-60a2-1503-8a6c-ffc6b156b3b0</destinationId>
+ <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>b5d43cea-5555-10b0-b75f-b88a95e9c6aa</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>65a33e05-e157-1bfc-8741-adf11b3df720</sourceId>
+ <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>e4c8356d-54ad-15b5-94fe-799d9465aa51</destinationId>
+ <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>484a3eab-4af3-11cd-abe2-d5ee6fc1a291</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>e4c8356d-54ad-15b5-94fe-799d9465aa51</sourceId>
+ <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>f6e63fd3-6150-1d72-a58a-46b43bc5d5c2</destinationId>
+ <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>39ef3a2d-874e-11a6-87be-0b3582fa43de</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>f6e63fd3-6150-1d72-a58a-46b43bc5d5c2</sourceId>
+ <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>c9763c4c-7186-1460-871a-b5fd00ca3241</destinationId>
+ <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <processGroup>
+ <id>7263390f-914c-1f6e-9451-75f908ed8816</id>
+ <name>Elasticsearch</name>
+ <position x="-1904.0" y="488.0" />
+ <comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
+ <processor>
+ <id>295133bd-42e6-1b08-80c5-bea2e19921fc</id>
+ <name>UpdateAttribute</name>
+ <position x="360.0" y="600.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Delete Attributes Expression</name>
+ </property>
+ <property>
+ <name>Store State</name>
+ <value>Do not store state</value>
+ </property>
+ <property>
+ <name>Stateful Variables Initial Value</name>
+ </property>
+ <property>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>data_index</name>
+ <value>logs-elasticsearch</value>
+ </property>
+ </processor>
+ <inputPort>
+ <id>39ce3238-1ebd-1c2c-b724-01d18f147b6f</id>
+ <name>Input</name>
+ <position x="408.0" y="320.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <outputPort>
+ <id>bbc63756-9681-13b9-8c07-20c82f62ceca</id>
+ <name>Output</name>
+ <position x="408.0" y="920.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <connection>
+ <id>15e0341e-6dd3-172a-b2b5-8f1d5740fea1</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>39ce3238-1ebd-1c2c-b724-01d18f147b6f</sourceId>
+ <sourceGroupId>7263390f-914c-1f6e-9451-75f908ed8816</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>295133bd-42e6-1b08-80c5-bea2e19921fc</destinationId>
+ <destinationGroupId>7263390f-914c-1f6e-9451-75f908ed8816</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>af99379e-bf26-19c5-bd70-bd6d405fb0b7</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>295133bd-42e6-1b08-80c5-bea2e19921fc</sourceId>
+ <sourceGroupId>7263390f-914c-1f6e-9451-75f908ed8816</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>bbc63756-9681-13b9-8c07-20c82f62ceca</destinationId>
+ <destinationGroupId>7263390f-914c-1f6e-9451-75f908ed8816</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <processGroup>
+ <id>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</id>
+ <name>Keycloak</name>
+ <position x="-440.0" y="1064.0" />
+ <comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
+ <processor>
+ <id>8e17350e-583e-1130-8ec7-bd2dc5d4f361</id>
+ <name>UpdateAttribute</name>
+ <position x="344.0" y="736.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Delete Attributes Expression</name>
+ </property>
+ <property>
+ <name>Store State</name>
+ <value>Do not store state</value>
+ </property>
+ <property>
+ <name>Stateful Variables Initial Value</name>
+ </property>
+ <property>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>data_index</name>
+ <value>logs-keycloak</value>
+ </property>
+ </processor>
+ <processor>
+ <id>fbbe3f9c-5336-11c9-0000-00003ab5dde5</id>
+ <name>Fix timestamp</name>
+ <position x="352.0" y="480.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.jolt.record.JoltTransformRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-jolt-record-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>jolt-record-record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>jolt-record-record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>jolt-record-transform</name>
+ <value>jolt-transform-chain</value>
+ </property>
+ <property>
+ <name>jolt-record-custom-class</name>
+ </property>
+ <property>
+ <name>jolt-record-custom-modules</name>
+ </property>
+ <property>
+ <name>jolt-record-spec</name>
+ <value>[
+ {
+ "operation": "shift",
+ "spec": {
+ "timestamp": {
+ "1": "timestamp"
+ },
+ "*": "&"
+ }
+ }
+]</value>
+ </property>
+ <property>
+ <name>jolt-record-transform-cache-size</name>
+ <value>1</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ <autoTerminatedRelationship>original</autoTerminatedRelationship>
+ </processor>
+ <inputPort>
+ <id>10cb3b64-e867-1d81-bd59-eb9cf6883f24</id>
+ <name>Input</name>
+ <position x="408.0" y="320.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <outputPort>
+ <id>84dc3511-1322-175b-8083-9729037f8edb</id>
+ <name>Output</name>
+ <position x="392.0" y="984.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <connection>
+ <id>fbbe3fbf-5336-11c9-ffff-ffffb7c3576e</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>fbbe3f9c-5336-11c9-0000-00003ab5dde5</sourceId>
+ <sourceGroupId>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>8e17350e-583e-1130-8ec7-bd2dc5d4f361</destinationId>
+ <destinationGroupId>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>50c83129-28e1-1d45-bafe-912df3cdf284</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>10cb3b64-e867-1d81-bd59-eb9cf6883f24</sourceId>
+ <sourceGroupId>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>fbbe3f9c-5336-11c9-0000-00003ab5dde5</destinationId>
+ <destinationGroupId>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>fbbe3ede-5336-11c9-8870-deb7fffd14ae</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8e17350e-583e-1130-8ec7-bd2dc5d4f361</sourceId>
+ <sourceGroupId>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>84dc3511-1322-175b-8083-9729037f8edb</destinationId>
+ <destinationGroupId>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <processGroup>
+ <id>83691174-683f-3c7c-8526-8fc00397aee1</id>
+ <name>Zeek</name>
+ <position x="-448.0" y="464.0" />
+ <comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
+ <processor>
+ <id>fec43039-de5d-1e3b-850a-5e25d7b93c76</id>
+ <name>UpdateAttribute</name>
+ <position x="-1121.584644408096" y="913.629598069974" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Delete Attributes Expression</name>
+ </property>
+ <property>
+ <name>Store State</name>
+ <value>Do not store state</value>
+ </property>
+ <property>
+ <name>Stateful Variables Initial Value</name>
+ </property>
+ <property>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>data_index</name>
+ <value>logs-uninett-darknet</value>
+ </property>
+ <property>
+ <name>mime.type</name>
+ <value>application/json</value>
+ </property>
+ <property>
+ <name>enrich_ip2</name>
+ <value>/destination/ip</value>
+ </property>
+ <property>
+ <name>enrich_ip1</name>
+ <value>/source/ip</value>
+ </property>
+ <property>
+ <name>TLP</name>
+ <value>AMBER</value>
+ </property>
+ </processor>
+ <processor>
+ <id>9027e415-c8cd-355e-af16-0c635f43832f</id>
+ <name>Convert timestamp and add fields</name>
+ <position x="-472.77987807459795" y="696.7530680701591" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.UpdateRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>replacement-value-strategy</name>
+ <value>literal-value</value>
+ </property>
+ <property>
+ <name>/data_type</name>
+ <value>zeek</value>
+ </property>
+ <property>
+ <name>/data_index</name>
+ <value>logs-zeek-conn</value>
+ </property>
+ <property>
+ <name>/data_id</name>
+ <value>zeek_conn</value>
+ </property>
+ <property>
+ <name>/timestamp</name>
+ <value>${field.value:multiply(1000):format('yyyy-MM-dd HH:mm:ss.SSSZ'):replace(' ','T'):replaceFirst('\+(\d\d)(\d\d)','+$1:$2')}</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>3bf497f2-3aed-3465-b91c-72ef6e53f0ea</id>
+ <name>Normalize fields</name>
+ <position x="-1121.1565561587029" y="706.9002449806696" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.jolt.record.JoltTransformRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-jolt-record-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>jolt-record-record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>jolt-record-record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>jolt-record-transform</name>
+ <value>jolt-transform-chain</value>
+ </property>
+ <property>
+ <name>jolt-record-custom-class</name>
+ </property>
+ <property>
+ <name>jolt-record-custom-modules</name>
+ </property>
+ <property>
+ <name>jolt-record-spec</name>
+ <value>[{
+ "operation": "modify-overwrite-beta",
+ "spec": {
+ "*": "=recursivelySquashNulls"
+ }
+ },{
+ "operation": "shift",
+ "spec": {
+ "*": {
+ "json": {
+ "*": "[&2].&"
+ },
+ "host": {
+ "name": "[&2].labels.source_host"
+ },
+ "source": "[&1].labels.source"
+ }
+ }
+}, {
+ "operation": "shift",
+ "spec": {
+ "*": {
+ "ts": "[&1].timestamp",
+ "id.resp_h":"[&1].destination.ip",
+ "id.resp_p":"[&1].destination.port",
+ "id.orig_h":"[&1].source.ip",
+ "id.orig_p":"[&1].source.port",
+ "*": "[&1].&"
+ }
+ }
+}, {
+ "operation": "modify-overwrite-beta",
+ "spec": {
+ "*": {
+ "timestamp": "=toString"
+ }
+ }
+}]</value>
+ </property>
+ <property>
+ <name>jolt-record-transform-cache-size</name>
+ <value>1</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ <autoTerminatedRelationship>original</autoTerminatedRelationship>
+ </processor>
+ <inputPort>
+ <id>349b3362-a821-1197-ffff-ffff91d0e6c0</id>
+ <name>Input</name>
+ <position x="-1072.0" y="520.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <outputPort>
+ <id>a28a9e95-1003-3ea6-9af6-a334c1aec07c</id>
+ <name>To enrichment</name>
+ <position x="-1065.7090714972117" y="1164.8389289189608" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <connection>
+ <id>c8be8213-0170-1000-0000-0000695bc36c</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>fec43039-de5d-1e3b-850a-5e25d7b93c76</sourceId>
+ <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>a28a9e95-1003-3ea6-9af6-a334c1aec07c</destinationId>
+ <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>2d0f222e-d08e-31fd-b5e1-1ce178368e4c</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>3bf497f2-3aed-3465-b91c-72ef6e53f0ea</sourceId>
+ <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>9027e415-c8cd-355e-af16-0c635f43832f</destinationId>
+ <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>c8be6e60-0170-1000-ffff-ffffe34d52ef</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>9027e415-c8cd-355e-af16-0c635f43832f</sourceId>
+ <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>fec43039-de5d-1e3b-850a-5e25d7b93c76</destinationId>
+ <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>349b3364-a821-1197-0000-000063d0c208</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>349b3362-a821-1197-ffff-ffff91d0e6c0</sourceId>
+ <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>3bf497f2-3aed-3465-b91c-72ef6e53f0ea</destinationId>
+ <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <processGroup>
+ <id>31b13b40-8e26-1798-9777-2272881c6031</id>
+ <name>Zookeeper</name>
+ <position x="-440.0" y="1488.0" />
+ <comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
+ <processor>
+ <id>b09b367b-060f-1e74-9a96-ca5ba5f88858</id>
+ <name>UpdateRecord</name>
+ <position x="352.0" y="472.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.UpdateRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>replacement-value-strategy</name>
+ <value>literal-value</value>
+ </property>
+ <property>
+ <name>/labels/source_host</name>
+ <value>${source_host}</value>
+ </property>
+ <property>
+ <name>/timestamp</name>
+ <value>${field.value:toDate('yyyy-MM-dd HH:mm:ss,SSS'):format("yyyy-MM-dd'T'HH:mm:ss.SSSXXX")}</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>dd3b361c-4e9c-158c-ba31-61006a0b21b7</id>
+ <name>UpdateAttribute</name>
+ <position x="1072.0" y="472.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Delete Attributes Expression</name>
+ </property>
+ <property>
+ <name>Store State</name>
+ <value>Do not store state</value>
+ </property>
+ <property>
+ <name>Stateful Variables Initial Value</name>
+ </property>
+ <property>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>data_index</name>
+ <value>logs-zookeeper</value>
+ </property>
+ </processor>
+ <processor>
+ <id>4b1c38b7-8f98-1a81-96c9-17e3eccc45b2</id>
+ <name>Extract message</name>
+ <position x="352.0" y="280.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ConvertRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>bc8e5957-0175-1000-0000-00003346421d</value>
+ </property>
+ <property>
+ <name>include-zero-record-flowfiles</name>
+ <value>true</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>38f03e95-db26-1287-be1a-4218f647596a</id>
+ <name>Convert to json</name>
+ <position x="1064.0" y="272.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ConvertRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>7504a565-0176-1000-ffff-ffff9c0f0741</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>include-zero-record-flowfiles</name>
+ <value>false</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <inputPort>
+ <id>a77d3c33-9575-1926-b230-9cf1fca55e7e</id>
+ <name>Input</name>
+ <position x="397.9999517774115" y="110.99999315685733" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <outputPort>
+ <id>f1e73393-065a-1450-9ad0-fd7cdb57853f</id>
+ <name>Output</name>
+ <position x="1120.0" y="808.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <connection>
+ <id>4b353d86-8a69-1ca1-bc1c-8db0049f5886</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>38f03e95-db26-1287-be1a-4218f647596a</sourceId>
+ <sourceGroupId>31b13b40-8e26-1798-9777-2272881c6031</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>b09b367b-060f-1e74-9a96-ca5ba5f88858</destinationId>
+ <destinationGroupId>31b13b40-8e26-1798-9777-2272881c6031</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
<loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>ee8556df-9826-3d45-82de-5c1c876db435</id>
+ <id>b05339e8-7bbc-1975-a9b2-4bc789dda2df</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>3bf497f2-3aed-3465-b91c-72ef6e53f0ea</sourceId>
- <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>06521038-335b-3139-839d-ab43a013ce03</destinationId>
- <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
+ <sourceId>a77d3c33-9575-1926-b230-9cf1fca55e7e</sourceId>
+ <sourceGroupId>31b13b40-8e26-1798-9777-2272881c6031</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>4b1c38b7-8f98-1a81-96c9-17e3eccc45b2</destinationId>
+ <destinationGroupId>31b13b40-8e26-1798-9777-2272881c6031</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -5421,16 +7552,16 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>2d0f222e-d08e-31fd-b5e1-1ce178368e4c</id>
+ <id>5d6f3995-2075-11db-ba4b-1b76e1ed6473</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>3bf497f2-3aed-3465-b91c-72ef6e53f0ea</sourceId>
- <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceId>b09b367b-060f-1e74-9a96-ca5ba5f88858</sourceId>
+ <sourceGroupId>31b13b40-8e26-1798-9777-2272881c6031</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>9027e415-c8cd-355e-af16-0c635f43832f</destinationId>
- <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
+ <destinationId>dd3b361c-4e9c-158c-ba31-61006a0b21b7</destinationId>
+ <destinationGroupId>31b13b40-8e26-1798-9777-2272881c6031</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
<relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
@@ -5441,18 +7572,18 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>ed8609a1-bd09-391e-831b-1ab5b53a5049</id>
+ <id>2a0131b7-9c0d-157d-a9ac-abd12398f2a8</id>
<name />
<bendPoints />
- <labelIndex>0</labelIndex>
+ <labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>06501f48-82c7-3c36-b99c-7368a322608b</sourceId>
- <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceId>4b1c38b7-8f98-1a81-96c9-17e3eccc45b2</sourceId>
+ <sourceGroupId>31b13b40-8e26-1798-9777-2272881c6031</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>c8c0a13d-0170-1000-ffff-ffff874141fa</destinationId>
- <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
+ <destinationId>38f03e95-db26-1287-be1a-4218f647596a</destinationId>
+ <destinationGroupId>31b13b40-8e26-1798-9777-2272881c6031</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -5461,17 +7592,17 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>c8be6e60-0170-1000-ffff-ffffe34d52ef</id>
+ <id>5a2e3db4-49d3-187d-9db9-3f0b48a2c6af</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>9027e415-c8cd-355e-af16-0c635f43832f</sourceId>
- <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceId>dd3b361c-4e9c-158c-ba31-61006a0b21b7</sourceId>
+ <sourceGroupId>31b13b40-8e26-1798-9777-2272881c6031</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>fec43039-de5d-1e3b-850a-5e25d7b93c76</destinationId>
- <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
+ <destinationId>f1e73393-065a-1450-9ad0-fd7cdb57853f</destinationId>
+ <destinationGroupId>31b13b40-8e26-1798-9777-2272881c6031</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
<relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
@@ -5480,19 +7611,102 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
+ </processGroup>
+ <processGroup>
+ <id>f0f934a9-853a-1a19-a9cc-f878a5606bce</id>
+ <name>Kibana</name>
+ <position x="-440.0" y="864.0" />
+ <comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
+ <processor>
+ <id>992c3710-1c87-169c-ab17-d2597387a25e</id>
+ <name>UpdateAttribute</name>
+ <position x="360.0" y="512.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Delete Attributes Expression</name>
+ </property>
+ <property>
+ <name>Store State</name>
+ <value>Do not store state</value>
+ </property>
+ <property>
+ <name>Stateful Variables Initial Value</name>
+ </property>
+ <property>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>data_index</name>
+ <value>logs-kibana</value>
+ </property>
+ </processor>
+ <inputPort>
+ <id>a22b30c4-53f8-19c0-bdbb-0632e99a17d9</id>
+ <name>Input</name>
+ <position x="408.0" y="320.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <outputPort>
+ <id>887c36a6-39d6-1b60-8a83-d4d10ea7e03b</id>
+ <name>Output</name>
+ <position x="408.0" y="760.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <connection>
+ <id>cc403fb4-8d68-1c68-82c3-b9af4affddaa</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>a22b30c4-53f8-19c0-bdbb-0632e99a17d9</sourceId>
+ <sourceGroupId>f0f934a9-853a-1a19-a9cc-f878a5606bce</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>992c3710-1c87-169c-ab17-d2597387a25e</destinationId>
+ <destinationGroupId>f0f934a9-853a-1a19-a9cc-f878a5606bce</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
<connection>
- <id>2a6e865b-4b36-3807-8bd7-eb2f39f95d4f</id>
+ <id>b9e33c29-910f-134a-8390-2970800d7fcf</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>ac17155e-32f1-3be8-843e-00877c210519</sourceId>
- <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceId>992c3710-1c87-169c-ab17-d2597387a25e</sourceId>
+ <sourceGroupId>f0f934a9-853a-1a19-a9cc-f878a5606bce</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>06521038-335b-3139-839d-ab43a013ce03</destinationId>
- <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
+ <destinationId>887c36a6-39d6-1b60-8a83-d4d10ea7e03b</destinationId>
+ <destinationGroupId>f0f934a9-853a-1a19-a9cc-f878a5606bce</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -5501,12 +7715,446 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
</processGroup>
+ <connection>
+ <id>fbbe3f1b-5336-11c9-ffff-ffffd29d2f5c</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>84dc3511-1322-175b-8083-9729037f8edb</sourceId>
+ <sourceGroupId>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
+ <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>56e5f029-0176-1000-ffff-fffff7512a3b</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>328b35e2-eb52-1f47-b84d-52941eff8a07</sourceId>
+ <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
+ <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>e43535d0-23e9-15af-ffff-ffffa44d6172</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>bcbb33ba-112e-1f53-8982-d5ae9f0e701f</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
+ <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>349b339b-a821-1197-0000-00002e648df6</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>a28a9e95-1003-3ea6-9af6-a334c1aec07c</sourceId>
+ <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
+ <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>75109cc1-0176-1000-ffff-ffff86db235d</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>f1e73393-065a-1450-9ad0-fd7cdb57853f</sourceId>
+ <sourceGroupId>31b13b40-8e26-1798-9777-2272881c6031</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
+ <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8d0ea3d4-0175-1000-0000-0000471b8522</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
+ <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>89639d3d-0175-1000-ffff-ffffb446c257</destinationId>
+ <destinationGroupId>89636688-0175-1000-ffff-ffffb1b28a38</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship>unmatched</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>7558e6dd-0176-1000-ffff-ffffec9061a8</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
+ <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>39ce3238-1ebd-1c2c-b724-01d18f147b6f</destinationId>
+ <destinationGroupId>7263390f-914c-1f6e-9451-75f908ed8816</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship>elasticsearch</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>fbbe3ee1-5336-11c9-ffff-ffffa7c97811</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="-720.0" y="1016.0" />
+ <bendPoint x="-584.0" y="1152.0" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
+ <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>10cb3b64-e867-1d81-bd59-eb9cf6883f24</destinationId>
+ <destinationGroupId>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship>keycloak</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8d1fe825-0175-1000-ffff-fffff0505cdc</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
+ <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>8d13c952-0175-1000-0000-00007e8f4cae</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship>suricata</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>74ff448b-0176-1000-0000-00002e302e83</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="-688.0" y="1576.0" />
+ </bendPoints>
+ <labelIndex>0</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
+ <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>a77d3c33-9575-1926-b230-9cf1fca55e7e</destinationId>
+ <destinationGroupId>31b13b40-8e26-1798-9777-2272881c6031</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship>zookeeper</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>349b3398-a821-1197-ffff-ffffc5ae6471</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
+ <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>349b3362-a821-1197-ffff-ffff91d0e6c0</destinationId>
+ <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship>zeek</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>61c51cd8-0176-1000-ffff-ffff9247ba7c</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>887c36a6-39d6-1b60-8a83-d4d10ea7e03b</sourceId>
+ <sourceGroupId>f0f934a9-853a-1a19-a9cc-f878a5606bce</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
+ <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>bc6e50cc-0175-1000-ffff-ffffbd982e0c</id>
+ <name />
+ <bendPoints />
+ <labelIndex>0</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
+ <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>bc6c2159-0175-1000-ffff-ffffb4de4d47</destinationId>
+ <destinationGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship>nifi</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>56e5add3-0176-1000-ffff-ffffd667d1f6</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="-584.0" y="624.0" />
+ </bendPoints>
+ <labelIndex>0</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
+ <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>65a33e05-e157-1bfc-8741-adf11b3df720</destinationId>
+ <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship>haproxy</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>6196cd03-0176-1000-ffff-ffffd39b8c82</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="-576.0" y="896.0" />
+ </bendPoints>
+ <labelIndex>0</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
+ <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>a22b30c4-53f8-19c0-bdbb-0632e99a17d9</destinationId>
+ <destinationGroupId>f0f934a9-853a-1a19-a9cc-f878a5606bce</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship>kibana</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>89630460-0175-1000-0000-00006b5f18c8</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>89620b1a-0175-1000-0000-000078566f34</sourceId>
+ <sourceGroupId>895eab20-0175-1000-0000-00007e13267d</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>8962ad5a-0175-1000-ffff-ffffde6db5a6</destinationId>
+ <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>349b3303-a821-1197-ffff-ffffa12b866d</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8963b202-0175-1000-0000-000022d64ba2</sourceId>
+ <sourceGroupId>89636688-0175-1000-ffff-ffffb1b28a38</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
+ <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>bcadaf87-0175-1000-0000-000048464ec3</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>bca9636a-0175-1000-0000-000013fa95aa</sourceId>
+ <sourceGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>bcb879d5-0175-1000-0000-000070879ad0</destinationId>
+ <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>349b3301-a821-1197-0000-0000070259c4</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>055308a4-d020-39a9-9da4-b165796ef717</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
+ <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>e43535c9-23e9-15af-ffff-ffffcd7d888a</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="-704.0" y="1256.0" />
+ <bendPoint x="-584.0" y="1368.0" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
+ <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>7f683020-779c-1bc9-85da-5bad079d5d9d</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship>mysql</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>7575486d-0176-1000-0000-00002542d6de</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>bbc63756-9681-13b9-8c07-20c82f62ceca</sourceId>
+ <sourceGroupId>7263390f-914c-1f6e-9451-75f908ed8816</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>bcb879d5-0175-1000-0000-000070879ad0</destinationId>
+ <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
</processGroup>
<processGroup>
<id>b3d57504-7c06-37a3-b59b-8723f60fa728</id>
<name>Test data</name>
<position x="-496.0" y="552.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<outputPort>
<id>d30dc946-251a-307c-8e88-f2262b0bb194</id>
<name>To enrichment</name>
@@ -5519,6 +8167,8 @@
<name>Suricata</name>
<position x="462.0553417896858" y="119.99261716112323" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>bb7dc9ff-2d25-3134-9617-cca3cabe9179</id>
<name>Alerts</name>
@@ -5529,7 +8179,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>10 sec</schedulingPeriod>
@@ -5560,14 +8210,16 @@
