diff --git a/HOWTOS.md b/HOWTOS.md
deleted file mode 100644
index ae4e2da7b96e93025bcb526dc317b2e7ff918896..0000000000000000000000000000000000000000
--- a/HOWTOS.md
+++ /dev/null
@@ -1,73 +0,0 @@
-Howto's
-=======
-
-Modify main NiFi pipeline
--------------------------
-
-To make modifications to the main NiFi pipeline and add it to the Ansible playbook, do the following in the soctool directory:
-
-* Make necesarry to the pipeline in the NiFi GUI
-* Copy flow.xml.gz file from one of the NiFi containers:
- `docker cp soctools-nifi-1:/opt/nifi/nifi-current/conf/flow.xml.gz .`
-* Convert flowx.xml.gz to new template
- `utils/flow2template.py flow.xml.gz roles/nifi/templates/flow.xml.j2`
-
-
-Update configuration files in docker containers using Ansible
--------------------------------------------------------------
-To update configuration files for all docker containers together, run the following command:
- ansible-playbook -i inventories soctools.yml -t update-config
-To update configuration files only for specific services, run the following commands:
- ansible-playbook -i inventories soctools.yml -t update-keycloak-config
- ansible-playbook -i inventories soctools.yml -t update-thehive-config
- ansible-playbook -i inventories soctools.yml -t update-cortex-config
- ansible-playbook -i inventories soctools.yml -t update-cassandra-config
- ansible-playbook -i inventories soctools.yml -t update-haproxy-config
- ansible-playbook -i inventories soctools.yml -t update-filebeat-config
- ansible-playbook -i inventories soctools.yml -t update-nifi-config
- ansible-playbook -i inventories soctools.yml -t update-odfees-config
- ansible-playbook -i inventories soctools.yml -t update-odfekibana-config
-
-
-Restart services inside docker containers using Ansible
--------------------------------------------------------
-To restart services for all docker containers together, run the following command:
- ansible-playbook -i inventories soctools.yml -t restart
-To restart services only for specific docker containers, run the following commands:
- ansible-playbook -i inventories soctools.yml -t restart-keycloak
- ansible-playbook -i inventories soctools.yml -t restart-thehive
- ansible-playbook -i inventories soctools.yml -t restart-cortex
- ansible-playbook -i inventories soctools.yml -t restart-cassandra
- ansible-playbook -i inventories soctools.yml -t restart-haproxy
- ansible-playbook -i inventories soctools.yml -t restart-filebeat
- ansible-playbook -i inventories soctools.yml -t restart-misp
- ansible-playbook -i inventories soctools.yml -t restart-mysql
- ansible-playbook -i inventories soctools.yml -t restart-nifi
- ansible-playbook -i inventories soctools.yml -t restart-odfees
- ansible-playbook -i inventories soctools.yml -t restart-odfekibana
-
-Stop services inside docker containers using Ansible
-----------------------------------------------------
-To stop services for all docker containers together, run the following command:
- ansible-playbook -i inventories soctools.yml -t stop
-To stop services only for specific docker containers, run the following commands:
- ansible-playbook -i inventories soctools.yml -t stop-keycloak
- ansible-playbook -i inventories soctools.yml -t stop-thehive
- ansible-playbook -i inventories soctools.yml -t stop-cortex
- ansible-playbook -i inventories soctools.yml -t stop-cassandra
- ansible-playbook -i inventories soctools.yml -t stop-haproxy
- ansible-playbook -i inventories soctools.yml -t stop-filebeat
- ansible-playbook -i inventories soctools.yml -t stop-misp
- ansible-playbook -i inventories soctools.yml -t stop-mysql
- ansible-playbook -i inventories soctools.yml -t stop-nifi
- ansible-playbook -i inventories soctools.yml -t stop-odfees
- ansible-playbook -i inventories soctools.yml -t stop-odfekibana
-
-Restart services inside docker containers manually
---------------------------------------------------
-To restart services inside docker containers after changes in configuration files:
- 1. Attache container: docker exec -it container_id_or_name bash (example: docker exec -it soctools-keycloak bash)
- 2. List services and their statuses: supervisorctl status
- 3. Restart service: supervisorctl restart supervisor_service_name (example: supervisorctl restart keycloak)
- 4. Detach from container: exit
-
diff --git a/README.md b/README.md
index f44a4984173bae749d95a9cbcf4551c6461643e6..967fa3f7e48937ed76b2e4a61ff2d77fa888801c 100644
--- a/README.md
+++ b/README.md
@@ -13,45 +13,36 @@ Log in and install ansible:
`yum -y install ansible git`
`ansible-galaxy collection install ansible.posix`
-Clone soctools:
-Temporary solution: Upload your ssh key to gitlab.geant.org
-`git clone git@gitlab.geant.org:gn4-3-wp8-t3.1-soc/soctools.git`
+Clone soctools:
+`git clone https://scm.uninett.no/geant-wp8-t3.1/soctools.git`
`cd soctools`
Install soctools:
-Edit group_vars/all/main.yml and change 'soctoolsproxy' so that it point to the FQDN of the server.
+Edit group_vars/all/main.yml and change 'dslproxy' so that it point to the FQDN of the server.
`vi group_vars/all/main.yml`
-Users are specified in the file:
-`group_vars/all/users.yml`
+The first entry in the soctools_users variable is the user with full admin privileges in NiFi and Kibana.
To configure the server running soctools, run the ansible playbook:
-`ansible-playbook -i inventories soctools_server.yml`
+`ansible-playbook -i soctools-inventory soctools_server.yml`
To build the Docker images needed, run the ansible playbook:
-`ansible-playbook -i inventories buildimages.yml`
+`ansible-playbook -i soctools-inventory buildimages.yml`
To build the CA needed for host and user certificates, run the ansible playbook:
-`ansible-playbook -i inventories buildca.yml`
+`ansible-playbook -i soctools-inventory buildca.yml`
-If using soctools CA certificates provided with this installation, you first need to download and import root certificate found in secrets/CA/ca.crt
-For Windows, CA certificate should be installed in Trusted Root Certification Authorities store.
-
-User certificates are can be found in the directory secrets/certificates. Import into browser for authentication.
-For Windows, user certificate should be installed in Personal store. Passwords for the certificates can be found in the directory secrets/passwords.
+User certificates are can be found in the directory roles/ca/files/CA/private. Import into browser for authentication.
To start the cluster, run the ansible playbook soctools.yml:
-`ansible-playbook -i inventories soctools.yml -t start`
+`ansible-playbook -i soctools-inventory soctools.yml -t start`
To stop the cluster, run the ansible playbook soctools.yml:
-`ansible-playbook -i inventories soctools.yml -t stop`
-
-Web interfaces are available on the following ports:
- * 9443 - NiFi
- * 5601 - Kibana
- * 6443 - Misp : Default user/password: admin@admin.test/test
- * 9000 - The Hive : Default user/password: admin@thehive.local/secret
- * 9001 - Cortex
- * 12443 - Keycloak : Default user/password: admin/Pass005
+`ansible-playbook -i soctools-inventory soctools.yml -t stop`
+
+The NiFi interface should now be available on port 9443 on the server.
+The OpenDistro for Elasticsearch interface should now be available on port 5601 on the server. To access preconfigured
+index patterns you have to switch to Global tenant.
+The Keycloak IdP interface should now be available on port 12443 on the server.
License
-------
diff --git a/buildca.yml b/buildca.yml
index 37ef902ce7086d5c92610d72eb86fa0e5022aec6..b718286139aa329e0a343f4ff60624cdfc6b3c34 100644
--- a/buildca.yml
+++ b/buildca.yml
@@ -1,7 +1,7 @@
---
- name: Build certification authority
- hosts: soctoolsmain
+ hosts: dsldev
roles:
- ca
diff --git a/buildimages.yml b/buildimages.yml
index 8a935836e253947d7181cf637718e66cb6b80b23..d30f905968d72cffd2aaf2973fcf65a33a3107b2 100644
--- a/buildimages.yml
+++ b/buildimages.yml
@@ -1,7 +1,7 @@
---
- name: Build docker images
- hosts: soctoolsmain
+ hosts: dsldev
roles:
- build
diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index 0c1c3d27ad556cea5d86f677becc8dddc0658312..c6adf5f95e0594287ec6815a4f43e6a95713922e 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -1,75 +1,124 @@
---
-soctoolsproxy: "<CHANGE_ME:hostname>"
-
-maxmind_key: ""
-
-docker_build_dir: "{{playbook_dir}}/build"
+dslproxy: "dsoclab.gn4-3-wp8-soc.sunet.se"
# TheHive Button plugin
THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"
-THEHIVE_API_KEY: "5LymseWiurZBrQN8Kqp8O+9KniTL5cE0"
-THEHIVE_OWNER: "admin"
+# here enter API key for default admin user
+THEHIVE_API_KEY: "bs2Jc3tGJqhVv0AYyX2NYlhMlorPz7mX"
+# ID of the default admin user
+THEHIVE_OWNER: "admin@thehive.local"
+
+# TheHive Create Organisation and Users
+# Login as default admin user and create API key, populate it here
+# thehive_admin_api: "KoHrKbIJm8XMsJxA9nZLs6YemCu76o3u"
+# thehive_writer: "[write]"
+
+#THEHIVE_API_KEY: "1gFdNhmUSxO3BRe1SBB5JYEvkW9UOo6s"
+THEHIVE_USERS:
+ - kiril:
+ username: "kiril"
+ name: "Kiril"
+ surname: "Kiroski"
+ roles: '["read", "write", "admin"]'
+ organization: "uninett.no"
+ - temur:
+ username: "temur"
+ name: "Temur"
+ surname: "Maisuradze"
+ roles: '["read", "write", "admin"]'
+ organization: "uninett.no"
+
+
soctools_netname: "soctoolsnet"
soctools_network: "172.22.0.0/16"
-repo: soctools
+repo: gn43-dsl
version: 7
suffix: a20201004
-haproxy_name: "soctools-haproxy"
+haproxy_name: "dsoclab-haproxy"
haproxy_version: "2.2"
haproxy_img: "{{repo}}/haproxy:{{version}}{{suffix}}"
HAPROXY_PROCESSES: "2"
-
-FILEBEAT_VERSION: "7.9.3"
-FILEBEAT_OUTPUT_HOST: "{{soctoolsproxy}}"
-FILEBEAT_OUTPUT_PORT: "6000"
-FILEBEAT_CERT: "/opt/filebeat/filebeat.crt"
-FILEBEAT_KEY: "/opt/filebeat/filebeat.key"
+HAPROXY_STATS_PASS: "eiph2Eepaizicheelah3tei+bae3ohgh"
temp_root: "/tmp/centosbuild"
openjdk_img: "{{repo}}/openjdk:{{version}}{{suffix}}"
-zookeeper_name: "soctools-zookeeper"
+zookeeper_name: "dsoclab-zookeeper"
zookeeper_img: "{{repo}}/zookeeper:{{version}}{{suffix}}"
-misp_name: "soctools-misp"
+misp_name: "dsoclab-misp"
misp_img: "{{repo}}/misp:{{version}}{{suffix}}"
-misp_url: "https://{{soctoolsproxy}}:6443"
nifi_img: "{{repo}}/nifi:{{version}}{{suffix}}"
-mysql_name: "soctools-mysql"
+mysql_name: "dsoclab-mysql"
mysql_img: "{{repo}}/mysql:{{version}}{{suffix}}"
+mysql_dbrootpass: "Pass006"
-cassandra_name: "soctools-cassandra"
+cassandra_name: "dsoclab-cassandra"
cassandra_img: "{{repo}}/cassandra:{{version}}{{suffix}}"
-thehive_name: "soctools-thehive"
+thehive_name: "dsoclab-thehive"
thehive_img: "{{repo}}/thehive:{{version}}{{suffix}}"
+# GENERATED WITH cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1
+thehive_secret_key: "LcnI9eKLo33711BmCnzf6UM1y05pdmj3dlADL81PxuffWqhobRoiiGFftjNPKpmM"
-cortex_name: "soctools-cortex"
+cortex_name: "dsoclab-cortex"
cortex_img: "{{repo}}/cortex:{{version}}{{suffix}}"
cortex_elasticsearch_mem: "256m"
+# GENERATED WITH cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1
+cortex_secret_key: "9CZ844IcAp5dHjsgU4iuaEssdopLcS6opzhVP3Ys4t4eRpNlHmwZdtfveLEXpM9D"
+cortex_odfe_pass: "Pass009"
+
+kspass: "Testing003"
+tspass: "Testing003"
sysctlconfig:
- - { key: "net.core.rmem_max", val: "4194304" }
- - { key: "net.core.wmem_max", val: "4194304" }
+ - { key: "net.core.rmem_max", val: "2097152" }
+ - { key: "net.core.wmem_max", val: "2097152" }
- { key: "vm.max_map_count" , val: "524288" }
nifi_javamem: "1g"
odfe_javamem: "512m"
-nifi_version: 1.12.1
+nifi_version: 1.11.4
nifi_repo: "https://archive.apache.org/dist"
ca_cn: "SOCTOOLS-CA"
+soctools_users:
+ - firstname: "Bozidar"
+ lastname: "Proevski"
+ username: "bozidar.proevski"
+ email: "bozidar.proevski@finki.ukim.mk"
+ DN: "CN=Bozidar Proevski"
+ CN: "Bozidar Proevski"
+ password: "Pass001"
+ - firstname: "Arne"
+ lastname: "Oslebo"
+ username: "arne.oslebo"
+ email: "arne.oslebo@uninett.no"
+ DN: "CN=Arne Oslebo"
+ CN: "Arne Oslebo"
+ password: "Pass002"
+ - firstname: "Kiril"
+ lastname: "Kjiroski"
+ username: "kiril.kjiroski"
+ email: "kiril.kjiroski@finki.ukim.mk"
+ DN: "CN=Kiril Kjiroski"
+ CN: "Kiril Kjiroski"
+ password: "Pass003"
+
odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}"
odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}"
+# GENERATE 32-bit secure value
+odfekibana_cookie: "iroAm0ueIV7w6CS1WcJTwIV6R4d5RIAt"
+odfees_adminpass: "Pass004"
#elk_version: "oss-7.6.1"
elk_version: "oss-7.4.2"
#odfeplugin_version: "1.7.0.0"
@@ -80,25 +129,16 @@ openid_scope: profile
openid_subjkey: preferred_username
keycloak_img: "{{repo}}/keycloak:{{version}}{{suffix}}"
+keycloak_adminpass: "Pass005"
elastic_username: "admin"
+misp_token: ""
+misp_url: ""
+maxmind_key: ""
misp_dbname: "mispdb"
misp_dbuser: "misp"
-
-services:
- - mysql
- - haproxy
- - openjdk
- - zookeeper
- - nifi
- - elasticsearch
- - kibana
- - odfees
- - odfekibana
- - keycloak
- - misp
- - cassandra
- - thehive
- - cortex
+misp_dbpass: "Pass007"
+# misp_salt generated with: openssl rand -base64 32
+misp_salt: "wa2fJA2mGIn32IDl+uKrCJ069Mg3khDdGzFNv8DOwM0="
diff --git a/group_vars/all/users.yml b/group_vars/all/users.yml
deleted file mode 100644
index bc785e4800de9f8642c7236db63cbe5069f2826a..0000000000000000000000000000000000000000
--- a/group_vars/all/users.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-
-soctools_users:
- - firstname: "User1"
- lastname: "SOC"
- username: "user1"
- email: "user1@soctools.test"
- DN: "CN=User1Soctools"
- CN: "User1Soctools"
- - firstname: "User2"
- lastname: "SOC"
- username: "user2"
- email: "user2@soctools.test"
- DN: "CN=User2Soctools"
- CN: "User2Soctools"
-
-# Minimum one user is required
-ODFE_ADMIN_USERS:
- - user1
-
-
diff --git a/inventories/build/group_vars/all.yml b/inventories/build/group_vars/all.yml
new file mode 100644
index 0000000000000000000000000000000000000000..704323666712c480e383ad2c4bf695794b1c6cb0
--- /dev/null
+++ b/inventories/build/group_vars/all.yml
@@ -0,0 +1,4 @@
+---
+
+docker_image_path: images
+base_image: python:2.7-stretch
diff --git a/inventories/build/hosts.yml b/inventories/build/hosts.yml
new file mode 100644
index 0000000000000000000000000000000000000000..485463850c4bf51c14826fb6b13adbad2a1a18ed
--- /dev/null
+++ b/inventories/build/hosts.yml
@@ -0,0 +1,12 @@
+all:
+ hosts:
+ nifi-image:
+ ansible_connection: docker
+ ansible_python_interpreter: /usr/bin/python
+ localhost:
+ ansible_python_interpreter: /usr/bin/python
+ ansible_connection: local
+ children:
+ nifi:
+ hosts:
+ localhost:
diff --git a/inventories/cassandra b/inventories/cassandra
deleted file mode 100644
index 65a4f3475d64e7d85474ef8f6831d9df949b6dee..0000000000000000000000000000000000000000
--- a/inventories/cassandra
+++ /dev/null
@@ -1,2 +0,0 @@
-[cassandra]
-soctools-cassandra ansible_connection=docker
diff --git a/inventories/cortex b/inventories/cortex
deleted file mode 100644
index 6a64e81773fe3de5f89dd23e65ed35d6fcf4bfdd..0000000000000000000000000000000000000000
--- a/inventories/cortex
+++ /dev/null
@@ -1,2 +0,0 @@
-[cortex]
-soctools-cortex ansible_connection=docker
diff --git a/inventories/deploy/group_vars/haproxy.yml b/inventories/deploy/group_vars/haproxy.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b53d50d6b11f23d908ad3fe74b42e70f318e2119
--- /dev/null
+++ b/inventories/deploy/group_vars/haproxy.yml
@@ -0,0 +1,11 @@
+---
+index: haproxy
+scale: "{{ haproxy_scale | default('1')}}"
+docker:
+ haproxy:
+ image: haproxy:latest
+ volumes:
+ - /usr/local/etc/haproxy/:/usr/local/etc/haproxy:ro
+ ports:
+ - "80:80"
+ source: pull
\ No newline at end of file
diff --git a/inventories/deploy/group_vars/nifi.yml b/inventories/deploy/group_vars/nifi.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5b718692a776eb9418de06d5c9bf18b8c1a5724b
--- /dev/null
+++ b/inventories/deploy/group_vars/nifi.yml
@@ -0,0 +1,19 @@
+---
+index: nifi
+scale: "{{ nifi_scale | default('1')}}"
+docker:
+ nifi:
+# image: nifi-soctools #For nifi image built by soctools
+# source: load
+ image: apache/nifi:latest
+ source: pull
+ command: /opt/nifi/nifi-current/scripts/start.sh
+ env:
+ NIFI_HOME: "/opt/nifi/nifi-current"
+ NIFI_LOG_DIR: "/opt/nifi/nifi-current/logs"
+ NIFI_PID_DIR: "/opt/nifi/nifi-current/run"
+ NIFI_CLUSTER_IS_NODE: "true"
+ NIFI_ZK_CONNECT_STRING: "zookeeper_1:2181"
+ NIFI_CLUSTER_NODE_PROTOCOL_PORT: "8082"
+ NIFI_ELECTION_MAX_WAIT: "1 min"
+ load_path: "{{ image_location }}/nifi-soctools.tar"
diff --git a/inventories/deploy/group_vars/zookeeper.yml b/inventories/deploy/group_vars/zookeeper.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5604be8138d47975f9e1ed6fb075ebc27d392e13
--- /dev/null
+++ b/inventories/deploy/group_vars/zookeeper.yml
@@ -0,0 +1,7 @@
+---
+index: zookeeper
+scale: "{{ zookeeper_scale | default('1')}}"
+docker:
+ zookeeper:
+ image: zookeeper:latest
+ source: pull
\ No newline at end of file
diff --git a/inventories/deploy/hosts.yml.example b/inventories/deploy/hosts.yml.example
new file mode 100644
index 0000000000000000000000000000000000000000..7d85e5bdf3a5030bbfbd114016b78808000bcd73
--- /dev/null
+++ b/inventories/deploy/hosts.yml.example
@@ -0,0 +1,21 @@
+all:
+ hosts:
+ host1:
+ ansible_ssh_user: debian
+ ansible_python_interpreter: /usr/bin/python
+ become: yes
+ children:
+ soctools_server:
+ hosts:
+ host1:
+ nifi:
+ hosts:
+ host1:
+ nifi_scale: 3
+ haproxy:
+ hosts:
+ host1:
+ zookeeper:
+ hosts:
+ host1:
+ zookeeper_scale: 3
\ No newline at end of file
diff --git a/inventories/elasticsearch b/inventories/elasticsearch
deleted file mode 100644
index 73901fb0cd71e4434bd33159a45fc97c34ee98bb..0000000000000000000000000000000000000000
--- a/inventories/elasticsearch
+++ /dev/null
@@ -1,3 +0,0 @@
-[odfeescontainers]
-soctools-odfe-1 ansible_connection=docker
-soctools-odfe-2 ansible_connection=docker
diff --git a/inventories/filebeat b/inventories/filebeat
deleted file mode 100644
index 2add349aa63b05076383cb8d04f9ec27a4e1f309..0000000000000000000000000000000000000000
--- a/inventories/filebeat
+++ /dev/null
@@ -1,16 +0,0 @@
-[filebeat]
-soctools-nifi-1 ansible_connection=docker FILEBEAT_FILES='["/opt/nifi/nifi-current/logs/nifi-app.log","/opt/nifi/nifi-current/logs/nifi-bootstrap.log","/opt/nifi/nifi-current/logs/nifi-user.log","/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="nifi" FILEBEAT_LOG_FORMAT="text"
-soctools-nifi-2 ansible_connection=docker FILEBEAT_FILES='["/opt/nifi/nifi-current/logs/nifi-app.log","/opt/nifi/nifi-current/logs/nifi-bootstrap.log","/opt/nifi/nifi-current/logs/nifi-user.log","/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="nifi" FILEBEAT_LOG_FORMAT="text"
-soctools-nifi-3 ansible_connection=docker FILEBEAT_FILES='["/opt/nifi/nifi-current/logs/nifi-app.log","/opt/nifi/nifi-current/logs/nifi-bootstrap.log","/opt/nifi/nifi-current/logs/nifi-user.log","/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="nifi" FILEBEAT_LOG_FORMAT="text"
-soctools-misp ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-php72/log/php-fpm/*.log","/var/opt/rh/rh-redis32/log/redis/redis.log","/var/log/httpd/*log","/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="misp" FILEBEAT_LOG_FORMAT="text"
-soctools-odfe-1 ansible_connection=docker FILEBEAT_FILES='["/usr/share/elasticsearch/logs/soctools-cluster_server.json"]' FILEBEAT_LOG_TYPE="elasticsearch" FILEBEAT_LOG_FORMAT="json"
-soctools-odfe-2 ansible_connection=docker FILEBEAT_FILES='["/usr/share/elasticsearch/logs/soctools-cluster_server.json"]' FILEBEAT_LOG_TYPE="elasticsearch" FILEBEAT_LOG_FORMAT="json"
-soctools-kibana ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/kibana_stdout.log"]' FILEBEAT_LOG_TYPE="kibana" FILEBEAT_LOG_FORMAT="json"
-soctools-keycloak ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="keycloak" FILEBEAT_LOG_FORMAT="json"
-soctools-mysql ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-mariadb103/log/mariadb/mariadb.log","/var/opt/rh/rh-mariadb103/lib/mysql/server_audit.log"]' FILEBEAT_LOG_TYPE="mysql" FILEBEAT_LOG_FORMAT="text"
-soctools-haproxy ansible_connection=docker FILEBEAT_SYSLOG_PORT=9000 FILEBEAT_LOG_TYPE="haproxy" FILEBEAT_LOG_FORMAT="text"
-soctools-zookeeper ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="zookeeper" FILEBEAT_LOG_FORMAT="text"
-soctools-cortex ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="cortex" FILEBEAT_LOG_FORMAT="text"
-soctools-thehive ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="thehive" FILEBEAT_LOG_FORMAT="text"
-soctools-cassandra ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="cassandra" FILEBEAT_LOG_FORMAT="text"
-
diff --git a/inventories/haproxy b/inventories/haproxy
deleted file mode 100644
index 7ded04a5134a971fadf026b2d214fa2ce11e1ec4..0000000000000000000000000000000000000000
--- a/inventories/haproxy
+++ /dev/null
@@ -1,2 +0,0 @@
-[haproxy]
-soctools-haproxy ansible_connection=docker
\ No newline at end of file
diff --git a/inventories/keycloak b/inventories/keycloak
deleted file mode 100644
index b998e8f6a613fd2feb0450a5ad11a0237c952ae6..0000000000000000000000000000000000000000
--- a/inventories/keycloak
+++ /dev/null
@@ -1,2 +0,0 @@
-[keycloakcontainers]
-soctools-keycloak ansible_connection=docker
diff --git a/inventories/kibana b/inventories/kibana
deleted file mode 100644
index 1f00ac6c362b94aaf698cb74343d1fbf2a402ab1..0000000000000000000000000000000000000000
--- a/inventories/kibana
+++ /dev/null
@@ -1,2 +0,0 @@
-[odfekibanacontainers]
-soctools-kibana ansible_connection=docker
diff --git a/inventories/misp b/inventories/misp
deleted file mode 100644
index 445ec1e88dde819705331e8a221d9540bf7cf34e..0000000000000000000000000000000000000000
--- a/inventories/misp
+++ /dev/null
@@ -1,2 +0,0 @@
-[mispcontainers]
-soctools-misp ansible_connection=docker
diff --git a/inventories/mysql b/inventories/mysql
deleted file mode 100644
index 6d0b3065b10647a34ff7eebc94dde8d3197788be..0000000000000000000000000000000000000000
--- a/inventories/mysql
+++ /dev/null
@@ -1,2 +0,0 @@
-[mysql]
-soctools-mysql ansible_connection=docker
\ No newline at end of file
diff --git a/inventories/nifi b/inventories/nifi
deleted file mode 100644
index d434490139a0736c046257fdf260d503f76576ff..0000000000000000000000000000000000000000
--- a/inventories/nifi
+++ /dev/null
@@ -1,4 +0,0 @@
-[nificontainers]
-soctools-nifi-1 ansible_connection=docker
-soctools-nifi-2 ansible_connection=docker
-soctools-nifi-3 ansible_connection=docker
diff --git a/inventories/soctools b/inventories/soctools
deleted file mode 100644
index 46ea675635f842bbcae314c0c21ff55b3d3ab425..0000000000000000000000000000000000000000
--- a/inventories/soctools
+++ /dev/null
@@ -1,2 +0,0 @@
-[soctoolsmain]
-localhost ansible_connection=local
diff --git a/inventories/thehive b/inventories/thehive
deleted file mode 100644
index 6fd7b99444c07fac165fa5bca0ec19ec270db0ef..0000000000000000000000000000000000000000
--- a/inventories/thehive
+++ /dev/null
@@ -1,2 +0,0 @@
-[thehive]
-soctools-thehive ansible_connection=docker
diff --git a/restart-soctools.yml b/restart-soctools.yml
deleted file mode 100644
index 5aa1c94116243ecdf120c17813677b9c59643630..0000000000000000000000000000000000000000
--- a/restart-soctools.yml
+++ /dev/null
@@ -1,52 +0,0 @@
----
-
-- name: Restart services for haproxy
- hosts: haproxy
- roles:
- - haproxy
-
-- name: Restart services for mysql
- hosts: mysql
- roles:
- - mysql
-
-- name: Restart services for Cassandra
- hosts: cassandra
- roles:
- - cassandra
-
-- name: Restart services for Keycloak
- hosts: keycloakcontainers
- roles:
- - keycloak
-
-- name: Restart services for NiFi
- hosts: nificontainers
- roles:
- - nifi
-
-- name: Restart services for OpenDistro for Elasticsearch
- hosts: odfeescontainers
- roles:
- - odfees
-
-- name: Restart services for OpenDistro Kibana for Elasticsearch
- hosts: odfekibanacontainers
- roles:
- - odfekibana
-
-- name: Restart services for MISP
- hosts: mispcontainers
- roles:
- - misp
-
-- name: Restart services for TheHive
- hosts: thehive
- roles:
- - thehive
-
-- name: Restart services for Cortex
- hosts: cortex
- roles:
- - cortex
-
diff --git a/roles/build/files/cassandra/cassandrasupervisord.conf b/roles/build/files/cassandra/cassandrasupervisord.conf
deleted file mode 100644
index 6cef6509c659ff4d16d1abb8ecafaf34eb0b84e8..0000000000000000000000000000000000000000
--- a/roles/build/files/cassandra/cassandrasupervisord.conf
+++ /dev/null
@@ -1,44 +0,0 @@
-[unix_http_server]
-file=/tmp/supervisor.sock
-
-[supervisord]
-pidfile=/tmp/supervisord.pid
-nodaemon=true
-logfile=/var/log/supervisor/supervisord.log
-logfile_maxbytes=10MB
-logfile_backups=10
-loglevel=info
-childlogdir=/var/log/supervisor/
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock
-
-[program:cassandra]
-directory=/usr/share/cassandra
-user=cassandra
-group=cassandra
-environment = CASSANDRA_HOME="/usr/share/cassandra",CASSANDRA_CONF="/usr/share/cassandra/conf",CASSANDRA_INCLUDE="/usr/share/cassandra/cassandra.in.sh"
-command=/bin/bash -c '/usr/sbin/cassandra -f'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/cassandra_stderr.log
-stdout_logfile = /var/log/supervisor/cassandra_stdout.log
-
-[program:filebeat]
-directory=/opt/filebeat
-user=root
-group=root
-command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/filebeat_stderr.log
-stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/cassandraDockerfile b/roles/build/files/cassandraDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..c1b73887b9bdfe51d27938507bf3280e7966fbc1
--- /dev/null
+++ b/roles/build/files/cassandraDockerfile
@@ -0,0 +1,35 @@
+FROM gn43-dsl/openjdk:7a20201004
+
+USER root
+#COPY cassandra.repo /etc/yum.repos.d/cassandra.repo
+#COPY supervisord.conf /etc/supervisord.conf
+#COPY start.sh /start.sh
+RUN echo "[cassandra]" > /etc/yum.repos.d/cassandra.repo && \
+ echo "name=Apache Cassandra" >> /etc/yum.repos.d/cassandra.repo && \
+ echo "baseurl=https://downloads.apache.org/cassandra/redhat/311x/" >> /etc/yum.repos.d/cassandra.repo && \
+ echo "gpgcheck=1" >> /etc/yum.repos.d/cassandra.repo && \
+ echo "repo_gpgcheck=1" >> /etc/yum.repos.d/cassandra.repo && \
+ echo "gpgkey=https://downloads.apache.org/cassandra/KEYS" >> /etc/yum.repos.d/cassandra.repo && \
+ echo '#!/bin/bash' > /start.sh && \
+ echo 'export CASSANDRA_HOME=/usr/share/cassandra' >> /start.sh && \
+ echo 'export CASSANDRA_CONF=$CASSANDRA_HOME/conf' >> /start.sh && \
+ echo 'export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh' >> /start.sh && \
+ echo 'log_file=/var/log/cassandra/cassandra.log' >> /start.sh && \
+ echo 'pid_file=/var/run/cassandra/cassandra.pid' >> /start.sh && \
+ echo 'lock_file=/var/lock/subsys/cassandra' >> /start.sh && \
+ echo 'CASSANDRA_PROG=/usr/sbin/cassandra' >> /start.sh && \
+ echo '' >> /start.sh && \
+ echo '$CASSANDRA_PROG -p $pid_file > $log_file 2>&1' >> /start.sh && \
+ yum install -y epel-release && \
+ yum install -y cassandra supervisor && \
+ mkdir /usr/share/cassandra/conf && \
+ cp -a /etc/cassandra/conf/* /usr/share/cassandra/conf && \
+ chown -R cassandra:cassandra /usr/share/cassandra && \
+ chown -R cassandra:cassandra /var/lib/cassandra && \
+ sed -i -e 's,/etc/cassandra,/usr/share/cassandra,g' /usr/share/cassandra/cassandra.in.sh && \
+ chmod a+x /start.sh && \
+ yum -y clean all
+EXPOSE 7000 9042
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER cassandra
+# ENTRYPOINT ["/start.sh"]
diff --git a/roles/build/files/cortex/cortexsupervisord.conf b/roles/build/files/cortex/cortexsupervisord.conf
deleted file mode 100644
index 99e89e48ea30bcf6e76ba3527918a1d190ba148b..0000000000000000000000000000000000000000
--- a/roles/build/files/cortex/cortexsupervisord.conf
+++ /dev/null
@@ -1,56 +0,0 @@
-[unix_http_server]
-file=/tmp/supervisor.sock
-
-[supervisord]
-pidfile=/tmp/supervisord.pid
-nodaemon=true
-logfile=/var/log/supervisor/supervisord.log
-logfile_maxbytes=10MB
-logfile_backups=10
-loglevel=info
-childlogdir=/var/log/supervisor/
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock
-
-[program:elasticsearch]
-directory=/usr/share/elasticsearch
-user=elasticsearch
-group=elasticsearch
-command=/bin/bash -c '/usr/share/elasticsearch/bin/elasticsearch'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/elasticsearch_stderr.log
-stdout_logfile = /var/log/supervisor/elasticsearch_stdout.log
-
-[program:cortex]
-directory=/opt/cortex
-user=cortex
-group=cortex
-command=/bin/bash -c '/opt/cortex/bin/cortex -Dconfig.file=/etc/cortex/application.conf -Dlogger.file=/etc/cortex/logback.xml -J-Xms1g -J-Xmx1g -Dpidfile.path=/dev/null'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/cortex_stderr.log
-stdout_logfile = /var/log/supervisor/cortex_stdout.log
-
-[program:filebeat]
-directory=/opt/filebeat
-user=root
-group=root
-command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/filebeat_stderr.log
-stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/cortexDockerfile b/roles/build/files/cortexDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..014cdf01134d97139671c702bbc6dde96682ee8e
--- /dev/null
+++ b/roles/build/files/cortexDockerfile
@@ -0,0 +1,32 @@
+FROM gn43-dsl/openjdk:7a20201004
+
+USER root
+#COPY thehive.repo /etc/yum.repos.d/thehive.repo
+#COPY supervisord.conf /etc/supervisord.conf
+#COPY start.sh /start.sh
+RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
+ echo "enabled=1" >> /etc/yum.repos.d/thehive.repo && \
+ echo "priority=1" >> /etc/yum.repos.d/thehive.repo && \
+ echo "name=TheHive-Project RPM repository" >> /etc/yum.repos.d/thehive.repo && \
+ echo "baseurl=http://rpm.thehive-project.org/stable/noarch" >> /etc/yum.repos.d/thehive.repo && \
+ echo "gpgcheck=1" >> /etc/yum.repos.d/thehive.repo && \
+ yum install -y epel-release && \
+ rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
+ rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
+ yum install -y cortex supervisor daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch gcc-c++ whois && \
+ rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.8.13.rpm && \
+ chown -R elasticsearch:elasticsearch /etc/elasticsearch && \
+ mkdir -p /home/cortex && \
+ chown -R cortex:cortex /home/cortex && \
+ chown -R cortex:cortex /etc/cortex && \
+ cd /opt && \
+ git clone https://github.com/TheHive-Project/Cortex-Analyzers && \
+ chown -R cortex:cortex /opt/Cortex-Analyzers && \
+ cd /opt/Cortex-Analyzers && \
+ for I in analyzers/*/requirements.txt; do LC_ALL=en_US.UTF-8 pip3 install --no-cache-dir -U -r $I || true; done && \
+ for I in responders/*/requirements.txt; do LC_ALL=en_US.UTF-8 pip3 install --no-cache-dir -U -r $I || true; done && \
+ yum -y clean all
+EXPOSE 9001
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER cortex
+# ENTRYPOINT ["/start.sh"]
diff --git a/roles/build/files/elasticDockerfile b/roles/build/files/elasticDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..dba40032af25404c9470cb7ca39cf3ccc43b4ff3
--- /dev/null
+++ b/roles/build/files/elasticDockerfile
@@ -0,0 +1,21 @@
+FROM gn43-dsl/openjdk:7a20201004
+
+ENV PATH="/usr/share/elasticsearch/bin:${PATH}"
+
+RUN groupadd -g 1000 elasticsearch && \
+ adduser -u 1000 -g 1000 -d /usr/share/elasticsearch elasticsearch
+
+WORKDIR /usr/share/elasticsearch
+
+RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
+ rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-7.4.2-no-jdk-x86_64.rpm && \
+ cp -a /etc/elasticsearch/ /usr/share/elasticsearch/config/ && \
+ chown -R elasticsearch /usr/share/elasticsearch/config && \
+ mkdir -p /usr/share/elasticsearch/data && \
+ chown -R elasticsearch /usr/share/elasticsearch/data && \
+ sed -i -e 's,ES_PATH_CONF=/etc/elasticsearch,ES_PATH_CONF=/usr/share/elasticsearch/config,g' /etc/sysconfig/elasticsearch
+
+EXPOSE 9200 9300
+USER elasticsearch
+ENTRYPOINT ["/bin/bash"]
+
diff --git a/roles/build/files/haproxy/haproxysupervisord.conf b/roles/build/files/haproxy/haproxysupervisord.conf
deleted file mode 100644
index 2738cf2d75e4646aafc687fb855ded53414594c0..0000000000000000000000000000000000000000
--- a/roles/build/files/haproxy/haproxysupervisord.conf
+++ /dev/null
@@ -1,44 +0,0 @@
-[unix_http_server]
-file=/tmp/supervisor.sock
-
-[supervisord]
-pidfile=/tmp/supervisord.pid
-nodaemon=true
-logfile=/var/log/supervisor/supervisord.log
-logfile_maxbytes=10MB
-logfile_backups=10
-loglevel=info
-childlogdir=/var/log/supervisor/
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock
-
-[program:haproxy]
-directory=/root
-user=root
-group=root
-command=/bin/bash -c '/usr/local/sbin/haproxy -f /usr/local/etc/haproxy/haproxy.cfg'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/haproxy_stderr.log
-stdout_logfile = /var/log/supervisor/haproxy_stdout.log
-
-
-[program:filebeat]
-directory=/opt/filebeat
-user=root
-group=root
-command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/filebeat_stderr.log
-stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/haproxyDockerfile b/roles/build/files/haproxyDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..f36d8f4cfb974f7a641bbf60d4473a0c39afa0f8
--- /dev/null
+++ b/roles/build/files/haproxyDockerfile
@@ -0,0 +1,71 @@
+FROM gn43-dsl/centos:7a20201004
+
+ENV HAPROXY_VERSION 2.2.3
+ENV HAPROXY_URL https://www.haproxy.org/download/2.2/src/haproxy-2.2.3.tar.gz
+ENV HAPROXY_SHA256 7209db363d4dbecb21133f37b01048df666aebc14ff543525dbea79be202064e
+ENV OPENSSL_VERSION=1.0.2u
+
+
+# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments
+RUN \
+ yum install -y epel-release && \
+ yum update -y && \
+ `# Install build tools. Note: perl needed to compile openssl...` \
+ yum install -y \
+ inotify-tools \
+ wget \
+ tar \
+ gzip \
+ make \
+ gcc \
+ perl \
+ pcre-devel \
+ zlib-devel \
+ iptables \
+ pcre2-devel \
+ daemonize \
+ pth-devel && \
+ `# Install newest openssl...` \
+ wget -O /tmp/openssl.tgz https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \
+ tar -zxf /tmp/openssl.tgz -C /tmp && \
+ cd /tmp/openssl-* && \
+ ./config --prefix=/usr \
+ --openssldir=/etc/ssl \
+ --libdir=lib \
+ no-shared zlib-dynamic && \
+ make -j$(getconf _NPROCESSORS_ONLN) V= && make install_sw && \
+ cd && rm -rf /tmp/openssl* && \
+ `# Install HAProxy...` \
+ && wget -O haproxy.tar.gz "$HAPROXY_URL" \
+ && echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c \
+ && mkdir -p /usr/src/haproxy \
+ && tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1 \
+ && rm haproxy.tar.gz \
+ \
+ && makeOpts=' \
+ TARGET=linux-glibc \
+ USE_GETADDRINFO=1 \
+ USE_OPENSSL=1 \
+ USE_PCRE2=1 USE_PCRE2_JIT=1 \
+ USE_ZLIB=1 \
+ \
+ EXTRA_OBJS=" \
+# see https://github.com/docker-library/haproxy/issues/94#issuecomment-505673353 for more details about prometheus support
+ contrib/prometheus-exporter/service-prometheus.o \
+ " \
+ ' \
+ && nproc="$(nproc)" \
+ && eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts" \
+ && eval "make -C /usr/src/haproxy install-bin $makeOpts" \
+ \
+ && mkdir -p /usr/local/etc/haproxy \
+ && cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors \
+ && rm -rf /usr/src/haproxy
+
+ENTRYPOINT ["/bin/bash"]
+
+# https://www.haproxy.org/download/1.8/doc/management.txt
+# "4. Stopping and restarting HAProxy"
+# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed"
+# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process"
+STOPSIGNAL SIGUSR1
diff --git a/roles/build/files/keycloak/keycloaksupervisord.conf b/roles/build/files/keycloak/keycloaksupervisord.conf
deleted file mode 100644
index 63694dc8cf6227d2540f4afb74af54ca18633d2d..0000000000000000000000000000000000000000
--- a/roles/build/files/keycloak/keycloaksupervisord.conf
+++ /dev/null
@@ -1,44 +0,0 @@
-[unix_http_server]
-file=/tmp/supervisor.sock
-
-[supervisord]
-pidfile=/tmp/supervisord.pid
-nodaemon=true
-logfile=/var/log/supervisor/supervisord.log
-logfile_maxbytes=10MB
-logfile_backups=10
-loglevel=info
-childlogdir=/var/log/supervisor/
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock
-
-[program:keycloak]
-directory=/opt/jboss/keycloak
-user=jboss
-group=jboss
-#command=/opt/jboss/keycloak/bin/standalone.sh -b 0.0.0.0
-command=/bin/bash -c '/docker-java-home/jre/bin/java -D[Standalone] -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true -Dorg.jboss.boot.log.file=/opt/jboss/keycloak/standalone/log/server.log -Dlogging.configuration=file:/opt/jboss/keycloak/standalone/configuration/logging.properties -jar /opt/jboss/keycloak/jboss-modules.jar -mp /opt/jboss/keycloak/modules org.jboss.as.standalone -Djboss.home.dir=/opt/jboss/keycloak -Djboss.server.base.dir=/opt/jboss/keycloak/standalone -b 0.0.0.0'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/keycloak_stderr.log
-stdout_logfile = /var/log/supervisor/keycloak_stdout.log
-
-[program:filebeat]
-directory=/opt/filebeat
-user=root
-group=root
-command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/filebeat_stderr.log
-stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/keycloakDockerfile b/roles/build/files/keycloakDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..ba6e7c130c1ec511d49e743d068c43d9bde1dc85
--- /dev/null
+++ b/roles/build/files/keycloakDockerfile
@@ -0,0 +1,41 @@
+FROM gn43-dsl/openjdk:7a20201004
+
+ENV KEYCLOAK_VERSION 10.0.1
+ENV JDBC_POSTGRES_VERSION 42.2.5
+ENV JBOSS_HOME /opt/jboss/keycloak
+
+ARG KEYCLOAK_DIST=https://downloads.jboss.org/keycloak/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz
+
+USER root
+
+#ADD //root/ansible-soctools-scm-uninett-no/soctools-buildtest-20201022/roles/build/templates/keycloak/keycloak-tools /opt/jboss/tools
+ADD keycloak-tools /opt/jboss/tools
+#ADD ../templates/keycloak/keycloak-tools /opt/jboss/tools
+RUN yum -y install openssl && yum -y clean all && \
+ mkdir -p /opt/jboss/ && cd /opt/jboss/ && \
+ curl -L $KEYCLOAK_DIST | tar zx && \
+ mv /opt/jboss/keycloak-* /opt/jboss/keycloak && \
+ mkdir -p /opt/jboss/keycloak/modules/system/layers/base/org/postgresql/jdbc/main && \
+ cd /opt/jboss/keycloak/modules/system/layers/base/org/postgresql/jdbc/main && \
+ curl -L https://repo1.maven.org/maven2/org/postgresql/postgresql/$JDBC_POSTGRES_VERSION/postgresql-$JDBC_POSTGRES_VERSION.jar > postgres-jdbc.jar && \
+ cp /opt/jboss/tools/databases/postgres/module.xml . && \
+ cd /opt/jboss/keycloak && \
+ bin/jboss-cli.sh --file=/opt/jboss/tools/cli/standalone-configuration.cli && \
+ rm -rf /opt/jboss/keycloak/standalone/configuration/standalone_xml_history && \
+ rm -rf /opt/jboss/keycloak/standalone/tmp/auth && \
+ rm -rf /opt/jboss/keycloak/domain/tmp/auth && \
+ adduser -u 1000 -g 0 -d /opt/jboss jboss && \
+ chown -R jboss:root /opt/jboss && \
+ chmod -R g+rwX /opt/jboss && \
+ mkdir -p /etc/x509/{https,ca} && chown -R jboss:root /etc/x509/{https,ca}
+
+ENV PATH="/opt/jboss/keycloak/bin:${PATH}"
+
+WORKDIR /opt/jboss/keycloak
+
+EXPOSE 8080
+EXPOSE 8443
+
+USER jboss
+ENTRYPOINT ["/bin/bash"]
+
diff --git a/roles/build/files/kibana/kibanasupervisord.conf b/roles/build/files/kibana/kibanasupervisord.conf
deleted file mode 100644
index 2cceed0bc2c3da97bb7b6012a381430808a6f5ae..0000000000000000000000000000000000000000
--- a/roles/build/files/kibana/kibanasupervisord.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-[unix_http_server]
-file=/tmp/supervisor.sock
-
-[supervisord]
-pidfile=/tmp/supervisord.pid
-nodaemon=true
-logfile=/var/log/supervisor/supervisord.log
-logfile_maxbytes=10MB
-logfile_backups=10
-loglevel=info
-childlogdir=/var/log/supervisor/
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock
-
-[program:kibana]
-user=kibana
-group=kibana
-directory=/usr/share/kibana
-command=sh -c "/usr/share/kibana/bin/kibana -c /usr/share/kibana/config/kibana.yml"
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/kibana_stderr.log
-stdout_logfile = /var/log/supervisor/kibana_stdout.log
-
-[program:filebeat]
-directory=/opt/filebeat
-user=root
-group=root
-command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/filebeat_stderr.log
-stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/templates/kibana/Dockerfile.j2 b/roles/build/files/kibanaDockerfile
similarity index 57%
rename from roles/build/templates/kibana/Dockerfile.j2
rename to roles/build/files/kibanaDockerfile
index ef2a4768f809d02b8320cb90963ea701cbddec16..0f137e085aae12dbae9099256a584e71c0dc9fbd 100644
--- a/roles/build/templates/kibana/Dockerfile.j2
+++ b/roles/build/files/kibanaDockerfile
@@ -1,7 +1,4 @@
-FROM {{repo}}/centos:{{version}}{{suffix}}
-
-RUN yum install -y supervisor
-RUN yum clean all
+FROM gn43-dsl/centos:7a20201004
ENV PATH="/usr/share/kibana/bin:${PATH}"
@@ -11,13 +8,11 @@ RUN groupadd -g 1000 kibana && \
WORKDIR /usr/share/kibana
RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
- rpm -Uvh https://artifacts.elastic.co/downloads/kibana/kibana-{{elk_version}}-x86_64.rpm && \
+ rpm -Uvh https://artifacts.elastic.co/downloads/kibana/kibana-oss-7.4.2-x86_64.rpm && \
cp -a /etc/kibana/ /usr/share/kibana/config/ && \
chown -R kibana /usr/share/kibana/config/
-RUN echo 'kibana ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
-
EXPOSE 5601
-COPY kibanasupervisord.conf /etc/supervisord.conf
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER kibana
+ENTRYPOINT ["/bin/bash"]
diff --git a/roles/build/files/misp/misp_rh-php72-php-fpm b/roles/build/files/misp/misp_rh-php72-php-fpm
deleted file mode 100644
index 2d67a51c4a2c69132897823a698bef39f4ee0fa6..0000000000000000000000000000000000000000
--- a/roles/build/files/misp/misp_rh-php72-php-fpm
+++ /dev/null
@@ -1,21 +0,0 @@
-/var/opt/rh/rh-php72/log/php-fpm/error.log {
- missingok
- notifempty
- sharedscripts
- delaycompress
- postrotate
- /bin/kill -SIGUSR1 `cat /var/opt/rh/rh-php72/run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true
- endscript
-}
-
-/var/opt/rh/rh-php72/log/php-fpm/www-*log {
- su apache apache
- create 600 apache apache
- missingok
- notifempty
- sharedscripts
- delaycompress
- postrotate
- /bin/kill -SIGUSR1 `cat /var/opt/rh/rh-php72/run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true
- endscript
-}
diff --git a/roles/build/files/misp/mispsupervisord.conf b/roles/build/files/misp/mispsupervisord.conf
deleted file mode 100644
index fce59b7aa8a838bd76824961dd7f881062460563..0000000000000000000000000000000000000000
--- a/roles/build/files/misp/mispsupervisord.conf
+++ /dev/null
@@ -1,83 +0,0 @@
-[unix_http_server]
-file=/tmp/supervisor.sock
-
-[supervisord]
-pidfile=/tmp/supervisord.pid
-nodaemon=true
-logfile=/var/log/supervisor/supervisord.log
-logfile_maxbytes=10MB
-logfile_backups=10
-loglevel=info
-childlogdir=/var/log/supervisor/
-user=root
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock
-
-[program:cron]
-autostart=true
-autorestart=true
-command=crond -n
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/cron_stderr.log
-stdout_logfile = /var/log/supervisor/cron_stdout.log
-
-[program:php-fpm]
-# EnvironmentFile=/etc/opt/rh/rh-php72/sysconfig/php-fpm
-command=/opt/rh/rh-php72/root/usr/sbin/php-fpm --nodaemonize
-autostart=false
-autorestart=true
-
-[program:redis-server]
-process_name = redis-server
-directory = /var/opt/rh/rh-redis32/lib/redis/
-command=/opt/rh/rh-redis32/root/usr/bin/redis-server /etc/opt/rh/rh-redis32/redis.conf
-user=redis
-autostart=false
-autorestart=true
-
-[program:apache2]
-command=/usr/sbin/httpd -DFOREGROUND
-autostart=false
-autorestart=true
-
-[program:misp-modules]
-command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s && sleep infinity"
-user = apache
-autostart=false
-autorestart=unexpected
-startsecs = 0
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/misp-modules_stderr.log
-stdout_logfile = /var/log/supervisor/misp-modules_stdout.log
-
-[program:workers]
-command=/bin/bash -c "cleanup() { /var/www/MISP/app/Console/worker/stop.sh; }; trap 'echo signal received!; kill ${child_pid}; wait ${child_pid}; cleanup' SIGINT SIGTERM; /var/www/MISP/app/Console/worker/start.sh; sleep infinity & child_pid=$!; wait ${child_pid};"
-user=apache
-autostart=false
-autorestart=unexpected
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/workers_stderr.log
-stdout_logfile = /var/log/supervisor/workers_stdout.log
-
-[program:filebeat]
-directory=/opt/filebeat
-user=root
-group=root
-command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/filebeat_stderr.log
-stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/mispDockerfile b/roles/build/files/mispDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..26f09fb32e6420b2cdcc83d1d7af3c436e730201
--- /dev/null
+++ b/roles/build/files/mispDockerfile
@@ -0,0 +1,84 @@
+FROM gn43-dsl/centos:7a20201004
+
+USER root
+RUN yum install -y epel-release centos-release-scl scl-utils ; \
+ yum install -y gcc git zip openssl supervisor rh-git218 httpd24 mod_ssl mod_auth_openidc rh-redis32 libxslt-devel zlib-devel libcaca-devel ssdeep-devel rh-php72 rh-php72-php-fpm rh-php72-php-devel rh-php72-php-mysqlnd rh-php72-php-mbstring rh-php72-php-xml rh-php72-php-bcmath rh-php72-php-opcache rh-php72-php-gd mariadb devtoolset-7 make cmake3 cppcheck libcxx-devel gpgme-devel openjpeg-devel gcc gcc-c++ poppler-cpp-devel pkgconfig python-devel redhat-rpm-config rubygem-rouge rubygem-asciidoctor zbar-devel opencv-devel wget screen rh-python36-mod_wsgi postfix curl make cmake python3 python3-devel python3-pip python3-yara python3-wheel python3-redis python3-zmq python3-setuptools redis sudo vim zip sqlite moreutils rng-tools libxml2-devel libxslt-devel zlib-devel libpqxx openjpeg2-devel ssdeep-devel ruby asciidoctor tesseract ImageMagick poppler-cpp-devel python36-virtualenv opencv-devel zbar zbar-devel ; \
+ yum -y clean all ; \
+ sed -i "s/max_execution_time = 30/max_execution_time = 300/" /etc/opt/rh/rh-php72/php.ini ; \
+ sed -i "s/memory_limit = 128M/memory_limit = 2048M/" /etc/opt/rh/rh-php72/php.ini ; \
+ sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/" /etc/opt/rh/rh-php72/php.ini ; \
+ sed -i "s/post_max_size = 8M/post_max_size = 50M/" /etc/opt/rh/rh-php72/php.ini ; \
+ mkdir -p /var/www/MISP ; \
+ chown -R apache:apache /var/www/MISP
+
+USER apache
+WORKDIR /var/www/MISP
+RUN git clone https://github.com/MISP/MISP.git /var/www/MISP ; \
+ git submodule update --init --recursive ; \
+ git submodule foreach --recursive git config core.filemode false ; \
+ git config core.filemode false
+
+USER root
+RUN pip3 install --upgrade pip ; \
+ pip3 install git+https://github.com/CybOXProject/mixbox.git ; \
+ pip3 install git+https://github.com/CybOXProject/python-cybox.git ; \
+ pip3 install git+https://github.com/STIXProject/python-stix.git ; \
+ pip3 install git+https://github.com/MAECProject/python-maec.git ; \
+ pip3 install /var/www/MISP/cti-python-stix2 ; \
+ pip3 install /var/www/MISP/PyMISP ; \
+ pip3 install git+https://github.com/kbandla/pydeep.git ; \
+ pip3 install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip ; \
+ pip3 install jsonschema ; \
+ pip3 install reportlab ; \
+ pip3 install python-magic ; \
+ pip3 install pyzmq ; \
+ pip3 install redis
+
+USER apache
+WORKDIR /var/www/MISP
+RUN git submodule init ; \
+ git submodule update
+
+USER root
+WORKDIR /usr/local/src
+RUN git clone https://github.com/MISP/misp-modules.git
+WORKDIR /usr/local/src/misp-modules
+RUN git checkout ; \
+ # sudo pip3 install -I -r REQUIREMENTS ; \
+ LANG=en_US.UTF-8 pip3 install -I -r REQUIREMENTS; \
+ pip3 install -I . ; \
+ mkdir /var/www/.composer && chown -R apache:apache /var/www/.composer ; \
+ cd /tmp ; \
+ wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz ; \
+ tar zxvf ssdeep-2.14.1.tar.gz && cd ssdeep-2.14.1 && ./configure && make && make install ; \
+ /usr/bin/scl enable rh-php72 "pecl install ssdeep" ; \
+ echo "extension=ssdeep.so" > /etc/opt/rh/rh-php72/php.d/88-ssdeep.ini ; \
+ cd
+
+USER apache
+WORKDIR /var/www/MISP/app
+RUN wget https://getcomposer.org/download/1.2.1/composer.phar -O composer.phar ; \
+ COMPOSER_CACHE_DIR=/var/www/.composer /usr/bin/scl enable rh-php72 "php composer.phar require kamisama/cake-resque:4.1.2" ; \
+ COMPOSER_CACHE_DIR=/var/www/.composer /usr/bin/scl enable rh-php72 "php composer.phar config vendor-dir Vendor" ; \
+ COMPOSER_CACHE_DIR=/var/www/.composer /usr/bin/scl enable rh-php72 "php composer.phar install" ; \
+ sed -i -e "s/bind 127.0.0.1/bind 0.0.0.0/" /etc/redis.conf ; \
+ cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php ; \
+ cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php ; \
+ cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php ; \
+ cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php ; \
+ cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
+
+USER root
+COPY mispstart.sh /var/www/MISP/app/Console/worker/start.sh
+RUN chown -R apache:apache /var/www/MISP ; \
+ chmod -R 750 /var/www/MISP ; \
+ chmod -R g+ws /var/www/MISP/app/tmp ; \
+ chmod -R g+ws /var/www/MISP/app/files ; \
+ chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
+
+# 80/443 - MISP web server, 3306 - mysql, 6379 - redis, 6666 - MISP modules, 50000 - MISP ZeroMQ
+EXPOSE 80 443 6443 6379 6666 50000
+
+COPY mispsupervisord.conf /etc/supervisord.conf
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+
diff --git a/roles/build/files/misp/mispstart.sh b/roles/build/files/mispstart.sh
similarity index 100%
rename from roles/build/files/misp/mispstart.sh
rename to roles/build/files/mispstart.sh
diff --git a/roles/build/files/mispsupervisord.conf b/roles/build/files/mispsupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..fbd4dea3bbd292aa2eea51772ecc559dc0b51703
--- /dev/null
+++ b/roles/build/files/mispsupervisord.conf
@@ -0,0 +1,25 @@
+[supervisord]
+nodaemon=false
+user=root
+
+[program:php-fpm]
+# EnvironmentFile=/etc/opt/rh/rh-php72/sysconfig/php-fpm
+command=/opt/rh/rh-php72/root/usr/sbin/php-fpm --nodaemonize
+
+[program:redis-server]
+process_name = redis-server
+directory = /var/opt/rh/rh-redis32/lib/redis/
+command=/opt/rh/rh-redis32/root/usr/bin/redis-server /etc/opt/rh/rh-redis32/redis.conf
+user=redis
+
+[program:apache2]
+command=/usr/sbin/httpd -DFOREGROUND
+
+[program:misp-modules]
+command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s"
+user = apache
+startsecs = 0
+
+[program:workers]
+command=/bin/bash /var/www/MISP/app/Console/worker/start.sh
+user=apache
diff --git a/roles/build/files/mysql/mysqlsupervisord.conf b/roles/build/files/mysql/mysqlsupervisord.conf
deleted file mode 100644
index 60d3109fc26d3b20de3d811482d1f6f2f2ed6a89..0000000000000000000000000000000000000000
--- a/roles/build/files/mysql/mysqlsupervisord.conf
+++ /dev/null
@@ -1,45 +0,0 @@
-[unix_http_server]
-file=/tmp/supervisor.sock
-
-[supervisord]
-pidfile=/tmp/supervisord.pid
-nodaemon=true
-logfile=/var/log/supervisor/supervisord.log
-logfile_maxbytes=10MB
-logfile_backups=10
-loglevel=info
-childlogdir=/var/log/supervisor/
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock
-
-[program:mysql]
-user=mysql
-directory=/var/lib/mysql
-command=/opt/rh/rh-mariadb103/root/usr/libexec/mysqld-scl-helper enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysqld --basedir=/opt/rh/rh-mariadb103/root/usr --log-error=/var/opt/rh/rh-mariadb103/log/mariadb/mariadb.log
-
-[program:cron]
-autostart=true
-autorestart=true
-command=crond -n
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/cron_stderr.log
-stdout_logfile = /var/log/supervisor/cron_stdout.log
-
-[program:filebeat]
-directory=/opt/filebeat
-user=root
-group=root
-command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/filebeat_stderr.log
-stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/mysqlDockerfile b/roles/build/files/mysqlDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..7c547b1e5959c3352c807b6ec9002673228709c6
--- /dev/null
+++ b/roles/build/files/mysqlDockerfile
@@ -0,0 +1,13 @@
+FROM gn43-dsl/centos:7a20201004
+
+USER root
+RUN yum -y update && yum install -y epel-release centos-release-scl scl-utils && \
+ yum install -y rh-mariadb103 python36-PyMySQL MySQL-python supervisor && \
+ /usr/bin/scl enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysql-prepare-db-dir /var/opt/rh/rh-mariadb103/lib/mysql
+RUN yum clean all
+
+EXPOSE 3306
+COPY mysqlsupervisord.conf /etc/supervisord.conf
+
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+
diff --git a/roles/build/files/mysqlsupervisord.conf b/roles/build/files/mysqlsupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..e44e9fe1189eae3241d8bb1001c3a081a386353c
--- /dev/null
+++ b/roles/build/files/mysqlsupervisord.conf
@@ -0,0 +1,7 @@
+[supervisord]
+loglevel=debug
+nodaemon=true
+[program:mysql]
+user=mysql
+directory=/var/lib/mysql
+command=/opt/rh/rh-mariadb103/root/usr/libexec/mysqld-scl-helper enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysqld --basedir=/opt/rh/rh-mariadb103/root/usr
diff --git a/roles/build/files/nifi/nifisupervisord.conf b/roles/build/files/nifi/nifisupervisord.conf
deleted file mode 100644
index dcfa15c6e07538c492047eda004bfaec585237a1..0000000000000000000000000000000000000000
--- a/roles/build/files/nifi/nifisupervisord.conf
+++ /dev/null
@@ -1,44 +0,0 @@
-[unix_http_server]
-file=/tmp/supervisor.sock
-
-[supervisord]
-pidfile=/tmp/supervisord.pid
-nodaemon=true
-logfile=/var/log/supervisor/supervisord.log
-logfile_maxbytes=10MB
-logfile_backups=10
-loglevel=info
-childlogdir=/var/log/supervisor/
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock
-
-[program:nifi]
-directory=/opt/nifi/nifi-current
-user=nifi
-group=nifi
-command=/bin/bash -c '/opt/nifi/nifi-current/bin/nifi.sh run'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/nifi_stderr.log
-stdout_logfile = /var/log/supervisor/nifi_stdout.log
-
-
-[program:filebeat]
-directory=/opt/filebeat
-user=root
-group=root
-command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/filebeat_stderr.log
-stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/nifiDockerfile b/roles/build/files/nifiDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..c3ef342673bb0ddaec532229bf8f5d588a753526
--- /dev/null
+++ b/roles/build/files/nifiDockerfile
@@ -0,0 +1,97 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+FROM gn43-dsl/openjdk:7a20201004
+#LABEL maintainer="Apache NiFi <dev@nifi.apache.org>"
+#LABEL site="https://nifi.apache.org"
+
+ARG UID=1000
+ARG GID=1000
+ARG NIFI_VERSION=1.11.4
+ARG BASE_URL=https://archive.apache.org/dist
+ARG MIRROR_BASE_URL=${MIRROR_BASE_URL:-${BASE_URL}}
+ARG NIFI_BINARY_PATH=${NIFI_BINARY_PATH:-/nifi/${NIFI_VERSION}/nifi-${NIFI_VERSION}-bin.zip}
+ARG NIFI_TOOLKIT_BINARY_PATH=${NIFI_TOOLKIT_BINARY_PATH:-/nifi/${NIFI_VERSION}/nifi-toolkit-${NIFI_VERSION}-bin.zip}
+
+ENV NIFI_BASE_DIR=/opt/nifi
+ENV NIFI_HOME ${NIFI_BASE_DIR}/nifi-current
+ENV NIFI_TOOLKIT_HOME ${NIFI_BASE_DIR}/nifi-toolkit-current
+
+ENV NIFI_PID_DIR=${NIFI_HOME}/run
+ENV NIFI_LOG_DIR=${NIFI_HOME}/logs
+
+# ADD sh/ ${NIFI_BASE_DIR}/scripts/
+
+# Setup NiFi user and create necessary directories
+RUN groupadd -g ${GID} nifi || groupmod -n nifi `getent group ${GID} | cut -d: -f1` \
+ && useradd --shell /bin/bash -u ${UID} -g ${GID} -m nifi \
+ && mkdir -p ${NIFI_BASE_DIR} \
+ && chown -R nifi:nifi ${NIFI_BASE_DIR} \
+ && yum -y install jq xmlstarlet procps-ng
+
+USER nifi
+
+# Download, validate, and expand Apache NiFi Toolkit binary.
+RUN curl -fSL ${MIRROR_BASE_URL}/${NIFI_TOOLKIT_BINARY_PATH} -o ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip \
+ && echo "$(curl ${BASE_URL}/${NIFI_TOOLKIT_BINARY_PATH}.sha256) *${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip" | sha256sum -c - \
+ && unzip ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip -d ${NIFI_BASE_DIR} \
+ && rm ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip \
+ && mv ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION} ${NIFI_TOOLKIT_HOME} \
+ && ln -s ${NIFI_TOOLKIT_HOME} ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}
+
+# Download, validate, and expand Apache NiFi binary.
+RUN curl -fSL ${MIRROR_BASE_URL}/${NIFI_BINARY_PATH} -o ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip \
+ && echo "$(curl ${BASE_URL}/${NIFI_BINARY_PATH}.sha256) *${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip" | sha256sum -c - \
+ && unzip ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip -d ${NIFI_BASE_DIR} \
+ && rm ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip \
+ && mv ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION} ${NIFI_HOME} \
+ && mkdir -p ${NIFI_HOME}/conf \
+ && mkdir -p ${NIFI_HOME}/database_repository \
+ && mkdir -p ${NIFI_HOME}/flowfile_repository \
+ && mkdir -p ${NIFI_HOME}/content_repository \
+ && mkdir -p ${NIFI_HOME}/provenance_repository \
+ && mkdir -p ${NIFI_HOME}/state \
+ && mkdir -p ${NIFI_LOG_DIR} \
+ && ln -s ${NIFI_HOME} ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}
+
+#VOLUME ${NIFI_LOG_DIR} \
+# ${NIFI_HOME}/conf \
+# ${NIFI_HOME}/database_repository \
+# ${NIFI_HOME}/flowfile_repository \
+# ${NIFI_HOME}/content_repository \
+# ${NIFI_HOME}/provenance_repository \
+# ${NIFI_HOME}/state
+
+# Clear nifi-env.sh in favour of configuring all environment variables in the Dockerfile
+RUN echo "#!/bin/sh\n" > $NIFI_HOME/bin/nifi-env.sh
+
+# Web HTTP(s) & Socket Site-to-Site Ports
+EXPOSE 8080 8443 10000 8000
+
+WORKDIR ${NIFI_HOME}
+
+# Apply configuration and start NiFi
+#
+# We need to use the exec form to avoid running our command in a subshell and omitting signals,
+# thus being unable to shut down gracefully:
+# https://docs.docker.com/engine/reference/builder/#entrypoint
+#
+# Also we need to use relative path, because the exec form does not invoke a command shell,
+# thus normal shell processing does not happen:
+# https://docs.docker.com/engine/reference/builder/#exec-form-entrypoint-example
+ENTRYPOINT ["/bin/bash"]
diff --git a/roles/build/files/odfees/odfesupervisord.conf b/roles/build/files/odfees/odfesupervisord.conf
deleted file mode 100644
index 975b7cdcb388e0292b82abde53f0a593505bda3c..0000000000000000000000000000000000000000
--- a/roles/build/files/odfees/odfesupervisord.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-[unix_http_server]
-file=/tmp/supervisor.sock
-
-[supervisord]
-pidfile=/tmp/supervisord.pid
-nodaemon=true
-logfile=/var/log/supervisor/supervisord.log
-logfile_maxbytes=10MB
-logfile_backups=10
-loglevel=info
-childlogdir=/var/log/supervisor/
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock
-
-[program:odfe]
-user=elasticsearch
-group=elasticsearch
-directory=/usr/share/elasticsearch
-command=sh -c "/usr/share/elasticsearch/bin/elasticsearch"
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/elasticsearch_stderr.log
-stdout_logfile = /var/log/supervisor/elasticsearch_stdout.log
-
-[program:filebeat]
-directory=/opt/filebeat
-user=root
-group=root
-command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/filebeat_stderr.log
-stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/odfeesDockerfile b/roles/build/files/odfeesDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..fedbee116f53049f01eff626f04d0901f61a6095
--- /dev/null
+++ b/roles/build/files/odfeesDockerfile
@@ -0,0 +1,16 @@
+FROM gn43-dsl/elasticsearch:7a20201004
+
+ENV PATH="/usr/share/elasticsearch/bin:${PATH}"
+
+USER root
+WORKDIR /usr/share/elasticsearch
+
+RUN for PLUGIN in \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro_security-1.4.0.0.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-alerting/opendistro_alerting-1.4.0.0.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-sql/opendistro_sql-1.4.0.0.zip; \
+ do bin/elasticsearch-plugin install -b ${PLUGIN}; done && \
+ chown -R elasticsearch plugins/opendistro_security
+
+USER elasticsearch
+
diff --git a/roles/build/files/odfekibanaDockerfile b/roles/build/files/odfekibanaDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..1945e272dbe7ad17523b795b3ae00d984fa822e5
--- /dev/null
+++ b/roles/build/files/odfekibanaDockerfile
@@ -0,0 +1,18 @@
+FROM gn43-dsl/kibana:7a20201004
+
+ENV PATH="/usr/share/kibana/bin:${PATH}"
+
+USER root
+WORKDIR /usr/share/kibana
+
+RUN for PLUGIN in \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-security/opendistro_security_kibana_plugin-1.4.0.0.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-alerting/opendistro-alerting-1.4.0.0.zip \
+ https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-index-management/opendistro_index_management_kibana-1.4.0.0.zip; \
+ do bin/kibana-plugin install --allow-root ${PLUGIN}; done
+
+ADD thehive_button /usr/share/kibana/plugins/thehive_button
+RUN chown -R kibana:kibana /usr/share/kibana/plugins/thehive_button
+
+USER kibana
+
diff --git a/roles/build/files/openjdkDockerfile b/roles/build/files/openjdkDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..2d83f47915490b23565d16b38b19c44bd2dea498
--- /dev/null
+++ b/roles/build/files/openjdkDockerfile
@@ -0,0 +1,11 @@
+FROM gn43-dsl/centos:7a20201004
+
+RUN yum update -y; \
+ yum install -y wget unzip curl java-1.8.0-openjdk-headless.x86_64
+
+RUN ln -svT "/usr/lib/jvm/java-1.8.0-openjdk-$(rpm -q --queryformat "%{VERSION}-%{RELEASE}.%{ARCH}\n" java-1.8.0-openjdk-headless)" /docker-java-home
+ENV JAVA_HOME /docker-java-home/jre
+
+RUN yum clean all
+
+CMD ["/bin/bash"]
diff --git a/roles/build/files/thehive/thehivesupervisord.conf b/roles/build/files/thehive/thehivesupervisord.conf
deleted file mode 100644
index 8fa1d9384573319fe465395cadc49db68c0a0cfb..0000000000000000000000000000000000000000
--- a/roles/build/files/thehive/thehivesupervisord.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-[unix_http_server]
-file=/tmp/supervisor.sock
-
-[supervisord]
-pidfile=/tmp/supervisord.pid
-nodaemon=true
-logfile=/var/log/supervisor/supervisord.log
-logfile_maxbytes=10MB
-logfile_backups=10
-loglevel=info
-childlogdir=/var/log/supervisor/
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock
-
-[program:thehive]
-directory=/opt/thehive
-user=thehive
-group=thehive
-command=/bin/bash -c '/opt/thehive/bin/thehive -Dconfig.file=/etc/thehive/application.conf -Dlogger.file=/etc/thehive/logback.xml -J-Xms1g -J-Xmx1g -Dpidfile.path=/dev/null'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/thehive_stderr.log
-stdout_logfile = /var/log/supervisor/thehive_stdout.log
-
-[program:filebeat]
-directory=/opt/filebeat
-user=root
-group=root
-command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/filebeat_stderr.log
-stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/thehiveDockerfile b/roles/build/files/thehiveDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..ce8ddb82f09b5629c48fad91cb7635b82aacea87
--- /dev/null
+++ b/roles/build/files/thehiveDockerfile
@@ -0,0 +1,24 @@
+FROM gn43-dsl/openjdk:7a20201004
+
+USER root
+#COPY thehive.repo /etc/yum.repos.d/thehive.repo
+#COPY supervisord.conf /etc/supervisord.conf
+#COPY start.sh /start.sh
+RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
+ echo "enabled=1" >> /etc/yum.repos.d/thehive.repo && \
+ echo "priority=1" >> /etc/yum.repos.d/thehive.repo && \
+ echo "name=TheHive-Project RPM repository" >> /etc/yum.repos.d/thehive.repo && \
+ echo "baseurl=http://rpm.thehive-project.org/stable/noarch" >> /etc/yum.repos.d/thehive.repo && \
+ echo "gpgcheck=1" >> /etc/yum.repos.d/thehive.repo && \
+ yum install -y epel-release && \
+ rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
+ yum install -y thehive4 supervisor daemonize vim net-tools telnet htop && \
+ mkdir -p /opt/thp_data/files/thehive && \
+ chown -R thehive:thehive /opt/thp_data/files/thehive && \
+ mkdir -p /home/thehive && \
+ chown -R thehive:thehive /home/thehive /etc/thehive && \
+ yum -y clean all
+EXPOSE 9000
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER thehive
+# ENTRYPOINT ["/start.sh"]
diff --git a/roles/build/files/thehive_button/.eslintrc b/roles/build/files/thehive_button/.eslintrc
new file mode 100644
index 0000000000000000000000000000000000000000..64eba86220ec489c9c364e9a443941d14a8d3b16
--- /dev/null
+++ b/roles/build/files/thehive_button/.eslintrc
@@ -0,0 +1,7 @@
+---
+extends: "@elastic/kibana"
+
+settings:
+ import/resolver:
+ '@elastic/eslint-import-resolver-kibana':
+ rootPackageName: 'thehive_button'
diff --git a/roles/build/files/thehive_button/.kibana-plugin-helpers.json b/roles/build/files/thehive_button/.kibana-plugin-helpers.json
new file mode 100644
index 0000000000000000000000000000000000000000..2c63c0851048d8f7bff41ecf0f8cee05f52fd120
--- /dev/null
+++ b/roles/build/files/thehive_button/.kibana-plugin-helpers.json
@@ -0,0 +1,2 @@
+{
+}
diff --git a/roles/build/files/thehive_button/index.js b/roles/build/files/thehive_button/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..fa69c75c30d7ee40f8d7089d6debd6cf69c8d402
--- /dev/null
+++ b/roles/build/files/thehive_button/index.js
@@ -0,0 +1,19 @@
+import newCaseRoute from './server/routes/newcase';
+
+export default function (kibana) {
+ return new kibana.Plugin({
+ require: [], //['elasticsearch'],
+ name: 'thehive_button',
+ uiExports: {
+ visTypes: [
+ 'plugins/thehive_button/main',
+ ],
+ },
+
+ init(server, options) { // eslint-disable-line no-unused-vars
+ // Add server routes and initialize the plugin here
+ newCaseRoute(server);
+ }
+ });
+}
+
diff --git a/roles/build/files/thehive_button/package.json b/roles/build/files/thehive_button/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..e1c070d62c2e69b0f42fa4c5d47e1e8c0b408988
--- /dev/null
+++ b/roles/build/files/thehive_button/package.json
@@ -0,0 +1,35 @@
+{
+ "name": "thehive_button",
+ "version": "1.0.0",
+ "description": "Visualisation plugin which creates a simple button to create a new case in The Hive.",
+ "main": "index.js",
+ "kibana": {
+ "version": "7.4.2"
+ },
+ "scripts": {
+ "lint": "eslint .",
+ "start": "plugin-helpers start",
+ "build": "plugin-helpers build"
+ },
+ "dependencies": {
+ "request": "^2.88.0",
+ "@elastic/eui": "10.4.2",
+ "react": "^16.8.0"
+ },
+ "devDependencies": {
+ "@elastic/eslint-config-kibana": "link:../../packages/eslint-config-kibana",
+ "@elastic/eslint-import-resolver-kibana": "link:../../packages/kbn-eslint-import-resolver-kibana",
+ "@kbn/plugin-helpers": "link:../../packages/kbn-plugin-helpers",
+ "babel-eslint": "^9.0.0",
+ "eslint": "^5.6.0",
+ "eslint-plugin-babel": "^5.2.0",
+ "eslint-plugin-import": "^2.14.0",
+ "eslint-plugin-jest": "^21.26.2",
+ "eslint-plugin-jsx-a11y": "^6.1.2",
+ "eslint-plugin-mocha": "^5.2.0",
+ "eslint-plugin-no-unsanitized": "^3.0.2",
+ "eslint-plugin-prefer-object-spread": "^1.2.1",
+ "eslint-plugin-react": "^7.11.1",
+ "expect.js": "^0.3.1"
+ }
+}
diff --git a/roles/build/files/thehive_button/public/create_case.js b/roles/build/files/thehive_button/public/create_case.js
new file mode 100644
index 0000000000000000000000000000000000000000..fc8edd6f6f1e4ccb1b24ec5554e55e2d6503cf6c
--- /dev/null
+++ b/roles/build/files/thehive_button/public/create_case.js
@@ -0,0 +1,101 @@
+// Functions to send data to Kibana endpoints
+
+import chrome from 'ui/chrome';
+
+// Create a new Case in The Hive via its API
+// Return a Promise which resolves to object with ID of the new case ('id' attr) or error message ('error' attr)
+export function createTheHiveCase(base_url, api_key, title, descr, severity, startDate, owner, flag, tlp, tags) {
+ // Prepare data
+ var data = JSON.stringify({
+ "base_url": base_url,
+ "api_key": api_key,
+ "body": {
+ "title": title,
+ "description": descr,
+ "severity": severity, // number: 1=low, 2=medium, 3=high
+ "startDate": startDate,
+ "owner": owner, // user name the case will be assigned to
+ "flag": flag, // bool
+ "tlp": tlp, // number: 0=white, 1=green, 2=amber, 3=red
+ "tags": tags, // array of strings
+ }
+ });
+ console.log("TheHiveButton: Sending request to API endpoint 'new_case':", data);
+ var kibana_endpoint_url = chrome.addBasePath('/api/thehive_button/new_case');
+
+ return new Promise(function (resolve, reject) {
+ // Create AJAX request
+ var xhr = new XMLHttpRequest();
+
+ // Listener to process reply
+ xhr.onreadystatechange = function () {
+ if (this.readyState != 4) {
+ return; // response not ready yet
+ }
+ if (this.status == 200) {
+ const resp = JSON.parse(this.responseText);
+ console.log("TheHiveButton: Response from backend:", resp);
+ if ("error" in resp) {
+ resolve({"error": resp.error});
+ }
+ else if (resp.status_code != 201) {
+ resolve({"error": "Unexpected reply received from The Hive: [" + resp.status_code + "] " + resp.status_msg});
+ }
+ else {
+ resolve({"id": resp.body.id}); // return ID of the new case
+ }
+ }
+ else {
+ console.log("TheHiveButton: Error " + this.status + ": " + this.statusText);
+ resolve({"error": "Error " + this.status + ": " + this.statusText});
+ }
+ }
+
+ // Send the AJAX request
+ xhr.open("POST", kibana_endpoint_url);
+ xhr.setRequestHeader("Content-Type", "application/json");
+ xhr.setRequestHeader("kbn-xsrf", "thehive_plugin"); // this header must be set, although its content is probably irrelevant
+ xhr.send(data);
+ });
+}
+
+// Add observables to an existing Case in The Hive
+// (send the list of observables to our backend endpoint, it pushes them to The Hive)
+export function addCaseObservables(base_url, api_key, caseid, observables) {
+ const kibana_endpoint_url = chrome.addBasePath('/api/thehive_button/add_observables');
+ const data = JSON.stringify({
+ "base_url": base_url,
+ "api_key": api_key,
+ "caseid": caseid,
+ "observables": observables,
+ });
+ console.log("TheHiveButton: Sending request to API endpoint 'add_observables':", data);
+
+ return new Promise(function (resolve, reject) {
+ // Create AJAX request
+ var xhr = new XMLHttpRequest();
+
+ // Listener to process reply
+ xhr.onreadystatechange = function () {
+ if (this.readyState != 4) {
+ return; // response not ready yet
+ }
+ if (this.status == 200) {
+ const resp = JSON.parse(this.responseText);
+ console.log("TheHiveButton: Response from backend:", resp);
+ resolve(resp);
+ }
+ else {
+ console.log("TheHiveButton: Error " + this.status + ": " + this.statusText);
+ resolve({"error": "Error " + this.status + ": " + this.statusText});
+ }
+ }
+
+ // Send the AJAX request
+ xhr.open("POST", kibana_endpoint_url);
+ xhr.setRequestHeader("Content-Type", "application/json");
+ xhr.setRequestHeader("kbn-xsrf", "thehive_plugin"); // this header must be set, although its content is probably irrelevant
+ xhr.send(data);
+ });
+}
+
diff --git a/roles/build/files/thehive_button/public/env.js b/roles/build/files/thehive_button/public/env.js
new file mode 100644
index 0000000000000000000000000000000000000000..4321b85f5ee1682abd17871889a165ae8d96b465
--- /dev/null
+++ b/roles/build/files/thehive_button/public/env.js
@@ -0,0 +1,4 @@
+// Default plugin configuration
+export const THEHIVE_URL = 'https://hive.gn4-3-wp8-soc.sunet.se/';
+export const THEHIVE_API_KEY = '5LymseWiurZBrQN8Kqp8O+9KniTL5cE0';
+export const THEHIVE_OWNER = 'admin'; // default owner account of the created cases
diff --git a/roles/build/files/thehive_button/public/main.js b/roles/build/files/thehive_button/public/main.js
new file mode 100644
index 0000000000000000000000000000000000000000..ee46d73170d4fb43739c58468e3396caace6dcbe
--- /dev/null
+++ b/roles/build/files/thehive_button/public/main.js
@@ -0,0 +1,54 @@
+import { THEHIVE_API_KEY, THEHIVE_URL, THEHIVE_OWNER } from './env';
+import { TheHiveButtonVisComponent } from './vis_controller';
+import { theHiveButtonRequestHandlerProvider } from './request_handler';
+import { optionsEditor } from './options_editor';
+
+import { VisFactoryProvider } from 'ui/vis/vis_factory';
+import { VisTypesRegistryProvider } from 'ui/registry/vis_types';
+import { DefaultEditorSize } from 'ui/vis/editor_size';
+
+
+function TheHiveButtonVisProvider(Private) {
+ const VisFactory = Private(VisFactoryProvider);
+
+ //console.log("default URL:", THEHIVE_URL);
+ //console.log("default API key:", THEHIVE_API_KEY);
+
+ return VisFactory.createReactVisualization({
+ name: 'thehive_button',
+ title: 'The Hive Case',
+ icon: 'alert',
+ description: 'A button to create a new Case in The Hive.',
+ //requiresUpdateStatus: [Status.PARAMS, Status.RESIZE, Status.UI_STATE],
+ visConfig: {
+ component: TheHiveButtonVisComponent,
+ defaults: {
+ // add default parameters
+ url: THEHIVE_URL,
+ apikey: THEHIVE_API_KEY,
+ owner: THEHIVE_OWNER,
+ obsFields: [], // list of objects, e.g. {name: "clientip", type: "ip", cnt: 100}
+ }
+ },
+ //editor: 'default',
+ editorConfig: {
+ optionTabs: [
+ {
+ name: "options",
+ title: "Options",
+ editor: optionsEditor,
+ }
+ ],
+ defaultSize: DefaultEditorSize.LARGE,
+ },
+// optionsTemplate: optionsEditor, //optionsTemplate,
+// //enableAutoApply: true,
+// },
+ requestHandler: 'theHiveButtonRequestHandler', // own request handler
+ responseHandler: 'none', // pass data as returned by requestHandler
+ });
+}
+
+// register the provider with the visTypes registry
+VisTypesRegistryProvider.register(TheHiveButtonVisProvider);
+
diff --git a/roles/build/files/thehive_button/public/options_editor.js b/roles/build/files/thehive_button/public/options_editor.js
new file mode 100644
index 0000000000000000000000000000000000000000..38762bd463115702a0c4f03f099434485f5d59dc
--- /dev/null
+++ b/roles/build/files/thehive_button/public/options_editor.js
@@ -0,0 +1,176 @@
+import React from 'react';
+import {
+ EuiForm,
+ EuiFormRow,
+ EuiTitle,
+ EuiSpacer,
+ EuiFieldText,
+ EuiFieldNumber,
+ EuiSelect,
+ EuiFlexGroup,
+ EuiFlexItem,
+ EuiButton,
+ EuiButtonIcon,
+} from '@elastic/eui';
+
+// Default data types in The Hive
+const DEFAULT_THE_HIVE_TYPES = [
+ '',
+ 'autonomous-system',
+ 'domain',
+ 'file',
+ 'filename',
+ 'fqdn',
+ 'hash',
+ 'ip',
+ 'mail',
+ 'mail_subject',
+ 'regexp',
+ 'registry',
+ 'uri_path',
+ 'url',
+ 'user-agent',
+ 'other',
+];
+
+// Options for EuiSelect for selection of field's data type in TheHive
+const typesOptions = DEFAULT_THE_HIVE_TYPES.map( dt => ({value: dt, text: dt}) );
+
+export function optionsEditor(props) {
+ //console.log("editor render(), props:", props);
+ const { stateParams, setValue, setValidity, vis } = props;
+
+ // onClick/onChange handlers
+ const obsAddNew = () => {
+ const newObsFields = [...stateParams.obsFields, {name: "", type: "", cnt: 100}];
+ // For some reason, first click on the button after editor is loaded does
+ // nothing. Calling setValue twice here fixes it.
+ setValue("obsFields", newObsFields);
+ setValue("obsFields", newObsFields);
+// setValidity(false); // since new row is empty, form is always invalid
+ };
+ const obsRemove = (ix) => {
+ let newArray = [...stateParams.obsFields];
+ newArray.splice(ix, 1);
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetName = (ix, name) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].name = name;
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetType = (ix, type) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].type = type;
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetCnt = (ix, cnt) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].cnt = parseInt(cnt);
+ setValue("obsFields", newArray);
+// validate();
+ }
+// const validate = () => {
+// let valid = true;
+// for (let field of stateParams.obsFields) {
+// if (field.name == "" || field.type == "" || field.cnt == "") {
+// valid = false;
+// break;
+// }
+// }
+// // TODO check for duplicate fields
+// setValidity(valid);
+// }
+
+ // Get list of all fields in index (except those beginning with "_" or "@")
+ // and create "options" parameter for EuiSelect.
+ // Also, fields with "aggregatable=false" are removed, as they can't be used
+ // with "terms" aggregation we need.
+ // See this for details: https://www.elastic.co/guide/en/elasticsearch/reference/7.x/fielddata.html
+ // Empty field is added at the beginning, meaning "no selection yet".
+ const fieldOptions = [{value: "", text: ""}].concat(
+ vis.indexPattern.fields.raw.filter( f => (f.name[0] != "_" && f.name[0] != "@" && f.aggregatable) ).map( f => ({value: f.name, text: `${f.name} (${f.type})`}) )
+ );
+
+ return <EuiForm>
+ <EuiFormRow fullWidth={true} label="Base URL of The Hive">
+ <EuiFieldText
+ fullWidth={true}
+ value={stateParams.url}
+ onChange={e => setValue('url', e.target.value)}
+ isInvalid={stateParams.url == ""}
+ />
+ </EuiFormRow>
+ <EuiFlexGroup>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="API key to access The Hive" helpText="API key of a user with write permission.">
+ <EuiFieldText
+ fullWidth={true}
+ value={stateParams.apikey}
+ onChange={e => setValue('apikey', e.target.value)}
+ isInvalid={stateParams.apikey == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Assignee" helpText="User to assign created cases to. Must be a valid username from The Hive instance.">
+ <EuiFieldText
+ value={stateParams.owner}
+ onChange={e => setValue('owner', e.target.value)}
+ isInvalid={stateParams.owner == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ <EuiTitle size="s"><h3>Fields to get potential observables from ...</h3></EuiTitle>
+ <EuiSpacer size="s" />
+ {stateParams.obsFields.map( (field, ix) => (
+ <EuiFlexGroup key={ix} gutterSize="s">
+ <EuiFlexItem grow={3}>
+ <EuiFormRow label="Field name">
+ <EuiSelect
+ options={fieldOptions}
+ value={field.name}
+ onChange={ e => obsSetName(ix, e.target.value) }
+ isInvalid={field.name == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={2}>
+ <EuiFormRow label="Data type in The Hive">
+ <EuiSelect
+ options={typesOptions}
+ value={field.type}
+ onChange={ e => obsSetType(ix, e.target.value) }
+ isInvalid={field.type == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Max items shown">
+ <EuiFieldNumber
+ min={1}
+ max={1000}
+ value={parseInt(field.cnt)}
+ onChange={ e => obsSetCnt(ix, e.target.value) }
+ isInvalid={!(field.cnt > 0)}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow hasEmptyLabelSpace>
+ <EuiButtonIcon iconType="trash" iconSize="m" color="danger" aria-label="Remove field" onClick={ e => obsRemove(ix) } />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ ))}
+ <EuiFlexGroup>
+ <EuiFlexItem grow={false}>
+ <EuiButton iconType="plusInCircleFilled" color="primary" onClick={obsAddNew}>Add new field ...</EuiButton>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ </EuiForm>
+}
diff --git a/roles/build/files/thehive_button/public/options_template.html b/roles/build/files/thehive_button/public/options_template.html
new file mode 100644
index 0000000000000000000000000000000000000000..ef996577786150282c2ffb0d28652a3d1712842b
--- /dev/null
+++ b/roles/build/files/thehive_button/public/options_template.html
@@ -0,0 +1,8 @@
+<div class="form-group">
+ <p><label>Base URL of The Hive</label>
+ <input ng-model="editorState.params.url" class=form-control /></p>
+ <p><label>API key</label>
+ <input ng-model="editorState.params.apikey" class=form-control /></p>
+ <p><label>User name to use as the owner of cases created from here</label>
+ <input ng-model="editorState.params.owner" class=form-control /></p>
+</div>
diff --git a/roles/build/files/thehive_button/public/request_handler.js b/roles/build/files/thehive_button/public/request_handler.js
new file mode 100644
index 0000000000000000000000000000000000000000..bdbb0f4ebee4ff5307a1bf549706bf1ecc92e11b
--- /dev/null
+++ b/roles/build/files/thehive_button/public/request_handler.js
@@ -0,0 +1,195 @@
+import { CourierRequestHandlerProvider as courierRequestHandlerProvider } from 'ui/vis/request_handlers/courier';
+import { SearchSourceProvider } from 'ui/courier/search_source';
+import { RequestAdapter, DataAdapter } from 'ui/inspector/adapters';
+import { VisRequestHandlersRegistryProvider } from 'ui/registry/vis_request_handlers';
+import { AggConfig } from 'ui/vis/agg_config';
+import { AggConfigs } from 'ui/vis/agg_configs';
+import { getTime } from 'ui/timefilter/get_time';
+import { i18n } from '@kbn/i18n';
+import { has } from 'lodash';
+import { calculateObjectHash } from 'ui/vis/lib/calculate_object_hash';
+import { getRequestInspectorStats, getResponseInspectorStats } from 'ui/courier/utils/courier_inspector_utils';
+import chrome from 'ui/chrome';
+
+// Maximum number of unique values of each field (observables) to fetch
+const MAX_NUMBER_OF_TERMS = 5;
+
+const handleCourierRequest = courierRequestHandlerProvider().handler;
+
+// Register new RaquestHandlerProvider
+const theHiveButtonRequestHandlerProvider = function () {
+ return {
+ name: 'theHiveButtonRequestHandler',
+ handler: theHiveButtonRequestHandler,
+ }
+}
+VisRequestHandlersRegistryProvider.register(theHiveButtonRequestHandlerProvider);
+
+export {theHiveButtonRequestHandlerProvider, theHiveButtonRequestHandler};
+
+
+// The request handler function itself
+async function theHiveButtonRequestHandler(params) {
+ //console.log("theHiveButtonRequestHandler params:", params);
+
+ let index = params.index;
+ let partialRows = params.partialRows;
+ let metricsAtAllLevels = params.metricsAtAllLevels;
+ let timeRange = params.timeRange;
+ let query = params.query;
+ let filters = params.filters;
+ let inspectorAdapters = params.inspectorAdapters;
+ let queryFilter = params.queryFilter;
+ let forceFetch = params.forceFetch;
+ // our own confiuration:
+ // list of fields to get potential observables from
+ // (each "field" is object {name: str, type: str, cnt: int})
+ let obsFields = params.visParams.obsFields;
+
+ // filter out invalid field specifications
+ obsFields = obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt > 0) );
+
+ if (obsFields.length == 0) {
+ //console.log("theHiveButtonRequestHandler: Empty obsFields, nothing to do")
+ return {} // no fields specified, nothing to do
+ }
+
+ // === Prepare request to ask for unique values of all selected fields ===
+
+ // Construct a query for ElasticSearch
+ // Get "terms" (most common unique values) for each field of obsFields
+ const aggs_dsl = {}
+ for (let field of obsFields) {
+ aggs_dsl[field.name] = {
+ terms: {
+ field: field.name,
+ size: field.cnt,
+ order: {_count: "desc"}
+ }
+ };
+ }
+ //console.log("aggs_dsl:", aggs_dsl);
+
+ // Create empty AggConfigs
+ // (We could pass specifications of a metric and the buckets here,
+ // but default processing functions assume multiple buckets are sub-buckets,
+ // which is not what we want. So we must do a "hack" and manually create
+ // query directly in format for ElasticSearch)
+ const aggs = new AggConfigs(params.index, []);
+
+ // === Some magic to get searchSource object ===
+ // (inspired by https://github.com/fbaligand/kibana-enhanced-table/blob/7.4/public/data_load/enhanced-table-request-handler.js)
+ // (I don't understand it, but it works)
+
+ let $injector = await chrome.dangerouslyGetActiveInjector();
+ let Private = $injector.get('Private');
+ let SearchSource = Private(SearchSourceProvider);
+ let searchSource = new SearchSource();
+ searchSource.setField('index', index);
+ searchSource.setField('size', 0);
+
+ inspectorAdapters.requests = new RequestAdapter();
+ inspectorAdapters.data = new DataAdapter();
+
+
+ // === Execute query ===
+ // We could call standard "courier" here, but it tries to convert the response
+ // to a table, which fails in our case, so we copied the main code of courier
+ // and modified it here.
+
+ const abortSignal = false;
+
+ const timeFilterSearchSource = searchSource.createChild({ callParentStartHandlers: true });
+ const requestSearchSource = timeFilterSearchSource.createChild({ callParentStartHandlers: true });
+
+ aggs.setTimeRange(timeRange);
+
+ // For now we need to mirror the history of the passed search source, since
+ // the request inspector wouldn't work otherwise.
+ Object.defineProperty(requestSearchSource, 'history', {
+ get() {
+ return searchSource.history;
+ },
+ set(history) {
+ return searchSource.history = history;
+ }
+ });
+
+ // This has been modified to override DSL format by ours
+// requestSearchSource.setField('aggs', function () {
+// return aggs.toDsl(metricsAtAllLevels);
+// });
+ requestSearchSource.setField('aggs', aggs_dsl);
+
+ requestSearchSource.onRequestStart((searchSource, searchRequest) => {
+ return aggs.onSearchRequestStart(searchSource, searchRequest);
+ });
+
+ if (timeRange) {
+ timeFilterSearchSource.setField('filter', () => {
+ return getTime(searchSource.getField('index'), timeRange);
+ });
+ }
+
+ requestSearchSource.setField('filter', filters);
+ requestSearchSource.setField('query', query);
+
+ const reqBody = await requestSearchSource.getSearchRequestBody();
+
+ const queryHash = calculateObjectHash(reqBody);
+ // We only need to reexecute the query, if forceFetch was true or the hash of the request body has changed
+ // since the last request
+ const shouldQuery = forceFetch || (searchSource.lastQuery !== queryHash);
+
+ if (shouldQuery) {
+ inspectorAdapters.requests.reset();
+ const request = inspectorAdapters.requests.start(
+ i18n.translate('common.ui.vis.courier.inspector.dataRequest.title', { defaultMessage: 'Data' }),
+ {
+ description: i18n.translate('common.ui.vis.courier.inspector.dataRequest.description',
+ { defaultMessage: 'This request queries Elasticsearch to fetch the data for the visualization.' }),
+ }
+ );
+ request.stats(getRequestInspectorStats(requestSearchSource));
+
+ try {
+ // Abort any in-progress requests before fetching again
+ if (abortSignal) {
+ abortSignal.addEventListener('abort', () => requestSearchSource.cancelQueued());
+ }
+
+ const response = await requestSearchSource.fetch();
+ //console.log("raw response:", response);
+
+ searchSource.lastQuery = queryHash;
+
+ request
+ .stats(getResponseInspectorStats(searchSource, response))
+ .ok({ json: response });
+
+ searchSource.rawResponse = response;
+ } catch(e) {
+ // Log any error during request to the inspector
+ request.error({ json: e });
+ throw e;
+ } finally {
+ // Add the request body no matter if things went fine or not
+ requestSearchSource.getSearchRequestBody().then(req => {
+ request.json(req);
+ });
+ }
+ }
+
+ // === Copy of courier code ends here, now we parse the response ===
+
+ const resp = searchSource.rawResponse;
+ // Return as object containing a list of unique values (terms) for each
+ // requested field
+ let unique_values_lists = {}
+ for (let field of obsFields) {
+ unique_values_lists[field.name] = resp.aggregations[field.name].buckets.map( (x) => x.key );
+ }
+
+ //console.log("Final lists:", unique_values_lists);
+ return unique_values_lists;
+}
diff --git a/roles/build/files/thehive_button/public/vis.less b/roles/build/files/thehive_button/public/vis.less
new file mode 100644
index 0000000000000000000000000000000000000000..b6f887afaef57a7674a0d0f06ee6f821a0fc015e
--- /dev/null
+++ b/roles/build/files/thehive_button/public/vis.less
@@ -0,0 +1,3 @@
+.myvis-container-div {
+ padding: 1em;
+}
diff --git a/roles/build/files/thehive_button/public/vis_controller.js b/roles/build/files/thehive_button/public/vis_controller.js
new file mode 100644
index 0000000000000000000000000000000000000000..8b23222700ab072c9665442851982e11cdc56788
--- /dev/null
+++ b/roles/build/files/thehive_button/public/vis_controller.js
@@ -0,0 +1,555 @@
+//import { Status } from 'ui/vis/update_status';
+import { toastNotifications } from 'ui/notify';
+import { createTheHiveCase, addCaseObservables } from './create_case';
+//import vis_template from './vis_template.html';
+
+import React, { Component } from 'react';
+import {
+ EuiButton,
+ EuiButtonEmpty,
+ EuiModal,
+ EuiModalBody,
+ EuiModalFooter,
+ EuiModalHeader,
+ EuiModalHeaderTitle,
+ EuiOverlayMask,
+ EuiTitle,
+ EuiFlexGroup,
+ EuiFlexItem,
+ EuiSpacer,
+ EuiForm,
+ EuiFormRow,
+ EuiFieldText,
+ EuiTextArea,
+ EuiSuperSelect,
+ EuiBasicTable,
+ EuiCheckbox,
+ makeId,
+} from '@elastic/eui';
+
+
+// ********** React components **********
+
+// Main React component - the root of visualization
+export class TheHiveButtonVisComponent extends Component {
+ render() {
+ //console.log("TheHiveButtonVisComponent.render(), props:", this.props);
+ return (
+ <div>
+ <NewCaseButton params={this.props.vis.params} observables={this.props.visData} />
+ </div>
+ );
+ }
+
+ componentDidMount() {
+ this.props.renderComplete();
+ }
+
+ componentDidUpdate() {
+ this.props.renderComplete();
+ }
+}
+
+// Button to show the pop-up window (modal)
+// Props:
+// .params - visualization parameters (from vis.params)
+// .observables - object with lists of potential observables to add to the Case
+// for each field in params.obsFields there should be a key in this object
+// containing list of observables (this is returned by request_handler)
+class NewCaseButton extends Component {
+
+ constructor(props) {
+ super(props);
+ // Filter out invalid obsField specifications
+ this.obsFields = props.params.obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt > 0) );
+ //console.log("Filtered field specs:", this.obsFields);
+
+ // The complete state is here, so it's kept even when modal is closed
+ this.state = {
+ isModalVisible: false,
+ isWorking: false, // used to show a spinner on submit button
+ ...this.create_initial_state(),
+ }
+
+ this.resetCnt = 0; // used to change Modal component key on each form reset
+
+ // Each handler function in a class (method) must be "binded" this way
+ this.closeModal = this.closeModal.bind(this);
+ this.showModal = this.showModal.bind(this);
+ this.resetForm = this.resetForm.bind(this);
+
+ this.onTitleChange = this.onTitleChange.bind(this);
+ this.onSeverityChange = this.onSeverityChange.bind(this);
+ this.onTLPChange = this.onTLPChange.bind(this);
+ this.onDescriptionChange = this.onDescriptionChange.bind(this);
+
+ this.onObsSelectionChange = this.onObsSelectionChange.bind(this);
+ this.onObsDataChange = this.onObsDataChange.bind(this);
+
+ this.submitCase = this.submitCase.bind(this);
+ }
+
+ create_initial_state() {
+ // create a new instance of initial state definition
+ let initial_state = {
+ // Case parameters
+ title: "",
+ description: "\n\n--\nCreated from Kibana",
+ severity: "2", // medium
+ tlp: "2", // amber
+ tags: [], // TODO (not implemented yet)
+ obsData: {}, // state of observables form fields (obsData->field->index->{descr,tlp,ioc,tags})
+ obsSel: {}, // list of observable selections (obsSel->field->list_of_selected_indices)
+ }
+ // pre-fill state of each observable to defaults
+ const initial_field_data = {descr: "", tlp: 2, ioc: false, tags: []};
+ for (let field of this.obsFields) {
+ const n_obs = this.props.observables[field.name].length;
+ // fill obsData with new copies of initial_field_data
+ initial_state.obsData[field.name] = new Array(n_obs).fill().map((_)=>({...initial_field_data}));
+ // nothing is selected
+ initial_state.obsSel[field.name] = new Array();
+ }
+ return initial_state;
+ }
+
+ componentDidUpdate(prevProps) {
+ // If list of observables was updated or obsFields setting has changed,
+ // reset the component state and precomputed variables.
+ if (this.props.observables != prevProps.observables) {
+ if (this.props.params.obsFields != prevProps.params.obsFields) {
+ // when obsFields change, observables must change as well, so this "if"
+ // can be inside the first one.
+ // Filter out invalid obsField specifications
+ this.obsFields = this.props.params.obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt && f.cnt > 0) );
+ //console.log("Filtered field specs:", this.obsFields);
+ }
+ //console.log("New list of observables, resetting form.");
+ this.resetForm();
+ }
+ }
+
+ resetForm() {
+ this.setState(this.create_initial_state());
+ this.resetCnt += 1; // this changes the key of ModalContent, causing it to be replaced by new DOM elelments (otherwise, not all things are reset properly)
+ this.forceUpdate();
+ }
+
+ closeModal() {
+ this.setState({ isModalVisible: false });
+ }
+
+ showModal() {
+ this.setState({ isModalVisible: true });
+ }
+
+ // Event handlers for change of case parameter
+ onTitleChange(evt) {
+ this.setState({title: evt.target.value});
+ }
+ onSeverityChange(value) {
+ this.setState({severity: value});
+ }
+ onTLPChange(value) {
+ this.setState({tlp: value});
+ }
+ onDescriptionChange(evt) {
+ this.setState({description: evt.target.value});
+ }
+
+ // Event handler for observable (de)selection
+ onObsSelectionChange(fieldName, selectedItems) {
+ // Extract indices from the items and store them into state
+ const selectedIndices = selectedItems.map(item4 => item4.i);
+ this.setState((state, props) => {
+ let newObsSel = {...this.state.obsSel};
+ newObsSel[fieldName] = selectedIndices;
+ return {obsSel: newObsSel};
+ });
+ }
+
+ // Event handler for edit of a form field in observable row
+ // - fieldName: which field (table of observables)
+ // - ix: index of the observable in the field's table
+ // - param: one of: descr,tlp,ioc,tags
+ // - value: new value of the form field
+ onObsDataChange(fieldName, ix, param, value) {
+ this.setState((state, props) => {
+ let newObsData = {...this.state.obsData};
+ newObsData[fieldName][ix][param] = value;
+ return {obsData: newObsData};
+ });
+ }
+
+ // Render function
+ render() {
+ let modal;
+ if (this.state.isModalVisible) {
+ modal = <ModalContent
+ resetCnt={this.resetCnt} // used to change "key" of modalBody, causing all form fields to be re-created (some things are not reset properly by reseting state only)
+ close={this.closeModal}
+ reset={this.resetForm}
+ fields={this.obsFields}
+ observables={this.props.observables}
+ // form state
+ title={this.state.title}
+ description={this.state.description}
+ severity={this.state.severity}
+ tlp={this.state.tlp}
+ tags={this.state.tags}
+ obsData={this.state.obsData}
+ obsSel={this.state.obsSel}
+ spinner={this.state.isWorking}
+ // event handlers
+ onTitleChange={this.onTitleChange}
+ onSeverityChange={this.onSeverityChange}
+ onTLPChange={this.onTLPChange}
+ onDescriptionChange={this.onDescriptionChange}
+ onObsSelectionChange={this.onObsSelectionChange}
+ onObsDataChange={this.onObsDataChange}
+ submitCase={this.submitCase}
+ />;
+ }
+ return (
+ <div>
+ <EuiButton fill iconType="alert" color="danger" onClick={this.showModal}>Create new Case ...</EuiButton>
+ {modal}
+ </div>
+ );
+ }
+
+ // Submit case button handler
+ async submitCase(evt) {
+ const params = this.props.params;
+
+ // Get case parameters
+ const title = this.state.title;
+ const descr = this.state.description;
+ const severity = parseInt(this.state.severity);
+ const start_date = null;
+ const owner = params.owner;
+ const flag = false;
+ const tlp = parseInt(this.state.tlp);
+ const tags = this.state.tags;
+
+ if (!title) {
+ toastNotifications.addDanger("Title can't be empty");
+ return;
+ }
+
+ // Get list of selected observables and their params
+ let observables = [];
+ for (let field of this.obsFields) {
+ let selectionIndices = [...this.state.obsSel[field.name]]; // make a copy
+ selectionIndices.sort();
+ for (let i = 0; i < selectionIndices.length; i++) {
+ const j = selectionIndices[i]; // index of a selected obs. in the list of all observables
+ // fill in observable definition according to model at
+ // https://github.com/TheHive-Project/TheHiveDocs/blob/master/api/artifact.md
+ const obs = {
+ dataType: field.type,
+ data: this.props.observables[field.name][j],
+ message: this.state.obsData[field.name][j].descr,
+ tlp: this.state.obsData[field.name][j].tlp,
+ ioc: this.state.obsData[field.name][j].ioc,
+ tags: this.state.obsData[field.name][j].tags,
+ };
+ observables.push(obs);
+ }
+ }
+
+ //console.log("Selected observables:", observables);
+
+ // Check '/' at the end of base URL, add it if needed
+ let base_url = params.url;
+ if (base_url[base_url.length-1] != "/") {
+ base_url += "/";
+ }
+
+ // Show spinner at submit button
+ this.setState({isWorking: true});
+
+ // Submit request to create the case, handle response
+ let resp;
+ resp = await createTheHiveCase(base_url, params.apikey, title, descr, severity, start_date, owner, flag, tlp, tags);
+
+ if ('error' in resp) {
+ // Error contacting The Hive
+ console.error("TheHiveButton: ERROR when trying to create new case:", resp.error);
+ toastNotifications.addDanger("ERROR: " + resp.error);
+ this.setState({isWorking: false}); // Hide spinner
+ return;
+ }
+
+ console.log("TheHiveButton: Case created:", resp);
+ const case_id = resp.id;
+ const case_url = base_url + "index.html#/case/" + case_id + "/details";
+
+ // Show notification
+ let obs_text;
+ if (observables.length > 0) {
+ obs_text = "Adding " + observables.length + " observables in background ...";
+ }
+ else {
+ obs_text = "(no observables added)";
+ }
+ toastNotifications.add({
+ title: "Case created",
+ color: "success",
+ iconType: "checkInCircleFilled",
+ text: (
+ <div>
+ <p><b><a href={case_url} target="_blank">Edit the new Case</a></b></p>
+ <p>{obs_text}</p>
+ </div>
+ ),
+ });
+
+ // Close the popup window, reset form fields and hide spinner
+ this.closeModal();
+ this.resetForm();
+ this.setState({isWorking: false});
+
+ // Open a new window with the case in The Hive
+ // (adding observables may take some time, so the case is opened first;
+ // The Hive web is dynamic so the observables appear as they are added)
+ window.open(case_url, '_blank');
+
+ if (observables.length == 0)
+ return;
+
+ // Submit request to add observables
+ console.log("TheHiveButton: adding " + observables.length + " observables ...");
+ resp = await addCaseObservables(base_url, params.apikey, case_id, observables);
+
+ if ('error' in resp) {
+ console.error("TheHiveButton: ERROR when trying to add observables: " + resp.error);
+ toastNotifications.addDanger("ERROR when trying to add observables: " + resp.error);
+ }
+ else {
+ console.log("TheHiveButton: Done, observables added.");
+ toastNotifications.add("Done, observables added.");
+ }
+ }
+}
+
+
+// The popup window with a form
+// props:
+// - spinner: when true, disable form and show a spinner over it
+class ModalContent extends Component {
+ constructor(props) {
+ super(props);
+ // No state here, everything is in the parent class (NewCaseButton)
+
+ // "Select" options
+ this.severityOptions = [
+ {value: "1", inputDisplay: "low"},
+ {value: "2", inputDisplay: "medium"},
+ {value: "3", inputDisplay: "high"},
+ ];
+ this.tlpOptions = [
+ {value: "0", inputDisplay: "white"},
+ {value: "1", inputDisplay: "green"},
+ {value: "2", inputDisplay: "amber"},
+ {value: "3", inputDisplay: "red"},
+ ];
+ }
+
+ // Main render function
+ render() {
+ // TODO: replace Modal with Flyout?
+
+ // Note: onClick on EuiOverlayMask causes close of modal when clicked outside,
+ // implementation inspired by PR: https://github.com/elastic/eui/pull/3462/files#diff-c8fda532e48f75c94c343247cbc6b2d3R53-R60
+ return (
+ <EuiOverlayMask onClick={(evt) => {if (evt.target.classList.contains("euiOverlayMask")) this.props.close();} }>
+ <EuiModal onClose={this.props.close} maxWidth={false} initialFocus="[name=title]">
+ <EuiModalHeader>
+ <EuiModalHeaderTitle>Create a new case in The Hive</EuiModalHeaderTitle>
+ </EuiModalHeader>
+
+ <EuiModalBody key={this.props.resetCnt}>
+ <EuiForm style={{width: "800px"}}>
+ <EuiFlexGroup>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Title" fullWidth>
+ <EuiFieldText name="title" value={this.props.title} onChange={this.props.onTitleChange} required={true} fullWidth />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow label="Severity">
+ <EuiSuperSelect
+ options={this.severityOptions}
+ valueOfSelected={this.props.severity}
+ onChange={this.props.onSeverityChange}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow label="TLP">
+ <EuiSuperSelect
+ prepend="TLP"
+ options={this.tlpOptions}
+ valueOfSelected={this.props.tlp}
+ onChange={this.props.onTLPChange}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ <EuiFormRow label="Description" fullWidth>
+ <EuiTextArea
+ defaultValue={this.props.description}
+ onChange={this.props.onDescriptionChange}
+ rows={4}
+ fullWidth
+ />
+ </EuiFormRow>
+
+ {this.props.fields.length > 0 && <EuiTitle size="s"><h3>Add observables from current query ...</h3></EuiTitle>}
+ {this.props.fields.map((field,ix) => (
+ <ObservablesTable
+ key={field.name + ":" + this.props.resetCnt}
+ fieldName={field.name}
+ observables={this.props.observables[field.name]}
+ obsData={this.props.obsData[field.name]}
+ obsSel={this.props.obsSel[field.name]}
+ onObsSelectionChange={this.props.onObsSelectionChange}
+ onObsDataChange={this.props.onObsDataChange}
+ />
+ ))}
+ </EuiForm>
+ </EuiModalBody>
+
+ <EuiModalFooter>
+ <EuiButtonEmpty onClick={this.props.close}>Close</EuiButtonEmpty>
+ <EuiButtonEmpty onClick={this.props.reset}>Reset</EuiButtonEmpty>
+ <EuiButton onClick={this.props.submitCase} fill isLoading={this.props.spinner}>Create Case</EuiButton>
+ </EuiModalFooter>
+ </EuiModal>
+ </EuiOverlayMask>
+ );
+ }
+}
+
+// Table of potential observables taken from a given field, allowing to select
+// which observables to send to The Hive.
+// Props:
+// fieldName - name of the field this table is for
+// observables - list of observable IDs of this field
+// obsData - array of objects specifying state of form fields in the table (.descr, .tlp, ...)
+// obsSel - array of indices of selected observables
+class ObservablesTable extends Component {
+
+ constructor(props) {
+ super(props);
+
+ // Table columns definition
+ this.columns = [
+ {
+ field: "id",
+ name: "Observable",
+ },
+ {
+ field: "descr",
+ name: "Description",
+ description: "Description of the observable in the context of the case",
+ render: (value, item1) => (<EuiFieldText
+ value={item1.descr}
+ onChange={(e) => this.props.onObsDataChange(props.fieldName, item1.i, "descr", e.target.value)}
+ disabled={!item1.selected}
+ />)
+ },
+ /*{
+ field: "tlp",
+ name: "TLP",
+ dataType: "number",
+ // TODO render and process changes
+ },*/
+ {
+ field: "ioc",
+ name: "Is IOC",
+ dataType: "boolean",
+ description: "Indicates if the observable is an IOC",
+ render: (value, item2) => (<EuiCheckbox
+ id={"ioc-checkbox-"+item2.id}
+ checked={item2.ioc}
+ onChange={(e) => this.props.onObsDataChange(props.fieldName, item2.i, "ioc", e.target.checked)}
+ disabled={!item2.selected}
+ />)
+ },
+ /*{
+ field: "tags",
+ name: "Tags",
+ // TODO render and process changes
+ },*/
+ ]
+
+ // Create a reference to EuiBasicTable, so it's node can be accessed in componentDidMount
+ this.tableRef = React.createRef();
+ }
+
+ render() {
+ // Table data definition (convert props to format suitable for EuiBasicTable)
+ const n_obs = this.props.observables.length;
+ this.table_data = new Array(n_obs);
+ for (let i = 0; i < n_obs; i++) {
+ this.table_data[i] = {
+ id: this.props.observables[i],
+ descr: this.props.obsData[i].descr,
+ tlp: this.props.obsData[i].tlp,
+ ioc: this.props.obsData[i].ioc,
+ tags: this.props.obsData[i].tags,
+ // auxiliary fields, not shown in table:
+ i: i, // row index
+ selected: this.props.obsSel.includes(i),
+ };
+ }
+
+ return (
+ <>
+ <EuiTitle size="xs"><h4>{this.props.fieldName}</h4></EuiTitle>
+ <EuiBasicTable
+ ref={this.tableRef}
+ columns={this.columns}
+ items={this.table_data}
+ itemId={(item3) => item3.id}
+ selection={ {onSelectionChange: (selectedItems) => this.props.onObsSelectionChange(this.props.fieldName, selectedItems) } }
+ noItemsMessage="No observables found"
+ rowProps={{
+ // Hack to allow selection by clicking anywhere in the table row
+ // (except input elements)
+ onClick: (e) => {
+ if (e.target.tagName != "INPUT") {
+ // simulate click on the first checkbox in the row to (de)select the row
+ e.currentTarget.querySelector("input").click();
+ e.currentTarget.blur(); // without this the focus remains on the row after click (results in different color)
+ }
+ },
+ tabIndex: "-1", // prevents focus on row by keyboard navigation
+ }}
+ />
+ <EuiSpacer size="l" />
+ </>
+ )
+ }
+
+ componentDidMount() {
+ // There's no way to specify initially selected items in EuiBasicTable by
+ // props, but we may need to select some (in case a user selects some obs.,
+ // closes the modal and opens it again).
+ // However, the selection is stored as a 'selection' field of table's state,
+ // so here we directly edit the state just after the table is created.
+
+ // Prepare the 'selection' array - it should contain a list of selected row specifications
+ let selection = [];
+ for (let ix of this.props.obsSel) {
+ selection.push(this.table_data[ix]);
+ }
+
+ // Get ref to EuiBasicTable element and update its state
+ const table_node = this.tableRef.current;
+ table_node.setState({selection: selection});
+ }
+}
+
diff --git a/roles/build/files/thehive_button/server/routes/newcase.js b/roles/build/files/thehive_button/server/routes/newcase.js
new file mode 100644
index 0000000000000000000000000000000000000000..175dee818c5569a5e5e02db31a6e443abe5f03fb
--- /dev/null
+++ b/roles/build/files/thehive_button/server/routes/newcase.js
@@ -0,0 +1,153 @@
+const request = require('request');
+//const fs = require('fs');
+//const path = require('path');
+
+//const caFile = path.resolve(__dirname, '../../ca.cert.pem'); // TODO resolve where the CA file should be located / configured
+
+export default function (server) {
+ server.route({
+ path: '/api/thehive_button/new_case',
+ method: 'POST',
+ handler: newCaseHandler,
+ });
+ server.route({
+ path: '/api/thehive_button/add_observables',
+ method: 'POST',
+ handler: addObservablesHandler,
+ });
+}
+
+// Handler of ajax requests to create a new Case in The Hive
+function newCaseHandler(req, resp) {
+ // Parse the request to get connection parameters
+ // (everything is configured in forntend and sent as part of the request,
+ // since I don't know how to configure the backend)
+ var base_url = req.payload['base_url'];
+ var api_key = req.payload['api_key'];
+ var req_body = req.payload['body'];
+
+ // check it's a valid URL with slash at the end
+ if (!base_url) {
+ return {'error': 'Base URL not set'};
+ }
+ if (!base_url.match(/https?:\/\/(([a-z\d.-]+)|((\d{1,3}\.){3}\d{1,3}))(\:\d+)?(\/[-a-z\d%_.~+]*)*\//i)) {
+ //if (!base_url.match(/https?:\/\/.*\//)) {
+ return {'error': 'Invalid base URL (it must begin with "http[s]" and end with "/")'};
+ }
+ if (!api_key) {
+ return {'error': 'API key not set'};
+ }
+
+ return new Promise( function(resolve, reject) {
+ request({
+ method: 'POST',
+ url: base_url + 'api/case',
+ auth: {'bearer': api_key},
+ json: true,
+ body: req_body,
+ //ca: fs.readFileSync(caFile), // TODO resolve the issue with custom CA, where to get its cert?
+ rejectUnauthorized: false,
+ },
+ // handler of the reply from The Hive - just return as reply
+ function (error, response, body) {
+ // TODO: find out how to set response code, for now we always return sucess and encode original status code in the content
+ if (error) {
+ console.error("ERROR when trying to send request to The Hive:", error);
+ resolve({'error': error.message});
+ }
+ else {
+ if (response.statusCode < 200 || response.statusCode >= 300) {
+ console.error("ERROR Unexpected reply received from The Hive:", response.statusCode, response.statusMessage, "\n", body)
+ }
+ resolve({
+ 'status_code': response.statusCode,
+ 'status_msg': response.statusMessage,
+ 'body': body
+ });
+ }
+ } // handler function
+ ); // request()
+ }); // Promise()
+}
+
+// Note:
+// There are two ways to create multiple Observables (artifacts) via The Hive API:
+// 1. post one request with an array of observables in "data" field
+// - this allows to create all in one request, but doesn't allow to set
+// different parameters (IOC, TLP, etc.) to different observables
+// 2. post each observable in a separate request
+// The second way is used here.
+
+// Handler of ajax requests to add Observables to a Case in The Hive
+function addObservablesHandler(req, resp) {
+ // Parse the request to get connection parameters
+ // (everything is configured in forntend and sent as part of the request,
+ // since I don't know how to configure the backend)
+ var base_url = req.payload['base_url'];
+ var api_key = req.payload['api_key'];
+
+ // check it's a valid URL with slash at the end
+ if (!base_url) {
+ return {'error': 'Base URL not set'};
+ }
+ if (!base_url.match(/https?:\/\/(([a-z\d.-]+)|((\d{1,3}\.){3}\d{1,3}))(\:\d+)?(\/[-a-z\d%_.~+]*)*\//i)) {
+ //if (!base_url.match(/https?:\/\/.*\//)) {
+ return {'error': 'Invalid base URL (it must begin with "http[s]" and end with "/")'};
+ }
+ // TODO add "/" to the end automatically
+ if (!api_key) {
+ return {'error': 'API key not set'};
+ }
+
+ const caseid = req.payload['caseid'];
+ const observables = req.payload['observables']; // array of obersvable specifications
+
+ return new Promise( async function(resolve, reject) {
+ // Run one request for each observable
+ // (A way to run multiple async tasks sequentially inspired by:
+ // https://jrsinclair.com/articles/2019/how-to-run-async-js-in-parallel-or-sequential/ )
+ const starterPromise = Promise.resolve(null);
+ await observables.reduce(
+ (p, obs) => p.then(() => addObservable(base_url, api_key, caseid, obs)),
+ starterPromise
+ ).catch((err_msg) => {
+ console.error(err_msg); // log whole message
+ resolve({'error': err_msg.split("\n", 1)[0]}); // send the first line to frontend
+ return;
+ }
+ );
+ resolve({});
+ });
+}
+
+function addObservable(base_url, api_key, caseid, obs) {
+ return new Promise( function(resolve, reject) {
+ //console.log("Adding observable:", obs);
+ request({
+ method: 'POST',
+ url: base_url + 'api/case/' + caseid + "/artifact",
+ auth: {'bearer': api_key},
+ json: true,
+ body: obs,
+ //ca: fs.readFileSync(caFile), // TODO resolve the issue with custom CA, where to get its cert?
+ rejectUnauthorized: false,
+ },
+ // handler of the reply from The Hive - just return as reply
+ function (error, response, body) {
+ if (error) {
+ reject("ERROR when trying to send request to The Hive: " + error);
+ }
+ else if (response.statusCode < 200 || response.statusCode >= 300) {
+ reject("ERROR: Unexpected reply received from The Hive: " + response.statusCode + " " + response.statusMessage + "\n" + JSON.stringify(body));
+ }
+ else {
+ // success - continue with the next observable
+ resolve("OK");
+ resolve({})
+ }
+ } // handler function
+ ); // request()
+ }); //Promise()
+}
+
+
diff --git a/roles/build/files/thehive_button/thehive_button/.eslintrc b/roles/build/files/thehive_button/thehive_button/.eslintrc
new file mode 100644
index 0000000000000000000000000000000000000000..64eba86220ec489c9c364e9a443941d14a8d3b16
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/.eslintrc
@@ -0,0 +1,7 @@
+---
+extends: "@elastic/kibana"
+
+settings:
+ import/resolver:
+ '@elastic/eslint-import-resolver-kibana':
+ rootPackageName: 'thehive_button'
diff --git a/roles/build/files/thehive_button/thehive_button/.kibana-plugin-helpers.json b/roles/build/files/thehive_button/thehive_button/.kibana-plugin-helpers.json
new file mode 100644
index 0000000000000000000000000000000000000000..2c63c0851048d8f7bff41ecf0f8cee05f52fd120
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/.kibana-plugin-helpers.json
@@ -0,0 +1,2 @@
+{
+}
diff --git a/roles/build/files/thehive_button/thehive_button/index.js b/roles/build/files/thehive_button/thehive_button/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..fa69c75c30d7ee40f8d7089d6debd6cf69c8d402
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/index.js
@@ -0,0 +1,19 @@
+import newCaseRoute from './server/routes/newcase';
+
+export default function (kibana) {
+ return new kibana.Plugin({
+ require: [], //['elasticsearch'],
+ name: 'thehive_button',
+ uiExports: {
+ visTypes: [
+ 'plugins/thehive_button/main',
+ ],
+ },
+
+ init(server, options) { // eslint-disable-line no-unused-vars
+ // Add server routes and initialize the plugin here
+ newCaseRoute(server);
+ }
+ });
+}
+
diff --git a/roles/build/files/thehive_button/thehive_button/package.json b/roles/build/files/thehive_button/thehive_button/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..e1c070d62c2e69b0f42fa4c5d47e1e8c0b408988
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/package.json
@@ -0,0 +1,35 @@
+{
+ "name": "thehive_button",
+ "version": "1.0.0",
+ "description": "Visualisation plugin which creates a simple button to create a new case in The Hive.",
+ "main": "index.js",
+ "kibana": {
+ "version": "7.4.2"
+ },
+ "scripts": {
+ "lint": "eslint .",
+ "start": "plugin-helpers start",
+ "build": "plugin-helpers build"
+ },
+ "dependencies": {
+ "request": "^2.88.0",
+ "@elastic/eui": "10.4.2",
+ "react": "^16.8.0"
+ },
+ "devDependencies": {
+ "@elastic/eslint-config-kibana": "link:../../packages/eslint-config-kibana",
+ "@elastic/eslint-import-resolver-kibana": "link:../../packages/kbn-eslint-import-resolver-kibana",
+ "@kbn/plugin-helpers": "link:../../packages/kbn-plugin-helpers",
+ "babel-eslint": "^9.0.0",
+ "eslint": "^5.6.0",
+ "eslint-plugin-babel": "^5.2.0",
+ "eslint-plugin-import": "^2.14.0",
+ "eslint-plugin-jest": "^21.26.2",
+ "eslint-plugin-jsx-a11y": "^6.1.2",
+ "eslint-plugin-mocha": "^5.2.0",
+ "eslint-plugin-no-unsanitized": "^3.0.2",
+ "eslint-plugin-prefer-object-spread": "^1.2.1",
+ "eslint-plugin-react": "^7.11.1",
+ "expect.js": "^0.3.1"
+ }
+}
diff --git a/roles/build/files/thehive_button/thehive_button/public/create_case.js b/roles/build/files/thehive_button/thehive_button/public/create_case.js
new file mode 100644
index 0000000000000000000000000000000000000000..fc8edd6f6f1e4ccb1b24ec5554e55e2d6503cf6c
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/create_case.js
@@ -0,0 +1,101 @@
+// Functions to send data to Kibana endpoints
+
+import chrome from 'ui/chrome';
+
+// Create a new Case in The Hive via its API
+// Return a Promise which resolves to object with ID of the new case ('id' attr) or error message ('error' attr)
+export function createTheHiveCase(base_url, api_key, title, descr, severity, startDate, owner, flag, tlp, tags) {
+ // Prepare data
+ var data = JSON.stringify({
+ "base_url": base_url,
+ "api_key": api_key,
+ "body": {
+ "title": title,
+ "description": descr,
+ "severity": severity, // number: 1=low, 2=medium, 3=high
+ "startDate": startDate,
+ "owner": owner, // user name the case will be assigned to
+ "flag": flag, // bool
+ "tlp": tlp, // number: 0=white, 1=green, 2=amber, 3=red
+ "tags": tags, // array of strings
+ }
+ });
+ console.log("TheHiveButton: Sending request to API endpoint 'new_case':", data);
+ var kibana_endpoint_url = chrome.addBasePath('/api/thehive_button/new_case');
+
+ return new Promise(function (resolve, reject) {
+ // Create AJAX request
+ var xhr = new XMLHttpRequest();
+
+ // Listener to process reply
+ xhr.onreadystatechange = function () {
+ if (this.readyState != 4) {
+ return; // response not ready yet
+ }
+ if (this.status == 200) {
+ const resp = JSON.parse(this.responseText);
+ console.log("TheHiveButton: Response from backend:", resp);
+ if ("error" in resp) {
+ resolve({"error": resp.error});
+ }
+ else if (resp.status_code != 201) {
+ resolve({"error": "Unexpected reply received from The Hive: [" + resp.status_code + "] " + resp.status_msg});
+ }
+ else {
+ resolve({"id": resp.body.id}); // return ID of the new case
+ }
+ }
+ else {
+ console.log("TheHiveButton: Error " + this.status + ": " + this.statusText);
+ resolve({"error": "Error " + this.status + ": " + this.statusText});
+ }
+ }
+
+ // Send the AJAX request
+ xhr.open("POST", kibana_endpoint_url);
+ xhr.setRequestHeader("Content-Type", "application/json");
+ xhr.setRequestHeader("kbn-xsrf", "thehive_plugin"); // this header must be set, although its content is probably irrelevant
+ xhr.send(data);
+ });
+}
+
+// Add observables to an existing Case in The Hive
+// (send the list of observables to our backend endpoint, it pushes them to The Hive)
+export function addCaseObservables(base_url, api_key, caseid, observables) {
+ const kibana_endpoint_url = chrome.addBasePath('/api/thehive_button/add_observables');
+ const data = JSON.stringify({
+ "base_url": base_url,
+ "api_key": api_key,
+ "caseid": caseid,
+ "observables": observables,
+ });
+ console.log("TheHiveButton: Sending request to API endpoint 'add_observables':", data);
+
+ return new Promise(function (resolve, reject) {
+ // Create AJAX request
+ var xhr = new XMLHttpRequest();
+
+ // Listener to process reply
+ xhr.onreadystatechange = function () {
+ if (this.readyState != 4) {
+ return; // response not ready yet
+ }
+ if (this.status == 200) {
+ const resp = JSON.parse(this.responseText);
+ console.log("TheHiveButton: Response from backend:", resp);
+ resolve(resp);
+ }
+ else {
+ console.log("TheHiveButton: Error " + this.status + ": " + this.statusText);
+ resolve({"error": "Error " + this.status + ": " + this.statusText});
+ }
+ }
+
+ // Send the AJAX request
+ xhr.open("POST", kibana_endpoint_url);
+ xhr.setRequestHeader("Content-Type", "application/json");
+ xhr.setRequestHeader("kbn-xsrf", "thehive_plugin"); // this header must be set, although its content is probably irrelevant
+ xhr.send(data);
+ });
+}
+
diff --git a/roles/build/files/thehive_button/thehive_button/public/env.js b/roles/build/files/thehive_button/thehive_button/public/env.js
new file mode 100644
index 0000000000000000000000000000000000000000..4321b85f5ee1682abd17871889a165ae8d96b465
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/env.js
@@ -0,0 +1,4 @@
+// Default plugin configuration
+export const THEHIVE_URL = 'https://hive.gn4-3-wp8-soc.sunet.se/';
+export const THEHIVE_API_KEY = '5LymseWiurZBrQN8Kqp8O+9KniTL5cE0';
+export const THEHIVE_OWNER = 'admin'; // default owner account of the created cases
diff --git a/roles/build/files/thehive_button/thehive_button/public/main.js b/roles/build/files/thehive_button/thehive_button/public/main.js
new file mode 100644
index 0000000000000000000000000000000000000000..ee46d73170d4fb43739c58468e3396caace6dcbe
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/main.js
@@ -0,0 +1,54 @@
+import { THEHIVE_API_KEY, THEHIVE_URL, THEHIVE_OWNER } from './env';
+import { TheHiveButtonVisComponent } from './vis_controller';
+import { theHiveButtonRequestHandlerProvider } from './request_handler';
+import { optionsEditor } from './options_editor';
+
+import { VisFactoryProvider } from 'ui/vis/vis_factory';
+import { VisTypesRegistryProvider } from 'ui/registry/vis_types';
+import { DefaultEditorSize } from 'ui/vis/editor_size';
+
+
+function TheHiveButtonVisProvider(Private) {
+ const VisFactory = Private(VisFactoryProvider);
+
+ //console.log("default URL:", THEHIVE_URL);
+ //console.log("default API key:", THEHIVE_API_KEY);
+
+ return VisFactory.createReactVisualization({
+ name: 'thehive_button',
+ title: 'The Hive Case',
+ icon: 'alert',
+ description: 'A button to create a new Case in The Hive.',
+ //requiresUpdateStatus: [Status.PARAMS, Status.RESIZE, Status.UI_STATE],
+ visConfig: {
+ component: TheHiveButtonVisComponent,
+ defaults: {
+ // add default parameters
+ url: THEHIVE_URL,
+ apikey: THEHIVE_API_KEY,
+ owner: THEHIVE_OWNER,
+ obsFields: [], // list of objects, e.g. {name: "clientip", type: "ip", cnt: 100}
+ }
+ },
+ //editor: 'default',
+ editorConfig: {
+ optionTabs: [
+ {
+ name: "options",
+ title: "Options",
+ editor: optionsEditor,
+ }
+ ],
+ defaultSize: DefaultEditorSize.LARGE,
+ },
+// optionsTemplate: optionsEditor, //optionsTemplate,
+// //enableAutoApply: true,
+// },
+ requestHandler: 'theHiveButtonRequestHandler', // own request handler
+ responseHandler: 'none', // pass data as returned by requestHandler
+ });
+}
+
+// register the provider with the visTypes registry
+VisTypesRegistryProvider.register(TheHiveButtonVisProvider);
+
diff --git a/roles/build/files/thehive_button/thehive_button/public/options_editor.js b/roles/build/files/thehive_button/thehive_button/public/options_editor.js
new file mode 100644
index 0000000000000000000000000000000000000000..38762bd463115702a0c4f03f099434485f5d59dc
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/options_editor.js
@@ -0,0 +1,176 @@
+import React from 'react';
+import {
+ EuiForm,
+ EuiFormRow,
+ EuiTitle,
+ EuiSpacer,
+ EuiFieldText,
+ EuiFieldNumber,
+ EuiSelect,
+ EuiFlexGroup,
+ EuiFlexItem,
+ EuiButton,
+ EuiButtonIcon,
+} from '@elastic/eui';
+
+// Default data types in The Hive
+const DEFAULT_THE_HIVE_TYPES = [
+ '',
+ 'autonomous-system',
+ 'domain',
+ 'file',
+ 'filename',
+ 'fqdn',
+ 'hash',
+ 'ip',
+ 'mail',
+ 'mail_subject',
+ 'regexp',
+ 'registry',
+ 'uri_path',
+ 'url',
+ 'user-agent',
+ 'other',
+];
+
+// Options for EuiSelect for selection of field's data type in TheHive
+const typesOptions = DEFAULT_THE_HIVE_TYPES.map( dt => ({value: dt, text: dt}) );
+
+export function optionsEditor(props) {
+ //console.log("editor render(), props:", props);
+ const { stateParams, setValue, setValidity, vis } = props;
+
+ // onClick/onChange handlers
+ const obsAddNew = () => {
+ const newObsFields = [...stateParams.obsFields, {name: "", type: "", cnt: 100}];
+ // For some reason, first click on the button after editor is loaded does
+ // nothing. Calling setValue twice here fixes it.
+ setValue("obsFields", newObsFields);
+ setValue("obsFields", newObsFields);
+// setValidity(false); // since new row is empty, form is always invalid
+ };
+ const obsRemove = (ix) => {
+ let newArray = [...stateParams.obsFields];
+ newArray.splice(ix, 1);
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetName = (ix, name) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].name = name;
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetType = (ix, type) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].type = type;
+ setValue("obsFields", newArray);
+// validate();
+ }
+ const obsSetCnt = (ix, cnt) => {
+ let newArray = [...stateParams.obsFields];
+ newArray[ix].cnt = parseInt(cnt);
+ setValue("obsFields", newArray);
+// validate();
+ }
+// const validate = () => {
+// let valid = true;
+// for (let field of stateParams.obsFields) {
+// if (field.name == "" || field.type == "" || field.cnt == "") {
+// valid = false;
+// break;
+// }
+// }
+// // TODO check for duplicate fields
+// setValidity(valid);
+// }
+
+ // Get list of all fields in index (except those beginning with "_" or "@")
+ // and create "options" parameter for EuiSelect.
+ // Also, fields with "aggregatable=false" are removed, as they can't be used
+ // with "terms" aggregation we need.
+ // See this for details: https://www.elastic.co/guide/en/elasticsearch/reference/7.x/fielddata.html
+ // Empty field is added at the beginning, meaning "no selection yet".
+ const fieldOptions = [{value: "", text: ""}].concat(
+ vis.indexPattern.fields.raw.filter( f => (f.name[0] != "_" && f.name[0] != "@" && f.aggregatable) ).map( f => ({value: f.name, text: `${f.name} (${f.type})`}) )
+ );
+
+ return <EuiForm>
+ <EuiFormRow fullWidth={true} label="Base URL of The Hive">
+ <EuiFieldText
+ fullWidth={true}
+ value={stateParams.url}
+ onChange={e => setValue('url', e.target.value)}
+ isInvalid={stateParams.url == ""}
+ />
+ </EuiFormRow>
+ <EuiFlexGroup>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="API key to access The Hive" helpText="API key of a user with write permission.">
+ <EuiFieldText
+ fullWidth={true}
+ value={stateParams.apikey}
+ onChange={e => setValue('apikey', e.target.value)}
+ isInvalid={stateParams.apikey == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Assignee" helpText="User to assign created cases to. Must be a valid username from The Hive instance.">
+ <EuiFieldText
+ value={stateParams.owner}
+ onChange={e => setValue('owner', e.target.value)}
+ isInvalid={stateParams.owner == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ <EuiTitle size="s"><h3>Fields to get potential observables from ...</h3></EuiTitle>
+ <EuiSpacer size="s" />
+ {stateParams.obsFields.map( (field, ix) => (
+ <EuiFlexGroup key={ix} gutterSize="s">
+ <EuiFlexItem grow={3}>
+ <EuiFormRow label="Field name">
+ <EuiSelect
+ options={fieldOptions}
+ value={field.name}
+ onChange={ e => obsSetName(ix, e.target.value) }
+ isInvalid={field.name == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={2}>
+ <EuiFormRow label="Data type in The Hive">
+ <EuiSelect
+ options={typesOptions}
+ value={field.type}
+ onChange={ e => obsSetType(ix, e.target.value) }
+ isInvalid={field.type == ""}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Max items shown">
+ <EuiFieldNumber
+ min={1}
+ max={1000}
+ value={parseInt(field.cnt)}
+ onChange={ e => obsSetCnt(ix, e.target.value) }
+ isInvalid={!(field.cnt > 0)}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow hasEmptyLabelSpace>
+ <EuiButtonIcon iconType="trash" iconSize="m" color="danger" aria-label="Remove field" onClick={ e => obsRemove(ix) } />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ ))}
+ <EuiFlexGroup>
+ <EuiFlexItem grow={false}>
+ <EuiButton iconType="plusInCircleFilled" color="primary" onClick={obsAddNew}>Add new field ...</EuiButton>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ </EuiForm>
+}
diff --git a/roles/build/files/thehive_button/thehive_button/public/options_template.html b/roles/build/files/thehive_button/thehive_button/public/options_template.html
new file mode 100644
index 0000000000000000000000000000000000000000..ef996577786150282c2ffb0d28652a3d1712842b
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/options_template.html
@@ -0,0 +1,8 @@
+<div class="form-group">
+ <p><label>Base URL of The Hive</label>
+ <input ng-model="editorState.params.url" class=form-control /></p>
+ <p><label>API key</label>
+ <input ng-model="editorState.params.apikey" class=form-control /></p>
+ <p><label>User name to use as the owner of cases created from here</label>
+ <input ng-model="editorState.params.owner" class=form-control /></p>
+</div>
diff --git a/roles/build/files/thehive_button/thehive_button/public/request_handler.js b/roles/build/files/thehive_button/thehive_button/public/request_handler.js
new file mode 100644
index 0000000000000000000000000000000000000000..bdbb0f4ebee4ff5307a1bf549706bf1ecc92e11b
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/request_handler.js
@@ -0,0 +1,195 @@
+import { CourierRequestHandlerProvider as courierRequestHandlerProvider } from 'ui/vis/request_handlers/courier';
+import { SearchSourceProvider } from 'ui/courier/search_source';
+import { RequestAdapter, DataAdapter } from 'ui/inspector/adapters';
+import { VisRequestHandlersRegistryProvider } from 'ui/registry/vis_request_handlers';
+import { AggConfig } from 'ui/vis/agg_config';
+import { AggConfigs } from 'ui/vis/agg_configs';
+import { getTime } from 'ui/timefilter/get_time';
+import { i18n } from '@kbn/i18n';
+import { has } from 'lodash';
+import { calculateObjectHash } from 'ui/vis/lib/calculate_object_hash';
+import { getRequestInspectorStats, getResponseInspectorStats } from 'ui/courier/utils/courier_inspector_utils';
+import chrome from 'ui/chrome';
+
+// Maximum number of unique values of each field (observables) to fetch
+const MAX_NUMBER_OF_TERMS = 5;
+
+const handleCourierRequest = courierRequestHandlerProvider().handler;
+
+// Register new RaquestHandlerProvider
+const theHiveButtonRequestHandlerProvider = function () {
+ return {
+ name: 'theHiveButtonRequestHandler',
+ handler: theHiveButtonRequestHandler,
+ }
+}
+VisRequestHandlersRegistryProvider.register(theHiveButtonRequestHandlerProvider);
+
+export {theHiveButtonRequestHandlerProvider, theHiveButtonRequestHandler};
+
+
+// The request handler function itself
+async function theHiveButtonRequestHandler(params) {
+ //console.log("theHiveButtonRequestHandler params:", params);
+
+ let index = params.index;
+ let partialRows = params.partialRows;
+ let metricsAtAllLevels = params.metricsAtAllLevels;
+ let timeRange = params.timeRange;
+ let query = params.query;
+ let filters = params.filters;
+ let inspectorAdapters = params.inspectorAdapters;
+ let queryFilter = params.queryFilter;
+ let forceFetch = params.forceFetch;
+ // our own confiuration:
+ // list of fields to get potential observables from
+ // (each "field" is object {name: str, type: str, cnt: int})
+ let obsFields = params.visParams.obsFields;
+
+ // filter out invalid field specifications
+ obsFields = obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt > 0) );
+
+ if (obsFields.length == 0) {
+ //console.log("theHiveButtonRequestHandler: Empty obsFields, nothing to do")
+ return {} // no fields specified, nothing to do
+ }
+
+ // === Prepare request to ask for unique values of all selected fields ===
+
+ // Construct a query for ElasticSearch
+ // Get "terms" (most common unique values) for each field of obsFields
+ const aggs_dsl = {}
+ for (let field of obsFields) {
+ aggs_dsl[field.name] = {
+ terms: {
+ field: field.name,
+ size: field.cnt,
+ order: {_count: "desc"}
+ }
+ };
+ }
+ //console.log("aggs_dsl:", aggs_dsl);
+
+ // Create empty AggConfigs
+ // (We could pass specifications of a metric and the buckets here,
+ // but default processing functions assume multiple buckets are sub-buckets,
+ // which is not what we want. So we must do a "hack" and manually create
+ // query directly in format for ElasticSearch)
+ const aggs = new AggConfigs(params.index, []);
+
+ // === Some magic to get searchSource object ===
+ // (inspired by https://github.com/fbaligand/kibana-enhanced-table/blob/7.4/public/data_load/enhanced-table-request-handler.js)
+ // (I don't understand it, but it works)
+
+ let $injector = await chrome.dangerouslyGetActiveInjector();
+ let Private = $injector.get('Private');
+ let SearchSource = Private(SearchSourceProvider);
+ let searchSource = new SearchSource();
+ searchSource.setField('index', index);
+ searchSource.setField('size', 0);
+
+ inspectorAdapters.requests = new RequestAdapter();
+ inspectorAdapters.data = new DataAdapter();
+
+
+ // === Execute query ===
+ // We could call standard "courier" here, but it tries to convert the response
+ // to a table, which fails in our case, so we copied the main code of courier
+ // and modified it here.
+
+ const abortSignal = false;
+
+ const timeFilterSearchSource = searchSource.createChild({ callParentStartHandlers: true });
+ const requestSearchSource = timeFilterSearchSource.createChild({ callParentStartHandlers: true });
+
+ aggs.setTimeRange(timeRange);
+
+ // For now we need to mirror the history of the passed search source, since
+ // the request inspector wouldn't work otherwise.
+ Object.defineProperty(requestSearchSource, 'history', {
+ get() {
+ return searchSource.history;
+ },
+ set(history) {
+ return searchSource.history = history;
+ }
+ });
+
+ // This has been modified to override DSL format by ours
+// requestSearchSource.setField('aggs', function () {
+// return aggs.toDsl(metricsAtAllLevels);
+// });
+ requestSearchSource.setField('aggs', aggs_dsl);
+
+ requestSearchSource.onRequestStart((searchSource, searchRequest) => {
+ return aggs.onSearchRequestStart(searchSource, searchRequest);
+ });
+
+ if (timeRange) {
+ timeFilterSearchSource.setField('filter', () => {
+ return getTime(searchSource.getField('index'), timeRange);
+ });
+ }
+
+ requestSearchSource.setField('filter', filters);
+ requestSearchSource.setField('query', query);
+
+ const reqBody = await requestSearchSource.getSearchRequestBody();
+
+ const queryHash = calculateObjectHash(reqBody);
+ // We only need to reexecute the query, if forceFetch was true or the hash of the request body has changed
+ // since the last request
+ const shouldQuery = forceFetch || (searchSource.lastQuery !== queryHash);
+
+ if (shouldQuery) {
+ inspectorAdapters.requests.reset();
+ const request = inspectorAdapters.requests.start(
+ i18n.translate('common.ui.vis.courier.inspector.dataRequest.title', { defaultMessage: 'Data' }),
+ {
+ description: i18n.translate('common.ui.vis.courier.inspector.dataRequest.description',
+ { defaultMessage: 'This request queries Elasticsearch to fetch the data for the visualization.' }),
+ }
+ );
+ request.stats(getRequestInspectorStats(requestSearchSource));
+
+ try {
+ // Abort any in-progress requests before fetching again
+ if (abortSignal) {
+ abortSignal.addEventListener('abort', () => requestSearchSource.cancelQueued());
+ }
+
+ const response = await requestSearchSource.fetch();
+ //console.log("raw response:", response);
+
+ searchSource.lastQuery = queryHash;
+
+ request
+ .stats(getResponseInspectorStats(searchSource, response))
+ .ok({ json: response });
+
+ searchSource.rawResponse = response;
+ } catch(e) {
+ // Log any error during request to the inspector
+ request.error({ json: e });
+ throw e;
+ } finally {
+ // Add the request body no matter if things went fine or not
+ requestSearchSource.getSearchRequestBody().then(req => {
+ request.json(req);
+ });
+ }
+ }
+
+ // === Copy of courier code ends here, now we parse the response ===
+
+ const resp = searchSource.rawResponse;
+ // Return as object containing a list of unique values (terms) for each
+ // requested field
+ let unique_values_lists = {}
+ for (let field of obsFields) {
+ unique_values_lists[field.name] = resp.aggregations[field.name].buckets.map( (x) => x.key );
+ }
+
+ //console.log("Final lists:", unique_values_lists);
+ return unique_values_lists;
+}
diff --git a/roles/build/files/thehive_button/thehive_button/public/vis.less b/roles/build/files/thehive_button/thehive_button/public/vis.less
new file mode 100644
index 0000000000000000000000000000000000000000..b6f887afaef57a7674a0d0f06ee6f821a0fc015e
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/vis.less
@@ -0,0 +1,3 @@
+.myvis-container-div {
+ padding: 1em;
+}
diff --git a/roles/build/files/thehive_button/thehive_button/public/vis_controller.js b/roles/build/files/thehive_button/thehive_button/public/vis_controller.js
new file mode 100644
index 0000000000000000000000000000000000000000..8b23222700ab072c9665442851982e11cdc56788
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/public/vis_controller.js
@@ -0,0 +1,555 @@
+//import { Status } from 'ui/vis/update_status';
+import { toastNotifications } from 'ui/notify';
+import { createTheHiveCase, addCaseObservables } from './create_case';
+//import vis_template from './vis_template.html';
+
+import React, { Component } from 'react';
+import {
+ EuiButton,
+ EuiButtonEmpty,
+ EuiModal,
+ EuiModalBody,
+ EuiModalFooter,
+ EuiModalHeader,
+ EuiModalHeaderTitle,
+ EuiOverlayMask,
+ EuiTitle,
+ EuiFlexGroup,
+ EuiFlexItem,
+ EuiSpacer,
+ EuiForm,
+ EuiFormRow,
+ EuiFieldText,
+ EuiTextArea,
+ EuiSuperSelect,
+ EuiBasicTable,
+ EuiCheckbox,
+ makeId,
+} from '@elastic/eui';
+
+
+// ********** React components **********
+
+// Main React component - the root of visualization
+export class TheHiveButtonVisComponent extends Component {
+ render() {
+ //console.log("TheHiveButtonVisComponent.render(), props:", this.props);
+ return (
+ <div>
+ <NewCaseButton params={this.props.vis.params} observables={this.props.visData} />
+ </div>
+ );
+ }
+
+ componentDidMount() {
+ this.props.renderComplete();
+ }
+
+ componentDidUpdate() {
+ this.props.renderComplete();
+ }
+}
+
+// Button to show the pop-up window (modal)
+// Props:
+// .params - visualization parameters (from vis.params)
+// .observables - object with lists of potential observables to add to the Case
+// for each field in params.obsFields there should be a key in this object
+// containing list of observables (this is returned by request_handler)
+class NewCaseButton extends Component {
+
+ constructor(props) {
+ super(props);
+ // Filter out invalid obsField specifications
+ this.obsFields = props.params.obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt > 0) );
+ //console.log("Filtered field specs:", this.obsFields);
+
+ // The complete state is here, so it's kept even when modal is closed
+ this.state = {
+ isModalVisible: false,
+ isWorking: false, // used to show a spinner on submit button
+ ...this.create_initial_state(),
+ }
+
+ this.resetCnt = 0; // used to change Modal component key on each form reset
+
+ // Each handler function in a class (method) must be "binded" this way
+ this.closeModal = this.closeModal.bind(this);
+ this.showModal = this.showModal.bind(this);
+ this.resetForm = this.resetForm.bind(this);
+
+ this.onTitleChange = this.onTitleChange.bind(this);
+ this.onSeverityChange = this.onSeverityChange.bind(this);
+ this.onTLPChange = this.onTLPChange.bind(this);
+ this.onDescriptionChange = this.onDescriptionChange.bind(this);
+
+ this.onObsSelectionChange = this.onObsSelectionChange.bind(this);
+ this.onObsDataChange = this.onObsDataChange.bind(this);
+
+ this.submitCase = this.submitCase.bind(this);
+ }
+
+ create_initial_state() {
+ // create a new instance of initial state definition
+ let initial_state = {
+ // Case parameters
+ title: "",
+ description: "\n\n--\nCreated from Kibana",
+ severity: "2", // medium
+ tlp: "2", // amber
+ tags: [], // TODO (not implemented yet)
+ obsData: {}, // state of observables form fields (obsData->field->index->{descr,tlp,ioc,tags})
+ obsSel: {}, // list of observable selections (obsSel->field->list_of_selected_indices)
+ }
+ // pre-fill state of each observable to defaults
+ const initial_field_data = {descr: "", tlp: 2, ioc: false, tags: []};
+ for (let field of this.obsFields) {
+ const n_obs = this.props.observables[field.name].length;
+ // fill obsData with new copies of initial_field_data
+ initial_state.obsData[field.name] = new Array(n_obs).fill().map((_)=>({...initial_field_data}));
+ // nothing is selected
+ initial_state.obsSel[field.name] = new Array();
+ }
+ return initial_state;
+ }
+
+ componentDidUpdate(prevProps) {
+ // If list of observables was updated or obsFields setting has changed,
+ // reset the component state and precomputed variables.
+ if (this.props.observables != prevProps.observables) {
+ if (this.props.params.obsFields != prevProps.params.obsFields) {
+ // when obsFields change, observables must change as well, so this "if"
+ // can be inside the first one.
+ // Filter out invalid obsField specifications
+ this.obsFields = this.props.params.obsFields.filter( f => (f.name != "" && f.type != "" && f.cnt && f.cnt > 0) );
+ //console.log("Filtered field specs:", this.obsFields);
+ }
+ //console.log("New list of observables, resetting form.");
+ this.resetForm();
+ }
+ }
+
+ resetForm() {
+ this.setState(this.create_initial_state());
+ this.resetCnt += 1; // this changes the key of ModalContent, causing it to be replaced by new DOM elelments (otherwise, not all things are reset properly)
+ this.forceUpdate();
+ }
+
+ closeModal() {
+ this.setState({ isModalVisible: false });
+ }
+
+ showModal() {
+ this.setState({ isModalVisible: true });
+ }
+
+ // Event handlers for change of case parameter
+ onTitleChange(evt) {
+ this.setState({title: evt.target.value});
+ }
+ onSeverityChange(value) {
+ this.setState({severity: value});
+ }
+ onTLPChange(value) {
+ this.setState({tlp: value});
+ }
+ onDescriptionChange(evt) {
+ this.setState({description: evt.target.value});
+ }
+
+ // Event handler for observable (de)selection
+ onObsSelectionChange(fieldName, selectedItems) {
+ // Extract indices from the items and store them into state
+ const selectedIndices = selectedItems.map(item4 => item4.i);
+ this.setState((state, props) => {
+ let newObsSel = {...this.state.obsSel};
+ newObsSel[fieldName] = selectedIndices;
+ return {obsSel: newObsSel};
+ });
+ }
+
+ // Event handler for edit of a form field in observable row
+ // - fieldName: which field (table of observables)
+ // - ix: index of the observable in the field's table
+ // - param: one of: descr,tlp,ioc,tags
+ // - value: new value of the form field
+ onObsDataChange(fieldName, ix, param, value) {
+ this.setState((state, props) => {
+ let newObsData = {...this.state.obsData};
+ newObsData[fieldName][ix][param] = value;
+ return {obsData: newObsData};
+ });
+ }
+
+ // Render function
+ render() {
+ let modal;
+ if (this.state.isModalVisible) {
+ modal = <ModalContent
+ resetCnt={this.resetCnt} // used to change "key" of modalBody, causing all form fields to be re-created (some things are not reset properly by reseting state only)
+ close={this.closeModal}
+ reset={this.resetForm}
+ fields={this.obsFields}
+ observables={this.props.observables}
+ // form state
+ title={this.state.title}
+ description={this.state.description}
+ severity={this.state.severity}
+ tlp={this.state.tlp}
+ tags={this.state.tags}
+ obsData={this.state.obsData}
+ obsSel={this.state.obsSel}
+ spinner={this.state.isWorking}
+ // event handlers
+ onTitleChange={this.onTitleChange}
+ onSeverityChange={this.onSeverityChange}
+ onTLPChange={this.onTLPChange}
+ onDescriptionChange={this.onDescriptionChange}
+ onObsSelectionChange={this.onObsSelectionChange}
+ onObsDataChange={this.onObsDataChange}
+ submitCase={this.submitCase}
+ />;
+ }
+ return (
+ <div>
+ <EuiButton fill iconType="alert" color="danger" onClick={this.showModal}>Create new Case ...</EuiButton>
+ {modal}
+ </div>
+ );
+ }
+
+ // Submit case button handler
+ async submitCase(evt) {
+ const params = this.props.params;
+
+ // Get case parameters
+ const title = this.state.title;
+ const descr = this.state.description;
+ const severity = parseInt(this.state.severity);
+ const start_date = null;
+ const owner = params.owner;
+ const flag = false;
+ const tlp = parseInt(this.state.tlp);
+ const tags = this.state.tags;
+
+ if (!title) {
+ toastNotifications.addDanger("Title can't be empty");
+ return;
+ }
+
+ // Get list of selected observables and their params
+ let observables = [];
+ for (let field of this.obsFields) {
+ let selectionIndices = [...this.state.obsSel[field.name]]; // make a copy
+ selectionIndices.sort();
+ for (let i = 0; i < selectionIndices.length; i++) {
+ const j = selectionIndices[i]; // index of a selected obs. in the list of all observables
+ // fill in observable definition according to model at
+ // https://github.com/TheHive-Project/TheHiveDocs/blob/master/api/artifact.md
+ const obs = {
+ dataType: field.type,
+ data: this.props.observables[field.name][j],
+ message: this.state.obsData[field.name][j].descr,
+ tlp: this.state.obsData[field.name][j].tlp,
+ ioc: this.state.obsData[field.name][j].ioc,
+ tags: this.state.obsData[field.name][j].tags,
+ };
+ observables.push(obs);
+ }
+ }
+
+ //console.log("Selected observables:", observables);
+
+ // Check '/' at the end of base URL, add it if needed
+ let base_url = params.url;
+ if (base_url[base_url.length-1] != "/") {
+ base_url += "/";
+ }
+
+ // Show spinner at submit button
+ this.setState({isWorking: true});
+
+ // Submit request to create the case, handle response
+ let resp;
+ resp = await createTheHiveCase(base_url, params.apikey, title, descr, severity, start_date, owner, flag, tlp, tags);
+
+ if ('error' in resp) {
+ // Error contacting The Hive
+ console.error("TheHiveButton: ERROR when trying to create new case:", resp.error);
+ toastNotifications.addDanger("ERROR: " + resp.error);
+ this.setState({isWorking: false}); // Hide spinner
+ return;
+ }
+
+ console.log("TheHiveButton: Case created:", resp);
+ const case_id = resp.id;
+ const case_url = base_url + "index.html#/case/" + case_id + "/details";
+
+ // Show notification
+ let obs_text;
+ if (observables.length > 0) {
+ obs_text = "Adding " + observables.length + " observables in background ...";
+ }
+ else {
+ obs_text = "(no observables added)";
+ }
+ toastNotifications.add({
+ title: "Case created",
+ color: "success",
+ iconType: "checkInCircleFilled",
+ text: (
+ <div>
+ <p><b><a href={case_url} target="_blank">Edit the new Case</a></b></p>
+ <p>{obs_text}</p>
+ </div>
+ ),
+ });
+
+ // Close the popup window, reset form fields and hide spinner
+ this.closeModal();
+ this.resetForm();
+ this.setState({isWorking: false});
+
+ // Open a new window with the case in The Hive
+ // (adding observables may take some time, so the case is opened first;
+ // The Hive web is dynamic so the observables appear as they are added)
+ window.open(case_url, '_blank');
+
+ if (observables.length == 0)
+ return;
+
+ // Submit request to add observables
+ console.log("TheHiveButton: adding " + observables.length + " observables ...");
+ resp = await addCaseObservables(base_url, params.apikey, case_id, observables);
+
+ if ('error' in resp) {
+ console.error("TheHiveButton: ERROR when trying to add observables: " + resp.error);
+ toastNotifications.addDanger("ERROR when trying to add observables: " + resp.error);
+ }
+ else {
+ console.log("TheHiveButton: Done, observables added.");
+ toastNotifications.add("Done, observables added.");
+ }
+ }
+}
+
+
+// The popup window with a form
+// props:
+// - spinner: when true, disable form and show a spinner over it
+class ModalContent extends Component {
+ constructor(props) {
+ super(props);
+ // No state here, everything is in the parent class (NewCaseButton)
+
+ // "Select" options
+ this.severityOptions = [
+ {value: "1", inputDisplay: "low"},
+ {value: "2", inputDisplay: "medium"},
+ {value: "3", inputDisplay: "high"},
+ ];
+ this.tlpOptions = [
+ {value: "0", inputDisplay: "white"},
+ {value: "1", inputDisplay: "green"},
+ {value: "2", inputDisplay: "amber"},
+ {value: "3", inputDisplay: "red"},
+ ];
+ }
+
+ // Main render function
+ render() {
+ // TODO: replace Modal with Flyout?
+
+ // Note: onClick on EuiOverlayMask causes close of modal when clicked outside,
+ // implementation inspired by PR: https://github.com/elastic/eui/pull/3462/files#diff-c8fda532e48f75c94c343247cbc6b2d3R53-R60
+ return (
+ <EuiOverlayMask onClick={(evt) => {if (evt.target.classList.contains("euiOverlayMask")) this.props.close();} }>
+ <EuiModal onClose={this.props.close} maxWidth={false} initialFocus="[name=title]">
+ <EuiModalHeader>
+ <EuiModalHeaderTitle>Create a new case in The Hive</EuiModalHeaderTitle>
+ </EuiModalHeader>
+
+ <EuiModalBody key={this.props.resetCnt}>
+ <EuiForm style={{width: "800px"}}>
+ <EuiFlexGroup>
+ <EuiFlexItem grow={1}>
+ <EuiFormRow label="Title" fullWidth>
+ <EuiFieldText name="title" value={this.props.title} onChange={this.props.onTitleChange} required={true} fullWidth />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow label="Severity">
+ <EuiSuperSelect
+ options={this.severityOptions}
+ valueOfSelected={this.props.severity}
+ onChange={this.props.onSeverityChange}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ <EuiFlexItem grow={false}>
+ <EuiFormRow label="TLP">
+ <EuiSuperSelect
+ prepend="TLP"
+ options={this.tlpOptions}
+ valueOfSelected={this.props.tlp}
+ onChange={this.props.onTLPChange}
+ />
+ </EuiFormRow>
+ </EuiFlexItem>
+ </EuiFlexGroup>
+ <EuiFormRow label="Description" fullWidth>
+ <EuiTextArea
+ defaultValue={this.props.description}
+ onChange={this.props.onDescriptionChange}
+ rows={4}
+ fullWidth
+ />
+ </EuiFormRow>
+
+ {this.props.fields.length > 0 && <EuiTitle size="s"><h3>Add observables from current query ...</h3></EuiTitle>}
+ {this.props.fields.map((field,ix) => (
+ <ObservablesTable
+ key={field.name + ":" + this.props.resetCnt}
+ fieldName={field.name}
+ observables={this.props.observables[field.name]}
+ obsData={this.props.obsData[field.name]}
+ obsSel={this.props.obsSel[field.name]}
+ onObsSelectionChange={this.props.onObsSelectionChange}
+ onObsDataChange={this.props.onObsDataChange}
+ />
+ ))}
+ </EuiForm>
+ </EuiModalBody>
+
+ <EuiModalFooter>
+ <EuiButtonEmpty onClick={this.props.close}>Close</EuiButtonEmpty>
+ <EuiButtonEmpty onClick={this.props.reset}>Reset</EuiButtonEmpty>
+ <EuiButton onClick={this.props.submitCase} fill isLoading={this.props.spinner}>Create Case</EuiButton>
+ </EuiModalFooter>
+ </EuiModal>
+ </EuiOverlayMask>
+ );
+ }
+}
+
+// Table of potential observables taken from a given field, allowing to select
+// which observables to send to The Hive.
+// Props:
+// fieldName - name of the field this table is for
+// observables - list of observable IDs of this field
+// obsData - array of objects specifying state of form fields in the table (.descr, .tlp, ...)
+// obsSel - array of indices of selected observables
+class ObservablesTable extends Component {
+
+ constructor(props) {
+ super(props);
+
+ // Table columns definition
+ this.columns = [
+ {
+ field: "id",
+ name: "Observable",
+ },
+ {
+ field: "descr",
+ name: "Description",
+ description: "Description of the observable in the context of the case",
+ render: (value, item1) => (<EuiFieldText
+ value={item1.descr}
+ onChange={(e) => this.props.onObsDataChange(props.fieldName, item1.i, "descr", e.target.value)}
+ disabled={!item1.selected}
+ />)
+ },
+ /*{
+ field: "tlp",
+ name: "TLP",
+ dataType: "number",
+ // TODO render and process changes
+ },*/
+ {
+ field: "ioc",
+ name: "Is IOC",
+ dataType: "boolean",
+ description: "Indicates if the observable is an IOC",
+ render: (value, item2) => (<EuiCheckbox
+ id={"ioc-checkbox-"+item2.id}
+ checked={item2.ioc}
+ onChange={(e) => this.props.onObsDataChange(props.fieldName, item2.i, "ioc", e.target.checked)}
+ disabled={!item2.selected}
+ />)
+ },
+ /*{
+ field: "tags",
+ name: "Tags",
+ // TODO render and process changes
+ },*/
+ ]
+
+ // Create a reference to EuiBasicTable, so it's node can be accessed in componentDidMount
+ this.tableRef = React.createRef();
+ }
+
+ render() {
+ // Table data definition (convert props to format suitable for EuiBasicTable)
+ const n_obs = this.props.observables.length;
+ this.table_data = new Array(n_obs);
+ for (let i = 0; i < n_obs; i++) {
+ this.table_data[i] = {
+ id: this.props.observables[i],
+ descr: this.props.obsData[i].descr,
+ tlp: this.props.obsData[i].tlp,
+ ioc: this.props.obsData[i].ioc,
+ tags: this.props.obsData[i].tags,
+ // auxiliary fields, not shown in table:
+ i: i, // row index
+ selected: this.props.obsSel.includes(i),
+ };
+ }
+
+ return (
+ <>
+ <EuiTitle size="xs"><h4>{this.props.fieldName}</h4></EuiTitle>
+ <EuiBasicTable
+ ref={this.tableRef}
+ columns={this.columns}
+ items={this.table_data}
+ itemId={(item3) => item3.id}
+ selection={ {onSelectionChange: (selectedItems) => this.props.onObsSelectionChange(this.props.fieldName, selectedItems) } }
+ noItemsMessage="No observables found"
+ rowProps={{
+ // Hack to allow selection by clicking anywhere in the table row
+ // (except input elements)
+ onClick: (e) => {
+ if (e.target.tagName != "INPUT") {
+ // simulate click on the first checkbox in the row to (de)select the row
+ e.currentTarget.querySelector("input").click();
+ e.currentTarget.blur(); // without this the focus remains on the row after click (results in different color)
+ }
+ },
+ tabIndex: "-1", // prevents focus on row by keyboard navigation
+ }}
+ />
+ <EuiSpacer size="l" />
+ </>
+ )
+ }
+
+ componentDidMount() {
+ // There's no way to specify initially selected items in EuiBasicTable by
+ // props, but we may need to select some (in case a user selects some obs.,
+ // closes the modal and opens it again).
+ // However, the selection is stored as a 'selection' field of table's state,
+ // so here we directly edit the state just after the table is created.
+
+ // Prepare the 'selection' array - it should contain a list of selected row specifications
+ let selection = [];
+ for (let ix of this.props.obsSel) {
+ selection.push(this.table_data[ix]);
+ }
+
+ // Get ref to EuiBasicTable element and update its state
+ const table_node = this.tableRef.current;
+ table_node.setState({selection: selection});
+ }
+}
+
diff --git a/roles/build/files/thehive_button/thehive_button/server/routes/newcase.js b/roles/build/files/thehive_button/thehive_button/server/routes/newcase.js
new file mode 100644
index 0000000000000000000000000000000000000000..175dee818c5569a5e5e02db31a6e443abe5f03fb
--- /dev/null
+++ b/roles/build/files/thehive_button/thehive_button/server/routes/newcase.js
@@ -0,0 +1,153 @@
+const request = require('request');
+//const fs = require('fs');
+//const path = require('path');
+
+//const caFile = path.resolve(__dirname, '../../ca.cert.pem'); // TODO resolve where the CA file should be located / configured
+
+export default function (server) {
+ server.route({
+ path: '/api/thehive_button/new_case',
+ method: 'POST',
+ handler: newCaseHandler,
+ });
+ server.route({
+ path: '/api/thehive_button/add_observables',
+ method: 'POST',
+ handler: addObservablesHandler,
+ });
+}
+
+// Handler of ajax requests to create a new Case in The Hive
+function newCaseHandler(req, resp) {
+ // Parse the request to get connection parameters
+ // (everything is configured in forntend and sent as part of the request,
+ // since I don't know how to configure the backend)
+ var base_url = req.payload['base_url'];
+ var api_key = req.payload['api_key'];
+ var req_body = req.payload['body'];
+
+ // check it's a valid URL with slash at the end
+ if (!base_url) {
+ return {'error': 'Base URL not set'};
+ }
+ if (!base_url.match(/https?:\/\/(([a-z\d.-]+)|((\d{1,3}\.){3}\d{1,3}))(\:\d+)?(\/[-a-z\d%_.~+]*)*\//i)) {
+ //if (!base_url.match(/https?:\/\/.*\//)) {
+ return {'error': 'Invalid base URL (it must begin with "http[s]" and end with "/")'};
+ }
+ if (!api_key) {
+ return {'error': 'API key not set'};
+ }
+
+ return new Promise( function(resolve, reject) {
+ request({
+ method: 'POST',
+ url: base_url + 'api/case',
+ auth: {'bearer': api_key},
+ json: true,
+ body: req_body,
+ //ca: fs.readFileSync(caFile), // TODO resolve the issue with custom CA, where to get its cert?
+ rejectUnauthorized: false,
+ },
+ // handler of the reply from The Hive - just return as reply
+ function (error, response, body) {
+ // TODO: find out how to set response code, for now we always return sucess and encode original status code in the content
+ if (error) {
+ console.error("ERROR when trying to send request to The Hive:", error);
+ resolve({'error': error.message});
+ }
+ else {
+ if (response.statusCode < 200 || response.statusCode >= 300) {
+ console.error("ERROR Unexpected reply received from The Hive:", response.statusCode, response.statusMessage, "\n", body)
+ }
+ resolve({
+ 'status_code': response.statusCode,
+ 'status_msg': response.statusMessage,
+ 'body': body
+ });
+ }
+ } // handler function
+ ); // request()
+ }); // Promise()
+}
+
+// Note:
+// There are two ways to create multiple Observables (artifacts) via The Hive API:
+// 1. post one request with an array of observables in "data" field
+// - this allows to create all in one request, but doesn't allow to set
+// different parameters (IOC, TLP, etc.) to different observables
+// 2. post each observable in a separate request
+// The second way is used here.
+
+// Handler of ajax requests to add Observables to a Case in The Hive
+function addObservablesHandler(req, resp) {
+ // Parse the request to get connection parameters
+ // (everything is configured in forntend and sent as part of the request,
+ // since I don't know how to configure the backend)
+ var base_url = req.payload['base_url'];
+ var api_key = req.payload['api_key'];
+
+ // check it's a valid URL with slash at the end
+ if (!base_url) {
+ return {'error': 'Base URL not set'};
+ }
+ if (!base_url.match(/https?:\/\/(([a-z\d.-]+)|((\d{1,3}\.){3}\d{1,3}))(\:\d+)?(\/[-a-z\d%_.~+]*)*\//i)) {
+ //if (!base_url.match(/https?:\/\/.*\//)) {
+ return {'error': 'Invalid base URL (it must begin with "http[s]" and end with "/")'};
+ }
+ // TODO add "/" to the end automatically
+ if (!api_key) {
+ return {'error': 'API key not set'};
+ }
+
+ const caseid = req.payload['caseid'];
+ const observables = req.payload['observables']; // array of obersvable specifications
+
+ return new Promise( async function(resolve, reject) {
+ // Run one request for each observable
+ // (A way to run multiple async tasks sequentially inspired by:
+ // https://jrsinclair.com/articles/2019/how-to-run-async-js-in-parallel-or-sequential/ )
+ const starterPromise = Promise.resolve(null);
+ await observables.reduce(
+ (p, obs) => p.then(() => addObservable(base_url, api_key, caseid, obs)),
+ starterPromise
+ ).catch((err_msg) => {
+ console.error(err_msg); // log whole message
+ resolve({'error': err_msg.split("\n", 1)[0]}); // send the first line to frontend
+ return;
+ }
+ );
+ resolve({});
+ });
+}
+
+function addObservable(base_url, api_key, caseid, obs) {
+ return new Promise( function(resolve, reject) {
+ //console.log("Adding observable:", obs);
+ request({
+ method: 'POST',
+ url: base_url + 'api/case/' + caseid + "/artifact",
+ auth: {'bearer': api_key},
+ json: true,
+ body: obs,
+ //ca: fs.readFileSync(caFile), // TODO resolve the issue with custom CA, where to get its cert?
+ rejectUnauthorized: false,
+ },
+ // handler of the reply from The Hive - just return as reply
+ function (error, response, body) {
+ if (error) {
+ reject("ERROR when trying to send request to The Hive: " + error);
+ }
+ else if (response.statusCode < 200 || response.statusCode >= 300) {
+ reject("ERROR: Unexpected reply received from The Hive: " + response.statusCode + " " + response.statusMessage + "\n" + JSON.stringify(body));
+ }
+ else {
+ // success - continue with the next observable
+ resolve("OK");
+ resolve({})
+ }
+ } // handler function
+ ); // request()
+ }); //Promise()
+}
+
+
diff --git a/roles/build/files/zookeeper/zookeepersupervisord.conf b/roles/build/files/zookeeper/zookeepersupervisord.conf
deleted file mode 100644
index 3089c9bdf608285cfbffeb6a31ff6fef8940a578..0000000000000000000000000000000000000000
--- a/roles/build/files/zookeeper/zookeepersupervisord.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-[unix_http_server]
-file=/tmp/supervisor.sock
-
-[supervisord]
-pidfile=/tmp/supervisord.pid
-nodaemon=true
-logfile=/var/log/supervisor/supervisord.log
-logfile_maxbytes=10MB
-logfile_backups=10
-loglevel=info
-childlogdir=/var/log/supervisor/
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock
-
-[program:zookeeper]
-directory=/opt/zookeeper
-user=root
-group=root
-command=/bin/bash -c '/opt/zookeeper/bin/zkServer.sh start-foreground'
-autostart=true
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/zookeeper_stderr.log
-stdout_logfile = /var/log/supervisor/zookeeper_stdout.log
-
-[program:filebeat]
-directory=/opt/filebeat
-user=root
-group=root
-command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
-autostart=false
-autorestart=true
-logfile_maxbytes=10MB
-stdout_logfile_backups = 0
-stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/filebeat_stderr.log
-stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/files/zookeeperDockerfile b/roles/build/files/zookeeperDockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..33ea38ad66a5b006a77ee2c5fd396a285ff654f7
--- /dev/null
+++ b/roles/build/files/zookeeperDockerfile
@@ -0,0 +1,34 @@
+FROM gn43-dsl/openjdk:7a20201004
+#LABEL maintainer="Apache NiFi <dev@nifi.apache.org>"
+#LABEL site="https://nifi.apache.org"
+
+#ARG UID=1000
+#ARG GID=1000
+ARG ZOOKEEPER_VERSION=3.5.5
+ARG BASE_URL=https://archive.apache.org/dist
+ARG MIRROR_BASE_URL=${MIRROR_BASE_URL:-${BASE_URL}}
+ARG ZOOKEEPER_BINARY_PATH=${ZOOKEEPER_BINARY_PATH:-/zookeeper/zookeeper-${ZOOKEEPER_VERSION}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz}
+
+ENV ZOOKEEPER_BASE_DIR=/opt
+
+#ENV ZOOKEEPER_PID_DIR=${ZOOKEEPER_HOME}/run
+#ENV ZOOKEEPER_LOG_DIR=${ZOOKEEPER_HOME}/logs
+
+# USER nifi
+
+# Download, validate, and expand Apache NiFi binary.
+RUN curl -fSL ${MIRROR_BASE_URL}/${ZOOKEEPER_BINARY_PATH} -o ${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz \
+# && echo "$(curl ${BASE_URL}/${ZOOKEEPER_BINARY_PATH}.sha512) *${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz" | sha256sum -c - \
+ && tar -xzf ${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz -C ${ZOOKEEPER_BASE_DIR} \
+ && mv ${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin ${ZOOKEEPER_BASE_DIR}/zookeeper \
+ && rm ${ZOOKEEPER_BASE_DIR}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz \
+ && cp ${ZOOKEEPER_BASE_DIR}/zookeeper/conf/zoo_sample.cfg ${ZOOKEEPER_BASE_DIR}/zookeeper/conf/zoo.cfg
+
+# Web HTTP(s) & Socket Site-to-Site Ports
+EXPOSE 2181 2888 3888
+
+WORKDIR ${ZOOKEEPER_BASE_DIR}/zookeeper
+
+ENTRYPOINT ["/opt/zookeeper/bin/zkServer.sh"]
+CMD ["start-foreground"]
+
diff --git a/roles/build/tasks/cassandra.yml b/roles/build/tasks/cassandra.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1c0a2c6930135fe01a0e9e872e036f6c911eccd3
--- /dev/null
+++ b/roles/build/tasks/cassandra.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure the cassandra Dockerfile
+ template:
+ src: cassandra/Dockerfile.j2
+ dest: "{{role_path}}/files/cassandraDockerfile"
+
+- name: Build cassandra image
+ command: docker build -t {{repo}}/cassandra:{{version}}{{suffix}} -f {{role_path}}/files/cassandraDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/centos.yml b/roles/build/tasks/centos.yml
index 62a8fb1fbd84dce5a27660a24f9eab54b59d9b97..c7be287621104cc8eb257bf0734a5c2641b58c33 100644
--- a/roles/build/tasks/centos.yml
+++ b/roles/build/tasks/centos.yml
@@ -5,115 +5,96 @@
name: "{{repo}}/centos:{{version}}{{suffix}}"
register: centosimg
-- name: Assert CentOS image
- assert:
- that: centosimg.images | length == 0
- fail_msg: "CentOS image already exists"
-
-- name: Create etc tree in build directory
- file:
- path: '{{ temp_root}}/{{ item.path }}'
- state: directory
- mode: '{{ item.mode }}'
- with_filetree: templates/etcroot/
- when: item.state == 'directory'
-
-- name: Populate etc tree in build directory
- template:
- src: '{{ item.src }}'
- dest: '{{ temp_root}}/{{ item.path }}'
- force: yes
- with_filetree: templates/etcroot
- when: item.state == 'file'
-
-- name: Create dev tree in build directory
- command: mknod -m {{ item.mode }} {{ item.dev }} {{ item.type }} {{ item.major }} {{ item.minor }}
- args:
- creates: "{{ item.dev }}"
- with_items:
- - { mode: 600, dev: "{{temp_root}}/dev/console", type: c, major: 5, minor: 1 }
- - { mode: 600, dev: "{{temp_root}}/dev/initctl", type: p, major: '', minor: '' }
- - { mode: 666, dev: "{{temp_root}}/dev/full", type: c, major: 1, minor: 7 }
- - { mode: 666, dev: "{{temp_root}}/dev/null", type: c, major: 1, minor: 3 }
- - { mode: 666, dev: "{{temp_root}}/dev/ptmx", type: c, major: 5, minor: 2 }
- - { mode: 666, dev: "{{temp_root}}/dev/random", type: c, major: 1, minor: 8 }
- - { mode: 666, dev: "{{temp_root}}/dev/tty", type: c, major: 5, minor: 0 }
- - { mode: 666, dev: "{{temp_root}}/dev/tty0", type: c, major: 4, minor: 0 }
- - { mode: 666, dev: "{{temp_root}}/dev/urandom", type: c, major: 1, minor: 9 }
- - { mode: 666, dev: "{{temp_root}}/dev/zero", type: c, major: 1, minor: 5 }
-
-- name: Install centos-release in build directory
- yum:
- installroot: "{{ temp_root}}"
- name: centos-release
- state: present
-
-- name: Install Core CentOS in build directory
- yum:
- installroot: "{{ temp_root}}"
- name:
- - "@Core"
- - yum-plugin-ovl.noarch
- - epel-release
- state: present
-
-- name: Install extra packages
- yum:
- installroot: "{{ temp_root }}"
- name:
- - daemonize
- state: present
-
-- name: Clean yum cache
- command: 'yum --installroot="{{ temp_root}}" -y clean all'
-
-- name: Remove unneeded directories
- file:
- path: "{{temp_root}}/{{item}}"
- state: absent
- with_items:
- - usr/share/cracklib
- - var/cache/yum
- - sbin/sln
- - etc/ld.so.cache
- - var/cache/ldconfig
- - usr/share/backgrounds
-
-- name: Create needed directories
- file:
- path: "{{temp_root}}/{{item}}"
- state: directory
- with_items:
- - var/cache/yum
- - var/cache/ldconfig
-
-- name: Download filebeat
- get_url:
- url: "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-{{ FILEBEAT_VERSION }}-linux-x86_64.tar.gz"
- dest: "{{ temp_root}}/opt/filebeat.tar.gz"
- mode: '0640'
-
-- name: Unarchive filebeat
- unarchive:
- src: "{{ temp_root}}/opt/filebeat.tar.gz"
- dest: "{{ temp_root}}/opt/"
- remote_src: yes
-
-- name: Delete filebeat archive
- file:
- path: "{{ item }}"
- state: absent
- with_items:
- - "{{ temp_root}}/opt/filebeat.tar.gz"
-
-- name: move filebeat directory to /opt/filebeat
- command: "mv {{ temp_root}}/opt/filebeat-{{ FILEBEAT_VERSION }}-linux-x86_64 {{ temp_root}}/opt/filebeat"
-
-- name: Import image in docker
- shell: tar --numeric-owner -c -C {{temp_root }} . | docker import - {{repo}}/centos:{{version}}{{suffix}}
-
-- name: Remove temp directory
- file:
- path: "{{temp_root}}"
- state: absent
-
+#- name: Skip if image exists
+# meta: end_play
+# when: centosimg.images | length != 0
+
+# tags:
+# - start
+
+#- name: Assert CentOS image
+# assert:
+# that: centosimg.images | length == 0
+# fail_msg: "CentOS image already exists"
+
+- name: Build CentOS image
+ when: centosimg.images | length == 0
+ block:
+ - name: Create etc tree in build directory
+ file:
+ path: '{{ temp_root}}/{{ item.path }}'
+ state: directory
+ mode: '{{ item.mode }}'
+ with_filetree: templates/etcroot/
+ when: item.state == 'directory'
+
+ - name: Populate etc tree in build directory
+ template:
+ src: '{{ item.src }}'
+ dest: '{{ temp_root}}/{{ item.path }}'
+ force: yes
+ with_filetree: templates/etcroot
+ when: item.state == 'file'
+
+ - name: Create dev tree in build directory
+ command: mknod -m {{ item.mode }} {{ item.dev }} {{ item.type }} {{ item.major }} {{ item.minor }}
+ args:
+ creates: "{{ item.dev }}"
+ with_items:
+ - { mode: 600, dev: "{{temp_root}}/dev/console", type: c, major: 5, minor: 1 }
+ - { mode: 600, dev: "{{temp_root}}/dev/initctl", type: p, major: '', minor: '' }
+ - { mode: 666, dev: "{{temp_root}}/dev/full", type: c, major: 1, minor: 7 }
+ - { mode: 666, dev: "{{temp_root}}/dev/null", type: c, major: 1, minor: 3 }
+ - { mode: 666, dev: "{{temp_root}}/dev/ptmx", type: c, major: 5, minor: 2 }
+ - { mode: 666, dev: "{{temp_root}}/dev/random", type: c, major: 1, minor: 8 }
+ - { mode: 666, dev: "{{temp_root}}/dev/tty", type: c, major: 5, minor: 0 }
+ - { mode: 666, dev: "{{temp_root}}/dev/tty0", type: c, major: 4, minor: 0 }
+ - { mode: 666, dev: "{{temp_root}}/dev/urandom", type: c, major: 1, minor: 9 }
+ - { mode: 666, dev: "{{temp_root}}/dev/zero", type: c, major: 1, minor: 5 }
+
+ - name: Install centos-release in build directory
+ yum:
+ installroot: "{{ temp_root}}"
+ name: centos-release
+ state: present
+
+ - name: Install Core CentOS in build directory
+ yum:
+ installroot: "{{ temp_root}}"
+ name:
+ - "@Core"
+ - yum-plugin-ovl.noarch
+ - epel-release
+ state: present
+
+ - name: Clean yum cache
+ command: 'yum --installroot="{{ temp_root}}" -y clean all'
+
+ - name: Remove unneeded directories
+ file:
+ path: "{{temp_root}}/{{item}}"
+ state: absent
+ with_items:
+ - usr/share/cracklib
+ - var/cache/yum
+ - sbin/sln
+ - etc/ld.so.cache
+ - var/cache/ldconfig
+ - usr/share/backgrounds
+
+ - name: Create needed directories
+ file:
+ path: "{{temp_root}}/{{item}}"
+ state: directory
+ with_items:
+ - var/cache/yum
+ - var/cache/ldconfig
+
+ - name: Import image in docker
+ shell: tar --numeric-owner -c -C {{temp_root }} . | docker import - {{repo}}/centos:{{version}}{{suffix}}
+
+ - name: Remove temp directory
+ file:
+ path: "{{temp_root}}"
+ state: absent
+
diff --git a/roles/build/tasks/cortex.yml b/roles/build/tasks/cortex.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9a5adbef67cf1fee1f7eb48f23e4d083a8c6631d
--- /dev/null
+++ b/roles/build/tasks/cortex.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure the Cortex Dockerfile
+ template:
+ src: cortex/Dockerfile.j2
+ dest: "{{role_path}}/files/cortexDockerfile"
+
+- name: Build the Cortex image
+ command: docker build -t {{repo}}/cortex:{{version}}{{suffix}} -f {{role_path}}/files/cortexDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/haproxy.yml b/roles/build/tasks/haproxy.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9cb45f840be6ad255b6420abcabc83fbed79b96a
--- /dev/null
+++ b/roles/build/tasks/haproxy.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Configure the haproxy Dockerfile
+ template:
+ src: haproxy/Dockerfile.j2
+ dest: "{{role_path}}/files/haproxyDockerfile"
+
+- name: Build haproxy image
+ command: docker build -t {{repo}}/haproxy:{{version}}{{suffix}} -f {{role_path}}/files/haproxyDockerfile {{role_path}}/files
+
diff --git a/roles/build/tasks/keycloak.yml b/roles/build/tasks/keycloak.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f7a7c2b1989bf013e7a23a1646e7d7e62500098e
--- /dev/null
+++ b/roles/build/tasks/keycloak.yml
@@ -0,0 +1,18 @@
+---
+
+- name: Configure the keycloak Dockerfile
+ template:
+ src: keycloak/Dockerfile.j2
+ dest: "{{role_path}}/files/keycloakDockerfile"
+
+- name: Copy tools to build path
+ command: "cp -av {{role_path}}/templates/keycloak/keycloak-tools/ {{role_path}}/files/keycloak-tools/"
+
+- name: Build keycloak image
+ command: docker build -t {{repo}}/keycloak:{{version}}{{suffix}} -f {{role_path}}/files/keycloakDockerfile {{role_path}}/files
+
+- name: Remove tools from build path
+ file:
+ path: "{{role_path}}/files/keycloak-tools/"
+ state: absent
+
diff --git a/roles/build/tasks/main.yml b/roles/build/tasks/main.yml
index eee4ba0ee19f8eda382bed26c1e9dacf11706469..223766f87e2d7d1ae88de3d70dd7810a0dbdf091 100644
--- a/roles/build/tasks/main.yml
+++ b/roles/build/tasks/main.yml
@@ -2,45 +2,19 @@
- assert:
that:
- - "'CHANGE_ME' not in soctoolsproxy"
+ - "'CHANGE_ME' not in dslproxy"
fail_msg: "Review *all* settings in group_vars/all/main.yml"
- include: centos.yml
-
-- name: Create main build dir
- file:
- path: "{{docker_build_dir}}"
- state: directory
-
-- name: Create build dir
- file:
- path: "{{docker_build_dir}}/{{item}}"
- state: directory
- with_items: "{{services}}"
-
-- name: Configure the Dockerfile
- template:
- src: "{{item}}/Dockerfile.j2"
- dest: "{{docker_build_dir}}/{{item}}/Dockerfile"
- with_items: "{{services}}"
-
-- name: Copy thehive_button to build path
- copy:
- src: "{{role_path}}/templates/odfekibana/thehive_button"
- dest: "{{docker_build_dir}}/odfekibana/"
-
-- name: Copy keycloak-tools to build path
- copy:
- src: "{{role_path}}/templates/keycloak/keycloak-tools"
- dest: "{{docker_build_dir}}/keycloak/"
-
-- name: Copy build files
- copy:
- src: "files/{{item}}/"
- dest: "{{docker_build_dir}}/{{item}}/"
- with_items: "{{services}}"
- ignore_errors: yes
-
-- name: Build image
- command: docker build -t {{repo}}/{{item}}:{{version}}{{suffix}} -f {{docker_build_dir}}/{{item}}/Dockerfile {{docker_build_dir}}/{{item}}
- with_items: "{{services}}"
+- include: mysql.yml
+- include: haproxy.yml
+- include: openjdk.yml
+- include: zookeeper.yml
+- include: nifi.yml
+- include: odfees.yml
+- include: odfekibana.yml
+- include: keycloak.yml
+- include: misp.yml
+- include: cassandra.yml
+- include: thehive.yml
+- include: cortex.yml
diff --git a/roles/build/tasks/misp.yml b/roles/build/tasks/misp.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d52c39c7d0292a5b6285fbc23220b3cf33be422d
--- /dev/null
+++ b/roles/build/tasks/misp.yml
@@ -0,0 +1,20 @@
+---
+
+- name: Configure the misp Dockerfile
+ template:
+ src: misp/Dockerfile.j2
+ dest: "{{role_path}}/files/mispDockerfile"
+
+- name: Configure the misp supervisor
+ template:
+ src: misp/supervisord.conf.j2
+ dest: "{{role_path}}/files/mispsupervisord.conf"
+
+- name: Configure the misp worker startscript
+ template:
+ src: misp/start.sh.j2
+ dest: "{{role_path}}/files/mispstart.sh"
+
+- name: Build misp image
+ command: docker build -t {{repo}}/misp:{{version}}{{suffix}} -f {{role_path}}/files/mispDockerfile {{role_path}}/files
+
diff --git a/roles/build/tasks/mysql.yml b/roles/build/tasks/mysql.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a0281907e39a5f8aaa59648b8eae0b90ce968f58
--- /dev/null
+++ b/roles/build/tasks/mysql.yml
@@ -0,0 +1,15 @@
+---
+
+- name: Configure the mysql Dockerfile
+ template:
+ src: mysql/Dockerfile.j2
+ dest: "{{role_path}}/files/mysqlDockerfile"
+
+- name: Configure the mysql supervisor
+ template:
+ src: mysql/supervisord.conf.j2
+ dest: "{{role_path}}/files/mysqlsupervisord.conf"
+
+- name: Build mysql image
+ command: docker build -t {{repo}}/mysql:{{version}}{{suffix}} -f {{role_path}}/files/mysqlDockerfile {{role_path}}/files
+
diff --git a/roles/build/tasks/nifi.yml b/roles/build/tasks/nifi.yml
new file mode 100644
index 0000000000000000000000000000000000000000..423978d987b5ced99a995ddc5a3e733cf56504da
--- /dev/null
+++ b/roles/build/tasks/nifi.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure the nifi Dockerfile
+ template:
+ src: nifi/Dockerfile.j2
+ dest: "{{role_path}}/files/nifiDockerfile"
+
+- name: Build nifi image
+ command: docker build -t {{repo}}/nifi:{{version}}{{suffix}} -f {{role_path}}/files/nifiDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/odfees.yml b/roles/build/tasks/odfees.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5741223fdd61d30801eec2fc4c2bdbe1fdb7ed36
--- /dev/null
+++ b/roles/build/tasks/odfees.yml
@@ -0,0 +1,18 @@
+---
+
+- name: Configure elasticsearch Dockerfile
+ template:
+ src: odfees/Dockerfile-elastic.j2
+ dest: "{{role_path}}/files/elasticDockerfile"
+
+- name: Build elasticsearch image
+ command: docker build -t {{repo}}/elasticsearch:{{version}}{{suffix}} -f {{role_path}}/files/elasticDockerfile {{role_path}}/files
+
+- name: Configure odfe elasticsearch Dockerfile
+ template:
+ src: odfees/Dockerfile-odfeelastic.j2
+ dest: "{{role_path}}/files/odfeesDockerfile"
+
+- name: Build odfe elasticsearch image
+ command: docker build -t {{repo}}/odfees:{{version}}{{suffix}} -f {{role_path}}/files/odfeesDockerfile {{role_path}}/files
+
diff --git a/roles/build/tasks/odfekibana.yml b/roles/build/tasks/odfekibana.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8e1980a7680f5f23b7370d61dba057e457430291
--- /dev/null
+++ b/roles/build/tasks/odfekibana.yml
@@ -0,0 +1,22 @@
+---
+
+- name: Configure kibana Dockerfile
+ template:
+ src: odfekibana/Dockerfile-kibana.j2
+ dest: "{{role_path}}/files/kibanaDockerfile"
+
+- name: Copy tools to build path
+ command: "cp -av {{role_path}}/templates/odfekibana/thehive_button/ {{role_path}}/files/thehive_button/"
+
+- name: Build kibana image
+ command: docker build -t {{repo}}/kibana:{{version}}{{suffix}} -f {{role_path}}/files/kibanaDockerfile {{role_path}}/files
+
+- name: Configure odfe kibana Dockerfile
+ template:
+ src: odfekibana/Dockerfile-odfekibana.j2
+ dest: "{{role_path}}/files/odfekibanaDockerfile"
+
+- name: Build odfe kibana image
+ command: docker build -t {{repo}}/odfekibana:{{version}}{{suffix}} -f {{role_path}}/files/odfekibanaDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/openjdk.yml b/roles/build/tasks/openjdk.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8754ac7fdf7d6147ab522f936b8888a5fd5a7e60
--- /dev/null
+++ b/roles/build/tasks/openjdk.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure the openjdk Dockerfile
+ template:
+ src: openjdk/Dockerfile.j2
+ dest: "{{role_path}}/files/openjdkDockerfile"
+
+- name: Build openjdk image
+ command: docker build -t {{repo}}/openjdk:{{version}}{{suffix}} -f {{role_path}}/files/openjdkDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/thehive.yml b/roles/build/tasks/thehive.yml
new file mode 100644
index 0000000000000000000000000000000000000000..35fe08ebf7d5da456a40f0a0de273d102d5eada2
--- /dev/null
+++ b/roles/build/tasks/thehive.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure theHive Dockerfile
+ template:
+ src: thehive/Dockerfile.j2
+ dest: "{{role_path}}/files/thehiveDockerfile"
+
+- name: Build theHive image
+ command: docker build -t {{repo}}/thehive:{{version}}{{suffix}} -f {{role_path}}/files/thehiveDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/tasks/zookeeper.yml b/roles/build/tasks/zookeeper.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a61a6b397f8d1d34559da24f290df8ea93b85f94
--- /dev/null
+++ b/roles/build/tasks/zookeeper.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Configure the zookeeper Dockerfile
+ template:
+ src: zookeeper/Dockerfile.j2
+ dest: "{{role_path}}/files/zookeeperDockerfile"
+
+- name: Build zookeeper image
+ command: docker build -t {{repo}}/zookeeper:{{version}}{{suffix}} -f {{role_path}}/files/zookeeperDockerfile {{role_path}}/files
+
+
diff --git a/roles/build/templates/cassandra/Dockerfile.j2 b/roles/build/templates/cassandra/Dockerfile.j2
index f5d2a601c1526e9cf119c01bea5e36c2edf8223d..94b0ca08c01de7c4b225bdcb81c7a35c2ffb33ff 100644
--- a/roles/build/templates/cassandra/Dockerfile.j2
+++ b/roles/build/templates/cassandra/Dockerfile.j2
@@ -1,20 +1,35 @@
FROM {{repo}}/openjdk:{{version}}{{suffix}}
USER root
+#COPY cassandra.repo /etc/yum.repos.d/cassandra.repo
+#COPY supervisord.conf /etc/supervisord.conf
+#COPY start.sh /start.sh
RUN echo "[cassandra]" > /etc/yum.repos.d/cassandra.repo && \
echo "name=Apache Cassandra" >> /etc/yum.repos.d/cassandra.repo && \
echo "baseurl=https://downloads.apache.org/cassandra/redhat/311x/" >> /etc/yum.repos.d/cassandra.repo && \
echo "gpgcheck=1" >> /etc/yum.repos.d/cassandra.repo && \
echo "repo_gpgcheck=1" >> /etc/yum.repos.d/cassandra.repo && \
echo "gpgkey=https://downloads.apache.org/cassandra/KEYS" >> /etc/yum.repos.d/cassandra.repo && \
+ echo '#!/bin/bash' > /start.sh && \
+ echo 'export CASSANDRA_HOME=/usr/share/cassandra' >> /start.sh && \
+ echo 'export CASSANDRA_CONF=$CASSANDRA_HOME/conf' >> /start.sh && \
+ echo 'export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh' >> /start.sh && \
+ echo 'log_file=/var/log/cassandra/cassandra.log' >> /start.sh && \
+ echo 'pid_file=/var/run/cassandra/cassandra.pid' >> /start.sh && \
+ echo 'lock_file=/var/lock/subsys/cassandra' >> /start.sh && \
+ echo 'CASSANDRA_PROG=/usr/sbin/cassandra' >> /start.sh && \
+ echo '' >> /start.sh && \
+ echo '$CASSANDRA_PROG -p $pid_file > $log_file 2>&1' >> /start.sh && \
yum install -y epel-release && \
- yum install -y cassandra supervisor rsync && \
+ yum install -y cassandra supervisor && \
mkdir /usr/share/cassandra/conf && \
cp -a /etc/cassandra/conf/* /usr/share/cassandra/conf && \
chown -R cassandra:cassandra /usr/share/cassandra && \
chown -R cassandra:cassandra /var/lib/cassandra && \
sed -i -e 's,/etc/cassandra,/usr/share/cassandra,g' /usr/share/cassandra/cassandra.in.sh && \
+ chmod a+x /start.sh && \
yum -y clean all
-COPY cassandrasupervisord.conf /etc/supervisord.conf
EXPOSE 7000 9042
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER cassandra
+# ENTRYPOINT ["/start.sh"]
diff --git a/roles/build/templates/cassandra/cassandra.repo.j2 b/roles/build/templates/cassandra/cassandra.repo.j2
new file mode 100644
index 0000000000000000000000000000000000000000..8fdb78c9a4e3868ea6693110941914adc511877e
--- /dev/null
+++ b/roles/build/templates/cassandra/cassandra.repo.j2
@@ -0,0 +1,6 @@
+[cassandra]
+name=Apache Cassandra
+baseurl=https://downloads.apache.org/cassandra/redhat/311x/
+gpgcheck=1
+repo_gpgcheck=1
+gpgkey=https://downloads.apache.org/cassandra/KEYS
diff --git a/roles/build/templates/cassandra/start.sh.j2 b/roles/build/templates/cassandra/start.sh.j2
new file mode 100644
index 0000000000000000000000000000000000000000..fa91e921956d5d2d6fa1be6812a9794071b20965
--- /dev/null
+++ b/roles/build/templates/cassandra/start.sh.j2
@@ -0,0 +1,10 @@
+#!/bin/bash
+export CASSANDRA_HOME=/usr/share/cassandra
+export CASSANDRA_CONF=$CASSANDRA_HOME/conf
+export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh
+log_file=/var/log/cassandra/cassandra.log
+pid_file=/var/run/cassandra/cassandra.pid
+lock_file=/var/lock/subsys/cassandra
+CASSANDRA_PROG=/usr/sbin/cassandra
+
+$CASSANDRA_PROG -p $pid_file > $log_file 2>&1
diff --git a/roles/build/templates/cassandra/supervisord.conf.j2 b/roles/build/templates/cassandra/supervisord.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..d1f405eb91d5bae99af653dae0d5c246ae723f08
--- /dev/null
+++ b/roles/build/templates/cassandra/supervisord.conf.j2
@@ -0,0 +1,10 @@
+[supervisord]
+loglevel=debug
+nodaemon=true
+[program:cassandra]
+user=cassandra
+directory=/usr/share/cassandra
+stdout_logfile=/var/log/cassandra/cassandra.log
+redirect_stderr=true
+environment=CASSANDRA_HOME="/usr/share/cassandra",CASSANDRA_CONF="/usr/share/cassandra/conf",CASSANDRA_INCLUDE="$CASSANDRA_HOME/cassandra.in.sh"
+command=/usr/sbin/cassandra -p /var/run/cassandra/cassandra.pid
diff --git a/roles/build/templates/cortex/Dockerfile.j2 b/roles/build/templates/cortex/Dockerfile.j2
index ceeb6a59132f30e1ca21978a4ee873b97f05e2d3..d56dbf02c14be1e71860da43814eddc904aa7177 100644
--- a/roles/build/templates/cortex/Dockerfile.j2
+++ b/roles/build/templates/cortex/Dockerfile.j2
@@ -1,6 +1,9 @@
FROM {{repo}}/openjdk:{{version}}{{suffix}}
USER root
+#COPY thehive.repo /etc/yum.repos.d/thehive.repo
+#COPY supervisord.conf /etc/supervisord.conf
+#COPY start.sh /start.sh
RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
echo "enabled=1" >> /etc/yum.repos.d/thehive.repo && \
echo "priority=1" >> /etc/yum.repos.d/thehive.repo && \
@@ -10,7 +13,7 @@ RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
yum install -y epel-release && \
rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
- yum install -y cortex supervisor rsync daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch gcc-c++ whois && \
+ yum install -y cortex supervisor daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch gcc-c++ whois && \
rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.8.13.rpm && \
chown -R elasticsearch:elasticsearch /etc/elasticsearch && \
mkdir -p /home/cortex && \
@@ -24,5 +27,6 @@ RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
for I in responders/*/requirements.txt; do LC_ALL=en_US.UTF-8 pip3 install --no-cache-dir -U -r $I || true; done && \
yum -y clean all
EXPOSE 9001
-COPY cortexsupervisord.conf /etc/supervisord.conf
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER cortex
+# ENTRYPOINT ["/start.sh"]
diff --git a/roles/build/templates/cortex/application.conf b/roles/build/templates/cortex/application.conf
index afe42a610e0b4865af6e2d382cc88e46d7943882..0e28b4d0d71643d558b0d014be354985a02d19c7 100644