<property>
<name>generate-ff-custom-text</name>
<value>[{"stream": 0,"flow": {"bytes_toserver": 74,"bytes_toclient": 0,"start": "${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}","pkts_toserver": 1,"pkts_toclient": 0},"vlan": 665,"ip_dst_port": 54323,"in_iface": "ens1f3","payload": "","timestamp": "${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}","proto": "TCP","event_type": "alert","alert": {"category": "Not Suspicious Traffic","severity": 3,"action": "allowed","gid": 1,"signature_id": 29999991,"rev": 1,"signature": "SOC TEST1"},"payload_printable": "","ip_src_addr": "10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","ip_src_port": 43844,"ip_dst_addr": "10.0.0.${random():mod(254):plus(1)}","host":"nifi.soctools.geant.org","host_domain":"geant.org"},
-{"timestamp":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}","alert":{"action":"allowed","category":"Potentially Bad Traffic","gid":1,"metadata":{"affected_product":["Any"],"attack_target":["Client_Endpoint"],"created_at":["2019_07_26"],"deployment":["Perimeter"],"former_category":["DNS"],"signature_severity":["Minor"],"updated_at":["2019_09_28"]},"rev":3,"severity":2,"signature":"ET DNS Query for .cc TLD","signature_id":2027758},"app_proto":"dns","destination":{"ip":"10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","port":53},"dns":{"query":[{"id":37261,"rrname":"static.arduino.cc","rrtype":"A","tx_id":2,"type":"query"}]},"event_type":"alert","flow":{"bytes_toclient":1039,"bytes_toserver":343,"pkts_toclient":2,"pkts_toserver":3,"start":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}"},"flow_id":1889254052511234,"in_iface":"if1","payload":"kY0BAAABAAAAAAABBnN0YXRpYwdhcmR1aW5vAmNjAAABAAEAACkPoAAAgAAAAA==","payload_printable":".............static.arduino.cc.......)........","proto":"UDP","source":{"ip":"10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","port":64164},"stream":0,"tx_id":2},
-{"timestamp":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}","TLP":"AMBER","alert":{"action":"allowed","category":"Attempted Information Leak","gid":1,"metadata":{"created_at":["2014_10_15"],"former_category":["CURRENT_EVENTS"],"updated_at":["2014_10_15"]},"rev":6,"severity":2,"signature":"ET EXPLOIT SSL excessive fatal alerts (possible POODLE attack against server)","signature_id":2019418},"app_proto":"tls","destination":{"ip":"10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","port":37220},"event_type":"alert","flow":{"bytes_toclient":247,"bytes_toserver":298,"pkts_toclient":4,"pkts_toserver":4,"start":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}"},"flow_id":43047386649621,"payload":"FQMAAAICKA==","payload_printable":"......(","proto":"TCP","source":{"ip":"10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","port":443},"stream":1,"tls":{"ja3":{},"version":"SSLv3"},"tx_id":0}]
-</value>
+{"timestamp":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}","alert":{"action":"allowed","category":"Potentially Bad Traffic","gid":1,"metadata":{"affected_product":["Any"],"attack_target":["Client_Endpoint"],"created_at":["2019_07_26"],"deployment":["Perimeter"],"former_category":["DNS"],"signature_severity":["Minor"],"updated_at":["2019_09_28"]},"rev":3,"severity":2,"signature":"ET DNS Query for .cc TLD","signature_id":2027758},"app_proto":"dns","destination":{"ip":"10.10.10.${random():mod(254):plus(1)}","port":53},"dns":{"query":[{"id":37261,"rrname":"example.evil","rrtype":"A","tx_id":2,"type":"query"}]},"event_type":"alert","flow":{"bytes_toclient":1039,"bytes_toserver":343,"pkts_toclient":2,"pkts_toserver":3,"start":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}"},"flow_id":1889254052511234,"in_iface":"if1","payload":"kY0BAAABAAAAAAABBnN0YXRpYwdhcmR1aW5vAmNjAAABAAEAACkPoAAAgAAAAA==","payload_printable":".............example.evil.......)........","proto":"UDP","source":{"ip":"10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","port":64164},"stream":0,"tx_id":2},
+{"timestamp":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}","TLP":"AMBER","alert":{"action":"allowed","category":"Attempted Information Leak","gid":1,"metadata":{"created_at":["2014_10_15"],"former_category":["CURRENT_EVENTS"],"updated_at":["2014_10_15"]},"rev":6,"severity":2,"signature":"ET EXPLOIT SSL excessive fatal alerts (possible POODLE attack against server)","signature_id":2019418},"app_proto":"tls","destination":{"ip":"10.10.10.${random():mod(10):plus(1)}","port":37220},"event_type":"alert","flow":{"bytes_toclient":247,"bytes_toserver":298,"pkts_toclient":4,"pkts_toserver":4,"start":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}"},"flow_id":43047386649621,"payload":"FQMAAAICKA==","payload_printable":"......(","proto":"TCP","source":{"ip":"10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","port":443},"stream":1,"tls":{"ja3":{},"version":"SSLv3"},"tx_id":0}]</value>
</property>
<property>
<name>character-set</name>
<value>UTF-8</value>
</property>
+ <property>
+ <name>mime-type</name>
+ </property>
<property>
<name>mime.type</name>
<value>application/json</value>
@@ -5611,7 +8263,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>10 sec</schedulingPeriod>
@@ -5647,6 +8299,9 @@
<name>character-set</name>
<value>UTF-8</value>
</property>
+ <property>
+ <name>mime-type</name>
+ </property>
<property>
<name>mime.type</name>
<value>application/json</value>
@@ -5770,13 +8425,33 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>214d5013-0175-1000-ffff-ffff9b7dbebb</id>
+ <id>349b33a3-a821-1197-0000-00001ce4370e</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>349b32fe-a821-1197-0000-00003a0b6fe5</sourceId>
+ <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>20b01ab3-3a8d-3573-b95d-a4a45494050f</destinationId>
+ <destinationGroupId>870d6d68-7a0a-3505-8c42-0d6064fe43f6</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>bcb8ef9d-0175-1000-0000-000017e52ef1</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>1ef39440-1985-3bbb-8e03-859a1c5ee4b1</sourceId>
- <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
+ <sourceId>bcb879d5-0175-1000-0000-000070879ad0</sourceId>
+ <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
<sourceType>OUTPUT_PORT</sourceType>
<destinationId>21a9e277-2d80-359a-9c57-cb76d8962e6d</destinationId>
<destinationGroupId>870d6d68-7a0a-3505-8c42-0d6064fe43f6</destinationGroupId>
@@ -5841,7 +8516,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-record-serialization-services-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<enabled>true</enabled>
<property>
@@ -5851,6 +8526,10 @@
<property>
<name>schema-cache</name>
</property>
+ <property>
+ <name>schema-protocol-version</name>
+ <value>1</value>
+ </property>
<property>
<name>schema-access-strategy</name>
<value>inherit-record-schema</value>
@@ -5910,7 +8589,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-record-serialization-services-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<enabled>false</enabled>
<property>
@@ -5924,6 +8603,8 @@
<name>Data output</name>
<position x="829.4446253936723" y="1015.2711478364996" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<inputPort>
<id>e333b82d-7408-3747-8dd2-46473704e51b</id>
<name>Data input</name>
@@ -5936,6 +8617,8 @@
<name>Elastic odfe</name>
<position x="-759.1319580078125" y="739.6137390136719" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>8b48f28f-2379-3f0f-81fe-4e1b93e72666</id>
<name>PutElasticsearchHttpRecord</name>
@@ -5946,7 +8629,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-elasticsearch-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -5976,7 +8659,7 @@
</property>
<property>
<name>Password</name>
- <value>enc{aa0e200e6ad20acb3eb1e1f1c7ab08154fc11ccf55c6176c4c8b12fab9f339cba76c4cf1f567bb8aeb4802017cc50639}</value>
+ <value>enc{e3c6c99d66e95dfa569c6dab15f7bd5cb2142d215044a4c556aba0a2bed19ac85c899bd8837e09bb49300f0823011b45}</value>
</property>
<property>
<name>elasticsearch-http-connect-timeout</name>
@@ -6041,6 +8724,7 @@
<name>Timestamp Format</name>
</property>
<autoTerminatedRelationship>success</autoTerminatedRelationship>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>e7d34e01-babe-3022-ad9b-a7620e7c0f38</id>
@@ -6049,10 +8733,6 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</inputPort>
- <funnel>
- <id>a8cf8491-c2a7-3986-b803-58aff43326de</id>
- <position x="-709.0761208187066" y="911.6861746431973" />
- </funnel>
<connection>
<id>3280c550-2117-37a6-8b5e-3bc1953fa17e</id>
<name />
@@ -6076,26 +8756,6 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
- <connection>
- <id>02a9e341-0590-34a8-9f0c-9d6992869e59</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8b48f28f-2379-3f0f-81fe-4e1b93e72666</sourceId>
- <sourceGroupId>7ebf304b-4978-3adc-ac31-470fb76e5029</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>a8cf8491-c2a7-3986-b803-58aff43326de</destinationId>
- <destinationGroupId>7ebf304b-4978-3adc-ac31-470fb76e5029</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>1 min</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
<connection>
<id>5de8f98f-ce46-3565-b0ce-7f8ecf518c53</id>
<name />
@@ -6111,7 +8771,7 @@
<relationship />
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>10 sec</flowFileExpiration>
+ <flowFileExpiration>60 sec</flowFileExpiration>
<loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
@@ -6120,8 +8780,10 @@
<processGroup>
<id>2bb2f914-0172-1000-0000-0000240c76e4</id>
<name>Custom output</name>
- <position x="-328.0" y="744.0" />
+ <position x="-160.0" y="736.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<inputPort>
<id>2bb31aa5-0172-1000-0000-00000869fb70</id>
<name>Input</name>
@@ -6130,6 +8792,26 @@
<scheduledState>STOPPED</scheduledState>
</inputPort>
</processGroup>
+ <connection>
+ <id>9349cb73-0175-1000-ffff-ffff90dc265d</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>e333b82d-7408-3747-8dd2-46473704e51b</sourceId>
+ <sourceGroupId>e9c19adc-c8a4-327e-ad24-24e71fd3474e</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>2bb31aa5-0172-1000-0000-00000869fb70</destinationId>
+ <destinationGroupId>2bb2f914-0172-1000-0000-0000240c76e4</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>1 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
<connection>
<id>34772170-2400-3eb6-b9c5-c03b912a38f3</id>
<name />
@@ -6219,9 +8901,9 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-distributed-cache-services-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
- <enabled>false</enabled>
+ <enabled>true</enabled>
<property>
<name>Server Hostname</name>
<value>localhost</value>
@@ -6244,11 +8926,15 @@
<name>Enrichment data</name>
<position x="1720.0" y="248.0" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processGroup>
<id>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</id>
<name>Top domains</name>
<position x="970.3727876614566" y="673.4981494769316" />
<comment>Downloads CSV files containing top domains from Alexa and Umbrella</comment>
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>857cd537-4aeb-31fb-9740-0513e6cc46fe</id>
<name>Unzip CSV files</name>
@@ -6259,7 +8945,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -6279,6 +8965,7 @@
<name>File Filter</name>
<value>.*</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
<autoTerminatedRelationship>original</autoTerminatedRelationship>
</processor>
<processor>
@@ -6291,7 +8978,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -6331,6 +9018,7 @@
<name>Group</name>
</property>
<autoTerminatedRelationship>success</autoTerminatedRelationship>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
<id>3c4d65a9-aa39-380f-b16b-2aea028a019b</id>
@@ -6342,7 +9030,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>1 day</schedulingPeriod>
@@ -6417,7 +9105,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>1 day</schedulingPeriod>
@@ -6492,7 +9180,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-update-attribute-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -6533,7 +9221,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -6574,6 +9262,7 @@
<name>Line-by-Line Evaluation Mode</name>
<value>All</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<connection>
<id>652026e5-0acd-3009-b45a-f68f3e37bef9</id>
@@ -6595,52 +9284,6 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
- <connection>
- <id>b400d4e7-7106-3ea3-8b1a-0b9d2a8795b2</id>
- <name />
- <bendPoints>
- <bendPoint x="787.0441617531399" y="276.7074043335799" />
- <bendPoint x="788.0441617531399" y="291.7074043335799" />
- </bendPoints>
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>86fdf574-d86b-3f35-9aa0-3ada1867aff8</sourceId>
- <sourceGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>86fdf574-d86b-3f35-9aa0-3ada1867aff8</destinationId>
- <destinationGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>5d7b82fa-10f8-3a32-9ffa-ebce53eb6070</id>
- <name />
- <bendPoints>
- <bendPoint x="-414.74468712381326" y="221.65236588143148" />
- <bendPoint x="-451.48125938943826" y="275.1232673706893" />
- </bendPoints>
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>857cd537-4aeb-31fb-9740-0513e6cc46fe</sourceId>
- <sourceGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>857cd537-4aeb-31fb-9740-0513e6cc46fe</destinationId>
- <destinationGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
<connection>
<id>bfe27587-bb06-388c-a59a-8aad9830cda1</id>
<name />
@@ -6721,35 +9364,14 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
- <connection>
- <id>dea956ed-2b3b-39de-8cd8-a4d1f7a88aa2</id>
- <name />
- <bendPoints>
- <bendPoint x="790.1869840187649" y="473.4228279175642" />
- <bendPoint x="789.1869840187649" y="482.42282791756406" />
- </bendPoints>
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>937de5fc-7d4a-35af-a071-46f04d6ea4fa</sourceId>
- <sourceGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>937de5fc-7d4a-35af-a071-46f04d6ea4fa</destinationId>
- <destinationGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
</processGroup>
<processGroup>
<id>b997e46b-7905-33e8-8bbc-f4d51b0cc735</id>
<name>Tor Nodes</name>
<position x="968.7335178760902" y="456.9915202898361" />
<comment>Downloads a CSV file of IP addresses used as Tor nodes</comment>
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>ad366a87-89d6-38ff-affe-a1f3575faa8a</id>
<name>Save to disk</name>
@@ -6760,7 +9382,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -6811,7 +9433,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>1 day</schedulingPeriod>
@@ -6819,13 +9441,13 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
<name>URL</name>
- <value>http://check.torproject.org/torbulkexitlist</value>
+ <value>https://check.torproject.org/torbulkexitlist</value>
</property>
<property>
<name>Filename</name>
@@ -6833,6 +9455,7 @@
</property>
<property>
<name>SSL Context Service</name>
+ <value>8972e39a-0176-1000-ffff-ffffb8dd96f4</value>
</property>
<property>
<name>Username</name>
@@ -6882,7 +9505,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -7036,6 +9659,8 @@
<name>Misp</name>
<position x="548.9658647769079" y="453.4916238226681" />
<comment>Polls Misp database once every minute and places new IOCs in a NiFi memcache.</comment>
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>283bea4b-2774-3f2d-aabe-cf96989e9997</id>
<name>Set timestamp as FlowFile content</name>
@@ -7046,7 +9671,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -7086,6 +9711,7 @@
<name>Line-by-Line Evaluation Mode</name>
<value>All</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
<id>e1e2caef-8178-3c91-b3ca-99f05f619064</id>
@@ -7097,7 +9723,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -7140,7 +9766,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -7158,7 +9784,7 @@
</property>
<property>
<name>Remote URL</name>
- <value>${misp_url}/attributes/restSearch/returnFormat:json/type:ip-src||ip-dst</value>
+ <value>${misp_url}/attributes/restSearch/returnFormat:json/type:ip-src||ip-dst/last:${last}</value>
</property>
<property>
<name>SSL Context Service</name>
@@ -7172,6 +9798,14 @@
<name>Read Timeout</name>
<value>15 secs</value>
</property>
+ <property>
+ <name>idle-timeout</name>
+ <value>5 mins</value>
+ </property>
+ <property>
+ <name>max-idle-connections</name>
+ <value>5</value>
+ </property>
<property>
<name>Include Date Header</name>
<value>True</value>
@@ -7183,6 +9817,9 @@
<property>
<name>Attributes to Send</name>
</property>
+ <property>
+ <name>Useragent</name>
+ </property>
<property>
<name>Basic Authentication Username</name>
</property>
@@ -7255,12 +9892,21 @@
<name>ignore-response-content</name>
<value>false</value>
</property>
+ <property>
+ <name>form-body-form-name</name>
+ </property>
+ <property>
+ <name>set-form-filename</name>
+ <value>true</value>
+ </property>
<property>
<name>Authorization</name>
<value>${misp_token}</value>
</property>
<autoTerminatedRelationship>Original</autoTerminatedRelationship>
+ <autoTerminatedRelationship>Failure</autoTerminatedRelationship>
<autoTerminatedRelationship>Retry</autoTerminatedRelationship>
+ <autoTerminatedRelationship>No Retry</autoTerminatedRelationship>
</processor>
<processor>
<id>671c4e42-604f-389d-9cee-27431ca36448</id>
@@ -7272,7 +9918,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -7301,6 +9947,7 @@
<value>1 MB</value>
</property>
<autoTerminatedRelationship>success</autoTerminatedRelationship>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
<id>c7cc4e24-7d9a-3a17-8af1-ca655f46595f</id>
@@ -7312,7 +9959,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -7341,6 +9988,7 @@
<value>1 MB</value>
</property>
<autoTerminatedRelationship>success</autoTerminatedRelationship>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
<id>81ec71a0-719a-3205-9360-6a535072f7c6</id>
@@ -7352,7 +10000,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-update-attribute-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -7380,7 +10028,7 @@
</property>
<property>
<name>last</name>
- <value>${misp_ip_first_interval}</value>
+ <value>${misp_first_interval}</value>
</property>
<property>
<name>timestamp</name>
@@ -7397,7 +10045,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>1 minute</schedulingPeriod>
@@ -7405,7 +10053,7 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
@@ -7432,6 +10080,9 @@
<name>character-set</name>
<value>UTF-8</value>
</property>
+ <property>
+ <name>mime-type</name>
+ </property>
<property>
<name>lookup_id</name>
<value>ip</value>
@@ -7447,7 +10098,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -7479,6 +10130,8 @@
<name>misp_ip</name>
<value>$.value</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ <autoTerminatedRelationship>unmatched</autoTerminatedRelationship>
</processor>
<processor>
<id>74d66e0e-0b65-36d2-96f1-4b836d2c4222</id>
@@ -7490,7 +10143,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-update-attribute-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -7535,7 +10188,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -7555,6 +10208,7 @@
<name>Null Value Representation</name>
<value>empty string</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
<autoTerminatedRelationship>original</autoTerminatedRelationship>
</processor>
<processor>
@@ -7567,7 +10221,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -7599,11 +10253,9 @@
<name>event_id</name>
<value>$.event_id</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ <autoTerminatedRelationship>unmatched</autoTerminatedRelationship>
</processor>
- <funnel>
- <id>c490b6b5-0170-1000-0000-000035bc685d</id>
- <position x="601.9534533822577" y="371.9240905653907" />
- </funnel>
<connection>
<id>39f7b787-0995-3721-8d50-700838b7a256</id>
<name />
@@ -7684,26 +10336,6 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
- <connection>
- <id>58cc41df-404e-309b-9df6-2ea67e1fe2b7</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>283bea4b-2774-3f2d-aabe-cf96989e9997</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>671c4e42-604f-389d-9cee-27431ca36448</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
<connection>
<id>5e84f4ae-bf61-37d8-b115-0af74b89a6aa</id>
<name />
@@ -7725,102 +10357,18 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>a9d8c7a2-6b55-3684-9954-92934d5a69e8</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>74d66e0e-0b65-36d2-96f1-4b836d2c4222</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>192802be-4416-3abc-ba03-90934f2df860</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>c2a99429-58ab-325b-b755-dffeb30b0fc1</id>
- <name />
- <bendPoints />
- <labelIndex>0</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>192802be-4416-3abc-ba03-90934f2df860</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>c490b6b5-0170-1000-0000-000035bc685d</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>No Retry</relationship>
- <relationship>Failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>a146ab21-f626-3fa5-a736-fdeec786eaf8</id>
- <name />
- <bendPoints>
- <bendPoint x="-312.47353014487453" y="970.3624699197178" />
- <bendPoint x="-312.47353014487453" y="1020.3624699197178" />
- </bendPoints>
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>c7cc4e24-7d9a-3a17-8af1-ca655f46595f</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>c7cc4e24-7d9a-3a17-8af1-ca655f46595f</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>c022992b-534a-317a-943c-86142ee1cf81</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>81ec71a0-719a-3205-9360-6a535072f7c6</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>192802be-4416-3abc-ba03-90934f2df860</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>424c08f5-1ad1-3a0a-923c-c3fd988f7d2e</id>
- <name>Update timestamp</name>
+ <id>58cc41df-404e-309b-9df6-2ea67e1fe2b7</id>
+ <name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>192802be-4416-3abc-ba03-90934f2df860</sourceId>
+ <sourceId>283bea4b-2774-3f2d-aabe-cf96989e9997</sourceId>
<sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>283bea4b-2774-3f2d-aabe-cf96989e9997</destinationId>
+ <destinationId>671c4e42-604f-389d-9cee-27431ca36448</destinationId>
<destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
- <relationship>Response</relationship>
+ <relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -7829,22 +10377,18 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>5b9b78c7-890c-3fe0-a1b1-b2dc5bbd944b</id>
+ <id>a9d8c7a2-6b55-3684-9954-92934d5a69e8</id>
<name />
- <bendPoints>
- <bendPoint x="306.30889441763816" y="583.7042207790005" />
- <bendPoint x="306.30889441763816" y="633.7042207790005" />
- </bendPoints>
+ <bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>dbc236e3-8c68-3c6b-b1e9-d1fc8f57327d</sourceId>
+ <sourceId>74d66e0e-0b65-36d2-96f1-4b836d2c4222</sourceId>
<sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>dbc236e3-8c68-3c6b-b1e9-d1fc8f57327d</destinationId>
+ <destinationId>192802be-4416-3abc-ba03-90934f2df860</destinationId>
<destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
- <relationship>failure</relationship>
- <relationship>unmatched</relationship>
+ <relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -7853,21 +10397,18 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>c98425f5-d4f3-36f7-b045-834923ca235a</id>
+ <id>c022992b-534a-317a-943c-86142ee1cf81</id>
<name />
- <bendPoints>
- <bendPoint x="-911.4283280545671" y="539.9664353493931" />
- <bendPoint x="-945.2909989530046" y="613.0546921853306" />
- </bendPoints>
+ <bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>ba1b7e7e-a03c-3ace-9182-7f43569537e2</sourceId>
+ <sourceId>81ec71a0-719a-3205-9360-6a535072f7c6</sourceId>
<sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>ba1b7e7e-a03c-3ace-9182-7f43569537e2</destinationId>
+ <destinationId>192802be-4416-3abc-ba03-90934f2df860</destinationId>
<destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
- <relationship>failure</relationship>
+ <relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -7876,21 +10417,18 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>d19c9d34-8896-39ff-9d2d-f29651b24c18</id>
- <name />
- <bendPoints>
- <bendPoint x="967.4604101497307" y="864.0677052542044" />
- <bendPoint x="967.4604101497307" y="914.0677052542044" />
- </bendPoints>
+ <id>424c08f5-1ad1-3a0a-923c-c3fd988f7d2e</id>
+ <name>Update timestamp</name>
+ <bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>671c4e42-604f-389d-9cee-27431ca36448</sourceId>
+ <sourceId>192802be-4416-3abc-ba03-90934f2df860</sourceId>
<sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>671c4e42-604f-389d-9cee-27431ca36448</destinationId>
+ <destinationId>283bea4b-2774-3f2d-aabe-cf96989e9997</destinationId>
<destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
- <relationship>failure</relationship>
+ <relationship>Response</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -7961,59 +10499,14 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
- <connection>
- <id>8d3dfbef-370e-374b-a6c6-89e4cdf6216b</id>
- <name />
- <bendPoints>
- <bendPoint x="-320.5607955237681" y="759.2550630641567" />
- <bendPoint x="-320.5607955237681" y="809.2550630641567" />
- </bendPoints>
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>d850fc04-df9a-36b7-b53f-8b397a1be69a</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>d850fc04-df9a-36b7-b53f-8b397a1be69a</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>failure</relationship>
- <relationship>unmatched</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>536817e5-12a1-3a94-82ae-7638937a07e8</id>
- <name />
- <bendPoints>
- <bendPoint x="969.4771541470864" y="627.6551663734834" />
- <bendPoint x="969.4771541470864" y="677.6551663734834" />
- </bendPoints>
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>283bea4b-2774-3f2d-aabe-cf96989e9997</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>283bea4b-2774-3f2d-aabe-cf96989e9997</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
</processGroup>
<processGroup>
<id>c4a200ea-5317-332a-97a4-ff76f951ecde</id>
<name>GeoIP</name>
<position x="556.427978515625" y="673.0274658203125" />
<comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>6292665b-f188-3551-b366-95476b5ac36f</id>
<name>Save to disk</name>
@@ -8024,7 +10517,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -8075,7 +10568,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -8083,7 +10576,7 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
@@ -8107,6 +10600,14 @@
<name>Read Timeout</name>
<value>15 secs</value>
</property>
+ <property>
+ <name>idle-timeout</name>
+ <value>5 mins</value>
+ </property>
+ <property>
+ <name>max-idle-connections</name>
+ <value>5</value>
+ </property>
<property>
<name>Include Date Header</name>
<value>True</value>
@@ -8118,6 +10619,9 @@
<property>
<name>Attributes to Send</name>
</property>
+ <property>
+ <name>Useragent</name>
+ </property>
<property>
<name>Basic Authentication Username</name>
</property>
@@ -8190,6 +10694,13 @@
<name>ignore-response-content</name>
<value>false</value>
</property>
+ <property>
+ <name>form-body-form-name</name>
+ </property>
+ <property>
+ <name>set-form-filename</name>
+ <value>true</value>
+ </property>
<autoTerminatedRelationship>Original</autoTerminatedRelationship>
</processor>
<processor>
@@ -8202,7 +10713,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -8241,7 +10752,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -8273,7 +10784,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -8305,7 +10816,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>1 week</schedulingPeriod>
@@ -8313,7 +10824,7 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>STOPPED</scheduledState>
+ <scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
@@ -8340,6 +10851,9 @@