--- a/roles/build/templates/cortex/application.conf
+++ b/roles/build/templates/cortex/application.conf
@@ -17,7 +17,7 @@ search {
index = cortex3
# ElasticSearch instance address.
# For cluster, join address:port with ',': "http://ip1:9200,ip2:9200,ip3:9200"
- uri = "http://soctools-elastic:9200"
+ uri = "http://dsoclab-elastic:9200"
## Advanced configuration
# Scroll keepalive.
diff --git a/roles/build/templates/haproxy/Dockerfile.j2 b/roles/build/templates/haproxy/Dockerfile.j2
index 6c34d74ce038ef6feaa1bde99b2d823a30a830a9..d9f84c4c3ec60e5593ab4a3ccffee1660585260e 100644
--- a/roles/build/templates/haproxy/Dockerfile.j2
+++ b/roles/build/templates/haproxy/Dockerfile.j2
@@ -24,8 +24,6 @@ RUN \
iptables \
pcre2-devel \
daemonize \
- supervisor \
- rsync \
pth-devel && \
`# Install newest openssl...` \
wget -O /tmp/openssl.tgz https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \
@@ -64,5 +62,10 @@ RUN \
&& cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors \
&& rm -rf /usr/src/haproxy
-COPY haproxysupervisord.conf /etc/supervisord.conf
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+ENTRYPOINT ["/bin/bash"]
+
+# https://www.haproxy.org/download/1.8/doc/management.txt
+# "4. Stopping and restarting HAProxy"
+# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed"
+# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process"
+STOPSIGNAL SIGUSR1
diff --git a/roles/build/templates/keycloak/Dockerfile.j2 b/roles/build/templates/keycloak/Dockerfile.j2
index 561a6466f121ee2462dab388ed99a580f16ba39c..d8c3b6b46b96dac244154889943bb2aad256605c 100644
--- a/roles/build/templates/keycloak/Dockerfile.j2
+++ b/roles/build/templates/keycloak/Dockerfile.j2
@@ -11,7 +11,7 @@ USER root
#ADD /{{role_path}}/templates/keycloak/keycloak-tools /opt/jboss/tools
ADD keycloak-tools /opt/jboss/tools
#ADD ../templates/keycloak/keycloak-tools /opt/jboss/tools
-RUN yum -y install openssl supervisor rsync && yum -y clean all && \
+RUN yum -y install openssl && yum -y clean all && \
mkdir -p /opt/jboss/ && cd /opt/jboss/ && \
curl -L $KEYCLOAK_DIST | tar zx && \
mv /opt/jboss/keycloak-* /opt/jboss/keycloak && \
@@ -27,7 +27,6 @@ RUN yum -y install openssl supervisor rsync && yum -y clean all && \
adduser -u 1000 -g 0 -d /opt/jboss jboss && \
chown -R jboss:root /opt/jboss && \
chmod -R g+rwX /opt/jboss && \
- chmod a+x /opt/jboss/tools/x509.sh && \
mkdir -p /etc/x509/{https,ca} && chown -R jboss:root /etc/x509/{https,ca}
ENV PATH="/opt/jboss/keycloak/bin:${PATH}"
@@ -37,8 +36,6 @@ WORKDIR /opt/jboss/keycloak
EXPOSE 8080
EXPOSE 8443
-RUN echo 'jboss ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
-
-COPY keycloaksupervisord.conf /etc/supervisord.conf
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER jboss
+ENTRYPOINT ["/bin/bash"]
diff --git a/roles/build/templates/misp/Dockerfile.j2 b/roles/build/templates/misp/Dockerfile.j2
index 85c96482f222cafeaf587b157dfda1eb28c84a43..b99d2a84cffc07c99a2622c5bba30c3e479a7425 100644
--- a/roles/build/templates/misp/Dockerfile.j2
+++ b/roles/build/templates/misp/Dockerfile.j2
@@ -2,7 +2,7 @@ FROM {{repo}}/centos:{{version}}{{suffix}}
USER root
RUN yum install -y epel-release centos-release-scl scl-utils ; \
- yum install -y gcc git zip openssl supervisor rsync rh-git218 httpd24 mod_ssl mod_auth_openidc rh-redis32 libxslt-devel zlib-devel libcaca-devel ssdeep-devel rh-php72 rh-php72-php-fpm rh-php72-php-devel rh-php72-php-mysqlnd rh-php72-php-mbstring rh-php72-php-xml rh-php72-php-bcmath rh-php72-php-opcache rh-php72-php-gd mariadb devtoolset-7 make cmake3 cppcheck libcxx-devel gpgme-devel openjpeg-devel gcc gcc-c++ poppler-cpp-devel pkgconfig python-devel redhat-rpm-config rubygem-rouge rubygem-asciidoctor zbar-devel opencv-devel wget screen rh-python36-mod_wsgi postfix curl make cmake python3 python3-devel python3-pip python3-yara python3-wheel python3-redis python3-zmq python3-setuptools redis sudo vim zip sqlite moreutils rng-tools libxml2-devel libxslt-devel zlib-devel libpqxx openjpeg2-devel ssdeep-devel ruby asciidoctor tesseract ImageMagick poppler-cpp-devel python36-virtualenv opencv-devel zbar zbar-devel ; \
+ yum install -y gcc git zip openssl supervisor rh-git218 httpd24 mod_ssl mod_auth_openidc rh-redis32 libxslt-devel zlib-devel libcaca-devel ssdeep-devel rh-php72 rh-php72-php-fpm rh-php72-php-devel rh-php72-php-mysqlnd rh-php72-php-mbstring rh-php72-php-xml rh-php72-php-bcmath rh-php72-php-opcache rh-php72-php-gd mariadb devtoolset-7 make cmake3 cppcheck libcxx-devel gpgme-devel openjpeg-devel gcc gcc-c++ poppler-cpp-devel pkgconfig python-devel redhat-rpm-config rubygem-rouge rubygem-asciidoctor zbar-devel opencv-devel wget screen rh-python36-mod_wsgi postfix curl make cmake python3 python3-devel python3-pip python3-yara python3-wheel python3-redis python3-zmq python3-setuptools redis sudo vim zip sqlite moreutils rng-tools libxml2-devel libxslt-devel zlib-devel libpqxx openjpeg2-devel ssdeep-devel ruby asciidoctor tesseract ImageMagick poppler-cpp-devel python36-virtualenv opencv-devel zbar zbar-devel ; \
yum -y clean all ; \
sed -i "s/max_execution_time = 30/max_execution_time = 300/" /etc/opt/rh/rh-php72/php.ini ; \
sed -i "s/memory_limit = 128M/memory_limit = 2048M/" /etc/opt/rh/rh-php72/php.ini ; \
@@ -76,12 +76,9 @@ RUN chown -R apache:apache /var/www/MISP ; \
chmod -R g+ws /var/www/MISP/app/files ; \
chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
-COPY misp_rh-php72-php-fpm /etc/logrotate.d/rh-php72-php-fpm
-
# 80/443 - MISP web server, 3306 - mysql, 6379 - redis, 6666 - MISP modules, 50000 - MISP ZeroMQ
EXPOSE 80 443 6443 6379 6666 50000
-ENV PATH "$PATH:/opt/rh/rh-php72/root/bin/"
-
COPY mispsupervisord.conf /etc/supervisord.conf
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+
diff --git a/roles/build/templates/misp/supervisord.conf.j2 b/roles/build/templates/misp/supervisord.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..fbd4dea3bbd292aa2eea51772ecc559dc0b51703
--- /dev/null
+++ b/roles/build/templates/misp/supervisord.conf.j2
@@ -0,0 +1,25 @@
+[supervisord]
+nodaemon=false
+user=root
+
+[program:php-fpm]
+# EnvironmentFile=/etc/opt/rh/rh-php72/sysconfig/php-fpm
+command=/opt/rh/rh-php72/root/usr/sbin/php-fpm --nodaemonize
+
+[program:redis-server]
+process_name = redis-server
+directory = /var/opt/rh/rh-redis32/lib/redis/
+command=/opt/rh/rh-redis32/root/usr/bin/redis-server /etc/opt/rh/rh-redis32/redis.conf
+user=redis
+
+[program:apache2]
+command=/usr/sbin/httpd -DFOREGROUND
+
+[program:misp-modules]
+command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s"
+user = apache
+startsecs = 0
+
+[program:workers]
+command=/bin/bash /var/www/MISP/app/Console/worker/start.sh
+user=apache
diff --git a/roles/build/templates/mysql/Dockerfile.j2 b/roles/build/templates/mysql/Dockerfile.j2
index 393eb3f8a06e049cbdb9b180f0cd4f093e7e86ab..c7b7d23bf199b273f76110b320863916cf173c67 100644
--- a/roles/build/templates/mysql/Dockerfile.j2
+++ b/roles/build/templates/mysql/Dockerfile.j2
@@ -2,7 +2,7 @@ FROM {{repo}}/centos:{{version}}{{suffix}}
USER root
RUN yum -y update && yum install -y epel-release centos-release-scl scl-utils && \
- yum install -y rh-mariadb103 python36-PyMySQL MySQL-python supervisor rsync && \
+ yum install -y rh-mariadb103 python36-PyMySQL MySQL-python supervisor && \
/usr/bin/scl enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysql-prepare-db-dir /var/opt/rh/rh-mariadb103/lib/mysql
RUN yum clean all
diff --git a/roles/build/templates/mysql/supervisord.conf.j2 b/roles/build/templates/mysql/supervisord.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..e44e9fe1189eae3241d8bb1001c3a081a386353c
--- /dev/null
+++ b/roles/build/templates/mysql/supervisord.conf.j2
@@ -0,0 +1,7 @@
+[supervisord]
+loglevel=debug
+nodaemon=true
+[program:mysql]
+user=mysql
+directory=/var/lib/mysql
+command=/opt/rh/rh-mariadb103/root/usr/libexec/mysqld-scl-helper enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysqld --basedir=/opt/rh/rh-mariadb103/root/usr
diff --git a/roles/build/templates/nifi/Dockerfile.j2 b/roles/build/templates/nifi/Dockerfile.j2
index 63c51747ea349daa1509f556ee4c323043635c3c..d3408b16d5a52ad7cb48463cd1f543d2ab25c327 100644
--- a/roles/build/templates/nifi/Dockerfile.j2
+++ b/roles/build/templates/nifi/Dockerfile.j2
@@ -44,8 +44,6 @@ RUN groupadd -g ${GID} nifi || groupmod -n nifi `getent group ${GID} | cut -d: -
&& chown -R nifi:nifi ${NIFI_BASE_DIR} \
&& yum -y install jq xmlstarlet procps-ng
-RUN echo 'nifi ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
-
USER nifi
# Download, validate, and expand Apache NiFi Toolkit binary.
@@ -96,8 +94,4 @@ WORKDIR ${NIFI_HOME}
# Also we need to use relative path, because the exec form does not invoke a command shell,
# thus normal shell processing does not happen:
# https://docs.docker.com/engine/reference/builder/#exec-form-entrypoint-example
-USER root
-RUN yum install -y supervisor rsync
-RUN yum clean all
-COPY nifisupervisord.conf /etc/supervisord.conf
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+ENTRYPOINT ["/bin/bash"]
diff --git a/roles/build/templates/elasticsearch/Dockerfile.j2 b/roles/build/templates/odfees/Dockerfile-elastic.j2
similarity index 85%
rename from roles/build/templates/elasticsearch/Dockerfile.j2
rename to roles/build/templates/odfees/Dockerfile-elastic.j2
index 6f273d635c0c0135bf99fc07efe06c37134c5379..dd2ad126108e11ad523a8357393f1810de46d650 100644
--- a/roles/build/templates/elasticsearch/Dockerfile.j2
+++ b/roles/build/templates/odfees/Dockerfile-elastic.j2
@@ -15,8 +15,7 @@ RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
chown -R elasticsearch /usr/share/elasticsearch/data && \
sed -i -e 's,ES_PATH_CONF=/etc/elasticsearch,ES_PATH_CONF=/usr/share/elasticsearch/config,g' /etc/sysconfig/elasticsearch
-RUN echo 'elasticsearch ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
-
EXPOSE 9200 9300
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER elasticsearch
+ENTRYPOINT ["/bin/bash"]
diff --git a/roles/build/templates/odfees/Dockerfile.j2 b/roles/build/templates/odfees/Dockerfile-odfeelastic.j2
similarity index 74%
rename from roles/build/templates/odfees/Dockerfile.j2
rename to roles/build/templates/odfees/Dockerfile-odfeelastic.j2
index a4834a5e3caff38bd7f76182455a747638c2f952..0803d0bf517d57ce14364bd35be194f6bdbae0cc 100644
--- a/roles/build/templates/odfees/Dockerfile.j2
+++ b/roles/build/templates/odfees/Dockerfile-odfeelastic.j2
@@ -12,8 +12,5 @@ RUN for PLUGIN in \
do bin/elasticsearch-plugin install -b ${PLUGIN}; done && \
chown -R elasticsearch plugins/opendistro_security
-RUN echo 'elasticsearch ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
-RUN yum install -y supervisor rsync
-RUN yum clean all
-COPY odfesupervisord.conf /etc/supervisord.conf
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER elasticsearch
+
diff --git a/roles/build/templates/odfekibana/Dockerfile-kibana.j2 b/roles/build/templates/odfekibana/Dockerfile-kibana.j2
index 05a1c40b3ac3cb718e524cef5225102e7ece1e55..c443597ddd2a10457ce9163c7b4dd722f2d8790f 100644
--- a/roles/build/templates/odfekibana/Dockerfile-kibana.j2
+++ b/roles/build/templates/odfekibana/Dockerfile-kibana.j2
@@ -1,8 +1,5 @@
FROM {{repo}}/centos:{{version}}{{suffix}}
-RUN yum install -y supervisor rsync
-RUN yum clean all
-
ENV PATH="/usr/share/kibana/bin:${PATH}"
RUN groupadd -g 1000 kibana && \
@@ -15,9 +12,7 @@ RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
cp -a /etc/kibana/ /usr/share/kibana/config/ && \
chown -R kibana /usr/share/kibana/config/
-RUN echo 'kibana ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
-
EXPOSE 5601
-COPY kibanasupervisord.conf /etc/supervisord.conf
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER kibana
+ENTRYPOINT ["/bin/bash"]
diff --git a/roles/build/templates/odfekibana/Dockerfile.j2 b/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2
similarity index 92%
rename from roles/build/templates/odfekibana/Dockerfile.j2
rename to roles/build/templates/odfekibana/Dockerfile-odfekibana.j2
index 61f325452efcdf5446437b5f391d8011997b5294..ee69568d34d6fe879de100414f8f3b96b2252d7f 100644
--- a/roles/build/templates/odfekibana/Dockerfile.j2
+++ b/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2
@@ -14,4 +14,5 @@ RUN for PLUGIN in \
ADD thehive_button /usr/share/kibana/plugins/thehive_button
RUN chown -R kibana:kibana /usr/share/kibana/plugins/thehive_button
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER kibana
+
diff --git a/roles/build/templates/thehive/Dockerfile.j2 b/roles/build/templates/thehive/Dockerfile.j2
index 870e3ac179c6ee643639f63d0b69eff9ed900f95..773c7c2c7846ade845264764c68e22f36a0cf957 100644
--- a/roles/build/templates/thehive/Dockerfile.j2
+++ b/roles/build/templates/thehive/Dockerfile.j2
@@ -1,6 +1,9 @@
FROM {{repo}}/openjdk:{{version}}{{suffix}}
USER root
+#COPY thehive.repo /etc/yum.repos.d/thehive.repo
+#COPY supervisord.conf /etc/supervisord.conf
+#COPY start.sh /start.sh
RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
echo "enabled=1" >> /etc/yum.repos.d/thehive.repo && \
echo "priority=1" >> /etc/yum.repos.d/thehive.repo && \
@@ -9,12 +12,13 @@ RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
echo "gpgcheck=1" >> /etc/yum.repos.d/thehive.repo && \
yum install -y epel-release && \
rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
- yum install -y thehive4 supervisor daemonize vim net-tools telnet htop rsync && \
+ yum install -y thehive4 supervisor daemonize vim net-tools telnet htop && \
mkdir -p /opt/thp_data/files/thehive && \
chown -R thehive:thehive /opt/thp_data/files/thehive && \
mkdir -p /home/thehive && \
chown -R thehive:thehive /home/thehive /etc/thehive && \
yum -y clean all
EXPOSE 9000
-COPY thehivesupervisord.conf /etc/supervisord.conf
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+USER thehive
+# ENTRYPOINT ["/start.sh"]
diff --git a/roles/build/templates/thehive/start.sh b/roles/build/templates/thehive/start.sh
new file mode 100644
index 0000000000000000000000000000000000000000..fa91e921956d5d2d6fa1be6812a9794071b20965
--- /dev/null
+++ b/roles/build/templates/thehive/start.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+export CASSANDRA_HOME=/usr/share/cassandra
+export CASSANDRA_CONF=$CASSANDRA_HOME/conf
+export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh
+log_file=/var/log/cassandra/cassandra.log
+pid_file=/var/run/cassandra/cassandra.pid
+lock_file=/var/lock/subsys/cassandra
+CASSANDRA_PROG=/usr/sbin/cassandra
+
+$CASSANDRA_PROG -p $pid_file > $log_file 2>&1
diff --git a/roles/build/templates/thehive/supervisord.conf b/roles/build/templates/thehive/supervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..d1f405eb91d5bae99af653dae0d5c246ae723f08
--- /dev/null
+++ b/roles/build/templates/thehive/supervisord.conf
@@ -0,0 +1,10 @@
+[supervisord]
+loglevel=debug
+nodaemon=true
+[program:cassandra]
+user=cassandra
+directory=/usr/share/cassandra
+stdout_logfile=/var/log/cassandra/cassandra.log
+redirect_stderr=true
+environment=CASSANDRA_HOME="/usr/share/cassandra",CASSANDRA_CONF="/usr/share/cassandra/conf",CASSANDRA_INCLUDE="$CASSANDRA_HOME/cassandra.in.sh"
+command=/usr/sbin/cassandra -p /var/run/cassandra/cassandra.pid
diff --git a/roles/build/templates/thehive/thehive.repo b/roles/build/templates/thehive/thehive.repo
new file mode 100644
index 0000000000000000000000000000000000000000..ff3806454fc41de2193c94a2a4da095b763d95bf
--- /dev/null
+++ b/roles/build/templates/thehive/thehive.repo
@@ -0,0 +1,7 @@
+[thehive-project]
+enabled=1
+priority=1
+name=TheHive-Project RPM repository
+baseurl=http://rpm.thehive-project.org/stable/noarch
+gpgcheck=1
+
diff --git a/roles/build/templates/zookeeper/Dockerfile.j2 b/roles/build/templates/zookeeper/Dockerfile.j2
index 19ae977882802ec3725ce8f7875b4801786153cf..209069c8137b1ee53bac1fbecda2efc9f388e9e2 100644
--- a/roles/build/templates/zookeeper/Dockerfile.j2
+++ b/roles/build/templates/zookeeper/Dockerfile.j2
@@ -29,8 +29,6 @@ EXPOSE 2181 2888 3888
WORKDIR ${ZOOKEEPER_BASE_DIR}/zookeeper
-#ENTRYPOINT ["/opt/zookeeper/bin/zkServer.sh"]
-#CMD ["start-foreground"]
-RUN yum install supervisor rsync -y
-COPY zookeepersupervisord.conf /etc/supervisord.conf
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+ENTRYPOINT ["/opt/zookeeper/bin/zkServer.sh"]
+CMD ["start-foreground"]
+
diff --git a/roles/ca/files/CA/.rnd b/roles/ca/files/CA/.rnd
new file mode 100644
index 0000000000000000000000000000000000000000..b7292db0335ef4cf2d62de2a5e033524b2ad01a1
Binary files /dev/null and b/roles/ca/files/CA/.rnd differ
diff --git a/roles/ca/files/CA/ca.crt b/roles/ca/files/CA/ca.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/ca/files/CA/ca.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/01EC4DAD3E5E47CF4E4B98495932B337.pem b/roles/ca/files/CA/certs_by_serial/01EC4DAD3E5E47CF4E4B98495932B337.pem
new file mode 100644
index 0000000000000000000000000000000000000000..ad6921cea4ea5b8001bf8a8586b1e446dc752e9d
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/01EC4DAD3E5E47CF4E4B98495932B337.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 01:ec:4d:ad:3e:5e:47:cf:4e:4b:98:49:59:32:b3:37
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:25 2020 GMT
+ Not After : Oct 15 10:47:25 2023 GMT
+ Subject: CN=dsoclab-nifi-1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c3:af:ef:b7:a1:95:47:5f:55:ea:7e:e8:d6:fd:
+ d5:e3:19:68:2e:72:1f:90:62:a8:79:76:d8:d2:f6:
+ 51:df:71:80:37:5a:ec:7d:fb:6d:78:6e:37:fe:e5:
+ 1b:c8:d5:73:e4:c9:a5:cb:e8:4a:48:26:c6:e0:a6:
+ 5e:14:2c:90:b1:81:b2:69:31:e2:44:85:97:f5:60:
+ 12:88:06:9d:8d:cf:4a:a2:77:b3:d9:ff:f3:41:40:
+ 4c:21:e1:73:8d:98:82:2f:37:27:0c:24:d8:67:bd:
+ c7:05:50:40:c5:a9:d0:e4:3f:bb:0c:72:29:7c:be:
+ 06:01:96:03:b8:a0:42:c4:6f:6f:da:aa:17:34:5f:
+ 5e:f3:73:0e:77:b5:7a:9a:59:e3:3c:d1:39:50:17:
+ 2f:53:18:05:82:34:29:1b:19:56:2e:c2:db:24:79:
+ 51:0f:a8:d9:66:3c:72:1e:a0:f7:03:d6:e9:e5:c6:
+ b9:be:94:e4:84:bd:cd:93:26:eb:3b:17:bb:cd:e5:
+ 58:25:f2:28:35:a4:b1:70:df:32:54:85:f6:3c:20:
+ 9f:88:8b:5d:83:a2:c4:1e:31:d9:a1:76:1d:2e:3c:
+ f8:78:64:a4:dd:3a:b2:56:65:bf:a8:2a:a8:ed:62:
+ c9:62:2c:72:bd:9d:7e:6b:1f:80:ea:bc:33:60:47:
+ d3:0f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 87:9A:8D:12:3A:69:8D:89:98:F6:95:D0:F2:ED:C3:DC:ED:A0:22:12
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-1, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 8d:23:38:a7:aa:d0:58:03:f2:98:19:da:62:c6:55:cb:d5:c5:
+ 05:dd:55:c5:f9:41:46:ec:75:06:be:0a:0b:7b:0f:ac:10:dd:
+ 86:bf:4f:6e:05:c1:7b:c1:1d:1c:ce:c7:f0:a9:0c:6e:79:fe:
+ c2:49:18:d5:5d:4a:ae:c8:d8:ab:ec:45:95:94:c1:8b:30:da:
+ 52:1a:42:3c:41:77:65:9e:8a:63:f5:52:c2:71:b7:e2:56:43:
+ bd:89:3a:fa:14:bd:d7:7a:b2:60:43:82:c0:df:4a:e0:a7:02:
+ fd:d7:f6:56:9a:0f:ad:f4:ee:00:06:fb:75:b9:96:63:c8:b3:
+ 75:1f:c6:9d:3b:9d:1a:29:cd:09:f0:80:31:5c:4e:97:62:91:
+ 73:84:aa:11:cc:4b:00:15:a1:92:62:2a:6b:d4:d6:4c:ed:a5:
+ 89:fe:12:c9:d1:0b:48:b8:97:26:e4:5b:ab:da:fe:2d:54:ca:
+ 55:23:8b:22:7f:a1:12:4a:21:3e:9e:bb:48:d6:82:b6:a2:cc:
+ 83:15:5d:5f:c7:52:a1:01:01:70:60:3f:64:b4:1d:85:4f:56:
+ b7:67:77:b8:ea:59:7a:85:ce:e3:4a:e1:d6:2f:e0:b2:60:44:
+ 3a:08:3a:b5:0e:fc:88:ad:e5:a1:f1:a8:79:37:c4:52:02:f0:
+ 5b:05:94:0e
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQAexNrT5eR89OS5hJWTKzNzANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjVaFw0yMzEwMTUx
+MDQ3MjVaMBkxFzAVBgNVBAMMDmRzb2NsYWItbmlmaS0xMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAw6/vt6GVR19V6n7o1v3V4xloLnIfkGKoeXbY0vZR
+33GAN1rsfftteG43/uUbyNVz5Mmly+hKSCbG4KZeFCyQsYGyaTHiRIWX9WASiAad
+jc9Konez2f/zQUBMIeFzjZiCLzcnDCTYZ73HBVBAxanQ5D+7DHIpfL4GAZYDuKBC
+xG9v2qoXNF9e83MOd7V6mlnjPNE5UBcvUxgFgjQpGxlWLsLbJHlRD6jZZjxyHqD3
+A9bp5ca5vpTkhL3NkybrOxe7zeVYJfIoNaSxcN8yVIX2PCCfiItdg6LEHjHZoXYd
+Ljz4eGSk3TqyVmW/qCqo7WLJYixyvZ1+ax+A6rwzYEfTDwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFIeajRI6aY2JmPaV0PLtw9ztoCISMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1uaWZpLTGCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAjSM4p6rQ
+WAPymBnaYsZVy9XFBd1VxflBRux1Br4KC3sPrBDdhr9PbgXBe8EdHM7H8KkMbnn+
+wkkY1V1KrsjYq+xFlZTBizDaUhpCPEF3ZZ6KY/VSwnG34lZDvYk6+hS913qyYEOC
+wN9K4KcC/df2VpoPrfTuAAb7dbmWY8izdR/GnTudGinNCfCAMVxOl2KRc4SqEcxL
+ABWhkmIqa9TWTO2lif4SydELSLiXJuRbq9r+LVTKVSOLIn+hEkohPp67SNaCtqLM
+gxVdX8dSoQEBcGA/ZLQdhU9Wt2d3uOpZeoXO40rh1i/gsmBEOgg6tQ78iK3lofGo
+eTfEUgLwWwWUDg==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/1DD9AF5415359961C578D1B98BFA6E9F.pem b/roles/ca/files/CA/certs_by_serial/1DD9AF5415359961C578D1B98BFA6E9F.pem
new file mode 100644
index 0000000000000000000000000000000000000000..af57c1e1d395c9d3bdbf1f4c5c18458fdcc4e02d
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/1DD9AF5415359961C578D1B98BFA6E9F.pem
@@ -0,0 +1,84 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 1d:d9:af:54:15:35:99:61:c5:78:d1:b9:8b:fa:6e:9f
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:52 2020 GMT
+ Not After : Oct 15 10:47:52 2023 GMT
+ Subject: CN=Bozidar Proevski
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:9a:de:00:fd:f1:e9:b9:29:d9:58:d0:47:21:cf:
+ 4b:67:17:f7:a9:02:93:17:cf:57:5b:6f:db:26:90:
+ 30:09:0b:d9:c5:66:5e:f6:22:66:ab:48:06:aa:6c:
+ 88:b3:fd:93:45:a4:60:c9:5f:2b:6c:af:db:68:5e:
+ 27:e6:85:71:27:b7:20:52:61:df:14:1b:da:06:39:
+ b2:21:20:4b:22:48:b7:4b:76:44:02:b1:89:5f:0e:
+ 59:22:cb:b9:c9:1e:8d:a0:ac:28:5d:e5:ae:c8:ea:
+ cc:05:20:a2:60:11:12:8d:6d:88:0a:73:e8:7c:68:
+ 9c:48:2c:c9:a8:c6:9d:c3:3c:c1:e7:f4:07:f7:5b:
+ 6e:42:3d:3d:0f:85:6f:e2:b9:88:a9:d0:02:84:b8:
+ 19:6a:ae:13:a1:97:50:98:16:c8:0c:1b:bd:02:c8:
+ 5f:a3:2f:73:7e:25:f8:8c:e7:92:43:c7:6a:75:bc:
+ 85:ea:1c:47:28:ce:2c:9b:3a:8f:a8:07:e9:8c:8a:
+ 75:3e:c1:97:32:ce:e3:c5:ca:1e:0a:d7:3c:77:0a:
+ d2:ab:51:c3:e5:dc:37:90:1a:35:bf:a0:4a:aa:bd:
+ 38:ef:9e:6d:f8:81:37:7f:d3:77:23:c6:5b:63:98:
+ 64:07:2f:47:fd:7d:21:2f:57:c2:d8:44:00:c2:29:
+ 22:79
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ A3:9F:29:21:E0:E5:18:E4:CB:4C:2D:7F:84:2F:AF:F2:49:F0:83:3A
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ ad:cb:66:5d:b7:29:e5:19:7b:7c:ae:23:50:58:34:db:c9:79:
+ 39:de:57:83:34:03:6d:bc:bf:e2:31:79:9d:2b:a2:7a:e0:c4:
+ c8:19:96:e0:20:f3:05:2a:a6:f4:b8:90:c4:ea:8d:5e:86:e1:
+ 13:99:59:0f:da:c8:3d:96:0d:78:04:4f:26:9c:6a:7c:8e:50:
+ 5a:30:f1:37:dc:26:99:28:35:f8:25:b9:4b:f8:d2:f0:d3:b5:
+ 61:32:c9:9c:43:39:21:43:c1:de:0d:4d:8e:e5:6f:a1:58:e5:
+ 01:84:d6:a5:de:88:2a:55:9f:ec:de:be:b1:13:61:33:dd:50:
+ 19:89:dd:11:48:5e:c2:14:8d:69:8f:a9:43:73:80:71:8f:54:
+ ba:da:74:b4:26:ec:5b:82:88:84:90:6d:f7:58:3f:78:d3:20:
+ 5b:c3:9b:82:85:b7:ef:98:12:4f:ba:e8:38:f3:8c:af:85:91:
+ 66:40:fe:a9:b2:fd:d6:76:ad:70:b7:b5:33:88:64:31:97:81:
+ d9:c6:ec:47:9b:af:3f:31:c8:de:0c:cc:88:3d:b7:6f:6f:19:
+ 24:f1:ae:ff:de:95:31:3f:38:e5:ed:a1:e1:e4:6b:54:1f:26:
+ b8:53:79:cf:fe:89:ba:bc:35:a1:bc:2f:8a:07:a2:eb:0d:90:
+ 72:ad:8a:60
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAjugAwIBAgIQHdmvVBU1mWHFeNG5i/punzANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3NTJaFw0yMzEwMTUx
+MDQ3NTJaMBsxGTAXBgNVBAMMEEJvemlkYXIgUHJvZXZza2kwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCa3gD98em5KdlY0Echz0tnF/epApMXz1dbb9sm
+kDAJC9nFZl72ImarSAaqbIiz/ZNFpGDJXytsr9toXifmhXEntyBSYd8UG9oGObIh
+IEsiSLdLdkQCsYlfDlkiy7nJHo2grChd5a7I6swFIKJgERKNbYgKc+h8aJxILMmo
+xp3DPMHn9Af3W25CPT0PhW/iuYip0AKEuBlqrhOhl1CYFsgMG70CyF+jL3N+JfiM
+55JDx2p1vIXqHEcoziybOo+oB+mMinU+wZcyzuPFyh4K1zx3CtKrUcPl3DeQGjW/
+oEqqvTjvnm34gTd/03cjxltjmGQHL0f9fSEvV8LYRADCKSJ5AgMBAAGjgZcwgZQw
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUo58pIeDlGOTLTC1/hC+v8knwgzowRgYDVR0j
+BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
+T0xTLUNBggkAinSTJoBbQrcwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQD
+AgeAMA0GCSqGSIb3DQEBCwUAA4IBAQCty2ZdtynlGXt8riNQWDTbyXk53leDNANt
+vL/iMXmdK6J64MTIGZbgIPMFKqb0uJDE6o1ehuETmVkP2sg9lg14BE8mnGp8jlBa
+MPE33CaZKDX4JblL+NLw07VhMsmcQzkhQ8HeDU2O5W+hWOUBhNal3ogqVZ/s3r6x
+E2Ez3VAZid0RSF7CFI1pj6lDc4Bxj1S62nS0JuxbgoiEkG33WD940yBbw5uChbfv
+mBJPuug484yvhZFmQP6psv3Wdq1wt7UziGQxl4HZxuxHm68/McjeDMyIPbdvbxkk
+8a7/3pUxPzjl7aHh5GtUHya4U3nP/om6vDWhvC+KB6LrDZByrYpg
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/560A99C5A03FC4B9FC92FDC62F419BB9.pem b/roles/ca/files/CA/certs_by_serial/560A99C5A03FC4B9FC92FDC62F419BB9.pem
new file mode 100644
index 0000000000000000000000000000000000000000..a648174921d6bb3ffe09aaffedfee1e442fccce6
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/560A99C5A03FC4B9FC92FDC62F419BB9.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 56:0a:99:c5:a0:3f:c4:b9:fc:92:fd:c6:2f:41:9b:b9
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:27 2020 GMT
+ Not After : Oct 15 10:47:27 2023 GMT
+ Subject: CN=dsoclab-odfe-2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c7:a5:e1:3f:e0:a3:22:69:f1:b4:15:5e:b9:3c:
+ db:d7:44:bb:d9:c7:69:94:5b:c1:7d:a3:34:4d:3e:
+ 88:0a:e2:8f:2e:d3:98:94:ae:b4:1f:49:a3:fd:4b:
+ 27:16:70:ab:03:ab:cd:4c:02:2a:7b:ed:3a:ff:49:
+ 49:2e:3b:88:f6:59:85:26:de:37:b4:47:9e:1c:be:
+ a3:38:8e:b0:22:6b:ca:c5:12:e5:be:40:9c:57:7a:
+ 4d:02:0c:db:13:c5:9d:d2:85:df:99:57:32:90:37:
+ 54:08:16:46:01:54:da:0c:77:31:63:39:46:27:88:
+ 3f:f4:ad:4e:e6:fd:0a:3e:9d:98:9a:53:98:90:be:
+ 9b:ee:e3:b2:91:c7:7f:3f:a1:b9:62:f8:7a:1e:cc:
+ b4:23:ed:82:a0:5c:ad:86:7b:50:53:c9:ec:57:04:
+ 44:1c:12:f6:33:3f:68:42:f8:b7:2f:25:91:1c:aa:
+ b0:df:17:6b:ed:6d:cc:6d:a7:d6:b7:07:6b:61:a5:
+ 16:51:9f:02:07:ad:b2:42:42:ca:0b:b1:2e:c1:6e:
+ 94:2d:3e:5e:88:48:8f:b6:8b:15:b0:48:8e:35:58:
+ ea:b5:90:9c:fb:5a:fa:f5:c7:27:b7:11:30:7a:cb:
+ 36:7c:4f:ea:52:00:47:40:e9:f0:ca:67:63:32:e0:
+ 33:73
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ E6:41:BE:4B:A2:E1:07:EF:2A:FD:16:A7:B6:68:3D:0F:81:F5:15:80
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-odfe-2, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 84:64:d0:92:f6:96:07:be:f1:52:f6:49:15:cd:d0:99:ea:ca:
+ 7f:06:a8:d2:68:e3:8e:c3:a3:a9:2d:f2:b7:4a:74:75:9f:02:
+ b4:6f:77:14:ec:89:f9:a3:b5:35:c8:f2:ad:50:df:24:05:d3:
+ 0a:a8:49:be:19:de:fc:84:a4:61:af:ff:c0:2c:f7:8b:11:87:
+ 34:10:e3:dc:9b:d2:b8:66:0a:f7:3f:05:11:37:41:09:9f:3d:
+ f3:a1:97:b7:62:64:db:5a:46:d9:5a:7a:c8:f7:79:e4:f8:61:
+ 2e:5c:e8:82:8d:fc:0e:8d:a4:4f:fd:33:f1:76:0e:8d:21:f4:
+ 00:5a:e1:a6:96:21:e0:bb:e4:e6:35:8e:b6:61:49:8a:f2:c1:
+ 25:96:cf:c0:f6:e0:0a:0b:75:b5:d5:6c:be:ad:0c:a8:4b:33:
+ 44:72:cc:ef:5f:db:09:e7:b9:6e:60:80:7d:02:e9:ab:06:81:
+ 24:d3:9d:c3:de:f9:a1:f1:f7:77:ee:6d:49:ab:13:72:c6:62:
+ 39:b2:80:32:07:20:51:a3:3e:1a:cf:b9:3a:bc:e3:a1:58:33:
+ 22:6f:68:a9:e9:33:0b:8d:24:72:ea:e3:75:68:a3:69:11:a8:
+ 2d:86:ed:f2:00:74:d6:d4:ab:fc:30:3f:68:6b:b6:d3:61:30:
+ 51:84:09:da
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQVgqZxaA/xLn8kv3GL0GbuTANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
+MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWItb2RmZS0yMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAx6XhP+CjImnxtBVeuTzb10S72cdplFvBfaM0TT6I
+CuKPLtOYlK60H0mj/UsnFnCrA6vNTAIqe+06/0lJLjuI9lmFJt43tEeeHL6jOI6w
+ImvKxRLlvkCcV3pNAgzbE8Wd0oXfmVcykDdUCBZGAVTaDHcxYzlGJ4g/9K1O5v0K
+Pp2YmlOYkL6b7uOykcd/P6G5Yvh6Hsy0I+2CoFythntQU8nsVwREHBL2Mz9oQvi3
+LyWRHKqw3xdr7W3MbafWtwdrYaUWUZ8CB62yQkLKC7EuwW6ULT5eiEiPtosVsEiO
+NVjqtZCc+1r69ccntxEwess2fE/qUgBHQOnwymdjMuAzcwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFOZBvkui4QfvKv0Wp7ZoPQ+B9RWAMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1vZGZlLTKCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAhGTQkvaW
+B77xUvZJFc3QmerKfwao0mjjjsOjqS3yt0p0dZ8CtG93FOyJ+aO1NcjyrVDfJAXT
+CqhJvhne/ISkYa//wCz3ixGHNBDj3JvSuGYK9z8FETdBCZ8986GXt2Jk21pG2Vp6
+yPd55PhhLlzogo38Do2kT/0z8XYOjSH0AFrhppYh4Lvk5jWOtmFJivLBJZbPwPbg
+Cgt1tdVsvq0MqEszRHLM71/bCee5bmCAfQLpqwaBJNOdw975ofH3d+5tSasTcsZi
+ObKAMgcgUaM+Gs+5OrzjoVgzIm9oqekzC40kcurjdWijaRGoLYbt8gB01tSr/DA/
+aGu202EwUYQJ2g==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/5969918F10EF8D2BAE46B26D6D629D8E.pem b/roles/ca/files/CA/certs_by_serial/5969918F10EF8D2BAE46B26D6D629D8E.pem
new file mode 100644
index 0000000000000000000000000000000000000000..796e826426e3266b0a221d1c60110c897892b308
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/5969918F10EF8D2BAE46B26D6D629D8E.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 59:69:91:8f:10:ef:8d:2b:ae:46:b2:6d:6d:62:9d:8e
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:26 2020 GMT
+ Not After : Oct 15 10:47:26 2023 GMT
+ Subject: CN=dsoclab-nifi-3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:a7:48:a0:d3:ab:1e:8c:49:60:8b:b8:bd:9a:aa:
+ 5c:09:62:01:79:89:c9:e5:5f:30:64:38:ca:f1:95:
+ 2d:48:20:81:ef:60:aa:6f:d1:ef:b4:ac:89:8e:e9:
+ f5:16:7d:64:07:b0:3b:75:c3:e1:e1:15:71:64:60:
+ 8f:15:8e:16:8b:de:b8:97:79:a7:83:19:77:5b:aa:
+ 36:82:37:b9:51:a7:95:b5:1f:ac:9d:81:c6:ec:fb:
+ 14:3a:84:77:1e:9c:dd:3c:06:30:a1:5e:d0:8f:b0:
+ c9:5a:13:ad:0e:56:57:bc:1d:3f:be:d7:4c:4b:37:
+ a2:88:72:4d:1a:62:88:08:a0:57:bb:20:ce:7e:af:
+ b7:72:f2:ee:86:1a:b1:28:3b:41:f4:d3:ea:14:74:
+ 90:e1:33:41:1a:92:e2:2e:ec:d3:20:60:60:61:d6:
+ fc:0e:3f:57:43:88:5f:10:29:20:51:40:46:ed:5d:
+ 9f:d1:5a:e7:4b:52:f4:d4:23:60:4a:22:a7:92:6c:
+ d4:cb:20:01:a6:b9:53:71:7a:71:02:e1:05:72:41:
+ a5:42:9f:41:47:2c:30:7e:0c:b1:73:cc:f7:63:60:
+ 27:3f:3d:36:93:14:aa:7e:12:ed:1b:f1:cb:4d:e8:
+ 7c:32:20:50:f5:2d:7d:06:0a:93:cf:7a:85:2b:0b:
+ a6:b1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ C9:B8:02:23:C4:2E:F5:FE:C9:34:45:77:33:0D:89:CE:D9:A3:30:2A
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-3, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 32:20:b3:1c:e1:c9:a4:19:75:14:32:1b:cd:c2:83:59:49:07:
+ e3:b8:62:73:ec:4e:69:cb:9b:49:0d:f5:d0:ea:8b:b6:de:3e:
+ 76:03:c4:e8:68:0f:01:96:aa:40:b2:1e:99:06:d2:75:f5:31:
+ ec:b7:93:e6:1b:b0:ab:7e:1b:1d:65:46:6d:9f:ac:97:ed:55:
+ 53:ca:53:00:5a:ca:c5:83:48:c3:2a:51:db:e7:e7:e1:40:4a:
+ bf:b2:9d:d4:71:d4:54:84:2b:4b:d4:a2:22:73:95:e1:62:51:
+ ce:e3:e2:f6:24:dd:40:08:07:01:6f:ee:27:3e:fc:17:1d:1f:
+ 30:da:7f:37:78:7e:b8:af:d8:2c:d9:48:84:92:be:4e:8e:a7:
+ b8:e6:9f:d4:91:5d:44:c9:8b:82:9f:13:eb:d5:2c:00:fa:ef:
+ d6:49:ff:92:0d:83:22:57:45:4a:ac:b6:5e:a2:c6:c1:73:ff:
+ f5:dd:a7:d8:79:9a:a7:96:33:b4:51:17:7f:80:6e:3b:52:a8:
+ 61:53:ae:08:1f:02:5a:0c:5b:37:3c:3a:36:ee:74:e2:9e:df:
+ df:01:b5:f6:d0:b8:fa:58:79:53:fd:70:9e:54:c3:6c:68:a7:
+ 3f:b0:e4:20:a6:a8:2f:87:5a:8a:08:01:41:de:35:ed:5e:85:
+ ae:dd:e0:3e
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQWWmRjxDvjSuuRrJtbWKdjjANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjZaFw0yMzEwMTUx
+MDQ3MjZaMBkxFzAVBgNVBAMMDmRzb2NsYWItbmlmaS0zMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAp0ig06sejElgi7i9mqpcCWIBeYnJ5V8wZDjK8ZUt
+SCCB72Cqb9HvtKyJjun1Fn1kB7A7dcPh4RVxZGCPFY4Wi964l3mngxl3W6o2gje5
+UaeVtR+snYHG7PsUOoR3HpzdPAYwoV7Qj7DJWhOtDlZXvB0/vtdMSzeiiHJNGmKI
+CKBXuyDOfq+3cvLuhhqxKDtB9NPqFHSQ4TNBGpLiLuzTIGBgYdb8Dj9XQ4hfECkg
+UUBG7V2f0VrnS1L01CNgSiKnkmzUyyABprlTcXpxAuEFckGlQp9BRywwfgyxc8z3
+Y2AnPz02kxSqfhLtG/HLTeh8MiBQ9S19BgqTz3qFKwumsQIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFMm4AiPELvX+yTRFdzMNic7ZozAqMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1uaWZpLTOCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAMiCzHOHJ
+pBl1FDIbzcKDWUkH47hic+xOacubSQ310OqLtt4+dgPE6GgPAZaqQLIemQbSdfUx
+7LeT5huwq34bHWVGbZ+sl+1VU8pTAFrKxYNIwypR2+fn4UBKv7Kd1HHUVIQrS9Si
+InOV4WJRzuPi9iTdQAgHAW/uJz78Fx0fMNp/N3h+uK/YLNlIhJK+To6nuOaf1JFd
+RMmLgp8T69UsAPrv1kn/kg2DIldFSqy2XqLGwXP/9d2n2Hmap5YztFEXf4BuO1Ko
+YVOuCB8CWgxbNzw6Nu504p7f3wG19tC4+lh5U/1wnlTDbGinP7DkIKaoL4daiggB
+Qd417V6Frt3gPg==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/5DC4BC495FA076A813A4C23261640D92.pem b/roles/ca/files/CA/certs_by_serial/5DC4BC495FA076A813A4C23261640D92.pem
new file mode 100644
index 0000000000000000000000000000000000000000..a743bd0055110d9dbad79cdcc70e2ccfe946b100
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/5DC4BC495FA076A813A4C23261640D92.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 5d:c4:bc:49:5f:a0:76:a8:13:a4:c2:32:61:64:0d:92
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:29 2020 GMT
+ Not After : Oct 15 10:47:29 2023 GMT
+ Subject: CN=dsoclab-cortex
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cd:09:6b:14:33:4a:47:75:5b:d3:d9:67:3b:4d:
+ ad:1f:a7:1f:33:ab:86:b1:aa:3b:09:ab:1a:a6:fb:
+ a0:60:04:e3:68:33:0e:85:54:d1:70:61:8a:b9:d5:
+ d6:b5:6c:c2:b3:36:02:94:b7:1d:18:93:5f:88:81:
+ ff:2a:f4:99:58:6d:d7:96:e2:d2:64:77:b9:74:44:
+ 3c:f0:fb:5b:0f:43:7d:38:5d:fe:b0:db:05:7a:a9:
+ c5:10:24:75:13:c8:2d:da:69:be:e3:43:33:f0:28:
+ 30:9a:53:f8:f8:d3:10:32:35:ec:1d:87:ab:1e:2c:
+ b5:00:7c:9f:8f:61:e0:5d:56:15:8c:46:45:09:78:
+ 02:78:10:c0:af:2f:25:6c:c2:5b:ed:5f:c1:33:0b:
+ f8:c8:13:dc:df:c3:fc:05:90:ff:06:9e:cb:bc:1d:
+ 2b:c2:57:f2:bd:aa:22:b3:4b:f5:ca:b2:b8:00:18:
+ f1:14:10:b8:5e:69:9f:ed:fc:04:83:d9:2e:b7:9a:
+ 8a:45:1c:54:71:8f:61:02:6a:8a:84:2f:67:df:92:
+ 3a:0c:5f:e5:b6:e7:6c:27:69:1f:5b:06:d6:7f:e6:
+ df:ab:2f:31:a5:cd:63:32:60:c0:07:50:6c:0d:39:
+ cb:68:ae:3c:b2:da:0f:20:06:77:2c:28:ab:3a:30:
+ 92:1b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 9A:0E:E1:26:13:A7:12:5F:A4:F1:41:C0:09:FC:AD:EB:4E:66:C2:50
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-cortex, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 27:2e:a1:0c:8d:fb:b1:36:ff:4e:ac:00:91:75:81:4b:20:79:
+ 3f:da:1c:e1:80:b9:8c:6b:60:47:a5:8c:bf:1f:34:98:61:95:
+ 00:bb:79:d4:9e:c8:fb:dc:fb:6a:48:b2:69:d1:1a:04:cc:52:
+ ca:0b:48:01:3e:94:1e:68:0b:e3:4d:fa:12:c4:aa:ff:b6:5b:
+ 0c:3c:80:21:fe:50:87:8a:14:3a:7d:e7:a3:5e:b6:dc:22:ba:
+ cc:97:69:00:a8:78:08:dd:66:d1:cb:ca:28:41:b9:cc:8a:6b:
+ 7c:40:b7:5e:1d:a1:88:5a:b3:fd:18:77:e9:c4:48:fd:38:8f:
+ 06:6e:78:0e:f1:1a:1b:b2:6c:0a:df:38:11:e3:5a:3d:2a:5b:
+ de:41:63:14:ab:25:8e:a6:9f:a8:b7:32:9e:dc:23:45:f3:6b:
+ 6d:86:b7:17:b3:53:df:55:bd:cb:41:a1:b7:73:ae:21:1b:68:
+ b3:b1:0a:e5:e6:0c:2a:77:76:23:f3:87:ee:5f:0e:6d:cd:3b:
+ 94:9a:6f:f2:fd:4f:2d:72:a3:21:94:55:c0:4a:6c:2b:13:e3:
+ 82:13:a5:1f:82:6b:ae:6e:e2:ec:eb:7a:25:6a:f2:9e:45:d7:
+ 0a:7d:75:be:9d:f7:94:6f:ce:a5:27:d6:9b:dc:d2:12:54:64:
+ 09:c4:f6:a9
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQXcS8SV+gdqgTpMIyYWQNkjANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
+MDQ3MjlaMBkxFzAVBgNVBAMMDmRzb2NsYWItY29ydGV4MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzQlrFDNKR3Vb09lnO02tH6cfM6uGsao7Casapvug
+YATjaDMOhVTRcGGKudXWtWzCszYClLcdGJNfiIH/KvSZWG3XluLSZHe5dEQ88Ptb
+D0N9OF3+sNsFeqnFECR1E8gt2mm+40Mz8CgwmlP4+NMQMjXsHYerHiy1AHyfj2Hg
+XVYVjEZFCXgCeBDAry8lbMJb7V/BMwv4yBPc38P8BZD/Bp7LvB0rwlfyvaois0v1
+yrK4ABjxFBC4Xmmf7fwEg9kut5qKRRxUcY9hAmqKhC9n35I6DF/ltudsJ2kfWwbW
+f+bfqy8xpc1jMmDAB1BsDTnLaK48stoPIAZ3LCirOjCSGwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFJoO4SYTpxJfpPFBwAn8retOZsJQMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1jb3J0ZXiCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAJy6hDI37
+sTb/TqwAkXWBSyB5P9oc4YC5jGtgR6WMvx80mGGVALt51J7I+9z7akiyadEaBMxS
+ygtIAT6UHmgL4036EsSq/7ZbDDyAIf5Qh4oUOn3no1623CK6zJdpAKh4CN1m0cvK
+KEG5zIprfEC3Xh2hiFqz/Rh36cRI/TiPBm54DvEaG7JsCt84EeNaPSpb3kFjFKsl
+jqafqLcyntwjRfNrbYa3F7NT31W9y0Ght3OuIRtos7EK5eYMKnd2I/OH7l8Obc07
+lJpv8v1PLXKjIZRVwEpsKxPjghOlH4Jrrm7i7Ot6JWrynkXXCn11vp33lG/OpSfW
+m9zSElRkCcT2qQ==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/61095C2C8D35EE291C99CEABD42B3CA4.pem b/roles/ca/files/CA/certs_by_serial/61095C2C8D35EE291C99CEABD42B3CA4.pem
new file mode 100644
index 0000000000000000000000000000000000000000..0d474c2a1277de93ba6357ca841a7eac3b1cce44
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/61095C2C8D35EE291C99CEABD42B3CA4.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 61:09:5c:2c:8d:35:ee:29:1c:99:ce:ab:d4:2b:3c:a4
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:29 2020 GMT
+ Not After : Oct 15 10:47:29 2023 GMT
+ Subject: CN=dsoclab-thehive
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ba:c5:4d:20:a4:60:b7:61:21:ed:16:a1:6f:72:
+ c4:de:a1:00:c0:ef:fc:5d:a1:89:34:07:15:d2:b4:
+ 3a:14:b8:95:75:8e:81:71:49:46:1d:c8:81:cb:f1:
+ ec:c7:5a:12:f6:89:60:e4:c8:98:1a:61:c8:2d:12:
+ 8f:73:ee:f8:9d:88:b5:7f:30:70:97:29:b4:ab:43:
+ 2d:dc:db:a7:10:47:c7:b5:26:9b:11:85:fb:d3:27:
+ 8f:3a:55:bc:ea:78:17:b8:89:10:a3:a4:10:60:39:
+ c3:7f:42:25:a9:fe:84:7f:38:5e:f4:3d:c3:98:3d:
+ 56:b9:ba:81:06:55:8d:65:12:f0:4e:23:88:1d:98:
+ 0c:2f:6e:4f:67:fd:4e:67:39:91:b9:01:52:12:aa:
+ 9e:bb:7a:c8:ea:8f:4a:2d:18:f8:69:9a:3a:a0:c8:
+ 6e:e3:de:c6:db:be:4c:59:e0:cf:bc:34:4f:2c:b0:
+ ef:3e:82:5a:df:68:be:b8:fb:cc:5f:6a:f2:3e:66:
+ d4:c6:c5:f6:0b:67:e9:64:85:15:87:60:6f:dc:b4:
+ 5b:13:6f:b0:9b:f8:f3:da:c1:91:9e:81:5f:16:ca:
+ 9e:14:01:c1:1c:ce:2a:d3:c8:3c:0f:be:b1:37:aa:
+ c9:08:68:2b:de:f9:44:6c:1e:90:a4:12:bc:f5:3c:
+ 46:bd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 5B:08:8E:F2:1B:8F:12:03:BA:31:02:9C:CE:CC:BC:9F:FC:19:D1:E1
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-thehive, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 7f:b2:fa:33:d6:e3:6c:57:8a:4a:9a:ef:8b:81:2b:df:f3:d6:
+ fb:8c:bc:02:cf:71:54:a0:f2:0d:ae:3b:30:cf:5c:69:d7:d0:
+ aa:cc:16:80:4d:9d:c8:1f:a7:98:9d:26:dc:ae:8e:24:2b:bc:
+ c1:11:a6:8d:4f:ca:13:1f:7f:8f:4c:ef:dd:46:df:d6:97:0a:
+ 88:51:4e:f7:46:aa:3d:e3:70:e9:19:e8:9f:7e:22:fa:b6:38:
+ 30:00:0a:94:38:09:bf:b8:64:6c:c1:b7:05:6d:4f:f3:27:0c:
+ df:04:ef:a1:4e:e8:2d:4c:06:d0:c0:4f:4f:da:d0:6d:b8:f2:
+ b3:79:18:63:bd:62:83:53:55:38:94:d9:64:ca:e7:4d:71:ce:
+ d1:05:6d:b1:6c:fb:1a:4c:b6:ef:70:2b:3d:9b:1d:66:d8:d9:
+ 9f:f0:e5:48:29:50:e8:1b:1a:fb:b4:d2:5e:38:ec:05:45:c2:
+ e7:de:9a:9d:aa:34:67:c5:66:18:e3:86:8b:0c:1a:c4:21:20:
+ 7e:b7:ad:e2:0b:d0:0d:d4:76:e6:53:ca:77:bc:ce:d0:9b:7b:
+ 7c:fd:42:94:da:63:d8:a7:52:d2:45:f2:d5:55:ef:37:f1:a5:
+ 0e:ba:29:c9:b4:ce:99:45:04:21:2b:86:27:bb:c1:f2:86:9a:
+ 7c:51:5c:3b
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIQYQlcLI017ikcmc6r1Cs8pDANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
+MDQ3MjlaMBoxGDAWBgNVBAMMD2Rzb2NsYWItdGhlaGl2ZTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALrFTSCkYLdhIe0WoW9yxN6hAMDv/F2hiTQHFdK0
+OhS4lXWOgXFJRh3Igcvx7MdaEvaJYOTImBphyC0Sj3Pu+J2ItX8wcJcptKtDLdzb
+pxBHx7UmmxGF+9MnjzpVvOp4F7iJEKOkEGA5w39CJan+hH84XvQ9w5g9Vrm6gQZV
+jWUS8E4jiB2YDC9uT2f9Tmc5kbkBUhKqnrt6yOqPSi0Y+GmaOqDIbuPextu+TFng
+z7w0Tyyw7z6CWt9ovrj7zF9q8j5m1MbF9gtn6WSFFYdgb9y0WxNvsJv489rBkZ6B
+XxbKnhQBwRzOKtPIPA++sTeqyQhoK975RGwekKQSvPU8Rr0CAwEAAaOB3TCB2jAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBRbCI7yG48SA7oxApzOzLyf/BnR4TBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDoGA1UdEQQzMDGCD2Rzb2NsYWItdGhlaGl2ZYIeZHNvY2xh
+Yi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQB/svoz
+1uNsV4pKmu+LgSvf89b7jLwCz3FUoPINrjswz1xp19CqzBaATZ3IH6eYnSbcro4k
+K7zBEaaNT8oTH3+PTO/dRt/WlwqIUU73Rqo943DpGeiffiL6tjgwAAqUOAm/uGRs
+wbcFbU/zJwzfBO+hTugtTAbQwE9P2tBtuPKzeRhjvWKDU1U4lNlkyudNcc7RBW2x
+bPsaTLbvcCs9mx1m2Nmf8OVIKVDoGxr7tNJeOOwFRcLn3pqdqjRnxWYY44aLDBrE
+ISB+t63iC9AN1HbmU8p3vM7Qm3t8/UKU2mPYp1LSRfLVVe838aUOuinJtM6ZRQQh
+K4Ynu8Hyhpp8UVw7
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/7587FCE4CF3EC68117199076B12CD5D2.pem b/roles/ca/files/CA/certs_by_serial/7587FCE4CF3EC68117199076B12CD5D2.pem
new file mode 100644
index 0000000000000000000000000000000000000000..f83010441e252486cc934677a1e0a0de1ebe2328
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/7587FCE4CF3EC68117199076B12CD5D2.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 75:87:fc:e4:cf:3e:c6:81:17:19:90:76:b1:2c:d5:d2
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-misp
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cf:b1:1b:e7:a2:ae:70:81:71:a5:57:46:14:2e:
+ 47:64:89:4e:bd:7d:f0:82:2d:03:19:d6:87:44:b3:
+ 42:bf:72:78:03:cc:91:98:5b:36:42:14:55:e2:82:
+ 16:12:58:60:54:44:8f:15:f6:1b:1f:76:36:22:2e:
+ e8:ac:d3:3c:0a:df:46:c7:f1:04:bc:3a:bf:fe:4b:
+ 8f:2a:53:83:e3:50:82:06:09:fc:2a:fa:fe:94:a0:
+ 7b:7f:c2:3e:0b:3e:dc:72:b8:94:10:0a:0b:90:fd:
+ 45:76:29:85:52:bf:0f:20:43:78:fe:3b:d3:49:20:
+ 8f:9a:a5:0c:89:bb:0e:97:f2:67:b0:2d:f0:17:53:
+ 25:a6:9b:4b:64:0e:72:8a:bf:c9:e3:8e:41:bb:ed:
+ f3:33:6a:55:5f:8d:52:84:fa:a3:67:1a:7b:71:fb:
+ 90:f1:5f:61:df:44:ea:0b:77:88:f2:e5:c1:83:71:
+ 58:c7:58:8a:9b:39:45:59:4e:e0:db:16:b6:96:72:
+ 90:8c:ee:c2:13:75:ea:15:c6:6b:e2:dc:3a:de:c8:
+ 07:de:18:84:2d:96:b6:c4:4c:e1:4a:4d:13:6f:6c:
+ 9a:1d:e5:f9:6f:cc:7e:1b:4a:3a:75:1a:b9:37:b0:
+ 6d:a0:1b:69:35:f1:b6:e6:c2:a5:d3:56:d3:57:c7:
+ 0e:8b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 65:C5:56:88:65:AF:77:F1:53:B2:71:5E:16:10:D1:0B:30:FF:28:BE
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-misp, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 5a:57:76:90:fd:a5:0d:ea:b0:22:c9:02:2e:18:91:81:04:d1:
+ f4:64:58:58:19:27:03:9b:5a:dc:de:6c:0e:fb:b7:76:eb:b1:
+ 97:36:e2:c7:76:ef:7d:d8:00:c3:20:c0:3d:a7:cf:61:f8:16:
+ 4c:96:4c:7c:c8:89:21:d6:d4:eb:3a:c1:3d:98:34:74:6e:39:
+ 81:20:6f:9b:4b:8d:b9:35:60:c5:76:19:30:30:06:0f:89:b1:
+ 1a:f6:c4:88:52:28:98:41:52:f1:9a:77:82:79:ae:c9:71:ba:
+ d9:e5:e9:b7:ba:08:32:59:eb:5e:7d:11:e0:a8:27:20:91:46:
+ 05:56:1e:e6:0b:4d:49:17:52:7f:4b:c4:a3:e0:cd:30:bd:4e:
+ 6a:70:2a:f5:77:4d:d1:d6:64:13:8d:4b:1a:d3:0b:0f:8a:49:
+ 1e:bf:b4:c0:4f:43:dc:92:e3:c0:f2:2f:4a:c8:30:45:fc:5a:
+ d2:de:92:b2:a1:48:b8:da:ff:f4:0b:04:5d:5d:a7:30:d8:4b:
+ ca:cf:0c:01:6a:50:45:5f:d4:a8:cf:dd:fa:f7:68:0c:4c:45:
+ 47:be:3a:c2:39:bb:04:ff:62:a0:bc:91:a0:f2:2b:67:09:89:
+ 5a:ff:e6:53:c1:89:18:12:a1:0f:5a:d7:e1:12:8b:88:88:89:
+ ca:b0:30:27
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIQdYf85M8+xoEXGZB2sSzV0jANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjhaFw0yMzEwMTUx
+MDQ3MjhaMBcxFTATBgNVBAMMDGRzb2NsYWItbWlzcDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM+xG+eirnCBcaVXRhQuR2SJTr198IItAxnWh0SzQr9y
+eAPMkZhbNkIUVeKCFhJYYFREjxX2Gx92NiIu6KzTPArfRsfxBLw6v/5LjypTg+NQ
+ggYJ/Cr6/pSge3/CPgs+3HK4lBAKC5D9RXYphVK/DyBDeP4700kgj5qlDIm7Dpfy
+Z7At8BdTJaabS2QOcoq/yeOOQbvt8zNqVV+NUoT6o2cae3H7kPFfYd9E6gt3iPLl
+wYNxWMdYips5RVlO4NsWtpZykIzuwhN16hXGa+LcOt7IB94YhC2WtsRM4UpNE29s
+mh3l+W/MfhtKOnUauTewbaAbaTXxtubCpdNW01fHDosCAwEAAaOB2jCB1zAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBRlxVaIZa938VOycV4WENELMP8ovjBGBgNVHSMEPzA9
+gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
+Q0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYD
+VR0PBAQDAgWgMDcGA1UdEQQwMC6CDGRzb2NsYWItbWlzcIIeZHNvY2xhYi5nbjQt
+My13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQBaV3aQ/aUN6rAi
+yQIuGJGBBNH0ZFhYGScDm1rc3mwO+7d267GXNuLHdu992ADDIMA9p89h+BZMlkx8
+yIkh1tTrOsE9mDR0bjmBIG+bS425NWDFdhkwMAYPibEa9sSIUiiYQVLxmneCea7J
+cbrZ5em3uggyWetefRHgqCcgkUYFVh7mC01JF1J/S8Sj4M0wvU5qcCr1d03R1mQT
+jUsa0wsPikkev7TAT0PckuPA8i9KyDBF/FrS3pKyoUi42v/0CwRdXacw2EvKzwwB
+alBFX9Soz93692gMTEVHvjrCObsE/2KgvJGg8itnCYla/+ZTwYkYEqEPWtfhEouI
+iInKsDAn
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/7DFC33457573E8F16094A74E6B2F23F1.pem b/roles/ca/files/CA/certs_by_serial/7DFC33457573E8F16094A74E6B2F23F1.pem
new file mode 100644
index 0000000000000000000000000000000000000000..f47839f66eda87805afce110cf5d0c2e136e8abe
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/7DFC33457573E8F16094A74E6B2F23F1.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 7d:fc:33:45:75:73:e8:f1:60:94:a7:4e:6b:2f:23:f1
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:27 2020 GMT
+ Not After : Oct 15 10:47:27 2023 GMT
+ Subject: CN=dsoclab-kibana
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ce:4f:c9:0f:84:4d:4e:7b:dc:11:90:c9:49:a8:
+ f3:60:44:a8:25:1b:59:83:64:0b:d1:e0:bc:59:50:
+ 22:a5:f5:88:7a:c8:40:65:e4:22:3d:77:d2:8f:9e:
+ 30:17:80:5e:20:85:bc:70:67:61:cb:d8:e2:9f:9a:
+ 7c:7b:a6:e8:4e:79:7b:cd:86:6e:26:52:37:45:b6:
+ ab:b7:6f:40:8f:7a:55:8b:d1:91:cc:21:6f:55:37:
+ 50:3b:72:1f:2d:3b:bf:75:47:91:88:6a:1c:ea:39:
+ dd:8b:25:31:55:0e:bc:52:6f:bf:0b:96:ef:e3:12:
+ 5c:da:63:22:54:e5:b3:95:8b:02:9e:57:3e:7b:4f:
+ a0:f5:6f:07:a8:5b:45:7c:cb:34:83:77:34:a5:b1:
+ ff:05:12:88:8f:cc:c4:05:5d:e9:e7:7d:2b:12:fa:
+ bb:4d:25:f4:f7:04:e7:95:06:95:ea:a9:c4:75:4e:
+ f7:03:67:2d:9c:9a:f4:01:f6:2a:8d:6c:6d:d0:59:
+ a9:ce:1f:12:b1:76:39:c8:07:d4:20:73:1e:f3:9c:
+ b9:67:83:3b:a8:7c:6e:fb:86:ea:3f:6a:8e:98:4c:
+ 39:a9:d1:4d:be:9f:0a:43:49:1b:fd:09:67:b6:62:
+ 71:fd:87:9a:63:25:00:aa:c7:a1:4d:23:12:e3:56:
+ 0f:6f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 50:F3:7D:4F:B2:8C:A5:09:FD:64:CB:C1:97:F1:F8:49:C8:6B:30:4D
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-kibana, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ ae:be:82:6f:6d:e6:c4:cb:c3:2a:d9:d6:ee:11:52:a6:de:89:
+ 9e:31:a3:e2:86:07:e9:d1:fe:95:c9:a2:38:90:df:05:ff:e5:
+ 99:27:e8:d8:55:00:8a:85:b3:15:a5:e5:5b:ce:4e:4f:01:3b:
+ 74:a4:b2:09:fc:6e:95:92:94:2f:76:0d:c7:97:1b:78:c1:08:
+ 1e:3a:0e:fa:a6:ab:db:1e:22:26:86:39:f4:bb:89:a1:a1:d1:
+ 55:f6:c3:ff:9b:a5:eb:1b:6a:84:8a:1d:3c:5f:7c:03:0d:08:
+ 42:6f:d7:14:86:61:38:66:65:f7:c2:86:68:db:81:e9:41:0f:
+ 82:cf:bb:be:fd:d7:94:48:cc:f8:cf:4a:40:ce:33:c4:75:51:
+ 00:7e:c7:93:f6:3b:92:c1:5e:8a:ce:5f:2c:c2:f4:fe:ec:77:
+ 9e:ea:30:d9:53:ee:f9:b9:fd:50:f5:6b:92:1c:57:d2:e0:f3:
+ 05:d8:79:a9:63:16:13:09:cf:5f:39:dc:ec:43:e4:65:45:43:
+ 65:e4:7c:39:a3:a2:81:47:ab:8f:57:a9:89:9d:56:4b:77:b1:
+ 04:c8:9c:54:d2:5c:28:f5:d3:66:ae:9a:9c:a5:91:c7:eb:20:
+ 69:fb:58:99:c7:5e:be:ec:4a:7a:62:09:fe:3b:30:f2:4a:d7:
+ 1d:f9:0b:c3
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQffwzRXVz6PFglKdOay8j8TANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
+MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWIta2liYW5hMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzk/JD4RNTnvcEZDJSajzYESoJRtZg2QL0eC8WVAi
+pfWIeshAZeQiPXfSj54wF4BeIIW8cGdhy9jin5p8e6boTnl7zYZuJlI3Rbart29A
+j3pVi9GRzCFvVTdQO3IfLTu/dUeRiGoc6jndiyUxVQ68Um+/C5bv4xJc2mMiVOWz
+lYsCnlc+e0+g9W8HqFtFfMs0g3c0pbH/BRKIj8zEBV3p530rEvq7TSX09wTnlQaV
+6qnEdU73A2ctnJr0AfYqjWxt0Fmpzh8SsXY5yAfUIHMe85y5Z4M7qHxu+4bqP2qO
+mEw5qdFNvp8KQ0kb/QlntmJx/YeaYyUAqsehTSMS41YPbwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFFDzfU+yjKUJ/WTLwZfx+EnIazBNMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1raWJhbmGCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEArr6Cb23m
+xMvDKtnW7hFSpt6JnjGj4oYH6dH+lcmiOJDfBf/lmSfo2FUAioWzFaXlW85OTwE7
+dKSyCfxulZKUL3YNx5cbeMEIHjoO+qar2x4iJoY59LuJoaHRVfbD/5ul6xtqhIod
+PF98Aw0IQm/XFIZhOGZl98KGaNuB6UEPgs+7vv3XlEjM+M9KQM4zxHVRAH7Hk/Y7
+ksFeis5fLML0/ux3nuow2VPu+bn9UPVrkhxX0uDzBdh5qWMWEwnPXznc7EPkZUVD
+ZeR8OaOigUerj1epiZ1WS3exBMicVNJcKPXTZq6anKWRx+sgaftYmcdevuxKemIJ
+/jsw8krXHfkLww==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/8B69055F8586CEDD21660B2493412660.pem b/roles/ca/files/CA/certs_by_serial/8B69055F8586CEDD21660B2493412660.pem
new file mode 100644
index 0000000000000000000000000000000000000000..56a67ac49f381e3f9c9db191d4b79dbbdeb58fc2
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/8B69055F8586CEDD21660B2493412660.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8b:69:05:5f:85:86:ce:dd:21:66:0b:24:93:41:26:60
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:25 2020 GMT
+ Not After : Oct 15 10:47:25 2023 GMT
+ Subject: CN=dsoclab-nifi-2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ac:b7:4b:e2:d5:87:7f:8e:15:9b:cf:c0:17:eb:
+ db:8c:e3:1b:83:c0:69:b9:06:91:a0:9b:c6:35:dc:
+ 2f:e8:8c:72:28:50:02:82:c5:b1:eb:da:d9:e3:9d:
+ 95:d2:d9:dd:e1:08:35:6d:83:73:95:98:ba:19:fd:
+ 3e:04:67:9a:09:37:45:79:d3:1d:0b:ec:0a:43:cb:
+ b8:24:cc:68:5c:ce:2e:ae:db:48:d8:6e:5a:f3:31:
+ be:87:28:86:76:8e:8f:8d:68:95:1f:72:6c:65:4a:
+ fc:9e:b8:7d:e2:83:e2:3d:b0:30:5d:c1:73:06:ae:
+ 9b:f7:9a:54:b8:02:6b:82:90:11:08:3f:d6:5f:59:
+ 5c:df:aa:25:59:c0:67:7a:fc:e1:f0:c9:4a:8b:e0:
+ 31:b6:53:13:c2:bf:8c:4f:3a:e6:ed:11:30:a6:41:
+ 26:ad:56:8f:03:0b:ad:87:6c:b2:73:c4:2e:41:3e:
+ 99:1a:b6:29:6d:e0:dc:af:8f:45:6e:d5:69:17:0d:
+ f1:58:a6:7e:8c:80:32:72:24:21:d2:e9:b4:44:23:
+ f6:10:8f:9f:64:7f:ef:e6:ab:f1:43:94:d0:8a:97:
+ 0e:e4:91:bd:86:b9:1f:42:f4:96:39:85:05:26:ed:
+ 90:01:91:11:a3:1f:04:5b:46:ff:1b:a9:74:77:db:
+ 18:03
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 1F:5E:EF:0E:58:69:FD:21:93:48:19:98:81:48:13:2E:FC:31:61:0C
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-2, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 21:2d:9b:f7:0c:74:cd:d4:30:b1:42:5b:32:98:d8:ef:9f:a9:
+ 9b:1b:f0:54:67:c3:20:5b:f1:87:4d:ff:e4:a5:db:af:eb:34:
+ 8a:b3:fa:d6:14:4a:3c:31:11:8f:09:b0:af:25:39:5a:5e:89:
+ 32:cf:c7:48:68:f3:14:72:a0:35:15:ec:76:c7:bb:a7:5b:0c:
+ d5:7e:5b:8c:d8:40:a2:5e:fa:f8:f2:cf:dd:56:65:7e:94:ef:
+ b4:99:25:ba:9f:78:94:7d:54:0c:83:b9:cf:b8:b4:9d:78:6d:
+ 62:e3:6c:98:1f:40:b9:35:3c:51:b5:9f:82:7b:1e:77:db:25:
+ f2:71:df:3d:e9:56:93:86:fe:61:48:4f:db:76:5b:5f:b1:96:
+ f9:46:72:5e:01:80:87:b5:be:b4:00:3b:37:7f:5e:44:d4:7e:
+ c5:87:ed:40:6b:9e:f4:ca:1b:b0:4b:84:97:1f:07:0f:7c:8b:
+ d2:7b:b1:3d:a7:f8:ae:39:07:34:50:41:70:1f:07:ba:a6:a2:
+ 0d:ca:e5:7b:d4:77:2c:95:4d:16:0c:34:e0:a5:59:7f:43:c7:
+ a0:dd:a0:f0:ed:75:5a:0f:61:76:52:34:ef:7c:a7:21:e4:de:
+ 3a:24:cd:39:b6:77:3a:c8:f3:1f:09:2b:80:9a:f0:5d:7f:5e:
+ 73:9d:73:eb
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIRAItpBV+Fhs7dIWYLJJNBJmAwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI1WhcNMjMxMDE1
+MTA0NzI1WjAZMRcwFQYDVQQDDA5kc29jbGFiLW5pZmktMjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKy3S+LVh3+OFZvPwBfr24zjG4PAabkGkaCbxjXc
+L+iMcihQAoLFseva2eOdldLZ3eEINW2Dc5WYuhn9PgRnmgk3RXnTHQvsCkPLuCTM
+aFzOLq7bSNhuWvMxvocohnaOj41olR9ybGVK/J64feKD4j2wMF3Bcwaum/eaVLgC
+a4KQEQg/1l9ZXN+qJVnAZ3r84fDJSovgMbZTE8K/jE865u0RMKZBJq1WjwMLrYds
+snPELkE+mRq2KW3g3K+PRW7VaRcN8VimfoyAMnIkIdLptEQj9hCPn2R/7+ar8UOU
+0IqXDuSRvYa5H0L0ljmFBSbtkAGREaMfBFtG/xupdHfbGAMCAwEAAaOB3DCB2TAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBQfXu8OWGn9IZNIGZiBSBMu/DFhDDBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0ygh5kc29jbGFi
+LmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBACEtm/cM
+dM3UMLFCWzKY2O+fqZsb8FRnwyBb8YdN/+Sl26/rNIqz+tYUSjwxEY8JsK8lOVpe
+iTLPx0ho8xRyoDUV7HbHu6dbDNV+W4zYQKJe+vjyz91WZX6U77SZJbqfeJR9VAyD
+uc+4tJ14bWLjbJgfQLk1PFG1n4J7HnfbJfJx3z3pVpOG/mFIT9t2W1+xlvlGcl4B
+gIe1vrQAOzd/XkTUfsWH7UBrnvTKG7BLhJcfBw98i9J7sT2n+K45BzRQQXAfB7qm
+og3K5XvUdyyVTRYMNOClWX9Dx6DdoPDtdVoPYXZSNO98pyHk3jokzTm2dzrI8x8J
+K4Ca8F1/XnOdc+s=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/97D2D0CF2300C0A966D103CA89A99212.pem b/roles/ca/files/CA/certs_by_serial/97D2D0CF2300C0A966D103CA89A99212.pem
new file mode 100644
index 0000000000000000000000000000000000000000..71baad05685f6d498afb76ee0ce3c737cb475275
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/97D2D0CF2300C0A966D103CA89A99212.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 97:d2:d0:cf:23:00:c0:a9:66:d1:03:ca:89:a9:92:12
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:26 2020 GMT
+ Not After : Oct 15 10:47:26 2023 GMT
+ Subject: CN=dsoclab-odfe-1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:e5:46:f6:71:ce:a2:3f:61:5e:9b:f3:c6:61:88:
+ 87:99:0a:ac:b8:e8:9d:3c:5f:8c:60:2b:41:5b:36:
+ fb:39:0a:6f:a1:16:02:31:ac:0d:bd:0e:ff:95:59:
+ d8:f1:21:6b:bd:96:d6:7b:79:01:d1:65:1c:ca:09:
+ 22:50:30:01:ea:ed:b4:29:bf:b4:70:25:db:b3:1d:
+ e9:73:ed:63:93:02:4c:90:22:04:6d:31:74:31:ae:
+ 85:3c:12:8d:b3:f6:92:2f:de:75:75:8f:ca:a5:f2:
+ a2:12:94:fb:e8:73:30:37:f1:7c:b5:4e:59:ab:71:
+ 73:26:80:9a:46:8d:49:94:b0:09:e5:27:10:34:9d:
+ c0:53:3b:fa:77:2e:06:c0:73:8e:0f:9a:1e:8c:27:
+ 32:0c:eb:f2:d2:0c:a7:52:48:c6:ee:12:21:15:e3:
+ 45:30:89:81:63:7f:bf:0a:5b:d1:05:c8:1c:fc:5f:
+ bb:b8:82:2a:92:3b:3a:ae:19:9d:e9:a7:62:7c:0a:
+ f2:c2:2a:e6:a8:d4:9b:0a:a8:a2:5a:ec:e5:a3:1a:
+ 73:e0:83:3d:d2:e8:74:a9:0b:b0:e4:b0:fd:fe:ad:
+ 1e:57:e8:0d:20:7c:aa:1f:31:69:b5:0d:8c:3f:1c:
+ 8d:dc:d3:71:5b:f1:04:6a:ae:b9:2d:a8:be:28:11:
+ f5:4b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ DB:92:49:8B:D9:27:41:85:16:AE:C9:CA:F6:8D:11:53:8B:EE:B0:5E
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-odfe-1, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 0f:83:fb:ba:2a:0d:aa:14:3f:3f:0b:00:be:f9:37:f4:7f:29:
+ 1e:21:4e:18:07:e0:ae:e1:84:f7:cf:a1:21:a5:36:ba:77:6c:
+ 0c:00:11:d5:7d:d8:31:b3:f5:cc:fd:6b:27:8f:99:5f:99:4c:
+ 57:88:d0:1a:e7:66:6b:8a:fd:d1:01:e3:88:37:91:8c:7b:e9:
+ e2:22:dd:80:62:64:9e:22:e7:25:b5:b9:89:45:e4:24:f5:19:
+ c0:5d:10:50:57:80:66:23:0c:b1:8e:bd:b3:f1:fa:95:7e:6f:
+ 04:d1:da:c2:e8:a1:b2:55:55:66:3a:bc:5b:71:50:8c:a8:56:
+ 86:f4:a9:9c:c7:4b:d6:91:73:8e:a9:93:ef:e0:85:5e:5c:53:
+ ae:b3:a7:a4:31:80:f3:b3:e4:03:ad:da:96:f0:14:7b:25:e4:
+ ff:68:9b:8f:28:cd:fc:94:05:5f:38:80:84:d6:f5:d4:b7:bd:
+ 43:79:bd:fb:f2:ce:30:73:01:e8:ee:ad:45:4a:ea:88:3f:d1:
+ a2:ef:22:f5:49:cc:d4:27:22:3c:bc:1f:50:81:58:5a:65:9d:
+ d6:14:3b:3f:b2:8f:90:35:2b:e7:1a:9b:58:db:96:06:9b:cf:
+ 44:0b:f5:9f:aa:57:28:3c:ab:70:fa:bc:93:90:d9:94:d7:fe:
+ 6f:fe:39:2a
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIRAJfS0M8jAMCpZtEDyompkhIwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI2WhcNMjMxMDE1
+MTA0NzI2WjAZMRcwFQYDVQQDDA5kc29jbGFiLW9kZmUtMTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAOVG9nHOoj9hXpvzxmGIh5kKrLjonTxfjGArQVs2
++zkKb6EWAjGsDb0O/5VZ2PEha72W1nt5AdFlHMoJIlAwAerttCm/tHAl27Md6XPt
+Y5MCTJAiBG0xdDGuhTwSjbP2ki/edXWPyqXyohKU++hzMDfxfLVOWatxcyaAmkaN
+SZSwCeUnEDSdwFM7+ncuBsBzjg+aHownMgzr8tIMp1JIxu4SIRXjRTCJgWN/vwpb
+0QXIHPxfu7iCKpI7Oq4ZnemnYnwK8sIq5qjUmwqoolrs5aMac+CDPdLodKkLsOSw
+/f6tHlfoDSB8qh8xabUNjD8cjdzTcVvxBGquuS2ovigR9UsCAwEAAaOB3DCB2TAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBTbkkmL2SdBhRauycr2jRFTi+6wXjBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDkGA1UdEQQyMDCCDmRzb2NsYWItb2RmZS0xgh5kc29jbGFi
+LmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAA+D+7oq
+DaoUPz8LAL75N/R/KR4hThgH4K7hhPfPoSGlNrp3bAwAEdV92DGz9cz9ayePmV+Z
+TFeI0BrnZmuK/dEB44g3kYx76eIi3YBiZJ4i5yW1uYlF5CT1GcBdEFBXgGYjDLGO
+vbPx+pV+bwTR2sLoobJVVWY6vFtxUIyoVob0qZzHS9aRc46pk+/ghV5cU66zp6Qx
+gPOz5AOt2pbwFHsl5P9om48ozfyUBV84gITW9dS3vUN5vfvyzjBzAejurUVK6og/
+0aLvIvVJzNQnIjy8H1CBWFplndYUOz+yj5A1K+cam1jblgabz0QL9Z+qVyg8q3D6
+vJOQ2ZTX/m/+OSo=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/A7217943DDD1145BC6F68CBA362CB35B.pem b/roles/ca/files/CA/certs_by_serial/A7217943DDD1145BC6F68CBA362CB35B.pem
new file mode 100644
index 0000000000000000000000000000000000000000..4baf981ca39d7c8e6270b7823a40dd9e1661d9c3
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/A7217943DDD1145BC6F68CBA362CB35B.pem
@@ -0,0 +1,84 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ a7:21:79:43:dd:d1:14:5b:c6:f6:8c:ba:36:2c:b3:5b
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:52 2020 GMT
+ Not After : Oct 15 10:47:52 2023 GMT
+ Subject: CN=Arne Oslebo
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ce:4c:02:19:21:6e:1c:f2:ed:93:d8:fd:bc:1a:
+ a4:c2:11:3b:e1:55:73:e5:26:92:d3:d9:e8:a6:dd:
+ 7d:a2:1d:be:6a:7c:64:06:39:60:33:38:7d:6a:ca:
+ 89:9d:e5:11:58:21:69:f3:3a:88:5e:ea:e5:2e:e1:
+ 9d:bb:00:1f:59:19:69:4f:6b:32:3d:2f:1a:da:95:
+ 3d:99:95:53:9f:b2:ea:db:13:48:63:2d:4a:dc:0c:
+ 4b:a6:1c:4c:62:e2:d0:11:25:67:cb:80:52:02:e8:
+ f8:3b:3c:eb:cb:f4:71:03:5a:be:d9:a0:49:fe:d1:
+ 72:fe:4f:be:e1:ac:a1:ed:a5:15:06:f4:4e:c9:06:
+ ab:9b:92:c2:3e:b9:58:0c:f4:15:0e:04:c0:91:1b:
+ 85:73:9d:b6:97:a1:6c:70:0a:1a:a0:ce:4c:8d:ac:
+ 29:e4:c5:17:00:26:03:44:32:a8:7b:83:52:49:43:
+ 60:11:53:c8:1e:b8:eb:9f:1f:e3:13:54:81:77:c4:
+ 47:4a:2e:20:8d:48:8c:91:2e:e0:d4:e5:37:0b:5c:
+ bb:5f:40:37:92:e9:60:3b:a0:f9:98:7f:6d:b3:20:
+ 92:3c:da:8c:f0:79:81:f2:ea:77:ba:b4:7b:06:54:
+ 75:89:77:7e:ad:08:3a:ae:1e:dc:1c:11:63:08:43:
+ 14:97
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ BA:57:27:B7:A6:72:56:05:70:2F:E2:6E:47:CA:0F:2F:C4:26:44:86
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ 53:30:05:cf:78:2f:0b:25:a1:64:0a:94:06:11:9b:a8:07:d3:
+ 5d:4f:0c:80:78:9c:cb:8e:07:d8:21:29:68:d0:ea:43:55:3f:
+ 14:18:dc:40:cc:a4:84:da:11:24:07:71:35:63:49:3e:bc:10:
+ 3a:93:cd:b8:61:22:e1:43:a8:d4:c5:2b:13:e4:27:62:00:f1:
+ c8:31:d0:27:05:27:6b:0e:77:df:1b:f0:e5:6e:d9:0b:8a:9a:
+ 0b:5f:97:20:2c:dd:e1:37:64:94:1a:9e:f7:a7:63:37:88:71:
+ 0e:57:a2:da:10:1f:2c:a3:a9:e1:40:01:48:58:74:2e:b3:11:
+ 8f:d1:21:30:49:b9:53:29:c5:92:85:85:6b:51:20:05:b4:c5:
+ af:b9:b2:9b:a3:50:1d:59:ac:fa:bf:33:57:61:f4:f1:c3:ee:
+ a2:9a:99:b2:04:de:8b:fc:d2:3c:58:38:ab:9d:d2:6d:f2:e3:
+ 0c:69:a5:76:78:df:ae:c9:67:0a:97:55:3d:f0:8f:5a:5e:de:
+ e6:56:1b:4e:66:c9:34:77:97:54:d4:66:e2:24:3c:f0:43:01:
+ 24:05:0c:32:a0:65:38:09:53:6c:0e:38:ea:7c:b1:d6:51:11:
+ 60:8f:28:9f:ab:13:d0:75:f3:93:13:f2:1e:a4:bd:18:ae:b0:
+ 0f:f6:29:d4
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAjegAwIBAgIRAKcheUPd0RRbxvaMujYss1swDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzUyWhcNMjMxMDE1
+MTA0NzUyWjAWMRQwEgYDVQQDDAtBcm5lIE9zbGVibzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM5MAhkhbhzy7ZPY/bwapMIRO+FVc+UmktPZ6KbdfaId
+vmp8ZAY5YDM4fWrKiZ3lEVghafM6iF7q5S7hnbsAH1kZaU9rMj0vGtqVPZmVU5+y
+6tsTSGMtStwMS6YcTGLi0BElZ8uAUgLo+Ds868v0cQNavtmgSf7Rcv5PvuGsoe2l
+FQb0TskGq5uSwj65WAz0FQ4EwJEbhXOdtpehbHAKGqDOTI2sKeTFFwAmA0QyqHuD
+UklDYBFTyB64658f4xNUgXfER0ouII1IjJEu4NTlNwtcu19AN5LpYDug+Zh/bbMg
+kjzajPB5gfLqd7q0ewZUdYl3fq0IOq4e3BwRYwhDFJcCAwEAAaOBlzCBlDAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBS6Vye3pnJWBXAv4m5Hyg8vxCZEhjBGBgNVHSMEPzA9
+gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
+Q0GCCQCKdJMmgFtCtzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4Aw
+DQYJKoZIhvcNAQELBQADggEBAFMwBc94LwsloWQKlAYRm6gH011PDIB4nMuOB9gh
+KWjQ6kNVPxQY3EDMpITaESQHcTVjST68EDqTzbhhIuFDqNTFKxPkJ2IA8cgx0CcF
+J2sOd98b8OVu2QuKmgtflyAs3eE3ZJQanvenYzeIcQ5XotoQHyyjqeFAAUhYdC6z
+EY/RITBJuVMpxZKFhWtRIAW0xa+5spujUB1ZrPq/M1dh9PHD7qKambIE3ov80jxY
+OKud0m3y4wxppXZ4367JZwqXVT3wj1pe3uZWG05myTR3l1TUZuIkPPBDASQFDDKg
+ZTgJU2wOOOp8sdZREWCPKJ+rE9B185MT8h6kvRiusA/2KdQ=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/D27B43CB9BFB09CFCC86EFD1019A42FC.pem b/roles/ca/files/CA/certs_by_serial/D27B43CB9BFB09CFCC86EFD1019A42FC.pem
new file mode 100644
index 0000000000000000000000000000000000000000..5be39cb377745bb5bc5303c2b7d55d44877f9260
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/D27B43CB9BFB09CFCC86EFD1019A42FC.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d2:7b:43:cb:9b:fb:09:cf:cc:86:ef:d1:01:9a:42:fc
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:30 2020 GMT
+ Not After : Oct 15 10:47:30 2023 GMT
+ Subject: CN=dsoclab-haproxy
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c9:c7:22:33:0b:0b:0f:a0:8c:c4:a9:81:37:bd:
+ 51:2f:47:32:fa:1b:88:45:b1:bb:11:43:3d:de:b3:
+ 70:67:d7:8b:39:5a:8f:13:fb:2f:78:08:b1:b1:32:
+ c6:d1:0e:e4:d3:2e:3a:db:84:db:d2:65:6b:26:24:
+ 6c:d7:16:e5:a5:90:8e:02:46:13:02:0a:96:66:46:
+ 87:b7:b0:ee:56:4c:3c:d8:ae:4c:7d:ef:5b:aa:6e:
+ 01:8e:89:fe:4c:b9:de:6c:ba:e4:3f:8d:f8:d7:3a:
+ ed:b2:29:9a:5b:ac:5a:86:66:05:f3:19:2f:59:8d:
+ 7c:8b:6a:97:1e:43:8a:36:80:b2:e9:e1:84:f6:94:
+ bc:13:11:31:b8:d2:5a:72:ed:68:c3:b1:37:e4:5b:
+ 91:82:62:aa:13:f2:b6:e0:3a:aa:85:66:70:0a:a9:
+ ad:5c:a7:52:ff:dc:f9:99:5e:e5:15:d5:0c:fe:cd:
+ 27:cb:98:9e:5a:69:ca:71:74:31:e6:26:df:ec:d2:
+ 42:43:b9:f3:04:8e:2c:7a:28:a6:f9:8e:ba:64:3c:
+ 69:0e:ac:f5:dc:d5:f3:2a:50:47:50:d4:8c:f5:ee:
+ 31:08:73:69:1f:ae:42:1d:52:84:5d:47:68:dd:a3:
+ 1f:07:57:ec:3e:9e:0d:23:78:16:41:bc:68:f2:4f:
+ e9:19
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 49:DC:74:02:17:71:C3:D0:A0:64:31:9E:60:2B:B4:38:43:62:DE:98
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-haproxy, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 04:a0:71:31:d2:11:93:09:96:c8:1b:2a:31:b8:b9:34:07:ac:
+ 89:cb:b0:6c:b0:f0:17:5f:18:3c:a6:96:ca:b3:fa:c7:af:40:
+ 17:e1:7e:e4:dc:ee:fe:5c:dc:86:40:b7:2f:9d:c0:9e:fd:16:
+ 6b:85:ab:c2:a8:63:1f:fe:03:2b:89:6a:80:c9:2e:ae:cc:3d:
+ 19:75:32:0e:56:57:16:27:02:51:49:1d:b3:78:aa:57:d3:00:
+ 9b:93:fe:6d:a3:37:ad:26:35:57:e1:5f:90:bf:ef:30:bc:68:
+ f3:bf:7c:59:69:4f:61:30:2d:48:66:a6:44:2a:51:63:6e:4f:
+ a7:8f:96:7e:91:b2:b2:46:bc:97:1b:01:df:c0:24:5c:b2:aa:
+ 8d:20:3a:25:5d:8a:1c:84:53:0d:d4:f6:d5:81:5d:30:de:c4:
+ d7:fa:42:9c:79:68:92:56:b7:76:69:c6:c9:ad:07:47:a6:d2:
+ 46:d4:a5:0c:10:a9:03:21:4d:56:40:e5:28:e3:fa:70:1b:23:
+ 32:68:07:3d:d6:8a:3a:fb:6d:3b:a6:20:16:1b:09:f3:47:f0:
+ 2a:4f:dc:97:86:56:37:96:42:1b:89:b8:76:1a:ab:7a:25:4e:
+ e8:62:d9:a0:3b:ec:62:72:64:64:ca:87:9c:be:0a:08:09:52:
+ ab:03:89:2b
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIRANJ7Q8ub+wnPzIbv0QGaQvwwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzMwWhcNMjMxMDE1
+MTA0NzMwWjAaMRgwFgYDVQQDDA9kc29jbGFiLWhhcHJveHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDJxyIzCwsPoIzEqYE3vVEvRzL6G4hFsbsRQz3e
+s3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsmJGzXFuWlkI4CRhMCCpZmRoe3
+sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2yKZpbrFqGZgXzGS9ZjXyLapce
+Q4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT8rbgOqqFZnAKqa1cp1L/3PmZ
+XuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6KKb5jrpkPGkOrPXc1fMqUEdQ
+1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZBvGjyT+kZAgMBAAGjgd0wgdow
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUSdx0Ahdxw9CgZDGeYCu0OENi3pgwRgYDVR0j
+BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
+T0xTLUNBggkAinSTJoBbQrcwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MAsGA1UdDwQEAwIFoDA6BgNVHREEMzAxgg9kc29jbGFiLWhhcHJveHmCHmRzb2Ns
+YWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEABKBx
+MdIRkwmWyBsqMbi5NAesicuwbLDwF18YPKaWyrP6x69AF+F+5Nzu/lzchkC3L53A
+nv0Wa4WrwqhjH/4DK4lqgMkursw9GXUyDlZXFicCUUkds3iqV9MAm5P+baM3rSY1
+V+FfkL/vMLxo8798WWlPYTAtSGamRCpRY25Pp4+WfpGyska8lxsB38AkXLKqjSA6
+JV2KHIRTDdT21YFdMN7E1/pCnHlokla3dmnGya0HR6bSRtSlDBCpAyFNVkDlKOP6
+cBsjMmgHPdaKOvttO6YgFhsJ80fwKk/cl4ZWN5ZCG4m4dhqreiVO6GLZoDvsYnJk
+ZMqHnL4KCAlSqwOJKw==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/certs_by_serial/FE7583DEF2355A2C2BBA09720BD80948.pem b/roles/ca/files/CA/certs_by_serial/FE7583DEF2355A2C2BBA09720BD80948.pem
new file mode 100644
index 0000000000000000000000000000000000000000..92b6893716cacfa9e7fb863ad4c4379077e7ac1e
--- /dev/null
+++ b/roles/ca/files/CA/certs_by_serial/FE7583DEF2355A2C2BBA09720BD80948.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ fe:75:83:de:f2:35:5a:2c:2b:ba:09:72:0b:d8:09:48
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-keycloak
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ea:a9:ea:6b:2f:6c:9c:9f:6d:9c:89:4e:01:ba:
+ c6:c0:32:df:59:26:2b:95:f4:c2:3d:c8:7e:22:ce:
+ b6:78:03:e8:22:28:81:9c:9a:a6:a7:ba:fd:05:66:
+ a3:50:81:85:71:c1:d9:ea:bc:21:e1:5d:0a:87:7b:
+ be:55:b0:7d:01:57:de:4c:fe:3a:c5:c9:54:77:2e:
+ 15:fc:12:07:f8:ef:9f:7b:f7:09:01:70:75:53:3b:
+ dc:b1:0c:65:4d:49:c4:fb:1d:42:20:6f:81:45:42:
+ d3:db:1d:4c:57:1b:1d:3b:81:39:ee:b2:cf:95:4b:
+ 29:d0:a8:39:98:d6:93:36:99:bf:c5:43:26:8d:4d:
+ db:6d:24:3b:fc:16:76:a1:fd:6f:c6:19:11:c7:12:
+ 0d:80:16:4c:88:da:2c:09:78:3d:1b:7c:6c:ec:db:
+ 9e:01:50:5f:a3:56:7f:d4:3b:a4:26:d2:6d:42:7b:
+ 88:4e:8d:64:ed:1e:1a:0e:05:58:65:58:47:83:60:
+ 9e:b4:ed:15:ce:72:4f:a0:b5:22:dd:9f:a4:da:88:
+ 86:fe:cb:84:6e:72:3d:00:42:da:8b:85:2a:f2:ef:
+ d7:ee:bb:85:42:ba:b9:fb:d9:9d:d2:2c:58:0f:7c:
+ 02:23:b7:46:d0:69:06:37:40:9d:58:74:89:ca:b7:
+ 12:e5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ FD:C5:77:F8:79:AD:0A:7E:6A:A0:2E:3B:58:6A:9F:43:51:55:0B:DF
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-keycloak, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 9a:c0:35:a3:68:ec:ec:cc:c3:65:5a:bf:03:d0:ee:8d:a0:41:
+ db:6d:89:3e:97:d4:90:7d:63:8e:73:37:43:ae:9a:e2:d0:2b:
+ a7:5e:b2:88:9b:4d:8f:b6:81:bf:f6:46:a0:87:ca:77:ec:5c:
+ af:cd:6b:d8:e8:60:5a:aa:86:be:64:d5:ad:e9:1e:41:7b:6a:
+ df:01:1d:16:86:94:57:82:51:91:be:6b:d6:ae:f0:b9:8c:3d:
+ 11:99:c4:93:eb:f7:fa:9e:a3:e3:f8:97:19:cf:63:55:6a:6e:
+ 4f:e9:a2:64:a7:35:0d:7e:68:23:89:e1:c6:06:4b:34:67:38:
+ 40:d1:81:b3:73:95:3a:3b:67:d2:5a:e4:8e:49:34:b1:ab:6f:
+ b6:60:87:ac:55:5d:f5:59:c0:d5:d3:d8:de:3b:76:c9:41:28:
+ b4:d7:23:ec:a2:3f:1d:3f:74:2e:f0:45:40:35:38:d1:06:50:
+ b2:93:45:df:de:33:5e:0b:89:86:d8:c9:14:61:1c:d2:94:21:
+ 1f:bf:df:32:f0:2f:91:52:b0:08:b7:b9:c2:b7:55:2b:ca:05:
+ e4:eb:91:e1:63:45:5d:1a:6f:e8:76:07:89:e8:42:3e:ec:7b:
+ 51:0e:a0:d5:8e:c3:3d:26:e3:45:b0:5b:61:d1:98:3b:c3:d4:
+ 37:9f:c1:7c
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIRAP51g97yNVosK7oJcgvYCUgwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI4WhcNMjMxMDE1
+MTA0NzI4WjAbMRkwFwYDVQQDDBBkc29jbGFiLWtleWNsb2FrMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qnqay9snJ9tnIlOAbrGwDLfWSYrlfTCPch+
+Is62eAPoIiiBnJqmp7r9BWajUIGFccHZ6rwh4V0Kh3u+VbB9AVfeTP46xclUdy4V
+/BIH+O+fe/cJAXB1UzvcsQxlTUnE+x1CIG+BRULT2x1MVxsdO4E57rLPlUsp0Kg5
+mNaTNpm/xUMmjU3bbSQ7/BZ2of1vxhkRxxINgBZMiNosCXg9G3xs7NueAVBfo1Z/
+1DukJtJtQnuITo1k7R4aDgVYZVhHg2CetO0VznJPoLUi3Z+k2oiG/suEbnI9AELa
+i4Uq8u/X7ruFQrq5+9md0ixYD3wCI7dG0GkGN0CdWHSJyrcS5QIDAQABo4HeMIHb
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFP3Fd/h5rQp+aqAuO1hqn0NRVQvfMEYGA1Ud
+IwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NU
+T09MUy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
+AjALBgNVHQ8EBAMCBaAwOwYDVR0RBDQwMoIQZHNvY2xhYi1rZXljbG9ha4IeZHNv
+Y2xhYi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQCa
+wDWjaOzszMNlWr8D0O6NoEHbbYk+l9SQfWOOczdDrpri0CunXrKIm02PtoG/9kag
+h8p37FyvzWvY6GBaqoa+ZNWt6R5Be2rfAR0WhpRXglGRvmvWrvC5jD0RmcST6/f6
+nqPj+JcZz2NVam5P6aJkpzUNfmgjieHGBks0ZzhA0YGzc5U6O2fSWuSOSTSxq2+2
+YIesVV31WcDV09jeO3bJQSi01yPsoj8dP3Qu8EVANTjRBlCyk0Xf3jNeC4mG2MkU
+YRzSlCEfv98y8C+RUrAIt7nCt1UrygXk65HhY0VdGm/odgeJ6EI+7HtRDqDVjsM9
+JuNFsFth0Zg7w9Q3n8F8
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/extensions.temp b/roles/ca/files/CA/extensions.temp
new file mode 100644
index 0000000000000000000000000000000000000000..5680ec98c31b681502f8c828605876ce30e19995
--- /dev/null
+++ b/roles/ca/files/CA/extensions.temp
@@ -0,0 +1,15 @@
+# X509 extensions added to every signed cert
+
+# This file is included for every cert signed, and by default does nothing.