<name>character-set</name>
<value>UTF-8</value>
</property>
+ <property>
+ <name>mime-type</name>
+ </property>
</processor>
<funnel>
<id>c2cac6f3-c926-3038-b685-68f71f76fda3</id>
@@ -8470,7 +10984,7 @@
<name />
<bendPoints>
<bendPoint x="108.66736791924166" y="38.38653496447381" />
- <bendPoint x="108.66736791924166" y="88.38653496447381" />
+ <bendPoint x="136.0" y="88.0" />
</bendPoints>
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
@@ -8552,35 +11066,433 @@
</processGroup>
</processGroup>
<controllerService>
- <id>bf81debc-0171-1000-0000-00002936ae5a</id>
- <name>Tor node CSV</name>
+ <id>349b34c7-a821-1197-ffff-ffff85d82877</id>
+ <name>Contry code to region</name>
+ <comment />
+ <class>org.apache.nifi.lookup.SimpleCsvFileLookupService</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-lookup-services-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <enabled>true</enabled>
+ <property>
+ <name>csv-file</name>
+ <value>/opt/nifi/nifi-current/conf/enrich/CountriesWithRegionalCodes.csv</value>
+ </property>
+ <property>
+ <name>CSV Format</name>
+ <value>default</value>
+ </property>
+ <property>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>lookup-key-column</name>
+ <value>alpha-2</value>
+ </property>
+ <property>
+ <name>ignore-duplicates</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>Value Separator</name>
+ <value>,</value>
+ </property>
+ <property>
+ <name>Quote Character</name>
+ <value>"</value>
+ </property>
+ <property>
+ <name>Quote Mode</name>
+ <value>MINIMAL</value>
+ </property>
+ <property>
+ <name>Comment Marker</name>
+ </property>
+ <property>
+ <name>Escape Character</name>
+ <value>\</value>
+ </property>
+ <property>
+ <name>Trim Fields</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>lookup-value-column</name>
+ <value>region</value>
+ </property>
+ </controllerService>
+ <controllerService>
+ <id>8972e39a-0176-1000-ffff-ffffb8dd96f4</id>
+ <name>Common CA</name>
+ <comment />
+ <class>org.apache.nifi.ssl.StandardSSLContextService</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-ssl-context-service-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <enabled>true</enabled>
+ <property>
+ <name>Keystore Filename</name>
+ </property>
+ <property>
+ <name>Keystore Password</name>
+ </property>
+ <property>
+ <name>key-password</name>
+ </property>
+ <property>
+ <name>Keystore Type</name>
+ </property>
+ <property>
+ <name>Truststore Filename</name>
+ <value>/opt/nifi/nifi-current/conf/common-cacerts.jks</value>
+ </property>
+ <property>
+ <name>Truststore Password</name>
+ <value>enc{2650a175fb2f75e2dcd038b4b506ac6368b7e025f6cb80fa6a82b187b0755443}</value>
+ </property>
+ <property>
+ <name>Truststore Type</name>
+ <value>JKS</value>
+ </property>
+ <property>
+ <name>SSL Protocol</name>
+ <value>TLS</value>
+ </property>
+ </controllerService>
+ <controllerService>
+ <id>bbd4d3a2-0175-1000-0000-00000b0fb8bd</id>
+ <name>Tor node CSV</name>
+ <comment />
+ <class>org.apache.nifi.lookup.SimpleCsvFileLookupService</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-lookup-services-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <enabled>true</enabled>
+ <property>
+ <name>csv-file</name>
+ <value>/opt/nifi/nifi-current/conf/enrich/tornodes.csv</value>
+ </property>
+ <property>
+ <name>CSV Format</name>
+ <value>default</value>
+ </property>
+ <property>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>lookup-key-column</name>
+ <value>ip_addr</value>
+ </property>
+ <property>
+ <name>ignore-duplicates</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>Value Separator</name>
+ <value>,</value>
+ </property>
+ <property>
+ <name>Quote Character</name>
+ <value>"</value>
+ </property>
+ <property>
+ <name>Quote Mode</name>
+ <value>MINIMAL</value>
+ </property>
+ <property>
+ <name>Comment Marker</name>
+ </property>
+ <property>
+ <name>Escape Character</name>
+ <value>\</value>
+ </property>
+ <property>
+ <name>Trim Fields</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>lookup-value-column</name>
+ <value>ip_addr</value>
+ </property>
+ </controllerService>
+ <controllerService>
+ <id>14453a95-7646-1485-0000-00002c675762</id>
+ <name>Mysql audit log</name>
+ <comment />
+ <class>org.apache.nifi.csv.CSVReader</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-record-serialization-services-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <enabled>true</enabled>
+ <property>
+ <name>schema-access-strategy</name>
+ <value>infer-schema</value>
+ </property>
+ <property>
+ <name>schema-registry</name>
+ </property>
+ <property>
+ <name>schema-name</name>
+ <value>${schema.name}</value>
+ </property>
+ <property>
+ <name>schema-version</name>
+ </property>
+ <property>
+ <name>schema-branch</name>
+ </property>
+ <property>
+ <name>schema-text</name>
+ <value>${avro.schema}</value>
+ </property>
+ <property>
+ <name>csv-reader-csv-parser</name>
+ <value>commons-csv</value>
+ </property>
+ <property>
+ <name>Date Format</name>
+ </property>
+ <property>
+ <name>Time Format</name>
+ </property>
+ <property>
+ <name>Timestamp Format</name>
+ </property>
+ <property>
+ <name>CSV Format</name>
+ <value>custom</value>
+ </property>
+ <property>
+ <name>Value Separator</name>
+ <value>,</value>
+ </property>
+ <property>
+ <name>Record Separator</name>
+ <value>\n</value>
+ </property>
+ <property>
+ <name>Skip Header Line</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>ignore-csv-header</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>Quote Character</name>
+ <value>"</value>
+ </property>
+ <property>
+ <name>Escape Character</name>
+ <value>\</value>
+ </property>
+ <property>
+ <name>Comment Marker</name>
+ </property>
+ <property>
+ <name>Null String</name>
+ </property>
+ <property>
+ <name>Trim Fields</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>csvutils-character-set</name>
+ <value>UTF-8</value>
+ </property>
+ </controllerService>
+ <controllerService>
+ <id>7504a565-0176-1000-ffff-ffff9c0f0741</id>
+ <name>Zookeeper logs</name>
<comment />
- <class>org.apache.nifi.lookup.CSVRecordLookupService</class>
+ <class>org.apache.nifi.grok.GrokReader</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-lookup-services-nar</artifact>
- <version>1.11.4</version>
+ <artifact>nifi-record-serialization-services-nar</artifact>
+ <version>1.12.1</version>
</bundle>
<enabled>true</enabled>
<property>
- <name>csv-file</name>
- <value>/opt/nifi/nifi-current/conf/enrich/tornodes.csv</value>
+ <name>schema-access-strategy</name>
+ <value>string-fields-from-grok-expression</value>
+ </property>
+ <property>
+ <name>schema-registry</name>
</property>
<property>
- <name>csv-format</name>
- <value>Default</value>
+ <name>schema-name</name>
+ <value>${schema.name}</value>
</property>
<property>
- <name>Character Set</name>
- <value>UTF-8</value>
+ <name>schema-version</name>
</property>
<property>
- <name>lookup-key-column</name>
- <value>ip_addr</value>
+ <name>schema-branch</name>
</property>
<property>
- <name>ignore-duplicates</name>
- <value>true</value>
+ <name>schema-text</name>
+ <value>${avro.schema}</value>
+ </property>
+ <property>
+ <name>Grok Pattern File</name>
+ </property>
+ <property>
+ <name>Grok Expression</name>
+ <value>%{GREEDYDATA:timestamp} \[%{DATA:id}\] - %{DATA:level} \[%{DATA:process}\] - %{GREEDYDATA:message}</value>
+ </property>
+ <property>
+ <name>no-match-behavior</name>
+ <value>append-to-previous-message</value>
+ </property>
+ </controllerService>
+ <controllerService>
+ <id>8b1dd8bb-0170-1000-0000-000007446e6a</id>
+ <name>Misp DistributedMapCacheServer</name>
+ <comment />
+ <class>org.apache.nifi.distributed.cache.server.map.DistributedMapCacheServer</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-distributed-cache-services-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <enabled>true</enabled>
+ <property>
+ <name>Port</name>
+ <value>4557</value>
+ </property>
+ <property>
+ <name>Maximum Cache Entries</name>
+ <value>10000</value>
+ </property>
+ <property>
+ <name>Eviction Strategy</name>
+ <value>Least Frequently Used</value>
+ </property>
+ <property>
+ <name>Persistence Directory</name>
+ <value>/opt/nifi/nifi-current/conf/</value>
+ </property>
+ <property>
+ <name>SSL Context Service</name>
+ </property>
+ </controllerService>
+ <controllerService>
+ <id>56ebe0aa-0176-1000-ffff-ffffbd212f01</id>
+ <name>Haproxy GrokReader</name>
+ <comment />
+ <class>org.apache.nifi.grok.GrokReader</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-record-serialization-services-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <enabled>true</enabled>
+ <property>
+ <name>schema-access-strategy</name>
+ <value>string-fields-from-grok-expression</value>
+ </property>
+ <property>
+ <name>schema-registry</name>
+ </property>
+ <property>
+ <name>schema-name</name>
+ <value>${schema.name}</value>
+ </property>
+ <property>
+ <name>schema-version</name>
+ </property>
+ <property>
+ <name>schema-branch</name>
+ </property>
+ <property>
+ <name>schema-text</name>
+ <value>${avro.schema}</value>
+ </property>
+ <property>
+ <name>Grok Pattern File</name>
+ <value>/opt/nifi/nifi-current/conf/enrich/haproxy.groklib</value>
+ </property>
+ <property>
+ <name>Grok Expression</name>
+ <value>%{PROG:process.name}(?:\[%{POSINT:process.pid}\])?: %{HAPROXYHTTPBASE}</value>
+ </property>
+ <property>
+ <name>no-match-behavior</name>
+ <value>append-to-previous-message</value>
+ </property>
+ </controllerService>
+ <controllerService>
+ <id>bc97858d-0175-1000-0000-0000130a84f8</id>
+ <name>Nifi logs GrokReader</name>
+ <comment />
+ <class>org.apache.nifi.grok.GrokReader</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-record-serialization-services-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <enabled>true</enabled>
+ <property>
+ <name>schema-access-strategy</name>
+ <value>string-fields-from-grok-expression</value>
+ </property>
+ <property>
+ <name>schema-registry</name>
+ </property>
+ <property>
+ <name>schema-name</name>
+ <value>${schema.name}</value>
+ </property>
+ <property>
+ <name>schema-version</name>
+ </property>
+ <property>
+ <name>schema-branch</name>
+ </property>
+ <property>
+ <name>schema-text</name>
+ <value>${avro.schema}</value>
+ </property>
+ <property>
+ <name>Grok Pattern File</name>
+ </property>
+ <property>
+ <name>Grok Expression</name>
+ <value>%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} \[%{DATA:thread}\] %{DATA:class} %{GREEDYDATA:message}</value>
+ </property>
+ <property>
+ <name>no-match-behavior</name>
+ <value>append-to-previous-message</value>
+ </property>
+ </controllerService>
+ <controllerService>
+ <id>bc8e5957-0175-1000-0000-00003346421d</id>
+ <name>Extract message field</name>
+ <comment />
+ <class>org.apache.nifi.text.FreeFormTextRecordSetWriter</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-record-serialization-services-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <enabled>true</enabled>
+ <property>
+ <name>Text</name>
+ <value>${message}</value>
+ </property>
+ <property>
+ <name>Character Set</name>
+ <value>UTF-8</value>
</property>
</controllerService>
<controllerService>
@@ -8591,7 +11503,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-lookup-services-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<enabled>true</enabled>
<property>
@@ -8611,7 +11523,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-distributed-cache-services-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<enabled>true</enabled>
<property>
@@ -8630,6 +11542,46 @@
<value>30 secs</value>
</property>
</controllerService>
+ <controllerService>
+ <id>83443c00-b286-366a-b8e0-2f51527ab8e5</id>
+ <name>Soctools CA</name>
+ <comment />
+ <class>org.apache.nifi.ssl.StandardRestrictedSSLContextService</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-ssl-context-service-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <enabled>true</enabled>
+ <property>
+ <name>Keystore Filename</name>
+ </property>
+ <property>
+ <name>Keystore Password</name>
+ </property>
+ <property>
+ <name>key-password</name>
+ </property>
+ <property>
+ <name>Keystore Type</name>
+ </property>
+ <property>
+ <name>Truststore Filename</name>
+ <value>/opt/nifi/nifi-current/conf/cacerts.jks</value>
+ </property>
+ <property>
+ <name>Truststore Password</name>
+ <value>{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}</value>
+ </property>
+ <property>
+ <name>Truststore Type</name>
+ <value>JKS</value>
+ </property>
+ <property>
+ <name>SSL Protocol</name>
+ <value>TLS</value>
+ </property>
+ </controllerService>
<controllerService>
<id>17b30955-5464-3709-8a32-69a459850cfa</id>
<name>Inferred JsonRecordSetWriter</name>
@@ -8638,7 +11590,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-record-serialization-services-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<enabled>true</enabled>
<property>
@@ -8648,6 +11600,10 @@
<property>
<name>schema-cache</name>
</property>
+ <property>
+ <name>schema-protocol-version</name>
+ <value>1</value>
+ </property>
<property>
<name>schema-access-strategy</name>
<value>inherit-record-schema</value>
@@ -8700,74 +11656,47 @@
</property>
</controllerService>
<controllerService>
- <id>8b1dd8bb-0170-1000-0000-000007446e6a</id>
- <name>Misp DistributedMapCacheServer</name>
+ <id>70ea12d7-0176-1000-ffff-ffffee2ee306</id>
+ <name>Mysql log GrokReader</name>
<comment />
- <class>org.apache.nifi.distributed.cache.server.map.DistributedMapCacheServer</class>
+ <class>org.apache.nifi.grok.GrokReader</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-distributed-cache-services-nar</artifact>
- <version>1.11.4</version>
+ <artifact>nifi-record-serialization-services-nar</artifact>
+ <version>1.12.1</version>
</bundle>
<enabled>true</enabled>
<property>
- <name>Port</name>
- <value>4557</value>
- </property>
- <property>
- <name>Maximum Cache Entries</name>
- <value>10000</value>
- </property>
- <property>
- <name>Eviction Strategy</name>
- <value>Least Frequently Used</value>
- </property>
- <property>
- <name>Persistence Directory</name>
- <value>/opt/nifi/nifi-current/conf/</value>
- </property>
- <property>
- <name>SSL Context Service</name>
+ <name>schema-access-strategy</name>
+ <value>string-fields-from-grok-expression</value>
</property>
- </controllerService>
- <controllerService>
- <id>83443c00-b286-366a-b8e0-2f51527ab8e5</id>
- <name>Common CA</name>
- <comment />
- <class>org.apache.nifi.ssl.StandardRestrictedSSLContextService</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-ssl-context-service-nar</artifact>
- <version>1.11.4</version>
- </bundle>
- <enabled>true</enabled>
<property>
- <name>Keystore Filename</name>
+ <name>schema-registry</name>
</property>
<property>
- <name>Keystore Password</name>
+ <name>schema-name</name>
+ <value>${schema.name}</value>
</property>
<property>
- <name>key-password</name>
+ <name>schema-version</name>
</property>
<property>
- <name>Keystore Type</name>
+ <name>schema-branch</name>
</property>
<property>
- <name>Truststore Filename</name>
- <value>/opt/nifi/nifi-current/conf/cacerts.jks</value>
+ <name>schema-text</name>
+ <value>${avro.schema}</value>
</property>
<property>
- <name>Truststore Password</name>
- <value>enc{a4ca3924cb58cb8c28fec2766ce1a66f9bec9ca13f5cb90008f3b0719d4777b2}</value>
+ <name>Grok Pattern File</name>
</property>
<property>
- <name>Truststore Type</name>
- <value>JKS</value>
+ <name>Grok Expression</name>
+ <value>%{GREEDYDATA:timestamp} %{DATA:process}: %{GREEDYDATA:message}</value>
</property>
<property>
- <name>SSL Protocol</name>
- <value>TLS</value>
+ <name>no-match-behavior</name>
+ <value>append-to-previous-message</value>
</property>
</controllerService>
<controllerService>
@@ -8778,7 +11707,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-record-serialization-services-nar</artifact>
- <version>1.11.4</version>
+ <version>1.12.1</version>
</bundle>
<enabled>true</enabled>
<property>
@@ -8815,13 +11744,13 @@
<name>Timestamp Format</name>
</property>
</controllerService>
- <variable name="misp_token" value="{{ misp_token }}" />
+ <variable name="misp_token" value="{{lookup('file','{{playbook_dir}}/secrets/tokens/misp')}}" />
<variable name="maxmind_key" value="{{ maxmind_key }}" />
- <variable name="misp_ip_first_interval" value="60d" />
+ <variable name="misp_first_interval" value="60d" />
<variable name="elastic_username" value="{{ elastic_username }}" />
<variable name="misp_url" value="{{ misp_url }}" />
- <variable name="elastic_url" value="https://{{ dslproxy }}:9200" />
- <variable name="elastic_password" value="{{ odfees_adminpass }}" />
+ <variable name="elastic_url" value="https://{{ soctoolsproxy }}:9200" />
+ <variable name="elastic_password" value="{{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}" />
</rootGroup>
<controllerServices />
<reportingTasks />
diff --git a/roles/nifi/templates/nifi.properties.j2 b/roles/nifi/templates/nifi.properties.j2
index 426e5ce0d6c5975ff27cef19449d2deea9a93b20..c2dafaff8e4019ebc0e5c6a206b3378863110f80 100644
--- a/roles/nifi/templates/nifi.properties.j2
+++ b/roles/nifi/templates/nifi.properties.j2
@@ -120,8 +120,8 @@ nifi.provenance.repository.buffer.size=100000
# Component Status Repository
nifi.components.status.repository.implementation=org.apache.nifi.controller.status.history.VolatileComponentStatusRepository
-nifi.components.status.repository.buffer.size=1440
-nifi.components.status.snapshot.frequency=1 min
+nifi.components.status.repository.buffer.size=288
+nifi.components.status.snapshot.frequency=5 min
# Site to Site properties
nifi.remote.input.host={{ inventory_hostname }}
@@ -143,7 +143,7 @@ nifi.web.jetty.working.directory=./work/jetty
nifi.web.jetty.threads=200
nifi.web.max.header.size=16 KB
nifi.web.proxy.context.path=/nifi
-nifi.web.proxy.host={{ dslproxy }}:9443
+nifi.web.proxy.host={{ soctoolsproxy }}:9443
# security properties #
nifi.sensitive.props.key=
@@ -154,21 +154,21 @@ nifi.sensitive.props.additional.keys=
nifi.security.keystore=./conf/{{ inventory_hostname }}.p12
nifi.security.keystoreType=pkcs12
-nifi.security.keystorePasswd={{ kspass}}
+nifi.security.keystorePasswd={{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}
#nifi.security.keyPasswd=IP7Jgn7amiAYi3LRSRk5LGg3t4zlfh0kEKcAaaoxHDo
nifi.security.truststore=./conf/cacerts.jks
nifi.security.truststoreType=jks
-nifi.security.truststorePasswd={{ tspass}}
+nifi.security.truststorePasswd={{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}
nifi.security.user.authorizer=managed-authorizer
nifi.security.user.login.identity.provider=
nifi.security.ocsp.responder.url=
nifi.security.ocsp.responder.certificate=
# OpenId Connect SSO Properties #
-nifi.security.user.oidc.discovery.url=https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration
-nifi.security.user.oidc.connect.timeout=5 secs
-nifi.security.user.oidc.read.timeout=5 secs
-nifi.security.user.oidc.client.id=dsoclab-nifi
+nifi.security.user.oidc.discovery.url=https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration
+nifi.security.user.oidc.connect.timeout=10 secs
+nifi.security.user.oidc.read.timeout=10 secs
+nifi.security.user.oidc.client.id=soctools-nifi
nifi.security.user.oidc.client.secret={{nifisecret.value}}
nifi.security.user.oidc.preferred.jwsalgorithm=
nifi.security.user.oidc.additional.scopes={{openid_scope}}
@@ -226,9 +226,9 @@ nifi.cluster.load.balance.max.thread.count=8
nifi.cluster.load.balance.comms.timeout=30 sec
# zookeeper properties, used for cluster management #
-nifi.zookeeper.connect.string=dsoclab-zookeeper:2181
-nifi.zookeeper.connect.timeout=3 secs
-nifi.zookeeper.session.timeout=3 secs
+nifi.zookeeper.connect.string=soctools-zookeeper:2181
+nifi.zookeeper.connect.timeout=60 secs
+nifi.zookeeper.session.timeout=60 secs
nifi.zookeeper.root.node=/nifi
# Zookeeper properties for the authentication scheme used when creating acls on znodes used for cluster management
diff --git a/roles/odfees/files/Arne Oslebo.p12 b/roles/odfees/files/Arne Oslebo.p12
deleted file mode 100644
index 273c8018b7bed8f691d9e9c24f5fa9d6425a0e79..0000000000000000000000000000000000000000
Binary files a/roles/odfees/files/Arne Oslebo.p12 and /dev/null differ
diff --git a/roles/odfees/files/Bozidar Proevski.p12 b/roles/odfees/files/Bozidar Proevski.p12
deleted file mode 100644
index 24010a64063a960d554cd4e895e17b9e2e62362a..0000000000000000000000000000000000000000
Binary files a/roles/odfees/files/Bozidar Proevski.p12 and /dev/null differ
diff --git a/roles/odfees/files/SOCTOOLS-CA.crt b/roles/odfees/files/SOCTOOLS-CA.crt
deleted file mode 100644
index 04b1f203d036d2219c23c4ea3630115d68510eb8..0000000000000000000000000000000000000000
--- a/roles/odfees/files/SOCTOOLS-CA.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
-BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
-UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
-Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
-M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
-c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
-tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
-ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
-8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
-EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
-JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
-z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
-XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
-CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
-nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
-GPiQTFGknE1U
------END CERTIFICATE-----
diff --git a/roles/odfees/files/cacerts.jks b/roles/odfees/files/cacerts.jks
deleted file mode 100644
index 9d4001b7d9a466941cda896b6bf145bf2f02020c..0000000000000000000000000000000000000000
Binary files a/roles/odfees/files/cacerts.jks and /dev/null differ
diff --git a/roles/odfees/files/dsoclab-odfe-1.p12 b/roles/odfees/files/dsoclab-odfe-1.p12
deleted file mode 100644
index ed4bd60a1d96595774f510ecfd8c864a09e8d338..0000000000000000000000000000000000000000
Binary files a/roles/odfees/files/dsoclab-odfe-1.p12 and /dev/null differ
diff --git a/roles/odfees/files/dsoclab-odfe-2.p12 b/roles/odfees/files/dsoclab-odfe-2.p12
deleted file mode 100644
index 106170ff7a325bccade7cfecf2f60642e866a4a0..0000000000000000000000000000000000000000
Binary files a/roles/odfees/files/dsoclab-odfe-2.p12 and /dev/null differ
diff --git a/roles/odfees/tasks/main.yml b/roles/odfees/tasks/main.yml
index ae6ae65701c4bebcf8cbd04bc4d4ddb9e246acfd..016e8786ed6a31238dd2c7efc68e9aec7c7a9912 100644
--- a/roles/odfees/tasks/main.yml
+++ b/roles/odfees/tasks/main.yml
@@ -1,118 +1,17 @@
---
-- name: Copy cacert to ca-trust dir
- remote_user: root
- copy:
- src: "files/{{ca_cn}}.crt"
- dest: /etc/pki/ca-trust/source/anchors/ca.crt
+- include: start.yml
tags:
- - start
-
-- name: Install cacert to root truststore
- remote_user: root
- command: "update-ca-trust"
- tags:
- - start
-
-- name: Copy certificates in odfe conf dir
- copy:
- src: "{{ item }}"
- dest: "config/{{ item }}"
- mode: 0600
- with_items:
- - "{{ inventory_hostname }}.p12"
- - cacerts.jks
- - "{{soctools_users[0].CN}}.p12"
- tags:
- - start
-
-- name: Configure sysconfig
- template:
- src: sysconfig_elasticsearch.j2
- dest: sysconfig_elasticsearch
- tags:
- - start
-
-- name: Copy sysconfig to /etc
- command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
- tags:
- - start
-
-- name: Configure odfe properties
- template:
- src: "config/{{item}}.j2"
- dest: "config/{{item}}"
- with_items:
- - elasticsearch.yml
- - jvm.options
- - log4j2.properties
- tags:
- - start
-
-- name: Change password for admin
- command: "bash plugins/opendistro_security/tools/hash.sh -p {{odfees_adminpass}}"
- register: adminhash
- # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
- tags:
- - start
-
-- set_fact:
- adminhashpwd: "{{ adminhash.stdout }}"
- #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
- tags:
- - start
-
-- name: Change password for cortex
- command: "bash plugins/opendistro_security/tools/hash.sh -p {{cortex_odfe_pass}}"
- register: cortexhash
- # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
+ - start
+- include: stop.yml
tags:
- - start
-
-- set_fact:
- cortexhashpwd: "{{ cortexhash.stdout }}"
- #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
+ - stop
+ - stop-odfees
+- include: update-config.yml
tags:
- - start
-
-- name: Configure opendistro_security properties
- template:
- src: "securityconfig/{{item}}.j2"
- dest: "plugins/opendistro_security/securityconfig/{{item}}"
- with_items:
- - internal_users.yml
- - config.yml
- - roles_mapping.yml
+ - update-config
+ - update-odfees-config
+- include: restart.yml
tags:
- - start
-
-#- name: Exit here to test ODFE
-# meta: end_play
-# tags:
-# - start
-
-- name: Start OpenDistro for Elasticsearch
- command: "/usr/share/elasticsearch/bin/elasticsearch -p {{ inventory_hostname }}.pid -d"
- tags:
- - start
-
-- name: Wait for ElasticSearch
- wait_for:
- host: "{{groups['odfeescontainers'][0]}}"
- port: 9200
- state: started
- delay: 5
- tags:
- - start
-
-- name: Configure OpenDistro security
- command: "bash ./plugins/opendistro_security/tools/securityadmin.sh -h {{groups['odfeescontainers'][0]}} -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -ks '/usr/share/elasticsearch/config/{{soctools_users[0].CN}}.p12' -kspass {{soctools_users[0].password}} -ts /usr/share/elasticsearch/config/cacerts.jks -tspass {{tspass}} -cn dsoclab-cluster"
- when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
- tags:
- - start
-
-- name: Stop OpenDistro for Elasticsearch
- command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
- tags:
- - stop
-
+ - restart
+ - restart-odfees
diff --git a/roles/odfees/tasks/restart.yml b/roles/odfees/tasks/restart.yml
new file mode 100644
index 0000000000000000000000000000000000000000..130f200cb0e139f54001e92ebb0bff025e803136
--- /dev/null
+++ b/roles/odfees/tasks/restart.yml
@@ -0,0 +1,14 @@
+---
+
+- name: Restart OpenDistro for Elasticsearch
+ remote_user: root
+ command: "supervisorctl restart odfe"
+
+- name: Wait for ElasticSearch
+ remote_user: root
+ wait_for:
+ host: "{{groups['odfeescontainers'][0]}}"
+ port: 9200
+ state: started
+ delay: 5
+
diff --git a/roles/odfees/tasks/start.yml b/roles/odfees/tasks/start.yml
new file mode 100644
index 0000000000000000000000000000000000000000..622a1cd65e9e634472048a5ab79207ffa60850fd
--- /dev/null
+++ b/roles/odfees/tasks/start.yml
@@ -0,0 +1,102 @@
+---
+
+- name: Copy cacert to ca-trust dir
+ remote_user: root
+ copy:
+ src: "{{playbook_dir}}/secrets/CA/ca.crt"
+ dest: /etc/pki/ca-trust/source/anchors/ca.crt
+
+- name: Install cacert to root truststore
+ remote_user: root
+ command: "update-ca-trust"
+
+- name: Copy certificates in odfe conf dir
+ remote_user: elasticsearch
+ copy:
+ src: "{{ item }}"
+ dest: "config/"
+ mode: 0600
+ with_items:
+ - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12"
+ - "{{playbook_dir}}/secrets/CA/cacerts.jks"
+ - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12"
+
+- name: Configure sysconfig
+ remote_user: elasticsearch
+ template:
+ src: sysconfig_elasticsearch.j2
+ dest: sysconfig_elasticsearch
+
+- name: Copy sysconfig to /etc
+ remote_user: elasticsearch
+ command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
+
+- name: Configure odfe properties
+ remote_user: elasticsearch
+ template:
+ src: "config/{{item}}.j2"
+ dest: "config/{{item}}"
+ with_items:
+ - elasticsearch.yml
+ - jvm.options
+ - log4j2.properties
+
+- name: Change password for admin
+ remote_user: elasticsearch