+# It could be used to add values every cert should have, such as a CDP as
+# demonstrated in the following example:
+
+#crlDistributionPoints = URI:http://example.net/pki/my_ca.crl
+# X509 extensions for a client
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = clientAuth
+keyUsage = digitalSignature
+
diff --git a/roles/ca/files/CA/index.txt b/roles/ca/files/CA/index.txt
new file mode 100644
index 0000000000000000000000000000000000000000..221d42dd9a77ccea288c5b3e083e699777e86d7e
--- /dev/null
+++ b/roles/ca/files/CA/index.txt
@@ -0,0 +1,13 @@
+V 231015104725Z 01EC4DAD3E5E47CF4E4B98495932B337 unknown /CN=dsoclab-nifi-1
+V 231015104725Z 8B69055F8586CEDD21660B2493412660 unknown /CN=dsoclab-nifi-2
+V 231015104726Z 5969918F10EF8D2BAE46B26D6D629D8E unknown /CN=dsoclab-nifi-3
+V 231015104726Z 97D2D0CF2300C0A966D103CA89A99212 unknown /CN=dsoclab-odfe-1
+V 231015104727Z 560A99C5A03FC4B9FC92FDC62F419BB9 unknown /CN=dsoclab-odfe-2
+V 231015104727Z 7DFC33457573E8F16094A74E6B2F23F1 unknown /CN=dsoclab-kibana
+V 231015104728Z FE7583DEF2355A2C2BBA09720BD80948 unknown /CN=dsoclab-keycloak
+V 231015104728Z 7587FCE4CF3EC68117199076B12CD5D2 unknown /CN=dsoclab-misp
+V 231015104729Z 61095C2C8D35EE291C99CEABD42B3CA4 unknown /CN=dsoclab-thehive
+V 231015104729Z 5DC4BC495FA076A813A4C23261640D92 unknown /CN=dsoclab-cortex
+V 231015104730Z D27B43CB9BFB09CFCC86EFD1019A42FC unknown /CN=dsoclab-haproxy
+V 231015104752Z 1DD9AF5415359961C578D1B98BFA6E9F unknown /CN=Bozidar Proevski
+V 231015104752Z A7217943DDD1145BC6F68CBA362CB35B unknown /CN=Arne Oslebo
diff --git a/roles/ca/files/CA/index.txt.attr b/roles/ca/files/CA/index.txt.attr
new file mode 100644
index 0000000000000000000000000000000000000000..3a7e39e6ee60a25017c2fd64fed55b665faa387c
--- /dev/null
+++ b/roles/ca/files/CA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/roles/ca/files/CA/index.txt.attr.old b/roles/ca/files/CA/index.txt.attr.old
new file mode 100644
index 0000000000000000000000000000000000000000..3a7e39e6ee60a25017c2fd64fed55b665faa387c
--- /dev/null
+++ b/roles/ca/files/CA/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/roles/ca/files/CA/index.txt.old b/roles/ca/files/CA/index.txt.old
new file mode 100644
index 0000000000000000000000000000000000000000..022f25472252e7019c5dc2c66f9ba279f0e2b11f
--- /dev/null
+++ b/roles/ca/files/CA/index.txt.old
@@ -0,0 +1,12 @@
+V 231015104725Z 01EC4DAD3E5E47CF4E4B98495932B337 unknown /CN=dsoclab-nifi-1
+V 231015104725Z 8B69055F8586CEDD21660B2493412660 unknown /CN=dsoclab-nifi-2
+V 231015104726Z 5969918F10EF8D2BAE46B26D6D629D8E unknown /CN=dsoclab-nifi-3
+V 231015104726Z 97D2D0CF2300C0A966D103CA89A99212 unknown /CN=dsoclab-odfe-1
+V 231015104727Z 560A99C5A03FC4B9FC92FDC62F419BB9 unknown /CN=dsoclab-odfe-2
+V 231015104727Z 7DFC33457573E8F16094A74E6B2F23F1 unknown /CN=dsoclab-kibana
+V 231015104728Z FE7583DEF2355A2C2BBA09720BD80948 unknown /CN=dsoclab-keycloak
+V 231015104728Z 7587FCE4CF3EC68117199076B12CD5D2 unknown /CN=dsoclab-misp
+V 231015104729Z 61095C2C8D35EE291C99CEABD42B3CA4 unknown /CN=dsoclab-thehive
+V 231015104729Z 5DC4BC495FA076A813A4C23261640D92 unknown /CN=dsoclab-cortex
+V 231015104730Z D27B43CB9BFB09CFCC86EFD1019A42FC unknown /CN=dsoclab-haproxy
+V 231015104752Z 1DD9AF5415359961C578D1B98BFA6E9F unknown /CN=Bozidar Proevski
diff --git a/roles/ca/files/CA/issued/Arne Oslebo.crt b/roles/ca/files/CA/issued/Arne Oslebo.crt
new file mode 100644
index 0000000000000000000000000000000000000000..4baf981ca39d7c8e6270b7823a40dd9e1661d9c3
--- /dev/null
+++ b/roles/ca/files/CA/issued/Arne Oslebo.crt
@@ -0,0 +1,84 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ a7:21:79:43:dd:d1:14:5b:c6:f6:8c:ba:36:2c:b3:5b
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:52 2020 GMT
+ Not After : Oct 15 10:47:52 2023 GMT
+ Subject: CN=Arne Oslebo
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ce:4c:02:19:21:6e:1c:f2:ed:93:d8:fd:bc:1a:
+ a4:c2:11:3b:e1:55:73:e5:26:92:d3:d9:e8:a6:dd:
+ 7d:a2:1d:be:6a:7c:64:06:39:60:33:38:7d:6a:ca:
+ 89:9d:e5:11:58:21:69:f3:3a:88:5e:ea:e5:2e:e1:
+ 9d:bb:00:1f:59:19:69:4f:6b:32:3d:2f:1a:da:95:
+ 3d:99:95:53:9f:b2:ea:db:13:48:63:2d:4a:dc:0c:
+ 4b:a6:1c:4c:62:e2:d0:11:25:67:cb:80:52:02:e8:
+ f8:3b:3c:eb:cb:f4:71:03:5a:be:d9:a0:49:fe:d1:
+ 72:fe:4f:be:e1:ac:a1:ed:a5:15:06:f4:4e:c9:06:
+ ab:9b:92:c2:3e:b9:58:0c:f4:15:0e:04:c0:91:1b:
+ 85:73:9d:b6:97:a1:6c:70:0a:1a:a0:ce:4c:8d:ac:
+ 29:e4:c5:17:00:26:03:44:32:a8:7b:83:52:49:43:
+ 60:11:53:c8:1e:b8:eb:9f:1f:e3:13:54:81:77:c4:
+ 47:4a:2e:20:8d:48:8c:91:2e:e0:d4:e5:37:0b:5c:
+ bb:5f:40:37:92:e9:60:3b:a0:f9:98:7f:6d:b3:20:
+ 92:3c:da:8c:f0:79:81:f2:ea:77:ba:b4:7b:06:54:
+ 75:89:77:7e:ad:08:3a:ae:1e:dc:1c:11:63:08:43:
+ 14:97
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ BA:57:27:B7:A6:72:56:05:70:2F:E2:6E:47:CA:0F:2F:C4:26:44:86
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ 53:30:05:cf:78:2f:0b:25:a1:64:0a:94:06:11:9b:a8:07:d3:
+ 5d:4f:0c:80:78:9c:cb:8e:07:d8:21:29:68:d0:ea:43:55:3f:
+ 14:18:dc:40:cc:a4:84:da:11:24:07:71:35:63:49:3e:bc:10:
+ 3a:93:cd:b8:61:22:e1:43:a8:d4:c5:2b:13:e4:27:62:00:f1:
+ c8:31:d0:27:05:27:6b:0e:77:df:1b:f0:e5:6e:d9:0b:8a:9a:
+ 0b:5f:97:20:2c:dd:e1:37:64:94:1a:9e:f7:a7:63:37:88:71:
+ 0e:57:a2:da:10:1f:2c:a3:a9:e1:40:01:48:58:74:2e:b3:11:
+ 8f:d1:21:30:49:b9:53:29:c5:92:85:85:6b:51:20:05:b4:c5:
+ af:b9:b2:9b:a3:50:1d:59:ac:fa:bf:33:57:61:f4:f1:c3:ee:
+ a2:9a:99:b2:04:de:8b:fc:d2:3c:58:38:ab:9d:d2:6d:f2:e3:
+ 0c:69:a5:76:78:df:ae:c9:67:0a:97:55:3d:f0:8f:5a:5e:de:
+ e6:56:1b:4e:66:c9:34:77:97:54:d4:66:e2:24:3c:f0:43:01:
+ 24:05:0c:32:a0:65:38:09:53:6c:0e:38:ea:7c:b1:d6:51:11:
+ 60:8f:28:9f:ab:13:d0:75:f3:93:13:f2:1e:a4:bd:18:ae:b0:
+ 0f:f6:29:d4
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAjegAwIBAgIRAKcheUPd0RRbxvaMujYss1swDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzUyWhcNMjMxMDE1
+MTA0NzUyWjAWMRQwEgYDVQQDDAtBcm5lIE9zbGVibzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM5MAhkhbhzy7ZPY/bwapMIRO+FVc+UmktPZ6KbdfaId
+vmp8ZAY5YDM4fWrKiZ3lEVghafM6iF7q5S7hnbsAH1kZaU9rMj0vGtqVPZmVU5+y
+6tsTSGMtStwMS6YcTGLi0BElZ8uAUgLo+Ds868v0cQNavtmgSf7Rcv5PvuGsoe2l
+FQb0TskGq5uSwj65WAz0FQ4EwJEbhXOdtpehbHAKGqDOTI2sKeTFFwAmA0QyqHuD
+UklDYBFTyB64658f4xNUgXfER0ouII1IjJEu4NTlNwtcu19AN5LpYDug+Zh/bbMg
+kjzajPB5gfLqd7q0ewZUdYl3fq0IOq4e3BwRYwhDFJcCAwEAAaOBlzCBlDAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBS6Vye3pnJWBXAv4m5Hyg8vxCZEhjBGBgNVHSMEPzA9
+gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
+Q0GCCQCKdJMmgFtCtzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4Aw
+DQYJKoZIhvcNAQELBQADggEBAFMwBc94LwsloWQKlAYRm6gH011PDIB4nMuOB9gh
+KWjQ6kNVPxQY3EDMpITaESQHcTVjST68EDqTzbhhIuFDqNTFKxPkJ2IA8cgx0CcF
+J2sOd98b8OVu2QuKmgtflyAs3eE3ZJQanvenYzeIcQ5XotoQHyyjqeFAAUhYdC6z
+EY/RITBJuVMpxZKFhWtRIAW0xa+5spujUB1ZrPq/M1dh9PHD7qKambIE3ov80jxY
+OKud0m3y4wxppXZ4367JZwqXVT3wj1pe3uZWG05myTR3l1TUZuIkPPBDASQFDDKg
+ZTgJU2wOOOp8sdZREWCPKJ+rE9B185MT8h6kvRiusA/2KdQ=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/Bozidar Proevski.crt b/roles/ca/files/CA/issued/Bozidar Proevski.crt
new file mode 100644
index 0000000000000000000000000000000000000000..af57c1e1d395c9d3bdbf1f4c5c18458fdcc4e02d
--- /dev/null
+++ b/roles/ca/files/CA/issued/Bozidar Proevski.crt
@@ -0,0 +1,84 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 1d:d9:af:54:15:35:99:61:c5:78:d1:b9:8b:fa:6e:9f
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:52 2020 GMT
+ Not After : Oct 15 10:47:52 2023 GMT
+ Subject: CN=Bozidar Proevski
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:9a:de:00:fd:f1:e9:b9:29:d9:58:d0:47:21:cf:
+ 4b:67:17:f7:a9:02:93:17:cf:57:5b:6f:db:26:90:
+ 30:09:0b:d9:c5:66:5e:f6:22:66:ab:48:06:aa:6c:
+ 88:b3:fd:93:45:a4:60:c9:5f:2b:6c:af:db:68:5e:
+ 27:e6:85:71:27:b7:20:52:61:df:14:1b:da:06:39:
+ b2:21:20:4b:22:48:b7:4b:76:44:02:b1:89:5f:0e:
+ 59:22:cb:b9:c9:1e:8d:a0:ac:28:5d:e5:ae:c8:ea:
+ cc:05:20:a2:60:11:12:8d:6d:88:0a:73:e8:7c:68:
+ 9c:48:2c:c9:a8:c6:9d:c3:3c:c1:e7:f4:07:f7:5b:
+ 6e:42:3d:3d:0f:85:6f:e2:b9:88:a9:d0:02:84:b8:
+ 19:6a:ae:13:a1:97:50:98:16:c8:0c:1b:bd:02:c8:
+ 5f:a3:2f:73:7e:25:f8:8c:e7:92:43:c7:6a:75:bc:
+ 85:ea:1c:47:28:ce:2c:9b:3a:8f:a8:07:e9:8c:8a:
+ 75:3e:c1:97:32:ce:e3:c5:ca:1e:0a:d7:3c:77:0a:
+ d2:ab:51:c3:e5:dc:37:90:1a:35:bf:a0:4a:aa:bd:
+ 38:ef:9e:6d:f8:81:37:7f:d3:77:23:c6:5b:63:98:
+ 64:07:2f:47:fd:7d:21:2f:57:c2:d8:44:00:c2:29:
+ 22:79
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ A3:9F:29:21:E0:E5:18:E4:CB:4C:2D:7F:84:2F:AF:F2:49:F0:83:3A
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ ad:cb:66:5d:b7:29:e5:19:7b:7c:ae:23:50:58:34:db:c9:79:
+ 39:de:57:83:34:03:6d:bc:bf:e2:31:79:9d:2b:a2:7a:e0:c4:
+ c8:19:96:e0:20:f3:05:2a:a6:f4:b8:90:c4:ea:8d:5e:86:e1:
+ 13:99:59:0f:da:c8:3d:96:0d:78:04:4f:26:9c:6a:7c:8e:50:
+ 5a:30:f1:37:dc:26:99:28:35:f8:25:b9:4b:f8:d2:f0:d3:b5:
+ 61:32:c9:9c:43:39:21:43:c1:de:0d:4d:8e:e5:6f:a1:58:e5:
+ 01:84:d6:a5:de:88:2a:55:9f:ec:de:be:b1:13:61:33:dd:50:
+ 19:89:dd:11:48:5e:c2:14:8d:69:8f:a9:43:73:80:71:8f:54:
+ ba:da:74:b4:26:ec:5b:82:88:84:90:6d:f7:58:3f:78:d3:20:
+ 5b:c3:9b:82:85:b7:ef:98:12:4f:ba:e8:38:f3:8c:af:85:91:
+ 66:40:fe:a9:b2:fd:d6:76:ad:70:b7:b5:33:88:64:31:97:81:
+ d9:c6:ec:47:9b:af:3f:31:c8:de:0c:cc:88:3d:b7:6f:6f:19:
+ 24:f1:ae:ff:de:95:31:3f:38:e5:ed:a1:e1:e4:6b:54:1f:26:
+ b8:53:79:cf:fe:89:ba:bc:35:a1:bc:2f:8a:07:a2:eb:0d:90:
+ 72:ad:8a:60
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAjugAwIBAgIQHdmvVBU1mWHFeNG5i/punzANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3NTJaFw0yMzEwMTUx
+MDQ3NTJaMBsxGTAXBgNVBAMMEEJvemlkYXIgUHJvZXZza2kwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCa3gD98em5KdlY0Echz0tnF/epApMXz1dbb9sm
+kDAJC9nFZl72ImarSAaqbIiz/ZNFpGDJXytsr9toXifmhXEntyBSYd8UG9oGObIh
+IEsiSLdLdkQCsYlfDlkiy7nJHo2grChd5a7I6swFIKJgERKNbYgKc+h8aJxILMmo
+xp3DPMHn9Af3W25CPT0PhW/iuYip0AKEuBlqrhOhl1CYFsgMG70CyF+jL3N+JfiM
+55JDx2p1vIXqHEcoziybOo+oB+mMinU+wZcyzuPFyh4K1zx3CtKrUcPl3DeQGjW/
+oEqqvTjvnm34gTd/03cjxltjmGQHL0f9fSEvV8LYRADCKSJ5AgMBAAGjgZcwgZQw
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUo58pIeDlGOTLTC1/hC+v8knwgzowRgYDVR0j
+BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
+T0xTLUNBggkAinSTJoBbQrcwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQD
+AgeAMA0GCSqGSIb3DQEBCwUAA4IBAQCty2ZdtynlGXt8riNQWDTbyXk53leDNANt
+vL/iMXmdK6J64MTIGZbgIPMFKqb0uJDE6o1ehuETmVkP2sg9lg14BE8mnGp8jlBa
+MPE33CaZKDX4JblL+NLw07VhMsmcQzkhQ8HeDU2O5W+hWOUBhNal3ogqVZ/s3r6x
+E2Ez3VAZid0RSF7CFI1pj6lDc4Bxj1S62nS0JuxbgoiEkG33WD940yBbw5uChbfv
+mBJPuug484yvhZFmQP6psv3Wdq1wt7UziGQxl4HZxuxHm68/McjeDMyIPbdvbxkk
+8a7/3pUxPzjl7aHh5GtUHya4U3nP/om6vDWhvC+KB6LrDZByrYpg
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-cortex.crt b/roles/ca/files/CA/issued/dsoclab-cortex.crt
new file mode 100644
index 0000000000000000000000000000000000000000..a743bd0055110d9dbad79cdcc70e2ccfe946b100
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-cortex.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 5d:c4:bc:49:5f:a0:76:a8:13:a4:c2:32:61:64:0d:92
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:29 2020 GMT
+ Not After : Oct 15 10:47:29 2023 GMT
+ Subject: CN=dsoclab-cortex
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cd:09:6b:14:33:4a:47:75:5b:d3:d9:67:3b:4d:
+ ad:1f:a7:1f:33:ab:86:b1:aa:3b:09:ab:1a:a6:fb:
+ a0:60:04:e3:68:33:0e:85:54:d1:70:61:8a:b9:d5:
+ d6:b5:6c:c2:b3:36:02:94:b7:1d:18:93:5f:88:81:
+ ff:2a:f4:99:58:6d:d7:96:e2:d2:64:77:b9:74:44:
+ 3c:f0:fb:5b:0f:43:7d:38:5d:fe:b0:db:05:7a:a9:
+ c5:10:24:75:13:c8:2d:da:69:be:e3:43:33:f0:28:
+ 30:9a:53:f8:f8:d3:10:32:35:ec:1d:87:ab:1e:2c:
+ b5:00:7c:9f:8f:61:e0:5d:56:15:8c:46:45:09:78:
+ 02:78:10:c0:af:2f:25:6c:c2:5b:ed:5f:c1:33:0b:
+ f8:c8:13:dc:df:c3:fc:05:90:ff:06:9e:cb:bc:1d:
+ 2b:c2:57:f2:bd:aa:22:b3:4b:f5:ca:b2:b8:00:18:
+ f1:14:10:b8:5e:69:9f:ed:fc:04:83:d9:2e:b7:9a:
+ 8a:45:1c:54:71:8f:61:02:6a:8a:84:2f:67:df:92:
+ 3a:0c:5f:e5:b6:e7:6c:27:69:1f:5b:06:d6:7f:e6:
+ df:ab:2f:31:a5:cd:63:32:60:c0:07:50:6c:0d:39:
+ cb:68:ae:3c:b2:da:0f:20:06:77:2c:28:ab:3a:30:
+ 92:1b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 9A:0E:E1:26:13:A7:12:5F:A4:F1:41:C0:09:FC:AD:EB:4E:66:C2:50
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-cortex, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 27:2e:a1:0c:8d:fb:b1:36:ff:4e:ac:00:91:75:81:4b:20:79:
+ 3f:da:1c:e1:80:b9:8c:6b:60:47:a5:8c:bf:1f:34:98:61:95:
+ 00:bb:79:d4:9e:c8:fb:dc:fb:6a:48:b2:69:d1:1a:04:cc:52:
+ ca:0b:48:01:3e:94:1e:68:0b:e3:4d:fa:12:c4:aa:ff:b6:5b:
+ 0c:3c:80:21:fe:50:87:8a:14:3a:7d:e7:a3:5e:b6:dc:22:ba:
+ cc:97:69:00:a8:78:08:dd:66:d1:cb:ca:28:41:b9:cc:8a:6b:
+ 7c:40:b7:5e:1d:a1:88:5a:b3:fd:18:77:e9:c4:48:fd:38:8f:
+ 06:6e:78:0e:f1:1a:1b:b2:6c:0a:df:38:11:e3:5a:3d:2a:5b:
+ de:41:63:14:ab:25:8e:a6:9f:a8:b7:32:9e:dc:23:45:f3:6b:
+ 6d:86:b7:17:b3:53:df:55:bd:cb:41:a1:b7:73:ae:21:1b:68:
+ b3:b1:0a:e5:e6:0c:2a:77:76:23:f3:87:ee:5f:0e:6d:cd:3b:
+ 94:9a:6f:f2:fd:4f:2d:72:a3:21:94:55:c0:4a:6c:2b:13:e3:
+ 82:13:a5:1f:82:6b:ae:6e:e2:ec:eb:7a:25:6a:f2:9e:45:d7:
+ 0a:7d:75:be:9d:f7:94:6f:ce:a5:27:d6:9b:dc:d2:12:54:64:
+ 09:c4:f6:a9
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQXcS8SV+gdqgTpMIyYWQNkjANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
+MDQ3MjlaMBkxFzAVBgNVBAMMDmRzb2NsYWItY29ydGV4MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzQlrFDNKR3Vb09lnO02tH6cfM6uGsao7Casapvug
+YATjaDMOhVTRcGGKudXWtWzCszYClLcdGJNfiIH/KvSZWG3XluLSZHe5dEQ88Ptb
+D0N9OF3+sNsFeqnFECR1E8gt2mm+40Mz8CgwmlP4+NMQMjXsHYerHiy1AHyfj2Hg
+XVYVjEZFCXgCeBDAry8lbMJb7V/BMwv4yBPc38P8BZD/Bp7LvB0rwlfyvaois0v1
+yrK4ABjxFBC4Xmmf7fwEg9kut5qKRRxUcY9hAmqKhC9n35I6DF/ltudsJ2kfWwbW
+f+bfqy8xpc1jMmDAB1BsDTnLaK48stoPIAZ3LCirOjCSGwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFJoO4SYTpxJfpPFBwAn8retOZsJQMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1jb3J0ZXiCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAJy6hDI37
+sTb/TqwAkXWBSyB5P9oc4YC5jGtgR6WMvx80mGGVALt51J7I+9z7akiyadEaBMxS
+ygtIAT6UHmgL4036EsSq/7ZbDDyAIf5Qh4oUOn3no1623CK6zJdpAKh4CN1m0cvK
+KEG5zIprfEC3Xh2hiFqz/Rh36cRI/TiPBm54DvEaG7JsCt84EeNaPSpb3kFjFKsl
+jqafqLcyntwjRfNrbYa3F7NT31W9y0Ght3OuIRtos7EK5eYMKnd2I/OH7l8Obc07
+lJpv8v1PLXKjIZRVwEpsKxPjghOlH4Jrrm7i7Ot6JWrynkXXCn11vp33lG/OpSfW
+m9zSElRkCcT2qQ==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-haproxy.crt b/roles/ca/files/CA/issued/dsoclab-haproxy.crt
new file mode 100644
index 0000000000000000000000000000000000000000..5be39cb377745bb5bc5303c2b7d55d44877f9260
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-haproxy.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d2:7b:43:cb:9b:fb:09:cf:cc:86:ef:d1:01:9a:42:fc
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:30 2020 GMT
+ Not After : Oct 15 10:47:30 2023 GMT
+ Subject: CN=dsoclab-haproxy
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c9:c7:22:33:0b:0b:0f:a0:8c:c4:a9:81:37:bd:
+ 51:2f:47:32:fa:1b:88:45:b1:bb:11:43:3d:de:b3:
+ 70:67:d7:8b:39:5a:8f:13:fb:2f:78:08:b1:b1:32:
+ c6:d1:0e:e4:d3:2e:3a:db:84:db:d2:65:6b:26:24:
+ 6c:d7:16:e5:a5:90:8e:02:46:13:02:0a:96:66:46:
+ 87:b7:b0:ee:56:4c:3c:d8:ae:4c:7d:ef:5b:aa:6e:
+ 01:8e:89:fe:4c:b9:de:6c:ba:e4:3f:8d:f8:d7:3a:
+ ed:b2:29:9a:5b:ac:5a:86:66:05:f3:19:2f:59:8d:
+ 7c:8b:6a:97:1e:43:8a:36:80:b2:e9:e1:84:f6:94:
+ bc:13:11:31:b8:d2:5a:72:ed:68:c3:b1:37:e4:5b:
+ 91:82:62:aa:13:f2:b6:e0:3a:aa:85:66:70:0a:a9:
+ ad:5c:a7:52:ff:dc:f9:99:5e:e5:15:d5:0c:fe:cd:
+ 27:cb:98:9e:5a:69:ca:71:74:31:e6:26:df:ec:d2:
+ 42:43:b9:f3:04:8e:2c:7a:28:a6:f9:8e:ba:64:3c:
+ 69:0e:ac:f5:dc:d5:f3:2a:50:47:50:d4:8c:f5:ee:
+ 31:08:73:69:1f:ae:42:1d:52:84:5d:47:68:dd:a3:
+ 1f:07:57:ec:3e:9e:0d:23:78:16:41:bc:68:f2:4f:
+ e9:19
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 49:DC:74:02:17:71:C3:D0:A0:64:31:9E:60:2B:B4:38:43:62:DE:98
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-haproxy, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 04:a0:71:31:d2:11:93:09:96:c8:1b:2a:31:b8:b9:34:07:ac:
+ 89:cb:b0:6c:b0:f0:17:5f:18:3c:a6:96:ca:b3:fa:c7:af:40:
+ 17:e1:7e:e4:dc:ee:fe:5c:dc:86:40:b7:2f:9d:c0:9e:fd:16:
+ 6b:85:ab:c2:a8:63:1f:fe:03:2b:89:6a:80:c9:2e:ae:cc:3d:
+ 19:75:32:0e:56:57:16:27:02:51:49:1d:b3:78:aa:57:d3:00:
+ 9b:93:fe:6d:a3:37:ad:26:35:57:e1:5f:90:bf:ef:30:bc:68:
+ f3:bf:7c:59:69:4f:61:30:2d:48:66:a6:44:2a:51:63:6e:4f:
+ a7:8f:96:7e:91:b2:b2:46:bc:97:1b:01:df:c0:24:5c:b2:aa:
+ 8d:20:3a:25:5d:8a:1c:84:53:0d:d4:f6:d5:81:5d:30:de:c4:
+ d7:fa:42:9c:79:68:92:56:b7:76:69:c6:c9:ad:07:47:a6:d2:
+ 46:d4:a5:0c:10:a9:03:21:4d:56:40:e5:28:e3:fa:70:1b:23:
+ 32:68:07:3d:d6:8a:3a:fb:6d:3b:a6:20:16:1b:09:f3:47:f0:
+ 2a:4f:dc:97:86:56:37:96:42:1b:89:b8:76:1a:ab:7a:25:4e:
+ e8:62:d9:a0:3b:ec:62:72:64:64:ca:87:9c:be:0a:08:09:52:
+ ab:03:89:2b
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIRANJ7Q8ub+wnPzIbv0QGaQvwwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzMwWhcNMjMxMDE1
+MTA0NzMwWjAaMRgwFgYDVQQDDA9kc29jbGFiLWhhcHJveHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDJxyIzCwsPoIzEqYE3vVEvRzL6G4hFsbsRQz3e
+s3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsmJGzXFuWlkI4CRhMCCpZmRoe3
+sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2yKZpbrFqGZgXzGS9ZjXyLapce
+Q4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT8rbgOqqFZnAKqa1cp1L/3PmZ
+XuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6KKb5jrpkPGkOrPXc1fMqUEdQ
+1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZBvGjyT+kZAgMBAAGjgd0wgdow
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUSdx0Ahdxw9CgZDGeYCu0OENi3pgwRgYDVR0j
+BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
+T0xTLUNBggkAinSTJoBbQrcwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MAsGA1UdDwQEAwIFoDA6BgNVHREEMzAxgg9kc29jbGFiLWhhcHJveHmCHmRzb2Ns
+YWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEABKBx
+MdIRkwmWyBsqMbi5NAesicuwbLDwF18YPKaWyrP6x69AF+F+5Nzu/lzchkC3L53A
+nv0Wa4WrwqhjH/4DK4lqgMkursw9GXUyDlZXFicCUUkds3iqV9MAm5P+baM3rSY1
+V+FfkL/vMLxo8798WWlPYTAtSGamRCpRY25Pp4+WfpGyska8lxsB38AkXLKqjSA6
+JV2KHIRTDdT21YFdMN7E1/pCnHlokla3dmnGya0HR6bSRtSlDBCpAyFNVkDlKOP6
+cBsjMmgHPdaKOvttO6YgFhsJ80fwKk/cl4ZWN5ZCG4m4dhqreiVO6GLZoDvsYnJk
+ZMqHnL4KCAlSqwOJKw==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-keycloak.crt b/roles/ca/files/CA/issued/dsoclab-keycloak.crt
new file mode 100644
index 0000000000000000000000000000000000000000..92b6893716cacfa9e7fb863ad4c4379077e7ac1e
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-keycloak.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ fe:75:83:de:f2:35:5a:2c:2b:ba:09:72:0b:d8:09:48
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-keycloak
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ea:a9:ea:6b:2f:6c:9c:9f:6d:9c:89:4e:01:ba:
+ c6:c0:32:df:59:26:2b:95:f4:c2:3d:c8:7e:22:ce:
+ b6:78:03:e8:22:28:81:9c:9a:a6:a7:ba:fd:05:66:
+ a3:50:81:85:71:c1:d9:ea:bc:21:e1:5d:0a:87:7b:
+ be:55:b0:7d:01:57:de:4c:fe:3a:c5:c9:54:77:2e:
+ 15:fc:12:07:f8:ef:9f:7b:f7:09:01:70:75:53:3b:
+ dc:b1:0c:65:4d:49:c4:fb:1d:42:20:6f:81:45:42:
+ d3:db:1d:4c:57:1b:1d:3b:81:39:ee:b2:cf:95:4b:
+ 29:d0:a8:39:98:d6:93:36:99:bf:c5:43:26:8d:4d:
+ db:6d:24:3b:fc:16:76:a1:fd:6f:c6:19:11:c7:12:
+ 0d:80:16:4c:88:da:2c:09:78:3d:1b:7c:6c:ec:db:
+ 9e:01:50:5f:a3:56:7f:d4:3b:a4:26:d2:6d:42:7b:
+ 88:4e:8d:64:ed:1e:1a:0e:05:58:65:58:47:83:60:
+ 9e:b4:ed:15:ce:72:4f:a0:b5:22:dd:9f:a4:da:88:
+ 86:fe:cb:84:6e:72:3d:00:42:da:8b:85:2a:f2:ef:
+ d7:ee:bb:85:42:ba:b9:fb:d9:9d:d2:2c:58:0f:7c:
+ 02:23:b7:46:d0:69:06:37:40:9d:58:74:89:ca:b7:
+ 12:e5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ FD:C5:77:F8:79:AD:0A:7E:6A:A0:2E:3B:58:6A:9F:43:51:55:0B:DF
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-keycloak, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 9a:c0:35:a3:68:ec:ec:cc:c3:65:5a:bf:03:d0:ee:8d:a0:41:
+ db:6d:89:3e:97:d4:90:7d:63:8e:73:37:43:ae:9a:e2:d0:2b:
+ a7:5e:b2:88:9b:4d:8f:b6:81:bf:f6:46:a0:87:ca:77:ec:5c:
+ af:cd:6b:d8:e8:60:5a:aa:86:be:64:d5:ad:e9:1e:41:7b:6a:
+ df:01:1d:16:86:94:57:82:51:91:be:6b:d6:ae:f0:b9:8c:3d:
+ 11:99:c4:93:eb:f7:fa:9e:a3:e3:f8:97:19:cf:63:55:6a:6e:
+ 4f:e9:a2:64:a7:35:0d:7e:68:23:89:e1:c6:06:4b:34:67:38:
+ 40:d1:81:b3:73:95:3a:3b:67:d2:5a:e4:8e:49:34:b1:ab:6f:
+ b6:60:87:ac:55:5d:f5:59:c0:d5:d3:d8:de:3b:76:c9:41:28:
+ b4:d7:23:ec:a2:3f:1d:3f:74:2e:f0:45:40:35:38:d1:06:50:
+ b2:93:45:df:de:33:5e:0b:89:86:d8:c9:14:61:1c:d2:94:21:
+ 1f:bf:df:32:f0:2f:91:52:b0:08:b7:b9:c2:b7:55:2b:ca:05:
+ e4:eb:91:e1:63:45:5d:1a:6f:e8:76:07:89:e8:42:3e:ec:7b:
+ 51:0e:a0:d5:8e:c3:3d:26:e3:45:b0:5b:61:d1:98:3b:c3:d4:
+ 37:9f:c1:7c
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIRAP51g97yNVosK7oJcgvYCUgwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI4WhcNMjMxMDE1
+MTA0NzI4WjAbMRkwFwYDVQQDDBBkc29jbGFiLWtleWNsb2FrMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qnqay9snJ9tnIlOAbrGwDLfWSYrlfTCPch+
+Is62eAPoIiiBnJqmp7r9BWajUIGFccHZ6rwh4V0Kh3u+VbB9AVfeTP46xclUdy4V
+/BIH+O+fe/cJAXB1UzvcsQxlTUnE+x1CIG+BRULT2x1MVxsdO4E57rLPlUsp0Kg5
+mNaTNpm/xUMmjU3bbSQ7/BZ2of1vxhkRxxINgBZMiNosCXg9G3xs7NueAVBfo1Z/
+1DukJtJtQnuITo1k7R4aDgVYZVhHg2CetO0VznJPoLUi3Z+k2oiG/suEbnI9AELa
+i4Uq8u/X7ruFQrq5+9md0ixYD3wCI7dG0GkGN0CdWHSJyrcS5QIDAQABo4HeMIHb
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFP3Fd/h5rQp+aqAuO1hqn0NRVQvfMEYGA1Ud
+IwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NU
+T09MUy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
+AjALBgNVHQ8EBAMCBaAwOwYDVR0RBDQwMoIQZHNvY2xhYi1rZXljbG9ha4IeZHNv
+Y2xhYi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQCa
+wDWjaOzszMNlWr8D0O6NoEHbbYk+l9SQfWOOczdDrpri0CunXrKIm02PtoG/9kag
+h8p37FyvzWvY6GBaqoa+ZNWt6R5Be2rfAR0WhpRXglGRvmvWrvC5jD0RmcST6/f6
+nqPj+JcZz2NVam5P6aJkpzUNfmgjieHGBks0ZzhA0YGzc5U6O2fSWuSOSTSxq2+2
+YIesVV31WcDV09jeO3bJQSi01yPsoj8dP3Qu8EVANTjRBlCyk0Xf3jNeC4mG2MkU
+YRzSlCEfv98y8C+RUrAIt7nCt1UrygXk65HhY0VdGm/odgeJ6EI+7HtRDqDVjsM9
+JuNFsFth0Zg7w9Q3n8F8
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-kibana.crt b/roles/ca/files/CA/issued/dsoclab-kibana.crt
new file mode 100644
index 0000000000000000000000000000000000000000..f47839f66eda87805afce110cf5d0c2e136e8abe
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-kibana.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 7d:fc:33:45:75:73:e8:f1:60:94:a7:4e:6b:2f:23:f1
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:27 2020 GMT
+ Not After : Oct 15 10:47:27 2023 GMT
+ Subject: CN=dsoclab-kibana
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ce:4f:c9:0f:84:4d:4e:7b:dc:11:90:c9:49:a8:
+ f3:60:44:a8:25:1b:59:83:64:0b:d1:e0:bc:59:50:
+ 22:a5:f5:88:7a:c8:40:65:e4:22:3d:77:d2:8f:9e:
+ 30:17:80:5e:20:85:bc:70:67:61:cb:d8:e2:9f:9a:
+ 7c:7b:a6:e8:4e:79:7b:cd:86:6e:26:52:37:45:b6:
+ ab:b7:6f:40:8f:7a:55:8b:d1:91:cc:21:6f:55:37:
+ 50:3b:72:1f:2d:3b:bf:75:47:91:88:6a:1c:ea:39:
+ dd:8b:25:31:55:0e:bc:52:6f:bf:0b:96:ef:e3:12:
+ 5c:da:63:22:54:e5:b3:95:8b:02:9e:57:3e:7b:4f:
+ a0:f5:6f:07:a8:5b:45:7c:cb:34:83:77:34:a5:b1:
+ ff:05:12:88:8f:cc:c4:05:5d:e9:e7:7d:2b:12:fa:
+ bb:4d:25:f4:f7:04:e7:95:06:95:ea:a9:c4:75:4e:
+ f7:03:67:2d:9c:9a:f4:01:f6:2a:8d:6c:6d:d0:59:
+ a9:ce:1f:12:b1:76:39:c8:07:d4:20:73:1e:f3:9c:
+ b9:67:83:3b:a8:7c:6e:fb:86:ea:3f:6a:8e:98:4c:
+ 39:a9:d1:4d:be:9f:0a:43:49:1b:fd:09:67:b6:62:
+ 71:fd:87:9a:63:25:00:aa:c7:a1:4d:23:12:e3:56:
+ 0f:6f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 50:F3:7D:4F:B2:8C:A5:09:FD:64:CB:C1:97:F1:F8:49:C8:6B:30:4D
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-kibana, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ ae:be:82:6f:6d:e6:c4:cb:c3:2a:d9:d6:ee:11:52:a6:de:89:
+ 9e:31:a3:e2:86:07:e9:d1:fe:95:c9:a2:38:90:df:05:ff:e5:
+ 99:27:e8:d8:55:00:8a:85:b3:15:a5:e5:5b:ce:4e:4f:01:3b:
+ 74:a4:b2:09:fc:6e:95:92:94:2f:76:0d:c7:97:1b:78:c1:08:
+ 1e:3a:0e:fa:a6:ab:db:1e:22:26:86:39:f4:bb:89:a1:a1:d1:
+ 55:f6:c3:ff:9b:a5:eb:1b:6a:84:8a:1d:3c:5f:7c:03:0d:08:
+ 42:6f:d7:14:86:61:38:66:65:f7:c2:86:68:db:81:e9:41:0f:
+ 82:cf:bb:be:fd:d7:94:48:cc:f8:cf:4a:40:ce:33:c4:75:51:
+ 00:7e:c7:93:f6:3b:92:c1:5e:8a:ce:5f:2c:c2:f4:fe:ec:77:
+ 9e:ea:30:d9:53:ee:f9:b9:fd:50:f5:6b:92:1c:57:d2:e0:f3:
+ 05:d8:79:a9:63:16:13:09:cf:5f:39:dc:ec:43:e4:65:45:43:
+ 65:e4:7c:39:a3:a2:81:47:ab:8f:57:a9:89:9d:56:4b:77:b1:
+ 04:c8:9c:54:d2:5c:28:f5:d3:66:ae:9a:9c:a5:91:c7:eb:20:
+ 69:fb:58:99:c7:5e:be:ec:4a:7a:62:09:fe:3b:30:f2:4a:d7:
+ 1d:f9:0b:c3
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQffwzRXVz6PFglKdOay8j8TANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
+MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWIta2liYW5hMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzk/JD4RNTnvcEZDJSajzYESoJRtZg2QL0eC8WVAi
+pfWIeshAZeQiPXfSj54wF4BeIIW8cGdhy9jin5p8e6boTnl7zYZuJlI3Rbart29A
+j3pVi9GRzCFvVTdQO3IfLTu/dUeRiGoc6jndiyUxVQ68Um+/C5bv4xJc2mMiVOWz
+lYsCnlc+e0+g9W8HqFtFfMs0g3c0pbH/BRKIj8zEBV3p530rEvq7TSX09wTnlQaV
+6qnEdU73A2ctnJr0AfYqjWxt0Fmpzh8SsXY5yAfUIHMe85y5Z4M7qHxu+4bqP2qO
+mEw5qdFNvp8KQ0kb/QlntmJx/YeaYyUAqsehTSMS41YPbwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFFDzfU+yjKUJ/WTLwZfx+EnIazBNMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1raWJhbmGCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEArr6Cb23m
+xMvDKtnW7hFSpt6JnjGj4oYH6dH+lcmiOJDfBf/lmSfo2FUAioWzFaXlW85OTwE7
+dKSyCfxulZKUL3YNx5cbeMEIHjoO+qar2x4iJoY59LuJoaHRVfbD/5ul6xtqhIod
+PF98Aw0IQm/XFIZhOGZl98KGaNuB6UEPgs+7vv3XlEjM+M9KQM4zxHVRAH7Hk/Y7
+ksFeis5fLML0/ux3nuow2VPu+bn9UPVrkhxX0uDzBdh5qWMWEwnPXznc7EPkZUVD
+ZeR8OaOigUerj1epiZ1WS3exBMicVNJcKPXTZq6anKWRx+sgaftYmcdevuxKemIJ
+/jsw8krXHfkLww==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-misp.crt b/roles/ca/files/CA/issued/dsoclab-misp.crt
new file mode 100644
index 0000000000000000000000000000000000000000..f83010441e252486cc934677a1e0a0de1ebe2328
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-misp.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 75:87:fc:e4:cf:3e:c6:81:17:19:90:76:b1:2c:d5:d2
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-misp
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cf:b1:1b:e7:a2:ae:70:81:71:a5:57:46:14:2e:
+ 47:64:89:4e:bd:7d:f0:82:2d:03:19:d6:87:44:b3:
+ 42:bf:72:78:03:cc:91:98:5b:36:42:14:55:e2:82:
+ 16:12:58:60:54:44:8f:15:f6:1b:1f:76:36:22:2e:
+ e8:ac:d3:3c:0a:df:46:c7:f1:04:bc:3a:bf:fe:4b:
+ 8f:2a:53:83:e3:50:82:06:09:fc:2a:fa:fe:94:a0:
+ 7b:7f:c2:3e:0b:3e:dc:72:b8:94:10:0a:0b:90:fd:
+ 45:76:29:85:52:bf:0f:20:43:78:fe:3b:d3:49:20:
+ 8f:9a:a5:0c:89:bb:0e:97:f2:67:b0:2d:f0:17:53:
+ 25:a6:9b:4b:64:0e:72:8a:bf:c9:e3:8e:41:bb:ed:
+ f3:33:6a:55:5f:8d:52:84:fa:a3:67:1a:7b:71:fb:
+ 90:f1:5f:61:df:44:ea:0b:77:88:f2:e5:c1:83:71:
+ 58:c7:58:8a:9b:39:45:59:4e:e0:db:16:b6:96:72:
+ 90:8c:ee:c2:13:75:ea:15:c6:6b:e2:dc:3a:de:c8:
+ 07:de:18:84:2d:96:b6:c4:4c:e1:4a:4d:13:6f:6c:
+ 9a:1d:e5:f9:6f:cc:7e:1b:4a:3a:75:1a:b9:37:b0:
+ 6d:a0:1b:69:35:f1:b6:e6:c2:a5:d3:56:d3:57:c7:
+ 0e:8b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 65:C5:56:88:65:AF:77:F1:53:B2:71:5E:16:10:D1:0B:30:FF:28:BE
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-misp, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 5a:57:76:90:fd:a5:0d:ea:b0:22:c9:02:2e:18:91:81:04:d1:
+ f4:64:58:58:19:27:03:9b:5a:dc:de:6c:0e:fb:b7:76:eb:b1:
+ 97:36:e2:c7:76:ef:7d:d8:00:c3:20:c0:3d:a7:cf:61:f8:16:
+ 4c:96:4c:7c:c8:89:21:d6:d4:eb:3a:c1:3d:98:34:74:6e:39:
+ 81:20:6f:9b:4b:8d:b9:35:60:c5:76:19:30:30:06:0f:89:b1:
+ 1a:f6:c4:88:52:28:98:41:52:f1:9a:77:82:79:ae:c9:71:ba:
+ d9:e5:e9:b7:ba:08:32:59:eb:5e:7d:11:e0:a8:27:20:91:46:
+ 05:56:1e:e6:0b:4d:49:17:52:7f:4b:c4:a3:e0:cd:30:bd:4e:
+ 6a:70:2a:f5:77:4d:d1:d6:64:13:8d:4b:1a:d3:0b:0f:8a:49:
+ 1e:bf:b4:c0:4f:43:dc:92:e3:c0:f2:2f:4a:c8:30:45:fc:5a:
+ d2:de:92:b2:a1:48:b8:da:ff:f4:0b:04:5d:5d:a7:30:d8:4b:
+ ca:cf:0c:01:6a:50:45:5f:d4:a8:cf:dd:fa:f7:68:0c:4c:45:
+ 47:be:3a:c2:39:bb:04:ff:62:a0:bc:91:a0:f2:2b:67:09:89:
+ 5a:ff:e6:53:c1:89:18:12:a1:0f:5a:d7:e1:12:8b:88:88:89:
+ ca:b0:30:27
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIQdYf85M8+xoEXGZB2sSzV0jANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjhaFw0yMzEwMTUx
+MDQ3MjhaMBcxFTATBgNVBAMMDGRzb2NsYWItbWlzcDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM+xG+eirnCBcaVXRhQuR2SJTr198IItAxnWh0SzQr9y
+eAPMkZhbNkIUVeKCFhJYYFREjxX2Gx92NiIu6KzTPArfRsfxBLw6v/5LjypTg+NQ
+ggYJ/Cr6/pSge3/CPgs+3HK4lBAKC5D9RXYphVK/DyBDeP4700kgj5qlDIm7Dpfy
+Z7At8BdTJaabS2QOcoq/yeOOQbvt8zNqVV+NUoT6o2cae3H7kPFfYd9E6gt3iPLl
+wYNxWMdYips5RVlO4NsWtpZykIzuwhN16hXGa+LcOt7IB94YhC2WtsRM4UpNE29s
+mh3l+W/MfhtKOnUauTewbaAbaTXxtubCpdNW01fHDosCAwEAAaOB2jCB1zAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBRlxVaIZa938VOycV4WENELMP8ovjBGBgNVHSMEPzA9
+gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
+Q0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYD
+VR0PBAQDAgWgMDcGA1UdEQQwMC6CDGRzb2NsYWItbWlzcIIeZHNvY2xhYi5nbjQt
+My13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQBaV3aQ/aUN6rAi
+yQIuGJGBBNH0ZFhYGScDm1rc3mwO+7d267GXNuLHdu992ADDIMA9p89h+BZMlkx8
+yIkh1tTrOsE9mDR0bjmBIG+bS425NWDFdhkwMAYPibEa9sSIUiiYQVLxmneCea7J
+cbrZ5em3uggyWetefRHgqCcgkUYFVh7mC01JF1J/S8Sj4M0wvU5qcCr1d03R1mQT
+jUsa0wsPikkev7TAT0PckuPA8i9KyDBF/FrS3pKyoUi42v/0CwRdXacw2EvKzwwB
+alBFX9Soz93692gMTEVHvjrCObsE/2KgvJGg8itnCYla/+ZTwYkYEqEPWtfhEouI
+iInKsDAn
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-nifi-1.crt b/roles/ca/files/CA/issued/dsoclab-nifi-1.crt
new file mode 100644
index 0000000000000000000000000000000000000000..ad6921cea4ea5b8001bf8a8586b1e446dc752e9d
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-nifi-1.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 01:ec:4d:ad:3e:5e:47:cf:4e:4b:98:49:59:32:b3:37
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:25 2020 GMT
+ Not After : Oct 15 10:47:25 2023 GMT
+ Subject: CN=dsoclab-nifi-1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c3:af:ef:b7:a1:95:47:5f:55:ea:7e:e8:d6:fd:
+ d5:e3:19:68:2e:72:1f:90:62:a8:79:76:d8:d2:f6:
+ 51:df:71:80:37:5a:ec:7d:fb:6d:78:6e:37:fe:e5:
+ 1b:c8:d5:73:e4:c9:a5:cb:e8:4a:48:26:c6:e0:a6:
+ 5e:14:2c:90:b1:81:b2:69:31:e2:44:85:97:f5:60:
+ 12:88:06:9d:8d:cf:4a:a2:77:b3:d9:ff:f3:41:40:
+ 4c:21:e1:73:8d:98:82:2f:37:27:0c:24:d8:67:bd:
+ c7:05:50:40:c5:a9:d0:e4:3f:bb:0c:72:29:7c:be:
+ 06:01:96:03:b8:a0:42:c4:6f:6f:da:aa:17:34:5f:
+ 5e:f3:73:0e:77:b5:7a:9a:59:e3:3c:d1:39:50:17:
+ 2f:53:18:05:82:34:29:1b:19:56:2e:c2:db:24:79:
+ 51:0f:a8:d9:66:3c:72:1e:a0:f7:03:d6:e9:e5:c6:
+ b9:be:94:e4:84:bd:cd:93:26:eb:3b:17:bb:cd:e5:
+ 58:25:f2:28:35:a4:b1:70:df:32:54:85:f6:3c:20:
+ 9f:88:8b:5d:83:a2:c4:1e:31:d9:a1:76:1d:2e:3c:
+ f8:78:64:a4:dd:3a:b2:56:65:bf:a8:2a:a8:ed:62:
+ c9:62:2c:72:bd:9d:7e:6b:1f:80:ea:bc:33:60:47:
+ d3:0f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 87:9A:8D:12:3A:69:8D:89:98:F6:95:D0:F2:ED:C3:DC:ED:A0:22:12
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-1, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 8d:23:38:a7:aa:d0:58:03:f2:98:19:da:62:c6:55:cb:d5:c5:
+ 05:dd:55:c5:f9:41:46:ec:75:06:be:0a:0b:7b:0f:ac:10:dd:
+ 86:bf:4f:6e:05:c1:7b:c1:1d:1c:ce:c7:f0:a9:0c:6e:79:fe:
+ c2:49:18:d5:5d:4a:ae:c8:d8:ab:ec:45:95:94:c1:8b:30:da:
+ 52:1a:42:3c:41:77:65:9e:8a:63:f5:52:c2:71:b7:e2:56:43:
+ bd:89:3a:fa:14:bd:d7:7a:b2:60:43:82:c0:df:4a:e0:a7:02:
+ fd:d7:f6:56:9a:0f:ad:f4:ee:00:06:fb:75:b9:96:63:c8:b3:
+ 75:1f:c6:9d:3b:9d:1a:29:cd:09:f0:80:31:5c:4e:97:62:91:
+ 73:84:aa:11:cc:4b:00:15:a1:92:62:2a:6b:d4:d6:4c:ed:a5:
+ 89:fe:12:c9:d1:0b:48:b8:97:26:e4:5b:ab:da:fe:2d:54:ca:
+ 55:23:8b:22:7f:a1:12:4a:21:3e:9e:bb:48:d6:82:b6:a2:cc:
+ 83:15:5d:5f:c7:52:a1:01:01:70:60:3f:64:b4:1d:85:4f:56:
+ b7:67:77:b8:ea:59:7a:85:ce:e3:4a:e1:d6:2f:e0:b2:60:44:
+ 3a:08:3a:b5:0e:fc:88:ad:e5:a1:f1:a8:79:37:c4:52:02:f0:
+ 5b:05:94:0e
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQAexNrT5eR89OS5hJWTKzNzANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjVaFw0yMzEwMTUx
+MDQ3MjVaMBkxFzAVBgNVBAMMDmRzb2NsYWItbmlmaS0xMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAw6/vt6GVR19V6n7o1v3V4xloLnIfkGKoeXbY0vZR
+33GAN1rsfftteG43/uUbyNVz5Mmly+hKSCbG4KZeFCyQsYGyaTHiRIWX9WASiAad
+jc9Konez2f/zQUBMIeFzjZiCLzcnDCTYZ73HBVBAxanQ5D+7DHIpfL4GAZYDuKBC
+xG9v2qoXNF9e83MOd7V6mlnjPNE5UBcvUxgFgjQpGxlWLsLbJHlRD6jZZjxyHqD3
+A9bp5ca5vpTkhL3NkybrOxe7zeVYJfIoNaSxcN8yVIX2PCCfiItdg6LEHjHZoXYd
+Ljz4eGSk3TqyVmW/qCqo7WLJYixyvZ1+ax+A6rwzYEfTDwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFIeajRI6aY2JmPaV0PLtw9ztoCISMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1uaWZpLTGCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAjSM4p6rQ
+WAPymBnaYsZVy9XFBd1VxflBRux1Br4KC3sPrBDdhr9PbgXBe8EdHM7H8KkMbnn+
+wkkY1V1KrsjYq+xFlZTBizDaUhpCPEF3ZZ6KY/VSwnG34lZDvYk6+hS913qyYEOC
+wN9K4KcC/df2VpoPrfTuAAb7dbmWY8izdR/GnTudGinNCfCAMVxOl2KRc4SqEcxL
+ABWhkmIqa9TWTO2lif4SydELSLiXJuRbq9r+LVTKVSOLIn+hEkohPp67SNaCtqLM
+gxVdX8dSoQEBcGA/ZLQdhU9Wt2d3uOpZeoXO40rh1i/gsmBEOgg6tQ78iK3lofGo
+eTfEUgLwWwWUDg==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-nifi-2.crt b/roles/ca/files/CA/issued/dsoclab-nifi-2.crt
new file mode 100644
index 0000000000000000000000000000000000000000..56a67ac49f381e3f9c9db191d4b79dbbdeb58fc2
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-nifi-2.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8b:69:05:5f:85:86:ce:dd:21:66:0b:24:93:41:26:60
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:25 2020 GMT
+ Not After : Oct 15 10:47:25 2023 GMT
+ Subject: CN=dsoclab-nifi-2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ac:b7:4b:e2:d5:87:7f:8e:15:9b:cf:c0:17:eb:
+ db:8c:e3:1b:83:c0:69:b9:06:91:a0:9b:c6:35:dc:
+ 2f:e8:8c:72:28:50:02:82:c5:b1:eb:da:d9:e3:9d:
+ 95:d2:d9:dd:e1:08:35:6d:83:73:95:98:ba:19:fd:
+ 3e:04:67:9a:09:37:45:79:d3:1d:0b:ec:0a:43:cb:
+ b8:24:cc:68:5c:ce:2e:ae:db:48:d8:6e:5a:f3:31:
+ be:87:28:86:76:8e:8f:8d:68:95:1f:72:6c:65:4a:
+ fc:9e:b8:7d:e2:83:e2:3d:b0:30:5d:c1:73:06:ae:
+ 9b:f7:9a:54:b8:02:6b:82:90:11:08:3f:d6:5f:59:
+ 5c:df:aa:25:59:c0:67:7a:fc:e1:f0:c9:4a:8b:e0:
+ 31:b6:53:13:c2:bf:8c:4f:3a:e6:ed:11:30:a6:41:
+ 26:ad:56:8f:03:0b:ad:87:6c:b2:73:c4:2e:41:3e:
+ 99:1a:b6:29:6d:e0:dc:af:8f:45:6e:d5:69:17:0d:
+ f1:58:a6:7e:8c:80:32:72:24:21:d2:e9:b4:44:23:
+ f6:10:8f:9f:64:7f:ef:e6:ab:f1:43:94:d0:8a:97:
+ 0e:e4:91:bd:86:b9:1f:42:f4:96:39:85:05:26:ed:
+ 90:01:91:11:a3:1f:04:5b:46:ff:1b:a9:74:77:db:
+ 18:03
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 1F:5E:EF:0E:58:69:FD:21:93:48:19:98:81:48:13:2E:FC:31:61:0C
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-2, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 21:2d:9b:f7:0c:74:cd:d4:30:b1:42:5b:32:98:d8:ef:9f:a9:
+ 9b:1b:f0:54:67:c3:20:5b:f1:87:4d:ff:e4:a5:db:af:eb:34:
+ 8a:b3:fa:d6:14:4a:3c:31:11:8f:09:b0:af:25:39:5a:5e:89:
+ 32:cf:c7:48:68:f3:14:72:a0:35:15:ec:76:c7:bb:a7:5b:0c:
+ d5:7e:5b:8c:d8:40:a2:5e:fa:f8:f2:cf:dd:56:65:7e:94:ef:
+ b4:99:25:ba:9f:78:94:7d:54:0c:83:b9:cf:b8:b4:9d:78:6d:
+ 62:e3:6c:98:1f:40:b9:35:3c:51:b5:9f:82:7b:1e:77:db:25:
+ f2:71:df:3d:e9:56:93:86:fe:61:48:4f:db:76:5b:5f:b1:96:
+ f9:46:72:5e:01:80:87:b5:be:b4:00:3b:37:7f:5e:44:d4:7e:
+ c5:87:ed:40:6b:9e:f4:ca:1b:b0:4b:84:97:1f:07:0f:7c:8b:
+ d2:7b:b1:3d:a7:f8:ae:39:07:34:50:41:70:1f:07:ba:a6:a2:
+ 0d:ca:e5:7b:d4:77:2c:95:4d:16:0c:34:e0:a5:59:7f:43:c7:
+ a0:dd:a0:f0:ed:75:5a:0f:61:76:52:34:ef:7c:a7:21:e4:de:
+ 3a:24:cd:39:b6:77:3a:c8:f3:1f:09:2b:80:9a:f0:5d:7f:5e:
+ 73:9d:73:eb
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIRAItpBV+Fhs7dIWYLJJNBJmAwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI1WhcNMjMxMDE1
+MTA0NzI1WjAZMRcwFQYDVQQDDA5kc29jbGFiLW5pZmktMjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKy3S+LVh3+OFZvPwBfr24zjG4PAabkGkaCbxjXc
+L+iMcihQAoLFseva2eOdldLZ3eEINW2Dc5WYuhn9PgRnmgk3RXnTHQvsCkPLuCTM
+aFzOLq7bSNhuWvMxvocohnaOj41olR9ybGVK/J64feKD4j2wMF3Bcwaum/eaVLgC
+a4KQEQg/1l9ZXN+qJVnAZ3r84fDJSovgMbZTE8K/jE865u0RMKZBJq1WjwMLrYds
+snPELkE+mRq2KW3g3K+PRW7VaRcN8VimfoyAMnIkIdLptEQj9hCPn2R/7+ar8UOU
+0IqXDuSRvYa5H0L0ljmFBSbtkAGREaMfBFtG/xupdHfbGAMCAwEAAaOB3DCB2TAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBQfXu8OWGn9IZNIGZiBSBMu/DFhDDBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0ygh5kc29jbGFi
+LmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBACEtm/cM
+dM3UMLFCWzKY2O+fqZsb8FRnwyBb8YdN/+Sl26/rNIqz+tYUSjwxEY8JsK8lOVpe
+iTLPx0ho8xRyoDUV7HbHu6dbDNV+W4zYQKJe+vjyz91WZX6U77SZJbqfeJR9VAyD
+uc+4tJ14bWLjbJgfQLk1PFG1n4J7HnfbJfJx3z3pVpOG/mFIT9t2W1+xlvlGcl4B
+gIe1vrQAOzd/XkTUfsWH7UBrnvTKG7BLhJcfBw98i9J7sT2n+K45BzRQQXAfB7qm
+og3K5XvUdyyVTRYMNOClWX9Dx6DdoPDtdVoPYXZSNO98pyHk3jokzTm2dzrI8x8J
+K4Ca8F1/XnOdc+s=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-nifi-3.crt b/roles/ca/files/CA/issued/dsoclab-nifi-3.crt
new file mode 100644
index 0000000000000000000000000000000000000000..796e826426e3266b0a221d1c60110c897892b308
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-nifi-3.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 59:69:91:8f:10:ef:8d:2b:ae:46:b2:6d:6d:62:9d:8e
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:26 2020 GMT
+ Not After : Oct 15 10:47:26 2023 GMT
+ Subject: CN=dsoclab-nifi-3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:a7:48:a0:d3:ab:1e:8c:49:60:8b:b8:bd:9a:aa:
+ 5c:09:62:01:79:89:c9:e5:5f:30:64:38:ca:f1:95:
+ 2d:48:20:81:ef:60:aa:6f:d1:ef:b4:ac:89:8e:e9:
+ f5:16:7d:64:07:b0:3b:75:c3:e1:e1:15:71:64:60:
+ 8f:15:8e:16:8b:de:b8:97:79:a7:83:19:77:5b:aa:
+ 36:82:37:b9:51:a7:95:b5:1f:ac:9d:81:c6:ec:fb:
+ 14:3a:84:77:1e:9c:dd:3c:06:30:a1:5e:d0:8f:b0:
+ c9:5a:13:ad:0e:56:57:bc:1d:3f:be:d7:4c:4b:37:
+ a2:88:72:4d:1a:62:88:08:a0:57:bb:20:ce:7e:af:
+ b7:72:f2:ee:86:1a:b1:28:3b:41:f4:d3:ea:14:74:
+ 90:e1:33:41:1a:92:e2:2e:ec:d3:20:60:60:61:d6:
+ fc:0e:3f:57:43:88:5f:10:29:20:51:40:46:ed:5d:
+ 9f:d1:5a:e7:4b:52:f4:d4:23:60:4a:22:a7:92:6c:
+ d4:cb:20:01:a6:b9:53:71:7a:71:02:e1:05:72:41:
+ a5:42:9f:41:47:2c:30:7e:0c:b1:73:cc:f7:63:60:
+ 27:3f:3d:36:93:14:aa:7e:12:ed:1b:f1:cb:4d:e8:
+ 7c:32:20:50:f5:2d:7d:06:0a:93:cf:7a:85:2b:0b:
+ a6:b1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ C9:B8:02:23:C4:2E:F5:FE:C9:34:45:77:33:0D:89:CE:D9:A3:30:2A
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-nifi-3, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 32:20:b3:1c:e1:c9:a4:19:75:14:32:1b:cd:c2:83:59:49:07:
+ e3:b8:62:73:ec:4e:69:cb:9b:49:0d:f5:d0:ea:8b:b6:de:3e:
+ 76:03:c4:e8:68:0f:01:96:aa:40:b2:1e:99:06:d2:75:f5:31:
+ ec:b7:93:e6:1b:b0:ab:7e:1b:1d:65:46:6d:9f:ac:97:ed:55:
+ 53:ca:53:00:5a:ca:c5:83:48:c3:2a:51:db:e7:e7:e1:40:4a:
+ bf:b2:9d:d4:71:d4:54:84:2b:4b:d4:a2:22:73:95:e1:62:51:
+ ce:e3:e2:f6:24:dd:40:08:07:01:6f:ee:27:3e:fc:17:1d:1f:
+ 30:da:7f:37:78:7e:b8:af:d8:2c:d9:48:84:92:be:4e:8e:a7:
+ b8:e6:9f:d4:91:5d:44:c9:8b:82:9f:13:eb:d5:2c:00:fa:ef:
+ d6:49:ff:92:0d:83:22:57:45:4a:ac:b6:5e:a2:c6:c1:73:ff:
+ f5:dd:a7:d8:79:9a:a7:96:33:b4:51:17:7f:80:6e:3b:52:a8:
+ 61:53:ae:08:1f:02:5a:0c:5b:37:3c:3a:36:ee:74:e2:9e:df:
+ df:01:b5:f6:d0:b8:fa:58:79:53:fd:70:9e:54:c3:6c:68:a7:
+ 3f:b0:e4:20:a6:a8:2f:87:5a:8a:08:01:41:de:35:ed:5e:85:
+ ae:dd:e0:3e
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQWWmRjxDvjSuuRrJtbWKdjjANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjZaFw0yMzEwMTUx
+MDQ3MjZaMBkxFzAVBgNVBAMMDmRzb2NsYWItbmlmaS0zMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAp0ig06sejElgi7i9mqpcCWIBeYnJ5V8wZDjK8ZUt
+SCCB72Cqb9HvtKyJjun1Fn1kB7A7dcPh4RVxZGCPFY4Wi964l3mngxl3W6o2gje5
+UaeVtR+snYHG7PsUOoR3HpzdPAYwoV7Qj7DJWhOtDlZXvB0/vtdMSzeiiHJNGmKI
+CKBXuyDOfq+3cvLuhhqxKDtB9NPqFHSQ4TNBGpLiLuzTIGBgYdb8Dj9XQ4hfECkg
+UUBG7V2f0VrnS1L01CNgSiKnkmzUyyABprlTcXpxAuEFckGlQp9BRywwfgyxc8z3
+Y2AnPz02kxSqfhLtG/HLTeh8MiBQ9S19BgqTz3qFKwumsQIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFMm4AiPELvX+yTRFdzMNic7ZozAqMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1uaWZpLTOCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAMiCzHOHJ
+pBl1FDIbzcKDWUkH47hic+xOacubSQ310OqLtt4+dgPE6GgPAZaqQLIemQbSdfUx
+7LeT5huwq34bHWVGbZ+sl+1VU8pTAFrKxYNIwypR2+fn4UBKv7Kd1HHUVIQrS9Si
+InOV4WJRzuPi9iTdQAgHAW/uJz78Fx0fMNp/N3h+uK/YLNlIhJK+To6nuOaf1JFd
+RMmLgp8T69UsAPrv1kn/kg2DIldFSqy2XqLGwXP/9d2n2Hmap5YztFEXf4BuO1Ko
+YVOuCB8CWgxbNzw6Nu504p7f3wG19tC4+lh5U/1wnlTDbGinP7DkIKaoL4daiggB
+Qd417V6Frt3gPg==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-odfe-1.crt b/roles/ca/files/CA/issued/dsoclab-odfe-1.crt
new file mode 100644
index 0000000000000000000000000000000000000000..71baad05685f6d498afb76ee0ce3c737cb475275
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-odfe-1.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 97:d2:d0:cf:23:00:c0:a9:66:d1:03:ca:89:a9:92:12
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:26 2020 GMT
+ Not After : Oct 15 10:47:26 2023 GMT
+ Subject: CN=dsoclab-odfe-1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:e5:46:f6:71:ce:a2:3f:61:5e:9b:f3:c6:61:88:
+ 87:99:0a:ac:b8:e8:9d:3c:5f:8c:60:2b:41:5b:36:
+ fb:39:0a:6f:a1:16:02:31:ac:0d:bd:0e:ff:95:59:
+ d8:f1:21:6b:bd:96:d6:7b:79:01:d1:65:1c:ca:09:
+ 22:50:30:01:ea:ed:b4:29:bf:b4:70:25:db:b3:1d:
+ e9:73:ed:63:93:02:4c:90:22:04:6d:31:74:31:ae:
+ 85:3c:12:8d:b3:f6:92:2f:de:75:75:8f:ca:a5:f2:
+ a2:12:94:fb:e8:73:30:37:f1:7c:b5:4e:59:ab:71:
+ 73:26:80:9a:46:8d:49:94:b0:09:e5:27:10:34:9d:
+ c0:53:3b:fa:77:2e:06:c0:73:8e:0f:9a:1e:8c:27:
+ 32:0c:eb:f2:d2:0c:a7:52:48:c6:ee:12:21:15:e3:
+ 45:30:89:81:63:7f:bf:0a:5b:d1:05:c8:1c:fc:5f:
+ bb:b8:82:2a:92:3b:3a:ae:19:9d:e9:a7:62:7c:0a:
+ f2:c2:2a:e6:a8:d4:9b:0a:a8:a2:5a:ec:e5:a3:1a:
+ 73:e0:83:3d:d2:e8:74:a9:0b:b0:e4:b0:fd:fe:ad:
+ 1e:57:e8:0d:20:7c:aa:1f:31:69:b5:0d:8c:3f:1c:
+ 8d:dc:d3:71:5b:f1:04:6a:ae:b9:2d:a8:be:28:11:
+ f5:4b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ DB:92:49:8B:D9:27:41:85:16:AE:C9:CA:F6:8D:11:53:8B:EE:B0:5E
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-odfe-1, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 0f:83:fb:ba:2a:0d:aa:14:3f:3f:0b:00:be:f9:37:f4:7f:29:
+ 1e:21:4e:18:07:e0:ae:e1:84:f7:cf:a1:21:a5:36:ba:77:6c:
+ 0c:00:11:d5:7d:d8:31:b3:f5:cc:fd:6b:27:8f:99:5f:99:4c:
+ 57:88:d0:1a:e7:66:6b:8a:fd:d1:01:e3:88:37:91:8c:7b:e9:
+ e2:22:dd:80:62:64:9e:22:e7:25:b5:b9:89:45:e4:24:f5:19:
+ c0:5d:10:50:57:80:66:23:0c:b1:8e:bd:b3:f1:fa:95:7e:6f:
+ 04:d1:da:c2:e8:a1:b2:55:55:66:3a:bc:5b:71:50:8c:a8:56:
+ 86:f4:a9:9c:c7:4b:d6:91:73:8e:a9:93:ef:e0:85:5e:5c:53:
+ ae:b3:a7:a4:31:80:f3:b3:e4:03:ad:da:96:f0:14:7b:25:e4:
+ ff:68:9b:8f:28:cd:fc:94:05:5f:38:80:84:d6:f5:d4:b7:bd:
+ 43:79:bd:fb:f2:ce:30:73:01:e8:ee:ad:45:4a:ea:88:3f:d1:
+ a2:ef:22:f5:49:cc:d4:27:22:3c:bc:1f:50:81:58:5a:65:9d:
+ d6:14:3b:3f:b2:8f:90:35:2b:e7:1a:9b:58:db:96:06:9b:cf:
+ 44:0b:f5:9f:aa:57:28:3c:ab:70:fa:bc:93:90:d9:94:d7:fe:
+ 6f:fe:39:2a
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIRAJfS0M8jAMCpZtEDyompkhIwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI2WhcNMjMxMDE1
+MTA0NzI2WjAZMRcwFQYDVQQDDA5kc29jbGFiLW9kZmUtMTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAOVG9nHOoj9hXpvzxmGIh5kKrLjonTxfjGArQVs2
++zkKb6EWAjGsDb0O/5VZ2PEha72W1nt5AdFlHMoJIlAwAerttCm/tHAl27Md6XPt
+Y5MCTJAiBG0xdDGuhTwSjbP2ki/edXWPyqXyohKU++hzMDfxfLVOWatxcyaAmkaN
+SZSwCeUnEDSdwFM7+ncuBsBzjg+aHownMgzr8tIMp1JIxu4SIRXjRTCJgWN/vwpb
+0QXIHPxfu7iCKpI7Oq4ZnemnYnwK8sIq5qjUmwqoolrs5aMac+CDPdLodKkLsOSw
+/f6tHlfoDSB8qh8xabUNjD8cjdzTcVvxBGquuS2ovigR9UsCAwEAAaOB3DCB2TAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBTbkkmL2SdBhRauycr2jRFTi+6wXjBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDkGA1UdEQQyMDCCDmRzb2NsYWItb2RmZS0xgh5kc29jbGFi
+LmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAA+D+7oq
+DaoUPz8LAL75N/R/KR4hThgH4K7hhPfPoSGlNrp3bAwAEdV92DGz9cz9ayePmV+Z
+TFeI0BrnZmuK/dEB44g3kYx76eIi3YBiZJ4i5yW1uYlF5CT1GcBdEFBXgGYjDLGO
+vbPx+pV+bwTR2sLoobJVVWY6vFtxUIyoVob0qZzHS9aRc46pk+/ghV5cU66zp6Qx
+gPOz5AOt2pbwFHsl5P9om48ozfyUBV84gITW9dS3vUN5vfvyzjBzAejurUVK6og/
+0aLvIvVJzNQnIjy8H1CBWFplndYUOz+yj5A1K+cam1jblgabz0QL9Z+qVyg8q3D6
+vJOQ2ZTX/m/+OSo=
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-odfe-2.crt b/roles/ca/files/CA/issued/dsoclab-odfe-2.crt
new file mode 100644
index 0000000000000000000000000000000000000000..a648174921d6bb3ffe09aaffedfee1e442fccce6
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-odfe-2.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 56:0a:99:c5:a0:3f:c4:b9:fc:92:fd:c6:2f:41:9b:b9
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:27 2020 GMT
+ Not After : Oct 15 10:47:27 2023 GMT
+ Subject: CN=dsoclab-odfe-2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c7:a5:e1:3f:e0:a3:22:69:f1:b4:15:5e:b9:3c:
+ db:d7:44:bb:d9:c7:69:94:5b:c1:7d:a3:34:4d:3e:
+ 88:0a:e2:8f:2e:d3:98:94:ae:b4:1f:49:a3:fd:4b:
+ 27:16:70:ab:03:ab:cd:4c:02:2a:7b:ed:3a:ff:49:
+ 49:2e:3b:88:f6:59:85:26:de:37:b4:47:9e:1c:be:
+ a3:38:8e:b0:22:6b:ca:c5:12:e5:be:40:9c:57:7a:
+ 4d:02:0c:db:13:c5:9d:d2:85:df:99:57:32:90:37:
+ 54:08:16:46:01:54:da:0c:77:31:63:39:46:27:88:
+ 3f:f4:ad:4e:e6:fd:0a:3e:9d:98:9a:53:98:90:be:
+ 9b:ee:e3:b2:91:c7:7f:3f:a1:b9:62:f8:7a:1e:cc:
+ b4:23:ed:82:a0:5c:ad:86:7b:50:53:c9:ec:57:04:
+ 44:1c:12:f6:33:3f:68:42:f8:b7:2f:25:91:1c:aa:
+ b0:df:17:6b:ed:6d:cc:6d:a7:d6:b7:07:6b:61:a5:
+ 16:51:9f:02:07:ad:b2:42:42:ca:0b:b1:2e:c1:6e:
+ 94:2d:3e:5e:88:48:8f:b6:8b:15:b0:48:8e:35:58:
+ ea:b5:90:9c:fb:5a:fa:f5:c7:27:b7:11:30:7a:cb:
+ 36:7c:4f:ea:52:00:47:40:e9:f0:ca:67:63:32:e0:
+ 33:73
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ E6:41:BE:4B:A2:E1:07:EF:2A:FD:16:A7:B6:68:3D:0F:81:F5:15:80
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-odfe-2, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 84:64:d0:92:f6:96:07:be:f1:52:f6:49:15:cd:d0:99:ea:ca:
+ 7f:06:a8:d2:68:e3:8e:c3:a3:a9:2d:f2:b7:4a:74:75:9f:02:
+ b4:6f:77:14:ec:89:f9:a3:b5:35:c8:f2:ad:50:df:24:05:d3:
+ 0a:a8:49:be:19:de:fc:84:a4:61:af:ff:c0:2c:f7:8b:11:87:
+ 34:10:e3:dc:9b:d2:b8:66:0a:f7:3f:05:11:37:41:09:9f:3d:
+ f3:a1:97:b7:62:64:db:5a:46:d9:5a:7a:c8:f7:79:e4:f8:61:
+ 2e:5c:e8:82:8d:fc:0e:8d:a4:4f:fd:33:f1:76:0e:8d:21:f4:
+ 00:5a:e1:a6:96:21:e0:bb:e4:e6:35:8e:b6:61:49:8a:f2:c1:
+ 25:96:cf:c0:f6:e0:0a:0b:75:b5:d5:6c:be:ad:0c:a8:4b:33:
+ 44:72:cc:ef:5f:db:09:e7:b9:6e:60:80:7d:02:e9:ab:06:81:
+ 24:d3:9d:c3:de:f9:a1:f1:f7:77:ee:6d:49:ab:13:72:c6:62:
+ 39:b2:80:32:07:20:51:a3:3e:1a:cf:b9:3a:bc:e3:a1:58:33:
+ 22:6f:68:a9:e9:33:0b:8d:24:72:ea:e3:75:68:a3:69:11:a8:
+ 2d:86:ed:f2:00:74:d6:d4:ab:fc:30:3f:68:6b:b6:d3:61:30:
+ 51:84:09:da
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQVgqZxaA/xLn8kv3GL0GbuTANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
+MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWItb2RmZS0yMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAx6XhP+CjImnxtBVeuTzb10S72cdplFvBfaM0TT6I
+CuKPLtOYlK60H0mj/UsnFnCrA6vNTAIqe+06/0lJLjuI9lmFJt43tEeeHL6jOI6w
+ImvKxRLlvkCcV3pNAgzbE8Wd0oXfmVcykDdUCBZGAVTaDHcxYzlGJ4g/9K1O5v0K
+Pp2YmlOYkL6b7uOykcd/P6G5Yvh6Hsy0I+2CoFythntQU8nsVwREHBL2Mz9oQvi3
+LyWRHKqw3xdr7W3MbafWtwdrYaUWUZ8CB62yQkLKC7EuwW6ULT5eiEiPtosVsEiO
+NVjqtZCc+1r69ccntxEwess2fE/qUgBHQOnwymdjMuAzcwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFOZBvkui4QfvKv0Wp7ZoPQ+B9RWAMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1vZGZlLTKCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAhGTQkvaW
+B77xUvZJFc3QmerKfwao0mjjjsOjqS3yt0p0dZ8CtG93FOyJ+aO1NcjyrVDfJAXT
+CqhJvhne/ISkYa//wCz3ixGHNBDj3JvSuGYK9z8FETdBCZ8986GXt2Jk21pG2Vp6
+yPd55PhhLlzogo38Do2kT/0z8XYOjSH0AFrhppYh4Lvk5jWOtmFJivLBJZbPwPbg
+Cgt1tdVsvq0MqEszRHLM71/bCee5bmCAfQLpqwaBJNOdw975ofH3d+5tSasTcsZi
+ObKAMgcgUaM+Gs+5OrzjoVgzIm9oqekzC40kcurjdWijaRGoLYbt8gB01tSr/DA/
+aGu202EwUYQJ2g==
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/issued/dsoclab-thehive.crt b/roles/ca/files/CA/issued/dsoclab-thehive.crt
new file mode 100644
index 0000000000000000000000000000000000000000..0d474c2a1277de93ba6357ca841a7eac3b1cce44
--- /dev/null
+++ b/roles/ca/files/CA/issued/dsoclab-thehive.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 61:09:5c:2c:8d:35:ee:29:1c:99:ce:ab:d4:2b:3c:a4
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:29 2020 GMT
+ Not After : Oct 15 10:47:29 2023 GMT
+ Subject: CN=dsoclab-thehive
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ba:c5:4d:20:a4:60:b7:61:21:ed:16:a1:6f:72:
+ c4:de:a1:00:c0:ef:fc:5d:a1:89:34:07:15:d2:b4:
+ 3a:14:b8:95:75:8e:81:71:49:46:1d:c8:81:cb:f1:
+ ec:c7:5a:12:f6:89:60:e4:c8:98:1a:61:c8:2d:12:
+ 8f:73:ee:f8:9d:88:b5:7f:30:70:97:29:b4:ab:43:
+ 2d:dc:db:a7:10:47:c7:b5:26:9b:11:85:fb:d3:27:
+ 8f:3a:55:bc:ea:78:17:b8:89:10:a3:a4:10:60:39:
+ c3:7f:42:25:a9:fe:84:7f:38:5e:f4:3d:c3:98:3d:
+ 56:b9:ba:81:06:55:8d:65:12:f0:4e:23:88:1d:98:
+ 0c:2f:6e:4f:67:fd:4e:67:39:91:b9:01:52:12:aa:
+ 9e:bb:7a:c8:ea:8f:4a:2d:18:f8:69:9a:3a:a0:c8:
+ 6e:e3:de:c6:db:be:4c:59:e0:cf:bc:34:4f:2c:b0:
+ ef:3e:82:5a:df:68:be:b8:fb:cc:5f:6a:f2:3e:66:
+ d4:c6:c5:f6:0b:67:e9:64:85:15:87:60:6f:dc:b4:
+ 5b:13:6f:b0:9b:f8:f3:da:c1:91:9e:81:5f:16:ca:
+ 9e:14:01:c1:1c:ce:2a:d3:c8:3c:0f:be:b1:37:aa:
+ c9:08:68:2b:de:f9:44:6c:1e:90:a4:12:bc:f5:3c:
+ 46:bd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 5B:08:8E:F2:1B:8F:12:03:BA:31:02:9C:CE:CC:BC:9F:FC:19:D1:E1
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-thehive, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 7f:b2:fa:33:d6:e3:6c:57:8a:4a:9a:ef:8b:81:2b:df:f3:d6:
+ fb:8c:bc:02:cf:71:54:a0:f2:0d:ae:3b:30:cf:5c:69:d7:d0:
+ aa:cc:16:80:4d:9d:c8:1f:a7:98:9d:26:dc:ae:8e:24:2b:bc:
+ c1:11:a6:8d:4f:ca:13:1f:7f:8f:4c:ef:dd:46:df:d6:97:0a:
+ 88:51:4e:f7:46:aa:3d:e3:70:e9:19:e8:9f:7e:22:fa:b6:38:
+ 30:00:0a:94:38:09:bf:b8:64:6c:c1:b7:05:6d:4f:f3:27:0c:
+ df:04:ef:a1:4e:e8:2d:4c:06:d0:c0:4f:4f:da:d0:6d:b8:f2:
+ b3:79:18:63:bd:62:83:53:55:38:94:d9:64:ca:e7:4d:71:ce:
+ d1:05:6d:b1:6c:fb:1a:4c:b6:ef:70:2b:3d:9b:1d:66:d8:d9:
+ 9f:f0:e5:48:29:50:e8:1b:1a:fb:b4:d2:5e:38:ec:05:45:c2:
+ e7:de:9a:9d:aa:34:67:c5:66:18:e3:86:8b:0c:1a:c4:21:20:
+ 7e:b7:ad:e2:0b:d0:0d:d4:76:e6:53:ca:77:bc:ce:d0:9b:7b:
+ 7c:fd:42:94:da:63:d8:a7:52:d2:45:f2:d5:55:ef:37:f1:a5:
+ 0e:ba:29:c9:b4:ce:99:45:04:21:2b:86:27:bb:c1:f2:86:9a:
+ 7c:51:5c:3b
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIQYQlcLI017ikcmc6r1Cs8pDANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
+MDQ3MjlaMBoxGDAWBgNVBAMMD2Rzb2NsYWItdGhlaGl2ZTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALrFTSCkYLdhIe0WoW9yxN6hAMDv/F2hiTQHFdK0
+OhS4lXWOgXFJRh3Igcvx7MdaEvaJYOTImBphyC0Sj3Pu+J2ItX8wcJcptKtDLdzb
+pxBHx7UmmxGF+9MnjzpVvOp4F7iJEKOkEGA5w39CJan+hH84XvQ9w5g9Vrm6gQZV
+jWUS8E4jiB2YDC9uT2f9Tmc5kbkBUhKqnrt6yOqPSi0Y+GmaOqDIbuPextu+TFng
+z7w0Tyyw7z6CWt9ovrj7zF9q8j5m1MbF9gtn6WSFFYdgb9y0WxNvsJv489rBkZ6B
+XxbKnhQBwRzOKtPIPA++sTeqyQhoK975RGwekKQSvPU8Rr0CAwEAAaOB3TCB2jAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBRbCI7yG48SA7oxApzOzLyf/BnR4TBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDoGA1UdEQQzMDGCD2Rzb2NsYWItdGhlaGl2ZYIeZHNvY2xh
+Yi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQB/svoz
+1uNsV4pKmu+LgSvf89b7jLwCz3FUoPINrjswz1xp19CqzBaATZ3IH6eYnSbcro4k
+K7zBEaaNT8oTH3+PTO/dRt/WlwqIUU73Rqo943DpGeiffiL6tjgwAAqUOAm/uGRs
+wbcFbU/zJwzfBO+hTugtTAbQwE9P2tBtuPKzeRhjvWKDU1U4lNlkyudNcc7RBW2x
+bPsaTLbvcCs9mx1m2Nmf8OVIKVDoGxr7tNJeOOwFRcLn3pqdqjRnxWYY44aLDBrE
+ISB+t63iC9AN1HbmU8p3vM7Qm3t8/UKU2mPYp1LSRfLVVe838aUOuinJtM6ZRQQh
+K4Ynu8Hyhpp8UVw7
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/CA/openssl-easyrsa.cnf b/roles/ca/files/CA/openssl-easyrsa.cnf
new file mode 100644
index 0000000000000000000000000000000000000000..11394147697414e4d5fac6329cfdc8210ab98d8a
--- /dev/null
+++ b/roles/ca/files/CA/openssl-easyrsa.cnf
@@ -0,0 +1,140 @@
+# For use with Easy-RSA 3.1 and OpenSSL or LibreSSL
+
+RANDFILE = $ENV::EASYRSA_PKI/.rnd
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = $ENV::EASYRSA_PKI # Where everything is kept
+certs = $dir # Where the issued certs are kept
+crl_dir = $dir # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+new_certs_dir = $dir/certs_by_serial # default place for new certs.
+
+certificate = $dir/ca.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/ca.key # The private key
+RANDFILE = $dir/.rand # private random number file
+
+x509_extensions = basic_exts # The extentions to add to the cert
+
+# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
+# is designed for will. In return, we get the Issuer attached to CRLs.
+crl_extensions = crl_ext
+
+default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for
+default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL
+default_md = $ENV::EASYRSA_DIGEST # use public key default MD
+preserve = no # keep passed DN ordering
+
+# This allows to renew certificates which have not been revoked
+unique_subject = no
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_anything
+
+# For the 'anything' policy, which defines allowed DN fields
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+name = optional
+emailAddress = optional
+
+####################################################################
+# Easy-RSA request handling
+# We key off $DN_MODE to determine how to format the DN
+[ req ]
+default_bits = $ENV::EASYRSA_KEY_SIZE
+default_keyfile = privkey.pem
+default_md = $ENV::EASYRSA_DIGEST
+distinguished_name = $ENV::EASYRSA_DN
+x509_extensions = easyrsa_ca # The extentions to add to the self signed cert
+
+# A placeholder to handle the $EXTRA_EXTS feature:
+#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
+
+####################################################################
+# Easy-RSA DN (Subject) handling
+
+# Easy-RSA DN for cn_only support:
+[ cn_only ]
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = $ENV::EASYRSA_REQ_CN
+
+# Easy-RSA DN for org support:
+[ org ]
+countryName = Country Name (2 letter code)
+countryName_default = $ENV::EASYRSA_REQ_COUNTRY
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE
+
+localityName = Locality Name (eg, city)
+localityName_default = $ENV::EASYRSA_REQ_CITY
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = $ENV::EASYRSA_REQ_ORG
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = $ENV::EASYRSA_REQ_OU
+
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = $ENV::EASYRSA_REQ_CN
+
+emailAddress = Email Address
+emailAddress_default = $ENV::EASYRSA_REQ_EMAIL
+emailAddress_max = 64
+
+####################################################################
+# Easy-RSA cert extension handling
+
+# This section is effectively unused as the main script sets extensions
+# dynamically. This core section is left to support the odd usecase where
+# a user calls openssl directly.
+[ basic_exts ]
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+
+# The Easy-RSA CA extensions
+[ easyrsa_ca ]
+
+# PKIX recommendations:
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This could be marked critical, but it's nice to support reading by any
+# broken clients who attempt to do so.
+basicConstraints = CA:true
+
+# Limit key usage to CA tasks. If you really want to use the generated pair as
+# a self-signed cert, comment this out.
+keyUsage = cRLSign, keyCertSign
+
+# nsCertType omitted by default. Let's try to let the deprecated stuff die.
+# nsCertType = sslCA
+
+# CRL extensions.