+ command: "bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}"
+ register: adminhash
+ # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
+
+- set_fact:
+ adminhashpwd: "{{ adminhash.stdout }}"
+ #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
+ remote_user: elasticsearch
+
+- name: Change password for cortex
+ remote_user: elasticsearch
+ command: "bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_odfe')}}"
+ register: cortexhash
+ # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
+
+- set_fact:
+ cortexhashpwd: "{{ cortexhash.stdout }}"
+ #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
+ remote_user: elasticsearch
+
+- name: Configure opendistro_security properties
+ remote_user: elasticsearch
+ template:
+ src: "securityconfig/{{item}}.j2"
+ dest: "plugins/opendistro_security/securityconfig/{{item}}"
+ with_items:
+ - internal_users.yml
+ - config.yml
+ - roles_mapping.yml
+
+#- name: Exit here to test ODFE
+# meta: end_play
+
+- name: Start OpenDistro for Elasticsearch
+ remote_user: root
+ command: "supervisorctl start odfe"
+
+- name: Wait for ElasticSearch
+ remote_user: root
+ wait_for:
+ host: "{{groups['odfeescontainers'][0]}}"
+ port: 9200
+ state: started
+ delay: 5
+
+- name: Configure OpenDistro security
+ remote_user: elasticsearch
+ command: "bash ./plugins/opendistro_security/tools/securityadmin.sh -h {{groups['odfeescontainers'][0]}} -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -ks '/usr/share/elasticsearch/config/{{soctools_users[0].CN}}.p12' -kspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} {{lookup('password','{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} -ts /usr/share/elasticsearch/config/cacerts.jks -tspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}} -cn soctools-cluster"
+ when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
+
+- name: Set Autostart for supervisord's services
+ remote_user: root
+ replace:
+ path: /etc/supervisord.conf
+ regexp: '^autostart=false$'
+ replace: 'autostart=true'
+
diff --git a/roles/odfees/tasks/stop.yml b/roles/odfees/tasks/stop.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1302cc8bf86e04950e347eb12436b0a6cc0aac0f
--- /dev/null
+++ b/roles/odfees/tasks/stop.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Stop OpenDistro for Elasticsearch
+ remote_user: root
+ command: "supervisorctl stop odfe"
+
diff --git a/roles/odfees/tasks/update-config.yml b/roles/odfees/tasks/update-config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a40d487df503d8edc00dd641352d61d3f892042e
--- /dev/null
+++ b/roles/odfees/tasks/update-config.yml
@@ -0,0 +1,32 @@
+---
+
+- name: Configure sysconfig
+ remote_user: elasticsearch
+ template:
+ src: sysconfig_elasticsearch.j2
+ dest: sysconfig_elasticsearch
+
+- name: Copy sysconfig to /etc
+ remote_user: elasticsearch
+ command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
+
+- name: Configure odfe properties
+ remote_user: elasticsearch
+ template:
+ src: "config/{{item}}.j2"
+ dest: "config/{{item}}"
+ with_items:
+ - elasticsearch.yml
+ - jvm.options
+ - log4j2.properties
+
+- name: Configure opendistro_security properties
+ remote_user: elasticsearch
+ template:
+ src: "securityconfig/{{item}}.j2"
+ dest: "plugins/opendistro_security/securityconfig/{{item}}"
+ with_items:
+ - internal_users.yml
+ - config.yml
+ - roles_mapping.yml
+
diff --git a/roles/odfees/templates/config/elasticsearch.yml.j2 b/roles/odfees/templates/config/elasticsearch.yml.j2
index ef61cd36dac6bdefebeaeab66a3c15b97aa3a25d..5e8e18fc2999f2622cca3b0c229265a379c49b44 100644
--- a/roles/odfees/templates/config/elasticsearch.yml.j2
+++ b/roles/odfees/templates/config/elasticsearch.yml.j2
@@ -1,4 +1,4 @@
-cluster.name: "dsoclab-cluster"
+cluster.name: "soctools-cluster"
#network.host: 0.0.0.0
network.host: {{ inventory_hostname }}
discovery.seed_hosts:
@@ -30,11 +30,11 @@ cluster.initial_master_nodes:
opendistro_security.ssl.transport.keystore_type: pkcs12
opendistro_security.ssl.transport.keystore_filepath: {{ inventory_hostname }}.p12
-opendistro_security.ssl.transport.keystore_password: {{ kspass }}
+opendistro_security.ssl.transport.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
#opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.transport.truststore_type: jks
opendistro_security.ssl.transport.truststore_filepath: cacerts.jks
-opendistro_security.ssl.transport.truststore_password: {{ tspass }}
+opendistro_security.ssl.transport.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.http.enabled: true
@@ -42,10 +42,10 @@ opendistro_security.ssl.http.enabled: true
# opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.http.keystore_type: pkcs12
opendistro_security.ssl.http.keystore_filepath: {{ inventory_hostname }}.p12
-opendistro_security.ssl.http.keystore_password: {{ kspass }}
+opendistro_security.ssl.http.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
opendistro_security.ssl.http.truststore_type: jks
opendistro_security.ssl.http.truststore_filepath: cacerts.jks
-opendistro_security.ssl.http.truststore_password: {{ tspass }}
+opendistro_security.ssl.http.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
#opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
#opendistro_security.ssl.http.clientauth_mode: optional
opendistro_security.allow_unsafe_democertificates: false
diff --git a/roles/odfees/templates/config/log4j2.properties.j2 b/roles/odfees/templates/config/log4j2.properties.j2
index 9ad290ad82679309319cee88bee3eaf9d49814eb..ee01d9a1406720d46fe983efacf16cc8d52c3729 100644
--- a/roles/odfees/templates/config/log4j2.properties.j2
+++ b/roles/odfees/templates/config/log4j2.properties.j2
@@ -5,5 +5,27 @@ appender.console.name = console
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
+appender.rolling.type = RollingFile
+appender.rolling.name = rolling
+appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_server.json
+appender.rolling.layout.type = ESJsonLayout
+appender.rolling.layout.type_name = server
+appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz
+appender.rolling.policies.type = Policies
+appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
+appender.rolling.policies.time.interval = 1
+appender.rolling.policies.time.modulate = true
+appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
+appender.rolling.policies.size.size = 20MB
+appender.rolling.strategy.type = DefaultRolloverStrategy
+appender.rolling.strategy.fileIndex = nomax
+appender.rolling.strategy.action.type = Delete
+appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path}
+appender.rolling.strategy.action.condition.type = IfFileName
+appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-*
+appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize
+appender.rolling.strategy.action.condition.nested_condition.exceeds = 100MB
+
rootLogger.level = info
-rootLogger.appenderRef.console.ref = console
+#rootLogger.appenderRef.console.ref = console
+rootLogger.appenderRef.rolling.ref = rolling
diff --git a/roles/odfees/templates/securityconfig/config.yml.j2 b/roles/odfees/templates/securityconfig/config.yml.j2
index 26e77a4fa806fe68767015fc40ad620117985ac5..49368676333bb6153b32e988dcd9bd60764426b2 100644
--- a/roles/odfees/templates/securityconfig/config.yml.j2
+++ b/roles/odfees/templates/securityconfig/config.yml.j2
@@ -116,7 +116,7 @@ config:
config:
subject_key: {{openid_subjkey}}
roles_key: roles
- openid_connect_url: https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration
+ openid_connect_url: https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration
enable_ssl: true
verify_hostnames: false
pemtrustedcas_filepath: "/usr/share/elasticsearch/config/{{ca_cn}}.crt"
diff --git a/roles/odfekibana/files/Arne Oslebo.p12 b/roles/odfekibana/files/Arne Oslebo.p12
deleted file mode 100644
index 273c8018b7bed8f691d9e9c24f5fa9d6425a0e79..0000000000000000000000000000000000000000
Binary files a/roles/odfekibana/files/Arne Oslebo.p12 and /dev/null differ
diff --git a/roles/odfekibana/files/Bozidar Proevski.p12 b/roles/odfekibana/files/Bozidar Proevski.p12
deleted file mode 100644
index 24010a64063a960d554cd4e895e17b9e2e62362a..0000000000000000000000000000000000000000
Binary files a/roles/odfekibana/files/Bozidar Proevski.p12 and /dev/null differ
diff --git a/roles/odfekibana/files/SOCTOOLS-CA.crt b/roles/odfekibana/files/SOCTOOLS-CA.crt
deleted file mode 100644
index 04b1f203d036d2219c23c4ea3630115d68510eb8..0000000000000000000000000000000000000000
--- a/roles/odfekibana/files/SOCTOOLS-CA.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
-BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
-UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
-Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
-M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
-c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
-tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
-ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
-8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
-EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
-JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
-z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
-XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
-CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
-nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
-GPiQTFGknE1U
------END CERTIFICATE-----
diff --git a/roles/odfekibana/files/cacerts.jks b/roles/odfekibana/files/cacerts.jks
deleted file mode 100644
index 9d4001b7d9a466941cda896b6bf145bf2f02020c..0000000000000000000000000000000000000000
Binary files a/roles/odfekibana/files/cacerts.jks and /dev/null differ
diff --git a/roles/odfekibana/files/dsoclab-kibana.crt b/roles/odfekibana/files/dsoclab-kibana.crt
deleted file mode 100644
index f47839f66eda87805afce110cf5d0c2e136e8abe..0000000000000000000000000000000000000000
--- a/roles/odfekibana/files/dsoclab-kibana.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 7d:fc:33:45:75:73:e8:f1:60:94:a7:4e:6b:2f:23:f1
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:27 2020 GMT
- Not After : Oct 15 10:47:27 2023 GMT
- Subject: CN=dsoclab-kibana
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ce:4f:c9:0f:84:4d:4e:7b:dc:11:90:c9:49:a8:
- f3:60:44:a8:25:1b:59:83:64:0b:d1:e0:bc:59:50:
- 22:a5:f5:88:7a:c8:40:65:e4:22:3d:77:d2:8f:9e:
- 30:17:80:5e:20:85:bc:70:67:61:cb:d8:e2:9f:9a:
- 7c:7b:a6:e8:4e:79:7b:cd:86:6e:26:52:37:45:b6:
- ab:b7:6f:40:8f:7a:55:8b:d1:91:cc:21:6f:55:37:
- 50:3b:72:1f:2d:3b:bf:75:47:91:88:6a:1c:ea:39:
- dd:8b:25:31:55:0e:bc:52:6f:bf:0b:96:ef:e3:12:
- 5c:da:63:22:54:e5:b3:95:8b:02:9e:57:3e:7b:4f:
- a0:f5:6f:07:a8:5b:45:7c:cb:34:83:77:34:a5:b1:
- ff:05:12:88:8f:cc:c4:05:5d:e9:e7:7d:2b:12:fa:
- bb:4d:25:f4:f7:04:e7:95:06:95:ea:a9:c4:75:4e:
- f7:03:67:2d:9c:9a:f4:01:f6:2a:8d:6c:6d:d0:59:
- a9:ce:1f:12:b1:76:39:c8:07:d4:20:73:1e:f3:9c:
- b9:67:83:3b:a8:7c:6e:fb:86:ea:3f:6a:8e:98:4c:
- 39:a9:d1:4d:be:9f:0a:43:49:1b:fd:09:67:b6:62:
- 71:fd:87:9a:63:25:00:aa:c7:a1:4d:23:12:e3:56:
- 0f:6f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 50:F3:7D:4F:B2:8C:A5:09:FD:64:CB:C1:97:F1:F8:49:C8:6B:30:4D
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-kibana, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- ae:be:82:6f:6d:e6:c4:cb:c3:2a:d9:d6:ee:11:52:a6:de:89:
- 9e:31:a3:e2:86:07:e9:d1:fe:95:c9:a2:38:90:df:05:ff:e5:
- 99:27:e8:d8:55:00:8a:85:b3:15:a5:e5:5b:ce:4e:4f:01:3b:
- 74:a4:b2:09:fc:6e:95:92:94:2f:76:0d:c7:97:1b:78:c1:08:
- 1e:3a:0e:fa:a6:ab:db:1e:22:26:86:39:f4:bb:89:a1:a1:d1:
- 55:f6:c3:ff:9b:a5:eb:1b:6a:84:8a:1d:3c:5f:7c:03:0d:08:
- 42:6f:d7:14:86:61:38:66:65:f7:c2:86:68:db:81:e9:41:0f:
- 82:cf:bb:be:fd:d7:94:48:cc:f8:cf:4a:40:ce:33:c4:75:51:
- 00:7e:c7:93:f6:3b:92:c1:5e:8a:ce:5f:2c:c2:f4:fe:ec:77:
- 9e:ea:30:d9:53:ee:f9:b9:fd:50:f5:6b:92:1c:57:d2:e0:f3:
- 05:d8:79:a9:63:16:13:09:cf:5f:39:dc:ec:43:e4:65:45:43:
- 65:e4:7c:39:a3:a2:81:47:ab:8f:57:a9:89:9d:56:4b:77:b1:
- 04:c8:9c:54:d2:5c:28:f5:d3:66:ae:9a:9c:a5:91:c7:eb:20:
- 69:fb:58:99:c7:5e:be:ec:4a:7a:62:09:fe:3b:30:f2:4a:d7:
- 1d:f9:0b:c3
------BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgIQffwzRXVz6PFglKdOay8j8TANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
-MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWIta2liYW5hMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAzk/JD4RNTnvcEZDJSajzYESoJRtZg2QL0eC8WVAi
-pfWIeshAZeQiPXfSj54wF4BeIIW8cGdhy9jin5p8e6boTnl7zYZuJlI3Rbart29A
-j3pVi9GRzCFvVTdQO3IfLTu/dUeRiGoc6jndiyUxVQ68Um+/C5bv4xJc2mMiVOWz
-lYsCnlc+e0+g9W8HqFtFfMs0g3c0pbH/BRKIj8zEBV3p530rEvq7TSX09wTnlQaV
-6qnEdU73A2ctnJr0AfYqjWxt0Fmpzh8SsXY5yAfUIHMe85y5Z4M7qHxu+4bqP2qO
-mEw5qdFNvp8KQ0kb/QlntmJx/YeaYyUAqsehTSMS41YPbwIDAQABo4HcMIHZMAkG
-A1UdEwQCMAAwHQYDVR0OBBYEFFDzfU+yjKUJ/WTLwZfx+EnIazBNMEYGA1UdIwQ/
-MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
-Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
-BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1raWJhbmGCHmRzb2NsYWIu
-Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEArr6Cb23m
-xMvDKtnW7hFSpt6JnjGj4oYH6dH+lcmiOJDfBf/lmSfo2FUAioWzFaXlW85OTwE7
-dKSyCfxulZKUL3YNx5cbeMEIHjoO+qar2x4iJoY59LuJoaHRVfbD/5ul6xtqhIod
-PF98Aw0IQm/XFIZhOGZl98KGaNuB6UEPgs+7vv3XlEjM+M9KQM4zxHVRAH7Hk/Y7
-ksFeis5fLML0/ux3nuow2VPu+bn9UPVrkhxX0uDzBdh5qWMWEwnPXznc7EPkZUVD
-ZeR8OaOigUerj1epiZ1WS3exBMicVNJcKPXTZq6anKWRx+sgaftYmcdevuxKemIJ
-/jsw8krXHfkLww==
------END CERTIFICATE-----
diff --git a/roles/odfekibana/files/dsoclab-kibana.key b/roles/odfekibana/files/dsoclab-kibana.key
deleted file mode 100644
index 9eec2e4fa77aee5162699b82640aad24869304a8..0000000000000000000000000000000000000000
--- a/roles/odfekibana/files/dsoclab-kibana.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDOT8kPhE1Oe9wR
-kMlJqPNgRKglG1mDZAvR4LxZUCKl9Yh6yEBl5CI9d9KPnjAXgF4ghbxwZ2HL2OKf
-mnx7puhOeXvNhm4mUjdFtqu3b0CPelWL0ZHMIW9VN1A7ch8tO791R5GIahzqOd2L
-JTFVDrxSb78Llu/jElzaYyJU5bOViwKeVz57T6D1bweoW0V8yzSDdzSlsf8FEoiP
-zMQFXennfSsS+rtNJfT3BOeVBpXqqcR1TvcDZy2cmvQB9iqNbG3QWanOHxKxdjnI
-B9Qgcx7znLlngzuofG77huo/ao6YTDmp0U2+nwpDSRv9CWe2YnH9h5pjJQCqx6FN
-IxLjVg9vAgMBAAECggEBAKJC7gdeLs8Da1oFXcqpLoEQfo5wrD5CeWlgL8Ku3BFa
-wzSOOtfoTWW6z8hUyc4yD9XUWRiutqP0uIh+oFlANIVD1rMWf5t0HjSeLv/eaBBw
-Tsfg06KQyVdkYZ3fa9XPoA1FdJitnIA7cpr1bY9QP502djNPSux0jMLWJTJQVqXN
-fXykLoIvB8xIPWbJAJMgF75turJMFT3wGN+qjCzbsZqIHmqp4eaKoH4Mz+Y6SJcA
-uSzCdGKVPxHUVZbtkXn5GZXFx5YQ0wwRHJRWQ6Fn49HtKc5vBc7PN8fG18+s3DA2
-BR7MLgIaHGBKsnJgcOOZQiRCQP/uBBEIxIF0qU3h5UECgYEA6aiUvvBNcShCRaaH
-Wf5GpYTT1ANNv5+3sCTy4KKt3yCxyyn5ENEFL1i8w6/LffGIAsoLnoEcxWV/fhLy
-ZH5FzIYxlR/w2rddUyOXENx/9CWw/IhL91U9525JCJ0B0TBkZ9842ORX7kcI8+0g
-4oaC5bDYTZotAto4ftNIzmfznesCgYEA4gnREIl4nv9v28x5aUS+HhSpsH9kkVrr
-FQ0amCJSHu4U9J39MXS3Fju3rlmZG59J9ymEQ4tr0Hq3S+tsTy4hP5d67/KtoxKr
-3smyKduX6gfOmEy3TjCSc+OMebM7lX0crX2+0JCm355yDC8fxdAGxpmqYvwmVw9Q
-NbIb2mHR/40CgYEAjshlnQhbSnq/hLBupZ+srBivGS+rox2Gsizh/kNq3J6uBuhv
-Osd/0572Ot6CC0Q9SPcOgp2DZ1zOu8v4M1C2dnTKd8Y8+Gp0rQlilvsndZpSvP7M
-7Sc53OKX3puTMLHRqWfO5TskQIdIAUc2gTaRZqragxFj0App25ZhN0BurmECgYEA
-uM8L5vhu7ZitjUk17zKsOo3sW4kc4ZczY4fOOZq+B9niukm+LMRfuUbkHCHXg/UN
-lY6VPGBuqwraeLEoYei2eHbSpgKFozHt4f6Is55+K3Nsn6sBqGUgKK5gOVSon8Wm
-P9byvzW1qlmyp3GUCbjXAWO8IqhEdKPpka1pBnk6KDUCgYAhGqRGJ7NG4+Wz/0/5
-Z/IQeEsLO4lB7EuIADn9udmrYgYqv7sHDzhIUOviJPRgf2ag68LEXXZsC029famu
-/wbhD6pw1yq0QKGDcgH/LzHL9+74TqRlT7drPyOFPqOGPKtc88wL/aXRC90n7dsT
-jFEbunnLOfUUjgxXiJpNU0FtjQ==
------END PRIVATE KEY-----
diff --git a/roles/odfekibana/files/dsoclab-kibana.p12 b/roles/odfekibana/files/dsoclab-kibana.p12
deleted file mode 100644
index f9e8737d615ab77c25857cf3b3c8eb2d77f03104..0000000000000000000000000000000000000000
Binary files a/roles/odfekibana/files/dsoclab-kibana.p12 and /dev/null differ
diff --git a/roles/odfekibana/files/kibana_graphs.ndjson b/roles/odfekibana/files/kibana_graphs.ndjson
index 086e784c413a2ff1ad657f886be9030d158a6735..f6e604f541a023d488df4f3f76e97d4342d72476 100644
--- a/roles/odfekibana/files/kibana_graphs.ndjson
+++ b/roles/odfekibana/files/kibana_graphs.ndjson
@@ -1,11 +1,62 @@
-{"attributes":{"fieldFormatMap":"{\"ip_dst_addr_misp_url\":{\"id\":\"url\"}}","fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"alert.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"alert.action\",\"subType\":\"multi\"},{\"name\":\"alert.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"alert.category\",\"subType\":\"multi\"},{\"name\":\"alert.gid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.rev\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.signature\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.signature.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"alert.signature\",\"subType\":\"multi\"},{\"name\":\"alert.signature_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"event_type\",\"subType\":\"multi\"},{\"name\":\"flow.bytes_toclient\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bytes_toserver\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.pkts_toclient\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.pkts_toserver\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"host\",\"subType\":\"multi\"},{\"name\":\"host_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"host_domain\",\"subType\":\"multi\"},{\"name\":\"host_domain_freq1\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_domain_freq2\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_iface\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_iface.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"in_iface\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr_geo.geo.accuracy\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_dst_addr_geo.geo.city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr_geo.geo.city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr_geo.geo.city\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr_geo.geo.country.isoCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr_geo.geo.country.isoCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr_geo.geo.country.isoCode\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr_geo.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr_geo.geo.country.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr_geo.geo.country.name\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr_geo.geo.latitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_dst_addr_geo.geo.longitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_dst_addr_misp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr_misp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr_misp\",\"subType\":\"multi\"},{\"name\":\"ip_dst_port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_src_addr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo.geo.accuracy\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_src_addr_geo.geo.city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo.geo.city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo.geo.city\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo.geo.country.isoCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo.geo.country.isoCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo.geo.country.isoCode\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo.geo.country.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo.geo.country.name\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo.geo.latitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_src_addr_geo.geo.longitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_src_port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"payload\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"payload.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"payload\",\"subType\":\"multi\"},{\"name\":\"payload_printable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"payload_printable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"payload_printable\",\"subType\":\"multi\"},{\"name\":\"proto\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proto.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"proto\",\"subType\":\"multi\"},{\"name\":\"stream\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vlan\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_dst_addr_misp_url\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"if (!doc['ip_dst_addr_misp.keyword'].empty) { \\n return 'https://misp.soctools.geant.org/events/view/'+doc['ip_dst_addr_misp.keyword'].value;\\n}\\nreturn null;\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","timeFieldName":"timestamp","title":"logs-suricata-alert-*"},"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-08T12:42:14.207Z","version":"WzMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata Alerts Histogram","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Suricata Alerts Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"71a37750-0b7c-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-08T12:42:14.207Z","version":"WzQsMV0="}
-{"attributes":{"columns":["alert.signature_id","alert.signature","ip_src_addr","ip_dst_addr"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Suricata Alerts","version":1},"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"search":"7.4.0"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-08T12:42:14.207Z","version":"WzUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top signatures","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata alerts - top signatures\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature.keyword\",\"order\":\"desc\",\"size\":10,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"}}]}"},"id":"d7d96e70-0b7d-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-08T12:42:14.207Z","version":"WzYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top ip_dst_addr ","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata alerts - top ip_dst_addr \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"cardinality\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"alert.signature_id\",\"customLabel\":\"Unique\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip_dst_addr.keyword\",\"order\":\"desc\",\"size\":10,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dst IP\"}}]}"},"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-08T12:42:14.207Z","version":"WzcsMV0="}
-{"attributes":{"columns":["ip_dst_addr_misp","ip_dst_addr","alert.signature","ip_dst_addr_misp_url"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"ip_dst_addr_misp>0\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Suricata Alerts Misp","version":1},"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"search":"7.4.0"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-08T12:42:14.207Z","version":"WzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Dst IP in misp","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Dst IP in misp\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip_dst_addr.keyword\",\"order\":\"desc\",\"size\":5,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"}}]}"},"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-08T12:42:14.207Z","version":"WzksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata alerts - the Hive","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Suricata alerts - the Hive\",\"type\":\"thehive_button\",\"params\":{\"url\":\"https://hive.soctools.geant.org/\",\"apikey\":\"ebMZixrFT+4qeWDf0iW3D5qFr/GbwA4j\",\"owner\":\"odfe\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"ip_src_addr.keyword\",\"order\":\"desc\",\"size\":20,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"48992900-62d3-11ea-aaa3-bb2f31340783","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-08T12:42:14.207Z","version":"WzEwLDFd"}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":7,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":15,\"w\":48,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":7,\"w\":10,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":10,\"y\":7,\"w\":9,\"h\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":19,\"y\":7,\"w\":11,\"h\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":39,\"y\":7,\"w\":9,\"h\":3,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"Suricata Alerts","version":1},"id":"368ddb80-0b7f-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"71a37750-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_0","type":"visualization"},{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_1","type":"search"},{"id":"d7d96e70-0b7d-11ea-bc07-2bc38b4c4b9b","name":"panel_2","type":"visualization"},{"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","name":"panel_3","type":"visualization"},{"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","name":"panel_4","type":"visualization"},{"id":"48992900-62d3-11ea-aaa3-bb2f31340783","name":"panel_5","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-08T12:42:14.207Z","version":"WzExLDFd"}
-{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"data_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"data_id\",\"subType\":\"multi\"},{\"name\":\"data_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"data_type\",\"subType\":\"multi\"},{\"name\":\"http_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_version\",\"subType\":\"multi\"},{\"name\":\"ident\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ident.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ident\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_city\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_country\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_country.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_country\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_country_iso\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_country_iso.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_country_iso\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_lat\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_lat.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_lat\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_lon\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_lon.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_lon\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_ipreg_comment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_ipreg_comment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_ipreg_comment\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_ipreg_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_ipreg_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_ipreg_domain\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_ipreg_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_ipreg_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_ipreg_name\",\"subType\":\"multi\"},{\"name\":\"method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"method\",\"subType\":\"multi\"},{\"name\":\"referer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"referer\",\"subType\":\"multi\"},{\"name\":\"request_page\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_page.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"request_page\",\"subType\":\"multi\"},{\"name\":\"response_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"response_size\",\"subType\":\"multi\"},{\"name\":\"server_response\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_response.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"server_response\",\"subType\":\"multi\"},{\"name\":\"source_file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_file\",\"subType\":\"multi\"},{\"name\":\"source_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_host\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"user_agent\",\"subType\":\"multi\"}]","timeFieldName":"timestamp","title":"logs-nginx-*"},"id":"4ca554f0-893f-11ea-977f-4711a028b7c3","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-08T12:42:14.207Z","version":"WzEyLDFd"}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top ip_src_addr ","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata alerts - top ip_src_addr \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"cardinality\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"alert.signature_id\",\"customLabel\":\"Unique\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip_src_addr.keyword\",\"order\":\"desc\",\"size\":10,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Src IP\"}}]}"},"id":"d8322050-0b7e-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-08T12:42:14.207Z","version":"WzEzLDFd"}
\ No newline at end of file
+{"attributes":{"buildNum":26506,"defaultIndex":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b"},"id":"7.4.2","references":[],"type":"config","updated_at":"2020-12-20T14:02:51.577Z","version":"WzM0LDRd"}
+{"attributes":{"fields":"[{\"name\":\"TLP\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"TLP.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"TLP\",\"subType\":\"multi\"},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"destination.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination.ip\",\"subType\":\"multi\"},{\"name\":\"destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination/ip_geo_city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination/ip_geo_city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination/ip_geo_city\",\"subType\":\"multi\"},{\"name\":\"destination/ip_geo_country\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination/ip_geo_country.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination/ip_geo_country\",\"subType\":\"multi\"},{\"name\":\"destination/ip_geo_country_iso\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination/ip_geo_country_iso.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination/ip_geo_country_iso\",\"subType\":\"multi\"},{\"name\":\"destination/ip_geo_lat\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination/ip_geo_lat.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination/ip_geo_lat\",\"subType\":\"multi\"},{\"name\":\"destination/ip_geo_lon\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination/ip_geo_lon.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination/ip_geo_lon\",\"subType\":\"multi\"},{\"name\":\"destination/ip_ipreg_comment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination/ip_ipreg_comment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination/ip_ipreg_comment\",\"subType\":\"multi\"},{\"name\":\"destination/ip_ipreg_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination/ip_ipreg_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination/ip_ipreg_domain\",\"subType\":\"multi\"},{\"name\":\"destination/ip_ipreg_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination/ip_ipreg_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination/ip_ipreg_name\",\"subType\":\"multi\"},{\"name\":\"event_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"event_type\",\"subType\":\"multi\"},{\"name\":\"flow_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_iface\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_iface.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"in_iface\",\"subType\":\"multi\"},{\"name\":\"proto\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proto.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"proto\",\"subType\":\"multi\"},{\"name\":\"source.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source.ip\",\"subType\":\"multi\"},{\"name\":\"source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source/ip_geo_city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source/ip_geo_city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source/ip_geo_city\",\"subType\":\"multi\"},{\"name\":\"source/ip_geo_country\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source/ip_geo_country.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source/ip_geo_country\",\"subType\":\"multi\"},{\"name\":\"source/ip_geo_country_iso\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source/ip_geo_country_iso.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source/ip_geo_country_iso\",\"subType\":\"multi\"},{\"name\":\"source/ip_geo_lat\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source/ip_geo_lat.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source/ip_geo_lat\",\"subType\":\"multi\"},{\"name\":\"source/ip_geo_lon\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source/ip_geo_lon.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source/ip_geo_lon\",\"subType\":\"multi\"},{\"name\":\"source/ip_ipreg_comment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source/ip_ipreg_comment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source/ip_ipreg_comment\",\"subType\":\"multi\"},{\"name\":\"source/ip_ipreg_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source/ip_ipreg_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source/ip_ipreg_domain\",\"subType\":\"multi\"},{\"name\":\"source/ip_ipreg_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source/ip_ipreg_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source/ip_ipreg_name\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.ja3.hash\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.ja3.hash.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"tls.ja3.hash\",\"subType\":\"multi\"},{\"name\":\"tls.ja3.string\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.ja3.string.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"tls.ja3.string\",\"subType\":\"multi\"},{\"name\":\"tls.sni\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.sni.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"tls.sni\",\"subType\":\"multi\"},{\"name\":\"tls.sni_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.sni_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"tls.sni_domain\",\"subType\":\"multi\"},{\"name\":\"tls.sni_domain_alexa\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.sni_domain_alexa.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"tls.sni_domain_alexa\",\"subType\":\"multi\"},{\"name\":\"tls.sni_umbrella\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.sni_umbrella.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"tls.sni_umbrella\",\"subType\":\"multi\"},{\"name\":\"tls.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"tls.version\",\"subType\":\"multi\"}]","timeFieldName":"timestamp","title":"logs-suricata-tls-*"},"id":"74bb7bb0-430a-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-21T10:26:54.470Z","version":"Wzk4LDRd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata TLS - Histogram","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Suricata TLS - Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-12-20T08:53:14.254Z\",\"max\":\"2020-12-21T08:53:14.254Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"080a28d0-436a-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"74bb7bb0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T10:31:45.324Z","version":"WzExMCw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata TLS - Top source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata TLS - Top source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP addr\"}}]}"},"id":"649dd8c0-436b-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"74bb7bb0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T09:18:57.076Z","version":"WzgwLDRd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata TLS - Top destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata TLS - Top destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dest. IP addr\"}}]}"},"id":"e95d6ae0-436a-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"74bb7bb0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T09:19:11.119Z","version":"WzgxLDRd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata TLS - Top SNI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata TLS - Top SNI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.sni.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SNI\"}}]}"},"id":"fbeb5370-436a-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"74bb7bb0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T10:30:58.208Z","version":"WzEwNyw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata TLS - Top destination ports","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata TLS - Top destination ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dest. port\"}}]}"},"id":"d5917220-436c-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"74bb7bb0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T10:31:21.254Z","version":"WzEwOCw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata TLS - TLS version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Suricata TLS - TLS version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"f99b0560-436b-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"74bb7bb0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T10:28:59.999Z","version":"WzEwMyw0XQ=="}
+{"attributes":{"columns":["in_iface","source.ip","destination.ip","destination.port","tls.version","tls.sni","tls.sni_domain_alexa","tls.sni_umbrella"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Suricata TLS logs","version":1},"id":"2fb21020-4377-11eb-b75a-bbebe0b50e97","migrationVersion":{"search":"7.4.0"},"references":[{"id":"74bb7bb0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-21T10:27:54.529Z","version":"Wzk5LDRd"}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":9,\"i\":\"bf273f44-b0c6-4a76-85ae-271bace06b5c\"},\"panelIndex\":\"bf273f44-b0c6-4a76-85ae-271bace06b5c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":15,\"i\":\"f3f513d2-c57c-402d-a7eb-9335533b9cee\"},\"panelIndex\":\"f3f513d2-c57c-402d-a7eb-9335533b9cee\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":10,\"y\":9,\"w\":11,\"h\":15,\"i\":\"280a69a1-470e-455f-a2af-e0f67a5b6899\"},\"panelIndex\":\"280a69a1-470e-455f-a2af-e0f67a5b6899\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":21,\"y\":9,\"w\":17,\"h\":15,\"i\":\"e2966d9f-3a5f-40c6-8046-921ca11dca36\"},\"panelIndex\":\"e2966d9f-3a5f-40c6-8046-921ca11dca36\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":38,\"y\":9,\"w\":10,\"h\":8,\"i\":\"8b66f551-7eea-46fd-a693-83291441986a\"},\"panelIndex\":\"8b66f551-7eea-46fd-a693-83291441986a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":38,\"y\":17,\"w\":10,\"h\":7,\"i\":\"91965e77-41d0-4046-b51b-acf16494b52c\"},\"panelIndex\":\"91965e77-41d0-4046-b51b-acf16494b52c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":24,\"w\":48,\"h\":22,\"i\":\"66a787fc-5c09-4a60-b878-5d453d6d5738\"},\"panelIndex\":\"66a787fc-5c09-4a60-b878-5d453d6d5738\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Suricata TLS","version":1},"id":"2d8baeb0-436c-11eb-b75a-bbebe0b50e97","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"080a28d0-436a-11eb-b75a-bbebe0b50e97","name":"panel_0","type":"visualization"},{"id":"649dd8c0-436b-11eb-b75a-bbebe0b50e97","name":"panel_1","type":"visualization"},{"id":"e95d6ae0-436a-11eb-b75a-bbebe0b50e97","name":"panel_2","type":"visualization"},{"id":"fbeb5370-436a-11eb-b75a-bbebe0b50e97","name":"panel_3","type":"visualization"},{"id":"d5917220-436c-11eb-b75a-bbebe0b50e97","name":"panel_4","type":"visualization"},{"id":"f99b0560-436b-11eb-b75a-bbebe0b50e97","name":"panel_5","type":"visualization"},{"id":"2fb21020-4377-11eb-b75a-bbebe0b50e97","name":"panel_6","type":"search"}],"type":"dashboard","updated_at":"2020-12-21T10:30:30.675Z","version":"WzEwNSw0XQ=="}
+{"attributes":{"fieldFormatMap":"{\"ip_dst_addr_misp_url\":{\"id\":\"url\"}}","fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"alert.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"alert.action\",\"subType\":\"multi\"},{\"name\":\"alert.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"alert.category\",\"subType\":\"multi\"},{\"name\":\"alert.gid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.rev\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.signature\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.signature.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"alert.signature\",\"subType\":\"multi\"},{\"name\":\"alert.signature_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"event_type\",\"subType\":\"multi\"},{\"name\":\"flow.bytes_toclient\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bytes_toserver\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.pkts_toclient\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.pkts_toserver\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"host\",\"subType\":\"multi\"},{\"name\":\"host_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"host_domain\",\"subType\":\"multi\"},{\"name\":\"host_domain_freq1\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_domain_freq2\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_iface\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_iface.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"in_iface\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr_geo.geo.accuracy\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_dst_addr_geo.geo.city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr_geo.geo.city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr_geo.geo.city\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr_geo.geo.country.isoCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr_geo.geo.country.isoCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr_geo.geo.country.isoCode\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr_geo.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr_geo.geo.country.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr_geo.geo.country.name\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr_geo.geo.latitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_dst_addr_geo.geo.longitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_dst_addr_misp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr_misp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr_misp\",\"subType\":\"multi\"},{\"name\":\"ip_dst_port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_src_addr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo.geo.accuracy\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_src_addr_geo.geo.city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo.geo.city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo.geo.city\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo.geo.country.isoCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo.geo.country.isoCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo.geo.country.isoCode\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo.geo.country.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo.geo.country.name\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo.geo.latitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_src_addr_geo.geo.longitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_src_port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"payload\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"payload.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"payload\",\"subType\":\"multi\"},{\"name\":\"payload_printable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"payload_printable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"payload_printable\",\"subType\":\"multi\"},{\"name\":\"proto\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proto.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"proto\",\"subType\":\"multi\"},{\"name\":\"stream\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vlan\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"timestamp","title":"logs-suricata-alert-*"},"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-20T21:20:28.734Z","version":"WzM1LDRd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata Alerts Histogram","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Suricata Alerts Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"71a37750-0b7c-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-20T14:01:02.393Z","version":"WzIzLDRd"}
+{"attributes":{"columns":["alert.signature_id","alert.signature","ip_src_addr","ip_dst_addr"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Suricata Alerts","version":1},"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"search":"7.4.0"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-20T14:01:02.393Z","version":"WzI0LDRd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top signatures","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata alerts - top signatures\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature.keyword\",\"order\":\"desc\",\"size\":10,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"}}]}"},"id":"d7d96e70-0b7d-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-12-20T14:01:02.393Z","version":"WzI1LDRd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top ip_dst_addr ","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata alerts - top ip_dst_addr \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"cardinality\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"alert.signature_id\",\"customLabel\":\"Unique\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip_dst_addr.keyword\",\"order\":\"desc\",\"size\":10,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dst IP\"}}]}"},"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-12-20T14:01:02.393Z","version":"WzI2LDRd"}
+{"attributes":{"columns":["ip_dst_addr_misp","ip_dst_addr","alert.signature","ip_dst_addr_misp_url"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"ip_dst_addr_misp>0\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Suricata Alerts Misp","version":1},"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"search":"7.4.0"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-20T14:01:02.393Z","version":"WzI3LDRd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Dst IP in misp","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Dst IP in misp\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip_dst_addr.keyword\",\"order\":\"desc\",\"size\":5,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"}}]}"},"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-12-20T14:01:02.393Z","version":"WzI4LDRd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata alerts - the Hive","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Suricata alerts - the Hive\",\"type\":\"thehive_button\",\"params\":{\"url\":\"https://hive.soctools.geant.org/\",\"apikey\":\"ebMZixrFT+4qeWDf0iW3D5qFr/GbwA4j\",\"owner\":\"odfe\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"ip_src_addr.keyword\",\"order\":\"desc\",\"size\":20,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"48992900-62d3-11ea-aaa3-bb2f31340783","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-20T14:01:02.393Z","version":"WzI5LDRd"}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":7,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":16,\"w\":48,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":7,\"w\":15,\"h\":9,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":15,\"y\":7,\"w\":9,\"h\":9,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":24,\"y\":7,\"w\":11,\"h\":9,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":39,\"y\":7,\"w\":9,\"h\":4,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"Suricata Alerts","version":1},"id":"368ddb80-0b7f-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"71a37750-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_0","type":"visualization"},{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_1","type":"search"},{"id":"d7d96e70-0b7d-11ea-bc07-2bc38b4c4b9b","name":"panel_2","type":"visualization"},{"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","name":"panel_3","type":"visualization"},{"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","name":"panel_4","type":"visualization"},{"id":"48992900-62d3-11ea-aaa3-bb2f31340783","name":"panel_5","type":"visualization"}],"type":"dashboard","updated_at":"2020-12-21T21:58:35.823Z","version":"WzIxMSw0XQ=="}
+{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"class\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"class\",\"subType\":\"multi\"},{\"name\":\"level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"level\",\"subType\":\"multi\"},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"message\",\"subType\":\"multi\"},{\"name\":\"source_file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_file\",\"subType\":\"multi\"},{\"name\":\"source_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_host\",\"subType\":\"multi\"},{\"name\":\"stackTrace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"stackTrace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"stackTrace\",\"subType\":\"multi\"},{\"name\":\"thread\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"thread.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"thread\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"timestamp","title":"logs-nifi-*"},"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-21T10:42:10.466Z","version":"WzEyNiw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"NiFi Logs - Histogram","uiStateJSON":"{\"vis\":{\"colors\":{\"ERROR\":\"#BF1B00\",\"WARN\":\"#CCA300\",\"INFO\":\"#1F78C1\"}}}","version":1,"visState":"{\"title\":\"NiFi Logs - Histogram\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-12-20T10:47:07.185Z\",\"max\":\"2020-12-21T10:47:07.185Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"bottom\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"level.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"085d3790-437a-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T10:49:20.127Z","version":"WzEyOSw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"NiFi logs - Source host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NiFi logs - Source host\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source_host.keyword\",\"orderBy\":\"_key\",\"order\":\"asc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"3ad86f30-438b-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:53:41.198Z","version":"WzIwNCw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"NiFi logs - Level","uiStateJSON":"{\"vis\":{\"colors\":{\"ERROR\":\"#E24D42\",\"INFO\":\"#1F78C1\",\"WARN\":\"#CCA300\"}}}","version":1,"visState":"{\"title\":\"NiFi logs - Level\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"level.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"03184750-438b-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T12:49:49.637Z","version":"WzEzMyw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"NiFI logs - source files","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NiFI logs - source files\",\"type\":\"table\",\"params\":{\"perPage\":4,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_file.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source file\"}}]}"},"id":"e16c89f0-437a-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T10:54:21.199Z","version":"WzEzMiw0XQ=="}
+{"attributes":{"columns":["source_host","level","source_file","message"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"NiFi logs","version":1},"id":"53a1d270-4379-11eb-b75a-bbebe0b50e97","migrationVersion":{"search":"7.4.0"},"references":[{"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-21T10:43:13.810Z","version":"WzEyNyw0XQ=="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":11,\"i\":\"41579e7d-a833-4988-8e87-30e9934c9153\"},\"panelIndex\":\"41579e7d-a833-4988-8e87-30e9934c9153\",\"embeddableConfig\":{\"vis\":{\"colors\":{\"ERROR\":\"#E24D42\",\"WARN\":\"#CCA300\",\"INFO\":\"#1F78C1\"}}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":11,\"w\":12,\"h\":10,\"i\":\"26a9e301-ca86-4313-8321-e5b8b67fa097\"},\"panelIndex\":\"26a9e301-ca86-4313-8321-e5b8b67fa097\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":12,\"y\":11,\"w\":9,\"h\":10,\"i\":\"0d515b73-44ae-48f0-9fbe-c330d044544a\"},\"panelIndex\":\"0d515b73-44ae-48f0-9fbe-c330d044544a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":21,\"y\":11,\"w\":13,\"h\":10,\"i\":\"9cf35fdc-5e6b-4a9b-a1fd-88c379d343da\"},\"panelIndex\":\"9cf35fdc-5e6b-4a9b-a1fd-88c379d343da\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":21,\"w\":48,\"h\":22,\"i\":\"e52833e0-30de-4451-80db-22c74ec92fcb\"},\"panelIndex\":\"e52833e0-30de-4451-80db-22c74ec92fcb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"NiFi logs","version":1},"id":"4b6ae5a0-437a-11eb-b75a-bbebe0b50e97","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"085d3790-437a-11eb-b75a-bbebe0b50e97","name":"panel_0","type":"visualization"},{"id":"3ad86f30-438b-11eb-b75a-bbebe0b50e97","name":"panel_1","type":"visualization"},{"id":"03184750-438b-11eb-b75a-bbebe0b50e97","name":"panel_2","type":"visualization"},{"id":"e16c89f0-437a-11eb-b75a-bbebe0b50e97","name":"panel_3","type":"visualization"},{"id":"53a1d270-4379-11eb-b75a-bbebe0b50e97","name":"panel_4","type":"search"}],"type":"dashboard","updated_at":"2020-12-21T12:53:06.300Z","version":"WzEzNiw0XQ=="}