+[ crl_ext ]
+
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
diff --git a/roles/ca/files/CA/private/Arne Oslebo.key b/roles/ca/files/CA/private/Arne Oslebo.key
new file mode 100644
index 0000000000000000000000000000000000000000..677703bcfe457628ee511c934138eb469254b706
--- /dev/null
+++ b/roles/ca/files/CA/private/Arne Oslebo.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDOTAIZIW4c8u2T
+2P28GqTCETvhVXPlJpLT2eim3X2iHb5qfGQGOWAzOH1qyomd5RFYIWnzOohe6uUu
+4Z27AB9ZGWlPazI9LxralT2ZlVOfsurbE0hjLUrcDEumHExi4tARJWfLgFIC6Pg7
+POvL9HEDWr7ZoEn+0XL+T77hrKHtpRUG9E7JBqubksI+uVgM9BUOBMCRG4VznbaX
+oWxwChqgzkyNrCnkxRcAJgNEMqh7g1JJQ2ARU8geuOufH+MTVIF3xEdKLiCNSIyR
+LuDU5TcLXLtfQDeS6WA7oPmYf22zIJI82ozweYHy6ne6tHsGVHWJd36tCDquHtwc
+EWMIQxSXAgMBAAECggEAe0rx9hMEvEhztOj6vHEwBsxF/WYU3d8v4W1anl/BtiIQ
+q5OsNAwWcoZQboKdvMAqnYFa0QMqfY/laR9uJVTtZ1LIna5zWB3O7tRC/IdCcy97
+LXNYz+1B0EGI9L306SSlNZolbnpCiXqy4LSIOFzfLiIN7gLeNmz3TQZcDoQeQuhT
+SA42/6EW1GFWWlFjqFy/W9X9VY3AHZAuf4M9Sv5YK6L7w8dwv190F/JXZz/7z0ad
+ElDfUh09xqsfvFhqvAzpWkGglhh6Ns9DGfH4bueoHZ0gF3nbdLxfpPp4eyRv/Ox4
+Ozf0E0snyJPG2N93Pluks5BKnC8yYYAvGo6hE2/wAQKBgQD2nrK2XCvh36uQIhGe
+iGIzRFGeeKB4jt4ZAM45PryrzBqtXMnndV8V4WoZkPRl5D8/HmoeMVbA6Bb1zdLy
+SDLs/U0IquMe8K6QR+F+wjWFLebu+aNaPsKnu8fJOVmDmNGReX7q3thTja+rcSDA
+5h5dEi9viM0OsRl2Xf5zLuzUSQKBgQDWJLDem/cV7vyrB3r60EeVSY9pwj0AD7oZ
+Tbcx2DuibP6ojvsDpUDbh3nuIlu69jRO0kl0rdCVnoWu3eaerDtFKd8EUsoQJv9B
+CV+rD4xoNa/1C+1DggIyAcTrAGxTS+Z/qsgVBy1YGLWtdaqg1TZI47F7m+fVtZRZ
+BMgW8lLh3wKBgQCRltRHxZf+Sw28E/C01yypuT45wFpzcVv6BLi5oKi+/soM6Acl
+heuxPhZlq2YsNJeFyo2470WYsirDx1MtxqORtmNgp4lW/Zz//f9H1pzD13pKP8NI
+hl5hqQBjcWC/yFqHd+MOAqpQgQdgvXMpjXAFX7PzMx5i+vfeIdUR6HTVSQKBgQCR
+fVAljjVrU3mbAXQOX9+ij9297tfe6NB5TJHAbbbmfcLu5mWobmgIPp0aq4FDHu8e
+9kQt38GtRYxx6BU9jKqgLPh2SYE7RCN8HlA/Okscqg0oIbhLe1LegtE1EI6IcTLj
+XjaeAshN6EvW0/DfYLyG/RuibaQvUDS/3j3LSUwCZQKBgGbI4n8JyQx0N5N7seLH
+E874B33QrURfoZqm1Pu03jWzzupzIL3Li+osgS/IAeh2tscCifaWX4eop973NGUe
+FfSGoQal+iQStVoEhKG79k5q3Yut8YFNt0Oy6tYrl7rWm5kSdok97u10lylPJKJY
+jryMaRsmZMcFRwby70+VtnoW
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/Arne Oslebo.p12 b/roles/ca/files/CA/private/Arne Oslebo.p12
new file mode 100644
index 0000000000000000000000000000000000000000..273c8018b7bed8f691d9e9c24f5fa9d6425a0e79
Binary files /dev/null and b/roles/ca/files/CA/private/Arne Oslebo.p12 differ
diff --git a/roles/ca/files/CA/private/Bozidar Proevski.key b/roles/ca/files/CA/private/Bozidar Proevski.key
new file mode 100644
index 0000000000000000000000000000000000000000..8a141bb9744a155880cb97a7512e228c251611f2
--- /dev/null
+++ b/roles/ca/files/CA/private/Bozidar Proevski.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCa3gD98em5KdlY
+0Echz0tnF/epApMXz1dbb9smkDAJC9nFZl72ImarSAaqbIiz/ZNFpGDJXytsr9to
+XifmhXEntyBSYd8UG9oGObIhIEsiSLdLdkQCsYlfDlkiy7nJHo2grChd5a7I6swF
+IKJgERKNbYgKc+h8aJxILMmoxp3DPMHn9Af3W25CPT0PhW/iuYip0AKEuBlqrhOh
+l1CYFsgMG70CyF+jL3N+JfiM55JDx2p1vIXqHEcoziybOo+oB+mMinU+wZcyzuPF
+yh4K1zx3CtKrUcPl3DeQGjW/oEqqvTjvnm34gTd/03cjxltjmGQHL0f9fSEvV8LY
+RADCKSJ5AgMBAAECggEABfbe2ujiM3tlH4KF+stdAA9wPlYXDCe0GZVpP0b2UqLe
+NDgJGDmi8p3Hg/DCIwx1C42VHKxJo9nx/UcDCmHBReJLoGCcks2vy+WU8qmnux5J
+0OIxJFlqDPske66U7SX8FmAK/fLGlH5WdSwYlNKTgFbjkmN8ZK4ytqTi71kW4ln5
+VUlXPd9FYlHc29u4qXJeaRLj9PIz/6FxYl0Ub13dXV8hfVEG8JaeosFjOhZqpgLg
+t1oNaPrKBywYvJ1P+PKfX7lsFV6dllpaosP1j0OEjAVZ3USOAyVgMHmKqqvCynlg
+IuKKF169bsJAb02KKtz1RMY3/Tao3VboHIGSNFSM8QKBgQDOALdl8uRaLSFHjJ6x
+UQWks+Hzs8eCC4qJ39Yj7Eqznat3GmZwc6S5/1s414VAOz8lX1S+xKLEiuxRH1kL
+etFRpGGA7XBHGI7EpRiHc4jyuzt/vMDZyA1Hh8iSsr03uDA5okVi6YWM647b/byU
+Xl9aWZzqX72RDerikpRPMvERgwKBgQDAdCar1Y3flctOl4iRatpya3PWCLVDNGTA
+88/m2DEGtwJxRdhfztNsrXIao8WkwPkvW+fnS5c6M8cXDOph3j5E56xsH4w+9vXG
++eN0/w6ci1ajZtCu6fCttwCVPBu5dzMSWAfNmnYbnnFQvzHLCV5ZbR3Z0dDMLM7o
+2gD3JdynUwKBgD+aBQWa6lnVGTNH/S7tvvpM93QQi4ZhHdLXovvQVngCNBA/vGT3
+r2IlrvprwB5GrIZTWozTlRVtduzM6ucacknsoJX3uPSaZmncNyiKyTt4BzS3CCu1
+EjSFfa2dNcJgQbNpoFablrodeCv/uRttz67LgCD0kkiYrW5qpxOUvM0VAoGBAKbx
+msIgg+tZs3y/clZCjLAIifk2oJZlkqjWVph3HUAn7NR5tBKYBUsWwg5d1oruYro0
+TVyUc+CnHaLfL0oqUXXQSf+Y9j2AWP97sVXCEti0/jjMbWXtxTvLrZPHCn296u2U
+s2AlByM6NC3JTNZFkDSetPBIU4lprSrMQV4i19/FAoGAe7iRaTkcmMZaE1cvZs2j
+Uv2TzZrXtj9MWtjxV7Tu1NrAcMV2WG4FJHxt+2V30beUrWFlg647Wo62ww2ylrze
+kyQoE0/eccfGI6z7qh8D8026xAoh7oeoLubhzFszz/dqOfJPiUv1GyzyD2m2kSvZ
+DlY3mCb9rL+6jbbXcS+7Iuw=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/Bozidar Proevski.p12 b/roles/ca/files/CA/private/Bozidar Proevski.p12
new file mode 100644
index 0000000000000000000000000000000000000000..24010a64063a960d554cd4e895e17b9e2e62362a
Binary files /dev/null and b/roles/ca/files/CA/private/Bozidar Proevski.p12 differ
diff --git a/roles/ca/files/CA/private/ca.key b/roles/ca/files/CA/private/ca.key
new file mode 100644
index 0000000000000000000000000000000000000000..3c45faa018da0516d63a00a2604f9792344c3913
--- /dev/null
+++ b/roles/ca/files/CA/private/ca.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAtRmQxWST0ewGJIRLAfVOqrSvuNHYtyjnk8EaLCe4bz9RUI8J
+yAt+wVJVateShIEUwnF4Cx9AnbcwtUZM/gFAi8ikzhpjQqpr8jHBEnabqCNTVC5L
+9EHmFzI+ENS4dEZXamaRK99lH7FaMATz4YowFJVQB3iS744v7Z1LyPvvZ6NocdN1
+AIY0zDOfQL4mLEU9w1JHIjUpZacFfuwdqYJ6UYM7G1Rj9nIXmmkWBvQwG0Uy6wLV
+cTtFiXP8zRkqb17jsgSt9P6cBjL4TRj3nJBJUqQ32nqbgPGQ3H2ijZNJBAb8yJVK
+6WQZr7QXOQ5qXxAZUpOVCv9F0m5ShOXTqpVnNQIDAQABAoIBAFg1QJd0mq9Hx+In
+caVdh1iMM37Q7z6fNNR53LafDi1ZaNDVKs1+E9ozsRkeMOZLPQJMZEz+humK3bWd
+rUiW8YpkSyl8HtbMzVElPMYycTSfKCo7dpFdO6YWubZW9hTkYhWYKaN15vpd1vDG
+qMc1GKAd7eIFr4Pw/JU+5TfaxkvysCuih6Q6/MZwddM61eCZO6VBYMf0k94RHn0I
+gIY4hCeyJQ3RoIpzZr4XqUAGdLOvTmzPSTlqT4g7RVgsGQT1p6yG3o42kev0l+Y4
+L92dA25xWeHirWkaQLRj46tX4un67SWA8OkxwA1D49i3keIfhRjsa0d3YELmV8tG
+60l6RcECgYEA6alfHn3zGMw7npN4V/iGEwv7Y4xDcDPdlWTCQ8Btc8XanHuVxcTu
+bENrMouddeM6GI6sz7GVg4vXVyPXa0ZCBPIK61ArS8aNlmggqRd86pgQRWkgCVi2
+gXANwrV6NZNXYZ3X+glIljlRoqlNm7rH9hMQ2KwUW02Q9AdclgvpfQUCgYEAxmnM
+leiSy+s0H/0Wo+LdvpC1NaZPTML6N8cmjwH9xe2mcsGI2a8EQdfqMHE6aWTuHErj
+I3juwSDSBbPlQsf0nRku+qMuLTzsVbCVfG9NiYr5YPxdT7LnW/F/Kuxyn3mW1wgD
+WXi4DM0muRPskw6c8f604crFShSpszLTcYE12HECgYA/exlxgkxiR1JHQc9nLwjV
+8eJpaDkGKcEgjlBM8eGKm41KCDVnlpoj5akhAVdVKNemxlRi1N9G7t4hOYaUCXF0
+QIIA7jXlD1t2KnH9Hnl8jrWU9fuTLnve7J+Ab6d1GMObrLN5pb4HuijYpWCFV5ht
+3T4tb4rUR12DPuDDjxbvNQKBgGEzb4B5IYE4xp5tNGwxNgSni76urOakFkTBEYi5
+pwMR+5r4aPyLmwBOsHHu5ni/c070+PVlx0FhvMICcWwX3SQhNDyhOHv8/qK0EWeW
+d1vMc4Mp3uSudl06n9v9XeH2hQju6gUo+LF8x12f/yPD4utCpoZ++cvi94fMfH18
+mU5hAoGADsoT85//n1VPQLysZpW6FjYIp8quuGS94FAdkiQVKa7u6vO/Vy19ZxFI
+7Cub8sg+e80wGakCCEi22AN6RwJyV9R8ec8ct+K/HeNqujKoDZN6ZDQzXo0a/vgj
+BibssPr6+b3DVE+/e2qlfzjwQA+GqcSmP70fmg8tGlKbZwwBJxk=
+-----END RSA PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-cortex.key b/roles/ca/files/CA/private/dsoclab-cortex.key
new file mode 100644
index 0000000000000000000000000000000000000000..827da545bbbd7bdc9b8c8527f8dfb4b086ba5221
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-cortex.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDNCWsUM0pHdVvT
+2Wc7Ta0fpx8zq4axqjsJqxqm+6BgBONoMw6FVNFwYYq51da1bMKzNgKUtx0Yk1+I
+gf8q9JlYbdeW4tJkd7l0RDzw+1sPQ304Xf6w2wV6qcUQJHUTyC3aab7jQzPwKDCa
+U/j40xAyNewdh6seLLUAfJ+PYeBdVhWMRkUJeAJ4EMCvLyVswlvtX8EzC/jIE9zf
+w/wFkP8Gnsu8HSvCV/K9qiKzS/XKsrgAGPEUELheaZ/t/ASD2S63mopFHFRxj2EC
+aoqEL2ffkjoMX+W252wnaR9bBtZ/5t+rLzGlzWMyYMAHUGwNOctorjyy2g8gBncs
+KKs6MJIbAgMBAAECggEAIdhGJqV4w2bp64Rdd/qQc0Mg8WSE7VrOOABYe+vZQ0BL
+UW3sHbIsiEJxpc9Yi8YSNYba0jWPxfi9skjTGAIcNe6bwbpbRF5G7Jw++wBivZhE
+WUOawRLGSsMvVkTOVp+agg0mh1kWf7QCodbuqBQe/krMWOuGIYr7rcLki8R6Rq2d
+WuW8Kf697ciklh/6cyy1J6axe1LNT906lYvyRock246KbN517wWw7/fu47Mb2fdC
+U6beFxbmbc5vk4lrViE7gSNkY97Vr/uXW9xlyRzvpNJuzZrm00CgNF1MnOnwf3l1
+k8kc63RMkUJGVWcxo5ubzLXpv4CnnmUNPfaSx+CeUQKBgQDuUT8JOu2vfzAC2VOQ
+OfKR4NgMQ8fnK6T67zpLDeNUAGW+hBi62ewD8xxRse0j/rWXgvADBE1GplPXicZI
+Q0o0VgIiL3NFQgCP7rvtPGE9VQXHYgd+ULKCHcPEBwonlbAhiHSwVnBqSFoqWdj+
+SHiBn4AD1ARoD6WSEVi3X6UU/QKBgQDcQATvzbbcr41vQHm9u1O7v0slk306A4yY
+ItXk+GbtLEoLAiLy7n0REKybZAzniuLCDAQ1h1bWLkqRle26XqVfg3YaxGpoJODy
+gPgr2Hi4Y/lcFrwRThUHEu8eaUWVRtY3B9Rgi5VjLVqydgI3/AFWdlzIVkhBeN0w
+MOtKdEg69wKBgG+wD/TJcz8+QkfzhiAfqDkJwPbuhS8n2yfnGdC274UcspI44kYf
+f2bSdsEqu9KUupIJQWaIi5bCuKRY415Wet5QOKvAxSr+JblOzy/9jizqPc0VeiGO
+vDoSrP6ftfibRHJSuy0xNXn58pfKh9GUMTW+hIZGxNHoE1aDXqqB3qIZAoGBAIIc
+A46SDLNDtZ6CDSjrD6T6dW8GONTboeOBuK+hmlQDdN4Z7gFqp1E8c2r8aK8jmZ8e
+MCJbCA5QnFZyplQRc0oAQ/W+EEnjd0tqqrBkGbR7wqQG/iSO5tcd9UoW0DdF+Gfb
+5Tb/XkmPUmPYWKkv4q5sD5V9ewPKXYgJbgW2ubCzAoGACfaFTBM3zZ2rqjJUk8+F
+fGcuDeh/ZFk4MgcN5nbdKHwyXDhBlUY1FzLZlKi5J1lRyTInZUP8KYnXogw757Md
+oa5wPlnw0a6VSHX1ZZUwa0yz1Rrv5M5CA4vyNBENCaHELKLoRWwbAook1gFie6cV
+nrCXNbsWttgWkzqLDWkPT5M=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-cortex.p12 b/roles/ca/files/CA/private/dsoclab-cortex.p12
new file mode 100644
index 0000000000000000000000000000000000000000..252b3e7ef466cf7a4090ab3d5c551bd8dcaf5e5f
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-cortex.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-haproxy.key b/roles/ca/files/CA/private/dsoclab-haproxy.key
new file mode 100644
index 0000000000000000000000000000000000000000..abcca5eaafc03ebe472bc28a09ae04de65e2fa7f
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-haproxy.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJxyIzCwsPoIzE
+qYE3vVEvRzL6G4hFsbsRQz3es3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsm
+JGzXFuWlkI4CRhMCCpZmRoe3sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2y
+KZpbrFqGZgXzGS9ZjXyLapceQ4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT
+8rbgOqqFZnAKqa1cp1L/3PmZXuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6
+KKb5jrpkPGkOrPXc1fMqUEdQ1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZB
+vGjyT+kZAgMBAAECggEAUcxwiNDJQySK7I7q23XcG5Z5i/rtW5OZin3/7vA/eVlg
+D3gu2KLTs42Su4siHk4zZYkwQx2xH7INpgDOPsQBhQT9DN7rhcBVCFE/Y7BObp2p
+bQ375HHMb2L5Lpeyh9gx21JIhZtAbcBt6/QBp3hPmnxxnQNwtpUtEDe923714PHD
+SfJ1Nd+mgeJ3ShPrk2jhcDdU82/mQrk5eH8M5QJqlTEWCvBgJaKhBf89T2XrX8jf
+oPzeVijOqgLg49QEtAPmI98GlE1OAp3boFx4/QA/s76pgWZhYIm1hcm1AguYhQvJ
+bi96IgdgVQQp/y7L+ix8zsq+YRxwPuCSBl+9BotYoQKBgQDm4neNC87XV4RhGuHG
+w8WpFXFe1uOucPfyfTMmjifh61GZa4aWgBQByBQxBs729MOr9TFrNApTGWPO8Lag
+ANnREyNndaUAUFgtCdY7Gc99deWyIx861aAVU7GGIFVkCo3OK0twbbyzqOj+B+H8
+c/P1tXXMayt/gPVuRDj7sq90VwKBgQDfuh6Clxa2sq0GdKsRkiDXaY8eZxJZchYw
++0MsYQjX8hPOGn0YWGy14ppE7JEPTEWSRuzCf5cwem/em8AIESgdCUWcGkgcQO5n
+DvZeXrHHpVrTmGE5xEVNYrD/NPY7VizUsyLNvn5yC4hyByWkwLV+AUGpACE3HP2s
+7xTakmmoDwKBgHKEfXuuEafptrVbWgT2cYHOKu85crDBQ5o40zgaZlm+GDkahiT7
+3fCMRseScvE2sh8GfL6Jj11sSH8KEesGwQLclUDpry+aqkGckW+6+5lk8ssKdKD/
++GjbnD/EpdX7Dh7mhoJ7S49pBjeJvWM0OBr1KDp+JZMWaaWJnSHqnO/9AoGAXvM4
+m6fP5f3y3PiK2cwwz/tm2DpaWUfID0Wz/pO4Ex4UNbacPMbabF8dpf7Ymat/I1Oi
+i/FmkxaDf/COEV5mrdwPhO7Kh+MuyuJYwThjLx4IbCERsliQKQWnpMgvcINkR2k3
+biZYt8IZSHusCD4ZSL7zxOvfLOrK5qgZK6JT4RUCgYEAk94TNC+rYRZOfOIaYA7+
+K1qTQAe8tawTBlKauXptWCzMFtMSEwozuHuxgnyAS/uRUKFMgRk00KrSvnuyGEBX
+5QxqqhBOMvGDs672q/kVZ5C9M06+y5+Zpg0Mf3r+zOBqB5tCASnl2KfOCZkAt8rV
+kyb4KyOsi81/fpVM/WeOL7w=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-keycloak.key b/roles/ca/files/CA/private/dsoclab-keycloak.key
new file mode 100644
index 0000000000000000000000000000000000000000..8c5ebed5a514facf489a59ce2a2e487c6a0da78f
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-keycloak.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDqqeprL2ycn22c
+iU4BusbAMt9ZJiuV9MI9yH4izrZ4A+giKIGcmqanuv0FZqNQgYVxwdnqvCHhXQqH
+e75VsH0BV95M/jrFyVR3LhX8Egf475979wkBcHVTO9yxDGVNScT7HUIgb4FFQtPb
+HUxXGx07gTnuss+VSynQqDmY1pM2mb/FQyaNTdttJDv8Fnah/W/GGRHHEg2AFkyI
+2iwJeD0bfGzs254BUF+jVn/UO6Qm0m1Ce4hOjWTtHhoOBVhlWEeDYJ607RXOck+g
+tSLdn6TaiIb+y4Rucj0AQtqLhSry79fuu4VCurn72Z3SLFgPfAIjt0bQaQY3QJ1Y
+dInKtxLlAgMBAAECggEBAIj6HCLq8NxP15zLLSSnUQK571PLix+iWovT74UD4tEV
+frgJqvat81/vL2iqq+P/ZtSrUjfKD4DMXawOGGFOfvl8v/9zWv0+8zYKSbz1DYBK
+525mGfSkH2gxhjY2xR8jU389ae8jB3NVefLqHDiwVBT67sUdzTwZPtRUjiJgBliU
+soJCsCutHAy7GW68N79F0BQItHhjMt02fYybnFxNvBntD4lodZDn7K9iqBoZPduX
+TBsH1FcwZQyvQuiUlJgjUFM//5zrZUMjErv+3ev5c/WdpY4ycbo6VVBGZouVbyeX
+RAWeDUE1nrsEsLBSnTkXVInFjPS6mBxsIi/+hlf6XCECgYEA+bWYDKPgelSe8ii5
+mK94wcLr6MybO+GrBHT4lIP1UggGsvPtXTifNvgGrYx90gmmL6F9QWHE+4lxyh5L
+yEXCTHXl4QopgZCxWnnKekz0ma0lFlGYGr4KA0Z3Ntp+sCb/hcqVW/n24wVhNnmo
+z3ztlSI/GY3B598R7dO9sR/RoYkCgYEA8JNKbTegmeeaAyBehEPy3eajAiT6759p
+7m6Ml1P6IC3Ff3fllJrNWRi+JDKnJF9SUePOVWLWSgYSJyFLoiWK1CzoyLPdbcW9
+Ap9XNzD/aoDi6DBbKCFhRpBCsmTPnT8eFvA9PhuYY60w2UoM7byH+i2aJ1Do3izl
+tLsHJbcT230CgYEA5S4Sl/9MBlpl6xEPjh/2L7drdyVaj/IFWLjWcNBPtnMhWtrf
+joBqODQZRO09iSlL+kk3wWsvNEEoS33UxcGomy5Vxl3iTET1UXmYKPk6QVUVRc+r
+T1f9rpXc0l5kid2xBSUyQdFAE4obd7jfA1fAYfClgxmEzv//34xHfCoc5ykCgYEA
+01sD00pA3ZXc+AwzHY64y3z6D0M/9s+d+GzFNZoAsM6lqaRDXbhW2oTjX9fkgg8A
+upMiTl/kFeqZfilBUnYbLuc5qEJlMjC8KpakwAdbDk2njAgXvfz9gknxXts0j1jJ
+bauokm0aB9A7j1sAWsj8ya3QtePegnr9YDfEQr1CQ90CgYBfAQaYG9ldXcxTlERG
+jOGu0bh9DtnmwsenwTZQD4mNHpvL0MkmIQxR5FAL8XXbNBq50zCiOapLLrhdqbh0
+ih3WoOdqxLIDQtAJYs3ANhOmEAxvQPxpPKhRHRKPGXxyzgW9zeQ08GpYoR/M7VRF
+TypqufvopzWOpbxpgbfiJQmd8g==
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-keycloak.p12 b/roles/ca/files/CA/private/dsoclab-keycloak.p12
new file mode 100644
index 0000000000000000000000000000000000000000..41e7ba3a2fe1ed26a9e29ffe24a723a5812760d3
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-keycloak.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-kibana.key b/roles/ca/files/CA/private/dsoclab-kibana.key
new file mode 100644
index 0000000000000000000000000000000000000000..9eec2e4fa77aee5162699b82640aad24869304a8
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-kibana.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDOT8kPhE1Oe9wR
+kMlJqPNgRKglG1mDZAvR4LxZUCKl9Yh6yEBl5CI9d9KPnjAXgF4ghbxwZ2HL2OKf
+mnx7puhOeXvNhm4mUjdFtqu3b0CPelWL0ZHMIW9VN1A7ch8tO791R5GIahzqOd2L
+JTFVDrxSb78Llu/jElzaYyJU5bOViwKeVz57T6D1bweoW0V8yzSDdzSlsf8FEoiP
+zMQFXennfSsS+rtNJfT3BOeVBpXqqcR1TvcDZy2cmvQB9iqNbG3QWanOHxKxdjnI
+B9Qgcx7znLlngzuofG77huo/ao6YTDmp0U2+nwpDSRv9CWe2YnH9h5pjJQCqx6FN
+IxLjVg9vAgMBAAECggEBAKJC7gdeLs8Da1oFXcqpLoEQfo5wrD5CeWlgL8Ku3BFa
+wzSOOtfoTWW6z8hUyc4yD9XUWRiutqP0uIh+oFlANIVD1rMWf5t0HjSeLv/eaBBw
+Tsfg06KQyVdkYZ3fa9XPoA1FdJitnIA7cpr1bY9QP502djNPSux0jMLWJTJQVqXN
+fXykLoIvB8xIPWbJAJMgF75turJMFT3wGN+qjCzbsZqIHmqp4eaKoH4Mz+Y6SJcA
+uSzCdGKVPxHUVZbtkXn5GZXFx5YQ0wwRHJRWQ6Fn49HtKc5vBc7PN8fG18+s3DA2
+BR7MLgIaHGBKsnJgcOOZQiRCQP/uBBEIxIF0qU3h5UECgYEA6aiUvvBNcShCRaaH
+Wf5GpYTT1ANNv5+3sCTy4KKt3yCxyyn5ENEFL1i8w6/LffGIAsoLnoEcxWV/fhLy
+ZH5FzIYxlR/w2rddUyOXENx/9CWw/IhL91U9525JCJ0B0TBkZ9842ORX7kcI8+0g
+4oaC5bDYTZotAto4ftNIzmfznesCgYEA4gnREIl4nv9v28x5aUS+HhSpsH9kkVrr
+FQ0amCJSHu4U9J39MXS3Fju3rlmZG59J9ymEQ4tr0Hq3S+tsTy4hP5d67/KtoxKr
+3smyKduX6gfOmEy3TjCSc+OMebM7lX0crX2+0JCm355yDC8fxdAGxpmqYvwmVw9Q
+NbIb2mHR/40CgYEAjshlnQhbSnq/hLBupZ+srBivGS+rox2Gsizh/kNq3J6uBuhv
+Osd/0572Ot6CC0Q9SPcOgp2DZ1zOu8v4M1C2dnTKd8Y8+Gp0rQlilvsndZpSvP7M
+7Sc53OKX3puTMLHRqWfO5TskQIdIAUc2gTaRZqragxFj0App25ZhN0BurmECgYEA
+uM8L5vhu7ZitjUk17zKsOo3sW4kc4ZczY4fOOZq+B9niukm+LMRfuUbkHCHXg/UN
+lY6VPGBuqwraeLEoYei2eHbSpgKFozHt4f6Is55+K3Nsn6sBqGUgKK5gOVSon8Wm
+P9byvzW1qlmyp3GUCbjXAWO8IqhEdKPpka1pBnk6KDUCgYAhGqRGJ7NG4+Wz/0/5
+Z/IQeEsLO4lB7EuIADn9udmrYgYqv7sHDzhIUOviJPRgf2ag68LEXXZsC029famu
+/wbhD6pw1yq0QKGDcgH/LzHL9+74TqRlT7drPyOFPqOGPKtc88wL/aXRC90n7dsT
+jFEbunnLOfUUjgxXiJpNU0FtjQ==
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-kibana.p12 b/roles/ca/files/CA/private/dsoclab-kibana.p12
new file mode 100644
index 0000000000000000000000000000000000000000..f9e8737d615ab77c25857cf3b3c8eb2d77f03104
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-kibana.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-misp.key b/roles/ca/files/CA/private/dsoclab-misp.key
new file mode 100644
index 0000000000000000000000000000000000000000..9b8a5d677ac4cfa58bdee7fe6fec0d74c30240ab
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-misp.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDPsRvnoq5wgXGl
+V0YULkdkiU69ffCCLQMZ1odEs0K/cngDzJGYWzZCFFXighYSWGBURI8V9hsfdjYi
+Luis0zwK30bH8QS8Or/+S48qU4PjUIIGCfwq+v6UoHt/wj4LPtxyuJQQCguQ/UV2
+KYVSvw8gQ3j+O9NJII+apQyJuw6X8mewLfAXUyWmm0tkDnKKv8njjkG77fMzalVf
+jVKE+qNnGntx+5DxX2HfROoLd4jy5cGDcVjHWIqbOUVZTuDbFraWcpCM7sITdeoV
+xmvi3DreyAfeGIQtlrbETOFKTRNvbJod5flvzH4bSjp1Grk3sG2gG2k18bbmwqXT
+VtNXxw6LAgMBAAECggEBAIb/4VqMVQTOLvfBJc0iU8eWtLbZMMb8ySI3Xs+aEc3t
+cvNNOmolB7ymCTllQ0GDboH32mX1BaZKqV9IzHbiCwoqHZEDKgfLzFZX+OQTSwwr
+nYidXur1IRuswPnHYZrfrl1net5+GQyShF8NGBs0E3nuQaxHaMwEvTNRCzhPfWnn
+u/g3IExtSdE/XSxRnTGRQqSnMAf9OXs9bw/iTSR5cQO2mW/dRLr4aUCQOJ5Hx4mO
+ub172vkNeNwOSUzc9FjtZyQZOtn25WoS7SusK7y9ToDqqR5OcI5M+kxq+fQo8Wvu
+XlIeOvTKTHOBaih6QYEzHo9zq893I/c0xiOmfOr0v7kCgYEA7WQ7g5z+2Lyt35Sq
+XmzyQyAEbx+PMPc7yTQC62YuvpEAaDFDHMphDw1zM2mraLO+2IuBuDz7CTlsf1zl
+xwEJoEZa3odRi2McpqiUVQgJYD+bCUv35J8X93K4/7tLHvXDJQ3BKBNNoLHxjD5P
+SlR5xBCFwZiiXAkquWpZaaWAbg0CgYEA3/jjf723dlWRrVcG/m7VJrhTWq10Jltp
+8y786INKU1IUrwqFt7ph4c9/Jbop40QVkJKzsPojzWreDf3EZYGnBVhOLA5p4MC0
+X1ZTzN86dn1Y3SDCopGnJVP8X2EdDGfsTkfXxOjRCzSPOyZzxzseACw9WWAmullU
+zQs4K6/4YPcCgYB117znb8bepoMVqwILz79PbRRmaV82qnRGRAhy/I2V0ftGvbWY
+FCqsQzv9uKX7WscRTed+It9nS9c9PkteR3iU1HgFYV0seW3emW7Q6yVkXw7CRbDw
+D73g+1U0ta/r1Yoi2boZ/8MYU10aBlBsEJVFrAIKAZAPagmIc2+hTyP6/QKBgQDX
+FHSr3C0NJzkhA7zEovxwFXx+TKmImCqTjKD0S/gZMW6JdYpZmFOc/Jz2RuMoyt4G
+msqSfnPZNPIO744liC8zM8zGBAVq/sN39je9OvUyikbG+0nNwh+H+jIWCfVST44e
+0mEDSCxPHWcaf1+ZiEzUD6fOZ0Zpl5WW3lpPocncmwKBgQDIR7uJctv3UZkEO+oq
+g1Q4jLUYJFUb/3fk1mEmpq+b90e/xQMqZHlu/KHiHcKrukdWj67d/LY4mrw4DebR
+PTgdj9e0O8V9M7BYxDN+zEYrvmmY4A+tg07zm8aqmhCNKpOMsW0MkKFFuRiMkiCh
+bopZVfjdd+d/56vLZW+GSBaCew==
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-misp.p12 b/roles/ca/files/CA/private/dsoclab-misp.p12
new file mode 100644
index 0000000000000000000000000000000000000000..34e63cf61702da91592e85b97cc2c41066f4089a
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-misp.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-1.key b/roles/ca/files/CA/private/dsoclab-nifi-1.key
new file mode 100644
index 0000000000000000000000000000000000000000..2d054afbf080153a8869b097e3385dcc2fc0e709
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-nifi-1.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDr++3oZVHX1Xq
+fujW/dXjGWguch+QYqh5dtjS9lHfcYA3Wux9+214bjf+5RvI1XPkyaXL6EpIJsbg
+pl4ULJCxgbJpMeJEhZf1YBKIBp2Nz0qid7PZ//NBQEwh4XONmIIvNycMJNhnvccF
+UEDFqdDkP7sMcil8vgYBlgO4oELEb2/aqhc0X17zcw53tXqaWeM80TlQFy9TGAWC
+NCkbGVYuwtskeVEPqNlmPHIeoPcD1unlxrm+lOSEvc2TJus7F7vN5Vgl8ig1pLFw
+3zJUhfY8IJ+Ii12DosQeMdmhdh0uPPh4ZKTdOrJWZb+oKqjtYsliLHK9nX5rH4Dq
+vDNgR9MPAgMBAAECggEAJ4fH/il3FXbtzTQb5ypZ5cmBITjOpYU4kWjvvhYiTegI
+xaXpdj2vTI+/Yg94QGbWRZZylrFzKAYlUMZq5Npn1GPl3ZhFJCB0pQ3mUHI9q6L/
+abiSrWwmAL1zY7i+dhEj41PZ4Hsk+Df/F1Sx8PwwBZvWNlpthRSB9BoQ4GAHfNTH
+qkJPz7IZ8ZCWZRRve71+h7rBSJVnrz3iWUmKgGigFWErD/vW0PpD4apGkwe9egkR
+2MDvf+x/QQ1vudzYHJEkKg2OMdsKokLmoJGmSh3Cq1dswAjnBqM+MPXUklHK6gZm
+L3x3GwBowQSVI/EHJT6MeMyZSGAwJlouX0oN/Prg2QKBgQDkY2ZTbV7ih1wgIJDS
+hKYqo7swHOo84JaMtz2FZBfv7KdYYUwAQObPD7jnrvV6EqI6yIOfo0WN28obz6fw
+rgugYeAlFka5g1Gg5fTGCgWIy8yTm5RvOrNn7lOsE8xx1dPuSqniCtTHjGVqc0EJ
+6yL+uZSKfL3Mgfli/RHTXmcv1QKBgQDbWHE5ZyudNF61xHAn6sFjESSOwLA4LsIG
+qeZN0l1WIZjwq33HrK9YK4F3k7AySYGlla03rOWVArM13fAPlNq+1WRZ4a6iArdx
+s3Wri9b7spzxz+OD9e+sPMjR3+odSAamZyWzk0++F+wQlu13rCX2kNO71laWOrSE
+u6vvmg+NUwKBgQClMYxy7ZoDCdtF1ahKzO2Py+v6Sf/XVq8uSt/x2stBnBAS6hVZ
+3ZfUz090LOWbjVzQXfZugl8t03slkJatjIYWVJUW3jz7tBNX6NyaXedQ4fAwGAlO
+Rsw7cXQN9CgdcoefRVwJhsIPL+qvC3xQm0YtrrfVT5LNGHn08o1xMEg8nQKBgBDy
+3Iza8/vJuCfDbgcnlJnbEUAWk4dD1ao+JpWM07l8Dx1JowZyyXm+otpihxLbqzDo
+R+Itce/5rW9UHuCVV/G2+3IWhi/ulc4rV8RRoeMBAi+NKL9hmYtthvbwnl502k6x
+WbBuiZLetlbx0peUrbpHppS1Eyu4jYpUFg0Fkn4RAoGAZsuipVjJpM/nj+aS6aUJ
++FNYaqZRsSpad/IY509ZD9G8lf/ANNxjwZuX4P3Im/m3772LcCe2LEv4f8sOfaF6
+wz/noWgJxaTqSaNmugNDhPJpXTgdgsTeqnq20MtHrpi4ZXUs21CDsJph5dlS/gWl
+AQQhj15wJkiYTHv093f2vaY=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-1.p12 b/roles/ca/files/CA/private/dsoclab-nifi-1.p12
new file mode 100644
index 0000000000000000000000000000000000000000..0076ad1207c243f877de929e2424ed953f60469c
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-nifi-1.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-2.key b/roles/ca/files/CA/private/dsoclab-nifi-2.key
new file mode 100644
index 0000000000000000000000000000000000000000..a6d173357217a1ecec773826d1b017655a4f3b7f
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-nifi-2.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCst0vi1Yd/jhWb
+z8AX69uM4xuDwGm5BpGgm8Y13C/ojHIoUAKCxbHr2tnjnZXS2d3hCDVtg3OVmLoZ
+/T4EZ5oJN0V50x0L7ApDy7gkzGhczi6u20jYblrzMb6HKIZ2jo+NaJUfcmxlSvye
+uH3ig+I9sDBdwXMGrpv3mlS4AmuCkBEIP9ZfWVzfqiVZwGd6/OHwyUqL4DG2UxPC
+v4xPOubtETCmQSatVo8DC62HbLJzxC5BPpkatilt4Nyvj0Vu1WkXDfFYpn6MgDJy
+JCHS6bREI/YQj59kf+/mq/FDlNCKlw7kkb2GuR9C9JY5hQUm7ZABkRGjHwRbRv8b
+qXR32xgDAgMBAAECggEAIutEGm5VYMKXN9M+4Rc8YjWgYHjMZy4ezzvvTQBhZ0DN
+67yRZWMW37p1hwFbQy/tHgwM0UFcYwhnx81ddoKDsA1OrJy0KK7mPGK5ribtiqXc
+5llLVwaouLZ78NOOq/WSrGJSk/MMW0ZX4LcoLF3BpfszLCFqYhV3Tw4Sxskmd1TY
+DAIJ8P0mcAuiEw1G2VuVEsy8c6Ojkp/cJZudlhUk4J/Dqzhq3XcdRu+IoTOg1FTY
+Tw6aW0dwW9niZWaTCzksjnsY6ydIoe6v2GMiCOzCnfmogAgfuTH8Hg2oDvJDqFel
+zXNwxn52Q7HMvySnDn5j2BAYOyfybNkUDvjq170BkQKBgQDfwI+q22h24zg6ZLiC
+0AlqdKNliU1qdtaXu1bU1Mm0/9/o70+TP6GUDeZ0xJVPDpgf/qULaY8k2H4Ucb7i
+PNCPVYNF21qd591qaZA3i/YDNbXmzYNgy+hCPjY9+jW+DBEKOMDSCbUgUP9RJpNj
+CgEadH2xvumPeuLLhFwnmDn3XQKBgQDFm7tWnpUiyOVWcdEZ+xXPiqRr3JZFcjHk
+N3vSOVsS0xjaYPbyBnUNiw8Mxdm0xmaCCDHjv7lmIOCEUtD1YU/bp/e6UqvAULg7
+UasrT0h63eQPxS4tLpDaIjk5Zk7A/NFAHoTKrtbZEs1YONL8ltkrqOYUv4jaX1ae
+76f+1/s23wKBgAUDDzTIjWJ8XHoSX3+uoUddLXvMw4sq9kuXyq4hxhLj2GQjWCj4
+N+pVFWBwNtf6f7XXwmKrDqXIo6pZkekHa7SKOdKKw1DeLLuBedWEsRIJVfXBjLvS
+VXWGZzikLif/pTIRa2BJD2GV7uImdw603ql1Cou8twabvhDI+jd41XORAoGAW8b2
+fUZt8Zfom/uEqFJrUNcNgmMTD/H3pgz23y5wVA/jDRnX15SULNQXC1GgyUsUNPRl
+Z2eWTg6a+BoWnsCxfE1Iyyq2Rj23MyW9IAJUoWwJDiIATk/ASu92MGiJzywca3FB
+L3mAo5UN9hl+NH5DIvnw0lYa04FQE8Uu+zeIn3UCgYAgWQECDVgkUgoTtUZBmUAT
+wL5cXXfmDnMNLVn2TJNQRDvLMkdI0naQ94Dxvky6BIbSqaKx67PA3I7yRIDUYhGZ
+RM4RC0WpGtjxYmWyHkdClGLAJjSp4RPDUcCNAqmQhTySGCL4gBMalERbDzo16SSM
+lyWQP3MOrilDi/GjbUi3JA==
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-2.p12 b/roles/ca/files/CA/private/dsoclab-nifi-2.p12
new file mode 100644
index 0000000000000000000000000000000000000000..fdbd25a1e50851b8ea865781bc903dcc78a1cc8f
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-nifi-2.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-3.key b/roles/ca/files/CA/private/dsoclab-nifi-3.key
new file mode 100644
index 0000000000000000000000000000000000000000..4c508b05ddb691868f07f9952a5352a9a9a247a7
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-nifi-3.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCnSKDTqx6MSWCL
+uL2aqlwJYgF5icnlXzBkOMrxlS1IIIHvYKpv0e+0rImO6fUWfWQHsDt1w+HhFXFk
+YI8VjhaL3riXeaeDGXdbqjaCN7lRp5W1H6ydgcbs+xQ6hHcenN08BjChXtCPsMla
+E60OVle8HT++10xLN6KIck0aYogIoFe7IM5+r7dy8u6GGrEoO0H00+oUdJDhM0Ea
+kuIu7NMgYGBh1vwOP1dDiF8QKSBRQEbtXZ/RWudLUvTUI2BKIqeSbNTLIAGmuVNx
+enEC4QVyQaVCn0FHLDB+DLFzzPdjYCc/PTaTFKp+Eu0b8ctN6HwyIFD1LX0GCpPP
+eoUrC6axAgMBAAECggEAIwh9zfZvTlfrpTdKVgLJhZmFz4tAwg2eV87hCZkBQ7Kz
+I4uuBf8EYWUk5c4vasdV1JpeyXn9ayMPfUMPlCcOp7o8FFUA9N63dXX/NmQvJl+f
+ZbA9eTr9ixHGGb82Jy4Y0wJE2va9XOpcMMYgHvmMJDRH7lKugq4jFspBRX5PGOcM
+6MxlzOSEcPZFrccDFcVJIU57rJ3HO85mF8OUmQoReA7SH9qNLFFtERrsgCSkWlwq
++Pdz+FwkK2tmSBU6+4J2YTyJ0AvF5DUex8tf6rAD7H1AGz70VEFumlbjyz+OZgsS
+oeoAFRm6Uzoo2kU7mB3fPpA2oCGVWVIY6fgHbyZHsQKBgQDR0L/WuzeTpYB3oXbX
+2rPcbZVa/wK0Evl1dfj1UZUBqazkVntMVko02Xt5RHt8FTaorTqi2ieEGfcbOonn
+cSZzChPNCvyr6MJJHRcqNP4pgxd4b1LfP8sCLZTvi7HdBA1DPamgWuiKOkqGghHs
+38BX7SPz3/gTxEjwCE7g9970FQKBgQDMGy+CjGI8btlbKBK4LkebuGGWgWUIXa+V
+2OhoEZzIwDQf6LotauA8pdljTeeQ0VG4kO365hN2v5bL02SOCo3ciaLkQ2tQhRNt
+1xSDoKf2ipbjFZr9o6uDHGtVKZF1B20j48vEWBu5EEZ8yf7L68BWBm/RCVeN32oL
+jpmIMySDLQKBgQCwbv/CzDASAkwjTS2omgpBRA0iNerKDmKjeY7ei7nnag0u/eI0
+8SL5iiCgewvz7crG0NTL+PLdzQ/UX8dzTdztQ/4eoCyVSueFn+bI4UMRGWF1Lvfb
+L8PAkx/4x9nLZwrYDlRDue5tvlLJBTuZmxYdWhavjxkHVjmXTwU1fHqJeQKBgQCO
+Rgj5FEhJ3e8PFsDtt/zcdEs6MVou2bdSWc+u80/5s9jhwUU98Xj7bZQ6H4ziKrav
+U/8/XG+G4AgKboFybbLzXtG4EbLVft3LPBilpDBQr8x74IyYbyVYEFBVHdOx4wpV
+8S0R4WT5vHmV9OvyU5RPos8AxGVOlMSD59Pn19aExQKBgFTfUARZ/liWznEU8X5Q
+krL97ge1+oaqQBI0iS3jmi8cfRNpwWFxc+uRgHW5WybGC9PxV/n3yu1i4wIyrwfC
+g4f0HH19x+VTFs9+H09wudytJh0K8LLTns5G3Nu3WW+o0gtJDQDcAxijvEr2jn08
+qnSQ95GLsDqLTauqOMzEyhM8
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-nifi-3.p12 b/roles/ca/files/CA/private/dsoclab-nifi-3.p12
new file mode 100644
index 0000000000000000000000000000000000000000..4d4b23daaa41114bb1ab95eea974f0c2618dbbeb
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-nifi-3.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-odfe-1.key b/roles/ca/files/CA/private/dsoclab-odfe-1.key
new file mode 100644
index 0000000000000000000000000000000000000000..f10604dac97618a3da392c9eb505dae7ce87a0da
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-odfe-1.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDlRvZxzqI/YV6b
+88ZhiIeZCqy46J08X4xgK0FbNvs5Cm+hFgIxrA29Dv+VWdjxIWu9ltZ7eQHRZRzK
+CSJQMAHq7bQpv7RwJduzHelz7WOTAkyQIgRtMXQxroU8Eo2z9pIv3nV1j8ql8qIS
+lPvoczA38Xy1TlmrcXMmgJpGjUmUsAnlJxA0ncBTO/p3LgbAc44Pmh6MJzIM6/LS
+DKdSSMbuEiEV40UwiYFjf78KW9EFyBz8X7u4giqSOzquGZ3pp2J8CvLCKuao1JsK
+qKJa7OWjGnPggz3S6HSpC7DksP3+rR5X6A0gfKofMWm1DYw/HI3c03Fb8QRqrrkt
+qL4oEfVLAgMBAAECggEAGkUQNaf8VRC9+1ZqE4DGMJXVhnY4ldNIzTgHjAD3tehp
+M+bGp5RUGqZeSGl7/tzacGWY+5q4x5ozOz7irJdjkNxdeS8a6IKd8p7pwbugXha0
+WQtcwHobGxoo7+IcVFNbGpr9kFPCX1M2mLRzTIXuL2q+5DMu+QLNs8qmYpELrjpp
+wiY3yQ6zcv4ndWJloMWo+CzTXq+Gh0L7cWB8dk9NOGu0dAF1HIVokvud+xUejyIB
+2bBN/J9ErGBX366C5yqzMei1JhDXBT7N3XATs/i5tx5jHxO9/G7Psz6Ka7wQ2XlF
+9gY9AndkXGFNt/YnKpvN+h39caH7lRvC/AADwidsYQKBgQD+dHoAUKrCKfrHDazQ
+gQRPGNOY/J9anHhKvPKUwkoY8VZ2MDqB1uwSWioambx2CVc81eeHWmRQUAp7Qw94
+p9DWhqcPdhqGZDRQGSolw8uXnSLKLkJ0f1VxRv7B16wwLyaMgdcwn0JaZ0iaQqwk
+VX7V3OnRpbaji+7pkoJUetbyOwKBgQDmq1mSa8G+/5K8CURJz6K7/ItI29VCFm4t
+ggeQ2QdjpCEhg7b5wyW7Y+CjbWoUx/zKnT4FFX213Ca3TaOKn/sU2lu0J7AP4A85
+yV6JizecpU/aDsAelezO4PfpAdHiUN49lWt6VCTWzOM/+hKdLE1GVpOfqBCtEEYZ
+DJwS8JdIMQKBgHm9Sl16OqhYo1W20jaTc3dQXnQ0cR1N/TNswPaxGfhjBsXW/zb9
+l8aUAs7lPMiQYX+Gq5YThijykoE0rWNBjuYEWEtKaxhfOrQTxhl5Wp+4G1v10++e
+uEdQ+zPMtuH6vQu+VzE5EOrlvVOokGl1yhAR+IBIM2B945k2ckpu1wXfAoGAEGtY
+B+UluGvGzR23v61I/yqd24TSbE7ebtzXnwbj0MLpHNKcXrD2aZ1VayyppWsK4n1I
+4eHCvgQ6uUeMgZybqcNVTcCZdrfTPaDI2u+O+NaHlZUBNewkHCHFY8+eWga5mxac
+vOtqZ+PTtUUeuBNkOMKG5ZF4BmmnI7dTEMIRcrECgYEA0LJjKYwHmqHXe7Yel/f5
+6U3fQka70cpS0hg9T1qHlC2A8Goj4p2uchJmRkH3uYd0FTtImkoiAqksnWu949pI
+YFdI65eKm/7a7Pmoy0C7TMM6pN2ibbN7XBoZ7bZ6Fj6FI74MLgUBUIwMyKXWRhTX
+RWpegcD8h8CCEagLjZ6PN3I=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-odfe-1.p12 b/roles/ca/files/CA/private/dsoclab-odfe-1.p12
new file mode 100644
index 0000000000000000000000000000000000000000..ed4bd60a1d96595774f510ecfd8c864a09e8d338
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-odfe-1.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-odfe-2.key b/roles/ca/files/CA/private/dsoclab-odfe-2.key
new file mode 100644
index 0000000000000000000000000000000000000000..6b56b08c72d66f58917d079dadd02f0bac21718e
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-odfe-2.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDHpeE/4KMiafG0
+FV65PNvXRLvZx2mUW8F9ozRNPogK4o8u05iUrrQfSaP9SycWcKsDq81MAip77Tr/
+SUkuO4j2WYUm3je0R54cvqM4jrAia8rFEuW+QJxXek0CDNsTxZ3Shd+ZVzKQN1QI
+FkYBVNoMdzFjOUYniD/0rU7m/Qo+nZiaU5iQvpvu47KRx38/obli+HoezLQj7YKg
+XK2Ge1BTyexXBEQcEvYzP2hC+LcvJZEcqrDfF2vtbcxtp9a3B2thpRZRnwIHrbJC
+QsoLsS7BbpQtPl6ISI+2ixWwSI41WOq1kJz7Wvr1xye3ETB6yzZ8T+pSAEdA6fDK
+Z2My4DNzAgMBAAECggEBAJlsPTQ0cckRd1/3iCp7vUmplV5fYyBSftgI4jl2E1+i
+CXxnuPqRYvQkSDRvW2NgQ9t3XDXL+E/x14O1EtrHf5Io6y0aWd5dpwDZ816UMIDT
+KyjVQ943kq2a27D2piiElarhnBofq0iubBIm47dEOKiZtEdXDTV1/AgQYvEZhZTl
+dZWsX21gP6YbMgGE/ZFz2tMjFlaK/f0XygJd64gGwwt0wzhBnJsb5Nf1nyrqfuNk
+XIKXQCBx3IbFxxHSd0LxeokYR1+nWcdw2i2T396UjlFJn4n58oPJEQSQAuq5RXHe
+aJDCiPLx16Hx0sqSgwXfjptXwdxYt7DQKYZkYHdUZtkCgYEA44g/xK6aUJWfhc5n
+QeOAB/maCa6GmSaGhvjIjOVu2nimmHl4jBF3Fi6FyWG8Tqj7XBgDaByuLBy5NIAQ
++/cQ3IGMHlI7SboQRllmsUMrCApOFyENBn5V+2dyCIRIqzstYHWGefv9ElrCroZa
+a/XZrDGO2zj3psoaKwat+b9i710CgYEA4KCC2NnP7henjH/rDbQfebIg+NSBeSn4
+1PDh37p3vm0gIclhygWS9vL1ERlvt9N3o272ago9jM+PaVK9fFBiqGuMU8X0/2qx
+LnPppWUKY3WKPkDKSBgz5J5jkTTneL6wPLY0saHB8Ob4zIKpfh8dsIXBwmiYsmO1
+x+q+HAL7EQ8CgYAjKZsxOgp/CaBtfUhX1mCi2uADPwVuBZYkpa3YmFxZRuv4BE2s
+18Yfl3D1fjUrstGlmdBs9oG0L3wvsNrvFW91pE+TIAIpkqeRN5+3JToxM+Z9jI4G
+wt9mysXEqyzPyYVpsr/lehvSClSrw/eVV5kcE0yQdG1RSUph+9ZHElynwQKBgEcy
++WaM27iHLOd+4F1um49yY7sbeJKUODgeximpLC1i3412DJYBYE0AQ6eQ3XVyBPj7
+wgVoi4vneniS7lbKEAt8U3V2SKrxAYpM2WFAfqN57UDAPp3Ndh1gCwVKtJf0MV59
+DoTDVfrq6y+/tsOwTzPVoc3iY4wfyM2+XVX5p+UHAoGABD84C3yYWYZ9gBkEkXHH
+jjKUcDCWUTcbErUtaloI9AU+Fw3XP+H21b1ahblQ8JtGcGIosYLOGreZyjN/gVJO
+Us14LTFkYwnSQMJ0KLmfZ2qEL89xl8fIFbjmccJUmW01F1y2M9yZVTVeNiAiq/VL
+j+8aCEyjHb06KrRCjseb1u4=
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-odfe-2.p12 b/roles/ca/files/CA/private/dsoclab-odfe-2.p12
new file mode 100644
index 0000000000000000000000000000000000000000..106170ff7a325bccade7cfecf2f60642e866a4a0
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-odfe-2.p12 differ
diff --git a/roles/ca/files/CA/private/dsoclab-thehive.key b/roles/ca/files/CA/private/dsoclab-thehive.key
new file mode 100644
index 0000000000000000000000000000000000000000..6d4d8bb01b413adbe679481a68241bfe71a1c9dc
--- /dev/null
+++ b/roles/ca/files/CA/private/dsoclab-thehive.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6xU0gpGC3YSHt
+FqFvcsTeoQDA7/xdoYk0BxXStDoUuJV1joFxSUYdyIHL8ezHWhL2iWDkyJgaYcgt
+Eo9z7vidiLV/MHCXKbSrQy3c26cQR8e1JpsRhfvTJ486VbzqeBe4iRCjpBBgOcN/
+QiWp/oR/OF70PcOYPVa5uoEGVY1lEvBOI4gdmAwvbk9n/U5nOZG5AVISqp67esjq
+j0otGPhpmjqgyG7j3sbbvkxZ4M+8NE8ssO8+glrfaL64+8xfavI+ZtTGxfYLZ+lk
+hRWHYG/ctFsTb7Cb+PPawZGegV8Wyp4UAcEczirTyDwPvrE3qskIaCve+URsHpCk
+Erz1PEa9AgMBAAECggEARJH9cBeJfqoFp6LgYCd1yfq4aR1yvPl6gwR66aHLlSHz
+lXZdZbcuK+8aYEMQ2FvkjGkBjt1qonz13j5rNngtBMFVST4CiC0CrMH8S5LFMj/4
+PTTQR822F971QciKlFbE9rYzyrCIZpuuf8FMTK4p/P84NVmbvv/+IDAuAKJWSB3b
+TXVeYzqET/cENXrNZNsTMHVoPAudtsHXXa5w3yXJXhTlRQrjMtMHgV+H1O2iOvi5
+IAJUm2HVmGON9aqQKZlzYvx9txSBRczEwQK+fLPoXGEG/KhskiBPMU0y9a60SV5F
+Oi94zzBCOSf/k+C4+EhkvfSq727ZFs60zGcoEW7rzQKBgQD08umyOtqJEB6dk5hg
+RA1mc3qx332Li0Ep9ciPD0oOyt9H/pQBMYHlV4Vf26dmjxg7XMPqB38topjbnVcY
+r1QigQ8tnHXktcO1tUpx6MhTkN4sBH9dvZE4TdBiarlcThgnuCfZUhjyfyr715tR
+BIC8TA9bd/6oUaf/zd0S4aGcEwKBgQDDMnKe7PoDlHtjxaiDs8VLRRgNKocT/jaD
+SZ5j5a1e+fvIK+lqpW7pXT/AlBVvxC6ke2Zb1csgndgF0p45ZO9WsB5fV3x8AREM
+zIvrqpH4hdRBEF7o1syVDMXmTQLsPOLzj6B2UC5mpqoo2GkI9yyXpJhNR0kqzkDy
+Pclu3xZL7wKBgQCZsFAxI/w6Q4LyG8lfnVNLFOnG8RM0mwsn6K8OE+nDnka6RWFX
+3lhCLcfhfVBraR0rIelKzaleWMbQBMjBFEEV5SRA2gqele1V9YngLs6CoELGG4xO
+pMKZMTmuhogHAnjlcwaNtJUykdfGbGFnVAvyGUcJfSCrO5DNT72GO0vLQQKBgQCF
+WyPf2/r7Eygxg8qbH+h8ghnqdNGQIS9RBqzFhxapOpR/rzBrAdcCbAiwIvt6Pke3
+a+8Ecs2x3OTHJZufjovNZ8l4TaboeToSynQVb5UGezgFs4+D96wRcIaLzrVefEJ5
+L/jqm+D3lInQGfm4fFXkzDiZI0ijjAHm/btumc771QKBgBTu4KvY6rzgmHbymux1
++tr+xl3/Nb29XQJHpZV+hgFGg1+aWaR9c0WXz9mKovBanEUHJb5khqFQDFZuWMNG
+tNQ1JbwTXwxmAfVJbLYbSHnuePkh+qtpmTVa3H5NdRBI/062/Km6Rxcf5JljB8/J
+k+SqVxdKSTfaWxGqyyAZgVis
+-----END PRIVATE KEY-----
diff --git a/roles/ca/files/CA/private/dsoclab-thehive.p12 b/roles/ca/files/CA/private/dsoclab-thehive.p12
new file mode 100644
index 0000000000000000000000000000000000000000..4651a2126460e39b52b3c9404b73b982758cf006
Binary files /dev/null and b/roles/ca/files/CA/private/dsoclab-thehive.p12 differ
diff --git a/roles/ca/files/CA/reqs/Arne Oslebo.req b/roles/ca/files/CA/reqs/Arne Oslebo.req
new file mode 100644
index 0000000000000000000000000000000000000000..dcf639293b92b30d5786fe09e9e1b6306274e43d
--- /dev/null
+++ b/roles/ca/files/CA/reqs/Arne Oslebo.req
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICWzCCAUMCAQAwFjEUMBIGA1UEAwwLQXJuZSBPc2xlYm8wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDOTAIZIW4c8u2T2P28GqTCETvhVXPlJpLT2eim
+3X2iHb5qfGQGOWAzOH1qyomd5RFYIWnzOohe6uUu4Z27AB9ZGWlPazI9LxralT2Z
+lVOfsurbE0hjLUrcDEumHExi4tARJWfLgFIC6Pg7POvL9HEDWr7ZoEn+0XL+T77h
+rKHtpRUG9E7JBqubksI+uVgM9BUOBMCRG4VznbaXoWxwChqgzkyNrCnkxRcAJgNE
+Mqh7g1JJQ2ARU8geuOufH+MTVIF3xEdKLiCNSIyRLuDU5TcLXLtfQDeS6WA7oPmY
+f22zIJI82ozweYHy6ne6tHsGVHWJd36tCDquHtwcEWMIQxSXAgMBAAGgADANBgkq
+hkiG9w0BAQsFAAOCAQEAg1Qb6ZHRANNpMip4Swkowrq8EqkMwnaei5l9ODVzlYa9
+Wo5f+kiGVMnza76E40/OOTRT8624hZEbaOzh2bLRd/9MCxE3oGWeSVtu/MOkN0f4
+vERTql3zlcIzOmQHXp2obtJXdpSt+8jlYbFQm9HV9k6qCnv+k9zjkIEkNaZ26NIa
+CzsR4d6J5l9B9eEnpZHEcbtD5SyB8pde3d5lGDkJ7tdwVc874cbxSA/402lOf6Gh
+5huX7ID1xN92VHEdtiwtOkcWjtzp87Dr0GxlFd9u48ctOmvfvxL/wBPXAYDnwLrB
+d89p+JzRZzr8eRj5KCEW2W7AbOVpaL05IBAR6a/4GQ==
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/Bozidar Proevski.req b/roles/ca/files/CA/reqs/Bozidar Proevski.req
new file mode 100644
index 0000000000000000000000000000000000000000..cde307a9f149d38650af558e1c9ac2150c93a326
--- /dev/null
+++ b/roles/ca/files/CA/reqs/Bozidar Proevski.req
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICYDCCAUgCAQAwGzEZMBcGA1UEAwwQQm96aWRhciBQcm9ldnNraTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJreAP3x6bkp2VjQRyHPS2cX96kCkxfP
+V1tv2yaQMAkL2cVmXvYiZqtIBqpsiLP9k0WkYMlfK2yv22heJ+aFcSe3IFJh3xQb
+2gY5siEgSyJIt0t2RAKxiV8OWSLLuckejaCsKF3lrsjqzAUgomAREo1tiApz6Hxo
+nEgsyajGncM8wef0B/dbbkI9PQ+Fb+K5iKnQAoS4GWquE6GXUJgWyAwbvQLIX6Mv
+c34l+IznkkPHanW8heocRyjOLJs6j6gH6YyKdT7BlzLO48XKHgrXPHcK0qtRw+Xc
+N5AaNb+gSqq9OO+ebfiBN3/TdyPGW2OYZAcvR/19IS9XwthEAMIpInkCAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQBI2j+FMBWk7pwuvK10IHSgJl+MW/PS4LALPy00
+QCo6DUrkN3EsIY+wsY+jCUS2VGTlOehilOywH/RpmhFBxT3N+NmSyRHPhCBAJAHF
+lmziZfPU25xOt/q5TAbBgEgWJuZuMVUEXY0EV/BxHyaZLPOFogXMijP6jhLxx3yg
+8XU3aWYyFu3Dl5wwvhgtgXN4Bt5jHK7y4Cy+ChrybXabU6x380XlBDnlBLCmLmPP
+ASQ+xzmacFGIY3SVqI1sHBgSMGueVQLWmGEgT3uD7mX0sD1teFR4MA6pySrkhJeg
+7kZiw1lMNnFziruBsrk0wfVK5X4fy13lfOBZEc0YgVykUklo
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-cortex.req b/roles/ca/files/CA/reqs/dsoclab-cortex.req
new file mode 100644
index 0000000000000000000000000000000000000000..1959ae3968783dc47efbfd43251a6fa40b20d33e
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-cortex.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1jb3J0ZXgwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNCWsUM0pHdVvT2Wc7Ta0fpx8zq4axqjsJ
+qxqm+6BgBONoMw6FVNFwYYq51da1bMKzNgKUtx0Yk1+Igf8q9JlYbdeW4tJkd7l0
+RDzw+1sPQ304Xf6w2wV6qcUQJHUTyC3aab7jQzPwKDCaU/j40xAyNewdh6seLLUA
+fJ+PYeBdVhWMRkUJeAJ4EMCvLyVswlvtX8EzC/jIE9zfw/wFkP8Gnsu8HSvCV/K9
+qiKzS/XKsrgAGPEUELheaZ/t/ASD2S63mopFHFRxj2ECaoqEL2ffkjoMX+W252wn
+aR9bBtZ/5t+rLzGlzWMyYMAHUGwNOctorjyy2g8gBncsKKs6MJIbAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItY29ydGV4gh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBABmN
+TbZUl+mAgRYgyBhG8QxYAD8sLcKqPDrldqy/5qsGuLQSA4txQ7uEMFb9mr5RsjvA
+rsKljltvjmEMyLjOio00NanddY/qTAwqfk8VoPK49g0Sf1c73E/84JwhzjzTqR5v
+4Evckh4r2lrgtqos0sZHr5SUdYiMpAJ18WUAp+PCa6RydUt5+Upwu391lgjQpSr+
+M7DCM+KDSZ4X0eaSf6oFrfNA035FlDaHdRHGMIW5aE+fBXSXEU7EwgjCEMuy6iLR
+Arpjo8t2Kj5P+zJVXo5021VhWtTR221GI1v+JJxSkolHAziTohsj45m0jA1cCKbL
+bzpzNH/WwlpNEH7tWGs=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-haproxy.req b/roles/ca/files/CA/reqs/dsoclab-haproxy.req
new file mode 100644
index 0000000000000000000000000000000000000000..7377346b4e1b94227e731ebe0c462eada026a77e
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-haproxy.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICrDCCAZQCAQAwGjEYMBYGA1UEAwwPZHNvY2xhYi1oYXByb3h5MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycciMwsLD6CMxKmBN71RL0cy+huIRbG7
+EUM93rNwZ9eLOVqPE/sveAixsTLG0Q7k0y4624Tb0mVrJiRs1xblpZCOAkYTAgqW
+ZkaHt7DuVkw82K5Mfe9bqm4Bjon+TLnebLrkP4341zrtsimaW6xahmYF8xkvWY18
+i2qXHkOKNoCy6eGE9pS8ExExuNJacu1ow7E35FuRgmKqE/K24DqqhWZwCqmtXKdS
+/9z5mV7lFdUM/s0ny5ieWmnKcXQx5ibf7NJCQ7nzBI4seiim+Y66ZDxpDqz13NXz
+KlBHUNSM9e4xCHNpH65CHVKEXUdo3aMfB1fsPp4NI3gWQbxo8k/pGQIDAQABoE0w
+SwYJKoZIhvcNAQkOMT4wPDA6BgNVHREEMzAxgg9kc29jbGFiLWhhcHJveHmCHmRz
+b2NsYWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEA
+afvEI0PRtJHdn9wjijMSmeFqcKb7LrV3cXKgMNlps/7+D9S3E2id457QpHLteOLn
+G7YOlL+xddxa/rn95ovL/p+qU4i4bPfE3tG/Yj6GclQTNb4JWocZq6ukgDzPaLPu
+7XyS42sreCN8QlDuHDM+lNpb4wyzyLVKV8pUGLn9QjskKvAFmwXNOV9X20RLSlAo
+NhOYFxCoiwcCT/wyOh83uh5FcGOzZOPrG/J95rV+RyYOQGttu2l00nDVTD7Gbjza
+tv30d2Gj6tJAxTqXZm99qJ8zi7wBgymX7uQoaw+D4uZqRCzUqgEe9j72N0Jh+yF0
+/wo9Lx4oVJj6GR0I7jY24Q==
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-keycloak.req b/roles/ca/files/CA/reqs/dsoclab-keycloak.req
new file mode 100644
index 0000000000000000000000000000000000000000..c9316cf972da90037dbf93717ca8dc9414257150
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-keycloak.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICrjCCAZYCAQAwGzEZMBcGA1UEAwwQZHNvY2xhYi1rZXljbG9hazCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOqp6msvbJyfbZyJTgG6xsAy31kmK5X0
+wj3IfiLOtngD6CIogZyapqe6/QVmo1CBhXHB2eq8IeFdCod7vlWwfQFX3kz+OsXJ
+VHcuFfwSB/jvn3v3CQFwdVM73LEMZU1JxPsdQiBvgUVC09sdTFcbHTuBOe6yz5VL
+KdCoOZjWkzaZv8VDJo1N220kO/wWdqH9b8YZEccSDYAWTIjaLAl4PRt8bOzbngFQ
+X6NWf9Q7pCbSbUJ7iE6NZO0eGg4FWGVYR4NgnrTtFc5yT6C1It2fpNqIhv7LhG5y
+PQBC2ouFKvLv1+67hUK6ufvZndIsWA98AiO3RtBpBjdAnVh0icq3EuUCAwEAAaBO
+MEwGCSqGSIb3DQEJDjE/MD0wOwYDVR0RBDQwMoIQZHNvY2xhYi1rZXljbG9ha4Ie
+ZHNvY2xhYi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IB
+AQAFuWENWuE+yIOLn3KkTz1HoJrOwzn6g/XkrhMcmQtRucKd9T1CMr384yWXkGcP
+f+BrrW/m2WSpPGikR6i+gW5aW1zKOtu+IABFpjsOcHTuKZGjsAgzSWXIffuNzrMt
+TvmOdtlez0sBmxPQ+JmpmNkGzSzEr/qnMxdxHonn17/pLV5P5Z4Dy5vMhTKlw32I
+1C6gD1yfjoF1nI0BWmu6vSih1IBApR2tdexa/gGZT68z1XncTD7zzUnPBoqWJjJf
+7NZ/HUxmQBcM4/sYNFnfx+XHY83Hm4+i2PS18SgC7WN+GTaGnOYdgLPbUGwCEv0t
+TnDRqK0EfRbr8E/6wCgkyhz6
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-kibana.req b/roles/ca/files/CA/reqs/dsoclab-kibana.req
new file mode 100644
index 0000000000000000000000000000000000000000..c7425201deb9b14a657ea917f997e047b37d6669
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-kibana.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1raWJhbmEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOT8kPhE1Oe9wRkMlJqPNgRKglG1mDZAvR
+4LxZUCKl9Yh6yEBl5CI9d9KPnjAXgF4ghbxwZ2HL2OKfmnx7puhOeXvNhm4mUjdF
+tqu3b0CPelWL0ZHMIW9VN1A7ch8tO791R5GIahzqOd2LJTFVDrxSb78Llu/jElza
+YyJU5bOViwKeVz57T6D1bweoW0V8yzSDdzSlsf8FEoiPzMQFXennfSsS+rtNJfT3
+BOeVBpXqqcR1TvcDZy2cmvQB9iqNbG3QWanOHxKxdjnIB9Qgcx7znLlngzuofG77
+huo/ao6YTDmp0U2+nwpDSRv9CWe2YnH9h5pjJQCqx6FNIxLjVg9vAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWIta2liYW5hgh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAD3L
+9U2PcNoNGQu7wDkVblw29QoEkbm7yXvcXt5fFlcd85Tw3+Wig4fXC2AVLBxTvK7C
+1wLGTMVtQfzH7+H+xQvhiQG+Rz2dLD6K10sPK+Uj5iXZyyeb82cqw7QwaH40jCot
+uLgvSIIrChFWGijW0tHy2UmHjTh6+cPzwGe58yYXTK/OBJwbEKKox3IL9XtF3QJJ
+wNhuCYPNbNmy1qZQ7Fny9cCU+syHDRkJwIYBAcfKVvq4/L7txkYZasnoQqE8H2Tq
+UnCOD97mt85wXID6vhi8gqUvujr/NHqCIJqd4yZ3fi8/uxbK2Igw6sr4d1y90Dj5
+iUsJ9h+hlzojGLzqB98=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-misp.req b/roles/ca/files/CA/reqs/dsoclab-misp.req
new file mode 100644
index 0000000000000000000000000000000000000000..051c713561519155d72428452581bd9dc4b891e0
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-misp.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICpjCCAY4CAQAwFzEVMBMGA1UEAwwMZHNvY2xhYi1taXNwMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7Eb56KucIFxpVdGFC5HZIlOvX3wgi0DGdaH
+RLNCv3J4A8yRmFs2QhRV4oIWElhgVESPFfYbH3Y2Ii7orNM8Ct9Gx/EEvDq//kuP
+KlOD41CCBgn8Kvr+lKB7f8I+Cz7ccriUEAoLkP1FdimFUr8PIEN4/jvTSSCPmqUM
+ibsOl/JnsC3wF1MlpptLZA5yir/J445Bu+3zM2pVX41ShPqjZxp7cfuQ8V9h30Tq
+C3eI8uXBg3FYx1iKmzlFWU7g2xa2lnKQjO7CE3XqFcZr4tw63sgH3hiELZa2xEzh
+Sk0Tb2yaHeX5b8x+G0o6dRq5N7BtoBtpNfG25sKl01bTV8cOiwIDAQABoEowSAYJ
+KoZIhvcNAQkOMTswOTA3BgNVHREEMDAuggxkc29jbGFiLW1pc3CCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAdn/gw4DW
+EuPNCWcDYqlXVmwo0a0Enf5awha/1A9IxU22Tl4jv7KOb+SFRRy6d2UURGP+12EB
+iUq7e27L9byhs2gR9xXrw4CQlLjZ7egRg4a6fW1YeL2gKU68PvppOyMGxxH0saCL
+LmAM5N8ClvujX8wvLudCXu/NNrsBwQGaQ5CXtysYXrV7FyHwkO7FP2CTbvGbyYj/
+WJT8g3P4RM3PKd7+7+mmNoqKCOySj1gnB6xEn0iPoBWRRcC/2SlyUXi6idG45C0p
+G04CKFxHJHn2x2nV+3Ym/1ctCTaxg5tGTrZ7Mw3Fkp2QGsmlQuq8ukeO0wTMJlyt
+41DA9acx/R0vAg==
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-nifi-1.req b/roles/ca/files/CA/reqs/dsoclab-nifi-1.req
new file mode 100644
index 0000000000000000000000000000000000000000..6984cbb76e1391cc8e76c34ffbcf3407d5459cd3
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-nifi-1.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1uaWZpLTEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDr++3oZVHX1XqfujW/dXjGWguch+QYqh5
+dtjS9lHfcYA3Wux9+214bjf+5RvI1XPkyaXL6EpIJsbgpl4ULJCxgbJpMeJEhZf1
+YBKIBp2Nz0qid7PZ//NBQEwh4XONmIIvNycMJNhnvccFUEDFqdDkP7sMcil8vgYB
+lgO4oELEb2/aqhc0X17zcw53tXqaWeM80TlQFy9TGAWCNCkbGVYuwtskeVEPqNlm
+PHIeoPcD1unlxrm+lOSEvc2TJus7F7vN5Vgl8ig1pLFw3zJUhfY8IJ+Ii12DosQe
+Mdmhdh0uPPh4ZKTdOrJWZb+oKqjtYsliLHK9nX5rH4DqvDNgR9MPAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0xgh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAHM0
+gTZ4mCfbnMSSETTVJM90A9LvYRYegrDd9iiyrHnA1ybJh4wfvmKYq1UfD04Q/wT5
+MT5ebLiCOtnicU1XtZIOdqVjrdHgYh5AiNuqGfWPTJ5714XtUfuV0U47iGgs8OtV
+W0C+DvWOm2v5xMs66QIMZRJObXiNjz/5NnigHAf0eyKj+fkmfB7oW3O28vD9drPk
+WCZYRFOTxEviwWAgapI5JCmlpvAu61gljYEDJhk7x+l2obOxEt1ibTJoobQCSt5U
+BF2ZBNI/nAKz6pQhj1bW25Gc5o2QM5bkv7uIzjHMprgGMKnJnbBZjEBdHKRxv7n7
+Pa0EZRioaWxc7VVDYbM=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-nifi-2.req b/roles/ca/files/CA/reqs/dsoclab-nifi-2.req
new file mode 100644
index 0000000000000000000000000000000000000000..31f0180a40f7d46e29d16f18b3226e56269f5506
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-nifi-2.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1uaWZpLTIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCst0vi1Yd/jhWbz8AX69uM4xuDwGm5BpGg
+m8Y13C/ojHIoUAKCxbHr2tnjnZXS2d3hCDVtg3OVmLoZ/T4EZ5oJN0V50x0L7ApD
+y7gkzGhczi6u20jYblrzMb6HKIZ2jo+NaJUfcmxlSvyeuH3ig+I9sDBdwXMGrpv3
+mlS4AmuCkBEIP9ZfWVzfqiVZwGd6/OHwyUqL4DG2UxPCv4xPOubtETCmQSatVo8D
+C62HbLJzxC5BPpkatilt4Nyvj0Vu1WkXDfFYpn6MgDJyJCHS6bREI/YQj59kf+/m
+q/FDlNCKlw7kkb2GuR9C9JY5hQUm7ZABkRGjHwRbRv8bqXR32xgDAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0ygh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAG7p
+jsz6CmL0Am6fDwlnBWML8EMgYcBhhFyiemX+6hrGxZLeTXCfFn/rSKpA8oDTfNyf
+OK2BceBxePb4JJDzqkH3lAdqsuEqByJMnUQfEpLHEorXl1CN2iMaQ4F/1aX7H2g4
+dwtdYcHD/vsBu9bP3q4FM+SKE6GHcpgM+R6gyJ/yRhSWO2pmdbxSGM7MWRHc9XBz
++8kJNwhraGqNRYlwruCFxtqL3iMyMzz0x9QS4To1T/klybmCxZ+JJaFTdZtD5fFa
+aL1/PoTJUl01ycxiL8nS0vVwh/UyFe/9c2z2OnUdJo2rsKp8NHRnHpkm8SfxYy/D
+J2jaavn1ViQDB7T8OUc=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-nifi-3.req b/roles/ca/files/CA/reqs/dsoclab-nifi-3.req
new file mode 100644
index 0000000000000000000000000000000000000000..be09de63a31ae4519ae390fd681f8b97d05275d9
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-nifi-3.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1uaWZpLTMwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnSKDTqx6MSWCLuL2aqlwJYgF5icnlXzBk
+OMrxlS1IIIHvYKpv0e+0rImO6fUWfWQHsDt1w+HhFXFkYI8VjhaL3riXeaeDGXdb
+qjaCN7lRp5W1H6ydgcbs+xQ6hHcenN08BjChXtCPsMlaE60OVle8HT++10xLN6KI
+ck0aYogIoFe7IM5+r7dy8u6GGrEoO0H00+oUdJDhM0EakuIu7NMgYGBh1vwOP1dD
+iF8QKSBRQEbtXZ/RWudLUvTUI2BKIqeSbNTLIAGmuVNxenEC4QVyQaVCn0FHLDB+
+DLFzzPdjYCc/PTaTFKp+Eu0b8ctN6HwyIFD1LX0GCpPPeoUrC6axAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItbmlmaS0zgh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAKKZ
+4Wy4xgX3E+O7mrt791MpRJTTl4qE0bgn54Y7Pzz2Do3SNeC7OpCtFHAVVfGDjpKY
+vac+9+rtdn21ttT7IjwOIao2vKUdxzbLhqM5onUDQmattCqvh5ewMtH4rVfbKg4C
+S7MlCb9tezg8zBx6T9ZO7eoTcIZwnS6jEoRhNABb1D46AAfEkW/4psXUpJ/e1Vv8
+UFt+mGqLIzZ2MLwINv7RM5koCEw/9WU4haEjJWvvTLmXVedV3eDidJCFQrNwRF68
+/VHLs21e+lZK7t0wAWGf/tzQOTzgy1AydtMI1cpRVFV1OcjEvSwjZProAVNjqBoq
+CHJSL39w3B0+e51cKUo=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-odfe-1.req b/roles/ca/files/CA/reqs/dsoclab-odfe-1.req
new file mode 100644
index 0000000000000000000000000000000000000000..c680ab26ebc91c7b59863531443390ac7f630772
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-odfe-1.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1vZGZlLTEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlRvZxzqI/YV6b88ZhiIeZCqy46J08X4xg
+K0FbNvs5Cm+hFgIxrA29Dv+VWdjxIWu9ltZ7eQHRZRzKCSJQMAHq7bQpv7RwJduz
+Helz7WOTAkyQIgRtMXQxroU8Eo2z9pIv3nV1j8ql8qISlPvoczA38Xy1TlmrcXMm
+gJpGjUmUsAnlJxA0ncBTO/p3LgbAc44Pmh6MJzIM6/LSDKdSSMbuEiEV40UwiYFj
+f78KW9EFyBz8X7u4giqSOzquGZ3pp2J8CvLCKuao1JsKqKJa7OWjGnPggz3S6HSp
+C7DksP3+rR5X6A0gfKofMWm1DYw/HI3c03Fb8QRqrrktqL4oEfVLAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItb2RmZS0xgh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAKzr
+ygHDc8j5mTfhtfsRGfnEGfZiLYCV6YGBDazc+JaQiKzRXb5FWWTPbWZ0EtiQyVJA
+J/yfkRQug6qQKLaNa22br7iP1LrPu0xQD6uTH9FgYu6J9YyfibBb0aav8em10JGQ
+fdW7AmpLRwdLVii+DwJURcd5GEBBYyRPJzwloQmktPoBsnQ1EATqcStasE6AVoGu
+1h2jlb6amEGJzUIe22CDuYs0SO5wHrn/t32EC4sub1I+jjmbiLo0r7uku1JAHT/C
+wL19wSfauW079sNjgBPgJkFbjIW8lC4VQe8X0YmCXT/d6dqsPc3mJPK3AojYZGaM
+Df8uQI9AQthiaGo1Yr8=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-odfe-2.req b/roles/ca/files/CA/reqs/dsoclab-odfe-2.req
new file mode 100644
index 0000000000000000000000000000000000000000..e97a63925ee9173215adae268769715699bb0dda
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-odfe-2.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwGTEXMBUGA1UEAwwOZHNvY2xhYi1vZGZlLTIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHpeE/4KMiafG0FV65PNvXRLvZx2mUW8F9
+ozRNPogK4o8u05iUrrQfSaP9SycWcKsDq81MAip77Tr/SUkuO4j2WYUm3je0R54c
+vqM4jrAia8rFEuW+QJxXek0CDNsTxZ3Shd+ZVzKQN1QIFkYBVNoMdzFjOUYniD/0
+rU7m/Qo+nZiaU5iQvpvu47KRx38/obli+HoezLQj7YKgXK2Ge1BTyexXBEQcEvYz
+P2hC+LcvJZEcqrDfF2vtbcxtp9a3B2thpRZRnwIHrbJCQsoLsS7BbpQtPl6ISI+2
+ixWwSI41WOq1kJz7Wvr1xye3ETB6yzZ8T+pSAEdA6fDKZ2My4DNzAgMBAAGgTDBK
+BgkqhkiG9w0BCQ4xPTA7MDkGA1UdEQQyMDCCDmRzb2NsYWItb2RmZS0ygh5kc29j
+bGFiLmduNC0zLXdwOC1zb2Muc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggEBAA0a
+Y6OxjtMpOkPMMTCOeMniiS4yzTxgfWe4ky6wOGE0E7ZXuQgb58CypGd7vJuUJvv2
+scIov+MH65NqswlHXoENSi1j042gc9+ce/Jr1MsLMwVW0JaY2fb5uxj8oi2GTcyF
+ldcLvD6Ga/zCcyttkMy3zidOlWUd0VsMJFyQl+N9BaiUOoNP3M0ux22FQ0a6OcG4
+GlsD0w59dx/jYKlmp0eKFQ7ogaYWu3O2X+BFMigGFq2rISd57WdEZk+K8ZGazNW8
+li3076e1DflticRO/uy7q9xzvuLFlfSFLoQgem8Zp9CgNJYfa/QVnfVQH7iZLm2K
+8AHzPPLphDavqr2iy5o=
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/reqs/dsoclab-thehive.req b/roles/ca/files/CA/reqs/dsoclab-thehive.req
new file mode 100644
index 0000000000000000000000000000000000000000..1bcb0467ac08e107f3e7c80da3257c8335d48d0e
--- /dev/null
+++ b/roles/ca/files/CA/reqs/dsoclab-thehive.req
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICrDCCAZQCAQAwGjEYMBYGA1UEAwwPZHNvY2xhYi10aGVoaXZlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusVNIKRgt2Eh7Rahb3LE3qEAwO/8XaGJ
+NAcV0rQ6FLiVdY6BcUlGHciBy/Hsx1oS9olg5MiYGmHILRKPc+74nYi1fzBwlym0
+q0Mt3NunEEfHtSabEYX70yePOlW86ngXuIkQo6QQYDnDf0Ilqf6Efzhe9D3DmD1W
+ubqBBlWNZRLwTiOIHZgML25PZ/1OZzmRuQFSEqqeu3rI6o9KLRj4aZo6oMhu497G
+275MWeDPvDRPLLDvPoJa32i+uPvMX2ryPmbUxsX2C2fpZIUVh2Bv3LRbE2+wm/jz
+2sGRnoFfFsqeFAHBHM4q08g8D76xN6rJCGgr3vlEbB6QpBK89TxGvQIDAQABoE0w
+SwYJKoZIhvcNAQkOMT4wPDA6BgNVHREEMzAxgg9kc29jbGFiLXRoZWhpdmWCHmRz
+b2NsYWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEA
+SrEnsOQ1zqalbv8SBBMBhRXlrKH74UUc8uhwqS9peQv0ILmJQqZ2FZx3HRyRcM2X
+30qhiND97sMs0H1D4ViDAk5lScX4LNCgPx7YhAVtxXAR8Y1An47GQHF2ln1veRGo
+UJ6kZO0VTnf0TSWAbEv2EwHIT6GsRiWv9xDebrtRByZXWEJF2z/PkAMfXOaYHu+9
+ZHc7oyHm06/iN9bC7n6dfPSq+odfuYKYc90Bc5pS/bOLZuUCNuWS8fZ1QdtaTAdK
+FGms4qBL3IIWWrKzxGBtCa0B/fvCrqrNENaE0J5In2nYiobU2A8wdAb3qCrMHsDW
+sXrXrXiWYjb0jUyMIOsKhg==
+-----END CERTIFICATE REQUEST-----
diff --git a/roles/ca/files/CA/safessl-easyrsa.cnf b/roles/ca/files/CA/safessl-easyrsa.cnf
new file mode 100644
index 0000000000000000000000000000000000000000..936ba8b4a76789eb9c7d2d01446cae2905c65965
--- /dev/null
+++ b/roles/ca/files/CA/safessl-easyrsa.cnf
@@ -0,0 +1,140 @@
+# For use with Easy-RSA 3.1 and OpenSSL or LibreSSL
+
+RANDFILE = roles/ca/files/CA/.rnd
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = roles/ca/files/CA # Where everything is kept
+certs = roles/ca/files/CA # Where the issued certs are kept
+crl_dir = roles/ca/files/CA # Where the issued crl are kept
+database = roles/ca/files/CA/index.txt # database index file.
+new_certs_dir = roles/ca/files/CA/certs_by_serial # default place for new certs.
+
+certificate = roles/ca/files/CA/ca.crt # The CA certificate
+serial = roles/ca/files/CA/serial # The current serial number
+crl = roles/ca/files/CA/crl.pem # The current CRL
+private_key = roles/ca/files/CA/private/ca.key # The private key
+RANDFILE = roles/ca/files/CA/.rand # private random number file
+
+x509_extensions = basic_exts # The extentions to add to the cert
+
+# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
+# is designed for will. In return, we get the Issuer attached to CRLs.
+crl_extensions = crl_ext
+
+default_days = 1080 # how long to certify for
+default_crl_days= 180 # how long before next CRL
+default_md = sha256 # use public key default MD
+preserve = no # keep passed DN ordering
+
+# This allows to renew certificates which have not been revoked
+unique_subject = no
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_anything
+
+# For the 'anything' policy, which defines allowed DN fields
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+name = optional
+emailAddress = optional
+
+####################################################################
+# Easy-RSA request handling
+# We key off $DN_MODE to determine how to format the DN
+[ req ]
+default_bits = 2048
+default_keyfile = privkey.pem
+default_md = sha256
+distinguished_name = cn_only
+x509_extensions = easyrsa_ca # The extentions to add to the self signed cert
+
+# A placeholder to handle the $EXTRA_EXTS feature:
+#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
+
+####################################################################
+# Easy-RSA DN (Subject) handling
+
+# Easy-RSA DN for cn_only support:
+[ cn_only ]
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = ChangeMe
+
+# Easy-RSA DN for org support:
+[ org ]
+countryName = Country Name (2 letter code)
+countryName_default = US
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = California
+
+localityName = Locality Name (eg, city)
+localityName_default = San Francisco
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Copyleft Certificate Co
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = My Organizational Unit
+
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = ChangeMe
+
+emailAddress = Email Address
+emailAddress_default = me@example.net
+emailAddress_max = 64
+
+####################################################################
+# Easy-RSA cert extension handling
+
+# This section is effectively unused as the main script sets extensions
+# dynamically. This core section is left to support the odd usecase where
+# a user calls openssl directly.
+[ basic_exts ]
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+
+# The Easy-RSA CA extensions
+[ easyrsa_ca ]
+
+# PKIX recommendations:
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This could be marked critical, but it's nice to support reading by any
+# broken clients who attempt to do so.
+basicConstraints = CA:true
+
+# Limit key usage to CA tasks. If you really want to use the generated pair as
+# a self-signed cert, comment this out.
+keyUsage = cRLSign, keyCertSign
+
+# nsCertType omitted by default. Let's try to let the deprecated stuff die.
+# nsCertType = sslCA
+
+# CRL extensions.
+[ crl_ext ]
+
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
diff --git a/roles/ca/files/CA/serial b/roles/ca/files/CA/serial
new file mode 100644
index 0000000000000000000000000000000000000000..a09a0c3783cdf79ac1c2fc8708b6d123c22e0f2b
--- /dev/null
+++ b/roles/ca/files/CA/serial
@@ -0,0 +1 @@
+A7217943DDD1145BC6F68CBA362CB35C
diff --git a/roles/ca/files/CA/serial.old b/roles/ca/files/CA/serial.old
new file mode 100644
index 0000000000000000000000000000000000000000..576257103e125420328f8dea4368ca88ed4e365f
--- /dev/null
+++ b/roles/ca/files/CA/serial.old
@@ -0,0 +1 @@
+a7217943ddd1145bc6f68cba362cb35b
diff --git a/roles/ca/files/truststore/SOCTOOLS-CA.crt b/roles/ca/files/truststore/SOCTOOLS-CA.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/ca/files/truststore/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/ca/files/truststore/cacerts.jks b/roles/ca/files/truststore/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
Binary files /dev/null and b/roles/ca/files/truststore/cacerts.jks differ
diff --git a/roles/ca/tasks/main.yml b/roles/ca/tasks/main.yml
index e851761376265268c0ea7af70ae65d47d789a43f..6ca350a28574cb3e5fb0accbe8244420c8303614 100644
--- a/roles/ca/tasks/main.yml
+++ b/roles/ca/tasks/main.yml
@@ -1,18 +1,8 @@
---
-- name: Create secret directory
- file:
- path: "{{playbook_dir}}/{{item}}"
- state: directory
- loop:
- - secrets
- - secrets/certificates
- - secrets/tokens
- - secrets/passwords
-
- name: Check for existing CA folder
stat:
- path: "{{playbook_dir}}/secrets/CA"
+ path: roles/ca/files/CA
register: capath
- name: build ca root key and cert
@@ -24,19 +14,27 @@
environment:
EASYRSA_BATCH: 1
EASYRSA_REQ_CN: "{{ ca_cn }}"
- EASYRSA_PKI: "{{playbook_dir}}/secrets/CA"
+ EASYRSA_PKI: roles/ca/files/CA
when: not capath.stat.exists
+- name: Copy cert to truststore
+ copy:
+ src: roles/ca/files/CA/ca.crt
+ dest: "roles/ca/files/truststore/{{ ca_cn }}.crt"
+
- name: Remove previous truststore
file:
- path: '{{playbook_dir}}/secrets/CA/cacerts.jks'
+ path: roles/ca/files/truststore/cacerts.jks
state: absent
- name: Generate truststore
command: >
- docker run --rm -v {{playbook_dir}}/secrets/CA/:/opt/cafiles/:z
+ docker run --rm -v {{role_path}}/files/truststore/:/opt/cafiles/:z
"{{repo}}/openjdk:{{version}}{{suffix}}" keytool -import -noprompt -trustcacerts
- -alias "{{ ca_cn }}" -file "/opt/cafiles/ca.crt" -keystore /opt/cafiles/cacerts.jks -storepass "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
+ -alias "{{item}}" -file "/opt/cafiles/{{item}}.crt" -keystore /opt/cafiles/cacerts.jks -storepass "{{tspass}}"
+ with_items:
+ - "{{ ca_cn }}"
+ #- GN43WP8T31_CA
- name: Check for existing host certificates
command: roles/ca/files/easyrsa/easyrsa show-cert {{item}}
@@ -49,17 +47,16 @@
- "{{ groups['thehive'] }}"
- "{{ groups['cortex'] }}"
- "{{ groups['haproxy'] }}"
- - "filebeat"
environment:
EASYRSA_BATCH: 1
- EASYRSA_PKI: "{{playbook_dir}}/secrets/CA"
+ EASYRSA_PKI: roles/ca/files/CA
register: hostcerts
ignore_errors: true
- name: Generate host certificates
command: >
roles/ca/files/easyrsa/easyrsa
- --subject-alt-name="DNS:{{item}},DNS:{{soctoolsproxy}}"
+ --subject-alt-name="DNS:{{item}},DNS:{{dslproxy}}"
build-serverClient-full {{item}} nopass
with_items:
- "{{ groups['nificontainers'] }}"
@@ -70,10 +67,9 @@
- "{{ groups['thehive'] }}"
- "{{ groups['cortex'] }}"
- "{{ groups['haproxy'] }}"
- - "filebeat"
environment:
EASYRSA_BATCH: 1
- EASYRSA_PKI: "{{playbook_dir}}/secrets/CA"
+ EASYRSA_PKI: roles/ca/files/CA
ignore_errors: true
loop_control:
index_var: my_idx
@@ -97,7 +93,7 @@
expect:
command: roles/ca/files/easyrsa/easyrsa export-p12 {{item}}
responses:
- Enter Export Password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
+ Enter Export Password: "{{kspass}}"
with_items:
- "{{ groups['nificontainers'] }}"
- "{{ groups['odfeescontainers'] }}"
@@ -108,7 +104,145 @@
- "{{ groups['mispcontainers'] }}"
environment:
EASYRSA_BATCH: 1
- EASYRSA_PKI: "{{playbook_dir}}/secrets/CA"
+ EASYRSA_PKI: roles/ca/files/CA
+
+- name: Copy nifi host certs to nifi role
+ copy:
+ src: roles/ca/files/CA/private/{{item}}.p12
+ dest: roles/nifi/files/{{item}}.p12
+ with_items:
+ - "{{ groups['nificontainers'] }}"
+
+- name: Copy odfees host certs to odfees role
+ copy:
+ src: roles/ca/files/CA/private/{{item}}.p12
+ dest: roles/odfees/files/{{item}}.p12
+ with_items:
+ - "{{ groups['odfeescontainers'] }}"
+
+- name: Copy odfekibana host p12 certs to odfekibana role
+ copy:
+ src: roles/ca/files/CA/private/{{item}}.p12
+ dest: roles/odfekibana/files/{{item}}.p12
+ with_items:
+ - "{{ groups['odfekibanacontainers'] }}"
+
+- name: Copy cortex host p12 certs to cortex role
+ copy:
+ src: roles/ca/files/CA/private/{{item}}.p12
+ dest: roles/cortex/files/{{item}}.p12
+ with_items:
+ - "{{ groups['cortex'] }}"
+
+- name: Copy odfekibana host certs to odfekibana role
+ copy:
+ src: roles/ca/files/CA/issued/{{item}}.crt
+ dest: roles/odfekibana/files/{{item}}.crt
+ with_items:
+ - "{{ groups['odfekibanacontainers'] }}"
+
+- name: Copy odfekibana host keys to odfekibana role
+ copy:
+ src: roles/ca/files/CA/private/{{item}}.key
+ dest: roles/odfekibana/files/{{item}}.key
+ with_items:
+ - "{{ groups['odfekibanacontainers'] }}"
+
+- name: Copy haproxy host cert to haproxy role
+ copy:
+ src: roles/ca/files/CA/issued/{{item}}.crt
+ dest: roles/haproxy/files/{{item}}.crt
+ with_items:
+ - "{{ groups['haproxy'] }}"
+
+- name: Copy haproxy host key to haproxy role
+ copy:
+ src: roles/ca/files/CA/private/{{item}}.key
+ dest: roles/haproxy/files/{{item}}.key
+ with_items:
+ - "{{ groups['haproxy'] }}"
+
+- name: Copy keycloak host certs to keycloak role
+ copy:
+ src: roles/ca/files/CA/issued/{{item}}.crt
+ dest: roles/keycloak/files/{{item}}.crt
+ with_items:
+ - "{{ groups['keycloakcontainers'] }}"
+
+- name: Copy keycloak host keys to keycloak role
+ copy:
+ src: roles/ca/files/CA/private/{{item}}.key
+ dest: roles/keycloak/files/{{item}}.key
+ with_items:
+ - "{{ groups['keycloakcontainers'] }}"
+
+- name: Copy misp host certs to misp role
+ copy:
+ src: roles/ca/files/CA/issued/{{item}}.crt
+ dest: roles/misp/files/{{item}}.crt
+ with_items:
+ - "{{ groups['mispcontainers'] }}"
+
+- name: Copy misp host keys to misp role
+ copy:
+ src: roles/ca/files/CA/private/{{item}}.key
+ dest: roles/misp/files/{{item}}.key
+ with_items:
+ - "{{ groups['mispcontainers'] }}"
+
+- name: Copy thehive host cert to thehive role
+ copy:
+ src: roles/ca/files/CA/issued/{{item}}.crt
+ dest: roles/thehive/files/{{item}}.crt
+ with_items:
+ - "{{ groups['thehive'] }}"
+
+- name: Copy thehive host key to thehive role
+ copy:
+ src: roles/ca/files/CA/private/{{item}}.key
+ dest: roles/thehive/files/{{item}}.key
+ with_items:
+ - "{{ groups['thehive'] }}"
+
+- name: Copy cortex host cert to cortex role
+ copy:
+ src: roles/ca/files/CA/issued/{{item}}.crt
+ dest: roles/cortex/files/{{item}}.crt
+ with_items:
+ - "{{ groups['cortex'] }}"
+
+- name: Copy cortex host key to cortex role
+ copy:
+ src: roles/ca/files/CA/private/{{item}}.key
+ dest: roles/cortex/files/{{item}}.key
+ with_items:
+ - "{{ groups['cortex'] }}"
+
+- name: Copy truststore to roles
+ copy:
+ src: roles/ca/files/truststore/cacerts.jks
+ dest: "roles/{{item}}/files/cacerts.jks"
+ with_items:
+ - nifi
+ - odfees
+ - odfekibana
+ - keycloak
+ - misp
+ - cortex
+ - thehive
+
+- name: Copy ca cert to roles
+ copy:
+ src: "roles/ca/files/truststore/{{ ca_cn }}.crt"
+ dest: "roles/{{item}}/files/{{ ca_cn }}.crt"
+ with_items:
+ - nifi
+ - odfees
+ - odfekibana
+ - keycloak
+ - misp
+ - thehive
+ - cortex
- name: Check for existing user certificates
command: roles/ca/files/easyrsa/easyrsa show-cert {{item.CN | regex_escape()}}
@@ -116,7 +250,7 @@
- "{{soctools_users}}"
environment:
EASYRSA_BATCH: 1
- EASYRSA_PKI: "{{playbook_dir}}/secrets/CA"
+ EASYRSA_PKI: roles/ca/files/CA
register: usercerts
ignore_errors: true
@@ -126,7 +260,7 @@
- "{{soctools_users}}"
environment:
EASYRSA_BATCH: 1
- EASYRSA_PKI: "{{playbook_dir}}/secrets/CA"
+ EASYRSA_PKI: roles/ca/files/CA
ignore_errors: true
loop_control:
index_var: my_idx
@@ -136,17 +270,24 @@
expect:
command: roles/ca/files/easyrsa/easyrsa export-p12 "{{item.CN}}"
responses:
- Enter Export Password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/{{item.CN}}')}}"
+ Enter Export Password: "{{item.password}}"
with_items:
- "{{soctools_users}}"
environment:
EASYRSA_BATCH: 1
- EASYRSA_PKI: "{{playbook_dir}}/secrets/CA"
+ EASYRSA_PKI: roles/ca/files/CA
+
+- name: Copy user certs to odfees
+ copy:
+ src: "roles/ca/files/CA/private/{{ item.CN }}.p12"
+ dest: "roles/odfees/files/{{ item.CN }}.p12"
+ with_items:
+ - "{{soctools_users}}"
-- name: Copy user certs to certificates
+- name: Copy user certs to odfekibana
copy:
- src: "{{playbook_dir}}/secrets/CA/private/{{ item.CN }}.p12"
- dest: "{{playbook_dir}}/secrets/certificates/{{ item.CN }}.p12"
+ src: "roles/ca/files/CA/private/{{ item.CN }}.p12"
+ dest: "roles/odfekibana/files/{{ item.CN }}.p12"
with_items:
- "{{soctools_users}}"
diff --git a/roles/cassandra/tasks/main.yml b/roles/cassandra/tasks/main.yml
index f26e13b0d2279484dea86aa46ee76cb1b8088865..7912910a2ebcd07a79d6649b7529fae5bde3a0cf 100644
--- a/roles/cassandra/tasks/main.yml
+++ b/roles/cassandra/tasks/main.yml
@@ -1,17 +1,28 @@
---
-- include: start.yml
+- name: Configure Cassandra
+ template:
+ src: cassandra.yaml.j2
+ dest: /usr/share/cassandra/conf/cassandra.yaml
tags:
- - start
-- include: stop.yml
+ - start
+
+- name: Start Cassandra
+ command: "/start.sh"
tags:
- - stop
- - stop-cassandra
-- include: update-config.yml
+ - start
+
+- name: Wait for Cassandra
+ wait_for:
+ host: "{{groups['cassandra'][0]}}"
+ port: 9042
+ state: started
+ delay: 5
tags:
- - update-config
- - update-cassandra-config
-- include: restart.yml
+ - start
+
+- name: Stop Cassandra
+ command: "pkill -SIGTERM -F /var/run/cassandra/cassandra.pid"
tags:
- - restart
- - restart-cassandra
+ - stop
+
diff --git a/roles/cassandra/tasks/restart.yml b/roles/cassandra/tasks/restart.yml
deleted file mode 100644
index b6e575bc1e4e2e1ebd6469bf05165ef0ba84a376..0000000000000000000000000000000000000000
--- a/roles/cassandra/tasks/restart.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-
-- name: Restart Cassandra
- remote_user: root
- command: "supervisorctl restart cassandra"
-
diff --git a/roles/cassandra/tasks/start.yml b/roles/cassandra/tasks/start.yml
deleted file mode 100644
index 1018944237cac5bfa616169d058ad0db794ea9f4..0000000000000000000000000000000000000000
--- a/roles/cassandra/tasks/start.yml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-
-- name: Configure Cassandra
- remote_user: cassandra
- template:
- src: cassandra.yaml.j2
- dest: /usr/share/cassandra/conf/cassandra.yaml
-
-- name: Start Cassandra
- remote_user: root
- command: "supervisorctl start cassandra"
-
-- name: Wait for Cassandra
- remote_user: root
- wait_for:
- host: "{{groups['cassandra'][0]}}"
- port: 9042
- state: started
- delay: 5
-
-- name: Set Autostart for supervisord's services
- replace:
- path: /etc/supervisord.conf
- regexp: '^autostart=false$'
- replace: 'autostart=true'
-
-
diff --git a/roles/cassandra/tasks/stop.yml b/roles/cassandra/tasks/stop.yml
deleted file mode 100644
index 29742c7021fa80cda54b419cde925309cb4cf8a5..0000000000000000000000000000000000000000
--- a/roles/cassandra/tasks/stop.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-
-- name: Stop Cassandra
- remote_user: root
- command: "supervisorctl stop cassandra"
-
diff --git a/roles/cassandra/tasks/update-config.yml b/roles/cassandra/tasks/update-config.yml
deleted file mode 100644
index ceb0b6003da6268a734cc15461ed264fb5e38485..0000000000000000000000000000000000000000
--- a/roles/cassandra/tasks/update-config.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-
-- name: Configure Cassandra
- remote_user: cassandra
- template:
- src: cassandra.yaml.j2
- dest: /usr/share/cassandra/conf/cassandra.yaml
-
-- name: Wait for Cassandra
- remote_user: root
- wait_for:
- host: "{{groups['cassandra'][0]}}"
- port: 9042
- state: started
- delay: 5
diff --git a/roles/cortex/files/SOCTOOLS-CA.crt b/roles/cortex/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/cortex/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/cortex/files/cacerts.jks b/roles/cortex/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
Binary files /dev/null and b/roles/cortex/files/cacerts.jks differ
diff --git a/roles/cortex/files/cortexsecret b/roles/cortex/files/cortexsecret
new file mode 100644
index 0000000000000000000000000000000000000000..3119d1268684d95f0882fb9be3d331e62b0e26bc
--- /dev/null
+++ b/roles/cortex/files/cortexsecret
@@ -0,0 +1,3 @@
+{
+ "value" : "06ca9734-9621-4c6d-bb04-8ee68e028dd9"
+}
\ No newline at end of file
diff --git a/roles/cortex/files/dsoclab-cortex.crt b/roles/cortex/files/dsoclab-cortex.crt
new file mode 100644
index 0000000000000000000000000000000000000000..a743bd0055110d9dbad79cdcc70e2ccfe946b100
--- /dev/null
+++ b/roles/cortex/files/dsoclab-cortex.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 5d:c4:bc:49:5f:a0:76:a8:13:a4:c2:32:61:64:0d:92
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:29 2020 GMT
+ Not After : Oct 15 10:47:29 2023 GMT
+ Subject: CN=dsoclab-cortex
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cd:09:6b:14:33:4a:47:75:5b:d3:d9:67:3b:4d:
+ ad:1f:a7:1f:33:ab:86:b1:aa:3b:09:ab:1a:a6:fb:
+ a0:60:04:e3:68:33:0e:85:54:d1:70:61:8a:b9:d5:
+ d6:b5:6c:c2:b3:36:02:94:b7:1d:18:93:5f:88:81:
+ ff:2a:f4:99:58:6d:d7:96:e2:d2:64:77:b9:74:44:
+ 3c:f0:fb:5b:0f:43:7d:38:5d:fe:b0:db:05:7a:a9:
+ c5:10:24:75:13:c8:2d:da:69:be:e3:43:33:f0:28:
+ 30:9a:53:f8:f8:d3:10:32:35:ec:1d:87:ab:1e:2c:
+ b5:00:7c:9f:8f:61:e0:5d:56:15:8c:46:45:09:78:
+ 02:78:10:c0:af:2f:25:6c:c2:5b:ed:5f:c1:33:0b:
+ f8:c8:13:dc:df:c3:fc:05:90:ff:06:9e:cb:bc:1d:
+ 2b:c2:57:f2:bd:aa:22:b3:4b:f5:ca:b2:b8:00:18:
+ f1:14:10:b8:5e:69:9f:ed:fc:04:83:d9:2e:b7:9a:
+ 8a:45:1c:54:71:8f:61:02:6a:8a:84:2f:67:df:92:
+ 3a:0c:5f:e5:b6:e7:6c:27:69:1f:5b:06:d6:7f:e6:
+ df:ab:2f:31:a5:cd:63:32:60:c0:07:50:6c:0d:39:
+ cb:68:ae:3c:b2:da:0f:20:06:77:2c:28:ab:3a:30:
+ 92:1b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 9A:0E:E1:26:13:A7:12:5F:A4:F1:41:C0:09:FC:AD:EB:4E:66:C2:50
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-cortex, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 27:2e:a1:0c:8d:fb:b1:36:ff:4e:ac:00:91:75:81:4b:20:79:
+ 3f:da:1c:e1:80:b9:8c:6b:60:47:a5:8c:bf:1f:34:98:61:95:
+ 00:bb:79:d4:9e:c8:fb:dc:fb:6a:48:b2:69:d1:1a:04:cc:52:
+ ca:0b:48:01:3e:94:1e:68:0b:e3:4d:fa:12:c4:aa:ff:b6:5b:
+ 0c:3c:80:21:fe:50:87:8a:14:3a:7d:e7:a3:5e:b6:dc:22:ba:
+ cc:97:69:00:a8:78:08:dd:66:d1:cb:ca:28:41:b9:cc:8a:6b:
+ 7c:40:b7:5e:1d:a1:88:5a:b3:fd:18:77:e9:c4:48:fd:38:8f:
+ 06:6e:78:0e:f1:1a:1b:b2:6c:0a:df:38:11:e3:5a:3d:2a:5b:
+ de:41:63:14:ab:25:8e:a6:9f:a8:b7:32:9e:dc:23:45:f3:6b:
+ 6d:86:b7:17:b3:53:df:55:bd:cb:41:a1:b7:73:ae:21:1b:68:
+ b3:b1:0a:e5:e6:0c:2a:77:76:23:f3:87:ee:5f:0e:6d:cd:3b:
+ 94:9a:6f:f2:fd:4f:2d:72:a3:21:94:55:c0:4a:6c:2b:13:e3:
+ 82:13:a5:1f:82:6b:ae:6e:e2:ec:eb:7a:25:6a:f2:9e:45:d7:
+ 0a:7d:75:be:9d:f7:94:6f:ce:a5:27:d6:9b:dc:d2:12:54:64:
+ 09:c4:f6:a9
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQXcS8SV+gdqgTpMIyYWQNkjANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
+MDQ3MjlaMBkxFzAVBgNVBAMMDmRzb2NsYWItY29ydGV4MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzQlrFDNKR3Vb09lnO02tH6cfM6uGsao7Casapvug
+YATjaDMOhVTRcGGKudXWtWzCszYClLcdGJNfiIH/KvSZWG3XluLSZHe5dEQ88Ptb
+D0N9OF3+sNsFeqnFECR1E8gt2mm+40Mz8CgwmlP4+NMQMjXsHYerHiy1AHyfj2Hg
+XVYVjEZFCXgCeBDAry8lbMJb7V/BMwv4yBPc38P8BZD/Bp7LvB0rwlfyvaois0v1
+yrK4ABjxFBC4Xmmf7fwEg9kut5qKRRxUcY9hAmqKhC9n35I6DF/ltudsJ2kfWwbW
+f+bfqy8xpc1jMmDAB1BsDTnLaK48stoPIAZ3LCirOjCSGwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFJoO4SYTpxJfpPFBwAn8retOZsJQMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1jb3J0ZXiCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEAJy6hDI37
+sTb/TqwAkXWBSyB5P9oc4YC5jGtgR6WMvx80mGGVALt51J7I+9z7akiyadEaBMxS
+ygtIAT6UHmgL4036EsSq/7ZbDDyAIf5Qh4oUOn3no1623CK6zJdpAKh4CN1m0cvK
+KEG5zIprfEC3Xh2hiFqz/Rh36cRI/TiPBm54DvEaG7JsCt84EeNaPSpb3kFjFKsl
+jqafqLcyntwjRfNrbYa3F7NT31W9y0Ght3OuIRtos7EK5eYMKnd2I/OH7l8Obc07
+lJpv8v1PLXKjIZRVwEpsKxPjghOlH4Jrrm7i7Ot6JWrynkXXCn11vp33lG/OpSfW
+m9zSElRkCcT2qQ==
+-----END CERTIFICATE-----
diff --git a/roles/cortex/files/dsoclab-cortex.key b/roles/cortex/files/dsoclab-cortex.key
new file mode 100644
index 0000000000000000000000000000000000000000..827da545bbbd7bdc9b8c8527f8dfb4b086ba5221
--- /dev/null
+++ b/roles/cortex/files/dsoclab-cortex.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDNCWsUM0pHdVvT
+2Wc7Ta0fpx8zq4axqjsJqxqm+6BgBONoMw6FVNFwYYq51da1bMKzNgKUtx0Yk1+I
+gf8q9JlYbdeW4tJkd7l0RDzw+1sPQ304Xf6w2wV6qcUQJHUTyC3aab7jQzPwKDCa
+U/j40xAyNewdh6seLLUAfJ+PYeBdVhWMRkUJeAJ4EMCvLyVswlvtX8EzC/jIE9zf
+w/wFkP8Gnsu8HSvCV/K9qiKzS/XKsrgAGPEUELheaZ/t/ASD2S63mopFHFRxj2EC
+aoqEL2ffkjoMX+W252wnaR9bBtZ/5t+rLzGlzWMyYMAHUGwNOctorjyy2g8gBncs
+KKs6MJIbAgMBAAECggEAIdhGJqV4w2bp64Rdd/qQc0Mg8WSE7VrOOABYe+vZQ0BL
+UW3sHbIsiEJxpc9Yi8YSNYba0jWPxfi9skjTGAIcNe6bwbpbRF5G7Jw++wBivZhE
+WUOawRLGSsMvVkTOVp+agg0mh1kWf7QCodbuqBQe/krMWOuGIYr7rcLki8R6Rq2d
+WuW8Kf697ciklh/6cyy1J6axe1LNT906lYvyRock246KbN517wWw7/fu47Mb2fdC
+U6beFxbmbc5vk4lrViE7gSNkY97Vr/uXW9xlyRzvpNJuzZrm00CgNF1MnOnwf3l1
+k8kc63RMkUJGVWcxo5ubzLXpv4CnnmUNPfaSx+CeUQKBgQDuUT8JOu2vfzAC2VOQ
+OfKR4NgMQ8fnK6T67zpLDeNUAGW+hBi62ewD8xxRse0j/rWXgvADBE1GplPXicZI
+Q0o0VgIiL3NFQgCP7rvtPGE9VQXHYgd+ULKCHcPEBwonlbAhiHSwVnBqSFoqWdj+
+SHiBn4AD1ARoD6WSEVi3X6UU/QKBgQDcQATvzbbcr41vQHm9u1O7v0slk306A4yY
+ItXk+GbtLEoLAiLy7n0REKybZAzniuLCDAQ1h1bWLkqRle26XqVfg3YaxGpoJODy
+gPgr2Hi4Y/lcFrwRThUHEu8eaUWVRtY3B9Rgi5VjLVqydgI3/AFWdlzIVkhBeN0w
+MOtKdEg69wKBgG+wD/TJcz8+QkfzhiAfqDkJwPbuhS8n2yfnGdC274UcspI44kYf
+f2bSdsEqu9KUupIJQWaIi5bCuKRY415Wet5QOKvAxSr+JblOzy/9jizqPc0VeiGO
+vDoSrP6ftfibRHJSuy0xNXn58pfKh9GUMTW+hIZGxNHoE1aDXqqB3qIZAoGBAIIc
+A46SDLNDtZ6CDSjrD6T6dW8GONTboeOBuK+hmlQDdN4Z7gFqp1E8c2r8aK8jmZ8e
+MCJbCA5QnFZyplQRc0oAQ/W+EEnjd0tqqrBkGbR7wqQG/iSO5tcd9UoW0DdF+Gfb
+5Tb/XkmPUmPYWKkv4q5sD5V9ewPKXYgJbgW2ubCzAoGACfaFTBM3zZ2rqjJUk8+F
+fGcuDeh/ZFk4MgcN5nbdKHwyXDhBlUY1FzLZlKi5J1lRyTInZUP8KYnXogw757Md
+oa5wPlnw0a6VSHX1ZZUwa0yz1Rrv5M5CA4vyNBENCaHELKLoRWwbAook1gFie6cV
+nrCXNbsWttgWkzqLDWkPT5M=
+-----END PRIVATE KEY-----
diff --git a/roles/cortex/files/dsoclab-cortex.p12 b/roles/cortex/files/dsoclab-cortex.p12
new file mode 100644
index 0000000000000000000000000000000000000000..252b3e7ef466cf7a4090ab3d5c551bd8dcaf5e5f
Binary files /dev/null and b/roles/cortex/files/dsoclab-cortex.p12 differ
diff --git a/roles/cortex/files/logback.xml b/roles/cortex/files/logback.xml
new file mode 100644
index 0000000000000000000000000000000000000000..2dfba2682f91f345376aa4266794eacff13623d3
--- /dev/null
+++ b/roles/cortex/files/logback.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration debug="false">
+
+ <conversionRule conversionWord="coloredLevel"
+ converterClass="play.api.libs.logback.ColoredLevel"/>
+
+ <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/cortex/application.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>/var/log/cortex/application.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>10</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>10MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>%date [%level] from %logger in %thread - %message%n%xException</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>%coloredLevel %logger{15} - %message%n%xException{10}
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ASYNCFILE" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="FILE"/>
+ </appender>
+
+ <appender name="ASYNCSTDOUT" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT"/>
+ </appender>
+
+ <logger name="play" level="DEBUG"/>
+ <logger name="application" level="DEBUG"/>
+
+ <logger name="com.gargoylesoftware.htmlunit.javascript" level="OFF"/>
+
+ <root level="INFO">
+ <appender-ref ref="ASYNCFILE"/>
+ <appender-ref ref="ASYNCSTDOUT"/>
+ </root>
+
+</configuration>
diff --git a/roles/cortex/tasks/main.yml b/roles/cortex/tasks/main.yml
index 5216d2c717a180540106714d58ae7d21241e4554..06b263933c3516e73f091c9e27ed4503869807f3 100644
--- a/roles/cortex/tasks/main.yml
+++ b/roles/cortex/tasks/main.yml
@@ -1,17 +1,108 @@
---
-- include: start.yml
+- name: Copy cacert to ca-trust dir
+ remote_user: root
+ copy:
+ src: "files/{{ca_cn}}.crt"
+ dest: /etc/pki/ca-trust/source/anchors/ca.crt
tags:
- - start
-- include: stop.yml
+ - start
+ - startcortex
+
+- name: Install cacert to root truststore
+ remote_user: root
+ command: "update-ca-trust"
+ tags:
+ - start
+ - startcortex
+
+- name: Copy certificates in cortex conf dir
+ copy:
+ src: "{{ item }}"
+ dest: "/etc/cortex/{{ item }}"
+ mode: 0600
+ with_items:
+ - "{{ inventory_hostname }}.p12"
+ - "{{ inventory_hostname }}.crt"
+ - "{{ inventory_hostname }}.key"
+ - cacerts.jks
+ - "{{ca_cn}}.crt"
+ tags:
+ - start
+ - startcortex
+
+- name: Get openid authkey
+ set_fact:
+ cortexsecret: "{{lookup('file', 'files/cortexsecret',convert_data=False) | from_json }}"
+ tags:
+ - start
+
+- name: Configure embedded Elasticsearch 6
+ remote_user: root
+ template:
+ src: jvm.options.j2
+ dest: /etc/elasticsearch/jvm.options
+ tags:
+ - start
+ - startcortex
+
+- name: Start embedded Elasticsearch 6
+ remote_user: root
+ command: >
+ daemonize
+ -u elasticsearch
+ -c /usr/share/elasticsearch
+ -p /tmp/elasticsearch.pid
+ -o /tmp/elasticsearch-stdout.log
+ /usr/share/elasticsearch/bin/elasticsearch
tags:
- - stop
- - stop-cortex
-- include: update-config.yml
+ - start
+ - startcortex
+
+- name: Configure Cortex
+ template:
+ src: application.conf.j2
+ dest: /etc/cortex/application.conf
tags:
- - update-config
- - update-cortex-config
-- include: restart.yml
+ - start
+ - startcortex
+
+- name: Configure Cortex logging
+ copy:
+ src: logback.xml
+ dest: /etc/cortex/logback.xml
tags:
- - restart
- - restart-cortex
+ - start
+
+- name: Start Cortex
+ command: >
+ daemonize
+ -c /opt/cortex
+ -p /tmp/cortex.pid
+ -o /tmp/cortex-stdout.log
+ /opt/cortex/bin/cortex
+ -Dconfig.file=/etc/cortex/application.conf
+ -Dlogger.file=/etc/cortex/logback.xml
+ -J-Xms1g
+ -J-Xmx1g
+ -Dpidfile.path=/dev/null
+ tags:
+ - start
+ - startcortex
+
+- name: Wait for Cortex
+ wait_for:
+ host: "{{groups['cortex'][0]}}"
+ port: 9001
+ state: started
+ delay: 5
+ tags:
+ - start
+ - startcortex
+
+- name: Stop Cortex
+ command: "pkill -SIGTERM -F /tmp/cortex.pid"
+ tags:
+ - stop
+ - stopcortex
+
diff --git a/roles/cortex/tasks/restart.yml b/roles/cortex/tasks/restart.yml
deleted file mode 100644
index d7b6e6a1adafb6aee4a590444b8d7cd3e67cd22d..0000000000000000000000000000000000000000
--- a/roles/cortex/tasks/restart.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-
-- name: Restart Elasticsearch
- remote_user: root
- command: "supervisorctl restart elasticsearch"
-
-- name: Restart Cortex
- remote_user: root
- command: "supervisorctl restart cortex"
-
-- name: Wait for Cortex
- remote_user: root
- wait_for:
- host: "{{groups['cortex'][0]}}"
- port: 9001
- state: started
- delay: 5
-
diff --git a/roles/cortex/tasks/start.yml b/roles/cortex/tasks/start.yml
deleted file mode 100644
index ddb37bc3f01c9a37165ecc98232d091d5ceb34d0..0000000000000000000000000000000000000000
--- a/roles/cortex/tasks/start.yml
+++ /dev/null
@@ -1,59 +0,0 @@
----
-
-- name: Copy cacert to ca-trust dir
- remote_user: root
- copy:
- src: "{{playbook_dir}}/secrets/CA/ca.crt"
- dest: /etc/pki/ca-trust/source/anchors/ca.crt
-
-- name: Install cacert to root truststore
- remote_user: root
- command: "update-ca-trust"
-
-- name: Copy certificates in cortex conf dir
- remote_user: cortex
- copy:
- src: "{{ item }}"
- dest: "/etc/cortex/"
- mode: 0600
- with_items:
- - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12"
- - "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt"
- - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key"
- - "{{playbook_dir}}/secrets/CA/cacerts.jks"
- - "{{playbook_dir}}/secrets/CA/ca.crt"
-
-- name: Configure embedded Elasticsearch 6
- remote_user: root
- template:
- src: jvm.options.j2
- dest: /etc/elasticsearch/jvm.options
-
-- name: Start embedded Elasticsearch 6
- remote_user: root
- command: "supervisorctl start elasticsearch"
-
-- name: Configure Cortex
- remote_user: cortex
- template:
- src: application.conf.j2
- dest: /etc/cortex/application.conf
-
-- name: Start Cortex
- remote_user: root
- command: "supervisorctl start cortex"
-
-- name: Wait for Cortex
- remote_user: root
- wait_for:
- host: "{{groups['cortex'][0]}}"
- port: 9001
- state: started
- delay: 5
-
-- name: Set Autostart for supervisord's services
- replace:
- path: /etc/supervisord.conf
- regexp: '^autostart=false$'
- replace: 'autostart=true'
-
diff --git a/roles/cortex/tasks/stop.yml b/roles/cortex/tasks/stop.yml
deleted file mode 100644
index ee4516b0631564e891ac80bc1d37d4d514090ed9..0000000000000000000000000000000000000000
--- a/roles/cortex/tasks/stop.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-
-- name: Stop Elasticsearch
- remote_user: root
- command: "supervisorctl stop elasticsearch"
-
-- name: Stop Cortex
- remote_user: root
- command: "supervisorctl stop cortex"
-
diff --git a/roles/cortex/tasks/update-config.yml b/roles/cortex/tasks/update-config.yml
deleted file mode 100644
index a49f24fe5e51ea8b1ab38ba4da00d4e6d8f9d853..0000000000000000000000000000000000000000
--- a/roles/cortex/tasks/update-config.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-
-- name: Configure embedded Elasticsearch 6
- remote_user: root
- template:
- src: jvm.options.j2
- dest: /etc/elasticsearch/jvm.options
-
-- name: Configure Cortex
- remote_user: cortex
- template:
- src: application.conf.j2
- dest: /etc/cortex/application.conf
-
diff --git a/roles/cortex/templates/application.conf.j2 b/roles/cortex/templates/application.conf.j2
index e45e446edc48c43d6c4e2a6ae7f9aa3f9b00f879..6d6d09c6808a308f791e19af61928cff430c3bdb 100644