+{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.ephemeral_id\",\"subType\":\"multi\"},{\"name\":\"agent.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.hostname\",\"subType\":\"multi\"},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.id\",\"subType\":\"multi\"},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.name\",\"subType\":\"multi\"},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.type\",\"subType\":\"multi\"},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.version\",\"subType\":\"multi\"},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ecs.version\",\"subType\":\"multi\"},{\"name\":\"error.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"error.message\",\"subType\":\"multi\"},{\"name\":\"error.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"error.name\",\"subType\":\"multi\"},{\"name\":\"error.stack\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.stack.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"error.stack\",\"subType\":\"multi\"},{\"name\":\"fields.log_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fields.log_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"fields.log_type\",\"subType\":\"multi\"},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"host.name\",\"subType\":\"multi\"},{\"name\":\"input.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"input.type\",\"subType\":\"multi\"},{\"name\":\"level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"level\",\"subType\":\"multi\"},{\"name\":\"log.file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"log.file.path\",\"subType\":\"multi\"},{\"name\":\"log.offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"message\",\"subType\":\"multi\"},{\"name\":\"metadata.beat\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.beat.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.beat\",\"subType\":\"multi\"},{\"name\":\"metadata.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.type\",\"subType\":\"multi\"},{\"name\":\"metadata.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.version\",\"subType\":\"multi\"},{\"name\":\"method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"method\",\"subType\":\"multi\"},{\"name\":\"pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prevMsg\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prevMsg.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"prevMsg\",\"subType\":\"multi\"},{\"name\":\"prevState\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prevState.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"prevState\",\"subType\":\"multi\"},{\"name\":\"req.headers.accept\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.accept-encoding\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.accept-encoding.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.accept-encoding\",\"subType\":\"multi\"},{\"name\":\"req.headers.accept-language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.accept-language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.accept-language\",\"subType\":\"multi\"},{\"name\":\"req.headers.accept.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.accept\",\"subType\":\"multi\"},{\"name\":\"req.headers.cache-control\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.cache-control.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.cache-control\",\"subType\":\"multi\"},{\"name\":\"req.headers.connection\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.connection.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.connection\",\"subType\":\"multi\"},{\"name\":\"req.headers.content-length\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.content-length.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.content-length\",\"subType\":\"multi\"},{\"name\":\"req.headers.content-type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.content-type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.content-type\",\"subType\":\"multi\"},{\"name\":\"req.headers.host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.host\",\"subType\":\"multi\"},{\"name\":\"req.headers.if-none-match\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.if-none-match.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.if-none-match\",\"subType\":\"multi\"},{\"name\":\"req.headers.kbn-version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.kbn-version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.kbn-version\",\"subType\":\"multi\"},{\"name\":\"req.headers.origin\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.origin.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.origin\",\"subType\":\"multi\"},{\"name\":\"req.headers.referer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.referer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.referer\",\"subType\":\"multi\"},{\"name\":\"req.headers.upgrade-insecure-requests\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.upgrade-insecure-requests.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.upgrade-insecure-requests\",\"subType\":\"multi\"},{\"name\":\"req.headers.user-agent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.user-agent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.user-agent\",\"subType\":\"multi\"},{\"name\":\"req.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.method\",\"subType\":\"multi\"},{\"name\":\"req.referer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.referer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.referer\",\"subType\":\"multi\"},{\"name\":\"req.remoteAddress\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.remoteAddress.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.remoteAddress\",\"subType\":\"multi\"},{\"name\":\"req.url\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.url.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.url\",\"subType\":\"multi\"},{\"name\":\"req.userAgent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.userAgent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.userAgent\",\"subType\":\"multi\"},{\"name\":\"res.contentLength\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"res.responseTime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"res.statusCode\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"state\",\"subType\":\"multi\"},{\"name\":\"statusCode\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"tags\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"type\",\"subType\":\"multi\"}]","timeFieldName":"timestamp","title":"logs-kibana-*"},"id":"55426280-430a-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-21T16:15:49.869Z","version":"WzE0Nyw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Kibana logs - Histogram","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kibana logs - Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"84735610-43a8-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"55426280-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T16:21:02.064Z","version":"WzE0OCw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Kibana logs - Top IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kibana logs - Top IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"req.remoteAddress.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Remote address\"}}]}"},"id":"22b8f4d0-43cf-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"55426280-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T20:57:28.477Z","version":"WzE1Niw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Kibana logs - Response time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Kibana logs - Response time\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{\"interval\":100},\"aggType\":\"histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]},\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":50,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"orderBucketsBySum\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"res.responseTime\",\"interval\":50,\"min_doc_count\":false,\"has_extended_bounds\":false,\"extended_bounds\":{\"max\":\"\",\"min\":\"\"},\"customLabel\":\"Response time [ms]\"}}]}"},"id":"90d03420-43ce-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"55426280-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T20:53:23.681Z","version":"WzE1NSw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Kibana logs - Status codes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kibana logs - Status codes\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"res.statusCode\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status code\"}}]}"},"id":"8f67bff0-43cd-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"55426280-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T20:46:11.822Z","version":"WzE1NCw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Kibana logs - Top URLs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kibana logs - Top URLs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"req.url.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Requested URL\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"req.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"id":"d921f4a0-43a8-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"55426280-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T20:43:48.516Z","version":"WzE1Myw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Kibana logs - Top User-Agents","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kibana logs - Top User-Agents\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"req.headers.user-agent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User-Agent\"}}]}"},"id":"baef0cb0-43cc-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"55426280-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T20:40:15.354Z","version":"WzE1MSw0XQ=="}
+{"attributes":{"columns":["method","req.url","res.statusCode","req.remoteAddress","req.headers.user-agent"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Kibana logs","version":1},"id":"8f07c570-43a8-11eb-b75a-bbebe0b50e97","migrationVersion":{"search":"7.4.0"},"references":[{"id":"55426280-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-21T16:21:19.815Z","version":"WzE0OSw0XQ=="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":8,\"i\":\"04285b5f-cd0f-4514-857c-0392c04dd759\"},\"panelIndex\":\"04285b5f-cd0f-4514-857c-0392c04dd759\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":8,\"w\":11,\"h\":12,\"i\":\"d6cba6b1-29d2-41bf-862b-85094bc155db\"},\"panelIndex\":\"d6cba6b1-29d2-41bf-862b-85094bc155db\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":11,\"y\":8,\"w\":23,\"h\":12,\"i\":\"2f0b8c11-89a2-4faa-bf5f-201803edae1d\"},\"panelIndex\":\"2f0b8c11-89a2-4faa-bf5f-201803edae1d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":34,\"y\":8,\"w\":14,\"h\":12,\"i\":\"99a7d5fc-d91f-4202-8c7e-48bfbf515084\"},\"panelIndex\":\"99a7d5fc-d91f-4202-8c7e-48bfbf515084\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":20,\"w\":28,\"h\":15,\"i\":\"7c98c844-9efd-4289-94b0-83101b21ee9b\"},\"panelIndex\":\"7c98c844-9efd-4289-94b0-83101b21ee9b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":28,\"y\":20,\"w\":20,\"h\":15,\"i\":\"08ce3890-961f-408f-9e2b-f9f028415e07\"},\"panelIndex\":\"08ce3890-961f-408f-9e2b-f9f028415e07\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":21,\"i\":\"0b4b31f9-53d5-4212-aedc-a261ee4be5e8\"},\"panelIndex\":\"0b4b31f9-53d5-4212-aedc-a261ee4be5e8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Kibana logs","version":1},"id":"6e0402e0-43cf-11eb-b75a-bbebe0b50e97","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"84735610-43a8-11eb-b75a-bbebe0b50e97","name":"panel_0","type":"visualization"},{"id":"22b8f4d0-43cf-11eb-b75a-bbebe0b50e97","name":"panel_1","type":"visualization"},{"id":"90d03420-43ce-11eb-b75a-bbebe0b50e97","name":"panel_2","type":"visualization"},{"id":"8f67bff0-43cd-11eb-b75a-bbebe0b50e97","name":"panel_3","type":"visualization"},{"id":"d921f4a0-43a8-11eb-b75a-bbebe0b50e97","name":"panel_4","type":"visualization"},{"id":"baef0cb0-43cc-11eb-b75a-bbebe0b50e97","name":"panel_5","type":"visualization"},{"id":"8f07c570-43a8-11eb-b75a-bbebe0b50e97","name":"panel_6","type":"search"}],"type":"dashboard","updated_at":"2020-12-21T20:59:34.797Z","version":"WzE1Nyw0XQ=="}
+{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.ephemeral_id\",\"subType\":\"multi\"},{\"name\":\"agent.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.hostname\",\"subType\":\"multi\"},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.id\",\"subType\":\"multi\"},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.name\",\"subType\":\"multi\"},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.type\",\"subType\":\"multi\"},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.version\",\"subType\":\"multi\"},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ecs.version\",\"subType\":\"multi\"},{\"name\":\"event.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fields.log_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fields.log_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"fields.log_type\",\"subType\":\"multi\"},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"host.name\",\"subType\":\"multi\"},{\"name\":\"input.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"input.type\",\"subType\":\"multi\"},{\"name\":\"log.file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"log.file.path\",\"subType\":\"multi\"},{\"name\":\"log.offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.source.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.source.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"log.source.address\",\"subType\":\"multi\"},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"message\",\"subType\":\"multi\"},{\"name\":\"metadata.beat\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.beat.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.beat\",\"subType\":\"multi\"},{\"name\":\"metadata.truncated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"metadata.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.type\",\"subType\":\"multi\"},{\"name\":\"metadata.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.version\",\"subType\":\"multi\"},{\"name\":\"syslog.facility\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog.facility_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.facility_label.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"syslog.facility_label\",\"subType\":\"multi\"},{\"name\":\"syslog.priority\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog.severity_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.severity_label.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"syslog.severity_label\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"timestamp","title":"logs-filebeat-unknown-*"},"id":"b8cf4490-4309-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-21T21:44:27.290Z","version":"WzE5Myw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Other logs - Histogram","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Other logs - Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT3H\",\"format\":\"YYYY-MM-DD HH:mm\",\"bounds\":{\"min\":\"2020-12-14T21:46:19.383Z\",\"max\":\"2020-12-21T21:46:19.383Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"fields.log_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"timeRange\":{\"from\":\"now-7d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"f4775b50-43d5-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"b8cf4490-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:46:26.845Z","version":"WzE5Nyw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Other logs - Host name","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Other logs - Host name\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"3579d010-43d6-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"b8cf4490-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:48:06.416Z","version":"WzE5OSw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Other logs - Log type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Other logs - Log type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"fields.log_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"1fe05530-43d6-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"b8cf4490-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:47:30.178Z","version":"WzE5OCw0XQ=="}
+{"attributes":{"columns":["fields.log_type","message"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Filebeat unknown logs","version":1},"id":"bfaaf800-43d5-11eb-b75a-bbebe0b50e97","migrationVersion":{"search":"7.4.0"},"references":[{"id":"b8cf4490-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-21T21:44:48.767Z","version":"WzE5NCw0XQ=="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":9,\"i\":\"bf3a414b-96f0-4090-b163-43664f901493\"},\"panelIndex\":\"bf3a414b-96f0-4090-b163-43664f901493\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":15,\"h\":9,\"i\":\"d6977944-5a19-48b6-8829-2e50838363e7\"},\"panelIndex\":\"d6977944-5a19-48b6-8829-2e50838363e7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":15,\"y\":9,\"w\":15,\"h\":9,\"i\":\"4cc8faa1-db1f-49e4-aaed-4e6010ff066b\"},\"panelIndex\":\"4cc8faa1-db1f-49e4-aaed-4e6010ff066b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":18,\"w\":48,\"h\":21,\"i\":\"09bccade-e7cc-455e-b5e7-af2403262ba6\"},\"panelIndex\":\"09bccade-e7cc-455e-b5e7-af2403262ba6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]","timeRestore":false,"title":"Other logs","version":1},"id":"7104bb90-43d6-11eb-b75a-bbebe0b50e97","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"f4775b50-43d5-11eb-b75a-bbebe0b50e97","name":"panel_0","type":"visualization"},{"id":"3579d010-43d6-11eb-b75a-bbebe0b50e97","name":"panel_1","type":"visualization"},{"id":"1fe05530-43d6-11eb-b75a-bbebe0b50e97","name":"panel_2","type":"visualization"},{"id":"bfaaf800-43d5-11eb-b75a-bbebe0b50e97","name":"panel_3","type":"search"}],"type":"dashboard","updated_at":"2020-12-21T21:49:46.312Z","version":"WzIwMCw0XQ=="}
+{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.ephemeral_id\",\"subType\":\"multi\"},{\"name\":\"agent.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.hostname\",\"subType\":\"multi\"},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.id\",\"subType\":\"multi\"},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.name\",\"subType\":\"multi\"},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.type\",\"subType\":\"multi\"},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.version\",\"subType\":\"multi\"},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ecs.version\",\"subType\":\"multi\"},{\"name\":\"error.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"error.message\",\"subType\":\"multi\"},{\"name\":\"error.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"error.type\",\"subType\":\"multi\"},{\"name\":\"fields.log_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fields.log_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"fields.log_type\",\"subType\":\"multi\"},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"host.name\",\"subType\":\"multi\"},{\"name\":\"hostName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"hostName\",\"subType\":\"multi\"},{\"name\":\"input.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"input.type\",\"subType\":\"multi\"},{\"name\":\"level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"level\",\"subType\":\"multi\"},{\"name\":\"log.file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"log.file.path\",\"subType\":\"multi\"},{\"name\":\"log.offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"loggerClassName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"loggerClassName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"loggerClassName\",\"subType\":\"multi\"},{\"name\":\"loggerName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"loggerName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"loggerName\",\"subType\":\"multi\"},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"message\",\"subType\":\"multi\"},{\"name\":\"metadata.beat\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.beat.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.beat\",\"subType\":\"multi\"},{\"name\":\"metadata.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.type\",\"subType\":\"multi\"},{\"name\":\"metadata.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.version\",\"subType\":\"multi\"},{\"name\":\"ndc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ndc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ndc\",\"subType\":\"multi\"},{\"name\":\"processId\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"processName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"processName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"processName\",\"subType\":\"multi\"},{\"name\":\"sequence\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sourceClassName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sourceClassName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"sourceClassName\",\"subType\":\"multi\"},{\"name\":\"sourceFileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sourceFileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"sourceFileName\",\"subType\":\"multi\"},{\"name\":\"sourceLineNumber\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sourceMethodName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sourceMethodName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"sourceMethodName\",\"subType\":\"multi\"},{\"name\":\"sourceModuleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sourceModuleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"sourceModuleName\",\"subType\":\"multi\"},{\"name\":\"sourceModuleVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sourceModuleVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"sourceModuleVersion\",\"subType\":\"multi\"},{\"name\":\"threadId\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threadName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"threadName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"threadName\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"timestamp","title":"logs-keycloak-*"},"id":"b9a340f0-430a-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-21T21:01:56.865Z","version":"WzE2MCw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Keycloak logs - Histogram","uiStateJSON":"{\"vis\":{\"colors\":{\"INFO\":\"#1F78C1\"},\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"Keycloak logs - Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-12-20T21:05:22.930Z\",\"max\":\"2020-12-21T21:05:22.930Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"level.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"4b5e4560-43d0-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"b9a340f0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:05:46.166Z","version":"WzE2Miw0XQ=="}
+{"attributes":{"columns":["level","message"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Keycloak logs","version":1},"id":"14c6e610-43d0-11eb-b75a-bbebe0b50e97","migrationVersion":{"search":"7.4.0"},"references":[{"id":"b9a340f0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-21T21:04:14.577Z","version":"WzE2MSw0XQ=="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":9,\"i\":\"f4adefb8-580f-47fa-a7b8-27be3af78eb1\"},\"panelIndex\":\"f4adefb8-580f-47fa-a7b8-27be3af78eb1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":48,\"h\":20,\"i\":\"2f33edae-d9c7-4eaa-8e4d-494db3b1cf73\"},\"panelIndex\":\"2f33edae-d9c7-4eaa-8e4d-494db3b1cf73\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Keycloak logs","version":1},"id":"717b80f0-43d0-11eb-b75a-bbebe0b50e97","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"4b5e4560-43d0-11eb-b75a-bbebe0b50e97","name":"panel_0","type":"visualization"},{"id":"14c6e610-43d0-11eb-b75a-bbebe0b50e97","name":"panel_1","type":"search"}],"type":"dashboard","updated_at":"2020-12-21T21:06:50.111Z","version":"WzE2Myw0XQ=="}
+{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"actconn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"actconn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"actconn\",\"subType\":\"multi\"},{\"name\":\"backend_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"backend_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"backend_name\",\"subType\":\"multi\"},{\"name\":\"backend_queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"backend_queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"backend_queue\",\"subType\":\"multi\"},{\"name\":\"beconn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beconn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"beconn\",\"subType\":\"multi\"},{\"name\":\"bytes_read\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"bytes_read.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"bytes_read\",\"subType\":\"multi\"},{\"name\":\"captured_request_cookie\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"captured_request_cookie.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"captured_request_cookie\",\"subType\":\"multi\"},{\"name\":\"captured_response_cookie\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"captured_response_cookie.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"captured_response_cookie\",\"subType\":\"multi\"},{\"name\":\"client.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip\",\"subType\":\"multi\"},{\"name\":\"client.ip_geo_city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip_geo_city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip_geo_city\",\"subType\":\"multi\"},{\"name\":\"client.ip_geo_country\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip_geo_country.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip_geo_country\",\"subType\":\"multi\"},{\"name\":\"client.ip_geo_country_iso\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip_geo_country_iso.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip_geo_country_iso\",\"subType\":\"multi\"},{\"name\":\"client.ip_geo_lat\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip_geo_lat.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip_geo_lat\",\"subType\":\"multi\"},{\"name\":\"client.ip_geo_lon\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip_geo_lon.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip_geo_lon\",\"subType\":\"multi\"},{\"name\":\"client.ip_ipreg_comment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip_ipreg_comment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip_ipreg_comment\",\"subType\":\"multi\"},{\"name\":\"client.ip_ipreg_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip_ipreg_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip_ipreg_domain\",\"subType\":\"multi\"},{\"name\":\"client.ip_ipreg_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip_ipreg_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip_ipreg_name\",\"subType\":\"multi\"},{\"name\":\"client.port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.port\",\"subType\":\"multi\"},{\"name\":\"feconn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"feconn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"feconn\",\"subType\":\"multi\"},{\"name\":\"frontend_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frontend_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"frontend_name\",\"subType\":\"multi\"},{\"name\":\"http_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_host\",\"subType\":\"multi\"},{\"name\":\"http_proto\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_proto.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_proto\",\"subType\":\"multi\"},{\"name\":\"http_request\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_request.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_request\",\"subType\":\"multi\"},{\"name\":\"http_status_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_status_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_status_code\",\"subType\":\"multi\"},{\"name\":\"http_user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_user\",\"subType\":\"multi\"},{\"name\":\"http_verb\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_verb.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_verb\",\"subType\":\"multi\"},{\"name\":\"http_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_version\",\"subType\":\"multi\"},{\"name\":\"process.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"process.name\",\"subType\":\"multi\"},{\"name\":\"process.pid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"process.pid\",\"subType\":\"multi\"},{\"name\":\"retries\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"retries.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"retries\",\"subType\":\"multi\"},{\"name\":\"server.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"server.domain\",\"subType\":\"multi\"},{\"name\":\"source_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_host\",\"subType\":\"multi\"},{\"name\":\"srv_queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"srv_queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"srv_queue\",\"subType\":\"multi\"},{\"name\":\"srvconn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"srvconn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"srvconn\",\"subType\":\"multi\"},{\"name\":\"termination_state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"termination_state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"termination_state\",\"subType\":\"multi\"},{\"name\":\"time_backend_connect\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"time_backend_connect.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"time_backend_connect\",\"subType\":\"multi\"},{\"name\":\"time_backend_response\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"time_backend_response.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"time_backend_response\",\"subType\":\"multi\"},{\"name\":\"time_duration\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"time_duration.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"time_duration\",\"subType\":\"multi\"},{\"name\":\"time_queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"time_queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"time_queue\",\"subType\":\"multi\"},{\"name\":\"time_request\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"time_request.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"time_request\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"timestamp","title":"logs-haproxy-*"},"id":"ece0e360-4309-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-21T21:27:29.655Z","version":"WzE3NSw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"haproxy logs - Histogram","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"haproxy logs - Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-12-20T21:34:47.670Z\",\"max\":\"2020-12-21T21:34:47.670Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"backend_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"74693590-43d1-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"ece0e360-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:35:01.074Z","version":"WzE4MSw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"haproxy logs - Top clients","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"haproxy logs - Top clients\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client IP addr\"}}]}"},"id":"d2b6e700-43d1-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"ece0e360-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:16:42.736Z","version":"WzE2Niw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"haproxy logs - Top requests","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"haproxy logs - Top requests\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"backend_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Backend name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http_request.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http_status_code.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}"},"id":"33158c30-43d4-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"ece0e360-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:38:09.088Z","version":"WzE4NCw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"haproxy logs - Status codes","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"http_status_code.keyword\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"bottom\",\"type\":\"pie\"},\"title\":\"haproxy logs - Status codes\",\"type\":\"pie\"}"},"id":"96a9c140-43d3-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"ece0e360-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:29:37.571Z","version":"WzE3OCw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"haproxy logs - Backends","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"haproxy logs - Backends\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"bottom\",\"type\":\"pie\",\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"backend_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"2c952900-43d5-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"ece0e360-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:40:42.000Z","version":"WzE4OCw0XQ=="}