--- a/roles/cortex/templates/application.conf.j2
+++ b/roles/cortex/templates/application.conf.j2
@@ -6,7 +6,7 @@
#
# IMPORTANT: If you deploy your application to several instances, make
# sure to use the same key.
-play.http.secret.key="{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_secret_key')}}"
+play.http.secret.key="{{cortex_secret_key}}"
## ElasticSearch
search {
@@ -34,18 +34,18 @@ search {
## ## Authentication configuration
## search.username = "cortex"
-## search.password = "{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_odfe')}}"
+## search.password = "{{cortex_odfe_pass}}"
##
## ## SSL configuration
## search.keyStore {
-## path = "/etc/cortex/soctools-cortex.p12"
+## path = "/etc/cortex/dsoclab-cortex.p12"
## type = "PKCS12" # or PKCS12
-## password = "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
+## password = "{{kspass}}"
## }
## search.trustStore {
## path = "/etc/cortex/cacerts.jks"
## type = "JKS" # or PKCS12
-## password = "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
+## password = "{{tspass}}"
## }
}
@@ -66,7 +66,7 @@ auth {
# the "ad" section below.
# - ldap : use LDAP to authenticate users. The associated configuration shall be done in the
# "ldap" section below.
- provider = [local]
+ provider = [local,oauth2]
ad {
# The Windows domain name in DNS format. This parameter is required if you do not use
@@ -108,6 +108,84 @@ auth {
# If 'true', use SSL to connect to the LDAP directory server.
#useSSL = true
}
+ oauth2 {
+ # URL of the authorization server
+ clientId = "dsoclab-cortex"
+ clientSecret = {{cortexsecret.value}}
+ redirectUri = "https://{{dslproxy}}:9001/api/ssoLogin"
+ responseType = "code"
+ grantType = "authorization_code"
+
+ # URL from where to get the access token
+ authorizationUrl = "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/auth"
+ authorizationHeader = "Bearer"
+ tokenUrl = "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/token"
+
+
+ # The endpoint from which to obtain user details using the OAuth token, after successful login
+ userUrl = "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/userinfo"
+ scope = "profile"
+ userIdField = "email"
+ #userUrl = "https://auth-site.com/api/User"
+ #scope = ["openid profile"]
+ }
+
+ ws.ssl.trustManager {
+ stores = [
+ {
+ type = "JKS" // JKS or PEM
+ path = "cacerts.jks"
+ password = "{{tspass}}"
+ }
+ ]
+ }
+
+
+ # Single-Sign On
+ sso {
+ # Autocreate user in database?
+ autocreate = true
+
+ # Autoupdate its profile and roles?
+ autoupdate = true
+
+ # Autologin user using SSO?
+ autologin = true
+
+ # Name of mapping class from user resource to backend user ('simple' or 'group')
+ #mapper = group
+ #mapper = simple
+ #attributes {
+ # login = "user"
+ # name = "name"
+ # groups = "groups"
+ # organization = "org"
+ #}
+# defaultRoles = ["read", "write", "admin"]
+# defaultOrganization = "uninett.no"
+ #defaultRoles = ["read"]
+ #defaultOrganization = "csirt"
+ #groups {
+ # # URL to retreive groups (leave empty if you are using OIDC)
+ # #url = "https://auth-site.com/api/Groups"
+ # # Group mappings, you can have multiple roles for each group: they are merged
+ # mappings {
+ # admin-profile-name = ["admin"]
+ # editor-profile-name = ["write"]
+ # reader-profile-name = ["read"]
+ # }
+ #}
+
+ mapper = simple
+ attributes {
+ login = "user"
+ name = "name"
+ roles = "roles"
+ organization = "org"
+ }
+ defaultRoles = ["read", "analyze"]
+ defaultOrganization = "uninett.no"
+ }
}
## ANALYZERS
diff --git a/roles/docker/tasks/cassandra.yml b/roles/docker/tasks/cassandra.yml
index b913425d7171f5bb30f9b5a2434b521a09879ae6..a26bd28c104bc70cc17916496a1da8b68d978cd9 100644
--- a/roles/docker/tasks/cassandra.yml
+++ b/roles/docker/tasks/cassandra.yml
@@ -10,6 +10,7 @@
networks_cli_compatible: yes
volumes:
- "{{cassandra_name}}:/var/lib/cassandra"
+ entrypoint: "/bin/bash"
interactive: "yes"
with_items: "{{ groups['cassandra'] }}"
tags:
diff --git a/roles/docker/tasks/cortex.yml b/roles/docker/tasks/cortex.yml
index 15a0732d1d90e4403f020e1edf868c34ab0d5dfc..c8d7b1ea2fd7564d5e4829620e994773168d11c7 100644
--- a/roles/docker/tasks/cortex.yml
+++ b/roles/docker/tasks/cortex.yml
@@ -12,6 +12,7 @@
# - "9001:9001"
volumes:
- "{{item}}:/var/lib/elasticsearch/"
+ entrypoint: "/bin/bash"
interactive: "yes"
with_items: "{{ groups['cortex'] }}"
tags:
diff --git a/roles/docker/tasks/haproxy.yml b/roles/docker/tasks/haproxy.yml
index b0180761f4f3c18982f21d9f5b8307066146daed..10dc08e09d929ab86254e4bb37b962da8880338c 100644
--- a/roles/docker/tasks/haproxy.yml
+++ b/roles/docker/tasks/haproxy.yml
@@ -15,10 +15,9 @@
- "9443:9443"
- "9200:9200"
- "7750:7750"
- - "5000-5099:5000-5099"
- - "6000-6099:6000-6099"
- "9000:9000"
- "9001:9001"
+ entrypoint: "/bin/bash"
interactive: "yes"
tags:
- start
diff --git a/roles/docker/tasks/keycloak.yml b/roles/docker/tasks/keycloak.yml
index 1fddf2a13aa6086a09ef7ad9c0f8ea1c7aa7b3b9..c910408f048a5fa76ace4a47ec1c2d32a314c21f 100644
--- a/roles/docker/tasks/keycloak.yml
+++ b/roles/docker/tasks/keycloak.yml
@@ -10,6 +10,7 @@
networks_cli_compatible: yes
published_ports:
- "12443:8443"
+ entrypoint: "/bin/bash"
interactive: "yes"
with_items: "{{ groups['keycloakcontainers'] }}"
tags:
diff --git a/roles/docker/tasks/misp.yml b/roles/docker/tasks/misp.yml
index f32e440eeff7e9d8c1406cf76bafde97aaba19d0..34a42ad3c033abf3c58a1664a92205b9cb76f69e 100644
--- a/roles/docker/tasks/misp.yml
+++ b/roles/docker/tasks/misp.yml
@@ -7,8 +7,9 @@
image: "{{ misp_img }}"
networks:
- name: "{{ soctools_netname}}"
- interactive: "yes"
networks_cli_compatible: yes
+ entrypoint: "/bin/bash"
+ interactive: "yes"
published_ports:
- "6443:6443"
tags:
diff --git a/roles/docker/tasks/nifi.yml b/roles/docker/tasks/nifi.yml
index e85fb61a10993c070180291d6c1ff8d06c74dece..7023444e9c0181dcde646dd0f1b4e55dc1f2b031 100644
--- a/roles/docker/tasks/nifi.yml
+++ b/roles/docker/tasks/nifi.yml
@@ -10,6 +10,7 @@
networks_cli_compatible: yes
volumes:
- "{{item}}:/opt/nifi/nifi-current/conf"
+ entrypoint: "/bin/bash"
interactive: "yes"
with_items: "{{ groups['nificontainers'] }}"
tags:
diff --git a/roles/docker/tasks/odfees.yml b/roles/docker/tasks/odfees.yml
index fa35ddd58f54e597b24c030636c34fb650f732b8..d54ebd59216d12b7c42e15005b3f6b15fb9affa9 100644
--- a/roles/docker/tasks/odfees.yml
+++ b/roles/docker/tasks/odfees.yml
@@ -10,6 +10,7 @@
networks_cli_compatible: yes
volumes:
- "{{item}}:/usr/share/elasticsearch/data"
+ entrypoint: "/bin/bash"
interactive: "yes"
with_items: "{{ groups['odfeescontainers'] }}"
tags:
diff --git a/roles/docker/tasks/odfekibana.yml b/roles/docker/tasks/odfekibana.yml
index a1c88a2932cd76350e3fedadbec1e2f5511d0748..c24611b8869d7b1163065721d600ae7318356ddc 100644
--- a/roles/docker/tasks/odfekibana.yml
+++ b/roles/docker/tasks/odfekibana.yml
@@ -10,6 +10,7 @@
networks_cli_compatible: yes
published_ports:
- "5601:5601"
+ entrypoint: "/bin/bash"
interactive: "yes"
with_items: "{{ groups['odfekibanacontainers'] }}"
tags:
diff --git a/roles/docker/tasks/thehive.yml b/roles/docker/tasks/thehive.yml
index 68fdd3c3f21e711ee957feee298b24544e9bbc66..30b11c82ba446fffadd57d3f4e102322e49bb0b8 100644
--- a/roles/docker/tasks/thehive.yml
+++ b/roles/docker/tasks/thehive.yml
@@ -10,10 +10,12 @@
networks_cli_compatible: yes
# published_ports:
# - "9000:9000"
+ entrypoint: "/bin/bash"
interactive: "yes"
with_items: "{{ groups['thehive'] }}"
tags:
- start
+ - thehivestart
- name: Disconnect thehive containers from network and remove
docker_container:
@@ -22,4 +24,4 @@
with_items: "{{ groups['thehive'] }}"
tags:
- stop
-
+ - thehivestop
diff --git a/roles/filebeat/README.md b/roles/filebeat/README.md
deleted file mode 100644
index 225dd44b9fc5b3abff7e9c68ff9e91d505cdd5f0..0000000000000000000000000000000000000000
--- a/roles/filebeat/README.md
+++ /dev/null
@@ -1,38 +0,0 @@
-Role Name
-=========
-
-A brief description of the role goes here.
-
-Requirements
-------------
-
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
-
-Role Variables
---------------
-
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
-
-Dependencies
-------------
-
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
-
-Example Playbook
-----------------
-
-Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
-
- - hosts: servers
- roles:
- - { role: username.rolename, x: 42 }
-
-License
--------
-
-BSD
-
-Author Information
-------------------
-
-An optional section for the role authors to include contact information, or a website (HTML is not allowed).
diff --git a/roles/filebeat/defaults/main.yml b/roles/filebeat/defaults/main.yml
deleted file mode 100644
index 4a9a7a62e52d04774a78e3177a0df325d2949e66..0000000000000000000000000000000000000000
--- a/roles/filebeat/defaults/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# defaults file for filebeat
diff --git a/roles/filebeat/files/.gitkeep b/roles/filebeat/files/.gitkeep
deleted file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000
diff --git a/roles/filebeat/handlers/main.yml b/roles/filebeat/handlers/main.yml
deleted file mode 100644
index 40c1d20b192d1b9993f0859ad4f07df6220f0efa..0000000000000000000000000000000000000000
--- a/roles/filebeat/handlers/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# handlers file for filebeat
diff --git a/roles/filebeat/meta/main.yml b/roles/filebeat/meta/main.yml
deleted file mode 100644
index 3a212a9364cdcb2e9f1f2841cd12b091e3f6e3a0..0000000000000000000000000000000000000000
--- a/roles/filebeat/meta/main.yml
+++ /dev/null
@@ -1,53 +0,0 @@
-galaxy_info:
- author: your name
- description: your description
- company: your company (optional)
-
- # If the issue tracker for your role is not on github, uncomment the
- # next line and provide a value
- # issue_tracker_url: http://example.com/issue/tracker
-
- # Choose a valid license ID from https://spdx.org - some suggested licenses:
- # - BSD-3-Clause (default)
- # - MIT
- # - GPL-2.0-or-later
- # - GPL-3.0-only
- # - Apache-2.0
- # - CC-BY-4.0
- license: license (GPL-2.0-or-later, MIT, etc)
-
- min_ansible_version: 2.4
-
- # If this a Container Enabled role, provide the minimum Ansible Container version.
- # min_ansible_container_version:
-
- #
- # Provide a list of supported platforms, and for each platform a list of versions.
- # If you don't wish to enumerate all versions for a particular platform, use 'all'.
- # To view available platforms and versions (or releases), visit:
- # https://galaxy.ansible.com/api/v1/platforms/
- #
- # platforms:
- # - name: Fedora
- # versions:
- # - all
- # - 25
- # - name: SomePlatform
- # versions:
- # - all
- # - 1.0
- # - 7
- # - 99.99
-
- galaxy_tags: []
- # List tags for your role here, one per line. A tag is a keyword that describes
- # and categorizes the role. Users find roles by searching for tags. Be sure to
- # remove the '[]' above, if you add tags to this list.
- #
- # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
- # Maximum 20 tags per role.
-
-dependencies: []
- # List your role dependencies here, one per line. Be sure to remove the '[]' above,
- # if you add dependencies to this list.
-
\ No newline at end of file
diff --git a/roles/filebeat/tasks/main.yml b/roles/filebeat/tasks/main.yml
deleted file mode 100644
index 02ac9c7ed8c8f4eba2c4a99295202d1acbd72090..0000000000000000000000000000000000000000
--- a/roles/filebeat/tasks/main.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-
-- include: start.yml
- tags:
- - start
-- include: stop.yml
- tags:
- - stop
- - stop-filebeat
-- include: update-config.yml
- tags:
- - update-config
- - update-filebeat-config
-- include: restart.yml
- tags:
- - restart
- - restart-filebeat
diff --git a/roles/filebeat/tasks/restart.yml b/roles/filebeat/tasks/restart.yml
deleted file mode 100644
index cf2c893fe05c07d269572def4184a8d920ce33fe..0000000000000000000000000000000000000000
--- a/roles/filebeat/tasks/restart.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# tasks file for filebeat
-
-- name: Restart filebeat
- remote_user: root
- shell: "supervisorctl restart filebeat"
- ignore_errors: yes
-
diff --git a/roles/filebeat/tasks/start.yml b/roles/filebeat/tasks/start.yml
deleted file mode 100644
index 1944c1f0ec815b4c1075035fc4dc77c2b948f926..0000000000000000000000000000000000000000
--- a/roles/filebeat/tasks/start.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-# tasks file for filebeat
-
-- name: Copy filebeat certificates
- copy:
- src: "{{ item }}"
- dest: "/opt/filebeat/"
- mode: 0600
- with_items:
- - "{{playbook_dir}}/secrets/CA/issued/filebeat.crt"
- - "{{playbook_dir}}/secrets/CA/private/filebeat.key"
- become: true
-
-- name: Copy filebeat configuration file
- template:
- src: filebeat.yml.j2
- dest: /opt/filebeat/filebeat.yml
- become: true
-
-- name: Restart filebeat
- remote_user: root
- shell: "supervisorctl restart filebeat"
- ignore_errors: yes
diff --git a/roles/filebeat/tasks/stop.yml b/roles/filebeat/tasks/stop.yml
deleted file mode 100644
index c5d5dd69d19ba5d40666fe28af612d1363f45f41..0000000000000000000000000000000000000000
--- a/roles/filebeat/tasks/stop.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# tasks file for filebeat
-
-- name: Stop filebeat
- remote_user: root
- shell: "supervisorctl stop filebeat"
- ignore_errors: yes
-
diff --git a/roles/filebeat/tasks/update-config.yml b/roles/filebeat/tasks/update-config.yml
deleted file mode 100644
index a4c4e304854c954ebb6129b08077d5aef10ced0b..0000000000000000000000000000000000000000
--- a/roles/filebeat/tasks/update-config.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-# tasks file for filebeat
-
-- name: Copy filebeat configuration file
- template:
- src: filebeat.yml.j2
- dest: /opt/filebeat/filebeat.yml
- become: true
-
diff --git a/roles/filebeat/templates/filebeat.yml.j2 b/roles/filebeat/templates/filebeat.yml.j2
deleted file mode 100644
index 78af99c2330bbe35e9500bb98c231c6d6be2bde8..0000000000000000000000000000000000000000
--- a/roles/filebeat/templates/filebeat.yml.j2
+++ /dev/null
@@ -1,35 +0,0 @@
-filebeat.inputs:
-{% if FILEBEAT_FILES is defined %}
-- type: log
- paths:
-{% for file in FILEBEAT_FILES %}
- - {{ file }}
-{% endfor %}
-{% if FILEBEAT_LOG_FORMAT == 'json' %}
- json.keys_under_root: true
- json.overwrite_keys: true
- json.add_error_key: true
- json.message_key: log
- multiline.pattern: '^{'
- multiline.negate: true
- multiline.match: after
-{% endif %}
-{% else %}
-- type: syslog
- protocol.udp:
- host: "localhost:{{ FILEBEAT_SYSLOG_PORT }}"
-{% endif %}
- fields:
- log_type: {{ FILEBEAT_LOG_TYPE }}
-
-filebeat.config.modules:
- path: ${path.config}/modules.d/*.yml
- reload.enabled: false
-
-output.logstash:
- hosts: ["{{ FILEBEAT_OUTPUT_HOST }}:{{ FILEBEAT_OUTPUT_PORT }}"]
- workers: 3
- loadbalance: true
- #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
- #ssl.certificate: "{{ FILEBEAT_CERT }}""
- #ssl.key: "{{ FILEBEAT_KEY }}"
diff --git a/roles/filebeat/tests/inventory b/roles/filebeat/tests/inventory
deleted file mode 100644
index 878877b0776c44f55fc4e458f70840f31da5bb01..0000000000000000000000000000000000000000
--- a/roles/filebeat/tests/inventory
+++ /dev/null
@@ -1,2 +0,0 @@
-localhost
-
diff --git a/roles/filebeat/tests/test.yml b/roles/filebeat/tests/test.yml
deleted file mode 100644
index 12223ca87b8282eda378547b93ef39c83f837974..0000000000000000000000000000000000000000
--- a/roles/filebeat/tests/test.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- hosts: localhost
- remote_user: root
- roles:
- - filebeat
diff --git a/roles/filebeat/vars/main.yml b/roles/filebeat/vars/main.yml
deleted file mode 100644
index 137cdf365d907cc2f19027375f80730756bd9e37..0000000000000000000000000000000000000000
--- a/roles/filebeat/vars/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# vars file for filebeat
diff --git a/roles/haproxy/files/.empty b/roles/haproxy/files/.empty
deleted file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000
diff --git a/roles/haproxy/files/dsoclab-haproxy.crt b/roles/haproxy/files/dsoclab-haproxy.crt
new file mode 100644
index 0000000000000000000000000000000000000000..5be39cb377745bb5bc5303c2b7d55d44877f9260
--- /dev/null
+++ b/roles/haproxy/files/dsoclab-haproxy.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d2:7b:43:cb:9b:fb:09:cf:cc:86:ef:d1:01:9a:42:fc
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:30 2020 GMT
+ Not After : Oct 15 10:47:30 2023 GMT
+ Subject: CN=dsoclab-haproxy
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c9:c7:22:33:0b:0b:0f:a0:8c:c4:a9:81:37:bd:
+ 51:2f:47:32:fa:1b:88:45:b1:bb:11:43:3d:de:b3:
+ 70:67:d7:8b:39:5a:8f:13:fb:2f:78:08:b1:b1:32:
+ c6:d1:0e:e4:d3:2e:3a:db:84:db:d2:65:6b:26:24:
+ 6c:d7:16:e5:a5:90:8e:02:46:13:02:0a:96:66:46:
+ 87:b7:b0:ee:56:4c:3c:d8:ae:4c:7d:ef:5b:aa:6e:
+ 01:8e:89:fe:4c:b9:de:6c:ba:e4:3f:8d:f8:d7:3a:
+ ed:b2:29:9a:5b:ac:5a:86:66:05:f3:19:2f:59:8d:
+ 7c:8b:6a:97:1e:43:8a:36:80:b2:e9:e1:84:f6:94:
+ bc:13:11:31:b8:d2:5a:72:ed:68:c3:b1:37:e4:5b:
+ 91:82:62:aa:13:f2:b6:e0:3a:aa:85:66:70:0a:a9:
+ ad:5c:a7:52:ff:dc:f9:99:5e:e5:15:d5:0c:fe:cd:
+ 27:cb:98:9e:5a:69:ca:71:74:31:e6:26:df:ec:d2:
+ 42:43:b9:f3:04:8e:2c:7a:28:a6:f9:8e:ba:64:3c:
+ 69:0e:ac:f5:dc:d5:f3:2a:50:47:50:d4:8c:f5:ee:
+ 31:08:73:69:1f:ae:42:1d:52:84:5d:47:68:dd:a3:
+ 1f:07:57:ec:3e:9e:0d:23:78:16:41:bc:68:f2:4f:
+ e9:19
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 49:DC:74:02:17:71:C3:D0:A0:64:31:9E:60:2B:B4:38:43:62:DE:98
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-haproxy, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 04:a0:71:31:d2:11:93:09:96:c8:1b:2a:31:b8:b9:34:07:ac:
+ 89:cb:b0:6c:b0:f0:17:5f:18:3c:a6:96:ca:b3:fa:c7:af:40:
+ 17:e1:7e:e4:dc:ee:fe:5c:dc:86:40:b7:2f:9d:c0:9e:fd:16:
+ 6b:85:ab:c2:a8:63:1f:fe:03:2b:89:6a:80:c9:2e:ae:cc:3d:
+ 19:75:32:0e:56:57:16:27:02:51:49:1d:b3:78:aa:57:d3:00:
+ 9b:93:fe:6d:a3:37:ad:26:35:57:e1:5f:90:bf:ef:30:bc:68:
+ f3:bf:7c:59:69:4f:61:30:2d:48:66:a6:44:2a:51:63:6e:4f:
+ a7:8f:96:7e:91:b2:b2:46:bc:97:1b:01:df:c0:24:5c:b2:aa:
+ 8d:20:3a:25:5d:8a:1c:84:53:0d:d4:f6:d5:81:5d:30:de:c4:
+ d7:fa:42:9c:79:68:92:56:b7:76:69:c6:c9:ad:07:47:a6:d2:
+ 46:d4:a5:0c:10:a9:03:21:4d:56:40:e5:28:e3:fa:70:1b:23:
+ 32:68:07:3d:d6:8a:3a:fb:6d:3b:a6:20:16:1b:09:f3:47:f0:
+ 2a:4f:dc:97:86:56:37:96:42:1b:89:b8:76:1a:ab:7a:25:4e:
+ e8:62:d9:a0:3b:ec:62:72:64:64:ca:87:9c:be:0a:08:09:52:
+ ab:03:89:2b
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIRANJ7Q8ub+wnPzIbv0QGaQvwwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzMwWhcNMjMxMDE1
+MTA0NzMwWjAaMRgwFgYDVQQDDA9kc29jbGFiLWhhcHJveHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDJxyIzCwsPoIzEqYE3vVEvRzL6G4hFsbsRQz3e
+s3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsmJGzXFuWlkI4CRhMCCpZmRoe3
+sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2yKZpbrFqGZgXzGS9ZjXyLapce
+Q4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT8rbgOqqFZnAKqa1cp1L/3PmZ
+XuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6KKb5jrpkPGkOrPXc1fMqUEdQ
+1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZBvGjyT+kZAgMBAAGjgd0wgdow
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUSdx0Ahdxw9CgZDGeYCu0OENi3pgwRgYDVR0j
+BD8wPYAUeQbKQNOfmlSu0zNN8jg+tgvzPc+hGqQYMBYxFDASBgNVBAMMC1NPQ1RP
+T0xTLUNBggkAinSTJoBbQrcwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MAsGA1UdDwQEAwIFoDA6BgNVHREEMzAxgg9kc29jbGFiLWhhcHJveHmCHmRzb2Ns
+YWIuZ240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEABKBx
+MdIRkwmWyBsqMbi5NAesicuwbLDwF18YPKaWyrP6x69AF+F+5Nzu/lzchkC3L53A
+nv0Wa4WrwqhjH/4DK4lqgMkursw9GXUyDlZXFicCUUkds3iqV9MAm5P+baM3rSY1
+V+FfkL/vMLxo8798WWlPYTAtSGamRCpRY25Pp4+WfpGyska8lxsB38AkXLKqjSA6
+JV2KHIRTDdT21YFdMN7E1/pCnHlokla3dmnGya0HR6bSRtSlDBCpAyFNVkDlKOP6
+cBsjMmgHPdaKOvttO6YgFhsJ80fwKk/cl4ZWN5ZCG4m4dhqreiVO6GLZoDvsYnJk
+ZMqHnL4KCAlSqwOJKw==
+-----END CERTIFICATE-----
diff --git a/roles/haproxy/files/dsoclab-haproxy.key b/roles/haproxy/files/dsoclab-haproxy.key
new file mode 100644
index 0000000000000000000000000000000000000000..abcca5eaafc03ebe472bc28a09ae04de65e2fa7f
--- /dev/null
+++ b/roles/haproxy/files/dsoclab-haproxy.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJxyIzCwsPoIzE
+qYE3vVEvRzL6G4hFsbsRQz3es3Bn14s5Wo8T+y94CLGxMsbRDuTTLjrbhNvSZWsm
+JGzXFuWlkI4CRhMCCpZmRoe3sO5WTDzYrkx971uqbgGOif5Mud5suuQ/jfjXOu2y
+KZpbrFqGZgXzGS9ZjXyLapceQ4o2gLLp4YT2lLwTETG40lpy7WjDsTfkW5GCYqoT
+8rbgOqqFZnAKqa1cp1L/3PmZXuUV1Qz+zSfLmJ5aacpxdDHmJt/s0kJDufMEjix6
+KKb5jrpkPGkOrPXc1fMqUEdQ1Iz17jEIc2kfrkIdUoRdR2jdox8HV+w+ng0jeBZB
+vGjyT+kZAgMBAAECggEAUcxwiNDJQySK7I7q23XcG5Z5i/rtW5OZin3/7vA/eVlg
+D3gu2KLTs42Su4siHk4zZYkwQx2xH7INpgDOPsQBhQT9DN7rhcBVCFE/Y7BObp2p
+bQ375HHMb2L5Lpeyh9gx21JIhZtAbcBt6/QBp3hPmnxxnQNwtpUtEDe923714PHD
+SfJ1Nd+mgeJ3ShPrk2jhcDdU82/mQrk5eH8M5QJqlTEWCvBgJaKhBf89T2XrX8jf
+oPzeVijOqgLg49QEtAPmI98GlE1OAp3boFx4/QA/s76pgWZhYIm1hcm1AguYhQvJ
+bi96IgdgVQQp/y7L+ix8zsq+YRxwPuCSBl+9BotYoQKBgQDm4neNC87XV4RhGuHG
+w8WpFXFe1uOucPfyfTMmjifh61GZa4aWgBQByBQxBs729MOr9TFrNApTGWPO8Lag
+ANnREyNndaUAUFgtCdY7Gc99deWyIx861aAVU7GGIFVkCo3OK0twbbyzqOj+B+H8
+c/P1tXXMayt/gPVuRDj7sq90VwKBgQDfuh6Clxa2sq0GdKsRkiDXaY8eZxJZchYw
++0MsYQjX8hPOGn0YWGy14ppE7JEPTEWSRuzCf5cwem/em8AIESgdCUWcGkgcQO5n
+DvZeXrHHpVrTmGE5xEVNYrD/NPY7VizUsyLNvn5yC4hyByWkwLV+AUGpACE3HP2s
+7xTakmmoDwKBgHKEfXuuEafptrVbWgT2cYHOKu85crDBQ5o40zgaZlm+GDkahiT7
+3fCMRseScvE2sh8GfL6Jj11sSH8KEesGwQLclUDpry+aqkGckW+6+5lk8ssKdKD/
++GjbnD/EpdX7Dh7mhoJ7S49pBjeJvWM0OBr1KDp+JZMWaaWJnSHqnO/9AoGAXvM4
+m6fP5f3y3PiK2cwwz/tm2DpaWUfID0Wz/pO4Ex4UNbacPMbabF8dpf7Ymat/I1Oi
+i/FmkxaDf/COEV5mrdwPhO7Kh+MuyuJYwThjLx4IbCERsliQKQWnpMgvcINkR2k3
+biZYt8IZSHusCD4ZSL7zxOvfLOrK5qgZK6JT4RUCgYEAk94TNC+rYRZOfOIaYA7+
+K1qTQAe8tawTBlKauXptWCzMFtMSEwozuHuxgnyAS/uRUKFMgRk00KrSvnuyGEBX
+5QxqqhBOMvGDs672q/kVZ5C9M06+y5+Zpg0Mf3r+zOBqB5tCASnl2KfOCZkAt8rV
+kyb4KyOsi81/fpVM/WeOL7w=
+-----END PRIVATE KEY-----
diff --git a/roles/haproxy/files/haproxy.cfg b/roles/haproxy/files/haproxy.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..e102cf4d928a0f73102c86fa3e8372c1613bb9ac
--- /dev/null
+++ b/roles/haproxy/files/haproxy.cfg
@@ -0,0 +1,17 @@
+global
+ quiet
+
+defaults
+ mode http
+ maxconn 5000
+
+ timeout connect 5s
+ timeout client 20s
+ timeout server 20s
+
+frontend public
+ bind *:80
+ default_backend apps
+
+backend apps
+ server nifi_1 nifi_1:8080 check
diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml
index 00ff3573b0523cbc4c0f71d1514bc862117d7e6e..d8bcefb127b59568b20742ec123ca25130438ee6 100644
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@@ -1,17 +1,68 @@
---
+# tasks file for haproxy
-- include: start.yml
+- name: Copy haproxy configuration file
+ template:
+ src: haproxy.cfg.j2
+ dest: /usr/local/etc/haproxy/haproxy.cfg
tags:
- - start
-- include: stop.yml
+ - start
+
+- name: Create required directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ mode: 0755
+ owner: root
+ group: root
+ with_items:
+ - /opt/haproxy
+ - /etc/ssl/haproxy
+ tags:
+ - start
+
+- name: Generate dhparam file for haproxy
+ shell: "openssl dhparam -out /usr/local/etc/haproxy/dhparam.pem 2048"
tags:
- - stop
- - stop-haproxy
-- include: update-config.yml
+ - start
+
+- name: Copy haproxy certificates
+ copy:
+ src: "{{ item }}"
+ dest: "/opt/haproxy/{{ item }}"
+ mode: 0600
+ with_items:
+ - "{{ inventory_hostname }}.crt"
+ - "{{ inventory_hostname }}.key"
tags:
- - update-config
- - update-haproxy-config
-- include: restart.yml
+ - start
+
+- name: Combine crt and key for haproxy
+ assemble:
+ src: /opt/haproxy
+ dest: /etc/ssl/haproxy/{{ inventory_hostname }}.crt
+ owner: root
+ mode: 0600
tags:
- - restart
- - restart-haproxy
+ - start
+
+- name: Delete temporary files and directory
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - /opt/haproxy/{{ inventory_hostname }}.crt
+ - /opt/haproxy/{{ inventory_hostname }}.key
+ - /opt/haproxy
+ tags:
+ - start
+
+- name: Start haproxy
+ shell: "daemonize -c / -p /haproxy.pid /usr/local/sbin/haproxy -f /usr/local/etc/haproxy/haproxy.cfg"
+ tags:
+ - start
+
+#- name: Stop haproxy
+# tags:
+# - stop
+
diff --git a/roles/haproxy/tasks/restart.yml b/roles/haproxy/tasks/restart.yml
deleted file mode 100644
index 30c56b2caf98df9471bf019b08a636043290d946..0000000000000000000000000000000000000000
--- a/roles/haproxy/tasks/restart.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# tasks file for haproxy
-
-- name: Restart haproxy
- shell: "supervisorctl restart haproxy"
-
diff --git a/roles/haproxy/tasks/start.yml b/roles/haproxy/tasks/start.yml
deleted file mode 100644
index f33f0eab5622bbca1e9f73dfbe575322aebc9f1b..0000000000000000000000000000000000000000
--- a/roles/haproxy/tasks/start.yml
+++ /dev/null
@@ -1,55 +0,0 @@
----
-# tasks file for haproxy
-
-- name: Copy haproxy configuration file
- template:
- src: haproxy.cfg.j2
- dest: /usr/local/etc/haproxy/haproxy.cfg
-
-- name: Create required directories
- file:
- path: "{{ item }}"
- state: directory
- mode: 0755
- owner: root
- group: root
- with_items:
- - /opt/haproxy
- - /etc/ssl/haproxy
-
-- name: Generate dhparam file for haproxy
- shell: "openssl dhparam -out /usr/local/etc/haproxy/dhparam.pem 2048"
-
-- name: Copy haproxy certificates
- copy:
- src: "{{ item }}"
- dest: "/opt/haproxy/"
- mode: 0600
- with_items:
- - "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt"
- - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key"
-
-- name: Combine crt and key for haproxy
- assemble:
- src: /opt/haproxy
- dest: /etc/ssl/haproxy/{{ inventory_hostname }}.crt
- owner: root
- mode: 0600
-
-- name: Delete temporary files and directory
- file:
- path: "{{ item }}"
- state: absent
- with_items:
- - /opt/haproxy/{{ inventory_hostname }}.crt
- - /opt/haproxy/{{ inventory_hostname }}.key
- - /opt/haproxy
-
-- name: Start haproxy
- shell: "supervisorctl start haproxy"
-
-- name: Set Autostart for supervisord's services
- replace:
- path: /etc/supervisord.conf
- regexp: '^autostart=false$'
- replace: 'autostart=true'
diff --git a/roles/haproxy/tasks/stop.yml b/roles/haproxy/tasks/stop.yml
deleted file mode 100644
index 60f875fa3abae9f31a38e3e70b303ceb81ccd4b6..0000000000000000000000000000000000000000
--- a/roles/haproxy/tasks/stop.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# tasks file for haproxy
-
-- name: Stop haproxy
- command: "supervisorctl stop haproxy"
-
diff --git a/roles/haproxy/tasks/update-config.yml b/roles/haproxy/tasks/update-config.yml
deleted file mode 100644
index dc5cb8b945b946e99703bae873010e836317fa33..0000000000000000000000000000000000000000
--- a/roles/haproxy/tasks/update-config.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# tasks file for haproxy
-
-- name: Copy haproxy configuration file
- template:
- src: haproxy.cfg.j2
- dest: /usr/local/etc/haproxy/haproxy.cfg
-
diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2
index d566981a6c63627dddb93a94d562a497856c349e..e62740e78b24395594aeef2789b464eed20ecc7b 100644
--- a/roles/haproxy/templates/haproxy.cfg.j2
+++ b/roles/haproxy/templates/haproxy.cfg.j2
@@ -1,6 +1,6 @@
global
#quiet
- log 127.0.0.1:9000 local0
+ log stdout format raw local0
nbproc {{ HAPROXY_PROCESSES }}
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
@@ -22,7 +22,7 @@ listen stats
stats hide-version
stats uri /
stats realm HAProxy Statistics
- stats auth haproxy:{{lookup('password', '{{playbook_dir}}/secrets/passwords/haproxy_stats')}}
+ stats auth haproxy:{{ HAPROXY_STATS_PASS }}
listen nifiserv
bind *:9443 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
@@ -31,7 +31,6 @@ listen nifiserv
fullconn 5000
balance source
option tcpka
- option httplog
{% for nifihost in groups['nificontainers'] %}
server {{nifihost}} {{nifihost}}:9443 ssl check verify none
{% endfor %}
@@ -43,7 +42,6 @@ listen odfeserv
fullconn 5000
balance source
option tcpka
- option httplog
{% for odfehost in groups['odfeescontainers'] %}
server {{odfehost}} {{odfehost}}:9200 ssl check verify none
{% endfor %}
@@ -55,7 +53,6 @@ listen keycloakserv
fullconn 5000
balance source
option tcpka
- option httplog
{% for keycloakhost in groups['keycloakcontainers'] %}
server {{keycloakhost}} {{keycloakhost}}:8443 ssl check verify none
{% endfor %}
@@ -68,7 +65,6 @@ listen thehiveserv
balance source
option tcpka
option forwardfor
- option httplog
{% for thehivehost in groups['thehive'] %}
server {{thehivehost}} {{thehivehost}}:9000 check verify none
{% endfor %}
@@ -81,7 +77,6 @@ listen cortexserv
balance source
option tcpka
option forwardfor
- option httplog
{% for cortexhost in groups['cortex'] %}
server {{cortexhost}} {{cortexhost}}:9001 check verify none
{% endfor %}
@@ -95,7 +90,6 @@ listen nifiservtcp77{{port}}
balance source
option tcpka
option tcp-check
- option tcplog
tcp-check connect port 77{{port}}
{% for nifihost in groups['nificontainers'] %}
server {{nifihost}} {{nifihost}}:77{{port}} check
@@ -112,7 +106,6 @@ listen nifiservtcp7771
balance source
option tcpka
option tcp-check
- option tcplog
tcp-check connect port 7771
{% for nifihost in groups['nificontainers'] %}
server {{nifihost}} {{nifihost}}:7771 check
@@ -127,7 +120,6 @@ listen nifiservhttp{{port}}
fullconn 5000
balance source
option tcpka
- option httplog
{% for nifihost in groups['nificontainers'] %}
server {{nifihost}} {{nifihost}}:{{port}} check
{% endfor %}
@@ -144,7 +136,6 @@ listen nifiservtcp{{port}}
balance source
option tcpka
option tcp-check
- option tcplog
tcp-check connect port {{port}}
{% for nifihost in groups['nificontainers'] %}
server {{nifihost}} {{nifihost}}:{{port}} check
diff --git a/roles/keycloak/files/SOCTOOLS-CA.crt b/roles/keycloak/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/keycloak/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/keycloak/files/cacerts.jks b/roles/keycloak/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
Binary files /dev/null and b/roles/keycloak/files/cacerts.jks differ
diff --git a/roles/keycloak/files/dsoclab-keycloak.crt b/roles/keycloak/files/dsoclab-keycloak.crt
new file mode 100644
index 0000000000000000000000000000000000000000..92b6893716cacfa9e7fb863ad4c4379077e7ac1e
--- /dev/null
+++ b/roles/keycloak/files/dsoclab-keycloak.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ fe:75:83:de:f2:35:5a:2c:2b:ba:09:72:0b:d8:09:48
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-keycloak
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ea:a9:ea:6b:2f:6c:9c:9f:6d:9c:89:4e:01:ba:
+ c6:c0:32:df:59:26:2b:95:f4:c2:3d:c8:7e:22:ce:
+ b6:78:03:e8:22:28:81:9c:9a:a6:a7:ba:fd:05:66:
+ a3:50:81:85:71:c1:d9:ea:bc:21:e1:5d:0a:87:7b:
+ be:55:b0:7d:01:57:de:4c:fe:3a:c5:c9:54:77:2e:
+ 15:fc:12:07:f8:ef:9f:7b:f7:09:01:70:75:53:3b:
+ dc:b1:0c:65:4d:49:c4:fb:1d:42:20:6f:81:45:42:
+ d3:db:1d:4c:57:1b:1d:3b:81:39:ee:b2:cf:95:4b:
+ 29:d0:a8:39:98:d6:93:36:99:bf:c5:43:26:8d:4d:
+ db:6d:24:3b:fc:16:76:a1:fd:6f:c6:19:11:c7:12:
+ 0d:80:16:4c:88:da:2c:09:78:3d:1b:7c:6c:ec:db:
+ 9e:01:50:5f:a3:56:7f:d4:3b:a4:26:d2:6d:42:7b:
+ 88:4e:8d:64:ed:1e:1a:0e:05:58:65:58:47:83:60:
+ 9e:b4:ed:15:ce:72:4f:a0:b5:22:dd:9f:a4:da:88:
+ 86:fe:cb:84:6e:72:3d:00:42:da:8b:85:2a:f2:ef:
+ d7:ee:bb:85:42:ba:b9:fb:d9:9d:d2:2c:58:0f:7c:
+ 02:23:b7:46:d0:69:06:37:40:9d:58:74:89:ca:b7:
+ 12:e5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ FD:C5:77:F8:79:AD:0A:7E:6A:A0:2E:3B:58:6A:9F:43:51:55:0B:DF
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-keycloak, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 9a:c0:35:a3:68:ec:ec:cc:c3:65:5a:bf:03:d0:ee:8d:a0:41:
+ db:6d:89:3e:97:d4:90:7d:63:8e:73:37:43:ae:9a:e2:d0:2b:
+ a7:5e:b2:88:9b:4d:8f:b6:81:bf:f6:46:a0:87:ca:77:ec:5c:
+ af:cd:6b:d8:e8:60:5a:aa:86:be:64:d5:ad:e9:1e:41:7b:6a:
+ df:01:1d:16:86:94:57:82:51:91:be:6b:d6:ae:f0:b9:8c:3d:
+ 11:99:c4:93:eb:f7:fa:9e:a3:e3:f8:97:19:cf:63:55:6a:6e:
+ 4f:e9:a2:64:a7:35:0d:7e:68:23:89:e1:c6:06:4b:34:67:38:
+ 40:d1:81:b3:73:95:3a:3b:67:d2:5a:e4:8e:49:34:b1:ab:6f:
+ b6:60:87:ac:55:5d:f5:59:c0:d5:d3:d8:de:3b:76:c9:41:28:
+ b4:d7:23:ec:a2:3f:1d:3f:74:2e:f0:45:40:35:38:d1:06:50:
+ b2:93:45:df:de:33:5e:0b:89:86:d8:c9:14:61:1c:d2:94:21:
+ 1f:bf:df:32:f0:2f:91:52:b0:08:b7:b9:c2:b7:55:2b:ca:05:
+ e4:eb:91:e1:63:45:5d:1a:6f:e8:76:07:89:e8:42:3e:ec:7b:
+ 51:0e:a0:d5:8e:c3:3d:26:e3:45:b0:5b:61:d1:98:3b:c3:d4:
+ 37:9f:c1:7c
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIRAP51g97yNVosK7oJcgvYCUgwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwHhcNMjAxMDMwMTA0NzI4WhcNMjMxMDE1
+MTA0NzI4WjAbMRkwFwYDVQQDDBBkc29jbGFiLWtleWNsb2FrMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qnqay9snJ9tnIlOAbrGwDLfWSYrlfTCPch+
+Is62eAPoIiiBnJqmp7r9BWajUIGFccHZ6rwh4V0Kh3u+VbB9AVfeTP46xclUdy4V
+/BIH+O+fe/cJAXB1UzvcsQxlTUnE+x1CIG+BRULT2x1MVxsdO4E57rLPlUsp0Kg5
+mNaTNpm/xUMmjU3bbSQ7/BZ2of1vxhkRxxINgBZMiNosCXg9G3xs7NueAVBfo1Z/
+1DukJtJtQnuITo1k7R4aDgVYZVhHg2CetO0VznJPoLUi3Z+k2oiG/suEbnI9AELa
+i4Uq8u/X7ruFQrq5+9md0ixYD3wCI7dG0GkGN0CdWHSJyrcS5QIDAQABo4HeMIHb
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFP3Fd/h5rQp+aqAuO1hqn0NRVQvfMEYGA1Ud
+IwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NU
+T09MUy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
+AjALBgNVHQ8EBAMCBaAwOwYDVR0RBDQwMoIQZHNvY2xhYi1rZXljbG9ha4IeZHNv
+Y2xhYi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQCa
+wDWjaOzszMNlWr8D0O6NoEHbbYk+l9SQfWOOczdDrpri0CunXrKIm02PtoG/9kag
+h8p37FyvzWvY6GBaqoa+ZNWt6R5Be2rfAR0WhpRXglGRvmvWrvC5jD0RmcST6/f6
+nqPj+JcZz2NVam5P6aJkpzUNfmgjieHGBks0ZzhA0YGzc5U6O2fSWuSOSTSxq2+2
+YIesVV31WcDV09jeO3bJQSi01yPsoj8dP3Qu8EVANTjRBlCyk0Xf3jNeC4mG2MkU
+YRzSlCEfv98y8C+RUrAIt7nCt1UrygXk65HhY0VdGm/odgeJ6EI+7HtRDqDVjsM9
+JuNFsFth0Zg7w9Q3n8F8
+-----END CERTIFICATE-----
diff --git a/roles/keycloak/files/dsoclab-keycloak.key b/roles/keycloak/files/dsoclab-keycloak.key
new file mode 100644
index 0000000000000000000000000000000000000000..8c5ebed5a514facf489a59ce2a2e487c6a0da78f
--- /dev/null
+++ b/roles/keycloak/files/dsoclab-keycloak.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDqqeprL2ycn22c
+iU4BusbAMt9ZJiuV9MI9yH4izrZ4A+giKIGcmqanuv0FZqNQgYVxwdnqvCHhXQqH
+e75VsH0BV95M/jrFyVR3LhX8Egf475979wkBcHVTO9yxDGVNScT7HUIgb4FFQtPb
+HUxXGx07gTnuss+VSynQqDmY1pM2mb/FQyaNTdttJDv8Fnah/W/GGRHHEg2AFkyI
+2iwJeD0bfGzs254BUF+jVn/UO6Qm0m1Ce4hOjWTtHhoOBVhlWEeDYJ607RXOck+g
+tSLdn6TaiIb+y4Rucj0AQtqLhSry79fuu4VCurn72Z3SLFgPfAIjt0bQaQY3QJ1Y
+dInKtxLlAgMBAAECggEBAIj6HCLq8NxP15zLLSSnUQK571PLix+iWovT74UD4tEV
+frgJqvat81/vL2iqq+P/ZtSrUjfKD4DMXawOGGFOfvl8v/9zWv0+8zYKSbz1DYBK
+525mGfSkH2gxhjY2xR8jU389ae8jB3NVefLqHDiwVBT67sUdzTwZPtRUjiJgBliU
+soJCsCutHAy7GW68N79F0BQItHhjMt02fYybnFxNvBntD4lodZDn7K9iqBoZPduX
+TBsH1FcwZQyvQuiUlJgjUFM//5zrZUMjErv+3ev5c/WdpY4ycbo6VVBGZouVbyeX
+RAWeDUE1nrsEsLBSnTkXVInFjPS6mBxsIi/+hlf6XCECgYEA+bWYDKPgelSe8ii5
+mK94wcLr6MybO+GrBHT4lIP1UggGsvPtXTifNvgGrYx90gmmL6F9QWHE+4lxyh5L
+yEXCTHXl4QopgZCxWnnKekz0ma0lFlGYGr4KA0Z3Ntp+sCb/hcqVW/n24wVhNnmo
+z3ztlSI/GY3B598R7dO9sR/RoYkCgYEA8JNKbTegmeeaAyBehEPy3eajAiT6759p
+7m6Ml1P6IC3Ff3fllJrNWRi+JDKnJF9SUePOVWLWSgYSJyFLoiWK1CzoyLPdbcW9
+Ap9XNzD/aoDi6DBbKCFhRpBCsmTPnT8eFvA9PhuYY60w2UoM7byH+i2aJ1Do3izl
+tLsHJbcT230CgYEA5S4Sl/9MBlpl6xEPjh/2L7drdyVaj/IFWLjWcNBPtnMhWtrf
+joBqODQZRO09iSlL+kk3wWsvNEEoS33UxcGomy5Vxl3iTET1UXmYKPk6QVUVRc+r
+T1f9rpXc0l5kid2xBSUyQdFAE4obd7jfA1fAYfClgxmEzv//34xHfCoc5ykCgYEA
+01sD00pA3ZXc+AwzHY64y3z6D0M/9s+d+GzFNZoAsM6lqaRDXbhW2oTjX9fkgg8A
+upMiTl/kFeqZfilBUnYbLuc5qEJlMjC8KpakwAdbDk2njAgXvfz9gknxXts0j1jJ
+bauokm0aB9A7j1sAWsj8ya3QtePegnr9YDfEQr1CQ90CgYBfAQaYG9ldXcxTlERG
+jOGu0bh9DtnmwsenwTZQD4mNHpvL0MkmIQxR5FAL8XXbNBq50zCiOapLLrhdqbh0
+ih3WoOdqxLIDQtAJYs3ANhOmEAxvQPxpPKhRHRKPGXxyzgW9zeQ08GpYoR/M7VRF
+TypqufvopzWOpbxpgbfiJQmd8g==
+-----END PRIVATE KEY-----
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index d7668ba48273ed7f841c5e4e868aaa4415817194..2bb6a62470c5e10d59be3a56109969f5fe802025 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -1,17 +1,97 @@
---
-- include: start.yml
- tags:
- - start
-- include: stop.yml
- tags:
- - stop
- - stop-keycloak
-- include: update-config.yml
- tags:
- - update-config
- - update-keycloak-config
-- include: restart.yml
- tags:
- - restart
- - restart-keycloak
+- name: Copy certificates in keycloak x509 conf dir
+ copy:
+ src: "{{ item.local }}"
+ dest: "{{ item.remote }}"
+ mode: "{{ item.mode }}"
+ with_items:
+ - local: "files/{{ inventory_hostname }}.crt"
+ remote: /etc/x509/https/tls.crt
+ mode: '0644'
+ - local: "files/{{ inventory_hostname }}.key"
+ remote: /etc/x509/https/tls.key
+ mode: '0600'
+ - local: "files/{{ ca_cn }}.crt"
+ remote: /etc/x509/ca/ca.crt
+ mode: '0644'
+ - local: "files/cacerts.jks"
+ remote: /opt/jboss/keycloak/cacerts.jks
+ mode: '0644'
+ tags:
+ - start
+ - startkeycloak
+
+- name: Generate Keycloak secure config
+ command: "/opt/jboss/tools/x509.sh"
+ environment:
+ X509_CA_BUNDLE: "/etc/x509/ca/ca.crt"
+ tags:
+ - start
+ - startkeycloak
+
+- name: Set admin password
+ command: /opt/jboss/keycloak/bin/add-user-keycloak.sh --user "admin" --password "{{keycloak_adminpass}}"
+ ignore_errors: yes
+ tags:
+ - start
+ - startkeycloak
+
+- name: Configure Keycloak start script
+ template:
+ src: "{{item}}.j2"
+ dest: "/opt/jboss/tools/{{item}}"
+ mode: 0750
+ with_items:
+ - startkeycloak.sh
+ - initkeycloakrealm.sh
+ tags:
+ - start
+ - startkeycloak
+
+
+- name: Start Keycloak IdP
+ command: /opt/jboss/tools/startkeycloak.sh
+ tags:
+ - start
+ - startkeycloak
+
+- name: Wait for Keycloak
+ wait_for:
+ host: "{{groups['keycloakcontainers'][0]}}"
+ port: 8443
+ state: started
+ delay: 5
+ tags:
+ - start
+ - startkeycloak
+
+- name: Initialize Keycloak realm
+ command: /opt/jboss/tools/initkeycloakrealm.sh
+ tags:
+ - start
+ - startkeycloak
+
+- name: Copy secrets from Keycloak
+ fetch:
+ src: "{{ item.remote }}"
+ dest: "{{ item.local }}"
+ flat: yes
+ with_items:
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/nifisecret"
+ local: "roles/nifi/files/nifisecret"
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/kibanasecret"
+ local: "roles/odfekibana/files/kibanasecret"
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/thehivesecret"
+ local: "roles/thehive/files/thehivesecret"
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/cortexsecret"
+ local: "roles/cortex/files/cortexsecret"
+ tags:
+ - start
+ - startkeycloak
+
+- name: Stop Keycloak
+ command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
+ tags:
+ - stop
+ - stopkeycloak
diff --git a/roles/keycloak/tasks/restart.yml b/roles/keycloak/tasks/restart.yml
deleted file mode 100644
index 4ea5519d0060b1f287c908e54b021b53c104e588..0000000000000000000000000000000000000000
--- a/roles/keycloak/tasks/restart.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-
-- name: Restart Keycloak
- remote_user: root
- command: "supervisorctl restart keycloak"
-
-- name: Wait for Keycloak
- remote_user: jboss
- wait_for:
- host: "{{groups['keycloakcontainers'][0]}}"
- port: 8443
- state: started
- delay: 5
diff --git a/roles/keycloak/tasks/start.yml b/roles/keycloak/tasks/start.yml
deleted file mode 100644
index 468cb2559c151b0b146a9f17cfa3980bc70b24a0..0000000000000000000000000000000000000000
--- a/roles/keycloak/tasks/start.yml
+++ /dev/null
@@ -1,96 +0,0 @@
----
-
-- name: Copy certificates in keycloak x509 conf dir
- remote_user: jboss
- copy:
- src: "{{ item.local }}"
- dest: "{{ item.remote }}"
- mode: "{{ item.mode}}"
- with_items:
- - local: "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt"
- remote: /etc/x509/https/tls.crt
- mode: '0644'
- - local: "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key"
- remote: /etc/x509/https/tls.key
- mode: '0600'
- - local: "{{playbook_dir}}/secrets/CA/ca.crt"
- remote: /etc/x509/ca/ca.crt
- mode: '0644'
- - local: "{{playbook_dir}}/secrets/CA/cacerts.jks"
- remote: /opt/jboss/keycloak/cacerts.jks
- mode: '0644'
-
-- name: Generate Keycloak secure config
- remote_user: jboss
- command: "/opt/jboss/tools/x509.sh"
- environment:
- X509_CA_BUNDLE: "/etc/x509/ca/ca.crt"
-
-- name: Set admin password
- remote_user: jboss
- command: /opt/jboss/keycloak/bin/add-user-keycloak.sh --user "admin" --password "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keykloak_admin')}}"
- ignore_errors: True
-
-- name: Configure logging format
- remote_user: jboss
- lineinfile: #TODO: Change to community.general.xml
- path: /opt/jboss/keycloak/standalone/configuration/standalone.xml
- regexp: '.*<formatter name="PATTERN">.*'
- line: "<formatter name=\"JSON\"><json-formatter date-format=\"yyyy-MM-dd'T'HH:mm:ss.SSS'Z'\" pretty-print=\"false\" print-details=\"true\" zone-id=\"UTC\"/></formatter><formatter name=\"PATTERN\">"
-
-- name: Enable event logging
- remote_user: jboss
- lineinfile:
- path: /opt/jboss/keycloak/standalone/configuration/standalone.xml
- regexp: '.*<spi name="eventsStore">.*'
- line: '<spi name="eventsListener"><provider name="jboss-logging" enabled="true"><properties><property name="success-level" value="INFO"/><property name="error-level" value="WARN"/></properties></provider></spi><spi name="eventsStore">'
-
-- name: Specify logging format
- remote_user: jboss
- lineinfile:
- path: /opt/jboss/keycloak/standalone/configuration/standalone.xml
- regexp: ".*<named-formatter name=.*"
- line: '<named-formatter name="JSON"/>'
-
-- name: Configure Keycloak start script
- remote_user: jboss
- template:
- src: "{{item}}.j2"
- dest: "/opt/jboss/tools/{{item}}"
- mode: 0750
- with_items:
- - startkeycloak.sh
- - initkeycloakrealm.sh
-
-- name: Start Keycloak IdP
- remote_user: root
- command: "supervisorctl start keycloak"
-
-- name: Wait for Keycloak
- remote_user: jboss
- wait_for:
- host: "{{groups['keycloakcontainers'][0]}}"
- port: 8443
- state: started
- delay: 5
-
-- name: Initialize Keycloak realm
- remote_user: jboss
- command: /opt/jboss/tools/initkeycloakrealm.sh
-
-- name: Copy secrets from Keycloak
- remote_user: jboss
- fetch:
- src: "{{ item.remote }}"
- dest: "{{ item.local }}"
- flat: yes
- with_items:
- - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/nifisecret"
- local: "{{playbook_dir}}/secrets/tokens/nifisecret"
- - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/kibanasecret"
- local: "{{playbook_dir}}/secrets/tokens/kibanasecret"
- - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/mispsecret"
- local: "{{playbook_dir}}/secrets/tokens/mispsecret"
-
-- name: Set Autostart for supervisord's services
- shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
diff --git a/roles/keycloak/tasks/stop.yml b/roles/keycloak/tasks/stop.yml
deleted file mode 100644
index 0f9c490c2263352235441f32f3674282d06e7fe0..0000000000000000000000000000000000000000
--- a/roles/keycloak/tasks/stop.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- name: Stop Keycloak
- remote_user: root
- command: "supervisorctl stop keycloak"
diff --git a/roles/keycloak/tasks/update-config.yml b/roles/keycloak/tasks/update-config.yml
deleted file mode 100644
index c64229a7f6a580c619e2d87f30cb1d3304d3d008..0000000000000000000000000000000000000000
--- a/roles/keycloak/tasks/update-config.yml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-
-- name: Configure Keycloak start script
- remote_user: jboss
- template:
- src: "{{item}}.j2"
- dest: "/opt/jboss/tools/{{item}}"
- mode: 0750
- with_items:
- - startkeycloak.sh
- - initkeycloakrealm.sh
-
-- name: Copy keycloak-tools
- remote_user: jboss
- synchronize:
- src: roles/build/templates/keycloak/keycloak-tools/
- dest: /opt/jboss/tools/
-
-- name: Copy secrets from Keycloak
- remote_user: jboss
- fetch:
- src: "{{ item.remote }}"
- dest: "{{ item.local }}"
- flat: yes
- with_items:
- - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/nifisecret"
- local: "{{playbook_dir}}/secrets/tokens/nifisecret"
- - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/kibanasecret"
- local: "{{playbook_dir}}/secrets/tokens/kibanasecret"
- - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/mispsecret"
- local: "{{playbook_dir}}/secrets/tokens/mispsecret"
-
diff --git a/roles/keycloak/templates/initkeycloakrealm.sh.j2 b/roles/keycloak/templates/initkeycloakrealm.sh.j2
index 3d790f2eb02af9dbb6644d50795d77788f8c0ba4..d6fc9463d0bddd7f8f31587b6ecf7019d3f69428 100644
--- a/roles/keycloak/templates/initkeycloakrealm.sh.j2
+++ b/roles/keycloak/templates/initkeycloakrealm.sh.j2
@@ -5,8 +5,8 @@ exec 7>&2
exec > /opt/jboss/keycloak/initkeycloak.log 2>&1
-kcadm.sh config truststore --trustpass {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}} /opt/jboss/keycloak/cacerts.jks
-kcadm.sh config credentials --server https://{{groups['keycloakcontainers'][0]}}:8443/auth --realm master --user admin --password "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keykloak_admin')}}"
+kcadm.sh config truststore --trustpass {{tspass}} /opt/jboss/keycloak/cacerts.jks
+kcadm.sh config credentials --server https://{{groups['keycloakcontainers'][0]}}:8443/auth --realm master --user admin --password {{keycloak_adminpass}}
kcadm.sh create realms -b '{ "enabled": "true", "id": "{{openid_realm}}", "realm": "{{openid_realm}}"}'
kcadm.sh create realms/{{openid_realm}}/authentication/flows/browser/copy -b '{ "id": "browser-x509", "newName": "X.509 Browser" }'
BROWSERFORM=$(kcadm.sh create realms/{{openid_realm}}/authentication/flows/X.509%20Browser/executions/execution -i -b '{ "provider": "auth-x509-client-username-form" }')
@@ -18,18 +18,22 @@ kcadm.sh create realms/{{openid_realm}}/groups -b '{"name":"GN43WP8T31"}'
{% for user in soctools_users %}
kcadm.sh create realms/{{openid_realm}}/users -b '{"enabled":true,"attributes":{"DN": ["{{user.DN}}"],"CN": ["{{user.CN}}"]},"username":"{{user.username}}","emailVerified":"","email":"{{user.email}}","firstName":"{{user.firstname}}","lastName":"{{user.lastname}}","groups": ["/GN43WP8T31"] }'
-kcadm.sh set-password -r {{openid_realm}} --username {{user.username}} --new-password {{lookup('password', '{{playbook_dir}}/secrets/passwords/'+user.CN)}}
+kcadm.sh set-password -r {{openid_realm}} --username {{user.username}} --new-password {{user.password}}
{% endfor %}
-NIFICLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"soctools-nifi","protocol":"openid-connect","clientAuthenticatorType": "client-secret","redirectUris": ["https://{{soctoolsproxy}}:9443/*" ],"webOrigins": [], "publicClient": false }')
+NIFICLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-nifi","protocol":"openid-connect","clientAuthenticatorType": "client-secret","redirectUris": ["https://{{dslproxy}}:9443/*" ],"webOrigins": [], "publicClient": false }')
kcadm.sh create realms/{{openid_realm}}/clients/${NIFICLIENT}/protocol-mappers/models -b '{"protocol":"openid-connect","config":{"id.token.claim":"true","access.token.claim":"true","userinfo.token.claim":"true","multivalued":"","aggregate.attrs":"","user.attribute":"DN","claim.name":"DN","jsonType.label":"String"},"name":"SendDN","protocolMapper":"oidc-usermodel-attribute-mapper"}'
kcadm.sh get realms/{{openid_realm}}/clients/${NIFICLIENT}/client-secret --fields value > /opt/jboss/keycloak/nifisecret
-KIBANACLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"soctools-kibana","protocol":"openid-connect","clientAuthenticatorType": "client-secret","rootUrl": "https://{{soctoolsproxy}}:5601","adminUrl": "","redirectUris": ["https://{{soctoolsproxy}}:5601", "https://{{soctoolsproxy}}:5601/auth/openid/login", "https://{{soctoolsproxy}}:5601/app/kibana" ],"webOrigins": [], "publicClient": false }')
+KIBANACLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-kibana","protocol":"openid-connect","clientAuthenticatorType": "client-secret","rootUrl": "https://{{dslproxy}}:5601","adminUrl": "","redirectUris": ["https://{{dslproxy}}:5601", "https://{{dslproxy}}:5601/auth/openid/login", "https://{{dslproxy}}:5601/app/kibana" ],"webOrigins": [], "publicClient": false }')
kcadm.sh get realms/{{openid_realm}}/clients/${KIBANACLIENT}/client-secret --fields value > /opt/jboss/keycloak/kibanasecret
-MISPCLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"soctools-misp","protocol":"openid-connect","clientAuthenticatorType": "client-secret","rootUrl": "https://{{soctoolsproxy}}:6443","adminUrl": "","redirectUris": ["https://{{soctoolsproxy}}:6443/users/login/keycloak"],"webOrigins": [], "publicClient": false }')
-kcadm.sh get realms/{{openid_realm}}/clients/${MISPCLIENT}/client-secret --fields value > /opt/jboss/keycloak/mispsecret
+THEHIVECLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-thehive","protocol":"openid-connect","clientAuthenticatorType": "client-secret","adminUrl": "","redirectUris": ["https://{{dslproxy}}:9000/api/ssoLogin"],"webOrigins": [], "publicClient": false }')
+kcadm.sh get realms/{{openid_realm}}/clients/${THEHIVECLIENT}/client-secret --fields value > /opt/jboss/keycloak/thehivesecret
+
+CORTEXCLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-cortex","protocol":"openid-connect","clientAuthenticatorType": "client-secret","adminUrl": "","redirectUris": ["https://{{dslproxy}}:9001/api/ssoLogin"],"webOrigins": [], "publicClient": false }')
+kcadm.sh get realms/{{openid_realm}}/clients/${CORTEXCLIENT}/client-secret --fields value > /opt/jboss/keycloak/cortexsecret
+
kcadm.sh config truststore --delete
diff --git a/roles/misp/files/SOCTOOLS-CA.crt b/roles/misp/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/misp/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/misp/files/cacerts.jks b/roles/misp/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
Binary files /dev/null and b/roles/misp/files/cacerts.jks differ
diff --git a/roles/misp/files/dsoclab-misp.crt b/roles/misp/files/dsoclab-misp.crt
new file mode 100644
index 0000000000000000000000000000000000000000..f83010441e252486cc934677a1e0a0de1ebe2328
--- /dev/null
+++ b/roles/misp/files/dsoclab-misp.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 75:87:fc:e4:cf:3e:c6:81:17:19:90:76:b1:2c:d5:d2
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:28 2020 GMT
+ Not After : Oct 15 10:47:28 2023 GMT
+ Subject: CN=dsoclab-misp
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cf:b1:1b:e7:a2:ae:70:81:71:a5:57:46:14:2e:
+ 47:64:89:4e:bd:7d:f0:82:2d:03:19:d6:87:44:b3:
+ 42:bf:72:78:03:cc:91:98:5b:36:42:14:55:e2:82:
+ 16:12:58:60:54:44:8f:15:f6:1b:1f:76:36:22:2e:
+ e8:ac:d3:3c:0a:df:46:c7:f1:04:bc:3a:bf:fe:4b:
+ 8f:2a:53:83:e3:50:82:06:09:fc:2a:fa:fe:94:a0:
+ 7b:7f:c2:3e:0b:3e:dc:72:b8:94:10:0a:0b:90:fd:
+ 45:76:29:85:52:bf:0f:20:43:78:fe:3b:d3:49:20:
+ 8f:9a:a5:0c:89:bb:0e:97:f2:67:b0:2d:f0:17:53:
+ 25:a6:9b:4b:64:0e:72:8a:bf:c9:e3:8e:41:bb:ed:
+ f3:33:6a:55:5f:8d:52:84:fa:a3:67:1a:7b:71:fb:
+ 90:f1:5f:61:df:44:ea:0b:77:88:f2:e5:c1:83:71:
+ 58:c7:58:8a:9b:39:45:59:4e:e0:db:16:b6:96:72:
+ 90:8c:ee:c2:13:75:ea:15:c6:6b:e2:dc:3a:de:c8:
+ 07:de:18:84:2d:96:b6:c4:4c:e1:4a:4d:13:6f:6c:
+ 9a:1d:e5:f9:6f:cc:7e:1b:4a:3a:75:1a:b9:37:b0:
+ 6d:a0:1b:69:35:f1:b6:e6:c2:a5:d3:56:d3:57:c7:
+ 0e:8b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 65:C5:56:88:65:AF:77:F1:53:B2:71:5E:16:10:D1:0B:30:FF:28:BE
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-misp, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 5a:57:76:90:fd:a5:0d:ea:b0:22:c9:02:2e:18:91:81:04:d1:
+ f4:64:58:58:19:27:03:9b:5a:dc:de:6c:0e:fb:b7:76:eb:b1:
+ 97:36:e2:c7:76:ef:7d:d8:00:c3:20:c0:3d:a7:cf:61:f8:16:
+ 4c:96:4c:7c:c8:89:21:d6:d4:eb:3a:c1:3d:98:34:74:6e:39:
+ 81:20:6f:9b:4b:8d:b9:35:60:c5:76:19:30:30:06:0f:89:b1:
+ 1a:f6:c4:88:52:28:98:41:52:f1:9a:77:82:79:ae:c9:71:ba:
+ d9:e5:e9:b7:ba:08:32:59:eb:5e:7d:11:e0:a8:27:20:91:46:
+ 05:56:1e:e6:0b:4d:49:17:52:7f:4b:c4:a3:e0:cd:30:bd:4e:
+ 6a:70:2a:f5:77:4d:d1:d6:64:13:8d:4b:1a:d3:0b:0f:8a:49:
+ 1e:bf:b4:c0:4f:43:dc:92:e3:c0:f2:2f:4a:c8:30:45:fc:5a:
+ d2:de:92:b2:a1:48:b8:da:ff:f4:0b:04:5d:5d:a7:30:d8:4b:
+ ca:cf:0c:01:6a:50:45:5f:d4:a8:cf:dd:fa:f7:68:0c:4c:45:
+ 47:be:3a:c2:39:bb:04:ff:62:a0:bc:91:a0:f2:2b:67:09:89:
+ 5a:ff:e6:53:c1:89:18:12:a1:0f:5a:d7:e1:12:8b:88:88:89:
+ ca:b0:30:27
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIQdYf85M8+xoEXGZB2sSzV0jANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjhaFw0yMzEwMTUx
+MDQ3MjhaMBcxFTATBgNVBAMMDGRzb2NsYWItbWlzcDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM+xG+eirnCBcaVXRhQuR2SJTr198IItAxnWh0SzQr9y
+eAPMkZhbNkIUVeKCFhJYYFREjxX2Gx92NiIu6KzTPArfRsfxBLw6v/5LjypTg+NQ
+ggYJ/Cr6/pSge3/CPgs+3HK4lBAKC5D9RXYphVK/DyBDeP4700kgj5qlDIm7Dpfy
+Z7At8BdTJaabS2QOcoq/yeOOQbvt8zNqVV+NUoT6o2cae3H7kPFfYd9E6gt3iPLl
+wYNxWMdYips5RVlO4NsWtpZykIzuwhN16hXGa+LcOt7IB94YhC2WtsRM4UpNE29s
+mh3l+W/MfhtKOnUauTewbaAbaTXxtubCpdNW01fHDosCAwEAAaOB2jCB1zAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBRlxVaIZa938VOycV4WENELMP8ovjBGBgNVHSMEPzA9
+gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9PTFMt
+Q0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYD
+VR0PBAQDAgWgMDcGA1UdEQQwMC6CDGRzb2NsYWItbWlzcIIeZHNvY2xhYi5nbjQt
+My13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQBaV3aQ/aUN6rAi
+yQIuGJGBBNH0ZFhYGScDm1rc3mwO+7d267GXNuLHdu992ADDIMA9p89h+BZMlkx8
+yIkh1tTrOsE9mDR0bjmBIG+bS425NWDFdhkwMAYPibEa9sSIUiiYQVLxmneCea7J
+cbrZ5em3uggyWetefRHgqCcgkUYFVh7mC01JF1J/S8Sj4M0wvU5qcCr1d03R1mQT
+jUsa0wsPikkev7TAT0PckuPA8i9KyDBF/FrS3pKyoUi42v/0CwRdXacw2EvKzwwB
+alBFX9Soz93692gMTEVHvjrCObsE/2KgvJGg8itnCYla/+ZTwYkYEqEPWtfhEouI
+iInKsDAn
+-----END CERTIFICATE-----
diff --git a/roles/misp/files/dsoclab-misp.key b/roles/misp/files/dsoclab-misp.key
new file mode 100644
index 0000000000000000000000000000000000000000..9b8a5d677ac4cfa58bdee7fe6fec0d74c30240ab
--- /dev/null
+++ b/roles/misp/files/dsoclab-misp.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDPsRvnoq5wgXGl
+V0YULkdkiU69ffCCLQMZ1odEs0K/cngDzJGYWzZCFFXighYSWGBURI8V9hsfdjYi
+Luis0zwK30bH8QS8Or/+S48qU4PjUIIGCfwq+v6UoHt/wj4LPtxyuJQQCguQ/UV2
+KYVSvw8gQ3j+O9NJII+apQyJuw6X8mewLfAXUyWmm0tkDnKKv8njjkG77fMzalVf
+jVKE+qNnGntx+5DxX2HfROoLd4jy5cGDcVjHWIqbOUVZTuDbFraWcpCM7sITdeoV
+xmvi3DreyAfeGIQtlrbETOFKTRNvbJod5flvzH4bSjp1Grk3sG2gG2k18bbmwqXT
+VtNXxw6LAgMBAAECggEBAIb/4VqMVQTOLvfBJc0iU8eWtLbZMMb8ySI3Xs+aEc3t
+cvNNOmolB7ymCTllQ0GDboH32mX1BaZKqV9IzHbiCwoqHZEDKgfLzFZX+OQTSwwr
+nYidXur1IRuswPnHYZrfrl1net5+GQyShF8NGBs0E3nuQaxHaMwEvTNRCzhPfWnn
+u/g3IExtSdE/XSxRnTGRQqSnMAf9OXs9bw/iTSR5cQO2mW/dRLr4aUCQOJ5Hx4mO
+ub172vkNeNwOSUzc9FjtZyQZOtn25WoS7SusK7y9ToDqqR5OcI5M+kxq+fQo8Wvu
+XlIeOvTKTHOBaih6QYEzHo9zq893I/c0xiOmfOr0v7kCgYEA7WQ7g5z+2Lyt35Sq
+XmzyQyAEbx+PMPc7yTQC62YuvpEAaDFDHMphDw1zM2mraLO+2IuBuDz7CTlsf1zl
+xwEJoEZa3odRi2McpqiUVQgJYD+bCUv35J8X93K4/7tLHvXDJQ3BKBNNoLHxjD5P
+SlR5xBCFwZiiXAkquWpZaaWAbg0CgYEA3/jjf723dlWRrVcG/m7VJrhTWq10Jltp
+8y786INKU1IUrwqFt7ph4c9/Jbop40QVkJKzsPojzWreDf3EZYGnBVhOLA5p4MC0
+X1ZTzN86dn1Y3SDCopGnJVP8X2EdDGfsTkfXxOjRCzSPOyZzxzseACw9WWAmullU
+zQs4K6/4YPcCgYB117znb8bepoMVqwILz79PbRRmaV82qnRGRAhy/I2V0ftGvbWY
+FCqsQzv9uKX7WscRTed+It9nS9c9PkteR3iU1HgFYV0seW3emW7Q6yVkXw7CRbDw
+D73g+1U0ta/r1Yoi2boZ/8MYU10aBlBsEJVFrAIKAZAPagmIc2+hTyP6/QKBgQDX
+FHSr3C0NJzkhA7zEovxwFXx+TKmImCqTjKD0S/gZMW6JdYpZmFOc/Jz2RuMoyt4G
+msqSfnPZNPIO744liC8zM8zGBAVq/sN39je9OvUyikbG+0nNwh+H+jIWCfVST44e
+0mEDSCxPHWcaf1+ZiEzUD6fOZ0Zpl5WW3lpPocncmwKBgQDIR7uJctv3UZkEO+oq
+g1Q4jLUYJFUb/3fk1mEmpq+b90e/xQMqZHlu/KHiHcKrukdWj67d/LY4mrw4DebR
+PTgdj9e0O8V9M7BYxDN+zEYrvmmY4A+tg07zm8aqmhCNKpOMsW0MkKFFuRiMkiCh
+bopZVfjdd+d/56vLZW+GSBaCew==
+-----END PRIVATE KEY-----
diff --git a/roles/misp/tasks/config.yml b/roles/misp/tasks/config.yml
deleted file mode 100644
index 864c61dcf473417a13a27ff5debeaf4c5e3c900b..0000000000000000000000000000000000000000
--- a/roles/misp/tasks/config.yml
+++ /dev/null
@@ -1,93 +0,0 @@
----
-
-- name: Change password of default user
- shell: "/var/www/MISP/app/Console/cake Password admin@admin.test {{ lookup('password', '{{playbook_dir}}/secrets/passwords/misp_admin') }}"
-
-- name: Configure MISP
- shell: '/var/www/MISP/app/Console/cake Admin setSetting {{item.var}} {{item.value}}'
- with_items:
- - {"var":"Plugin.CustomAuth_enable","value":"true"}
- - {"var":"Plugin.CustomAuth_header","value":"X_REMOTE_USER"}
- - {"var":"Plugin.CustomAuth_disable_logout","value":"true"}
- - {"var":"MISP.external_baseurl","value":"https://{{soctoolsproxy}}:6443"}
- - {"var":"MISP.live","value":"true"}
-
-- name: Init default user
- shell: '/var/www/MISP/app/Console/cake user_init | /usr/bin/tail -n1'
- register: init_output
- ignore_errors: True
-
-- name: Set API key fact
- set_fact:
- misp_api_key: "{{ init_output.stdout }}"
- when: '"initialised" not in init_output.stdout'
-
-- name: Get API key
- shell: '/var/www/MISP/app/Console/cake Admin getAuthkey admin@admin.test | /usr/bin/tail -n1'
- register: get_output
- ignore_errors: True
- when: '"initialised" in init_output.stdout'
-
-- name: Set API key fact
- set_fact:
- misp_api_key: "{{ get_output.stdout }}"
- when: '"initialised" in init_output.stdout'
-
-- name: add users
- uri:
- url: "https://{{soctoolsproxy}}:6443/admin/users/add/1"
- method: POST
- body_format: json
- headers:
- Authorization: "{{misp_api_key}}"
- Accept: "application/json"
- Content-type: "application/json"
- body: '{"email": "{{item.email}}","org_id": "1","role_id": "1","external_auth_key":"{{item.email}}","external_auth_required":"1","change_pw": "0","external_auth_key":"{{item.email}}"}'
- ignore_errors: yes #Ignore error when user already exists
- with_items:
- - "{{soctools_users}}"
-
-- name: Get user API key
- shell: '/var/www/MISP/app/Console/cake Admin getAuthkey {{soctools_users[0].email}} | /usr/bin/tail -n1'
- register: user_key
-
-- name: Store user API key
- copy:
- content: "{{ user_key.stdout }}"
- dest: "{{playbook_dir}}/secrets/tokens/misp"
- delegate_to: 127.0.0.1
-
-- name: Enable feed
- uri:
- url: "https://{{soctoolsproxy}}:6443/feeds/edit/1"
- method: POST
- body_format: json
- headers:
- Authorization: "{{misp_api_key}}"
- Accept: "application/json"
- Content-type: "application/json"
- body: '{"enabled": true, "caching_enabled": true, "distribution": "1","publish": true}'
-
-- name: Fetch feed
- shell: '/var/www/MISP/app/Console/cake Server {{item}} 1 all&'
- with_items:
- - fetchFeed
- - cacheFeed
-
-- name: Add example event
- uri:
- url:
- url: "https://{{soctoolsproxy}}:6443/events"
- method: POST
- body_format: json
- headers:
- Authorization: "{{misp_api_key}}"
- Accept: "application/json"
- Content-type: "application/json"
- body: '{"Event":{"date":"{{ansible_date_time.date}}","threat_level_id":"1","info":"testevent","published":true,"analysis":"0","distribution":"0","Attribute":[{"type":"domain","category":"Network activity","to_ids":false,"distribution":"0","comment":"","value":"example.evil"},{"type":"ip-dst","category":"Network activity","to_ids":false,"distribution":"0","comment":"","value":"10.10.10.10"}]}}'
-
-- name: Set Autostart for supervisord services
- replace:
- path: /etc/supervisord.conf
- regexp: '^autostart=false$'
- replace: 'autostart=true'
diff --git a/roles/misp/tasks/main.yml b/roles/misp/tasks/main.yml
index 9b53c6c2b6dd1a2bc3207018e2524abfc390af9f..826e9dce14466e41450089a3720f28d4a4e54573 100644
--- a/roles/misp/tasks/main.yml
+++ b/roles/misp/tasks/main.yml
@@ -1,19 +1,59 @@
---
-- include: start.yml
+- name: Copy certificates in apache cert dir
+ copy:
+ src: "{{ item.local }}"
+ dest: "{{ item.remote }}"
+ mode: "{{ item.mode}}"
+ with_items:
+ - local: "files/{{ inventory_hostname }}.crt"
+ remote: /etc/ssl/certs/misp.crt
+ mode: '0644'
+ - local: "files/{{ inventory_hostname }}.key"
+ remote: /etc/ssl/certs/misp.key
+ mode: '0600'
+ - local: "files/{{ ca_cn }}.crt"
+ remote: /etc/ssl/certs/ca.crt
+ mode: '0644'
tags:
- - start
-- include: config.yml
+ - start
+
+- name: Configure Apache web server for misp
+ template:
+ src: misp.conf.j2
+ dest: /etc/httpd/conf.d/misp.conf
+ tags:
+ - start
+
+- name: Configure MISP database access
+ template:
+ src: database.php.j2
+ dest: /var/www/MISP/app/Config/database.php
+ tags:
+ - start
+
+- name: Configure MISP app
+ template:
+ src: config.php.j2
+ dest: /var/www/MISP/app/Config/config.php
tags:
- - start
- - config
-- include: stop.yml
- tags: stop
-- include: update-config.yml
+ - start
+
+- name: Configure MISP database initialization script
+ template:
+ src: checkdb.sh.j2
+ dest: /var/www/MISP/checkdb.sh
+ mode: '0700'
tags:
- - update-config
- - update-misp-config
-- include: restart.yml
+ - start
+
+- name: Check if database is initialized
+ command: /var/www/MISP/checkdb.sh
tags:
- - restart
- - restart-misp
+ - start
+
+- name: Start MISP
+ command: "/usr/bin/supervisord -c /etc/supervisord.conf"
+ tags:
+ - start
+
diff --git a/roles/misp/tasks/restart.yml b/roles/misp/tasks/restart.yml
deleted file mode 100644
index 5878940540110fed2900248484f1fb6c0dc6b807..0000000000000000000000000000000000000000
--- a/roles/misp/tasks/restart.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-
-- name: Restart php-fpm
- command: "supervisorctl restart php-fpm"
-
-- name: Restart redis-server
- command: "supervisorctl restart redis-server"
-
-- name: Restart apache2
- command: "supervisorctl restart apache2"
-
-- name: Restart misp-modules
- command: "supervisorctl restart misp-modules"
-
-- name: Restart workers
- command: "supervisorctl restart workers"
diff --git a/roles/misp/tasks/start.yml b/roles/misp/tasks/start.yml
deleted file mode 100644
index c07917fd83fe41509adf423109b20bfc9e781744..0000000000000000000000000000000000000000
--- a/roles/misp/tasks/start.yml
+++ /dev/null
@@ -1,73 +0,0 @@
----
-
-- name: Set PHP symbolic link
- file:
- src: /opt/rh/rh-php72/root/bin/php
- dest: /usr/bin/php
- state: link
-
-- name: Copy certificates
- copy:
- src: "{{ item.local }}"
- dest: "{{ item.remote }}"
- mode: "{{ item.mode}}"
- with_items:
- - local: "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt"
- remote: /etc/ssl/certs/misp.crt
- mode: '0644'
- - local: "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key"
- remote: /etc/ssl/certs/misp.key
- mode: '0600'
- - local: "{{playbook_dir}}/secrets/CA/ca.crt"
- remote: /etc/ssl/certs/ca.crt
- mode: '0644'
- - local: "{{playbook_dir}}/secrets/CA/ca.crt"
- remote: /etc/pki/ca-trust/source/anchors/ca.crt
- mode: '0644'
-
-- name: Update CA trust
- command: update-ca-trust
-
-- name: Get openid authkey
- set_fact:
- mispsecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/mispsecret',convert_data=False) | from_json }}"
-
-- name: Configure Apache web server for misp
- template:
- src: misp.conf.j2
- dest: /etc/httpd/conf.d/misp.conf
-
-- name: Configure MISP database access
- template:
- src: database.php.j2
- dest: /var/www/MISP/app/Config/database.php
-
-- name: Configure salt
- lineinfile:
- path: /var/www/MISP/app/Config/config.php
- regexp: "'salt'.*=>"
- line: "'salt' => '{{lookup('password', '{{playbook_dir}}/secrets/misp_salt')}}',"
-
-- name: Configure MISP database initialization script
- template:
- src: checkdb.sh.j2
- dest: /var/www/MISP/checkdb.sh
- mode: '0700'
-
-- name: Check if database is initialized
- command: /var/www/MISP/checkdb.sh
-
-- name: Start php-fpm
- command: "supervisorctl start php-fpm"
-
-- name: Start redis-server
- command: "supervisorctl start redis-server"
-
-- name: Start apache2
- command: "supervisorctl start apache2"
-
-- name: Start misp-modules
- command: "supervisorctl start misp-modules"
-
-- name: Start workers
- command: "supervisorctl start workers"
diff --git a/roles/misp/tasks/stop.yml b/roles/misp/tasks/stop.yml
deleted file mode 100644
index 6a56d87d74255095f17ca8ac2db562596446f586..0000000000000000000000000000000000000000
--- a/roles/misp/tasks/stop.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-- name: Stop php-fpm
- command: "supervisorctl stop php-fpm"
-
-- name: Stop redis-server
- command: "supervisorctl stop redis-server"
-
-- name: Stop apache2
- command: "supervisorctl stop apache2"
-
-- name: Stop misp-modules
- command: "supervisorctl stop misp-modules"
-
-- name: Stop workers
- #command: "supervisorctl start workers"
- command: 'su - -s /bin/bash -c "/var/www/MISP/app/Console/worker/stop.sh" apache'
-
diff --git a/roles/misp/tasks/update-config.yml b/roles/misp/tasks/update-config.yml
deleted file mode 100644
index cd21505a47e530a967e3c44bd2a772d1b8d08bd7..0000000000000000000000000000000000000000
--- a/roles/misp/tasks/update-config.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-
diff --git a/roles/misp/templates/checkdb.sh.j2 b/roles/misp/templates/checkdb.sh.j2
index c8eb4abac0fefe53b36d5ac6fb5e588e96a03054..5aba69f866bb0343a8abbbadd3e6606213574123 100644
--- a/roles/misp/templates/checkdb.sh.j2
+++ b/roles/misp/templates/checkdb.sh.j2
@@ -1,5 +1,5 @@
#!/bin/bash -x
-MISPINIT=$(echo "SELECT COUNT(DISTINCT 'table_name') FROM information_schema.columns WHERE table_schema = '{{misp_dbname}}';" | mysql -s -h {{mysql_name}} -u {{misp_dbuser}} -p{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}} {{misp_dbname}})
+MISPINIT=$(echo "SELECT COUNT(DISTINCT 'table_name') FROM information_schema.columns WHERE table_schema = '{{misp_dbname}}';" | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{misp_dbpass}} {{misp_dbname}})
if [ ${MISPINIT} == "0" ]; then
- cat /var/www/MISP/INSTALL/MYSQL.sql | mysql -s -h {{mysql_name}} -u {{misp_dbuser}} -p{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}} {{misp_dbname}}
+ cat /var/www/MISP/INSTALL/MYSQL.sql | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{misp_dbpass}} {{misp_dbname}}
fi
diff --git a/roles/misp/templates/config.php.j2 b/roles/misp/templates/config.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..46ca1ca0aadfb26b91e4c4469afcf8c967333288
--- /dev/null
+++ b/roles/misp/templates/config.php.j2
@@ -0,0 +1,84 @@
+<?php
+$config = array (
+ 'debug' => 0,
+ 'MISP' =>
+ array (
+ 'baseurl' => 'https://{{dslproxy}}:6443',
+ 'footermidleft' => '',
+ 'footermidright' => '',
+ 'org' => 'ORGNAME',
+ 'showorg' => true,
+ 'threatlevel_in_email_subject' => true,
+ 'email_subject_TLP_string' => 'tlp:amber',
+ 'email_subject_tag' => 'tlp',
+ 'email_subject_include_tag_name' => true,
+ 'background_jobs' => true,
+ 'cached_attachments' => true,
+ 'email' => 'email@address.com',
+ 'contact' => 'email@address.com',
+ 'cveurl' => 'https://cve.circl.lu/cve/',
+ 'cweurl' => 'https://cve.circl.lu/cwe/',
+ 'disablerestalert' => false,
+ 'default_event_distribution' => '1',
+ 'default_attribute_distribution' => 'event',
+ 'tagging' => true,
+ 'full_tags_on_event_index' => true,
+ 'attribute_tagging' => true,
+ 'full_tags_on_attribute_index' => true,
+ 'footer_logo' => '',
+ 'take_ownership_xml_import' => false,
+ 'unpublishedprivate' => false,
+ 'disable_emailing' => false,
+ 'manage_workers' => true,
+ 'Attributes_Values_Filter_In_Event' => 'id, uuid, value, comment, type, category, Tag.name',
+ 'uuid' => '6ec3e533-99f9-42ac-952d-002664d1500f',
+ 'live' => true,
+ ),
+ 'GnuPG' =>
+ array (
+ 'onlyencrypted' => false,
+ 'email' => '',
+ 'homedir' => '',
+ 'password' => '',
+ 'bodyonlyencrypted' => false,
+ 'sign' => true,
+ 'obscure_subject' => false,
+ ),
+ 'SMIME' =>
+ array (
+ 'enabled' => false,
+ 'email' => '',
+ 'cert_public_sign' => '',
+ 'key_sign' => '',
+ 'password' => '',
+ ),
+ 'Proxy' =>
+ array (
+ 'host' => '',
+ 'port' => '',
+ 'method' => '',
+ 'user' => '',
+ 'password' => '',
+ ),
+ 'SecureAuth' =>
+ array (
+ 'amount' => 5,
+ 'expire' => 300,
+ ),
+ 'Security' =>
+ array (
+ 'level' => 'medium',
+ 'salt' => '{{misp_salt}}',
+ 'cipherSeed' => '',
+ ),
+ 'Session.defaults' => 'php',
+ 'Session.timeout' => 60,
+ 'Session.cookieTimeout' => 60,
+ 'Session.autoRegenerate' => false,
+ 'Session.checkAgent' => false,
+ 'site_admin_debug' => NULL,
+ 'Plugin' => NULL,
+ 'CertAuth' => NULL,
+ 'ApacheShibbAuth' => NULL,
+ 'ApacheSecureAuth' => NULL,
+);
diff --git a/roles/misp/templates/database.php.j2 b/roles/misp/templates/database.php.j2
index 867e5fb9e876d23e8d6552eab177a1e5121c8eff..0cf1934f76488c257a3f68c2a4cf97ae58a8dead 100755
--- a/roles/misp/templates/database.php.j2
+++ b/roles/misp/templates/database.php.j2
@@ -63,11 +63,11 @@ class DATABASE_CONFIG {
'datasource' => 'Database/Mysql',
//'datasource' => 'Database/Postgres',
'persistent' => false,
- 'host' => '{{mysql_name}}',
+ 'host' => '{{groups['mysql'][0]}}',
'login' => '{{misp_dbuser}}',
'port' => 3306, // MySQL & MariaDB
//'port' => 5432, // PostgreSQL
- 'password' => '{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}}',
+ 'password' => '{{misp_dbpass}}',
'database' => '{{misp_dbname}}',
'prefix' => '',
'encoding' => 'utf8',
diff --git a/roles/misp/templates/misp.conf.j2 b/roles/misp/templates/misp.conf.j2
index 2ca05216dba90d63323d1362325837dd83824fbd..3a9cb85aa753ba49e5cdeec63daf64a76f46e340 100644
--- a/roles/misp/templates/misp.conf.j2
+++ b/roles/misp/templates/misp.conf.j2
@@ -1,7 +1,7 @@
Listen 6443 https
<VirtualHost *:6443>
-ServerAdmin admin@{{soctoolsproxy}}
-ServerName {{soctoolsproxy}}
+ServerAdmin admin@{{dslproxy}}
+ServerName {{dslproxy}}
DocumentRoot /var/www/MISP/app/webroot
<Directory /var/www/MISP/app/webroot>
Options -Indexes
@@ -10,25 +10,15 @@ AllowOverride all
DirectoryIndex index.php
+# ProxyPassMatch ^/info$ fcgi://127.0.0.1:9000/var/www/MISP/app/webroot/info.php
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/MISP/app/webroot/$1
-SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
-
-OIDCCryptoPassphrase {{lookup('password', '{{playbook_dir}}/secrets/passwords/misp_crypto')}}
-OIDCProviderMetadataURL https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration
-OIDCRedirectURI https://{{soctoolsproxy}}:6443/users/login/keycloak
-OIDCClientID soctools-misp
-OIDCScope "openid profile"
-OIDCClientSecret {{mispsecret.value}}
-OIDCRemoteUserClaim email
-OIDCProviderTokenEndpointAuth client_secret_basic
-
-<Location /users/login>
- AuthType openid-connect
- Require valid-user
- RequestHeader set X-Remote-User %{OIDC_CLAIM_email}e
-</Location>
-
+#<FilesMatch "\.php$">
+# SetHandler "proxy:fcgi://127.0.0.1:9000"
+# ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
+# AddHandler php72-fcgi .php
+# Action php72-fcgi /cgi-bin/php72.fcgi
+#</FilesMatch>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/misp.crt
diff --git a/roles/misp/templates/mysql_secure.sql.j2 b/roles/misp/templates/mysql_secure.sql.j2
index dd8ffd5d96d8dcdc08ca9efca5b2f66f3fa82dc9..7b8dd283a33da8aab7f443985ea9f5f97fb6f5d6 100644
--- a/roles/misp/templates/mysql_secure.sql.j2
+++ b/roles/misp/templates/mysql_secure.sql.j2
@@ -1,4 +1,4 @@
-UPDATE mysql.user SET Password=PASSWORD('{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_root')}}') WHERE User='root';
+UPDATE mysql.user SET Password=PASSWORD('{{mysql_dbrootpass}}') WHERE User='root';
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DROP DATABASE IF EXISTS test;
@@ -6,7 +6,7 @@ DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
CREATE DATABASE {{misp_dbname}};
{% for misp_host in groups['mispcontainers'] %}
-GRANT USAGE on *.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}' IDENTIFIED by '{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}}';
+GRANT USAGE on *.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}' IDENTIFIED by '{{misp_dbpass}}';
GRANT ALL PRIVILEGES on {{misp_dbname}}.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}';
{% endfor %}
diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml
index 69395fe3e0562adca1f273db7d17f8e3b1451ee6..f915611043cb4f4d1aa7aa9b2d9c4b87539ad4c5 100644
--- a/roles/mysql/tasks/main.yml
+++ b/roles/mysql/tasks/main.yml
@@ -1,20 +1,4 @@
---
- include: secure.yml
- tags:
- - start
- include: misp.yml
- tags:
- - start
-- include: stop.yml
- tags:
- - stop
- - stop-mysql
-- include: update-config.yml
- tags:
- - update-config
- - update-mysql-config
-- include: restart.yml
- tags:
- - restart
- - restart-mysql
diff --git a/roles/mysql/tasks/misp.yml b/roles/mysql/tasks/misp.yml
index c541e99243876ad9739ec4b52bc946b481ef6274..60e1d0a082f9036afb9295a5b9f8ad2e3713f843 100644
--- a/roles/mysql/tasks/misp.yml
+++ b/roles/mysql/tasks/misp.yml
@@ -4,26 +4,23 @@
mysql_db:
name: "{{misp_dbname}}"
state: present
+ tags:
+ - start
- name: Create misp user
mysql_user:
name: "{{misp_dbuser}}"
- #host: "{{item}}.{{soctools_netname}}"
- host: "%"
- password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}}"
+ host: "{{item}}.{{soctools_netname}}"
+ password: "{{misp_dbpass}}"
priv: "{{misp_dbname}}.*:ALL"
with_items: "{{groups['mispcontainers']}}"
-
-- name: Set Autostart for supervisord's services
- replace:
- path: /etc/supervisord.conf
- regexp: '^autostart=false$'
- replace: 'autostart=true'
+ tags:
+ - start
# CREATE DATABASE IF NOT EXISTS {{misp_dbname}};
# {% for misp_host in groups['mispcontainers'] %}
-# GRANT USAGE on *.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}' IDENTIFIED by '{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}}';
+# GRANT USAGE on *.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}' IDENTIFIED by '{{misp_dbpass}}';
# GRANT ALL PRIVILEGES on {{misp_dbname}}.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}';
# {% endfor %}
#
diff --git a/roles/mysql/tasks/restart.yml b/roles/mysql/tasks/restart.yml
deleted file mode 100644
index 79a5ef40478116ae27a4d01452ff77d6495cbd59..0000000000000000000000000000000000000000
--- a/roles/mysql/tasks/restart.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-
-- name: Restart MySQL
- shell: "supervisorctl restart mysql"
diff --git a/roles/mysql/tasks/secure.yml b/roles/mysql/tasks/secure.yml
index 80db96cf207efd2ba5b4ec0c5aa4828041a6e980..18f098e0bf61973914ca8e52e4de00a7e8a10652 100644
--- a/roles/mysql/tasks/secure.yml
+++ b/roles/mysql/tasks/secure.yml
@@ -4,7 +4,7 @@
mysql_user:
name: root
host_all: yes
- password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_root')}}"
+ password: "{{mysql_dbrootpass}}"
tags:
- start
ignore_errors: true
@@ -54,7 +54,7 @@
#
#
#
-# UPDATE mysql.user SET Password=PASSWORD('{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_root')}}') WHERE User='root';
+# UPDATE mysql.user SET Password=PASSWORD('{{mysql_dbrootpass}}') WHERE User='root';
# DELETE FROM mysql.user WHERE User='';
# DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
# DROP DATABASE IF EXISTS test;
@@ -64,9 +64,9 @@
#
#
# #!/bin/bash -x
-# MISPINIT=$(echo "SELECT COUNT(DISTINCT 'table_name') FROM information_schema.columns WHERE table_schema = '{{misp_dbname}}';" | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}} {{misp_dbname}})
-# #MISPINIT=$(echo "select count(id) from users;" | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}} {{misp_dbname}})
+# MISPINIT=$(echo "SELECT COUNT(DISTINCT 'table_name') FROM information_schema.columns WHERE table_schema = '{{misp_dbname}}';" | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{misp_dbpass}} {{misp_dbname}})
+# #MISPINIT=$(echo "select count(id) from users;" | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{misp_dbpass}} {{misp_dbname}})
# if [ ${MISPINIT} == "0" ]; then
-# cat /var/www/MISP/INSTALL/MYSQL.sql | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_misp')}} {{misp_dbname}}
+# cat /var/www/MISP/INSTALL/MYSQL.sql | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{misp_dbpass}} {{misp_dbname}}
# touch /var/www/MISP/dbchecked-$(date +%Y%m%d_%H%M%S)
# fi
diff --git a/roles/mysql/tasks/stop.yml b/roles/mysql/tasks/stop.yml
deleted file mode 100644
index dcfc34a99ec56f67b192a0ab40ae019c3db96bcf..0000000000000000000000000000000000000000
--- a/roles/mysql/tasks/stop.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-
-- name: Stop MySQL
- shell: "supervisorctl stop mysql"
diff --git a/roles/mysql/tasks/update-config.yml b/roles/mysql/tasks/update-config.yml
deleted file mode 100644
index cd21505a47e530a967e3c44bd2a772d1b8d08bd7..0000000000000000000000000000000000000000
--- a/roles/mysql/tasks/update-config.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-
diff --git a/roles/mysql/templates/dotmy.cnf.j2 b/roles/mysql/templates/dotmy.cnf.j2
index 79fe59e355fa1a7d55872cdd80e0025bfc246f25..56feaea61621677a51089d18f6fea96fc3a30a4b 100644
--- a/roles/mysql/templates/dotmy.cnf.j2
+++ b/roles/mysql/templates/dotmy.cnf.j2
@@ -1,3 +1,3 @@
[client]
user=root
-password='{{lookup('password', '{{playbook_dir}}/secrets/passwords/mysql_root')}}'
+password='{{mysql_dbrootpass}}'
diff --git a/roles/mysql/templates/mysql_secure.sql.j2 b/roles/mysql/templates/mysql_secure.sql.j2
index 5b8474e9b0dc5dbcc27f013a771f2187fdc68b6a..c1f602d390f8e986c6b8cf73664a2bde3a87fbbb 100644
--- a/roles/mysql/templates/mysql_secure.sql.j2
+++ b/roles/mysql/templates/mysql_secure.sql.j2
@@ -1,4 +1,4 @@
-UPDATE mysql.user SET Password=PASSWORD('{{playbook_dir}}/secrets/passwords/mysql_root')}}') WHERE User='root';
+UPDATE mysql.user SET Password=PASSWORD('{{mysql_dbrootpass}}') WHERE User='root';
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DROP DATABASE IF EXISTS test;
@@ -6,14 +6,9 @@ DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
CREATE DATABASE IF NOT EXISTS {{misp_dbname}};
{% for misp_host in groups['mispcontainers'] %}
-GRANT USAGE on *.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}' IDENTIFIED by '{{playbook_dir}}/secrets/passwords/mysql_misp')}}';
+GRANT USAGE on *.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}' IDENTIFIED by '{{misp_dbpass}}';
GRANT ALL PRIVILEGES on {{misp_dbname}}.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}';
{% endfor %}
-INSTALL SONAME 'server_audit';
-SET GLOBAL server_audit_logging=ON;
-SET GLOBAL server_audit_file_rotate_now = ON;
-SET GLOBAl server_audit_file_rotations = 2;
-SET GLOABL audit_log_format = JSON;
FLUSH PRIVILEGES;
diff --git a/roles/nifi/files/CountriesWithRegionalCodes.csv b/roles/nifi/files/CountriesWithRegionalCodes.csv
deleted file mode 100644
index f9b67f9dfe618e9151c718c23ed568960b5e69cb..0000000000000000000000000000000000000000
--- a/roles/nifi/files/CountriesWithRegionalCodes.csv
+++ /dev/null
@@ -1,250 +0,0 @@
-name,alpha-2,alpha-3,country-code,iso_3166-2,region,sub-region,intermediate-region,region-code,sub-region-code,intermediate-region-code
-Afghanistan,AF,AFG,004,ISO 3166-2:AF,Asia,Southern Asia,"",142,034,""
-Åland Islands,AX,ALA,248,ISO 3166-2:AX,Europe,Northern Europe,"",150,154,""
-Albania,AL,ALB,008,ISO 3166-2:AL,Europe,Southern Europe,"",150,039,""
-Algeria,DZ,DZA,012,ISO 3166-2:DZ,Africa,Northern Africa,"",002,015,""
-American Samoa,AS,ASM,016,ISO 3166-2:AS,Oceania,Polynesia,"",009,061,""
-Andorra,AD,AND,020,ISO 3166-2:AD,Europe,Southern Europe,"",150,039,""
-Angola,AO,AGO,024,ISO 3166-2:AO,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
-Anguilla,AI,AIA,660,ISO 3166-2:AI,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Antarctica,AQ,ATA,010,ISO 3166-2:AQ,"","","","","",""
-Antigua and Barbuda,AG,ATG,028,ISO 3166-2:AG,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Argentina,AR,ARG,032,ISO 3166-2:AR,Americas,Latin America and the Caribbean,South America,019,419,005
-Armenia,AM,ARM,051,ISO 3166-2:AM,Asia,Western Asia,"",142,145,""
-Aruba,AW,ABW,533,ISO 3166-2:AW,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Australia,AU,AUS,036,ISO 3166-2:AU,Oceania,Australia and New Zealand,"",009,053,""
-Austria,AT,AUT,040,ISO 3166-2:AT,Europe,Western Europe,"",150,155,""
-Azerbaijan,AZ,AZE,031,ISO 3166-2:AZ,Asia,Western Asia,"",142,145,""
-Bahamas,BS,BHS,044,ISO 3166-2:BS,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Bahrain,BH,BHR,048,ISO 3166-2:BH,Asia,Western Asia,"",142,145,""
-Bangladesh,BD,BGD,050,ISO 3166-2:BD,Asia,Southern Asia,"",142,034,""
-Barbados,BB,BRB,052,ISO 3166-2:BB,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Belarus,BY,BLR,112,ISO 3166-2:BY,Europe,Eastern Europe,"",150,151,""
-Belgium,BE,BEL,056,ISO 3166-2:BE,Europe,Western Europe,"",150,155,""
-Belize,BZ,BLZ,084,ISO 3166-2:BZ,Americas,Latin America and the Caribbean,Central America,019,419,013
-Benin,BJ,BEN,204,ISO 3166-2:BJ,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Bermuda,BM,BMU,060,ISO 3166-2:BM,Americas,Northern America,"",019,021,""
-Bhutan,BT,BTN,064,ISO 3166-2:BT,Asia,Southern Asia,"",142,034,""
-Bolivia (Plurinational State of),BO,BOL,068,ISO 3166-2:BO,Americas,Latin America and the Caribbean,South America,019,419,005
-"Bonaire, Sint Eustatius and Saba",BQ,BES,535,ISO 3166-2:BQ,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Bosnia and Herzegovina,BA,BIH,070,ISO 3166-2:BA,Europe,Southern Europe,"",150,039,""
-Botswana,BW,BWA,072,ISO 3166-2:BW,Africa,Sub-Saharan Africa,Southern Africa,002,202,018
-Bouvet Island,BV,BVT,074,ISO 3166-2:BV,Americas,Latin America and the Caribbean,South America,019,419,005
-Brazil,BR,BRA,076,ISO 3166-2:BR,Americas,Latin America and the Caribbean,South America,019,419,005
-British Indian Ocean Territory,IO,IOT,086,ISO 3166-2:IO,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Brunei Darussalam,BN,BRN,096,ISO 3166-2:BN,Asia,South-eastern Asia,"",142,035,""
-Bulgaria,BG,BGR,100,ISO 3166-2:BG,Europe,Eastern Europe,"",150,151,""
-Burkina Faso,BF,BFA,854,ISO 3166-2:BF,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Burundi,BI,BDI,108,ISO 3166-2:BI,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Cabo Verde,CV,CPV,132,ISO 3166-2:CV,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Cambodia,KH,KHM,116,ISO 3166-2:KH,Asia,South-eastern Asia,"",142,035,""
-Cameroon,CM,CMR,120,ISO 3166-2:CM,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
-Canada,CA,CAN,124,ISO 3166-2:CA,Americas,Northern America,"",019,021,""
-Cayman Islands,KY,CYM,136,ISO 3166-2:KY,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Central African Republic,CF,CAF,140,ISO 3166-2:CF,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
-Chad,TD,TCD,148,ISO 3166-2:TD,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
-Chile,CL,CHL,152,ISO 3166-2:CL,Americas,Latin America and the Caribbean,South America,019,419,005
-China,CN,CHN,156,ISO 3166-2:CN,Asia,Eastern Asia,"",142,030,""
-Christmas Island,CX,CXR,162,ISO 3166-2:CX,Oceania,Australia and New Zealand,"",009,053,""
-Cocos (Keeling) Islands,CC,CCK,166,ISO 3166-2:CC,Oceania,Australia and New Zealand,"",009,053,""
-Colombia,CO,COL,170,ISO 3166-2:CO,Americas,Latin America and the Caribbean,South America,019,419,005
-Comoros,KM,COM,174,ISO 3166-2:KM,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Congo,CG,COG,178,ISO 3166-2:CG,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
-"Congo, Democratic Republic of the",CD,COD,180,ISO 3166-2:CD,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
-Cook Islands,CK,COK,184,ISO 3166-2:CK,Oceania,Polynesia,"",009,061,""
-Costa Rica,CR,CRI,188,ISO 3166-2:CR,Americas,Latin America and the Caribbean,Central America,019,419,013
-Côte d'Ivoire,CI,CIV,384,ISO 3166-2:CI,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Croatia,HR,HRV,191,ISO 3166-2:HR,Europe,Southern Europe,"",150,039,""
-Cuba,CU,CUB,192,ISO 3166-2:CU,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Curaçao,CW,CUW,531,ISO 3166-2:CW,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Cyprus,CY,CYP,196,ISO 3166-2:CY,Asia,Western Asia,"",142,145,""
-Czechia,CZ,CZE,203,ISO 3166-2:CZ,Europe,Eastern Europe,"",150,151,""
-Denmark,DK,DNK,208,ISO 3166-2:DK,Europe,Northern Europe,"",150,154,""
-Djibouti,DJ,DJI,262,ISO 3166-2:DJ,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Dominica,DM,DMA,212,ISO 3166-2:DM,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Dominican Republic,DO,DOM,214,ISO 3166-2:DO,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Ecuador,EC,ECU,218,ISO 3166-2:EC,Americas,Latin America and the Caribbean,South America,019,419,005
-Egypt,EG,EGY,818,ISO 3166-2:EG,Africa,Northern Africa,"",002,015,""
-El Salvador,SV,SLV,222,ISO 3166-2:SV,Americas,Latin America and the Caribbean,Central America,019,419,013
-Equatorial Guinea,GQ,GNQ,226,ISO 3166-2:GQ,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
-Eritrea,ER,ERI,232,ISO 3166-2:ER,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Estonia,EE,EST,233,ISO 3166-2:EE,Europe,Northern Europe,"",150,154,""
-Eswatini,SZ,SWZ,748,ISO 3166-2:SZ,Africa,Sub-Saharan Africa,Southern Africa,002,202,018
-Ethiopia,ET,ETH,231,ISO 3166-2:ET,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Falkland Islands (Malvinas),FK,FLK,238,ISO 3166-2:FK,Americas,Latin America and the Caribbean,South America,019,419,005
-Faroe Islands,FO,FRO,234,ISO 3166-2:FO,Europe,Northern Europe,"",150,154,""
-Fiji,FJ,FJI,242,ISO 3166-2:FJ,Oceania,Melanesia,"",009,054,""
-Finland,FI,FIN,246,ISO 3166-2:FI,Europe,Northern Europe,"",150,154,""
-France,FR,FRA,250,ISO 3166-2:FR,Europe,Western Europe,"",150,155,""
-French Guiana,GF,GUF,254,ISO 3166-2:GF,Americas,Latin America and the Caribbean,South America,019,419,005
-French Polynesia,PF,PYF,258,ISO 3166-2:PF,Oceania,Polynesia,"",009,061,""
-French Southern Territories,TF,ATF,260,ISO 3166-2:TF,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Gabon,GA,GAB,266,ISO 3166-2:GA,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
-Gambia,GM,GMB,270,ISO 3166-2:GM,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Georgia,GE,GEO,268,ISO 3166-2:GE,Asia,Western Asia,"",142,145,""
-Germany,DE,DEU,276,ISO 3166-2:DE,Europe,Western Europe,"",150,155,""
-Ghana,GH,GHA,288,ISO 3166-2:GH,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Gibraltar,GI,GIB,292,ISO 3166-2:GI,Europe,Southern Europe,"",150,039,""
-Greece,GR,GRC,300,ISO 3166-2:GR,Europe,Southern Europe,"",150,039,""
-Greenland,GL,GRL,304,ISO 3166-2:GL,Americas,Northern America,"",019,021,""
-Grenada,GD,GRD,308,ISO 3166-2:GD,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Guadeloupe,GP,GLP,312,ISO 3166-2:GP,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Guam,GU,GUM,316,ISO 3166-2:GU,Oceania,Micronesia,"",009,057,""
-Guatemala,GT,GTM,320,ISO 3166-2:GT,Americas,Latin America and the Caribbean,Central America,019,419,013
-Guernsey,GG,GGY,831,ISO 3166-2:GG,Europe,Northern Europe,Channel Islands,150,154,830
-Guinea,GN,GIN,324,ISO 3166-2:GN,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Guinea-Bissau,GW,GNB,624,ISO 3166-2:GW,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Guyana,GY,GUY,328,ISO 3166-2:GY,Americas,Latin America and the Caribbean,South America,019,419,005
-Haiti,HT,HTI,332,ISO 3166-2:HT,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Heard Island and McDonald Islands,HM,HMD,334,ISO 3166-2:HM,Oceania,Australia and New Zealand,"",009,053,""
-Holy See,VA,VAT,336,ISO 3166-2:VA,Europe,Southern Europe,"",150,039,""
-Honduras,HN,HND,340,ISO 3166-2:HN,Americas,Latin America and the Caribbean,Central America,019,419,013
-Hong Kong,HK,HKG,344,ISO 3166-2:HK,Asia,Eastern Asia,"",142,030,""
-Hungary,HU,HUN,348,ISO 3166-2:HU,Europe,Eastern Europe,"",150,151,""
-Iceland,IS,ISL,352,ISO 3166-2:IS,Europe,Northern Europe,"",150,154,""
-India,IN,IND,356,ISO 3166-2:IN,Asia,Southern Asia,"",142,034,""
-Indonesia,ID,IDN,360,ISO 3166-2:ID,Asia,South-eastern Asia,"",142,035,""
-Iran (Islamic Republic of),IR,IRN,364,ISO 3166-2:IR,Asia,Southern Asia,"",142,034,""
-Iraq,IQ,IRQ,368,ISO 3166-2:IQ,Asia,Western Asia,"",142,145,""
-Ireland,IE,IRL,372,ISO 3166-2:IE,Europe,Northern Europe,"",150,154,""
-Isle of Man,IM,IMN,833,ISO 3166-2:IM,Europe,Northern Europe,"",150,154,""