+{"attributes":{"columns":["client.ip","backend_name","http_verb","http_request","http_status_code","bytes_read","time_duration"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"haproxy logs","version":1},"id":"6c1be520-43d3-11eb-b75a-bbebe0b50e97","migrationVersion":{"search":"7.4.0"},"references":[{"id":"ece0e360-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-21T21:28:09.585Z","version":"WzE3Niw0XQ=="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":9,\"i\":\"ccce8e7d-f8cf-4074-929a-a5518428f22d\"},\"panelIndex\":\"ccce8e7d-f8cf-4074-929a-a5518428f22d\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":16,\"i\":\"ba3bb2ae-8c2d-4d7c-b31b-68236235fa54\"},\"panelIndex\":\"ba3bb2ae-8c2d-4d7c-b31b-68236235fa54\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":11,\"y\":9,\"w\":28,\"h\":16,\"i\":\"07c2a778-1266-463e-9b3a-ea6f9d93e82b\"},\"panelIndex\":\"07c2a778-1266-463e-9b3a-ea6f9d93e82b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":39,\"y\":17,\"w\":9,\"h\":8,\"i\":\"d8e80787-da38-48a5-be9d-e73a94a1f0b3\"},\"panelIndex\":\"d8e80787-da38-48a5-be9d-e73a94a1f0b3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":39,\"y\":9,\"w\":9,\"h\":8,\"i\":\"efc8e873-81b6-46d4-91c8-003c1869de67\"},\"panelIndex\":\"efc8e873-81b6-46d4-91c8-003c1869de67\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true},\"legendOpen\":false},\"panelRefName\":\"panel_4\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":25,\"w\":48,\"h\":22,\"i\":\"735a3ce2-b6f1-4d3b-af8f-05c4511e9b64\"},\"panelIndex\":\"735a3ce2-b6f1-4d3b-af8f-05c4511e9b64\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"haproxy logs","version":1},"id":"7dfc0c10-43d4-11eb-b75a-bbebe0b50e97","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"74693590-43d1-11eb-b75a-bbebe0b50e97","name":"panel_0","type":"visualization"},{"id":"d2b6e700-43d1-11eb-b75a-bbebe0b50e97","name":"panel_1","type":"visualization"},{"id":"33158c30-43d4-11eb-b75a-bbebe0b50e97","name":"panel_2","type":"visualization"},{"id":"96a9c140-43d3-11eb-b75a-bbebe0b50e97","name":"panel_3","type":"visualization"},{"id":"2c952900-43d5-11eb-b75a-bbebe0b50e97","name":"panel_4","type":"visualization"},{"id":"6c1be520-43d3-11eb-b75a-bbebe0b50e97","name":"panel_5","type":"search"}],"type":"dashboard","updated_at":"2020-12-21T21:42:37.188Z","version":"WzE4OSw0XQ=="}
+{"attributes":{"fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"audit_category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_category\",\"subType\":\"multi\"},{\"name\":\"audit_cluster_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_cluster_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_cluster_name\",\"subType\":\"multi\"},{\"name\":\"audit_format_version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"audit_node_host_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_node_host_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_node_host_address\",\"subType\":\"multi\"},{\"name\":\"audit_node_host_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_node_host_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_node_host_name\",\"subType\":\"multi\"},{\"name\":\"audit_node_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_node_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_node_id\",\"subType\":\"multi\"},{\"name\":\"audit_node_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_node_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_node_name\",\"subType\":\"multi\"},{\"name\":\"audit_request_exception_stacktrace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_request_exception_stacktrace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_request_exception_stacktrace\",\"subType\":\"multi\"},{\"name\":\"audit_request_layer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_request_layer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_request_layer\",\"subType\":\"multi\"},{\"name\":\"audit_request_origin\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_request_origin.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_request_origin\",\"subType\":\"multi\"}]","timeFieldName":"@timestamp","title":"security-auditlog-*"},"id":"cc44d890-430a-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-21T10:34:19.556Z","version":"WzExOCw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Audit Log - Histogram","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"Security Audit Log - Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT3H\",\"format\":\"YYYY-MM-DD HH:mm\",\"bounds\":{\"min\":\"2020-12-14T21:56:36.618Z\",\"max\":\"2020-12-21T21:56:36.618Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-7d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"audit_category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"846b6f00-4375-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"cc44d890-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:56:51.161Z","version":"WzIwOCw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Audit Log - Node name","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Audit Log - Node name\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"audit_node_name.keyword\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"b80e8d30-4378-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"cc44d890-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:55:05.416Z","version":"WzIwNyw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Audit Log - Category","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Audit Log - Category\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"audit_category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"ca9c27a0-4378-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"cc44d890-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T10:39:23.930Z","version":"WzEyMSw0XQ=="}
+{"attributes":{"columns":["audit_node_host_name","audit_category","audit_request_layer","audit_request_origin","audit_request_exception_stacktrace"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Audit Logs","version":1},"id":"388503f0-4378-11eb-b75a-bbebe0b50e97","migrationVersion":{"search":"7.4.0"},"references":[{"id":"cc44d890-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-21T10:35:18.830Z","version":"WzExOSw0XQ=="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":10,\"i\":\"963df476-bd2f-4c26-9652-3cdfa1eef34f\"},\"panelIndex\":\"963df476-bd2f-4c26-9652-3cdfa1eef34f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":10,\"w\":15,\"h\":9,\"i\":\"c87d79c0-84a1-46af-80a4-afc61cdae0a5\"},\"panelIndex\":\"c87d79c0-84a1-46af-80a4-afc61cdae0a5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":15,\"y\":10,\"w\":15,\"h\":9,\"i\":\"c32eb149-2f61-41b5-ae5a-a864fb3257cb\"},\"panelIndex\":\"c32eb149-2f61-41b5-ae5a-a864fb3257cb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":19,\"w\":48,\"h\":22,\"i\":\"cbd2ce7a-841d-4d11-b16e-79be174523e6\"},\"panelIndex\":\"cbd2ce7a-841d-4d11-b16e-79be174523e6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]","timeRestore":false,"title":"Security Audit Log","version":1},"id":"e52ea260-4377-11eb-b75a-bbebe0b50e97","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"846b6f00-4375-11eb-b75a-bbebe0b50e97","name":"panel_0","type":"visualization"},{"id":"b80e8d30-4378-11eb-b75a-bbebe0b50e97","name":"panel_1","type":"visualization"},{"id":"ca9c27a0-4378-11eb-b75a-bbebe0b50e97","name":"panel_2","type":"visualization"},{"id":"388503f0-4378-11eb-b75a-bbebe0b50e97","name":"panel_3","type":"search"}],"type":"dashboard","updated_at":"2020-12-21T10:40:45.697Z","version":"WzEyMiw0XQ=="}
+{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"data_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"data_id\",\"subType\":\"multi\"},{\"name\":\"data_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"data_type\",\"subType\":\"multi\"},{\"name\":\"http_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_version\",\"subType\":\"multi\"},{\"name\":\"ident\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ident.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ident\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_city\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_country\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_country.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_country\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_country_iso\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_country_iso.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_country_iso\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_lat\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_lat.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_lat\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_lon\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_lon.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_lon\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_ipreg_comment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_ipreg_comment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_ipreg_comment\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_ipreg_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_ipreg_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_ipreg_domain\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_ipreg_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_ipreg_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_ipreg_name\",\"subType\":\"multi\"},{\"name\":\"method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"method\",\"subType\":\"multi\"},{\"name\":\"referer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"referer\",\"subType\":\"multi\"},{\"name\":\"request_page\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_page.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"request_page\",\"subType\":\"multi\"},{\"name\":\"response_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"response_size\",\"subType\":\"multi\"},{\"name\":\"server_response\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_response.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"server_response\",\"subType\":\"multi\"},{\"name\":\"source_file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_file\",\"subType\":\"multi\"},{\"name\":\"source_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_host\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"user_agent\",\"subType\":\"multi\"}]","timeFieldName":"timestamp","title":"logs-nginx-*"},"id":"4ca554f0-893f-11ea-977f-4711a028b7c3","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-20T14:01:02.393Z","version":"WzMxLDRd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Nginx Logs - Histogram","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Nginx Logs - Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"5bafcf20-43a7-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"4ca554f0-893f-11ea-977f-4711a028b7c3","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T16:12:44.178Z","version":"WzEzOSw0XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top ip_src_addr ","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata alerts - top ip_src_addr \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"cardinality\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"alert.signature_id\",\"customLabel\":\"Unique\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip_src_addr.keyword\",\"order\":\"desc\",\"size\":10,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Src IP\"}}]}"},"id":"d8322050-0b7e-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-12-20T14:01:02.393Z","version":"WzMyLDRd"}
\ No newline at end of file
diff --git a/roles/odfekibana/files/kibanasecret b/roles/odfekibana/files/kibanasecret
deleted file mode 100644
index ec28be7e844bd0eaefbc32f1d4196e27aa41e19b..0000000000000000000000000000000000000000
--- a/roles/odfekibana/files/kibanasecret
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "value" : "19125de3-27fa-40e8-83bf-fdb8c8338b99"
-}
\ No newline at end of file
diff --git a/roles/odfekibana/tasks/main.yml b/roles/odfekibana/tasks/main.yml
index c0854140c7d172dc700f010fb756728b5c296f55..1662efd600ad1a43e47bc3c40acb09fe69599dda 100644
--- a/roles/odfekibana/tasks/main.yml
+++ b/roles/odfekibana/tasks/main.yml
@@ -1,184 +1,17 @@
---
-#- name: Create config directory
-# file:
-# name: config
-# state: directory
-# mode: 0700
-# tags:
-# - start
-
-- name: Copy cacert to ca-trust dir
- remote_user: root
- copy:
- src: "files/{{ca_cn}}.crt"
- dest: /etc/pki/ca-trust/source/anchors/ca.crt
- tags:
- - start
-
-- name: Install cacert to root truststore
- remote_user: root
- command: "update-ca-trust"
- tags:
- - start
-
-- name: Copy certificates in odfe kibana conf dir
- copy:
- src: "{{ item }}"
- dest: "config/{{ item }}"
- mode: 0600
- with_items:
- - "{{ inventory_hostname }}.p12"
- - "{{ inventory_hostname }}.crt"
- - "{{ inventory_hostname }}.key"
- - cacerts.jks
- - "{{ca_cn}}.crt"
- - "{{soctools_users[0].CN}}.p12"
+- include: start.yml
tags:
- - start
-
-- name: Get openid authkey
- set_fact:
- kibanasecret: "{{lookup('file', 'files/kibanasecret',convert_data=False) | from_json }}"
- tags:
- - start
-
-#- name: Configure sysconfig
-# template:
-# src: sysconfig_elasticsearch.j2
-# dest: sysconfig_elasticsearch
-# tags:
-# - start
-#
-#- name: Copy sysconfig to /etc
-# command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
-# tags:
-# - start
-
-# lineinfile:
-# path: /etc/sysconfig/elasticsearch
-# regexp: '^ES_PATH_CONF='
-# line: ES_PATH_CONF=/usr/share/elasticsearch/config
-# tags:
-# - start
-- name: Configure odfe kibana properties
- template:
- src: "{{item}}.j2"
- dest: "config/{{item}}"
- with_items:
- - kibana.yml
+ - start
+- include: stop.yml
tags:
- - start
-
-- name: Configure odfe kibana start script
- template:
- src: "{{item}}.j2"
- dest: "{{item}}"
- mode: 0750
- with_items:
- - startkibana.sh
- tags:
- - start
-
-#- name: Exit here to test ODFE
-# meta: end_play
-# tags:
-# - start
-
-
-- name: Generate configuration for thehive_button plugin
- template:
- src: files/env.js.j2
- dest: "/usr/share/kibana/plugins/thehive_button/public/env.js"
- owner: kibana
- group: kibana
- tags:
- - start
-
-
-- name: Start OpenDistro Kibana for Elasticsearch
- command: /usr/share/kibana/startkibana.sh
- #shell: exec /usr/share/kibana/bin/kibana -c config/kibana.yml &
- #shell: "nohup /usr/share/kibana/bin/kibana -c config/kibana.yml &"
+ - stop
+ - stop-odfekibana
+- include: update-config.yml
tags:
- - start
-
-- name: Wait for Kibana
- wait_for:
- host: "{{groups['odfekibanacontainers'][0]}}"
- port: 5601
- state: started
- delay: 5
- tags:
- - start
-
-- name: Check Kibana health
- shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{dslproxy}}:5601/api/status" \
- | egrep status....overall....state...green'
- register: result
- until: result.rc == 0
- retries: 90
- delay: 2
- ignore_errors: yes
- tags:
- - start
-
-- name: Copy tenant.json to container
- remote_user: kibana
- copy:
- src: "files/tenant.json"
- dest: /tmp/tenant.json
- tags:
- - start
-
-- name: change tenant to global
- shell: 'curl -X "POST" "https://{{dslproxy}}:5601/api/v1/multitenancy/tenant" \
- -b /tmp/cookie.txt -c /tmp/cookie.txt \
- -k --user admin:{{ odfees_adminpass }} \
- -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
- -d @/tmp/tenant.json'
- tags:
- - start
-
-- name: Copy kibana_graphs.ndjson to container
- remote_user: kibana
- copy:
- src: "files/kibana_graphs.ndjson"
- dest: /tmp/kibana_graphs.ndjson
- tags:
- - start
-
-- name: Import graphs to kibana
- shell: 'curl -X "POST" "https://{{dslproxy}}:5601/api/saved_objects/_import?overwrite=true" \
- -b /tmp/cookie.txt -c /tmp/cookie.txt \
- -k --user admin:{{ odfees_adminpass }} \
- -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \
- -F "file=@/tmp/kibana_graphs.ndjson"'
- tags:
- - start
-
-#- name: cleanup temporary files for kibana_graph import
-# shell: '/bin/rm -rf /tmp/cookie.txt /tmp/kibana_graphs.ndjson /tmp/tenant.json'
-# ignore_errors: true
-# tags:
-# - start
-
-#- name: check reachable hosts
-# gather_facts: no
-# tasks:
-# - command: ping -c1 {{ inventory_hostname }}
-# delegate_to: localhost
-# register: ping_result
-# ignore_errors: yes
-# - group_by: key=reachable
-# when: ping_result|success
-
-#- name: Stop OpenDistro Kibana for Elasticsearch
-# command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
-# tags:
-# - stop
-
-- name: Stop OpenDistro Kibana for Elasticsearch
- command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
+ - update-config
+ - update-odfekibana-config
+- include: restart.yml
tags:
- - stop
+ - restart
+ - restart-odfekibana
diff --git a/roles/odfekibana/tasks/restart.yml b/roles/odfekibana/tasks/restart.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7ef339035ddb769ec70ffad981b8a36959f735e1
--- /dev/null
+++ b/roles/odfekibana/tasks/restart.yml
@@ -0,0 +1,32 @@
+---
+
+- name: Restart Kibana
+ remote_user: root
+ shell: "supervisorctl restart kibana"
+
+- name: Wait for Kibana
+ remote_user: kibana
+ wait_for:
+ host: "{{groups['odfekibanacontainers'][0]}}"
+ port: 5601
+ state: started
+ delay: 5
+
+- name: Check Kibana health
+ remote_user: kibana
+ shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \
+ | egrep status....overall....state...green'
+ register: result
+ until: result.rc == 0
+ retries: 90
+ delay: 2
+ ignore_errors: yes
+
+- name: Import graphs to kibana
+ remote_user: kibana
+ shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \
+ -b /tmp/cookie.txt -c /tmp/cookie.txt \
+ -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
+ -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \
+ -F "file=@/tmp/kibana_graphs.ndjson"'
+
diff --git a/roles/odfekibana/tasks/start.yml b/roles/odfekibana/tasks/start.yml
new file mode 100644
index 0000000000000000000000000000000000000000..186a6a6c8effc0664dba8b6f72090aa932a7681a
--- /dev/null
+++ b/roles/odfekibana/tasks/start.yml
@@ -0,0 +1,166 @@
+---
+
+#- name: Create config directory
+# file:
+# name: config
+# state: directory
+# mode: 0700
+
+- name: Copy cacert to ca-trust dir
+ remote_user: root
+ copy:
+ src: "{{playbook_dir}}/secrets/CA/ca.crt"
+ dest: /etc/pki/ca-trust/source/anchors/ca.crt
+
+- name: Install cacert to root truststore
+ remote_user: root
+ command: "update-ca-trust"
+
+- name: Copy certificates in odfe kibana conf dir
+ remote_user: kibana
+ copy:
+ src: "{{ item }}"
+ dest: "config/"
+ mode: 0600
+ with_items:
+ - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12"
+ - "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt"
+ - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key"
+ - "{{playbook_dir}}/secrets/CA/cacerts.jks"
+ - "{{playbook_dir}}/secrets/CA/ca.crt"
+ - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12"
+
+- name: Get openid authkey
+ remote_user: kibana
+ set_fact:
+ kibanasecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/kibanasecret',convert_data=False) | from_json }}"
+
+#- name: Configure sysconfig
+# template:
+# src: sysconfig_elasticsearch.j2
+# dest: sysconfig_elasticsearch
+#
+#- name: Copy sysconfig to /etc
+# command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
+
+# lineinfile:
+# path: /etc/sysconfig/elasticsearch
+# regexp: '^ES_PATH_CONF='
+# line: ES_PATH_CONF=/usr/share/elasticsearch/config
+
+- name: Configure odfe kibana properties
+ remote_user: kibana
+ template:
+ src: "{{item}}.j2"
+ dest: "config/{{item}}"
+ with_items:
+ - kibana.yml
+
+- name: Configure odfe kibana start script
+ remote_user: kibana
+ template:
+ src: "{{item}}.j2"
+ dest: "{{item}}"
+ mode: 0750
+ with_items:
+ - startkibana.sh
+
+#- name: Exit here to test ODFE
+# meta: end_play
+
+
+- name: Generate configuration for thehive_button plugin
+ remote_user: kibana
+ template:
+ src: files/env.js.j2
+ dest: "/usr/share/kibana/plugins/thehive_button/public/env.js"
+ owner: kibana
+ group: kibana
+
+
+- name: Start Kibana
+ remote_user: root
+ shell: "supervisorctl start kibana"
+
+- name: Wait for Kibana
+ remote_user: kibana
+ wait_for:
+ host: "{{groups['odfekibanacontainers'][0]}}"
+ port: 5601
+ state: started
+ delay: 5
+
+- name: Check Kibana health
+ remote_user: kibana
+ shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \
+ | egrep status....overall....state...green'
+ register: result
+ until: result.rc == 0
+ retries: 90
+ delay: 2
+ ignore_errors: yes
+
+#- name: Copy tenant.json to container
+# remote_user: kibana
+# copy:
+# src: "files/tenant.json"
+# dest: /tmp/tenant.json
+#
+#- name: change tenant to global
+# shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/multitenancy/tenant" \
+# -b /tmp/cookie.txt -c /tmp/cookie.txt \
+# -k --user admin:{{ odfees_adminpass }} \
+# -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
+# -d @/tmp/tenant.json'
+
+- name: Copy kibana_graphs.ndjson to container
+ remote_user: kibana
+ copy:
+ src: "files/kibana_graphs.ndjson"
+ dest: /tmp/kibana_graphs.ndjson
+
+- name: Import graphs to kibana
+ remote_user: kibana
+ shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \
+ -b /tmp/cookie.txt -c /tmp/cookie.txt \
+ -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
+ -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \
+ -F "file=@/tmp/kibana_graphs.ndjson"'
+
+- name: Copy role modification json to container
+ remote_user: kibana
+ template:
+ src: "role.json.j2"
+ dest: /tmp/role.json
+
+- name: Grant admin permissions to users
+ remote_user: kibana
+ shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \
+ -b /tmp/cookie.txt -c /tmp/cookie.txt \
+ -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
+ -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
+ -d @/tmp/role.json'
+
+#- name: cleanup temporary files for kibana_graph import
+# shell: '/bin/rm -rf /tmp/cookie.txt /tmp/kibana_graphs.ndjson /tmp/tenant.json'
+# ignore_errors: true
+
+#- name: check reachable hosts
+# gather_facts: no
+# tasks:
+# - command: ping -c1 {{ inventory_hostname }}
+# delegate_to: localhost
+# register: ping_result
+# ignore_errors: yes
+# - group_by: key=reachable
+# when: ping_result|success
+
+#- name: Stop OpenDistro Kibana for Elasticsearch
+# command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
+
+- name: Set Autostart for supervisord's services
+ replace:
+ path: /etc/supervisord.conf
+ regexp: '^autostart=false$'
+ replace: 'autostart=true'
+
diff --git a/roles/odfekibana/tasks/stop.yml b/roles/odfekibana/tasks/stop.yml
new file mode 100644
index 0000000000000000000000000000000000000000..2ab354a31339c1ee47c5d287277b9e25c6afa377
--- /dev/null
+++ b/roles/odfekibana/tasks/stop.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Stop OpenDistro Kibana for Elasticsearch
+ remote_user: root
+ command: "supervisorctl stop kibana"
diff --git a/roles/odfekibana/tasks/update-config.yml b/roles/odfekibana/tasks/update-config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..779d95f971090d8575e3216bc1aa1179bee5eaae
--- /dev/null
+++ b/roles/odfekibana/tasks/update-config.yml
@@ -0,0 +1,34 @@
+---
+
+- name: Configure odfe kibana properties
+ remote_user: kibana
+ template:
+ src: "{{item}}.j2"
+ dest: "config/{{item}}"
+ with_items:
+ - kibana.yml
+
+- name: Configure odfe kibana start script
+ remote_user: kibana
+ template:
+ src: "{{item}}.j2"
+ dest: "{{item}}"
+ mode: 0750
+ with_items:
+ - startkibana.sh
+
+- name: Generate configuration for thehive_button plugin
+ remote_user: kibana
+ template:
+ src: files/env.js.j2
+ dest: "/usr/share/kibana/plugins/thehive_button/public/env.js"
+ owner: kibana
+ group: kibana
+
+
+- name: Copy kibana_graphs.ndjson to container
+ remote_user: kibana
+ copy:
+ src: "files/kibana_graphs.ndjson"
+ dest: /tmp/kibana_graphs.ndjson
+
diff --git a/roles/odfekibana/templates/kibana.yml.j2 b/roles/odfekibana/templates/kibana.yml.j2
index 0d670073c5d8f8515075abcea316f02d4863df25..e676b3735c0f2f9ee59a2c7b3e19c020e04faa1b 100644
--- a/roles/odfekibana/templates/kibana.yml.j2
+++ b/roles/odfekibana/templates/kibana.yml.j2
@@ -29,8 +29,8 @@ elasticsearch.username: kibanaserver
elasticsearch.password: kibanaserver
elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
-opendistro_security.multitenancy.enabled: true
-opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
+opendistro_security.multitenancy.enabled: false
+#opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
opendistro_security.readonly_mode.roles: ["kibana_read_only"]
#new in 7.6
@@ -39,20 +39,20 @@ opendistro_security.readonly_mode.roles: ["kibana_read_only"]
#telemetry.enabled: false
opendistro_security.auth.type: "openid"
-opendistro_security.openid.connect_url: "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration"
-opendistro_security.openid.client_id: "dsoclab-kibana"
+opendistro_security.openid.connect_url: "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration"
+opendistro_security.openid.client_id: "soctools-kibana"
opendistro_security.openid.client_secret: "{{kibanasecret.value}}"
-opendistro_security.openid.root_ca: "/usr/share/kibana/config/{{ca_cn}}.crt"
-opendistro_security.openid.base_redirect_url: "https://{{dslproxy}}:5601"
+opendistro_security.openid.root_ca: "/usr/share/kibana/config/ca.crt"
+opendistro_security.openid.base_redirect_url: "https://{{soctoolsproxy}}:5601"
opendistro_security.cookie.secure: true
-opendistro_security.cookie.password: "{{odfekibana_cookie}}"
+opendistro_security.cookie.password: {{lookup("password", "{{playbook_dir}}/secrets/passwords/kibana_cookiepassword length=32")}}
server.ssl.enabled: true
server.ssl.key: /usr/share/kibana/config/{{inventory_hostname}}.key
server.ssl.certificate: /usr/share/kibana/config/{{inventory_hostname}}.crt
#server.ssl.keystore.path: /usr/share/kibana/config/{{inventory_hostname}}.p12
-#server.ssl.keystore.password: {{kspass}}
+#server.ssl.keystore.password: {{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}
#server.ssl.certificateAuthorities:
#server.ssl.truststore.path: jks (p12?)
#server.ssl.truststore.password:
diff --git a/roles/odfekibana/templates/role.json.j2 b/roles/odfekibana/templates/role.json.j2
new file mode 100644
index 0000000000000000000000000000000000000000..9d67a52fb225237029d74bcaa8b381857a3f1eb2
--- /dev/null
+++ b/roles/odfekibana/templates/role.json.j2
@@ -0,0 +1,15 @@
+{
+ "backend_roles":[
+ "admin"
+ ],
+ "hosts":[
+
+ ],
+ "users":[
+{% for user in ODFE_ADMIN_USERS %}
+ "{{ user }}",
+{% endfor %}
+ "admin"
+ ],
+ "description":"Maps admin to all_access"
+}
diff --git a/roles/soctools-server/tasks/main.yml b/roles/soctools-server/tasks/main.yml
index 55adbbdb04ed879233a41f8b11d6219358147a17..98902dce701cf0b9f7b6d57c6b3fd5df601a85e9 100644
--- a/roles/soctools-server/tasks/main.yml
+++ b/roles/soctools-server/tasks/main.yml
@@ -16,7 +16,7 @@
- name: Install required packages
yum:
- name: ["docker-ce","docker-ce-cli","containerd.io","python-pip"]
+ name: ["docker-ce","docker-ce-cli","containerd.io","python-pip","unzip"]
state: latest
validate_certs: no
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
diff --git a/roles/thehive/files/SOCTOOLS-CA.crt b/roles/thehive/files/SOCTOOLS-CA.crt
deleted file mode 100644
index 04b1f203d036d2219c23c4ea3630115d68510eb8..0000000000000000000000000000000000000000
--- a/roles/thehive/files/SOCTOOLS-CA.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
-BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
-FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
-UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
-Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
-M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
-c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
-tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
-ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
-8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
-EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
-JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
-z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
-XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
-CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
-nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
-GPiQTFGknE1U
------END CERTIFICATE-----
diff --git a/roles/thehive/files/cacerts.jks b/roles/thehive/files/cacerts.jks
deleted file mode 100644
index 9d4001b7d9a466941cda896b6bf145bf2f02020c..0000000000000000000000000000000000000000
Binary files a/roles/thehive/files/cacerts.jks and /dev/null differ
diff --git a/roles/thehive/files/dsoclab-thehive.crt b/roles/thehive/files/dsoclab-thehive.crt
deleted file mode 100644
index 0d474c2a1277de93ba6357ca841a7eac3b1cce44..0000000000000000000000000000000000000000
--- a/roles/thehive/files/dsoclab-thehive.crt
+++ /dev/null
@@ -1,88 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 61:09:5c:2c:8d:35:ee:29:1c:99:ce:ab:d4:2b:3c:a4
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=SOCTOOLS-CA
- Validity
- Not Before: Oct 30 10:47:29 2020 GMT
- Not After : Oct 15 10:47:29 2023 GMT
- Subject: CN=dsoclab-thehive
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ba:c5:4d:20:a4:60:b7:61:21:ed:16:a1:6f:72:
- c4:de:a1:00:c0:ef:fc:5d:a1:89:34:07:15:d2:b4:
- 3a:14:b8:95:75:8e:81:71:49:46:1d:c8:81:cb:f1:
- ec:c7:5a:12:f6:89:60:e4:c8:98:1a:61:c8:2d:12:
- 8f:73:ee:f8:9d:88:b5:7f:30:70:97:29:b4:ab:43:
- 2d:dc:db:a7:10:47:c7:b5:26:9b:11:85:fb:d3:27:
- 8f:3a:55:bc:ea:78:17:b8:89:10:a3:a4:10:60:39:
- c3:7f:42:25:a9:fe:84:7f:38:5e:f4:3d:c3:98:3d:
- 56:b9:ba:81:06:55:8d:65:12:f0:4e:23:88:1d:98:
- 0c:2f:6e:4f:67:fd:4e:67:39:91:b9:01:52:12:aa:
- 9e:bb:7a:c8:ea:8f:4a:2d:18:f8:69:9a:3a:a0:c8:
- 6e:e3:de:c6:db:be:4c:59:e0:cf:bc:34:4f:2c:b0:
- ef:3e:82:5a:df:68:be:b8:fb:cc:5f:6a:f2:3e:66:
- d4:c6:c5:f6:0b:67:e9:64:85:15:87:60:6f:dc:b4:
- 5b:13:6f:b0:9b:f8:f3:da:c1:91:9e:81:5f:16:ca:
- 9e:14:01:c1:1c:ce:2a:d3:c8:3c:0f:be:b1:37:aa:
- c9:08:68:2b:de:f9:44:6c:1e:90:a4:12:bc:f5:3c:
- 46:bd
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 5B:08:8E:F2:1B:8F:12:03:BA:31:02:9C:CE:CC:BC:9F:FC:19:D1:E1
- X509v3 Authority Key Identifier:
- keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
- DirName:/CN=SOCTOOLS-CA
- serial:8A:74:93:26:80:5B:42:B7
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:dsoclab-thehive, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
- Signature Algorithm: sha256WithRSAEncryption
- 7f:b2:fa:33:d6:e3:6c:57:8a:4a:9a:ef:8b:81:2b:df:f3:d6:
- fb:8c:bc:02:cf:71:54:a0:f2:0d:ae:3b:30:cf:5c:69:d7:d0:
- aa:cc:16:80:4d:9d:c8:1f:a7:98:9d:26:dc:ae:8e:24:2b:bc:
- c1:11:a6:8d:4f:ca:13:1f:7f:8f:4c:ef:dd:46:df:d6:97:0a:
- 88:51:4e:f7:46:aa:3d:e3:70:e9:19:e8:9f:7e:22:fa:b6:38:
- 30:00:0a:94:38:09:bf:b8:64:6c:c1:b7:05:6d:4f:f3:27:0c:
- df:04:ef:a1:4e:e8:2d:4c:06:d0:c0:4f:4f:da:d0:6d:b8:f2:
- b3:79:18:63:bd:62:83:53:55:38:94:d9:64:ca:e7:4d:71:ce:
- d1:05:6d:b1:6c:fb:1a:4c:b6:ef:70:2b:3d:9b:1d:66:d8:d9:
- 9f:f0:e5:48:29:50:e8:1b:1a:fb:b4:d2:5e:38:ec:05:45:c2:
- e7:de:9a:9d:aa:34:67:c5:66:18:e3:86:8b:0c:1a:c4:21:20:
- 7e:b7:ad:e2:0b:d0:0d:d4:76:e6:53:ca:77:bc:ce:d0:9b:7b:
- 7c:fd:42:94:da:63:d8:a7:52:d2:45:f2:d5:55:ef:37:f1:a5:
- 0e:ba:29:c9:b4:ce:99:45:04:21:2b:86:27:bb:c1:f2:86:9a:
- 7c:51:5c:3b
------BEGIN CERTIFICATE-----
-MIIDmDCCAoCgAwIBAgIQYQlcLI017ikcmc6r1Cs8pDANBgkqhkiG9w0BAQsFADAW
-MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
-MDQ3MjlaMBoxGDAWBgNVBAMMD2Rzb2NsYWItdGhlaGl2ZTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBALrFTSCkYLdhIe0WoW9yxN6hAMDv/F2hiTQHFdK0
-OhS4lXWOgXFJRh3Igcvx7MdaEvaJYOTImBphyC0Sj3Pu+J2ItX8wcJcptKtDLdzb
-pxBHx7UmmxGF+9MnjzpVvOp4F7iJEKOkEGA5w39CJan+hH84XvQ9w5g9Vrm6gQZV
-jWUS8E4jiB2YDC9uT2f9Tmc5kbkBUhKqnrt6yOqPSi0Y+GmaOqDIbuPextu+TFng
-z7w0Tyyw7z6CWt9ovrj7zF9q8j5m1MbF9gtn6WSFFYdgb9y0WxNvsJv489rBkZ6B
-XxbKnhQBwRzOKtPIPA++sTeqyQhoK975RGwekKQSvPU8Rr0CAwEAAaOB3TCB2jAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBRbCI7yG48SA7oxApzOzLyf/BnR4TBGBgNVHSME
-PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
-TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-CwYDVR0PBAQDAgWgMDoGA1UdEQQzMDGCD2Rzb2NsYWItdGhlaGl2ZYIeZHNvY2xh
-Yi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQB/svoz
-1uNsV4pKmu+LgSvf89b7jLwCz3FUoPINrjswz1xp19CqzBaATZ3IH6eYnSbcro4k
-K7zBEaaNT8oTH3+PTO/dRt/WlwqIUU73Rqo943DpGeiffiL6tjgwAAqUOAm/uGRs
-wbcFbU/zJwzfBO+hTugtTAbQwE9P2tBtuPKzeRhjvWKDU1U4lNlkyudNcc7RBW2x
-bPsaTLbvcCs9mx1m2Nmf8OVIKVDoGxr7tNJeOOwFRcLn3pqdqjRnxWYY44aLDBrE
-ISB+t63iC9AN1HbmU8p3vM7Qm3t8/UKU2mPYp1LSRfLVVe838aUOuinJtM6ZRQQh
-K4Ynu8Hyhpp8UVw7
------END CERTIFICATE-----
diff --git a/roles/thehive/files/dsoclab-thehive.key b/roles/thehive/files/dsoclab-thehive.key
deleted file mode 100644
index 6d4d8bb01b413adbe679481a68241bfe71a1c9dc..0000000000000000000000000000000000000000
--- a/roles/thehive/files/dsoclab-thehive.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6xU0gpGC3YSHt
-FqFvcsTeoQDA7/xdoYk0BxXStDoUuJV1joFxSUYdyIHL8ezHWhL2iWDkyJgaYcgt
-Eo9z7vidiLV/MHCXKbSrQy3c26cQR8e1JpsRhfvTJ486VbzqeBe4iRCjpBBgOcN/
-QiWp/oR/OF70PcOYPVa5uoEGVY1lEvBOI4gdmAwvbk9n/U5nOZG5AVISqp67esjq
-j0otGPhpmjqgyG7j3sbbvkxZ4M+8NE8ssO8+glrfaL64+8xfavI+ZtTGxfYLZ+lk
-hRWHYG/ctFsTb7Cb+PPawZGegV8Wyp4UAcEczirTyDwPvrE3qskIaCve+URsHpCk
-Erz1PEa9AgMBAAECggEARJH9cBeJfqoFp6LgYCd1yfq4aR1yvPl6gwR66aHLlSHz
-lXZdZbcuK+8aYEMQ2FvkjGkBjt1qonz13j5rNngtBMFVST4CiC0CrMH8S5LFMj/4
-PTTQR822F971QciKlFbE9rYzyrCIZpuuf8FMTK4p/P84NVmbvv/+IDAuAKJWSB3b
-TXVeYzqET/cENXrNZNsTMHVoPAudtsHXXa5w3yXJXhTlRQrjMtMHgV+H1O2iOvi5
-IAJUm2HVmGON9aqQKZlzYvx9txSBRczEwQK+fLPoXGEG/KhskiBPMU0y9a60SV5F
-Oi94zzBCOSf/k+C4+EhkvfSq727ZFs60zGcoEW7rzQKBgQD08umyOtqJEB6dk5hg
-RA1mc3qx332Li0Ep9ciPD0oOyt9H/pQBMYHlV4Vf26dmjxg7XMPqB38topjbnVcY
-r1QigQ8tnHXktcO1tUpx6MhTkN4sBH9dvZE4TdBiarlcThgnuCfZUhjyfyr715tR
-BIC8TA9bd/6oUaf/zd0S4aGcEwKBgQDDMnKe7PoDlHtjxaiDs8VLRRgNKocT/jaD
-SZ5j5a1e+fvIK+lqpW7pXT/AlBVvxC6ke2Zb1csgndgF0p45ZO9WsB5fV3x8AREM
-zIvrqpH4hdRBEF7o1syVDMXmTQLsPOLzj6B2UC5mpqoo2GkI9yyXpJhNR0kqzkDy
-Pclu3xZL7wKBgQCZsFAxI/w6Q4LyG8lfnVNLFOnG8RM0mwsn6K8OE+nDnka6RWFX
-3lhCLcfhfVBraR0rIelKzaleWMbQBMjBFEEV5SRA2gqele1V9YngLs6CoELGG4xO
-pMKZMTmuhogHAnjlcwaNtJUykdfGbGFnVAvyGUcJfSCrO5DNT72GO0vLQQKBgQCF
-WyPf2/r7Eygxg8qbH+h8ghnqdNGQIS9RBqzFhxapOpR/rzBrAdcCbAiwIvt6Pke3
-a+8Ecs2x3OTHJZufjovNZ8l4TaboeToSynQVb5UGezgFs4+D96wRcIaLzrVefEJ5
-L/jqm+D3lInQGfm4fFXkzDiZI0ijjAHm/btumc771QKBgBTu4KvY6rzgmHbymux1
-+tr+xl3/Nb29XQJHpZV+hgFGg1+aWaR9c0WXz9mKovBanEUHJb5khqFQDFZuWMNG
-tNQ1JbwTXwxmAfVJbLYbSHnuePkh+qtpmTVa3H5NdRBI/062/Km6Rxcf5JljB8/J
-k+SqVxdKSTfaWxGqyyAZgVis
------END PRIVATE KEY-----
diff --git a/roles/thehive/files/logback.xml b/roles/thehive/files/logback.xml
deleted file mode 100644
index d7f5263595b7f2b0e8b007dec1877d41d6de1c73..0000000000000000000000000000000000000000
--- a/roles/thehive/files/logback.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration debug="true">
-
- <conversionRule conversionWord="coloredLevel"
- converterClass="play.api.libs.logback.ColoredLevel"/>
-
- <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/thehive/application.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>/var/log/logs/application.%i.log.zip</fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>10</maxIndex>
- </rollingPolicy>
- <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>%date [%level] from %logger in %thread [%X{request}|%X{tx}] %message%n%xException</pattern>
- </encoder>
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>%coloredLevel %logger{15} [%X{request}|%X{tx}] %message%n%xException{10}
- </pattern>
- </encoder>
- </appender>
-
- <appender name="ASYNCFILE" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="FILE"/>
- </appender>
-
- <appender name="ASYNCSTDOUT" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT"/>
- </appender>
-
- <logger name="org.thp" level="INFO"/>
-
- <root level="DEBUG">
- <appender-ref ref="ASYNCFILE"/>
- <appender-ref ref="ASYNCSTDOUT"/>
- </root>
-
-</configuration>
-
diff --git a/roles/thehive/files/thehivesecret b/roles/thehive/files/thehivesecret
deleted file mode 100644
index f00a8d57edd365f329d95494e2242fe9d7432dbe..0000000000000000000000000000000000000000
--- a/roles/thehive/files/thehivesecret
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "value" : "b832e3a9-0080-4f07-bc3d-6bbc67bce741"
-}
\ No newline at end of file
diff --git a/roles/thehive/tasks/createusers.yml b/roles/thehive/tasks/createusers.yml
deleted file mode 100644
index b0fbcdd9ba24fb12fba0bed5dc16b50584f0fd4c..0000000000000000000000000000000000000000
--- a/roles/thehive/tasks/createusers.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-# - name: create organisation
-# uri:
-# url: "https://{{dslproxy}}:9000/api/organisation"
-# method: POST
-# headers:
-# Authorization: "Bearer {{ THEHIVE_API_KEY }}"
-# body_format: form-urlencoded
-# body:
-# name: "{{ organisation }}"
-# description: "test"
-# status_code: 201
-# tags:
-# - create_org
-- name: generate json files for creating users
- remote_user: root
- template:
- src: users.json
- dest: /tmp/{{ item.username }}.json
- with_items:
- - "{{ THEHIVE_USERS }}"
-- name: create users
- remote_user: root
- shell: "curl -k -H 'Authorization: Bearer {{ THEHIVE_API_KEY }}' -H 'Content-Type: application/json' https://{{ dslproxy }}:9000/api/user -d @/tmp/{{ item.username}}.json"
- args:
- warn: false
- with_items:
- - "{{ THEHIVE_USERS }}"
diff --git a/roles/thehive/tasks/main.yml b/roles/thehive/tasks/main.yml
index 0e560e7122b33b36a8ab31e0b0c6f6c46570153f..a0f7edf3191254869b03c63056db742bacb7b71e 100644
--- a/roles/thehive/tasks/main.yml
+++ b/roles/thehive/tasks/main.yml
@@ -1,87 +1,18 @@
---
-- name: Copy cacert to ca-trust dir
- remote_user: root
- copy:
- src: "files/{{ca_cn}}.crt"
- dest: /etc/pki/ca-trust/source/anchors/ca.crt
+- include: start.yml
tags:
- - start
-
-- name: Install cacert to root truststore
- remote_user: root
- command: "update-ca-trust"
- tags:
- - start
-
-- name: Copy certificates in thehive conf dir
- copy:
- src: "{{ item }}"
- dest: "/etc/thehive/{{ item }}"
- mode: 0600
- with_items:
- - "{{ inventory_hostname }}.crt"
- - "{{ inventory_hostname }}.key"
- - cacerts.jks
- - "{{ca_cn}}.crt"
- tags:
- - start
-
-- name: Get openid authkey
- set_fact:
- thehivesecret: "{{lookup('file', 'files/thehivesecret',convert_data=False) | from_json }}"
+ - start
+- include: stop.yml
tags:
- - start
-
-
-- name: Configure TheHive
- template:
- src: application.conf.j2
- dest: /etc/thehive/application.conf
- tags:
- - start
-
-- name: Configure TheHive logging
- copy:
- src: logback.xml
- dest: /etc/thehive/logback.xml
+ - stop
+ - stop-thehive
+- include: update-config.yml
tags:
- - start
-
-
-- name: Start TheHive
- command: >
- daemonize
- -c /opt/thehive
- -p /tmp/thehive.pid
- -o /tmp/thehive-stdout.log
- /opt/thehive/bin/thehive
- -Dconfig.file=/etc/thehive/application.conf
- -Dlogger.file=/etc/thehive/logback.xml
- -J-Xms1g
- -J-Xmx1g
- -Dpidfile.path=/dev/null
- tags:
- - start
-
-- name: Wait for TheHive
- wait_for:
- host: "{{groups['thehive'][0]}}"
- port: 9000
- state: started
- delay: 5
- tags:
- - start
-
-- name: Create TheHive users
- include: createusers.yml
- tags:
- - createusers
- - start
-
-- name: Stop TheHive
- command: "pkill -SIGTERM -F /tmp/thehive.pid"
+ - update-config
+ - update-thehive-config
+- include: restart.yml
tags:
- - stop
- - stopthehive
+ - restart
+ - restart-thehive
diff --git a/roles/thehive/tasks/restart.yml b/roles/thehive/tasks/restart.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f3b364456e14669dfcbfa61f9ce9a5ff7646c30c
--- /dev/null
+++ b/roles/thehive/tasks/restart.yml
@@ -0,0 +1,13 @@
+---
+
+- name: Restart TheHive
+ remote_user: root
+ command: "supervisorctl restart thehive"
+
+- name: Wait for TheHive
+ remote_user: root
+ wait_for:
+ host: "{{groups['thehive'][0]}}"
+ port: 9000
+ state: started
+ delay: 5
diff --git a/roles/thehive/tasks/start.yml b/roles/thehive/tasks/start.yml
new file mode 100644
index 0000000000000000000000000000000000000000..33a136bffda2f69156da07a3a97c4bcb9addecfb
--- /dev/null
+++ b/roles/thehive/tasks/start.yml
@@ -0,0 +1,26 @@
+---
+
+- name: Configure TheHive
+ remote_user: thehive
+ template:
+ src: application.conf.j2
+ dest: /etc/thehive/application.conf
+
+- name: Start TheHive
+ remote_user: root
+ command: "supervisorctl start thehive"
+
+- name: Wait for TheHive
+ remote_user: root
+ wait_for:
+ host: "{{groups['thehive'][0]}}"
+ port: 9000
+ state: started
+ delay: 5
+
+- name: Set Autostart for supervisord's services
+ replace:
+ path: /etc/supervisord.conf
+ regexp: '^autostart=false$'
+ replace: 'autostart=true'
+
diff --git a/roles/thehive/tasks/stop.yml b/roles/thehive/tasks/stop.yml
new file mode 100644
index 0000000000000000000000000000000000000000..87d605a59f69355208b4fe84b707d6b94c478c0c
--- /dev/null
+++ b/roles/thehive/tasks/stop.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Stop TheHive
+ remote_user: root
+ command: "supervisorctl stop thehive"
diff --git a/roles/thehive/tasks/update-config.yml b/roles/thehive/tasks/update-config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7b02823bbe7e65d60fc9352e732800cb4622b365
--- /dev/null
+++ b/roles/thehive/tasks/update-config.yml
@@ -0,0 +1,7 @@
+---
+
+- name: Configure TheHive
+ remote_user: thehive
+ template:
+ src: application.conf.j2
+ dest: /etc/thehive/application.conf
diff --git a/roles/thehive/templates/application.conf.j2 b/roles/thehive/templates/application.conf.j2
index a92e4f71ca871305611695aa04367054738881d0..d25e059818a773a6a4a48fb34196cc641f79e718 100644
--- a/roles/thehive/templates/application.conf.j2
+++ b/roles/thehive/templates/application.conf.j2
@@ -5,7 +5,7 @@
## Include Play secret key
# More information on secret key at https://www.playframework.com/documentation/2.8.x/ApplicationSecret
#include "/etc/thehive/secret.conf"
-play.http.secret.key="{{thehive_secret_key}}"
+play.http.secret.key="{{lookup('password', '{{playbook_dir}}/secrets/passwords/thehive_secret_key')}}"
## Database configuration
db.janusgraph {
@@ -13,7 +13,7 @@ db.janusgraph {
## Cassandra configuration
# More information at https://docs.janusgraph.org/basics/configuration-reference/#storagecql
backend: cql
- hostname: ["{{groups['cassandra'][0]}}.{{soctools_netname}}:9042"]
+ hostname: ["{{groups['cassandra'][0]}}.{{soctools_netname}}"]
# Cassandra authentication (if configured)
// username: "thehive"
// password: "password"
@@ -47,61 +47,17 @@ storage {
## Authentication configuration
# More information at https://github.com/TheHive-Project/TheHiveDocs/TheHive4/Administration/Authentication.md
-auth {
- providers: [
+//auth {
+// providers: [
// {name: session} # required !
// {name: basic, realm: thehive}
// {name: local}
// {name: key}
- {name: session} # required !
- {name: basic, realm: thehive}
- {name: local}
- {name: key}
- {
- name: oauth2
- clientId: "dsoclab-thehive"
- clientSecret: {{thehivesecret.value}}
- redirectUri: "https://{{dslproxy}}:9000/api/ssoLogin"
- responseType: "code"
- grantType: "authorization_code"
- authorizationUrl: "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/auth"
- authorizationHeader: "Bearer"
- tokenUrl: "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/token"
- userUrl: "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/userinfo"
-// scope: ["openid", "email"]
- scope: ["openid"]
- userIdField: "email"
-// userIdField: "name"
- }
- ]
- sso {
- autocreate: true
- autoupdate: true
- autologin: true
- mapper: "simple"
-// attributes {
-// login: "login"
-// name: "name"
-// roles: "role"
-// }
- defaultRoles: ["read", "write", "admin"]
- defaultOrganization: "uninett.no"
-// defaultOrganization: "demo"
- }
- ws.ssl.trustManager {
- stores = [
- {
- type: "JKS" // JKS or PEM
- path: "cacerts.jks"
- password: "{{tspass}}"
- }
- ]
- }
+// ]
# The format of logins must be valid email address format. If the provided login doesn't contain `@` the following
# domain is automatically appended
- defaultUserDomain: "uninett.no"
-# defaultUserDomain: "thehive.local"
-}
+// defaultUserDomain: "thehive.local"
+//}
## CORTEX configuration
# More information at https://github.com/TheHive-Project/TheHiveDocs/TheHive4/Administration/Connectors.md
diff --git a/roles/thehive/templates/users.json b/roles/thehive/templates/users.json
deleted file mode 100644
index b16eed70fd8aaf68302b82150ce4101c8acfa430..0000000000000000000000000000000000000000
--- a/roles/thehive/templates/users.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "login": "{{ item.username }}",
- "name": "{{ item.name }} {{ item.surname }}",
- "roles": {{ item.roles }},
- "organisation": "{{ item.organization }}"
-}
diff --git a/roles/thehive/vars/users.yml b/roles/thehive/vars/users.yml
deleted file mode 100644
index 07433e6a1cc8b18ac3b239d1d0dfc48715d22a6e..0000000000000000000000000000000000000000
--- a/roles/thehive/vars/users.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-
-THEHIVE_API_KEY: "1gFdNhmUSxO3BRe1SBB5JYEvkW9UOo6s"
-THEHIVE_USERS:
- - kiril:
- username: "kiril"
- name: "Kiril"
- surname: "Kiroski"
- roles: '["read", "write", "admin"]'
- organization: "uninett.no"
- - temur:
- username: "temur"
- name: "Temur"
- surname: "Maisuradze"
- roles: '["read", "write", "admin"]'
- organization: "uninett.no"
diff --git a/soctools-inventory b/soctools-inventory
deleted file mode 100644
index cff0d648d769176bf1292cfcd88493c12ac03120..0000000000000000000000000000000000000000
--- a/soctools-inventory
+++ /dev/null
@@ -1,35 +0,0 @@
-[dsldev]
-localhost ansible_connection=local
-
-[nificontainers]
-dsoclab-nifi-1 ansible_connection=docker
-dsoclab-nifi-2 ansible_connection=docker
-dsoclab-nifi-3 ansible_connection=docker
-
-[odfeescontainers]
-dsoclab-odfe-1 ansible_connection=docker
-dsoclab-odfe-2 ansible_connection=docker
-
-[odfekibanacontainers]
-dsoclab-kibana ansible_connection=docker
-
-[keycloakcontainers]
-dsoclab-keycloak ansible_connection=docker
-
-[mysql]
-dsoclab-mysql ansible_connection=docker
-
-[mispcontainers]
-dsoclab-misp ansible_connection=docker
-
-[cassandra]
-dsoclab-cassandra ansible_connection=docker
-
-[thehive]
-dsoclab-thehive ansible_connection=docker
-
-[cortex]
-dsoclab-cortex ansible_connection=docker
-
-[haproxy]
-dsoclab-haproxy ansible_connection=docker
diff --git a/soctools.yml b/soctools.yml
index c25b56f32c95d5973e64ce70d6a1d7b4c3eae539..fb4a2196557009b772ebf937cc80fe2658d65001 100644
--- a/soctools.yml
+++ b/soctools.yml
@@ -2,9 +2,16 @@
- name: Start soctools cluster
import_playbook: startsoctools.yml
- when: "'start' in ansible_run_tags"
+ when: "'start' in ansible_run_tags or 'config' in ansible_run_tags"
- name: Stop soctools cluster
import_playbook: stopsoctools.yml
- when: "'stop' in ansible_run_tags"
+ when: "'stop' in ansible_run_tags or 'stop-thehive' in ansible_run_tags or 'stop-keycloak' in ansible_run_tags or 'stop-cortex' in ansible_run_tags or 'stop-haproxy' in ansible_run_tags or 'stop-cassandra' in ansible_run_tags or 'stop-filebeat' in ansible_run_tags or 'stop-misp' in ansible_run_tags or 'stop-mysql' in ansible_run_tags or 'stop-nifi' in ansible_run_tags or 'stop-odfees' in ansible_run_tags or 'stop-odfekibana' in ansible_run_tags"
+- name: Update soctools cluster configs
+ import_playbook: update-config-soctools.yml
+ when: "'update-config' in ansible_run_tags or 'update-keycloak-config' in ansible_run_tags or 'update-thehive-config' in ansible_run_tags or 'update-cortex-config' in ansible_run_tags or 'update-haproxy-config' in ansible_run_tags or 'update-cassandra-config' in ansible_run_tags or 'update-filebeat-config' in ansible_run_tags or 'update-misp-config' in ansible_run_tags or 'update-mysql-config' in ansible_run_tags or 'update-nifi-config' in ansible_run_tags or 'update-odfees-config' in ansible_run_tags or 'update-odfekibana-config' in ansible_run_tags"
+
+- name: restart soctools cluster servics
+ import_playbook: restart-soctools.yml
+ when: "'restart' in ansible_run_tags or 'restart-thehive' in ansible_run_tags or 'restart-keycloak' in ansible_run_tags or 'restart-cortex' in ansible_run_tags or 'restart-haproxy' in ansible_run_tags or 'restart-cassandra' in ansible_run_tags or 'restart-filebeat' in ansible_run_tags or 'restart-misp' in ansible_run_tags or 'restart-mysql' in ansible_run_tags or 'restart-nifi' in ansible_run_tags or 'restart-odfees' in ansible_run_tags or 'restart-odfekibana' in ansible_run_tags"
diff --git a/soctools_server.yml b/soctools_server.yml
index 23716c5a7e7d32fdc7bedd0faf775afb5c55bfbc..382d998567a630c58950d28fd43802eaf31089d9 100644
--- a/soctools_server.yml
+++ b/soctools_server.yml
@@ -1,5 +1,5 @@
---
-- hosts: dsldev
+- hosts: soctoolsmain
become: true
roles:
- soctools-server
diff --git a/startsoctools.yml b/startsoctools.yml
index f1154c340f91f5604fd36c1abd38f9cc718c58f0..c9c4c6bb95760d4da7a0a46706507bd4d5867174 100644
--- a/startsoctools.yml
+++ b/startsoctools.yml
@@ -1,7 +1,7 @@
---
- name: Start docker containers
- hosts: dsldev
+ hosts: soctoolsmain
roles:
- docker
@@ -25,6 +25,11 @@
roles:
- keycloak
+- name: Reconfigure and start MISP
+ hosts: mispcontainers
+ roles:
+ - misp
+
- name: Reconfigure and start NiFi
hosts: nificontainers
roles:
@@ -40,10 +45,10 @@
roles:
- odfekibana
-- name: Reconfigure and start MISP
- hosts: mispcontainers
+- name: Install and run filebeat
+ hosts: filebeat
roles:
- - misp
+ - filebeat
- name: Reconfigure and start TheHive
hosts: thehive
diff --git a/stopsoctools.yml b/stopsoctools.yml
index 045c3f06243bc3358245c8bbf219d68e9f89a9a5..5bd121746729120486802cfc5538a181235b1642 100644
--- a/stopsoctools.yml
+++ b/stopsoctools.yml
@@ -6,7 +6,7 @@
- nifi
- name: Stop all containers
- hosts: dsldev
+ hosts: soctoolsmain
roles:
- docker
diff --git a/update-config-soctools.yml b/update-config-soctools.yml
new file mode 100644
index 0000000000000000000000000000000000000000..138f664fee2eb1a9d882a7ebf0b8f9e390bb1e72
--- /dev/null
+++ b/update-config-soctools.yml
@@ -0,0 +1,52 @@
+---
+
+- name: Update Configs for haproxy
+ hosts: haproxy
+ roles:
+ - haproxy
+
+- name: Update Configs for mysql
+ hosts: mysql
+ roles:
+ - mysql
+
+- name: Update Configs for Cassandra
+ hosts: cassandra
+ roles:
+ - cassandra
+
+- name: Update Configs for Keycloak
+ hosts: keycloakcontainers
+ roles:
+ - keycloak
+
+- name: Update Configs for NiFi
+ hosts: nificontainers
+ roles:
+ - nifi
+
+- name: Update Configs for OpenDistro for Elasticsearch
+ hosts: odfeescontainers
+ roles:
+ - odfees
+
+- name: Update Configs for OpenDistro Kibana for Elasticsearch
+ hosts: odfekibanacontainers
+ roles:
+ - odfekibana
+
+- name: Update Configs for MISP
+ hosts: mispcontainers
+ roles:
+ - misp
+
+- name: Update Configs for TheHive
+ hosts: thehive
+ roles:
+ - thehive
+
+- name: Update Configs for Cortex
+ hosts: cortex
+ roles:
+ - cortex
+
diff --git a/utils/flow2template.py b/utils/flow2template.py
index 570a1ef23d0606d7ef2db44b7133d5a6ec9f43b2..b2018328c6ccf5d7c53bf75645c3f44122cc4ba2 100755
--- a/utils/flow2template.py
+++ b/utils/flow2template.py
@@ -13,17 +13,20 @@ et = xml.etree.ElementTree.parse(f)
for v in et.findall(".//variable"):
a=v.attrib
if a['name']=="misp_token":
- a['value']="{{ misp_token }}"
+ a['value']="{{lookup('file','{{playbook_dir}}/secrets/tokens/misp')}}"
elif a['name']=="misp_url":
a['value']="{{ misp_url }}"
elif a['name']=="maxmind_key":
a['value']="{{ maxmind_key }}"
elif a['name']=="elastic_url":
- a['value']="https://{{ dslproxy }}:9200"
+ a['value']="https://{{ soctoolsproxy }}:9200"
elif a['name']=="elastic_username":
a['value']="{{ elastic_username }}"
elif a['name']=="elastic_password":
- a['value']="{{ odfees_adminpass }}"
+ a['value']="{{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}"
+
+for v in et.findall(".//controllerService[name='Soctools CA']/property[name='Truststore Password']/value"):
+ v.text="{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
et.write(args.templatefile)