-Israel,IL,ISR,376,ISO 3166-2:IL,Asia,Western Asia,"",142,145,""
-Italy,IT,ITA,380,ISO 3166-2:IT,Europe,Southern Europe,"",150,039,""
-Jamaica,JM,JAM,388,ISO 3166-2:JM,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Japan,JP,JPN,392,ISO 3166-2:JP,Asia,Eastern Asia,"",142,030,""
-Jersey,JE,JEY,832,ISO 3166-2:JE,Europe,Northern Europe,Channel Islands,150,154,830
-Jordan,JO,JOR,400,ISO 3166-2:JO,Asia,Western Asia,"",142,145,""
-Kazakhstan,KZ,KAZ,398,ISO 3166-2:KZ,Asia,Central Asia,"",142,143,""
-Kenya,KE,KEN,404,ISO 3166-2:KE,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Kiribati,KI,KIR,296,ISO 3166-2:KI,Oceania,Micronesia,"",009,057,""
-Korea (Democratic People's Republic of),KP,PRK,408,ISO 3166-2:KP,Asia,Eastern Asia,"",142,030,""
-"Korea, Republic of",KR,KOR,410,ISO 3166-2:KR,Asia,Eastern Asia,"",142,030,""
-Kuwait,KW,KWT,414,ISO 3166-2:KW,Asia,Western Asia,"",142,145,""
-Kyrgyzstan,KG,KGZ,417,ISO 3166-2:KG,Asia,Central Asia,"",142,143,""
-Lao People's Democratic Republic,LA,LAO,418,ISO 3166-2:LA,Asia,South-eastern Asia,"",142,035,""
-Latvia,LV,LVA,428,ISO 3166-2:LV,Europe,Northern Europe,"",150,154,""
-Lebanon,LB,LBN,422,ISO 3166-2:LB,Asia,Western Asia,"",142,145,""
-Lesotho,LS,LSO,426,ISO 3166-2:LS,Africa,Sub-Saharan Africa,Southern Africa,002,202,018
-Liberia,LR,LBR,430,ISO 3166-2:LR,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Libya,LY,LBY,434,ISO 3166-2:LY,Africa,Northern Africa,"",002,015,""
-Liechtenstein,LI,LIE,438,ISO 3166-2:LI,Europe,Western Europe,"",150,155,""
-Lithuania,LT,LTU,440,ISO 3166-2:LT,Europe,Northern Europe,"",150,154,""
-Luxembourg,LU,LUX,442,ISO 3166-2:LU,Europe,Western Europe,"",150,155,""
-Macao,MO,MAC,446,ISO 3166-2:MO,Asia,Eastern Asia,"",142,030,""
-Madagascar,MG,MDG,450,ISO 3166-2:MG,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Malawi,MW,MWI,454,ISO 3166-2:MW,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Malaysia,MY,MYS,458,ISO 3166-2:MY,Asia,South-eastern Asia,"",142,035,""
-Maldives,MV,MDV,462,ISO 3166-2:MV,Asia,Southern Asia,"",142,034,""
-Mali,ML,MLI,466,ISO 3166-2:ML,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Malta,MT,MLT,470,ISO 3166-2:MT,Europe,Southern Europe,"",150,039,""
-Marshall Islands,MH,MHL,584,ISO 3166-2:MH,Oceania,Micronesia,"",009,057,""
-Martinique,MQ,MTQ,474,ISO 3166-2:MQ,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Mauritania,MR,MRT,478,ISO 3166-2:MR,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Mauritius,MU,MUS,480,ISO 3166-2:MU,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Mayotte,YT,MYT,175,ISO 3166-2:YT,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Mexico,MX,MEX,484,ISO 3166-2:MX,Americas,Latin America and the Caribbean,Central America,019,419,013
-Micronesia (Federated States of),FM,FSM,583,ISO 3166-2:FM,Oceania,Micronesia,"",009,057,""
-"Moldova, Republic of",MD,MDA,498,ISO 3166-2:MD,Europe,Eastern Europe,"",150,151,""
-Monaco,MC,MCO,492,ISO 3166-2:MC,Europe,Western Europe,"",150,155,""
-Mongolia,MN,MNG,496,ISO 3166-2:MN,Asia,Eastern Asia,"",142,030,""
-Montenegro,ME,MNE,499,ISO 3166-2:ME,Europe,Southern Europe,"",150,039,""
-Montserrat,MS,MSR,500,ISO 3166-2:MS,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Morocco,MA,MAR,504,ISO 3166-2:MA,Africa,Northern Africa,"",002,015,""
-Mozambique,MZ,MOZ,508,ISO 3166-2:MZ,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Myanmar,MM,MMR,104,ISO 3166-2:MM,Asia,South-eastern Asia,"",142,035,""
-Namibia,NA,NAM,516,ISO 3166-2:NA,Africa,Sub-Saharan Africa,Southern Africa,002,202,018
-Nauru,NR,NRU,520,ISO 3166-2:NR,Oceania,Micronesia,"",009,057,""
-Nepal,NP,NPL,524,ISO 3166-2:NP,Asia,Southern Asia,"",142,034,""
-Netherlands,NL,NLD,528,ISO 3166-2:NL,Europe,Western Europe,"",150,155,""
-New Caledonia,NC,NCL,540,ISO 3166-2:NC,Oceania,Melanesia,"",009,054,""
-New Zealand,NZ,NZL,554,ISO 3166-2:NZ,Oceania,Australia and New Zealand,"",009,053,""
-Nicaragua,NI,NIC,558,ISO 3166-2:NI,Americas,Latin America and the Caribbean,Central America,019,419,013
-Niger,NE,NER,562,ISO 3166-2:NE,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Nigeria,NG,NGA,566,ISO 3166-2:NG,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Niue,NU,NIU,570,ISO 3166-2:NU,Oceania,Polynesia,"",009,061,""
-Norfolk Island,NF,NFK,574,ISO 3166-2:NF,Oceania,Australia and New Zealand,"",009,053,""
-North Macedonia,MK,MKD,807,ISO 3166-2:MK,Europe,Southern Europe,"",150,039,""
-Northern Mariana Islands,MP,MNP,580,ISO 3166-2:MP,Oceania,Micronesia,"",009,057,""
-Norway,NO,NOR,578,ISO 3166-2:NO,Europe,Northern Europe,"",150,154,""
-Oman,OM,OMN,512,ISO 3166-2:OM,Asia,Western Asia,"",142,145,""
-Pakistan,PK,PAK,586,ISO 3166-2:PK,Asia,Southern Asia,"",142,034,""
-Palau,PW,PLW,585,ISO 3166-2:PW,Oceania,Micronesia,"",009,057,""
-"Palestine, State of",PS,PSE,275,ISO 3166-2:PS,Asia,Western Asia,"",142,145,""
-Panama,PA,PAN,591,ISO 3166-2:PA,Americas,Latin America and the Caribbean,Central America,019,419,013
-Papua New Guinea,PG,PNG,598,ISO 3166-2:PG,Oceania,Melanesia,"",009,054,""
-Paraguay,PY,PRY,600,ISO 3166-2:PY,Americas,Latin America and the Caribbean,South America,019,419,005
-Peru,PE,PER,604,ISO 3166-2:PE,Americas,Latin America and the Caribbean,South America,019,419,005
-Philippines,PH,PHL,608,ISO 3166-2:PH,Asia,South-eastern Asia,"",142,035,""
-Pitcairn,PN,PCN,612,ISO 3166-2:PN,Oceania,Polynesia,"",009,061,""
-Poland,PL,POL,616,ISO 3166-2:PL,Europe,Eastern Europe,"",150,151,""
-Portugal,PT,PRT,620,ISO 3166-2:PT,Europe,Southern Europe,"",150,039,""
-Puerto Rico,PR,PRI,630,ISO 3166-2:PR,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Qatar,QA,QAT,634,ISO 3166-2:QA,Asia,Western Asia,"",142,145,""
-Réunion,RE,REU,638,ISO 3166-2:RE,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Romania,RO,ROU,642,ISO 3166-2:RO,Europe,Eastern Europe,"",150,151,""
-Russian Federation,RU,RUS,643,ISO 3166-2:RU,Europe,Eastern Europe,"",150,151,""
-Rwanda,RW,RWA,646,ISO 3166-2:RW,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Saint Barthélemy,BL,BLM,652,ISO 3166-2:BL,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-"Saint Helena, Ascension and Tristan da Cunha",SH,SHN,654,ISO 3166-2:SH,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Saint Kitts and Nevis,KN,KNA,659,ISO 3166-2:KN,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Saint Lucia,LC,LCA,662,ISO 3166-2:LC,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Saint Martin (French part),MF,MAF,663,ISO 3166-2:MF,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Saint Pierre and Miquelon,PM,SPM,666,ISO 3166-2:PM,Americas,Northern America,"",019,021,""
-Saint Vincent and the Grenadines,VC,VCT,670,ISO 3166-2:VC,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Samoa,WS,WSM,882,ISO 3166-2:WS,Oceania,Polynesia,"",009,061,""
-San Marino,SM,SMR,674,ISO 3166-2:SM,Europe,Southern Europe,"",150,039,""
-Sao Tome and Principe,ST,STP,678,ISO 3166-2:ST,Africa,Sub-Saharan Africa,Middle Africa,002,202,017
-Saudi Arabia,SA,SAU,682,ISO 3166-2:SA,Asia,Western Asia,"",142,145,""
-Senegal,SN,SEN,686,ISO 3166-2:SN,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Serbia,RS,SRB,688,ISO 3166-2:RS,Europe,Southern Europe,"",150,039,""
-Seychelles,SC,SYC,690,ISO 3166-2:SC,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Sierra Leone,SL,SLE,694,ISO 3166-2:SL,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Singapore,SG,SGP,702,ISO 3166-2:SG,Asia,South-eastern Asia,"",142,035,""
-Sint Maarten (Dutch part),SX,SXM,534,ISO 3166-2:SX,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Slovakia,SK,SVK,703,ISO 3166-2:SK,Europe,Eastern Europe,"",150,151,""
-Slovenia,SI,SVN,705,ISO 3166-2:SI,Europe,Southern Europe,"",150,039,""
-Solomon Islands,SB,SLB,090,ISO 3166-2:SB,Oceania,Melanesia,"",009,054,""
-Somalia,SO,SOM,706,ISO 3166-2:SO,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-South Africa,ZA,ZAF,710,ISO 3166-2:ZA,Africa,Sub-Saharan Africa,Southern Africa,002,202,018
-South Georgia and the South Sandwich Islands,GS,SGS,239,ISO 3166-2:GS,Americas,Latin America and the Caribbean,South America,019,419,005
-South Sudan,SS,SSD,728,ISO 3166-2:SS,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Spain,ES,ESP,724,ISO 3166-2:ES,Europe,Southern Europe,"",150,039,""
-Sri Lanka,LK,LKA,144,ISO 3166-2:LK,Asia,Southern Asia,"",142,034,""
-Sudan,SD,SDN,729,ISO 3166-2:SD,Africa,Northern Africa,"",002,015,""
-Suriname,SR,SUR,740,ISO 3166-2:SR,Americas,Latin America and the Caribbean,South America,019,419,005
-Svalbard and Jan Mayen,SJ,SJM,744,ISO 3166-2:SJ,Europe,Northern Europe,"",150,154,""
-Sweden,SE,SWE,752,ISO 3166-2:SE,Europe,Northern Europe,"",150,154,""
-Switzerland,CH,CHE,756,ISO 3166-2:CH,Europe,Western Europe,"",150,155,""
-Syrian Arab Republic,SY,SYR,760,ISO 3166-2:SY,Asia,Western Asia,"",142,145,""
-"Taiwan, Province of China",TW,TWN,158,ISO 3166-2:TW,Asia,Eastern Asia,"",142,030,""
-Tajikistan,TJ,TJK,762,ISO 3166-2:TJ,Asia,Central Asia,"",142,143,""
-"Tanzania, United Republic of",TZ,TZA,834,ISO 3166-2:TZ,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Thailand,TH,THA,764,ISO 3166-2:TH,Asia,South-eastern Asia,"",142,035,""
-Timor-Leste,TL,TLS,626,ISO 3166-2:TL,Asia,South-eastern Asia,"",142,035,""
-Togo,TG,TGO,768,ISO 3166-2:TG,Africa,Sub-Saharan Africa,Western Africa,002,202,011
-Tokelau,TK,TKL,772,ISO 3166-2:TK,Oceania,Polynesia,"",009,061,""
-Tonga,TO,TON,776,ISO 3166-2:TO,Oceania,Polynesia,"",009,061,""
-Trinidad and Tobago,TT,TTO,780,ISO 3166-2:TT,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Tunisia,TN,TUN,788,ISO 3166-2:TN,Africa,Northern Africa,"",002,015,""
-Turkey,TR,TUR,792,ISO 3166-2:TR,Asia,Western Asia,"",142,145,""
-Turkmenistan,TM,TKM,795,ISO 3166-2:TM,Asia,Central Asia,"",142,143,""
-Turks and Caicos Islands,TC,TCA,796,ISO 3166-2:TC,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Tuvalu,TV,TUV,798,ISO 3166-2:TV,Oceania,Polynesia,"",009,061,""
-Uganda,UG,UGA,800,ISO 3166-2:UG,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Ukraine,UA,UKR,804,ISO 3166-2:UA,Europe,Eastern Europe,"",150,151,""
-United Arab Emirates,AE,ARE,784,ISO 3166-2:AE,Asia,Western Asia,"",142,145,""
-United Kingdom of Great Britain and Northern Ireland,GB,GBR,826,ISO 3166-2:GB,Europe,Northern Europe,"",150,154,""
-United States of America,US,USA,840,ISO 3166-2:US,Americas,Northern America,"",019,021,""
-United States Minor Outlying Islands,UM,UMI,581,ISO 3166-2:UM,Oceania,Micronesia,"",009,057,""
-Uruguay,UY,URY,858,ISO 3166-2:UY,Americas,Latin America and the Caribbean,South America,019,419,005
-Uzbekistan,UZ,UZB,860,ISO 3166-2:UZ,Asia,Central Asia,"",142,143,""
-Vanuatu,VU,VUT,548,ISO 3166-2:VU,Oceania,Melanesia,"",009,054,""
-Venezuela (Bolivarian Republic of),VE,VEN,862,ISO 3166-2:VE,Americas,Latin America and the Caribbean,South America,019,419,005
-Viet Nam,VN,VNM,704,ISO 3166-2:VN,Asia,South-eastern Asia,"",142,035,""
-Virgin Islands (British),VG,VGB,092,ISO 3166-2:VG,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Virgin Islands (U.S.),VI,VIR,850,ISO 3166-2:VI,Americas,Latin America and the Caribbean,Caribbean,019,419,029
-Wallis and Futuna,WF,WLF,876,ISO 3166-2:WF,Oceania,Polynesia,"",009,061,""
-Western Sahara,EH,ESH,732,ISO 3166-2:EH,Africa,Northern Africa,"",002,015,""
-Yemen,YE,YEM,887,ISO 3166-2:YE,Asia,Western Asia,"",142,145,""
-Zambia,ZM,ZMB,894,ISO 3166-2:ZM,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
-Zimbabwe,ZW,ZWE,716,ISO 3166-2:ZW,Africa,Sub-Saharan Africa,Eastern Africa,002,202,014
diff --git a/roles/nifi/files/SOCTOOLS-CA.crt b/roles/nifi/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/nifi/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/nifi/files/cacerts.jks b/roles/nifi/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
Binary files /dev/null and b/roles/nifi/files/cacerts.jks differ
diff --git a/roles/nifi/files/common-cacerts.jks b/roles/nifi/files/common-cacerts.jks
deleted file mode 100644
index 200a005f89ab6e2ba316460b071979aa9f5b8c58..0000000000000000000000000000000000000000
Binary files a/roles/nifi/files/common-cacerts.jks and /dev/null differ
diff --git a/roles/nifi/files/dsoclab-nifi-1.p12 b/roles/nifi/files/dsoclab-nifi-1.p12
new file mode 100644
index 0000000000000000000000000000000000000000..0076ad1207c243f877de929e2424ed953f60469c
Binary files /dev/null and b/roles/nifi/files/dsoclab-nifi-1.p12 differ
diff --git a/roles/nifi/files/dsoclab-nifi-2.p12 b/roles/nifi/files/dsoclab-nifi-2.p12
new file mode 100644
index 0000000000000000000000000000000000000000..fdbd25a1e50851b8ea865781bc903dcc78a1cc8f
Binary files /dev/null and b/roles/nifi/files/dsoclab-nifi-2.p12 differ
diff --git a/roles/nifi/files/dsoclab-nifi-3.p12 b/roles/nifi/files/dsoclab-nifi-3.p12
new file mode 100644
index 0000000000000000000000000000000000000000..4d4b23daaa41114bb1ab95eea974f0c2618dbbeb
Binary files /dev/null and b/roles/nifi/files/dsoclab-nifi-3.p12 differ
diff --git a/roles/nifi/files/haproxy.groklib b/roles/nifi/files/haproxy.groklib
deleted file mode 100644
index 37517af78809e9cf66aa4f1e95817457aec306ee..0000000000000000000000000000000000000000
--- a/roles/nifi/files/haproxy.groklib
+++ /dev/null
@@ -1,39 +0,0 @@
-## These patterns were tested w/ haproxy-1.4.15
-
-## Documentation of the haproxy log formats can be found at the following links:
-## http://code.google.com/p/haproxy-docs/wiki/HTTPLogFormat
-## http://code.google.com/p/haproxy-docs/wiki/TCPLogFormat
-
-HAPROXYTIME (?!<[0-9])%{HOUR:haproxy_hour}:%{MINUTE:haproxy_minute}(?::%{SECOND:haproxy_second})(?![0-9])
-HAPROXYDATE %{MONTHDAY:haproxy_monthday}/%{MONTH:haproxy_month}/%{YEAR:haproxy_year}:%{HAPROXYTIME:haproxy_time}.%{INT:haproxy_milliseconds}
-
-# Override these default patterns to parse out what is captured in your haproxy.cfg
-HAPROXYCAPTUREDREQUESTHEADERS %{DATA:captured_request_headers}
-HAPROXYCAPTUREDRESPONSEHEADERS %{DATA:captured_response_headers}
-
-# Example:
-# These haproxy config lines will add data to the logs that are captured
-# by the patterns below. Place them in your custom patterns directory to
-# override the defaults.
-#
-# capture request header Host len 40
-# capture request header X-Forwarded-For len 50
-# capture request header Accept-Language len 50
-# capture request header Referer len 200
-# capture request header User-Agent len 200
-#
-# capture response header Content-Type len 30
-# capture response header Content-Encoding len 10
-# capture response header Cache-Control len 200
-# capture response header Last-Modified len 200
-#
-# HAPROXYCAPTUREDREQUESTHEADERS %{DATA:request_header_host}\|%{DATA:request_header_x_forwarded_for}\|%{DATA:request_header_accept_language}\|%{DATA:request_header_referer}\|%{DATA:request_header_user_agent}
-# HAPROXYCAPTUREDRESPONSEHEADERS %{DATA:response_header_content_type}\|%{DATA:response_header_content_encoding}\|%{DATA:response_header_cache_control}\|%{DATA:response_header_last_modified}
-
-# parse a haproxy 'httplog' line
-HAPROXYHTTPBASE %{IP:client.ip}:%{INT:client.port} \[%{HAPROXYDATE:timestamp}\] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server.domain} %{INT:time_request}/%{INT:time_queue}/%{INT:time_backend_connect}/%{INT:time_backend_response}/%{NOTSPACE:time_duration} %{INT:http_status_code} %{NOTSPACE:bytes_read} %{DATA:captured_request_cookie} %{DATA:captured_response_cookie} %{NOTSPACE:termination_state} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn}/%{NOTSPACE:retries} %{INT:srv_queue}/%{INT:backend_queue} (\{%{HAPROXYCAPTUREDREQUESTHEADERS}\})?( )?(\{%{HAPROXYCAPTUREDRESPONSEHEADERS}\})?( )?"(<BADREQ>|(%{WORD:http_verb} (%{URIPROTO:http_proto}://)?(?:%{USER:http_user}(?::[^@]*)?@)?(?:%{URIHOST:http_host})?(?:%{URIPATHPARAM:http_request})?( HTTP/%{NUMBER:http_version})?))?"
-
-HAPROXYHTTP (?:%{SYSLOGTIMESTAMP:syslog_timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) %{IPORHOST:syslog_server} %{SYSLOGPROG}: %{HAPROXYHTTPBASE}
-
-# parse a haproxy 'tcplog' line
-HAPROXYTCP (?:%{SYSLOGTIMESTAMP:syslog_timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) %{IPORHOST:syslog_server} %{SYSLOGPROG}: %{IP:client.ip}:%{INT:client.port} \[%{HAPROXYDATE:timestamp}\] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server_name} %{INT:time_queue}/%{INT:time_backend_connect}/%{NOTSPACE:time_duration} %{NOTSPACE:bytes_read} %{NOTSPACE:termination_state} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn}/%{NOTSPACE:retries} %{INT:srv_queue}/%{INT:backend_queue}
\ No newline at end of file
diff --git a/roles/nifi/files/nifisecret b/roles/nifi/files/nifisecret
new file mode 100644
index 0000000000000000000000000000000000000000..cbbcd4a597c58e86283a43a3b7acc6397c3a95ca
--- /dev/null
+++ b/roles/nifi/files/nifisecret
@@ -0,0 +1,3 @@
+{
+ "value" : "ccfda830-defc-4fec-85fc-9b2b7c98e8ba"
+}
\ No newline at end of file
diff --git a/roles/nifi/tasks/main.yml b/roles/nifi/tasks/main.yml
index d4ab3ad3a89413bf3d6a848822562a5ccb6d92ca..ec0249ccf785f4a8e9c55e3330d63787735ac4f0 100644
--- a/roles/nifi/tasks/main.yml
+++ b/roles/nifi/tasks/main.yml
@@ -1,17 +1,151 @@
---
-- include: start.yml
+- name: Copy cacert to ca-trust dir
+ remote_user: root
+ copy:
+ src: "files/{{ca_cn}}.crt"
+ dest: /etc/pki/ca-trust/source/anchors/ca.crt
+ tags:
+ - start
+
+- name: Install cacert to root truststore
+ remote_user: root
+ command: "update-ca-trust"
+ tags:
+ - start
+
+- name: Copy certificates in NiFi conf dir
+ copy:
+ src: "{{ item }}"
+ dest: "conf/{{ item }}"
+ with_items:
+ - "{{ inventory_hostname }}.p12"
+ - cacerts.jks
+ tags:
+ - start
+
+- name: Configure flow.xml
+ template:
+ src: "flow.xml.j2"
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
+ tags:
+ - start
+
+- name: Gzip flow.xml
+ archive:
+ path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml.gz"
+ format: gz
+ tags:
+ - start
+
+- name: Get openid authkey
+ set_fact:
+ nifisecret: "{{lookup('file', 'files/nifisecret',convert_data=False) | from_json }}"
+ tags:
+ - start
+
+- name: Configure NiFi boostrap properties
+ template:
+ src: bootstrap.conf.j2
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/bootstrap.conf"
+ tags:
+ - start
+
+- name: Configure NiFi properties for secure servers
+ template:
+ src: nifi.properties.j2
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/nifi.properties"
+ tags:
+ - start
+
+- name: Copy authorizations.xml
+ copy:
+ src: "authorizations.xml"
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/authorizations.xml"
+ tags:
+ - start
+
+- name: Configure users
+ template:
+ src: users.xml.j2
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/users.xml"
+ tags:
+ - start
+
+- name: Configure NiFi authorizers for secure servers
+ template:
+ src: authorizers.xml.j2
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/authorizers.xml"
+ tags:
+ - start
+
+- name: Create conf/enrich dir
+ file: path={{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich state=directory
+ tags:
+ - start
+
+- name: Copy empty GeoLite2-City database
+ copy:
+ src: GeoLite2-City.mmdb
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/GeoLite2-City.mmdb"
+ tags:
+ - start
+
+- name: Download list of Tor exist nodes
+ get_url:
+ url: https://check.torproject.org/torbulkexitlist
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/tornodes.csv"
+ tags:
+ - start
+
+- name: Add header to tornodes.csv
+ lineinfile:
+ path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/tornodes.csv"
+ line: 'ip_addr'
+ insertbefore: BOF
tags:
- start
-- include: stop.yml
+
+- name: Download umbrella-top-1m.csv
+ get_url:
+ url: http://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/umbrella-top-1m.csv"
tags:
- - stop
- - stop-nifi
-- include: update-config.yml
+ - start
+
+- name: Download alexa-top-1m.csv
+ get_url:
+ url: http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
+ dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/alexa-top-1m.csv"
+ tags:
+ - start
+
+- name: Start NiFi
+ command: "{{ ansible_facts.env['NIFI_HOME'] }}/bin/nifi.sh start"
tags:
- - update-config
- - update-nifi-config
-- include: restart.yml
+ - start
+
+#- name: check reachable hosts
+# gather_facts: no
+# tasks:
+# - command: ping -c1 {{ inventory_hostname }}
+# delegate_to: localhost
+# register: ping_result
+# ignore_errors: yes
+# - group_by: key=reachable
+# when: ping_result|success
+
+- name: Stop NiFi
+ command: "{{ ansible_facts.env['NIFI_HOME'] }}/bin/nifi.sh stop"
tags:
- - restart
- - restart-nifi
+ - stop
+
+#- name: Copy flow from NiFi
+# fetch:
+# src: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml.gz"
+# dest: "{{ role_path }}/files/flow-{{ inventory_hostname }}.xml.gz"
+# flat: yes
+# tags:
+# - stop
+
diff --git a/roles/nifi/tasks/restart.yml b/roles/nifi/tasks/restart.yml
deleted file mode 100644
index d5434f2a368c8bfa115e96c39708d4c6764438b3..0000000000000000000000000000000000000000
--- a/roles/nifi/tasks/restart.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-
-- name: Restart NiFi
- remote_user: root
- command: "supervisorctl restart nifi"
-
diff --git a/roles/nifi/tasks/start.yml b/roles/nifi/tasks/start.yml
deleted file mode 100644
index 99420a5984cbd451e2aeb462fc21737a7c5b7b2c..0000000000000000000000000000000000000000
--- a/roles/nifi/tasks/start.yml
+++ /dev/null
@@ -1,204 +0,0 @@
----
-
-- name: Copy cacert to ca-trust dir
- remote_user: root
- copy:
- src: "{{playbook_dir}}/secrets/CA/ca.crt"
- dest: /etc/pki/ca-trust/source/anchors/ca.crt
-
-- name: Install cacert to root truststore
- remote_user: root
- command: "update-ca-trust"
-
-- name: Copy certificates in NiFi conf dir
- remote_user: nifi
- copy:
- src: "{{ item }}"
- dest: "conf/"
- with_items:
- - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12"
- - "{{playbook_dir}}/secrets/CA/cacerts.jks"
- - common-cacerts.jks
-
-- name: Check if flow.xml already exists
- remote_user: nifi
- stat:
- path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
- register: flowfile
-
-- name: Configure flow.xml
- remote_user: nifi
- template:
- src: "flow.xml.j2"
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
- when: not flowfile.stat.exists
-
-- name: Gzip flow.xml
- remote_user: nifi
- archive:
- path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml.gz"
- format: gz
- when: not flowfile.stat.exists
-
-- name: Get openid authkey
- remote_user: nifi
- set_fact:
- nifisecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/nifisecret',convert_data=False)}}"
-
-- name: Configure NiFi boostrap properties
- remote_user: nifi
- template:
- src: bootstrap.conf.j2
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/bootstrap.conf"
-
-- name: Configure NiFi properties for secure servers
- remote_user: nifi
- template:
- src: nifi.properties.j2
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/nifi.properties"
-
-- name: Copy authorizations.xml
- remote_user: nifi
- copy:
- src: "authorizations.xml"
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/authorizations.xml"
-
-- name: Configure users
- remote_user: nifi
- template:
- src: users.xml.j2
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/users.xml"
-
-- name: Configure NiFi authorizers for secure servers
- remote_user: nifi
- template:
- src: authorizers.xml.j2
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/authorizers.xml"
-
-- name: Create conf/enrich dir
- remote_user: nifi
- file: path={{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich state=directory
-
-- name: Create conf/enrich/freq dir
- remote_user: nifi
- file: path={{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/freq state=directory
-
-- name: Download freq processor
- remote_user: nifi
- get_url:
- url: 'https://scm.uninett.no/geant-wp8-t3.1/nifi-processors/-/raw/master/scripts/freq/{{ item }}'
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/freq/"
- with_items:
- - alexa.json
- - freq.py
- - freqProcessor.py
-
-- name: Copy empty GeoLite2-City database
- remote_user: nifi
- copy:
- src: GeoLite2-City.mmdb
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/GeoLite2-City.mmdb"
-
-- name: Copy CountriesWithRegionalCodes.csv
- remote_user: nifi
- copy:
- src: CountriesWithRegionalCodes.csv
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/CountriesWithRegionalCodes.csv"
-
-- name: Copy grok libraries
- copy:
- src: haproxy.groklib
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/haproxy.groklib"
-
-- name: Create empty list of Tor nodes
- remote_user: nifi
- copy:
- content: "ip_addr,value"
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/tornodes.csv"
- force: no
-
-- name: Download umbrella-top-1m.csv.zip
- remote_user: nifi
- local_action:
- module: get_url
- url: http://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip
- dest: "/tmp/umbrella-top-1m.csv.zip"
- run_once: True
-
-- name: Unzip umbrella-top-1m.csv.zip
- remote_user: nifi
- local_action:
- module: unarchive
- src: "/tmp/umbrella-top-1m.csv.zip"
- dest: "/tmp"
- run_once: True
-
-- name: Copy umbrella-top-1m.csv
- remote_user: nifi
- copy:
- src: "/tmp/top-1m.csv"
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/umbrella-top-1m.csv"
-
-- name: Add header to umbrella-top-1m.csv
- remote_user: nifi
- lineinfile:
- path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/umbrella-top-1m.csv"
- line: 'index,domain'
- insertbefore: BOF
-
-- name: Download alexa-top-1m.csv.zip
- remote_user: nifi
- local_action:
- module: get_url
- url: http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
- dest: "/tmp/alexa-top-1m.csv.zip"
- run_once: True
-
-- name: Unzip alexa-top-1m.csv.zip
- remote_user: nifi
- local_action:
- module: unarchive
- src: "/tmp/alexa-top-1m.csv.zip"
- dest: "/tmp"
- run_once: True
-
-- name: Copy alexa-top-1m.csv
- remote_user: nifi
- copy:
- src: "/tmp/top-1m.csv"
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/alexa-top-1m.csv"
-
-- name: Add header to alexa-top-1m.csv
- remote_user: nifi
- lineinfile:
- path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/alexa-top-1m.csv"
- line: 'index,domain'
- insertbefore: BOF
-
-- name: Start NiFi
- remote_user: root
- command: "supervisorctl start nifi"
-
-#- name: check reachable hosts
-# gather_facts: no
-# tasks:
-# - command: ping -c1 {{ inventory_hostname }}
-# delegate_to: localhost
-# register: ping_result
-# ignore_errors: yes
-# - group_by: key=reachable
-# when: ping_result|success
-
-- name: Set Autostart for supervisord's services
- replace:
- path: /etc/supervisord.conf
- regexp: '^autostart=false$'
- replace: 'autostart=true'
-
-#- name: Copy flow from NiFi
-# fetch:
-# src: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml.gz"
-# dest: "{{ role_path }}/files/flow-{{ inventory_hostname }}.xml.gz"
-# flat: yes
-
diff --git a/roles/nifi/tasks/stop.yml b/roles/nifi/tasks/stop.yml
deleted file mode 100644
index d6abd9a5bf0d555b0c3d531358c59b24a4044bbc..0000000000000000000000000000000000000000
--- a/roles/nifi/tasks/stop.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-
-- name: Stop NiFi
- remote_user: root
- command: "supervisorctl stop nifi"
-
diff --git a/roles/nifi/tasks/update-config.yml b/roles/nifi/tasks/update-config.yml
deleted file mode 100644
index ddadbd3efb8be28f5383b8a33612d0b52f0861bd..0000000000000000000000000000000000000000
--- a/roles/nifi/tasks/update-config.yml
+++ /dev/null
@@ -1,77 +0,0 @@
----
-
-- name: Check if flow.xml already exists
- remote_user: nifi
- stat:
- path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
- register: flowfile
-
-- name: Configure flow.xml
- remote_user: nifi
- template:
- src: "flow.xml.j2"
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
- when: not flowfile.stat.exists
-
-- name: Gzip flow.xml
- remote_user: nifi
- archive:
- path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml.gz"
- format: gz
- when: not flowfile.stat.exists
-
-- name: Configure NiFi boostrap properties
- remote_user: nifi
- template:
- src: bootstrap.conf.j2
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/bootstrap.conf"
-
-- name: Configure NiFi properties for secure servers
- remote_user: nifi
- template:
- src: nifi.properties.j2
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/nifi.properties"
-
-- name: Copy authorizations.xml
- remote_user: nifi
- copy:
- src: "authorizations.xml"
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/authorizations.xml"
-
-- name: Configure users
- remote_user: nifi
- template:
- src: users.xml.j2
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/users.xml"
-
-- name: Configure NiFi authorizers for secure servers
- remote_user: nifi
- template:
- src: authorizers.xml.j2
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/authorizers.xml"
-
-- name: Copy empty GeoLite2-City database
- remote_user: nifi
- copy:
- src: GeoLite2-City.mmdb
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/GeoLite2-City.mmdb"
-
-- name: Copy CountriesWithRegionalCodes.csv
- remote_user: nifi
- copy:
- src: CountriesWithRegionalCodes.csv
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/CountriesWithRegionalCodes.csv"
-
-- name: Copy grok libraries
- copy:
- src: haproxy.groklib
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/haproxy.groklib"
-
-- name: Create empty list of Tor nodes
- remote_user: nifi
- copy:
- content: "ip_addr,value"
- dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/tornodes.csv"
- force: no
-
diff --git a/roles/nifi/templates/flow.xml.j2 b/roles/nifi/templates/flow.xml.j2
index ec452185ec9559dd620b084aaa89a74009cfc01e..20517182d06a1ba8cf6ab4063e8f1ff03b723d5b 100644
--- a/roles/nifi/templates/flow.xml.j2
+++ b/roles/nifi/templates/flow.xml.j2
@@ -8,22 +8,16 @@
<name>NiFi Flow</name>
<position x="0.0" y="0.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processGroup>
<id>41088add-955b-3611-a0de-2c18b79b678c</id>
<name>Data processing</name>
<position x="1216.0" y="256.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processGroup>
<id>fcbcacd1-542d-3a15-a5aa-9c1302328954</id>
<name>Enrichment</name>
<position x="384.0" y="720.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>01b66126-695a-3059-b179-f1bf85e8ca91</id>
<name>Check fqdn enrichment</name>
@@ -34,7 +28,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -65,7 +59,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -96,7 +90,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -136,8 +130,6 @@
<name>fqdn enrichment</name>
<position x="-202.47354083453774" y="596.1945491887745" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>2703fe3e-7e6a-310e-a010-b30898befa9b</id>
<name>Check fqdn2 enrichment</name>
@@ -148,7 +140,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -188,8 +180,6 @@
<name>Enrich fqdn2</name>
<position x="368.0" y="416.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<inputPort>
<id>0cdf1224-a6d5-3ac4-a4f5-27a7588f1d98</id>
<name>Input</name>
@@ -200,7 +190,7 @@
<outputPort>
<id>58b0935e-1c5b-3ad1-a2cc-7de4826170a6</id>
<name>Output</name>
- <position x="1096.0" y="528.0" />
+ <position x="432.0" y="536.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
@@ -209,8 +199,6 @@
<name>Umbrella</name>
<position x="379.1725199638772" y="224.3012562119061" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>0306116f-b13d-30fc-94b1-34f3c8ba95da</id>
<name>Umbrella fqdn1</name>
@@ -221,7 +209,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -345,167 +333,6 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
</processGroup>
- <processGroup>
- <id>f2263bf3-7929-182a-8971-2ac159d0cca9</id>
- <name>Misp lookup</name>
- <position x="1024.0" y="224.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>cadc3f2e-8e08-195c-898e-1b5fbcdf56e0</id>
- <name>Misp fqdn2</name>
- <position x="480.99999953064577" y="197.99999761468263" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.LookupRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>lookup-service</name>
- <value>fa06ec39-7782-3ae3-8dfe-71d28c5240c3</value>
- </property>
- <property>
- <name>result-record-path</name>
- <value>${enrich_fqdn2}_misp</value>
- </property>
- <property>
- <name>routing-strategy</name>
- <value>route-to-success</value>
- </property>
- <property>
- <name>result-contents</name>
- <value>insert-entire-record</value>
- </property>
- <property>
- <name>record-update-strategy</name>
- <value>use-property</value>
- </property>
- <property>
- <name>key</name>
- <value>${enrich_fqdn2}</value>
- </property>
- </processor>
- <inputPort>
- <id>dca538c3-e563-1b63-8de2-edf46a599279</id>
- <name>Input</name>
- <position x="536.0" y="16.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <outputPort>
- <id>a4ef3d87-6241-14a5-b543-1824b197991c</id>
- <name>Output</name>
- <position x="536.0" y="456.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
- <funnel>
- <id>263b3963-3c73-1efc-8286-4e57645eefc2</id>
- <position x="152.0" y="248.0" />
- </funnel>
- <connection>
- <id>e47137a6-8c07-12bf-9d69-0e0c10b05088</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>cadc3f2e-8e08-195c-898e-1b5fbcdf56e0</sourceId>
- <sourceGroupId>f2263bf3-7929-182a-8971-2ac159d0cca9</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>a4ef3d87-6241-14a5-b543-1824b197991c</destinationId>
- <destinationGroupId>f2263bf3-7929-182a-8971-2ac159d0cca9</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>b4723c4d-5ed2-1f9e-bd7c-04076aa149cf</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>cadc3f2e-8e08-195c-898e-1b5fbcdf56e0</sourceId>
- <sourceGroupId>f2263bf3-7929-182a-8971-2ac159d0cca9</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>263b3963-3c73-1efc-8286-4e57645eefc2</destinationId>
- <destinationGroupId>f2263bf3-7929-182a-8971-2ac159d0cca9</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>60 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>edab3c6f-d21b-12a1-8b73-10c8012a3bd2</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>dca538c3-e563-1b63-8de2-edf46a599279</sourceId>
- <sourceGroupId>f2263bf3-7929-182a-8971-2ac159d0cca9</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>cadc3f2e-8e08-195c-898e-1b5fbcdf56e0</destinationId>
- <destinationGroupId>f2263bf3-7929-182a-8971-2ac159d0cca9</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <connection>
- <id>934921df-0175-1000-ffff-ffffeabcba7a</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>a4ef3d87-6241-14a5-b543-1824b197991c</sourceId>
- <sourceGroupId>f2263bf3-7929-182a-8971-2ac159d0cca9</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>58b0935e-1c5b-3ad1-a2cc-7de4826170a6</destinationId>
- <destinationGroupId>f9d9877a-de02-3374-9241-d3ca1939678b</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
<connection>
<id>fae5d513-1604-3fed-9adb-8ad19b5ab3c0</id>
<name />
@@ -515,9 +342,9 @@
<sourceId>c8994201-98f4-31d2-a604-11c3b454df00</sourceId>
<sourceGroupId>363fd695-1466-3404-ada3-036133ff8d15</sourceGroupId>
<sourceType>OUTPUT_PORT</sourceType>
- <destinationId>dca538c3-e563-1b63-8de2-edf46a599279</destinationId>
- <destinationGroupId>f2263bf3-7929-182a-8971-2ac159d0cca9</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
+ <destinationId>58b0935e-1c5b-3ad1-a2cc-7de4826170a6</destinationId>
+ <destinationGroupId>f9d9877a-de02-3374-9241-d3ca1939678b</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
<relationship />
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
@@ -552,8 +379,6 @@
<name>Enrich fqdn1</name>
<position x="376.0" y="200.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<inputPort>
<id>f2cc04f8-56bc-3adb-8d72-6ad7f6e6e48c</id>
<name>Input</name>
@@ -564,7 +389,7 @@
<outputPort>
<id>12745a98-f547-38d2-9c50-a471e8cf6fc7</id>
<name>Output</name>
- <position x="1112.0" y="528.0" />
+ <position x="432.0" y="536.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
@@ -573,8 +398,6 @@
<name>Umbrella</name>
<position x="379.1725199638772" y="224.3012562119061" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>ce84ada1-58b8-3c28-bc5a-64fc4f39e008</id>
<name>Umbrella fqdn1</name>
@@ -585,7 +408,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -629,7 +452,6 @@
<name>key</name>
<value>${enrich_fqdn1}</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>c31f9f4a-becc-35c3-b9c0-b836d061e364</id>
@@ -645,6 +467,10 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
+ <funnel>
+ <id>8811d4ff-bf71-38a6-8cf0-e5732840e1de</id>
+ <position x="-1204.5503424650574" y="470.375701251353" />
+ </funnel>
<connection>
<id>99b11d95-dfb3-34cf-8657-0c141d1e9f63</id>
<name />
@@ -685,117 +511,19 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
- </processGroup>
- <processGroup>
- <id>1de23f54-e22a-19df-8dd2-9235ae248d29</id>
- <name>Misp lookup</name>
- <position x="1056.0" y="216.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>16d53f41-fc96-1292-b434-9a157e27eaf3</id>
- <name>Misp fqdn1</name>
- <position x="480.99999953064577" y="197.99999761468263" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.LookupRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>lookup-service</name>
- <value>fa06ec39-7782-3ae3-8dfe-71d28c5240c3</value>
- </property>
- <property>
- <name>result-record-path</name>
- <value>${enrich_fqdn1}_misp</value>
- </property>
- <property>
- <name>routing-strategy</name>
- <value>route-to-success</value>
- </property>
- <property>
- <name>result-contents</name>
- <value>insert-entire-record</value>
- </property>
- <property>
- <name>record-update-strategy</name>
- <value>use-property</value>
- </property>
- <property>
- <name>key</name>
- <value>${enrich_fqdn1}</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <inputPort>
- <id>844331e5-cd55-1c55-889b-d447dfba57a2</id>
- <name>Input</name>
- <position x="536.0" y="16.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <outputPort>
- <id>e13e32a5-f5d5-1f5e-a38e-c1e19453fd31</id>
- <name>Output</name>
- <position x="536.0" y="456.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
<connection>
- <id>6153303e-0c09-1d36-9b87-6c2d0a5ed15a</id>
+ <id>badc00ed-f022-3045-bcfd-8a4839fef4bf</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>16d53f41-fc96-1292-b434-9a157e27eaf3</sourceId>
- <sourceGroupId>1de23f54-e22a-19df-8dd2-9235ae248d29</sourceGroupId>
+ <sourceId>ce84ada1-58b8-3c28-bc5a-64fc4f39e008</sourceId>
+ <sourceGroupId>c763d1fd-ae0f-3297-bab7-abf22759310d</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>e13e32a5-f5d5-1f5e-a38e-c1e19453fd31</destinationId>
- <destinationGroupId>1de23f54-e22a-19df-8dd2-9235ae248d29</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>3a4133c4-bc18-1bb7-84a0-06b25aba73f4</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>844331e5-cd55-1c55-889b-d447dfba57a2</sourceId>
- <sourceGroupId>1de23f54-e22a-19df-8dd2-9235ae248d29</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>16d53f41-fc96-1292-b434-9a157e27eaf3</destinationId>
- <destinationGroupId>1de23f54-e22a-19df-8dd2-9235ae248d29</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
+ <destinationId>8811d4ff-bf71-38a6-8cf0-e5732840e1de</destinationId>
+ <destinationGroupId>c763d1fd-ae0f-3297-bab7-abf22759310d</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -833,26 +561,6 @@
<sourceId>9b6cb318-b9e8-36f1-bd8a-17b2aa38343a</sourceId>
<sourceGroupId>c763d1fd-ae0f-3297-bab7-abf22759310d</sourceGroupId>
<sourceType>OUTPUT_PORT</sourceType>
- <destinationId>844331e5-cd55-1c55-889b-d447dfba57a2</destinationId>
- <destinationGroupId>1de23f54-e22a-19df-8dd2-9235ae248d29</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>4f303cda-ab21-1acd-ffff-ffffcdd40e4b</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>e13e32a5-f5d5-1f5e-a38e-c1e19453fd31</sourceId>
- <sourceGroupId>1de23f54-e22a-19df-8dd2-9235ae248d29</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
<destinationId>12745a98-f547-38d2-9c50-a471e8cf6fc7</destinationId>
<destinationGroupId>11b67527-3401-3961-97ba-425f721de3e0</destinationGroupId>
<destinationType>OUTPUT_PORT</destinationType>
@@ -971,8 +679,6 @@
<name>Custom enrichment</name>
<position x="-536.0" y="944.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<inputPort>
<id>2ba9db29-0172-1000-ffff-ffffc1aa6db2</id>
<name>Input</name>
@@ -1013,8 +719,6 @@
<name>IP enrichment</name>
<position x="-216.0" y="16.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>be9226d7-777f-3820-bf10-49e97e9b73cc</id>
<name>Check IP2 enrichment</name>
@@ -1025,7 +729,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -1065,8 +769,6 @@
<name>Enrich IP1</name>
<position x="-48.0" y="312.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<inputPort>
<id>ff302e29-64bb-3e10-b76e-91a13d2470d8</id>
<name>Input</name>
@@ -1086,8 +788,6 @@
<name>Misp lookup</name>
<position x="1160.0" y="136.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>68dc57d7-2016-3e27-ac1f-092c63909a63</id>
<name>Misp ip1</name>
@@ -1098,7 +798,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>16</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -1142,7 +842,6 @@
<name>key</name>
<value>${enrich_ip1}</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>57c1773b-65c7-3cdb-b161-a44fa977291a</id>
@@ -1158,6 +857,10 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
+ <funnel>
+ <id>3f92a75f-ec3e-3f4c-9467-e5c0e981f032</id>
+ <position x="-1312.0" y="792.0" />
+ </funnel>
<connection>
<id>7f5a13cb-a049-385d-9ebc-3ef4aa8ff541</id>
<name />
@@ -1198,14 +901,32 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
+ <connection>
+ <id>d6c427a3-f4fb-39a5-b399-ebd9b0482039</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>68dc57d7-2016-3e27-ac1f-092c63909a63</sourceId>
+ <sourceGroupId>9b3b9cc7-49bf-3b66-b213-09f2f5df634e</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>3f92a75f-ec3e-3f4c-9467-e5c0e981f032</destinationId>
+ <destinationGroupId>9b3b9cc7-49bf-3b66-b213-09f2f5df634e</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
</processGroup>
<processGroup>
<id>88a2dcc1-ccce-3396-9f4d-bc1e31c70063</id>
<name>GeoIP</name>
<position x="480.0" y="144.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>fb1a97b2-5e15-3bca-9284-f23a9cc90eed</id>
<name>Add GeoIP fields</name>
@@ -1216,7 +937,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -1264,19 +985,18 @@
<name>pretty_print</name>
<value>false</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
<id>11668896-2c3e-3712-905a-eb406bf33c2a</id>
<name>GeoIP IP</name>
- <position x="-568.0" y="160.0" />
+ <position x="-1192.0" y="424.0" />
<styles />
<comment />
<class>org.apache.nifi.processors.GeoEnrichIPRecord</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-enrich-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>12</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -1337,62 +1057,6 @@
</property>
<autoTerminatedRelationship>original</autoTerminatedRelationship>
</processor>
- <processor>
- <id>349b3525-a821-1197-0000-00006e02758e</id>
- <name>Contry code to region</name>
- <position x="-1216.0" y="368.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.LookupRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>lookup-service</name>
- <value>349b34c7-a821-1197-ffff-ffff85d82877</value>
- </property>
- <property>
- <name>result-record-path</name>
- <value>${enrich_ip1:substring(1):contains('/'):ifElse('${enrich_ip1:substringBeforeLast(\"/\")}',${enrich_ip1:append('_')}):append("/geo/region")}</value>
- </property>
- <property>
- <name>routing-strategy</name>
- <value>route-to-success</value>
- </property>
- <property>
- <name>result-contents</name>
- <value>insert-entire-record</value>
- </property>
- <property>
- <name>record-update-strategy</name>
- <value>use-property</value>
- </property>
- <property>
- <name>key</name>
- <value>${enrich_ip1:substring(1):contains('/'):ifElse('${enrich_ip1:substringBeforeLast(\"/\")}',${enrich_ip1:append('_')}):append("/geo/country_iso_code")}</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
<inputPort>
<id>e6d573f8-a297-3611-a1ff-f1918a2cbabc</id>
<name>Data Input</name>
@@ -1403,10 +1067,14 @@
<outputPort>
<id>17c34a1f-8048-366b-8ef4-107ce16a100e</id>
<name>Data output</name>
- <position x="-1168.0" y="656.0" />
+ <position x="-1160.0" y="752.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
+ <funnel>
+ <id>b68c4522-cddb-30bf-8545-73a2644cd35e</id>
+ <position x="-1560.0" y="336.0" />
+ </funnel>
<connection>
<id>790863c1-3cfc-383f-ab9f-5d7ead5c0fe1</id>
<name />
@@ -1456,9 +1124,9 @@
<sourceId>11668896-2c3e-3712-905a-eb406bf33c2a</sourceId>
<sourceGroupId>88a2dcc1-ccce-3396-9f4d-bc1e31c70063</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>349b3525-a821-1197-0000-00006e02758e</destinationId>
+ <destinationId>17c34a1f-8048-366b-8ef4-107ce16a100e</destinationId>
<destinationGroupId>88a2dcc1-ccce-3396-9f4d-bc1e31c70063</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
+ <destinationType>OUTPUT_PORT</destinationType>
<relationship>found</relationship>
<relationship>not found</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
@@ -1469,18 +1137,18 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>349b3542-a821-1197-0000-000059777de4</id>
+ <id>c831c34b-2a1a-3d24-963b-079b00961407</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>349b3525-a821-1197-0000-00006e02758e</sourceId>
+ <sourceId>fb1a97b2-5e15-3bca-9284-f23a9cc90eed</sourceId>
<sourceGroupId>88a2dcc1-ccce-3396-9f4d-bc1e31c70063</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>17c34a1f-8048-366b-8ef4-107ce16a100e</destinationId>
+ <destinationId>b68c4522-cddb-30bf-8545-73a2644cd35e</destinationId>
<destinationGroupId>88a2dcc1-ccce-3396-9f4d-bc1e31c70063</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -1494,8 +1162,6 @@
<name>Tor nodes lookup</name>
<position x="480.0" y="384.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>fd52d735-a256-3c52-9b90-fbe71f010fbe</id>
<name>Tor src IP</name>
@@ -1506,7 +1172,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>12</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -1528,7 +1194,7 @@
</property>
<property>
<name>lookup-service</name>
- <value>bbd4d3a2-0175-1000-0000-00000b0fb8bd</value>
+ <value>bf81debc-0171-1000-0000-00002936ae5a</value>
</property>
<property>
<name>result-record-path</name>
@@ -1550,7 +1216,6 @@
<name>key</name>
<value>${enrich_ip1}</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>eb136a03-4809-3d2f-a85e-e739ffa665cd</id>
@@ -1566,6 +1231,10 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
+ <funnel>
+ <id>44794379-111e-3f28-bf84-bf5850f42587</id>
+ <position x="-1412.2104124778762" y="829.0775745939713" />
+ </funnel>
<connection>
<id>c681313a-f2c8-3439-8c00-70f9783fea67</id>
<name />
@@ -1606,6 +1275,26 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
+ <connection>
+ <id>ad32e629-d5a2-38b7-a50e-9acf0ad9d768</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>fd52d735-a256-3c52-9b90-fbe71f010fbe</sourceId>
+ <sourceGroupId>3cb64c25-8af7-361d-b6e7-e002defe7411</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>44794379-111e-3f28-bf84-bf5850f42587</destinationId>
+ <destinationGroupId>3cb64c25-8af7-361d-b6e7-e002defe7411</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
</processGroup>
<connection>
<id>3831c5df-c2a8-3a1b-9d67-8f37abf05365</id>
@@ -1693,8 +1382,6 @@
<name>Enrich IP2</name>
<position x="-56.0" y="584.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<inputPort>
<id>742a8211-a5e6-347d-9e79-25facc6b181e</id>
<name>Input</name>
@@ -1714,75 +1401,17 @@
<name>GeoIP and IPreg</name>
<position x="480.0" y="144.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>9ed935e9-7bd4-150a-913d-e6a4dedb2939</id>
- <name>Contry code to region</name>
- <position x="-1224.0" y="368.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.LookupRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>lookup-service</name>
- <value>349b34c7-a821-1197-ffff-ffff85d82877</value>
- </property>
- <property>
- <name>result-record-path</name>
- <value>${enrich_ip2:substring(1):contains('/'):ifElse('${enrich_ip2:substringBeforeLast(\"/\")}',${enrich_ip2:append('_')}):append("/geo/region")}</value>
- </property>
- <property>
- <name>routing-strategy</name>
- <value>route-to-success</value>
- </property>
- <property>
- <name>result-contents</name>
- <value>insert-entire-record</value>
- </property>
- <property>
- <name>record-update-strategy</name>
- <value>use-property</value>
- </property>
- <property>
- <name>key</name>
- <value>${enrich_ip2:substring(1):contains('/'):ifElse('${enrich_ip2:substringBeforeLast(\"/\")}',${enrich_ip2:append('_')}):append("/geo/country_iso_code")}</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
<processor>
<id>e16581ea-ff17-3cec-bd39-b1fe52797bd2</id>
<name>GeoIP IP</name>
- <position x="-592.0" y="168.0" />
+ <position x="-1232.0" y="432.0" />
<styles />
<comment />
<class>org.apache.nifi.processors.GeoEnrichIPRecord</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-enrich-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>16</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -1853,7 +1482,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -1901,7 +1530,6 @@
<name>pretty_print</name>
<value>false</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>aa73b938-03ee-3d90-ba6f-0998b568ac36</id>
@@ -1917,19 +1545,23 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
+ <funnel>
+ <id>8e8abe4a-9ed6-3ec8-9e9d-719242be1a2b</id>
+ <position x="-1560.0" y="336.0" />
+ </funnel>
<connection>
- <id>9ed935f0-7bd4-150a-ffff-ffffaed76b62</id>
+ <id>a4870f06-f96b-328a-83d8-4eeb6db5cc93</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>9ed935e9-7bd4-150a-913d-e6a4dedb2939</sourceId>
+ <sourceId>d467bca6-15df-38bb-8f9b-65ae1f9dceaa</sourceId>
<sourceGroupId>a8873c56-d149-34d1-8344-a35b339e6187</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>0dbb2fcb-c11b-396e-8918-24d7121f7653</destinationId>
+ <destinationId>8e8abe4a-9ed6-3ec8-9e9d-719242be1a2b</destinationId>
<destinationGroupId>a8873c56-d149-34d1-8344-a35b339e6187</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -1966,9 +1598,9 @@
<sourceId>e16581ea-ff17-3cec-bd39-b1fe52797bd2</sourceId>
<sourceGroupId>a8873c56-d149-34d1-8344-a35b339e6187</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>9ed935e9-7bd4-150a-913d-e6a4dedb2939</destinationId>
+ <destinationId>0dbb2fcb-c11b-396e-8918-24d7121f7653</destinationId>
<destinationGroupId>a8873c56-d149-34d1-8344-a35b339e6187</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
+ <destinationType>OUTPUT_PORT</destinationType>
<relationship>found</relationship>
<relationship>not found</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
@@ -2004,8 +1636,6 @@
<name>Tor nodes lookup</name>
<position x="480.0" y="384.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>adae2d07-ad4f-38f2-9a8c-b7638863cac7</id>
<name>Tor src IP</name>
@@ -2016,7 +1646,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>16</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -2038,7 +1668,7 @@
</property>
<property>
<name>lookup-service</name>
- <value>bbd4d3a2-0175-1000-0000-00000b0fb8bd</value>
+ <value>bf81debc-0171-1000-0000-00002936ae5a</value>
</property>
<property>
<name>result-record-path</name>
@@ -2060,7 +1690,6 @@
<name>key</name>
<value>${enrich_ip2}</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>1c42374a-61ad-3d92-9f86-1f1ae9bae6d0</id>
@@ -2076,6 +1705,10 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
+ <funnel>
+ <id>4bad43e2-bfed-3e45-a9d1-fdabb2ab85ea</id>
+ <position x="-1403.592919640183" y="819.7224736847786" />
+ </funnel>
<connection>
<id>0b2f9272-06fe-3a8c-a322-9972ac5c0466</id>
<name />
@@ -2116,14 +1749,34 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
+ <connection>
+ <id>fe67c36a-4ae0-3e30-8aad-a988a481df4b</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="-1088.0" y="832.0" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>adae2d07-ad4f-38f2-9a8c-b7638863cac7</sourceId>
+ <sourceGroupId>33258978-2057-3612-be77-0a763431ee29</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>4bad43e2-bfed-3e45-a9d1-fdabb2ab85ea</destinationId>
+ <destinationGroupId>33258978-2057-3612-be77-0a763431ee29</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
</processGroup>
<processGroup>
<id>de2bc05d-fbd2-35bc-9192-b82041176492</id>
<name>Misp lookup</name>
<position x="1160.0" y="136.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>2cd2029e-53ae-3575-bf35-785203683c7f</id>
<name>Misp ip</name>
@@ -2134,7 +1787,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>12</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -2178,7 +1831,6 @@
<name>key</name>
<value>${enrich_ip2}</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>d6490898-79c0-3eb5-a102-718ff8ab68e6</id>
@@ -2194,6 +1846,10 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
+ <funnel>
+ <id>d259fdb6-aa03-35b1-b439-b5baccc57a1e</id>
+ <position x="-1264.0" y="784.0" />
+ </funnel>
<connection>
<id>d2bfc9ce-5c85-3dc2-a0c5-83bbf0c77277</id>
<name />
@@ -2215,7 +1871,7 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>2a95cb88-0177-1000-ffff-ffffc8a50166</id>
+ <id>2475c41e-5711-3de0-bbec-2e977cd1f40a</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
@@ -2234,6 +1890,26 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
+ <connection>
+ <id>a7505eac-df84-3e17-8c40-687c159877a7</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>2cd2029e-53ae-3575-bf35-785203683c7f</sourceId>
+ <sourceGroupId>de2bc05d-fbd2-35bc-9192-b82041176492</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>d259fdb6-aa03-35b1-b439-b5baccc57a1e</destinationId>
+ <destinationGroupId>de2bc05d-fbd2-35bc-9192-b82041176492</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
</processGroup>
<connection>
<id>2ba90add-0172-1000-ffff-ffffb69e0af7</id>
@@ -2422,8 +2098,6 @@
<name>Domain enrichment</name>
<position x="-213.29739929099082" y="283.59665734060223" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>1957f5c3-b6cb-3c80-b527-1858c61ed111</id>
<name>Check domain2 enrichment</name>
@@ -2434,7 +2108,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -2474,8 +2148,6 @@
<name>Enrich domain1</name>
<position x="448.0" y="248.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<inputPort>
<id>bf74c1ba-45ad-3c0d-84c6-ec7ea7bdcdea</id>
<name>Input</name>
@@ -2486,7 +2158,7 @@
<outputPort>
<id>f270695c-edf6-3a9f-bc3a-10804f26f56f</id>
<name>Output</name>
- <position x="528.0" y="864.0" />
+ <position x="1232.0" y="600.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
@@ -2495,8 +2167,6 @@
<name>Entropy</name>
<position x="1152.0" y="288.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>bf907759-0171-1000-0000-0000022727cd</id>
<name>Calculate entropy on domain1</name>
@@ -2507,15 +2177,15 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-scripting-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
<penalizationPeriod>30 sec</penalizationPeriod>
<yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>ERROR</bulletinLevel>
+ <bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
+ <scheduledState>STOPPED</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
@@ -2525,18 +2195,18 @@
</property>
<property>
<name>Script File</name>
- <value>/opt/nifi/nifi-current/conf/enrich/freq/freqProcessor.py</value>
+ <value>/opt/nifi/nifi-current/conf/freq/freqProcessor.py</value>
</property>
<property>
<name>Script Body</name>
</property>
<property>
<name>Module Directory</name>
- <value>/opt/nifi/nifi-current/conf/enrich/freq</value>
+ <value>/opt/nifi/nifi-current/conf/freq</value>
</property>
<property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ <name>Frequency File</name>
+ <value>/opt/nifi/nifi-current/conf/freq/alexa.json</value>
</property>
<property>
<name>record-writer</name>
@@ -2547,18 +2217,17 @@
<value>${enrich_domain1}</value>
</property>
<property>
- <name>Result Field 1</name>
- <value>${enrich_domain1}_freq1</value>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
</property>
<property>
<name>Result Field 2</name>
<value>${enrich_domain1}_freq2</value>
</property>
<property>
- <name>Frequency File</name>
- <value>/opt/nifi/nifi-current/conf/enrich/freq/alexa.json</value>
+ <name>Result Field 1</name>
+ <value>${enrich_domain1}_freq1</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>84dfe3a1-a6f4-3b80-9161-93a59b88ad8b</id>
@@ -2574,6 +2243,10 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
+ <funnel>
+ <id>7297c375-d15a-36a2-a115-6b2680fbef2b</id>
+ <position x="128.0" y="360.0" />
+ </funnel>
<connection>
<id>2bea3770-0172-1000-ffff-ffff9cd568b2</id>
<name />
@@ -2594,18 +2267,38 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
+ <connection>
+ <id>bf938168-0171-1000-0000-00003e6fd9c5</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>bf907759-0171-1000-0000-0000022727cd</sourceId>
+ <sourceGroupId>89e761fa-669e-30c2-9590-ab8f806ffaff</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>7297c375-d15a-36a2-a115-6b2680fbef2b</destinationId>
+ <destinationGroupId>89e761fa-669e-30c2-9590-ab8f806ffaff</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
<connection>
<id>27f7d6f4-0172-1000-ffff-ffffc65ffd5e</id>
<name />
<bendPoints />
- <labelIndex>0</labelIndex>
+ <labelIndex>1</labelIndex>
<zIndex>0</zIndex>
<sourceId>84dfe3a1-a6f4-3b80-9161-93a59b88ad8b</sourceId>
<sourceGroupId>89e761fa-669e-30c2-9590-ab8f806ffaff</sourceGroupId>
<sourceType>INPUT_PORT</sourceType>
- <destinationId>bf907759-0171-1000-0000-0000022727cd</destinationId>
+ <destinationId>2ef455b6-6c77-39ae-87bf-d21b988f4c52</destinationId>
<destinationGroupId>89e761fa-669e-30c2-9590-ab8f806ffaff</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
+ <destinationType>OUTPUT_PORT</destinationType>
<relationship />
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
@@ -2616,25 +2309,23 @@
</connection>
</processGroup>
<processGroup>
- <id>9ed9363a-7bd4-150a-0000-00000cc58ac4</id>
- <name>Misp lookup</name>
- <position x="456.0" y="552.0" />
+ <id>df54305f-551e-38ff-8e1c-a1c272c238c0</id>
+ <name>Alexa</name>
+ <position x="448.0" y="288.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
- <id>9ed93644-7bd4-150a-0000-00003c8c3388</id>
- <name>Misp domain1</name>
- <position x="480.99999953064577" y="197.99999761468263" />
+ <id>ccab62e9-53cd-3d5e-aca3-6fa2e1b95597</id>
+ <name>Alexa domain1</name>
+ <position x="-726.6263417228297" y="457.36850568010186" />
<styles />
<comment />
<class>org.apache.nifi.processors.standard.LookupRecord</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
+ <maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
<penalizationPeriod>30 sec</penalizationPeriod>
<yieldPeriod>1 sec</yieldPeriod>
@@ -2643,7 +2334,7 @@
<scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
+ <runDurationNanos>25000000</runDurationNanos>
<property>
<name>record-reader</name>
<value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
@@ -2654,11 +2345,11 @@
</property>
<property>
<name>lookup-service</name>
- <value>fa06ec39-7782-3ae3-8dfe-71d28c5240c3</value>
+ <value>282db77b-3118-3b3c-bbd1-e4260b1c6395</value>
</property>
<property>
<name>result-record-path</name>
- <value>${enrich_domain1}_misp</value>
+ <value>${enrich_domain1}_alexa</value>
</property>
<property>
<name>routing-strategy</name>
@@ -2676,33 +2367,36 @@
<name>key</name>
<value>${enrich_domain1}</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
- <id>9ed93645-7bd4-150a-ffff-fffff6fa372f</id>
- <name>Input</name>
- <position x="536.0" y="16.0" />
+ <id>c7b3b6c4-6418-3dbe-a037-387e3c85cb19</id>
+ <name>Input data</name>
+ <position x="-673.6437977775172" y="241.37341901017993" />
<comments />
<scheduledState>RUNNING</scheduledState>
</inputPort>
<outputPort>
- <id>9ed9364e-7bd4-150a-ffff-ffffa5012b2a</id>
- <name>Output</name>
- <position x="536.0" y="456.0" />
+ <id>ff4ada2c-5f6f-33bc-ae0c-8cdb24dd2357</id>
+ <name>Output data</name>
+ <position x="-704.0" y="736.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
+ <funnel>
+ <id>85764070-cd41-38a1-a352-929737e563c6</id>
+ <position x="-1152.0" y="512.0" />
+ </funnel>
<connection>
- <id>9ed9364f-7bd4-150a-0000-000019b6beab</id>
+ <id>002d4937-dcb5-3cf1-8075-8d5533667510</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>9ed93644-7bd4-150a-0000-00003c8c3388</sourceId>
- <sourceGroupId>9ed9363a-7bd4-150a-0000-00000cc58ac4</sourceGroupId>
+ <sourceId>ccab62e9-53cd-3d5e-aca3-6fa2e1b95597</sourceId>
+ <sourceGroupId>df54305f-551e-38ff-8e1c-a1c272c238c0</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>9ed9364e-7bd4-150a-ffff-ffffa5012b2a</destinationId>
- <destinationGroupId>9ed9363a-7bd4-150a-0000-00000cc58ac4</destinationGroupId>
+ <destinationId>ff4ada2c-5f6f-33bc-ae0c-8cdb24dd2357</destinationId>
+ <destinationGroupId>df54305f-551e-38ff-8e1c-a1c272c238c0</destinationGroupId>
<destinationType>OUTPUT_PORT</destinationType>
<relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
@@ -2713,116 +2407,18 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>9ed93647-7bd4-150a-0000-00000e5782ec</id>
+ <id>1af92349-7a45-30ec-b6fc-6d881dcd8b26</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>9ed93645-7bd4-150a-ffff-fffff6fa372f</sourceId>
- <sourceGroupId>9ed9363a-7bd4-150a-0000-00000cc58ac4</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>9ed93644-7bd4-150a-0000-00003c8c3388</destinationId>
- <destinationGroupId>9ed9363a-7bd4-150a-0000-00000cc58ac4</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <processGroup>
- <id>df54305f-551e-38ff-8e1c-a1c272c238c0</id>
- <name>Alexa</name>
- <position x="448.0" y="288.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>ccab62e9-53cd-3d5e-aca3-6fa2e1b95597</id>
- <name>Alexa domain1</name>
- <position x="-726.6263417228297" y="457.36850568010186" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.LookupRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>8</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>25000000</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>lookup-service</name>
- <value>282db77b-3118-3b3c-bbd1-e4260b1c6395</value>
- </property>
- <property>
- <name>result-record-path</name>
- <value>${enrich_domain1}_alexa</value>
- </property>
- <property>
- <name>routing-strategy</name>
- <value>route-to-success</value>
- </property>
- <property>
- <name>result-contents</name>
- <value>insert-entire-record</value>
- </property>
- <property>
- <name>record-update-strategy</name>
- <value>use-property</value>
- </property>
- <property>
- <name>key</name>
- <value>${enrich_domain1}</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <inputPort>
- <id>c7b3b6c4-6418-3dbe-a037-387e3c85cb19</id>
- <name>Input data</name>
- <position x="-673.6437977775172" y="241.37341901017993" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <outputPort>
- <id>ff4ada2c-5f6f-33bc-ae0c-8cdb24dd2357</id>
- <name>Output data</name>
- <position x="-704.0" y="736.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
- <connection>
- <id>002d4937-dcb5-3cf1-8075-8d5533667510</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>ccab62e9-53cd-3d5e-aca3-6fa2e1b95597</sourceId>
- <sourceGroupId>df54305f-551e-38ff-8e1c-a1c272c238c0</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>ff4ada2c-5f6f-33bc-ae0c-8cdb24dd2357</destinationId>
- <destinationGroupId>df54305f-551e-38ff-8e1c-a1c272c238c0</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
+ <sourceId>ccab62e9-53cd-3d5e-aca3-6fa2e1b95597</sourceId>
+ <sourceGroupId>df54305f-551e-38ff-8e1c-a1c272c238c0</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>85764070-cd41-38a1-a352-929737e563c6</destinationId>
+ <destinationGroupId>df54305f-551e-38ff-8e1c-a1c272c238c0</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -2851,26 +2447,6 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
</processGroup>
- <connection>
- <id>9ed93675-7bd4-150a-0000-000017d6cf1e</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>9ed9364e-7bd4-150a-ffff-ffffa5012b2a</sourceId>
- <sourceGroupId>9ed9363a-7bd4-150a-0000-00000cc58ac4</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>f270695c-edf6-3a9f-bc3a-10804f26f56f</destinationId>
- <destinationGroupId>309911c5-0f97-37e4-8511-3c5639f5db10</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
<connection>
<id>ff7df1ed-63be-3637-aa15-094355c9711f</id>
<name />
@@ -2900,9 +2476,9 @@
<sourceId>2ef455b6-6c77-39ae-87bf-d21b988f4c52</sourceId>
<sourceGroupId>89e761fa-669e-30c2-9590-ab8f806ffaff</sourceGroupId>
<sourceType>OUTPUT_PORT</sourceType>
- <destinationId>9ed93645-7bd4-150a-ffff-fffff6fa372f</destinationId>
- <destinationGroupId>9ed9363a-7bd4-150a-0000-00000cc58ac4</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
+ <destinationId>f270695c-edf6-3a9f-bc3a-10804f26f56f</destinationId>
+ <destinationGroupId>309911c5-0f97-37e4-8511-3c5639f5db10</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
<relationship />
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
@@ -2937,8 +2513,6 @@
<name>Enrich domain2</name>
<position x="440.0" y="496.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<inputPort>
<id>0097ae66-e4c5-316c-b301-c8fd4481cbf4</id>
<name>Input</name>
@@ -2949,135 +2523,15 @@
<outputPort>
<id>1464f185-b2d5-3347-8aaa-89cfc91566f5</id>
<name>Output</name>
- <position x="528.0" y="816.0" />
+ <position x="1232.0" y="600.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <processGroup>
- <id>3514302f-5e74-1185-b5c5-edc034d911a6</id>
- <name>Misp lookup</name>
- <position x="448.0" y="520.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>2a1b3c82-c06f-1184-b6ec-245bb0032b5a</id>
- <name>Misp domain1</name>
- <position x="480.99999953064577" y="197.99999761468263" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.LookupRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>lookup-service</name>
- <value>fa06ec39-7782-3ae3-8dfe-71d28c5240c3</value>
- </property>
- <property>
- <name>result-record-path</name>
- <value>${enrich_domain2}_misp</value>
- </property>
- <property>
- <name>routing-strategy</name>
- <value>route-to-success</value>
- </property>
- <property>
- <name>result-contents</name>
- <value>insert-entire-record</value>
- </property>
- <property>
- <name>record-update-strategy</name>
- <value>use-property</value>
- </property>
- <property>
- <name>key</name>
- <value>${enrich_domain2}</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <inputPort>
- <id>7f5c3719-3707-1577-ad0d-945c5da3a77b</id>
- <name>Input</name>
- <position x="536.0" y="16.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <outputPort>
- <id>af083d3d-f063-1506-a7fe-2c6f0864de22</id>
- <name>Output</name>
- <position x="536.0" y="456.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
- <connection>
- <id>9cf430ed-a82c-1272-853f-4eeb68c144e2</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>2a1b3c82-c06f-1184-b6ec-245bb0032b5a</sourceId>
- <sourceGroupId>3514302f-5e74-1185-b5c5-edc034d911a6</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>af083d3d-f063-1506-a7fe-2c6f0864de22</destinationId>
- <destinationGroupId>3514302f-5e74-1185-b5c5-edc034d911a6</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>96023b7a-7902-1e45-91b0-0396e8bf647b</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>7f5c3719-3707-1577-ad0d-945c5da3a77b</sourceId>
- <sourceGroupId>3514302f-5e74-1185-b5c5-edc034d911a6</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>2a1b3c82-c06f-1184-b6ec-245bb0032b5a</destinationId>
- <destinationGroupId>3514302f-5e74-1185-b5c5-edc034d911a6</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
<processGroup>
<id>db261d6a-ab4a-3a2e-854a-cd42492788c5</id>
<name>Entropy</name>
<position x="1152.0" y="288.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>eff73930-f310-1a2e-b248-812b172b7415</id>
<name>Calculate entropy on domain2</name>
@@ -3088,13 +2542,13 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-scripting-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
<penalizationPeriod>30 sec</penalizationPeriod>
<yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>ERROR</bulletinLevel>
+ <bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
<scheduledState>RUNNING</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
@@ -3106,18 +2560,18 @@
</property>
<property>
<name>Script File</name>
- <value>/opt/nifi/nifi-current/conf/enrich/freq/freqProcessor.py</value>
+ <value>/opt/nifi/nifi-current/conf/freq/freqProcessor.py</value>
</property>
<property>
<name>Script Body</name>
</property>
<property>
<name>Module Directory</name>
- <value>/opt/nifi/nifi-current/conf/enrich/freq</value>
+ <value>/opt/nifi/nifi-current/conf/freq</value>
</property>
<property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ <name>Frequency File</name>
+ <value>/opt/nifi/nifi-current/conf/freq/alexa.json</value>
</property>
<property>
<name>record-writer</name>
@@ -3128,18 +2582,17 @@
<value>${enrich_domain2}</value>
</property>
<property>
- <name>Result Field 1</name>
- <value>${enrich_domain2}_freq1</value>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
</property>
<property>
<name>Result Field 2</name>
<value>${enrich_domain2}_freq2</value>
</property>
<property>
- <name>Frequency File</name>
- <value>/opt/nifi/nifi-current/conf/enrich/freq/alexa.json</value>
+ <name>Result Field 1</name>
+ <value>${enrich_domain2}_freq1</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>ecc214d7-667d-3d81-affa-93e712a87abe</id>
@@ -3155,18 +2608,22 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
+ <funnel>
+ <id>1667ea62-481a-3dfb-8745-8033f80ab5a7</id>
+ <position x="144.0" y="352.0" />
+ </funnel>
<connection>
<id>bf99e121-0171-1000-0000-0000487c681e</id>
<name />
<bendPoints />
- <labelIndex>0</labelIndex>
+ <labelIndex>1</labelIndex>
<zIndex>0</zIndex>
<sourceId>ecc214d7-667d-3d81-affa-93e712a87abe</sourceId>
<sourceGroupId>db261d6a-ab4a-3a2e-854a-cd42492788c5</sourceGroupId>
<sourceType>INPUT_PORT</sourceType>
- <destinationId>eff73930-f310-1a2e-b248-812b172b7415</destinationId>
+ <destinationId>10c439ea-f35c-3171-836c-d83af1403698</destinationId>
<destinationGroupId>db261d6a-ab4a-3a2e-854a-cd42492788c5</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
+ <destinationType>OUTPUT_PORT</destinationType>
<relationship />
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
@@ -3195,14 +2652,32 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
+ <connection>
+ <id>bf9a2f76-0171-1000-ffff-fffffcafce73</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>eff73930-f310-1a2e-b248-812b172b7415</sourceId>
+ <sourceGroupId>db261d6a-ab4a-3a2e-854a-cd42492788c5</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>1667ea62-481a-3dfb-8745-8033f80ab5a7</destinationId>
+ <destinationGroupId>db261d6a-ab4a-3a2e-854a-cd42492788c5</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
</processGroup>
<processGroup>
<id>bd4c02d9-77f7-3984-8aa0-ad78099693a7</id>
<name>Alexa</name>
<position x="448.0" y="288.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
<id>4598e8b8-b54a-3855-b6b7-5ac2721745a2</id>
<name>Alexa domain1</name>
@@ -3213,7 +2688,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>8</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -3257,7 +2732,6 @@
<name>key</name>
<value>${enrich_domain2}</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<inputPort>
<id>a7e674e2-60b2-3417-ad31-d69248774c3f</id>
@@ -3273,19 +2747,23 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
+ <funnel>
+ <id>bf17534a-3723-3f7d-9ca1-dc1b61022e90</id>
+ <position x="-1152.0" y="512.0" />
+ </funnel>
<connection>
- <id>6580ec44-ce8d-3aaf-b7ba-ee4c4d67321b</id>
+ <id>3264d31c-6569-3dde-b174-ddff9f7d3835</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>a7e674e2-60b2-3417-ad31-d69248774c3f</sourceId>
+ <sourceId>4598e8b8-b54a-3855-b6b7-5ac2721745a2</sourceId>
<sourceGroupId>bd4c02d9-77f7-3984-8aa0-ad78099693a7</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>4598e8b8-b54a-3855-b6b7-5ac2721745a2</destinationId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>bf17534a-3723-3f7d-9ca1-dc1b61022e90</destinationId>
<destinationGroupId>bd4c02d9-77f7-3984-8aa0-ad78099693a7</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -3294,12 +2772,32 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>bd6b2b7a-04db-3e73-8f38-4520b7b07965</id>
+ <id>6580ec44-ce8d-3aaf-b7ba-ee4c4d67321b</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>4598e8b8-b54a-3855-b6b7-5ac2721745a2</sourceId>
+ <sourceId>a7e674e2-60b2-3417-ad31-d69248774c3f</sourceId>
+ <sourceGroupId>bd4c02d9-77f7-3984-8aa0-ad78099693a7</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>4598e8b8-b54a-3855-b6b7-5ac2721745a2</destinationId>
+ <destinationGroupId>bd4c02d9-77f7-3984-8aa0-ad78099693a7</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>bd6b2b7a-04db-3e73-8f38-4520b7b07965</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>4598e8b8-b54a-3855-b6b7-5ac2721745a2</sourceId>
<sourceGroupId>bd4c02d9-77f7-3984-8aa0-ad78099693a7</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
<destinationId>23f74eb2-f2ec-3612-b370-d18952393be5</destinationId>
@@ -3354,26 +2852,6 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
- <connection>
- <id>96023b92-7902-1e45-0000-000012465abe</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>af083d3d-f063-1506-a7fe-2c6f0864de22</sourceId>
- <sourceGroupId>3514302f-5e74-1185-b5c5-edc034d911a6</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>1464f185-b2d5-3347-8aaa-89cfc91566f5</destinationId>
- <destinationGroupId>464af303-e93a-32ed-a7ef-d3d553054447</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
<connection>
<id>7fcacebd-9235-37f8-9160-496d27d96a2d</id>
<name />
@@ -3383,9 +2861,9 @@
<sourceId>10c439ea-f35c-3171-836c-d83af1403698</sourceId>
<sourceGroupId>db261d6a-ab4a-3a2e-854a-cd42492788c5</sourceGroupId>
<sourceType>OUTPUT_PORT</sourceType>
- <destinationId>7f5c3719-3707-1577-ad0d-945c5da3a77b</destinationId>
- <destinationGroupId>3514302f-5e74-1185-b5c5-edc034d911a6</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
+ <destinationId>1464f185-b2d5-3347-8aaa-89cfc91566f5</destinationId>
+ <destinationGroupId>464af303-e93a-32ed-a7ef-d3d553054447</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
<relationship />
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
@@ -3724,16 +3202,16 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-lookup-services-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<enabled>true</enabled>
<property>
<name>csv-file</name>
- <value>/opt/nifi/nifi-current/conf/enrich/alexa-top-1m.csv</value>
+ <value>/opt/nifi/nifi-current/conf/alexa-top-1m.csv</value>
</property>
<property>
<name>CSV Format</name>
- <value>default</value>
+ <value>Default</value>
</property>
<property>
<name>Character Set</name>
@@ -3744,36 +3222,13 @@
<value>domain</value>
</property>
<property>
- <name>ignore-duplicates</name>
- <value>true</value>
- </property>
- <property>
- <name>Value Separator</name>
- <value>,</value>
- </property>
- <property>
- <name>Quote Character</name>
- <value>"</value>
- </property>
- <property>
- <name>Quote Mode</name>
- <value>MINIMAL</value>
- </property>
- <property>
- <name>Comment Marker</name>
- </property>
- <property>
- <name>Escape Character</name>
- <value>\</value>
+ <name>lookup-value-column</name>
+ <value>index</value>
</property>
<property>
- <name>Trim Fields</name>
+ <name>ignore-duplicates</name>
<value>true</value>
</property>
- <property>
- <name>lookup-value-column</name>
- <value>index</value>
- </property>
</controllerService>
<controllerService>
<id>67289e27-a14d-3fa6-bcf9-91f7d2ae8d59</id>
@@ -3783,16 +3238,16 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-lookup-services-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<enabled>true</enabled>
<property>
<name>csv-file</name>
- <value>/opt/nifi/nifi-current/conf/enrich/umbrella-top-1m.csv</value>
+ <value>/opt/nifi/nifi-current/conf/umbrella-top-1m.csv</value>
</property>
<property>
<name>CSV Format</name>
- <value>default</value>
+ <value>Excel</value>
</property>
<property>
<name>Character Set</name>
@@ -3803,36 +3258,13 @@
<value>domain</value>
</property>
<property>
- <name>ignore-duplicates</name>
- <value>true</value>
- </property>
- <property>
- <name>Value Separator</name>
- <value>,</value>
- </property>
- <property>
- <name>Quote Character</name>
- <value>"</value>
- </property>
- <property>
- <name>Quote Mode</name>
- <value>MINIMAL</value>
- </property>
- <property>
- <name>Comment Marker</name>
- </property>
- <property>
- <name>Escape Character</name>
- <value>\</value>
+ <name>lookup-value-column</name>
+ <value>index</value>
</property>
<property>
- <name>Trim Fields</name>
+ <name>ignore-duplicates</name>
<value>true</value>
</property>
- <property>
- <name>lookup-value-column</name>
- <value>index</value>
- </property>
</controllerService>
</processGroup>
<processGroup>
@@ -3840,8 +3272,6 @@
<name>Data input</name>
<position x="830.4597621124223" y="407.3463126314215" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<outputPort>
<id>21a9e277-2d80-359a-9c57-cb76d8962e6d</id>
<name>To data output</name>
@@ -3852,7 +3282,7 @@
<outputPort>
<id>20b01ab3-3a8d-3573-b95d-a4a45494050f</id>
<name>To enrichment</name>
- <position x="480.0" y="392.0" />
+ <position x="480.0" y="504.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
@@ -3861,8 +3291,6 @@
<name>Custom data inputs</name>
<position x="-504.0" y="952.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<outputPort>
<id>27d5dab2-0172-1000-ffff-ffffab5c50be</id>
<name>To data output</name>
@@ -3879,23 +3307,21 @@
</outputPort>
</processGroup>
<processGroup>
- <id>0c790562-0175-1000-ffff-ffffeaaeafc3</id>
- <name>FileBeat</name>
- <position x="-496.0" y="344.0" />
+ <id>84607b52-9748-3d38-b519-b0a05cddd097</id>
+ <name>Nifi logs</name>
+ <position x="-496.0" y="136.0" />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
- <id>8962ad5a-0175-1000-ffff-ffffde6db5a6</id>
- <name>RouteOnAttribute</name>
- <position x="-1080.0" y="280.0" />
+ <id>c1318ad1-0c35-3896-b32a-1ccd6c09864a</id>
+ <name>Add source fields and fix timestamp</name>
+ <position x="-2192.0" y="560.0" />
<styles />
<comment />
- <class>org.apache.nifi.processors.standard.RouteOnAttribute</class>
+ <class>org.apache.nifi.processors.standard.UpdateRecord</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -3908,217 +3334,584 @@
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>Routing Strategy</name>
- <value>Route to Property name</value>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>94600c6c-704e-3ff8-a2a4-f2f25c71dc3b</value>
+ </property>
+ <property>
+ <name>replacement-value-strategy</name>
+ <value>literal-value</value>
</property>
<property>
- <name>keycloak</name>
- <value>${log_type:equals("keycloak")}</value>
+ <name>/labels/source</name>
+ <value>${tailfile.original.path}</value>
</property>
<property>
- <name>kibana</name>
- <value>${log_type:equals("kibana")}</value>
+ <name>/labels/source_host</name>
+ <value>${hostname()}</value>
</property>
<property>
- <name>elasticsearch</name>
- <value>${log_type:equals("elasticsearch")}</value>
+ <name>/timestamp</name>
+ <value>${field.value:toDate('yyyy-MM-dd HH:mm:ss,SSS'):format("yyyy-MM-dd'T'HH:mm:ss.SSSXXX")}</value>
</property>
+ </processor>
+ <processor>
+ <id>68663f14-f470-32ee-9cb3-224344d5ad6a</id>
+ <name>UpdateAttribute</name>
+ <position x="-2184.0" y="824.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
<property>
- <name>suricata</name>
- <value>${log_type:equals("suricata")}</value>
+ <name>Delete Attributes Expression</name>
</property>
<property>
- <name>haproxy</name>
- <value>${log_type:equals("haproxy")}</value>
+ <name>Store State</name>
+ <value>Do not store state</value>
</property>
<property>
- <name>mysql</name>
- <value>${log_type:equals("mysql")}</value>
+ <name>Stateful Variables Initial Value</name>
</property>
<property>
- <name>zeek</name>
- <value>${log_type:equals("zeek")}</value>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
</property>
<property>
- <name>nifi</name>
- <value>${log_type:equals("nifi")}</value>
+ <name>data_index</name>
+ <value>nifi-logs</value>
</property>
<property>
- <name>zookeeper</name>
- <value>${log_type:equals("zookeeper")}</value>
+ <name>Authorization</name>
+ <value>Bearer 874rPdPJ6qOSL6HvWcH8xxChqTJxiFtHp94puxh4MygY</value>
</property>
</processor>
- <outputPort>
- <id>bcb879d5-0175-1000-0000-000070879ad0</id>
- <name>To data output</name>
- <position x="-2480.0" y="336.0" />
- <comments />
+ <processor>
+ <id>716d22cb-8b81-342f-abe4-7cdfe2a980ff</id>
+ <name>ConvertRecord</name>
+ <position x="-2200.0" y="264.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ConvertRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
<scheduledState>RUNNING</scheduledState>
- </outputPort>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>e3e44ca0-6653-328b-9d3f-b8225312914b</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>94600c6c-704e-3ff8-a2a4-f2f25c71dc3b</value>
+ </property>
+ <property>
+ <name>include-zero-record-flowfiles</name>
+ <value>true</value>
+ </property>
+ </processor>
+ <processor>
+ <id>609a3835-5317-1c94-ad8f-1d9940869db4</id>
+ <name>TailFile</name>
+ <position x="-2200.0" y="8.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.TailFile</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>tail-mode</name>
+ <value>Single file</value>
+ </property>
+ <property>
+ <name>File to Tail</name>
+ <value>/opt/nifi/nifi-current/logs/nifi-user.log</value>
+ </property>
+ <property>
+ <name>Rolling Filename Pattern</name>
+ </property>
+ <property>
+ <name>tail-base-directory</name>
+ </property>
+ <property>
+ <name>Initial Start Position</name>
+ <value>Beginning of File</value>
+ </property>
+ <property>
+ <name>File Location</name>
+ <value>Local</value>
+ </property>
+ <property>
+ <name>tailfile-recursive-lookup</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>tailfile-lookup-frequency</name>
+ <value>10 minutes</value>
+ </property>
+ <property>
+ <name>tailfile-maximum-age</name>
+ <value>24 hours</value>
+ </property>
+ </processor>
+ <processor>
+ <id>9ecf3ce4-ae3c-1b06-96f9-5e9c59e51690</id>
+ <name>TailFile</name>
+ <position x="-1784.0" y="8.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.TailFile</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>tail-mode</name>
+ <value>Single file</value>
+ </property>
+ <property>
+ <name>File to Tail</name>
+ <value>/opt/nifi/nifi-current/logs/nifi-bootstrap.log</value>
+ </property>
+ <property>
+ <name>Rolling Filename Pattern</name>
+ </property>
+ <property>
+ <name>tail-base-directory</name>
+ </property>
+ <property>
+ <name>Initial Start Position</name>
+ <value>Beginning of File</value>
+ </property>
+ <property>
+ <name>File Location</name>
+ <value>Local</value>
+ </property>
+ <property>
+ <name>tailfile-recursive-lookup</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>tailfile-lookup-frequency</name>
+ <value>10 minutes</value>
+ </property>
+ <property>
+ <name>tailfile-maximum-age</name>
+ <value>24 hours</value>
+ </property>
+ </processor>
+ <processor>
+ <id>1e796098-c064-371a-8147-d60b5d41a316</id>
+ <name>TailFile</name>
+ <position x="-2648.0" y="16.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.TailFile</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>tail-mode</name>
+ <value>Single file</value>
+ </property>
+ <property>
+ <name>File to Tail</name>
+ <value>/opt/nifi/nifi-current/logs/nifi-app.log</value>
+ </property>
+ <property>
+ <name>Rolling Filename Pattern</name>
+ </property>
+ <property>
+ <name>tail-base-directory</name>
+ </property>
+ <property>
+ <name>Initial Start Position</name>
+ <value>Beginning of File</value>
+ </property>
+ <property>
+ <name>File Location</name>
+ <value>Local</value>
+ </property>
+ <property>
+ <name>tailfile-recursive-lookup</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>tailfile-lookup-frequency</name>
+ <value>10 minutes</value>
+ </property>
+ <property>
+ <name>tailfile-maximum-age</name>
+ <value>24 hours</value>
+ </property>
+ </processor>
<outputPort>
- <id>349b32fe-a821-1197-0000-00003a0b6fe5</id>
- <name>To enrichment</name>
- <position x="744.0" y="920.0" />
+ <id>1ef39440-1985-3bbb-8e03-859a1c5ee4b1</id>
+ <name>To storage</name>
+ <position x="-2120.0" y="1064.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <processGroup>
- <id>89636688-0175-1000-ffff-ffffb1b28a38</id>
- <name>Unknown data</name>
- <position x="-448.0" y="64.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>8963d0f9-0175-1000-0000-000054fbe086</id>
- <name>UpdateAttribute</name>
- <position x="392.0" y="248.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <funnel>
+ <id>beabd3be-6f95-3369-9aa5-4631e6207ec5</id>
+ <position x="-1572.2279720213353" y="320.16022816068823" />
+ </funnel>
+ <connection>
+ <id>0261c39c-d823-3ab3-b680-2d0c2fa152e5</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>c1318ad1-0c35-3896-b32a-1ccd6c09864a</sourceId>
+ <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>68663f14-f470-32ee-9cb3-224344d5ad6a</destinationId>
+ <destinationGroupId>84607b52-9748-3d38-b519-b0a05cddd097</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>214adcbf-0175-1000-ffff-ffffaedeecef</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>9ecf3ce4-ae3c-1b06-96f9-5e9c59e51690</sourceId>
+ <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>716d22cb-8b81-342f-abe4-7cdfe2a980ff</destinationId>
+ <destinationGroupId>84607b52-9748-3d38-b519-b0a05cddd097</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>0a34d026-0761-3a6d-b261-377d20a40b5d</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>c1318ad1-0c35-3896-b32a-1ccd6c09864a</sourceId>
+ <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>beabd3be-6f95-3369-9aa5-4631e6207ec5</destinationId>
+ <destinationGroupId>84607b52-9748-3d38-b519-b0a05cddd097</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>266ad4f3-c827-337a-b3b5-28bccc8917fc</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>716d22cb-8b81-342f-abe4-7cdfe2a980ff</sourceId>
+ <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>beabd3be-6f95-3369-9aa5-4631e6207ec5</destinationId>
+ <destinationGroupId>84607b52-9748-3d38-b519-b0a05cddd097</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>0dc021fb-a375-3e48-a5fd-1b9d5c3ad9bd</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>1e796098-c064-371a-8147-d60b5d41a316</sourceId>
+ <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>716d22cb-8b81-342f-abe4-7cdfe2a980ff</destinationId>
+ <destinationGroupId>84607b52-9748-3d38-b519-b0a05cddd097</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>5bc3c82f-bfb5-3e6c-a7bf-141748391beb</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>716d22cb-8b81-342f-abe4-7cdfe2a980ff</sourceId>
+ <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>c1318ad1-0c35-3896-b32a-1ccd6c09864a</destinationId>
+ <destinationGroupId>84607b52-9748-3d38-b519-b0a05cddd097</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>32df885e-4eb1-38fd-bf6b-219725264cf4</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>68663f14-f470-32ee-9cb3-224344d5ad6a</sourceId>
+ <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>1ef39440-1985-3bbb-8e03-859a1c5ee4b1</destinationId>
+ <destinationGroupId>84607b52-9748-3d38-b519-b0a05cddd097</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>609a3840-5317-1c94-0000-00002897f5ab</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>609a3835-5317-1c94-ad8f-1d9940869db4</sourceId>
+ <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>716d22cb-8b81-342f-abe4-7cdfe2a980ff</destinationId>
+ <destinationGroupId>84607b52-9748-3d38-b519-b0a05cddd097</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <controllerService>
+ <id>e3e44ca0-6653-328b-9d3f-b8225312914b</id>
+ <name>Nifi logs GrokReader</name>
+ <comment />
+ <class>org.apache.nifi.grok.GrokReader</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-record-serialization-services-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <enabled>true</enabled>
+ <property>
+ <name>schema-access-strategy</name>
+ <value>string-fields-from-grok-expression</value>
+ </property>
+ <property>
+ <name>schema-registry</name>
+ </property>
+ <property>
+ <name>schema-name</name>
+ <value>${schema.name}</value>
+ </property>
+ <property>
+ <name>schema-version</name>
+ </property>
+ <property>
+ <name>schema-branch</name>
+ </property>
+ <property>
+ <name>schema-text</name>
+ <value>${avro.schema}</value>
+ </property>
+ <property>
+ <name>Grok Pattern File</name>
+ </property>
+ <property>
+ <name>Grok Expression</name>
+ <value>%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} \[%{DATA:thread}\] %{DATA:class} %{GREEDYDATA:message}</value>
+ </property>
+ <property>
+ <name>no-match-behavior</name>
+ <value>append-to-previous-message</value>
+ </property>
+ </controllerService>
+ </processGroup>
+ <processGroup>
+ <id>0c790562-0175-1000-ffff-ffffeaaeafc3</id>
+ <name>FileBeat</name>
+ <position x="-496.0" y="344.0" />
+ <comment />
+ <processGroup>
+ <id>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</id>
+ <name>Suricata</name>
+ <position x="-504.0" y="352.0" />
+ <comment />
+ <processor>
+ <id>19336e9e-3581-3d83-bb51-b9af2f5a6005</id>
+ <name>Filter out DNS events</name>
+ <position x="-371.62446124181497" y="672.8156960893323" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.RouteOnAttribute</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.12.1</version>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
</bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
+ <maxConcurrentTasks>3</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
<penalizationPeriod>30 sec</penalizationPeriod>
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
+ <scheduledState>STOPPED</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>Delete Attributes Expression</name>
+ <name>Routing Strategy</name>
+ <value>Route to Property name</value>
</property>
<property>
- <name>Store State</name>
- <value>Do not store state</value>
+ <name>dns</name>
+ <value>${event_type:contains("dns")}</value>
</property>
<property>
- <name>Stateful Variables Initial Value</name>
+ <name>flow</name>
+ <value>${event_type:contains("flow")}</value>
</property>
<property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
+ <name>alert</name>
+ <value>${event_type:contains("alert")}</value>
</property>
<property>
- <name>data_index</name>
- <value>logs-filebeat-unknown</value>
+ <name>ssh</name>
+ <value>${event_type:contains("ssh")}</value>
</property>
- </processor>
- <inputPort>
- <id>89639d3d-0175-1000-ffff-ffffb446c257</id>
- <name>Input</name>
- <position x="444.0000243687773" y="80.00000220501622" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <outputPort>
- <id>8963b202-0175-1000-0000-000022d64ba2</id>
- <name>Output</name>
- <position x="456.0" y="504.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
- <connection>
- <id>8963e649-0175-1000-ffff-fffff03ab629</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>89639d3d-0175-1000-ffff-ffffb446c257</sourceId>
- <sourceGroupId>89636688-0175-1000-ffff-ffffb1b28a38</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>8963d0f9-0175-1000-0000-000054fbe086</destinationId>
- <destinationGroupId>89636688-0175-1000-ffff-ffffb1b28a38</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>8963f112-0175-1000-0000-00000dfa15b5</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8963d0f9-0175-1000-0000-000054fbe086</sourceId>
- <sourceGroupId>89636688-0175-1000-ffff-ffffb1b28a38</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>8963b202-0175-1000-0000-000022d64ba2</destinationId>
- <destinationGroupId>89636688-0175-1000-ffff-ffffb1b28a38</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <processGroup>
- <id>bc6be78f-0175-1000-ffff-ffffbcd0f569</id>
- <name>NiFi logs</name>
- <position x="-1904.0" y="264.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>bc903708-0175-1000-0000-0000642abebf</id>
- <name>Extract message</name>
- <position x="352.0" y="280.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.ConvertRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
<property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ <name>tls</name>
+ <value>${event_type:contains("tls")}</value>
</property>
<property>
- <name>record-writer</name>
- <value>bc8e5957-0175-1000-0000-00003346421d</value>
+ <name>http</name>
+ <value>${event_type:contains("http")}</value>
+ </property>
+ <property>
+ <name>stats</name>
+ <value>${event_type:contains("stats")}</value>
+ </property>
+ <property>
+ <name>files</name>
+ <value>${event_type:contains("file")}</value>
</property>
<property>
- <name>include-zero-record-flowfiles</name>
- <value>true</value>
+ <name>smtp</name>
+ <value>${event_type:contains("smtp")}</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ <autoTerminatedRelationship>smtp</autoTerminatedRelationship>
+ <autoTerminatedRelationship>stats</autoTerminatedRelationship>
+ <autoTerminatedRelationship>unmatched</autoTerminatedRelationship>
</processor>
<processor>
- <id>bc91c66f-0175-1000-0000-00005c7f88ce</id>
- <name>Convert to json</name>
- <position x="1064.0" y="272.0" />
+ <id>d59eabae-f47a-3d88-a1c9-e15c156202d6</id>
+ <name>Extract rrname</name>
+ <position x="-369.29872149802804" y="897.6180433395261" />
<styles />
<comment />
- <class>org.apache.nifi.processors.standard.ConvertRecord</class>
+ <class>org.apache.nifi.processors.standard.UpdateRecord</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4126,35 +3919,46 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
+ <scheduledState>STOPPED</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
<name>record-reader</name>
- <value>bc97858d-0175-1000-0000-0000130a84f8</value>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
</property>
<property>
<name>record-writer</name>
<value>17b30955-5464-3709-8a32-69a459850cfa</value>
</property>
<property>
- <name>include-zero-record-flowfiles</name>
- <value>true</value>
+ <name>replacement-value-strategy</name>
+ <value>record-path-value</value>
+ </property>
+ <property>
+ <name>/rrname_length</name>
+ <value>/dns/rrname</value>
+ </property>
+ <property>
+ <name>/rrname_domain</name>
+ <value>/dns/rrname</value>
+ </property>
+ <property>
+ <name>/rrname_domain_length</name>
+ <value>/dns/rrname</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
- <id>bcabbf11-0175-1000-0000-000037f4e3d3</id>
- <name>UpdateAttribute</name>
- <position x="1072.0" y="472.0" />
+ <id>24e1d8ed-10f4-3b46-958c-f2fb676e3192</id>
+ <name>Remove unnecessary filebeat fields</name>
+ <position x="-987.5658863682004" y="234.96963460665665" />
<styles />
<comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <class>org.apache.nifi.processors.standard.JoltTransformJSON</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.12.1</version>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4162,40 +3966,59 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
+ <scheduledState>STOPPED</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>Delete Attributes Expression</name>
+ <name>jolt-transform</name>
+ <value>jolt-transform-chain</value>
</property>
<property>
- <name>Store State</name>
- <value>Do not store state</value>
+ <name>jolt-custom-class</name>
</property>
<property>
- <name>Stateful Variables Initial Value</name>
+ <name>jolt-custom-modules</name>
</property>
<property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
+ <name>jolt-spec</name>
+ <value>[{
+ "operation": "shift",
+ "spec": {
+ "*": {
+ "json": {
+ "*": {
+ "@": "[#4].&"
+ }
+ },
+ "host": {
+ "name": "[#3].beat_host"
+ },
+ "source": "[#2].source"
+ }
+ }
+}]</value>
</property>
<property>
- <name>data_index</name>
- <value>logs-nifi</value>
+ <name>Transform Cache Size</name>
+ <value>1</value>
+ </property>
+ <property>
+ <name>pretty_print</name>
+ <value>false</value>
</property>
</processor>
<processor>
- <id>bc9ffeb0-0175-1000-0000-00000a88d684</id>
- <name>UpdateRecord</name>
- <position x="352.0" y="472.0" />
+ <id>47757d9f-c23d-33ca-9c88-3c8722bd00a5</id>
+ <name>Add rrname_domain++</name>
+ <position x="-368.27336608185624" y="1138.9635842383886" />
<styles />
<comment />
<class>org.apache.nifi.processors.standard.UpdateRecord</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4203,7 +4026,7 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
+ <scheduledState>STOPPED</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
@@ -4220,152 +4043,45 @@
<value>literal-value</value>
</property>
<property>
- <name>/labels/source_file</name>
- <value>${source_file}</value>
+ <name>/rrname_length</name>
+ <value>${field.value:length():toNumber()}</value>
</property>
<property>
- <name>/labels/source_host</name>
- <value>${source_host}</value>
+ <name>/ip_src_addr</name>
+ <value>0.0.0.0</value>
</property>
<property>
- <name>/timestamp</name>
- <value>${field.value:toDate('yyyy-MM-dd HH:mm:ss,SSS'):format("yyyy-MM-dd'T'HH:mm:ss.SSSXXX")}</value>
+ <name>/src_ip</name>
+ <value>0.0.0.0</value>
+ </property>
+ <property>
+ <name>/ip_dst_addr</name>
+ <value>0.0.0.0</value>
+ </property>
+ <property>
+ <name>/rrname_domain</name>
+ <value>${field.value:substringBeforeLast('.'):substringAfterLast('.'):append(${field.value:substringAfterLast('.'):prepend('.')})}</value>
+ </property>
+ <property>
+ <name>/dest_ip</name>
+ <value>0.0.0.0</value>
+ </property>
+ <property>
+ <name>/rrname_domain_length</name>
+ <value>${field.value:substringBeforeLast('.'):substringAfterLast('.'):append(${field.value:substringAfterLast('.'):prepend('.')}):length():toNumber()}</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
- <inputPort>
- <id>bc6c2159-0175-1000-ffff-ffffb4de4d47</id>
- <name>Input</name>
- <position x="397.9999517774115" y="110.99999315685733" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <outputPort>
- <id>bca9636a-0175-1000-0000-000013fa95aa</id>
- <name>Output</name>
- <position x="1120.0" y="808.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
- <connection>
- <id>bc90c7ac-0175-1000-ffff-fffffa80b534</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>bc903708-0175-1000-0000-0000642abebf</sourceId>
- <sourceGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>bc91c66f-0175-1000-0000-00005c7f88ce</destinationId>
- <destinationGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>bc924694-0175-1000-0000-00005b0604b6</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>bc91c66f-0175-1000-0000-00005c7f88ce</sourceId>
- <sourceGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>bc9ffeb0-0175-1000-0000-00000a88d684</destinationId>
- <destinationGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>bc6e1b20-0175-1000-ffff-ffff9e7dcb75</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>bc6c2159-0175-1000-ffff-ffffb4de4d47</sourceId>
- <sourceGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>bc903708-0175-1000-0000-0000642abebf</destinationId>
- <destinationGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>bcad2e36-0175-1000-0000-00002b6e8fe7</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>bcabbf11-0175-1000-0000-000037f4e3d3</sourceId>
- <sourceGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>bca9636a-0175-1000-0000-000013fa95aa</destinationId>
- <destinationGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>bca97855-0175-1000-ffff-ffffbd18cb66</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>bc9ffeb0-0175-1000-0000-00000a88d684</sourceId>
- <sourceGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>bcabbf11-0175-1000-0000-000037f4e3d3</destinationId>
- <destinationGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <processGroup>
- <id>895eab20-0175-1000-0000-00007e13267d</id>
- <name>Common ListenBeats</name>
- <position x="-1096.0" y="0.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
- <id>71be315f-7e16-1cce-89f1-d5bd502f889f</id>
+ <id>e89b0470-bff2-323c-92e5-5fb2d3949070</id>
<name>Prepend [</name>
- <position x="-1086.1517800521056" y="160.65881341602864" />
+ <position x="-996.7179797450688" y="47.535499055489254" />
<styles />
<comment />
<class>org.apache.nifi.processors.standard.ReplaceText</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4373,7 +4089,7 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
+ <scheduledState>STOPPED</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
@@ -4391,7 +4107,7 @@
</property>
<property>
<name>Maximum Buffer Size</name>
- <value>2 MB</value>
+ <value>1 MB</value>
</property>
<property>
<name>Replacement Strategy</name>
@@ -4405,19 +4121,18 @@
<name>Line-by-Line Evaluation Mode</name>
<value>All</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
- <id>d3e43667-10ef-1528-b935-47c2f077f2c9</id>
- <name>ListenBeats</name>
- <position x="-616.0" y="-56.0" />
+ <id>fd6b6513-51f8-3a96-a764-13bd39ec7f84</id>
+ <name>Partition records based on event_type</name>
+ <position x="-382.59400260581754" y="446.9900134408068" />
<styles />
<comment />
- <class>org.apache.nifi.processors.beats.ListenBeats</class>
+ <class>org.apache.nifi.processors.standard.PartitionRecord</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-beats-nar</artifact>
- <version>1.12.1</version>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4425,65 +4140,35 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
+ <scheduledState>STOPPED</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>Local Network Interface</name>
- </property>
- <property>
- <name>Port</name>
- <value>6001</value>
- </property>
- <property>
- <name>Receive Buffer Size</name>
- <value>65507 B</value>
- </property>
- <property>
- <name>Max Size of Message Queue</name>
- <value>10000</value>
- </property>
- <property>
- <name>Max Size of Socket Buffer</name>
- <value>2 MB</value>
- </property>
- <property>
- <name>Character Set</name>
- <value>UTF-8</value>
- </property>
- <property>
- <name>Max Batch Size</name>
- <value>10000</value>
- </property>
- <property>
- <name>Message Delimiter</name>
- <value>,\n</value>
- </property>
- <property>
- <name>Max Number of TCP Connections</name>
- <value>100</value>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
</property>
<property>
- <name>SSL_CONTEXT_SERVICE</name>
- <value>83443c00-b286-366a-b8e0-2f51527ab8e5</value>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
</property>
<property>
- <name>Client Auth</name>
- <value>NONE</value>
+ <name>event_type</name>
+ <value>/event_type</value>
</property>
+ <autoTerminatedRelationship>original</autoTerminatedRelationship>
</processor>
<processor>
- <id>6b9a3cb4-e697-1540-a5fb-ea71cfce8f41</id>
- <name>Append ]</name>
- <position x="-424.0" y="160.0" />
+ <id>a88dab36-f543-32fc-8f45-aa11b99c0ff4</id>
+ <name>Add standardized fields</name>
+ <position x="-982.3277701858627" y="433.7665258942376" />
<styles />
<comment />
- <class>org.apache.nifi.processors.standard.ReplaceText</class>
+ <class>org.apache.nifi.processors.standard.UpdateRecord</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4491,51 +4176,50 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
+ <scheduledState>STOPPED</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>Regular Expression</name>
- <value>(?s)(^.*$)</value>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
</property>
<property>
- <name>Replacement Value</name>
- <value>]</value>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
</property>
<property>
- <name>Character Set</name>
- <value>UTF-8</value>
+ <name>replacement-value-strategy</name>
+ <value>record-path-value</value>
</property>
<property>
- <name>Maximum Buffer Size</name>
- <value>2 MB</value>
+ <name>/ip_dst_port</name>
+ <value>/dest_port</value>
</property>
<property>
- <name>Replacement Strategy</name>
- <value>Append</value>
+ <name>/ip_src_addr</name>
+ <value>/src_ip</value>
</property>
<property>
- <name>Evaluation Mode</name>
- <value>Entire text</value>
+ <name>/ip_dst_addr</name>
+ <value>/dest_ip</value>
</property>
<property>
- <name>Line-by-Line Evaluation Mode</name>
- <value>All</value>
+ <name>/ip_src_port</name>
+ <value>/src_port</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
- <id>d64f3acd-54a6-1b39-b1af-cc0a26156d5b</id>
- <name>ListenBeats</name>
- <position x="-1076.9243538376497" y="-51.550721133258094" />
+ <id>1a038948-9e9a-3523-b899-990077bfd575</id>
+ <name>Convert timestamp</name>
+ <position x="-385.7461824498648" y="233.13395543765722" />
<styles />
<comment />
- <class>org.apache.nifi.processors.beats.ListenBeats</class>
+ <class>org.apache.nifi.processors.standard.UpdateRecord</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-beats-nar</artifact>
- <version>1.12.1</version>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4543,64 +4227,46 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
+ <scheduledState>STOPPED</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>Local Network Interface</name>
- </property>
- <property>
- <name>Port</name>
- <value>6000</value>
- </property>
- <property>
- <name>Receive Buffer Size</name>
- <value>1024kb</value>
- </property>
- <property>
- <name>Max Size of Message Queue</name>
- <value>10000</value>
- </property>
- <property>
- <name>Max Size of Socket Buffer</name>
- <value>4 MB</value>
- </property>
- <property>
- <name>Character Set</name>
- <value>UTF-8</value>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
</property>
<property>
- <name>Max Batch Size</name>
- <value>500</value>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
</property>
<property>
- <name>Message Delimiter</name>
- <value>,\n</value>
+ <name>replacement-value-strategy</name>
+ <value>literal-value</value>
</property>
<property>
- <name>Max Number of TCP Connections</name>
- <value>200</value>
+ <name>/TLP</name>
+ <value>AMBER</value>
</property>
<property>
- <name>SSL_CONTEXT_SERVICE</name>
+ <name>/mime.type</name>
+ <value>application/json</value>
</property>
<property>
- <name>Client Auth</name>
- <value>NONE</value>
+ <name>/timestamp</name>
+ <value>${field.value:replaceFirst('\+(\d\d)(\d\d)','+$1:$2')}</value>
</property>
</processor>
<processor>
- <id>bb719fee-0175-1000-ffff-ffffb73dd31a</id>
- <name>Rename @ fields</name>
- <position x="-1080.0" y="360.0" />
+ <id>7eeb23aa-b112-3cc8-bb56-2ca20b456907</id>
+ <name>Add enrichment attributes</name>
+ <position x="-381.71987132795925" y="1362.5536493927905" />
<styles />
<comment />
- <class>org.apache.nifi.processors.standard.JoltTransformJSON</class>
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4608,54 +4274,170 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
+ <scheduledState>STOPPED</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>jolt-transform</name>
- <value>jolt-transform-chain</value>
+ <name>Delete Attributes Expression</name>
</property>
<property>
- <name>jolt-custom-class</name>
+ <name>Store State</name>
+ <value>Do not store state</value>
</property>
<property>
- <name>jolt-custom-modules</name>
+ <name>Stateful Variables Initial Value</name>
</property>
<property>
- <name>jolt-spec</name>
- <value>[{
- "operation": "shift",
- "spec": {
- "*": {
- "\\@timestamp":"[&1].timestamp",
- "\\@metadata":"[&1].metadata",
- "*": "[&1].&"
- }
- }
-}]</value>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
</property>
<property>
- <name>Transform Cache Size</name>
- <value>1</value>
+ <name>enrich_domain1</name>
+ <value>/rrname_domain</value>
</property>
<property>
- <name>pretty_print</name>
- <value>false</value>
+ <name>enrich_fqdn1</name>
+ <value>/dns/rrname</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
- <id>896047e7-0175-1000-ffff-ffffc69204e4</id>
- <name>PartitionRecord</name>
- <position x="-424.0" y="368.0" />
+ <id>46cdd7aa-91f0-307c-90aa-65747e558f25</id>
+ <name>Add attributes</name>
+ <position x="-990.1194195007834" y="665.1839855126569" />
<styles />
<comment />
- <class>org.apache.nifi.processors.standard.PartitionRecord</class>
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>STOPPED</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Delete Attributes Expression</name>
+ </property>
+ <property>
+ <name>Store State</name>
+ <value>Do not store state</value>
+ </property>
+ <property>
+ <name>Stateful Variables Initial Value</name>
+ </property>
+ <property>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>data_id</name>
+ <value>suricata-${event_type}</value>
+ </property>
+ <property>
+ <name>data_index</name>
+ <value>logs-${beats.sender:substringBeforeLast('/'):substringBeforeLast('.'):substringAfterLast('.')}-suricata-${event_type}</value>
+ </property>
+ <property>
+ <name>data_type</name>
+ <value>suricata</value>
+ </property>
+ <property>
+ <name>enrich_ip2</name>
+ <value>/ip_dst_addr</value>
+ </property>
+ <property>
+ <name>enrich_ip1</name>
+ <value>/ip_src_addr</value>
+ </property>
+ <property>
+ <name>TLP</name>
+ <value>AMBER</value>
+ </property>
+ </processor>
+ <processor>
+ <id>2b0f0d27-a69e-30c9-b3a6-1499ff955a30</id>
+ <name>ListenBeats</name>
+ <position x="-987.897149146032" y="-167.11494242687536" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.beats.ListenBeats</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-beats-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>2</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>NONE</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>STOPPED</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Local Network Interface</name>
+ </property>
+ <property>
+ <name>Port</name>
+ <value>6101</value>
+ </property>
+ <property>
+ <name>Receive Buffer Size</name>
+ <value>65507 B</value>
+ </property>
+ <property>
+ <name>Max Size of Message Queue</name>
+ <value>100000</value>
+ </property>
+ <property>
+ <name>Max Size of Socket Buffer</name>
+ <value>10 MB</value>
+ </property>
+ <property>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>Max Batch Size</name>
+ <value>5000</value>
+ </property>
+ <property>
+ <name>Message Delimiter</name>
+ <value>,\n</value>
+ </property>
+ <property>
+ <name>Max Number of TCP Connections</name>
+ <value>90</value>
+ </property>
+ <property>
+ <name>SSL_CONTEXT_SERVICE</name>
+ </property>
+ <property>
+ <name>Client Auth</name>
+ <value>REQUIRED</value>
+ </property>
+ </processor>
+ <processor>
+ <id>be18c77e-5e4e-3552-ac9b-892ab69a9d49</id>
+ <name>Append ]</name>
+ <position x="-396.7049152015222" y="50.4274414148523" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ReplaceText</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4663,52 +4445,70 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
+ <scheduledState>STOPPED</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ <name>Regular Expression</name>
+ <value>(?s)(^.*$)</value>
</property>
<property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ <name>Replacement Value</name>
+ <value>]</value>
+ </property>
+ <property>
+ <name>Character Set</name>
+ <value>UTF-8</value>
</property>
<property>
- <name>log_type</name>
- <value>/fields/log_type</value>
+ <name>Maximum Buffer Size</name>
+ <value>1 MB</value>
</property>
<property>
- <name>source_host</name>
- <value>/host/name</value>
+ <name>Replacement Strategy</name>
+ <value>Append</value>
</property>
<property>
- <name>source_file</name>
- <value>/log/file/path</value>
+ <name>Evaluation Mode</name>
+ <value>Entire text</value>
+ </property>
+ <property>
+ <name>Line-by-Line Evaluation Mode</name>
+ <value>All</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- <autoTerminatedRelationship>original</autoTerminatedRelationship>
</processor>
<outputPort>
- <id>89620b1a-0175-1000-0000-000078566f34</id>
- <name>Output</name>
- <position x="-360.0" y="704.0" />
+ <id>055308a4-d020-39a9-9da4-b165796ef717</id>
+ <name>To enrichment</name>
+ <position x="-900.0911671813442" y="1418.3104443450675" />
<comments />
- <scheduledState>RUNNING</scheduledState>
+ <scheduledState>STOPPED</scheduledState>
</outputPort>
+ <funnel>
+ <id>d8f19295-5666-31a8-b701-52214c4db51d</id>
+ <position x="-1500.995244929405" y="257.20806784146276" />
+ </funnel>
+ <funnel>
+ <id>9e3adb6e-2266-390c-995d-76bc3aa5c3d8</id>
+ <position x="283.72871497338747" y="273.4623850295515" />
+ </funnel>
+ <funnel>
+ <id>c4afa3d5-0170-1000-ffff-ffffe437a306</id>
+ <position x="396.10723355029654" y="1188.222598705122" />
+ </funnel>
<connection>
- <id>bb8aafca-0175-1000-0000-000038f8e9fc</id>
+ <id>d39ff93b-85e9-3c56-9f44-1916d1abcd9d</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>896047e7-0175-1000-ffff-ffffc69204e4</sourceId>
- <sourceGroupId>895eab20-0175-1000-0000-00007e13267d</sourceGroupId>
+ <sourceId>a88dab36-f543-32fc-8f45-aa11b99c0ff4</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>89620b1a-0175-1000-0000-000078566f34</destinationId>
- <destinationGroupId>895eab20-0175-1000-0000-00007e13267d</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
+ <destinationId>fd6b6513-51f8-3a96-a764-13bd39ec7f84</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
<relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
@@ -4718,18 +4518,18 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>895f18a7-0175-1000-ffff-ffffbc2237fd</id>
+ <id>c4ae2f82-0170-1000-ffff-ffff91d33f16</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>71be315f-7e16-1cce-89f1-d5bd502f889f</sourceId>
- <sourceGroupId>895eab20-0175-1000-0000-00007e13267d</sourceGroupId>
+ <sourceId>19336e9e-3581-3d83-bb51-b9af2f5a6005</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>6b9a3cb4-e697-1540-a5fb-ea71cfce8f41</destinationId>
- <destinationGroupId>895eab20-0175-1000-0000-00007e13267d</destinationGroupId>
+ <destinationId>d59eabae-f47a-3d88-a1c9-e15c156202d6</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
+ <relationship>dns</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -4738,16 +4538,16 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>895ee440-0175-1000-ffff-ffffd3ff3143</id>
+ <id>a4471b0c-c924-31e0-9aa1-7cf56b1be0ed</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>d64f3acd-54a6-1b39-b1af-cc0a26156d5b</sourceId>
- <sourceGroupId>895eab20-0175-1000-0000-00007e13267d</sourceGroupId>
+ <sourceId>be18c77e-5e4e-3552-ac9b-892ab69a9d49</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>71be315f-7e16-1cce-89f1-d5bd502f889f</destinationId>
- <destinationGroupId>895eab20-0175-1000-0000-00007e13267d</destinationGroupId>
+ <destinationId>24e1d8ed-10f4-3b46-958c-f2fb676e3192</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
<relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
@@ -4758,16 +4558,16 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>ac7a988a-0175-1000-ffff-ffff86c66751</id>
+ <id>f9a8aee6-502f-3eb9-8806-8964276d4ca0</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>d3e43667-10ef-1528-b935-47c2f077f2c9</sourceId>
- <sourceGroupId>895eab20-0175-1000-0000-00007e13267d</sourceGroupId>
+ <sourceId>24e1d8ed-10f4-3b46-958c-f2fb676e3192</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>71be315f-7e16-1cce-89f1-d5bd502f889f</destinationId>
- <destinationGroupId>895eab20-0175-1000-0000-00007e13267d</destinationGroupId>
+ <destinationId>1a038948-9e9a-3523-b899-990077bfd575</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
<relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
@@ -4778,36 +4578,63 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>bb8a6c6c-0175-1000-0000-00000abdc8f9</id>
+ <id>e8ad07a6-cd62-3473-9b16-833cf43026a6</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>bb719fee-0175-1000-ffff-ffffb73dd31a</sourceId>
- <sourceGroupId>895eab20-0175-1000-0000-00007e13267d</sourceGroupId>
+ <sourceId>2b0f0d27-a69e-30c9-b3a6-1499ff955a30</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>896047e7-0175-1000-ffff-ffffc69204e4</destinationId>
- <destinationGroupId>895eab20-0175-1000-0000-00007e13267d</destinationGroupId>
+ <destinationId>e89b0470-bff2-323c-92e5-5fb2d3949070</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
<relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>1 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>33baee02-9354-3b7f-a910-6220a5f6108f</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="-775.4788208007812" y="947.9116821289062" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>19336e9e-3581-3d83-bb51-b9af2f5a6005</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>055308a4-d020-39a9-9da4-b165796ef717</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>alert</relationship>
+ <relationship>files</relationship>
+ <relationship>http</relationship>
+ <relationship>ssh</relationship>
+ <relationship>tls</relationship>
+ <relationship>flow</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
<loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>8961779d-0175-1000-0000-00003ef237de</id>
+ <id>c010a48c-a3af-3cfc-9693-9885925e763e</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>6b9a3cb4-e697-1540-a5fb-ea71cfce8f41</sourceId>
- <sourceGroupId>895eab20-0175-1000-0000-00007e13267d</sourceGroupId>
+ <sourceId>fd6b6513-51f8-3a96-a764-13bd39ec7f84</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>bb719fee-0175-1000-ffff-ffffb73dd31a</destinationId>
- <destinationGroupId>895eab20-0175-1000-0000-00007e13267d</destinationGroupId>
+ <destinationId>46cdd7aa-91f0-307c-90aa-65747e558f25</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
<relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
@@ -4817,130 +4644,368 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
- </processGroup>
- <processGroup>
- <id>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</id>
- <name>Suricata</name>
- <position x="-448.0" y="264.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>8d1bef35-0175-1000-0000-0000746fa33d</id>
- <name>RouteOnAttribute</name>
- <position x="-984.0" y="640.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.RouteOnAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Routing Strategy</name>
- <value>Route to Property name</value>
- </property>
- <property>
- <name>dns</name>
- <value>${event_type:equals("dns")}</value>
- </property>
- <property>
- <name>tls</name>
- <value>${event_type:equals("tls")}</value>
- </property>
- </processor>
- <processor>
- <id>24e1d8ed-10f4-3b46-958c-f2fb676e3192</id>
- <name>Normalize fields</name>
- <position x="-987.5658863682004" y="234.96963460665665" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.JoltTransformJSON</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>jolt-transform</name>
- <value>jolt-transform-chain</value>
- </property>
- <property>
- <name>jolt-custom-class</name>
- </property>
- <property>
- <name>jolt-custom-modules</name>
+ <connection>
+ <id>3a82b9ea-a974-3750-ad78-275da67285e6</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>be18c77e-5e4e-3552-ac9b-892ab69a9d49</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>9e3adb6e-2266-390c-995d-76bc3aa5c3d8</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>c4afb718-0170-1000-0000-000061284251</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>d59eabae-f47a-3d88-a1c9-e15c156202d6</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>c4afa3d5-0170-1000-ffff-ffffe437a306</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>67789d5d-ebdc-390c-adc8-f2111f467ad4</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>fd6b6513-51f8-3a96-a764-13bd39ec7f84</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>9e3adb6e-2266-390c-995d-76bc3aa5c3d8</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>c4afc7bc-0170-1000-ffff-ffffae3762dd</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>47757d9f-c23d-33ca-9c88-3c8722bd00a5</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>c4afa3d5-0170-1000-ffff-ffffe437a306</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>f4bd2bed-88a1-396f-974b-19dcb5f40101</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>e89b0470-bff2-323c-92e5-5fb2d3949070</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>d8f19295-5666-31a8-b701-52214c4db51d</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>9b860d17-8918-3956-a8b2-54ec49231c37</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>47757d9f-c23d-33ca-9c88-3c8722bd00a5</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>7eeb23aa-b112-3cc8-bb56-2ca20b456907</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>98594ca0-2fce-349c-8432-94f4d021d1fe</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>e89b0470-bff2-323c-92e5-5fb2d3949070</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>be18c77e-5e4e-3552-ac9b-892ab69a9d49</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>d7ef534a-9fb6-3973-b2fa-2738705db47a</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>24e1d8ed-10f4-3b46-958c-f2fb676e3192</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>d8f19295-5666-31a8-b701-52214c4db51d</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>c31d92b9-0e34-387d-86df-9536bf2ed9c9</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>1a038948-9e9a-3523-b899-990077bfd575</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>a88dab36-f543-32fc-8f45-aa11b99c0ff4</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>7417695b-cbde-3637-bb24-2e265bb2817c</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>46cdd7aa-91f0-307c-90aa-65747e558f25</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>19336e9e-3581-3d83-bb51-b9af2f5a6005</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>3e181820-b214-399d-a0df-474d15e2f146</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>1a038948-9e9a-3523-b899-990077bfd575</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>9e3adb6e-2266-390c-995d-76bc3aa5c3d8</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>e9962c43-9689-39b9-a1ba-cd2eac598802</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>a88dab36-f543-32fc-8f45-aa11b99c0ff4</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>d8f19295-5666-31a8-b701-52214c4db51d</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>1f219054-ea65-3700-a503-2d24acf2c754</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>7eeb23aa-b112-3cc8-bb56-2ca20b456907</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>055308a4-d020-39a9-9da4-b165796ef717</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8c6c7a60-0856-3a39-8ed6-6e7d0b98c0ae</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>d59eabae-f47a-3d88-a1c9-e15c156202d6</sourceId>
+ <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>47757d9f-c23d-33ca-9c88-3c8722bd00a5</destinationId>
+ <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <processGroup>
+ <id>83691174-683f-3c7c-8526-8fc00397aee1</id>
+ <name>Zeek</name>
+ <position x="-504.0" y="152.0" />
+ <comment />
+ <processor>
+ <id>39492e6c-faf0-3bfa-bd16-51a1f8be4c71</id>
+ <name>ListenBeats</name>
+ <position x="-1114.9155421491096" y="263.01449694104195" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.beats.ListenBeats</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-beats-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>STOPPED</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Local Network Interface</name>
</property>
<property>
- <name>jolt-spec</name>
- <value>[{
- "operation": "shift",
- "spec": {
- "*": {
- "json": {
- "*": "[&2].&"
- },
- "host": {
- "name": "[&2].labels.source_host"
- },
- "source": "[&1].labels.source"
- }
- }
-}, {
- "operation": "shift",
- "spec": {
- "*": {
- "dest_ip":"[&1].destination.ip",
- "dest_port":"[&1].destination.port",
- "src_ip":"[&1].source.ip",
- "src_port":"[&1].source.port",
- "*": "[&1].&"
- }
- }
-}]</value>
+ <name>Port</name>
+ <value>6100</value>
</property>
<property>
- <name>Transform Cache Size</name>
- <value>1</value>
+ <name>Receive Buffer Size</name>
+ <value>65507 B</value>
</property>
<property>
- <name>pretty_print</name>
- <value>false</value>
+ <name>Max Size of Message Queue</name>
+ <value>10000</value>
+ </property>
+ <property>
+ <name>Max Size of Socket Buffer</name>
+ <value>2 MB</value>
+ </property>
+ <property>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>Max Batch Size</name>
+ <value>10000</value>
+ </property>
+ <property>
+ <name>Message Delimiter</name>
+ <value>,\n</value>
+ </property>
+ <property>
+ <name>Max Number of TCP Connections</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>SSL_CONTEXT_SERVICE</name>
+ </property>
+ <property>
+ <name>Client Auth</name>
+ <value>REQUIRED</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
- <id>fd6b6513-51f8-3a96-a764-13bd39ec7f84</id>
- <name>Partition records based on event_type</name>
- <position x="-382.59400260581754" y="446.9900134408068" />
+ <id>ac17155e-32f1-3be8-843e-00877c210519</id>
+ <name>Prepend [</name>
+ <position x="-1124.1429683635654" y="475.2240314903287" />
<styles />
<comment />
- <class>org.apache.nifi.processors.standard.PartitionRecord</class>
+ <class>org.apache.nifi.processors.standard.ReplaceText</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4948,36 +5013,107 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
+ <scheduledState>STOPPED</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ <name>Regular Expression</name>
+ <value>(?s)(^.*$)</value>
</property>
<property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ <name>Replacement Value</name>
+ <value>[</value>
</property>
<property>
- <name>event_type</name>
- <value>/event_type</value>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>Maximum Buffer Size</name>
+ <value>1 MB</value>
+ </property>
+ <property>
+ <name>Replacement Strategy</name>
+ <value>Prepend</value>
+ </property>
+ <property>
+ <name>Evaluation Mode</name>
+ <value>Entire text</value>
+ </property>
+ <property>
+ <name>Line-by-Line Evaluation Mode</name>
+ <value>All</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- <autoTerminatedRelationship>original</autoTerminatedRelationship>
</processor>
<processor>
- <id>1a038948-9e9a-3523-b899-990077bfd575</id>
- <name>Convert timestamp</name>
- <position x="-385.7461824498648" y="233.13395543765722" />
+ <id>fec43039-de5d-1e3b-850a-5e25d7b93c76</id>
+ <name>UpdateAttribute</name>
+ <position x="-1121.584644408096" y="913.629598069974" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>STOPPED</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Delete Attributes Expression</name>
+ </property>
+ <property>
+ <name>Store State</name>
+ <value>Do not store state</value>
+ </property>
+ <property>
+ <name>Stateful Variables Initial Value</name>
+ </property>
+ <property>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>data_index</name>
+ <value>logs-uninett-darknet</value>
+ </property>
+ <property>
+ <name>mime.type</name>
+ <value>application/json</value>
+ </property>
+ <property>
+ <name>enrich_ip2</name>
+ <value>/ip_dst_addr</value>
+ </property>
+ <property>
+ <name>enrich_ip1</name>
+ <value>/ip_src_addr</value>
+ </property>
+ <property>
+ <name>TLP</name>
+ <value>GREEN</value>
+ </property>
+ </processor>
+ <processor>
+ <id>9027e415-c8cd-355e-af16-0c635f43832f</id>
+ <name>Convert timestamp and add fields</name>
+ <position x="-472.77987807459795" y="696.7530680701591" />
<styles />
<comment />
<class>org.apache.nifi.processors.standard.UpdateRecord</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -4985,7 +5121,7 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
+ <scheduledState>STOPPED</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
@@ -5003,29 +5139,40 @@
</property>
<property>
<name>/TLP</name>
- <value>AMBER</value>
+ <value>GREEN</value>
+ </property>
+ <property>
+ <name>/data_type</name>
+ <value>zeek</value>
+ </property>
+ <property>
+ <name>/data_index</name>
+ <value>logs-zeek-conn</value>
</property>
<property>
<name>/mime.type</name>
<value>application/json</value>
</property>
+ <property>
+ <name>/data_id</name>
+ <value>zeek_conn</value>
+ </property>
<property>
<name>/timestamp</name>
- <value>${field.value:replaceFirst('\+(\d\d)(\d\d)','+$1:$2')}</value>
+ <value>${field.value:multiply(1000):format('yyyy-MM-dd HH:mm:ss.SSSZ'):replace(' ','T'):replaceFirst('\+(\d\d)(\d\d)','+$1:$2')}</value>
</property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
- <id>46cdd7aa-91f0-307c-90aa-65747e558f25</id>
- <name>Add attributes</name>
- <position x="-984.0" y="456.0" />
+ <id>3bf497f2-3aed-3465-b91c-72ef6e53f0ea</id>
+ <name>Remove filebeat fields</name>
+ <position x="-1121.1565561587029" y="706.9002449806696" />
<styles />
<comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <class>org.apache.nifi.processors.jolt.record.JoltTransformRecord</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.12.1</version>
+ <artifact>nifi-jolt-record-nar</artifact>
+ <version>1.11.4</version>
</bundle>
<maxConcurrentTasks>1</maxConcurrentTasks>
<schedulingPeriod>0 sec</schedulingPeriod>
@@ -5033,5925 +5180,588 @@
<yieldPeriod>1 sec</yieldPeriod>
<bulletinLevel>WARN</bulletinLevel>
<lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
+ <scheduledState>STOPPED</scheduledState>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<executionNode>ALL</executionNode>
<runDurationNanos>0</runDurationNanos>
<property>
- <name>Delete Attributes Expression</name>
+ <name>jolt-record-record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
</property>
<property>
- <name>Store State</name>
- <value>Do not store state</value>
+ <name>jolt-record-record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
</property>
<property>
- <name>Stateful Variables Initial Value</name>
+ <name>jolt-record-transform</name>
+ <value>jolt-transform-chain</value>
</property>
<property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
+ <name>jolt-record-custom-class</name>
</property>
<property>
- <name>data_id</name>
- <value>suricata-${event_type}</value>
+ <name>jolt-record-custom-modules</name>
</property>
<property>
- <name>data_index</name>
- <value>logs-${beats.sender:substringBeforeLast('/'):substringBeforeLast('.'):substringAfterLast('.')}-suricata-${event_type}</value>
+ <name>jolt-record-spec</name>
+ <value>[
+ {
+ "operation": "shift",
+ "spec": {
+ "json": {
+ "ts": "timestamp",
+ "*": {
+ "@": "&"
+ }
+ },
+ "host": {
+ "name": "host"
+ },
+ "source": "source"
+ }
+ },{
+ "operation" : "modify-overwrite-beta",
+ "spec" :
+ {
+ "timestamp": "=toString"
+ }
+ }
+]</value>
</property>
<property>
- <name>data_type</name>
- <value>suricata</value>
+ <name>jolt-record-transform-cache-size</name>
+ <value>1</value>
</property>
+ <autoTerminatedRelationship>original</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>06501f48-82c7-3c36-b99c-7368a322608b</id>
+ <name>Append ]</name>
+ <position x="-465.8393574027825" y="478.1159738496917" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ReplaceText</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>STOPPED</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
<property>
- <name>enrich_ip2</name>
- <value>/destination/ip</value>
+ <name>Regular Expression</name>
+ <value>(?s)(^.*$)</value>
</property>
<property>
- <name>enrich_ip1</name>
- <value>/source/ip</value>
+ <name>Replacement Value</name>
+ <value>]</value>
</property>
<property>
- <name>TLP</name>
- <value>AMBER</value>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>Maximum Buffer Size</name>
+ <value>1 MB</value>
+ </property>
+ <property>
+ <name>Replacement Strategy</name>
+ <value>Append</value>
+ </property>
+ <property>
+ <name>Evaluation Mode</name>
+ <value>Entire text</value>
+ </property>
+ <property>
+ <name>Line-by-Line Evaluation Mode</name>
+ <value>All</value>
</property>
</processor>
- <inputPort>
- <id>8d13c952-0175-1000-0000-00007e8f4cae</id>
- <name>Input</name>
- <position x="-928.0" y="16.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
<outputPort>
- <id>055308a4-d020-39a9-9da4-b165796ef717</id>
+ <id>a28a9e95-1003-3ea6-9af6-a334c1aec07c</id>
<name>To enrichment</name>
- <position x="-928.0" y="1208.0" />
+ <position x="-1065.7090714972117" y="1164.8389289189608" />
<comments />
- <scheduledState>RUNNING</scheduledState>
+ <scheduledState>STOPPED</scheduledState>
</outputPort>
- <processGroup>
- <id>8d1afcd0-0175-1000-ffff-ffffb3690a74</id>
- <name>TLS events</name>
- <position x="-384.0" y="872.0" />
+ <funnel>
+ <id>06521038-335b-3139-839d-ab43a013ce03</id>
+ <position x="-1557.869726298236" y="758.8984861527665" />
+ </funnel>
+ <funnel>
+ <id>c8c0a13d-0170-1000-ffff-ffff874141fa</id>
+ <position x="248.5321508445502" y="703.4412774751572" />
+ </funnel>
+ <connection>
+ <id>216d4dcf-f425-33d0-a5c1-5cdf1402162e</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>06501f48-82c7-3c36-b99c-7368a322608b</sourceId>
+ <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>3bf497f2-3aed-3465-b91c-72ef6e53f0ea</destinationId>
+ <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>3c739604-b69c-3e86-ba4c-a4739078837c</id>
+ <name />
+ <bendPoints />
+ <labelIndex>0</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>9027e415-c8cd-355e-af16-0c635f43832f</sourceId>
+ <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>c8c0a13d-0170-1000-ffff-ffff874141fa</destinationId>
+ <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>295b97b9-1291-3a83-8191-78a300d0feaa</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>39492e6c-faf0-3bfa-bd16-51a1f8be4c71</sourceId>
+ <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>ac17155e-32f1-3be8-843e-00877c210519</destinationId>
+ <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>c8be8213-0170-1000-0000-0000695bc36c</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>fec43039-de5d-1e3b-850a-5e25d7b93c76</sourceId>
+ <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>a28a9e95-1003-3ea6-9af6-a334c1aec07c</destinationId>
+ <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>a056b363-8398-3877-8750-1bc9dcb9b1cd</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>ac17155e-32f1-3be8-843e-00877c210519</sourceId>
+ <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>06501f48-82c7-3c36-b99c-7368a322608b</destinationId>
+ <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>ee8556df-9826-3d45-82de-5c1c876db435</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>3bf497f2-3aed-3465-b91c-72ef6e53f0ea</sourceId>
+ <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>06521038-335b-3139-839d-ab43a013ce03</destinationId>
+ <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>2d0f222e-d08e-31fd-b5e1-1ce178368e4c</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>3bf497f2-3aed-3465-b91c-72ef6e53f0ea</sourceId>
+ <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>9027e415-c8cd-355e-af16-0c635f43832f</destinationId>
+ <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>ed8609a1-bd09-391e-831b-1ab5b53a5049</id>
+ <name />
+ <bendPoints />
+ <labelIndex>0</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>06501f48-82c7-3c36-b99c-7368a322608b</sourceId>
+ <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>c8c0a13d-0170-1000-ffff-ffff874141fa</destinationId>
+ <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>c8be6e60-0170-1000-ffff-ffffe34d52ef</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>9027e415-c8cd-355e-af16-0c635f43832f</sourceId>
+ <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>fec43039-de5d-1e3b-850a-5e25d7b93c76</destinationId>
+ <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>2a6e865b-4b36-3807-8bd7-eb2f39f95d4f</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>ac17155e-32f1-3be8-843e-00877c210519</sourceId>
+ <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>06521038-335b-3139-839d-ab43a013ce03</destinationId>
+ <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ </processGroup>
+ <processGroup>
+ <id>b3d57504-7c06-37a3-b59b-8723f60fa728</id>
+ <name>Test data</name>
+ <position x="-496.0" y="552.0" />
+ <comment />
+ <outputPort>
+ <id>d30dc946-251a-307c-8e88-f2262b0bb194</id>
+ <name>To enrichment</name>
+ <position x="731.0454088698874" y="433.2315817172085" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <processGroup>
+ <id>0c83ef26-0175-1000-ffff-ffffcac37910</id>
+ <name>Suricata</name>
+ <position x="462.0553417896858" y="119.99261716112323" />
+ <comment />
+ <processor>
+ <id>bb7dc9ff-2d25-3134-9617-cca3cabe9179</id>
+ <name>Alerts</name>
+ <position x="496.0" y="392.0" />
+ <styles />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>9279850b-0175-1000-0000-00001e74d182</id>
- <name>Copy SNI</name>
- <position x="504.0" y="320.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.UpdateRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>replacement-value-strategy</name>
- <value>record-path-value</value>
- </property>
- <property>
- <name>/tls/sni_length</name>
- <value>/tls/sni</value>
- </property>
- <property>
- <name>/tls/sni_domain_length</name>
- <value>/tls/sni</value>
- </property>
- <property>
- <name>/tls/sni_domain</name>
- <value>/tls/sni</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>349b3279-a821-1197-aaa6-7e5472dccbef</id>
- <name>Add sni_domain ++</name>
- <position x="504.0" y="544.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.UpdateRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>replacement-value-strategy</name>
- <value>literal-value</value>
- </property>
- <property>
- <name>/tls/sni_length</name>
- <value>${field.value:length():toNumber()}</value>
- </property>
- <property>
- <name>/tls/sni_domain_length</name>
- <value>${field.value:substringBeforeLast('.'):substringAfterLast('.'):append(${field.value:substringAfterLast('.'):prepend('.')}):length():toNumber()}</value>
- </property>
- <property>
- <name>/tls/sni_domain</name>
- <value>${field.value:substringBeforeLast('.'):substringAfterLast('.'):append(${field.value:substringAfterLast('.'):prepend('.')})}</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>349b3291-a821-1197-0000-000032560c6a</id>
- <name>Specify enrichment fields</name>
- <position x="504.0" y="752.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Delete Attributes Expression</name>
- </property>
- <property>
- <name>Store State</name>
- <value>Do not store state</value>
- </property>
- <property>
- <name>Stateful Variables Initial Value</name>
- </property>
- <property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
- </property>
- <property>
- <name>enrich_domain1</name>
- <value>/tls/sni_domain</value>
- </property>
- <property>
- <name>enrich_fqdn1</name>
- <value>/tls/sni</value>
- </property>
- </processor>
- <inputPort>
- <id>92795a59-0175-1000-ffff-ffff89bc5f21</id>
- <name>Input</name>
- <position x="552.9999060626994" y="144.00001181679164" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <outputPort>
- <id>349b32d8-a821-1197-0000-000025a75a3b</id>
- <name>Output</name>
- <position x="552.0" y="976.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
- <connection>
- <id>9279996e-0175-1000-0000-000037fbed8b</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>92795a59-0175-1000-ffff-ffff89bc5f21</sourceId>
- <sourceGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>9279850b-0175-1000-0000-00001e74d182</destinationId>
- <destinationGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>349b3297-a821-1197-0000-0000717807b6</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>349b3279-a821-1197-aaa6-7e5472dccbef</sourceId>
- <sourceGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>349b3291-a821-1197-0000-000032560c6a</destinationId>
- <destinationGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>349b327f-a821-1197-ffff-ffff8946a863</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>9279850b-0175-1000-0000-00001e74d182</sourceId>
- <sourceGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>349b3279-a821-1197-aaa6-7e5472dccbef</destinationId>
- <destinationGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>349b32da-a821-1197-0000-000047979e25</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>349b3291-a821-1197-0000-000032560c6a</sourceId>
- <sourceGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>349b32d8-a821-1197-0000-000025a75a3b</destinationId>
- <destinationGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <processGroup>
- <id>8d1ad21f-0175-1000-0000-00003c540411</id>
- <name>DNS events</name>
- <position x="-1000.0" y="872.0" />
+ <class>org.apache.nifi.processors.standard.GenerateFlowFile</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>10 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>File Size</name>
+ <value>0B</value>
+ </property>
+ <property>
+ <name>Batch Size</name>
+ <value>1</value>
+ </property>
+ <property>
+ <name>Data Format</name>
+ <value>Text</value>
+ </property>
+ <property>
+ <name>Unique FlowFiles</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>generate-ff-custom-text</name>
+ <value>[{"stream": 0,"flow": {"bytes_toserver": 74,"bytes_toclient": 0,"start": "${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}","pkts_toserver": 1,"pkts_toclient": 0},"vlan": 665,"ip_dst_port": 54323,"in_iface": "ens1f3","payload": "","timestamp": "${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}","proto": "TCP","event_type": "alert","alert": {"category": "Not Suspicious Traffic","severity": 3,"action": "allowed","gid": 1,"signature_id": 29999991,"rev": 1,"signature": "SOC TEST1"},"payload_printable": "","ip_src_addr": "10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","ip_src_port": 43844,"ip_dst_addr": "10.0.0.${random():mod(254):plus(1)}","host":"nifi.soctools.geant.org","host_domain":"geant.org"},
+{"timestamp":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}","alert":{"action":"allowed","category":"Potentially Bad Traffic","gid":1,"metadata":{"affected_product":["Any"],"attack_target":["Client_Endpoint"],"created_at":["2019_07_26"],"deployment":["Perimeter"],"former_category":["DNS"],"signature_severity":["Minor"],"updated_at":["2019_09_28"]},"rev":3,"severity":2,"signature":"ET DNS Query for .cc TLD","signature_id":2027758},"app_proto":"dns","destination":{"ip":"10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","port":53},"dns":{"query":[{"id":37261,"rrname":"static.arduino.cc","rrtype":"A","tx_id":2,"type":"query"}]},"event_type":"alert","flow":{"bytes_toclient":1039,"bytes_toserver":343,"pkts_toclient":2,"pkts_toserver":3,"start":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}"},"flow_id":1889254052511234,"in_iface":"if1","payload":"kY0BAAABAAAAAAABBnN0YXRpYwdhcmR1aW5vAmNjAAABAAEAACkPoAAAgAAAAA==","payload_printable":".............static.arduino.cc.......)........","proto":"UDP","source":{"ip":"10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","port":64164},"stream":0,"tx_id":2},
+{"timestamp":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}","TLP":"AMBER","alert":{"action":"allowed","category":"Attempted Information Leak","gid":1,"metadata":{"created_at":["2014_10_15"],"former_category":["CURRENT_EVENTS"],"updated_at":["2014_10_15"]},"rev":6,"severity":2,"signature":"ET EXPLOIT SSL excessive fatal alerts (possible POODLE attack against server)","signature_id":2019418},"app_proto":"tls","destination":{"ip":"10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","port":37220},"event_type":"alert","flow":{"bytes_toclient":247,"bytes_toserver":298,"pkts_toclient":4,"pkts_toserver":4,"start":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}"},"flow_id":43047386649621,"payload":"FQMAAAICKA==","payload_printable":"......(","proto":"TCP","source":{"ip":"10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","port":443},"stream":1,"tls":{"ja3":{},"version":"SSLv3"},"tx_id":0}]
+</value>
+ </property>
+ <property>
+ <name>character-set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>mime.type</name>
+ <value>application/json</value>
+ </property>
+ <property>
+ <name>enrich_domain1</name>
+ <value>/host_domain</value>
+ </property>
+ <property>
+ <name>enrich_ip1</name>
+ <value>/source/ip</value>
+ </property>
+ <property>
+ <name>enrich_fqdn1</name>
+ <value>/host</value>
+ </property>
+ <property>
+ <name>data_id</name>
+ <value>suricata_alert</value>
+ </property>
+ <property>
+ <name>data_index</name>
+ <value>logs-suricata-alert</value>
+ </property>
+ <property>
+ <name>data_type</name>
+ <value>suricata</value>
+ </property>
+ <property>
+ <name>enrich_ip2</name>
+ <value>/destination/ip</value>
+ </property>
+ </processor>
+ <processor>
+ <id>f8143c19-b547-1c84-90b7-2e3c37a659e7</id>
+ <name>TLS</name>
+ <position x="496.0" y="536.0" />
+ <styles />
<comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>8d37fe91-0175-1000-ffff-ffffb5c4de34</id>
- <name>Add rrname_domain++</name>
- <position x="1056.0" y="568.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.UpdateRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>replacement-value-strategy</name>
- <value>literal-value</value>
- </property>
- <property>
- <name>/dns/rrname_domain</name>
- <value>${field.value:substringBeforeLast('.'):substringAfterLast('.'):append(${field.value:substringAfterLast('.'):prepend('.')})}</value>
- </property>
- <property>
- <name>/dns/rrname_length</name>
- <value>${field.value:length():toNumber()}</value>
- </property>
- <property>
- <name>/dns/rrname_domain_length</name>
- <value>${field.value:substringBeforeLast('.'):substringAfterLast('.'):append(${field.value:substringAfterLast('.'):prepend('.')}):length():toNumber()}</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>8d312ef9-0175-1000-ffff-fffff23bbb0c</id>
- <name>Route on DNS type</name>
- <position x="1056.0" y="128.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.RouteOnAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Routing Strategy</name>
- <value>Route to Property name</value>
- </property>
- <property>
- <name>answer</name>
- <value>${type:contains("answer")}</value>
- </property>
- </processor>
- <processor>
- <id>8d2262f6-0175-1000-0000-000029eaa6ef</id>
- <name>Partition on dns message type</name>
- <position x="432.0" y="136.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.PartitionRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>type</name>
- <value>/dns/type</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- <autoTerminatedRelationship>original</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>8d36474f-0175-1000-0000-00003a8dd2d0</id>
- <name>UpdateAttribute</name>
- <position x="1056.0" y="768.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Delete Attributes Expression</name>
- </property>
- <property>
- <name>Store State</name>
- <value>Do not store state</value>
- </property>
- <property>
- <name>Stateful Variables Initial Value</name>
- </property>
- <property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
- </property>
- <property>
- <name>enrich_domain1</name>
- <value>/dns/rrname_domain</value>
- </property>
- <property>
- <name>enrich_fqdn1</name>
- <value>/dns/rrname</value>
- </property>
- </processor>
- <processor>
- <id>8d34409e-0175-1000-ffff-ffff99eb371d</id>
- <name>Extract rrname_domain++</name>
- <position x="1056.0" y="368.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.UpdateRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>replacement-value-strategy</name>
- <value>literal-value</value>
- </property>
- <property>
- <name>/dns/rrname_domain</name>
- <value>/dns/rrname</value>
- </property>
- <property>
- <name>/dns/rrname_length</name>
- <value>/dns/rrname</value>
- </property>
- <property>
- <name>/dns/rrname_domain_length</name>
- <value>/dns/rrname</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <inputPort>
- <id>8d212c22-0175-1000-ffff-fffffbc39157</id>
- <name>Input</name>
- <position x="488.0" y="0.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <outputPort>
- <id>8d211b58-0175-1000-0000-000003eb5f3b</id>
- <name>Output</name>
- <position x="448.0" y="808.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
- <connection>
- <id>8d3979b7-0175-1000-ffff-ffffe2efe898</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8d37fe91-0175-1000-ffff-ffffb5c4de34</sourceId>
- <sourceGroupId>8d1ad21f-0175-1000-0000-00003c540411</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>8d36474f-0175-1000-0000-00003a8dd2d0</destinationId>
- <destinationGroupId>8d1ad21f-0175-1000-0000-00003c540411</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>8d3afc9a-0175-1000-ffff-ffffe1ef144c</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8d36474f-0175-1000-0000-00003a8dd2d0</sourceId>
- <sourceGroupId>8d1ad21f-0175-1000-0000-00003c540411</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>8d211b58-0175-1000-0000-000003eb5f3b</destinationId>
- <destinationGroupId>8d1ad21f-0175-1000-0000-00003c540411</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>8d30f240-0175-1000-ffff-ffffa4cc8a58</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8d212c22-0175-1000-ffff-fffffbc39157</sourceId>
- <sourceGroupId>8d1ad21f-0175-1000-0000-00003c540411</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>8d2262f6-0175-1000-0000-000029eaa6ef</destinationId>
- <destinationGroupId>8d1ad21f-0175-1000-0000-00003c540411</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>8d3b1d93-0175-1000-ffff-ffffe953d6b9</id>
- <name />
- <bendPoints>
- <bendPoint x="568.0" y="400.0" />
- </bendPoints>
- <labelIndex>0</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8d312ef9-0175-1000-ffff-fffff23bbb0c</sourceId>
- <sourceGroupId>8d1ad21f-0175-1000-0000-00003c540411</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>8d211b58-0175-1000-0000-000003eb5f3b</destinationId>
- <destinationGroupId>8d1ad21f-0175-1000-0000-00003c540411</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>unmatched</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>8d3821ce-0175-1000-0000-000046a72d11</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8d34409e-0175-1000-ffff-ffff99eb371d</sourceId>
- <sourceGroupId>8d1ad21f-0175-1000-0000-00003c540411</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>8d37fe91-0175-1000-ffff-ffffb5c4de34</destinationId>
- <destinationGroupId>8d1ad21f-0175-1000-0000-00003c540411</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>8d3281c3-0175-1000-ffff-ffffed50fa50</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8d2262f6-0175-1000-0000-000029eaa6ef</sourceId>
- <sourceGroupId>8d1ad21f-0175-1000-0000-00003c540411</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>8d312ef9-0175-1000-ffff-fffff23bbb0c</destinationId>
- <destinationGroupId>8d1ad21f-0175-1000-0000-00003c540411</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>8d3485f4-0175-1000-0000-0000175959ff</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8d312ef9-0175-1000-ffff-fffff23bbb0c</sourceId>
- <sourceGroupId>8d1ad21f-0175-1000-0000-00003c540411</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>8d34409e-0175-1000-ffff-ffff99eb371d</destinationId>
- <destinationGroupId>8d1ad21f-0175-1000-0000-00003c540411</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>answer</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <connection>
- <id>349b32bb-a821-1197-ffff-ffff81dc7ff2</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8d1bef35-0175-1000-0000-0000746fa33d</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>92795a59-0175-1000-ffff-ffff89bc5f21</destinationId>
- <destinationGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship>tls</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>8d19c8d7-0175-1000-ffff-ffffe3aa385d</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>1a038948-9e9a-3523-b899-990077bfd575</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>46cdd7aa-91f0-307c-90aa-65747e558f25</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>8d13df9c-0175-1000-0000-0000562b802e</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8d13c952-0175-1000-0000-00007e8f4cae</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>24e1d8ed-10f4-3b46-958c-f2fb676e3192</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>f9a8aee6-502f-3eb9-8806-8964276d4ca0</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>24e1d8ed-10f4-3b46-958c-f2fb676e3192</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>1a038948-9e9a-3523-b899-990077bfd575</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>8d2364b0-0175-1000-ffff-ffffa2a4601f</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8d1bef35-0175-1000-0000-0000746fa33d</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>8d212c22-0175-1000-ffff-fffffbc39157</destinationId>
- <destinationGroupId>8d1ad21f-0175-1000-0000-00003c540411</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship>dns</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>8d1a6818-0175-1000-ffff-ffffeebd7e98</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>46cdd7aa-91f0-307c-90aa-65747e558f25</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>fd6b6513-51f8-3a96-a764-13bd39ec7f84</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>349b32e1-a821-1197-0000-00000d7cca30</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>349b32d8-a821-1197-0000-000025a75a3b</sourceId>
- <sourceGroupId>8d1afcd0-0175-1000-ffff-ffffb3690a74</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>055308a4-d020-39a9-9da4-b165796ef717</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>8d1c1701-0175-1000-ffff-fffff7364622</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>fd6b6513-51f8-3a96-a764-13bd39ec7f84</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>8d1bef35-0175-1000-0000-0000746fa33d</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>9266feff-0175-1000-ffff-ffff8c7d68c1</id>
- <name />
- <bendPoints>
- <bendPoint x="-1208.0" y="952.0" />
- </bendPoints>
- <labelIndex>0</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8d1bef35-0175-1000-0000-0000746fa33d</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>055308a4-d020-39a9-9da4-b165796ef717</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>unmatched</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>9266e0c5-0175-1000-0000-00006aafc0f8</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8d211b58-0175-1000-0000-000003eb5f3b</sourceId>
- <sourceGroupId>8d1ad21f-0175-1000-0000-00003c540411</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>055308a4-d020-39a9-9da4-b165796ef717</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <processGroup>
- <id>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</id>
- <name>Mysql</name>
- <position x="-440.0" y="1272.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>14453e90-7646-1485-ffff-ffff81f3c683</id>
- <name>Add header</name>
- <position x="344.0" y="-8.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.ReplaceText</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Regular Expression</name>
- <value>(?s)(^.*$)</value>
- </property>
- <property>
- <name>Replacement Value</name>
- <value>timestamp,serverhost,username,host,connectionid,queryid,operation,database,object,retcode
-</value>
- </property>
- <property>
- <name>Character Set</name>
- <value>UTF-8</value>
- </property>
- <property>
- <name>Maximum Buffer Size</name>
- <value>1 MB</value>
- </property>
- <property>
- <name>Replacement Strategy</name>
- <value>Prepend</value>
- </property>
- <property>
- <name>Evaluation Mode</name>
- <value>Entire text</value>
- </property>
- <property>
- <name>Line-by-Line Evaluation Mode</name>
- <value>All</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>e0bd3907-2d13-1407-b2dd-48591e65e59d</id>
- <name>UpdateRecord</name>
- <position x="-336.0" y="416.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.UpdateRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>replacement-value-strategy</name>
- <value>literal-value</value>
- </property>
- <property>
- <name>/event_type</name>
- <value>log</value>
- </property>
- <property>
- <name>/labels/source_host</name>
- <value>${source_host}</value>
- </property>
- <property>
- <name>/timestamp</name>
- <value>${field.value:toDate('yyMMdd HH:mm:ss'):format("yyyy-MM-dd'T'HH:mm:ss.SSSXXX")}</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>50813f6b-a5f6-1a98-8ae4-115134714332</id>
- <name>UpdateRecord</name>
- <position x="352.0" y="472.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.UpdateRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>replacement-value-strategy</name>
- <value>literal-value</value>
- </property>
- <property>
- <name>/event_type</name>
- <value>audit</value>
- </property>
- <property>
- <name>/labels/source_host</name>
- <value>${source_host}</value>
- </property>
- <property>
- <name>/timestamp</name>
- <value>${field.value:toDate('yyyyMMdd HH:mm:ss'):format("yyyy-MM-dd'T'HH:mm:ss.SSSXXX")}</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>e4353681-23e9-15af-0000-000032ea35e3</id>
- <name>RouteOnAttribute</name>
- <position x="-352.0" y="0.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.RouteOnAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Routing Strategy</name>
- <value>Route to Property name</value>
- </property>
- <property>
- <name>audit</name>
- <value>${source_file:contains("audit")}</value>
- </property>
- </processor>
- <processor>
- <id>f92d3f77-958a-1344-bd3b-7c93457e5c12</id>
- <name>Extract message</name>
- <position x="-360.0" y="-216.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.ConvertRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>bc8e5957-0175-1000-0000-00003346421d</value>
- </property>
- <property>
- <name>include-zero-record-flowfiles</name>
- <value>true</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>92693a34-99da-1004-adfb-bdf4aa7e1c30</id>
- <name>Convert to json</name>
- <position x="352.0" y="240.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.ConvertRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>14453a95-7646-1485-0000-00002c675762</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>include-zero-record-flowfiles</name>
- <value>false</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>48723b8e-fae0-14e6-afdc-85c239646dc0</id>
- <name>UpdateAttribute</name>
- <position x="-320.0" y="648.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Delete Attributes Expression</name>
- </property>
- <property>
- <name>Store State</name>
- <value>Do not store state</value>
- </property>
- <property>
- <name>Stateful Variables Initial Value</name>
- </property>
- <property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
- </property>
- <property>
- <name>data_index</name>
- <value>logs-mysql</value>
- </property>
- <property>
- <name>enrich_ip1</name>
- <value>/client.ip</value>
- </property>
- </processor>
- <processor>
- <id>14453a41-7646-1485-b398-28f819de4a45</id>
- <name>Convert to json</name>
- <position x="-336.0" y="200.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.ConvertRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>70ea12d7-0176-1000-ffff-ffffee2ee306</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>include-zero-record-flowfiles</name>
- <value>false</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <inputPort>
- <id>7f683020-779c-1bc9-85da-5bad079d5d9d</id>
- <name>Input</name>
- <position x="-312.0" y="-336.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <outputPort>
- <id>bcbb33ba-112e-1f53-8982-d5ae9f0e701f</id>
- <name>Output</name>
- <position x="-256.0" y="960.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
- <connection>
- <id>14453eaa-7646-1485-0000-000070b97065</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>14453e90-7646-1485-ffff-ffff81f3c683</sourceId>
- <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>92693a34-99da-1004-adfb-bdf4aa7e1c30</destinationId>
- <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>e43535a1-23e9-15af-9f98-2061dd6f97d6</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>92693a34-99da-1004-adfb-bdf4aa7e1c30</sourceId>
- <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>50813f6b-a5f6-1a98-8ae4-115134714332</destinationId>
- <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>70e77065-0176-1000-0000-00001479fdf4</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>e0bd3907-2d13-1407-b2dd-48591e65e59d</sourceId>
- <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>48723b8e-fae0-14e6-afdc-85c239646dc0</destinationId>
- <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>cf95350a-de6c-1a4b-8183-8f9cfa11449a</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>7f683020-779c-1bc9-85da-5bad079d5d9d</sourceId>
- <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>f92d3f77-958a-1344-bd3b-7c93457e5c12</destinationId>
- <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>14453fcf-7646-1485-ffff-ffff952df142</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>e4353681-23e9-15af-0000-000032ea35e3</sourceId>
- <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>14453e90-7646-1485-ffff-ffff81f3c683</destinationId>
- <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>audit</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>3e21311d-dc5c-143f-b39e-d8fb8c9fd36d</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>50813f6b-a5f6-1a98-8ae4-115134714332</sourceId>
- <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>48723b8e-fae0-14e6-afdc-85c239646dc0</destinationId>
- <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>14453a4b-7646-1485-ffff-fffffc8f5285</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>e4353681-23e9-15af-0000-000032ea35e3</sourceId>
- <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>14453a41-7646-1485-b398-28f819de4a45</destinationId>
- <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>unmatched</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>7fe931b3-82b3-1699-b49a-d380dd14a5b8</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>48723b8e-fae0-14e6-afdc-85c239646dc0</sourceId>
- <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>bcbb33ba-112e-1f53-8982-d5ae9f0e701f</destinationId>
- <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>a35e3744-5906-1ee9-abc4-205356ca01d1</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>f92d3f77-958a-1344-bd3b-7c93457e5c12</sourceId>
- <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>e4353681-23e9-15af-0000-000032ea35e3</destinationId>
- <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>70e8f3cb-0176-1000-0000-00006d2cdbf5</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>14453a41-7646-1485-b398-28f819de4a45</sourceId>
- <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>e0bd3907-2d13-1407-b2dd-48591e65e59d</destinationId>
- <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <processGroup>
- <id>5d04357e-423c-1ab5-a7a4-44565abfed7f</id>
- <name>Haproxy</name>
- <position x="-448.0" y="664.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>c9763c4c-7186-1460-871a-b5fd00ca3241</id>
- <name>UpdateRecord</name>
- <position x="352.0" y="472.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.UpdateRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>replacement-value-strategy</name>
- <value>literal-value</value>
- </property>
- <property>
- <name>/labels/source_host</name>
- <value>${source_host}</value>
- </property>
- <property>
- <name>/timestamp</name>
- <value>${field.value:toDate('dd/MMM/yyyy:HH:mm:ss.SSS'):format("yyyy-MM-dd'T'HH:mm:ss.SSSXXX")}</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>e4c8356d-54ad-15b5-94fe-799d9465aa51</id>
- <name>Extract message</name>
- <position x="352.0" y="280.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.ConvertRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>bc8e5957-0175-1000-0000-00003346421d</value>
- </property>
- <property>
- <name>include-zero-record-flowfiles</name>
- <value>true</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>f6e63fd3-6150-1d72-a58a-46b43bc5d5c2</id>
- <name>Convert to json</name>
- <position x="1064.0" y="272.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.ConvertRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>56ebe0aa-0176-1000-ffff-ffffbd212f01</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>include-zero-record-flowfiles</name>
- <value>false</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>7fbd38e8-60a2-1503-8a6c-ffc6b156b3b0</id>
- <name>UpdateAttribute</name>
- <position x="1072.0" y="472.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Delete Attributes Expression</name>
- </property>
- <property>
- <name>Store State</name>
- <value>Do not store state</value>
- </property>
- <property>
- <name>Stateful Variables Initial Value</name>
- </property>
- <property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
- </property>
- <property>
- <name>data_index</name>
- <value>logs-haproxy</value>
- </property>
- <property>
- <name>enrich_ip1</name>
- <value>/client.ip</value>
- </property>
- </processor>
- <inputPort>
- <id>65a33e05-e157-1bfc-8741-adf11b3df720</id>
- <name>Input</name>
- <position x="397.9999517774115" y="110.99999315685733" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <outputPort>
- <id>328b35e2-eb52-1f47-b84d-52941eff8a07</id>
- <name>Output</name>
- <position x="1120.0" y="808.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
- <connection>
- <id>960f3ac9-95dc-103d-a70a-ca3b070851a4</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>7fbd38e8-60a2-1503-8a6c-ffc6b156b3b0</sourceId>
- <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>328b35e2-eb52-1f47-b84d-52941eff8a07</destinationId>
- <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>0ecb3e12-768e-1896-a850-2a2bec52eb95</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>c9763c4c-7186-1460-871a-b5fd00ca3241</sourceId>
- <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>7fbd38e8-60a2-1503-8a6c-ffc6b156b3b0</destinationId>
- <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>b5d43cea-5555-10b0-b75f-b88a95e9c6aa</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>65a33e05-e157-1bfc-8741-adf11b3df720</sourceId>
- <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>e4c8356d-54ad-15b5-94fe-799d9465aa51</destinationId>
- <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>484a3eab-4af3-11cd-abe2-d5ee6fc1a291</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>e4c8356d-54ad-15b5-94fe-799d9465aa51</sourceId>
- <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>f6e63fd3-6150-1d72-a58a-46b43bc5d5c2</destinationId>
- <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>39ef3a2d-874e-11a6-87be-0b3582fa43de</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>f6e63fd3-6150-1d72-a58a-46b43bc5d5c2</sourceId>
- <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>c9763c4c-7186-1460-871a-b5fd00ca3241</destinationId>
- <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <processGroup>
- <id>7263390f-914c-1f6e-9451-75f908ed8816</id>
- <name>Elasticsearch</name>
- <position x="-1904.0" y="488.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>295133bd-42e6-1b08-80c5-bea2e19921fc</id>
- <name>UpdateAttribute</name>
- <position x="360.0" y="600.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Delete Attributes Expression</name>
- </property>
- <property>
- <name>Store State</name>
- <value>Do not store state</value>
- </property>
- <property>
- <name>Stateful Variables Initial Value</name>
- </property>
- <property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
- </property>
- <property>
- <name>data_index</name>
- <value>logs-elasticsearch</value>
- </property>
- </processor>
- <inputPort>
- <id>39ce3238-1ebd-1c2c-b724-01d18f147b6f</id>
- <name>Input</name>
- <position x="408.0" y="320.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <outputPort>
- <id>bbc63756-9681-13b9-8c07-20c82f62ceca</id>
- <name>Output</name>
- <position x="408.0" y="920.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
- <connection>
- <id>15e0341e-6dd3-172a-b2b5-8f1d5740fea1</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>39ce3238-1ebd-1c2c-b724-01d18f147b6f</sourceId>
- <sourceGroupId>7263390f-914c-1f6e-9451-75f908ed8816</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>295133bd-42e6-1b08-80c5-bea2e19921fc</destinationId>
- <destinationGroupId>7263390f-914c-1f6e-9451-75f908ed8816</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>af99379e-bf26-19c5-bd70-bd6d405fb0b7</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>295133bd-42e6-1b08-80c5-bea2e19921fc</sourceId>
- <sourceGroupId>7263390f-914c-1f6e-9451-75f908ed8816</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>bbc63756-9681-13b9-8c07-20c82f62ceca</destinationId>
- <destinationGroupId>7263390f-914c-1f6e-9451-75f908ed8816</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <processGroup>
- <id>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</id>
- <name>Keycloak</name>
- <position x="-440.0" y="1064.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>8e17350e-583e-1130-8ec7-bd2dc5d4f361</id>
- <name>UpdateAttribute</name>
- <position x="344.0" y="736.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Delete Attributes Expression</name>
- </property>
- <property>
- <name>Store State</name>
- <value>Do not store state</value>
- </property>
- <property>
- <name>Stateful Variables Initial Value</name>
- </property>
- <property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
- </property>
- <property>
- <name>data_index</name>
- <value>logs-keycloak</value>
- </property>
- </processor>
- <processor>
- <id>fbbe3f9c-5336-11c9-0000-00003ab5dde5</id>
- <name>Fix timestamp</name>
- <position x="352.0" y="480.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.jolt.record.JoltTransformRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-jolt-record-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>jolt-record-record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>jolt-record-record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>jolt-record-transform</name>
- <value>jolt-transform-chain</value>
- </property>
- <property>
- <name>jolt-record-custom-class</name>
- </property>
- <property>
- <name>jolt-record-custom-modules</name>
- </property>
- <property>
- <name>jolt-record-spec</name>
- <value>[
- {
- "operation": "shift",
- "spec": {
- "timestamp": {
- "1": "timestamp"
- },
- "*": "&"
- }
- }
-]</value>
- </property>
- <property>
- <name>jolt-record-transform-cache-size</name>
- <value>1</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- <autoTerminatedRelationship>original</autoTerminatedRelationship>
- </processor>
- <inputPort>
- <id>10cb3b64-e867-1d81-bd59-eb9cf6883f24</id>
- <name>Input</name>
- <position x="408.0" y="320.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <outputPort>
- <id>84dc3511-1322-175b-8083-9729037f8edb</id>
- <name>Output</name>
- <position x="392.0" y="984.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
- <connection>
- <id>fbbe3fbf-5336-11c9-ffff-ffffb7c3576e</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>fbbe3f9c-5336-11c9-0000-00003ab5dde5</sourceId>
- <sourceGroupId>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>8e17350e-583e-1130-8ec7-bd2dc5d4f361</destinationId>
- <destinationGroupId>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>50c83129-28e1-1d45-bafe-912df3cdf284</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>10cb3b64-e867-1d81-bd59-eb9cf6883f24</sourceId>
- <sourceGroupId>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>fbbe3f9c-5336-11c9-0000-00003ab5dde5</destinationId>
- <destinationGroupId>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>fbbe3ede-5336-11c9-8870-deb7fffd14ae</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8e17350e-583e-1130-8ec7-bd2dc5d4f361</sourceId>
- <sourceGroupId>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>84dc3511-1322-175b-8083-9729037f8edb</destinationId>
- <destinationGroupId>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <processGroup>
- <id>83691174-683f-3c7c-8526-8fc00397aee1</id>
- <name>Zeek</name>
- <position x="-448.0" y="464.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>fec43039-de5d-1e3b-850a-5e25d7b93c76</id>
- <name>UpdateAttribute</name>
- <position x="-1121.584644408096" y="913.629598069974" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Delete Attributes Expression</name>
- </property>
- <property>
- <name>Store State</name>
- <value>Do not store state</value>
- </property>
- <property>
- <name>Stateful Variables Initial Value</name>
- </property>
- <property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
- </property>
- <property>
- <name>data_index</name>
- <value>logs-uninett-darknet</value>
- </property>
- <property>
- <name>mime.type</name>
- <value>application/json</value>
- </property>
- <property>
- <name>enrich_ip2</name>
- <value>/destination/ip</value>
- </property>
- <property>
- <name>enrich_ip1</name>
- <value>/source/ip</value>
- </property>
- <property>
- <name>TLP</name>
- <value>AMBER</value>
- </property>
- </processor>
- <processor>
- <id>9027e415-c8cd-355e-af16-0c635f43832f</id>
- <name>Convert timestamp and add fields</name>
- <position x="-472.77987807459795" y="696.7530680701591" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.UpdateRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>replacement-value-strategy</name>
- <value>literal-value</value>
- </property>
- <property>
- <name>/data_type</name>
- <value>zeek</value>
- </property>
- <property>
- <name>/data_index</name>
- <value>logs-zeek-conn</value>
- </property>
- <property>
- <name>/data_id</name>
- <value>zeek_conn</value>
- </property>
- <property>
- <name>/timestamp</name>
- <value>${field.value:multiply(1000):format('yyyy-MM-dd HH:mm:ss.SSSZ'):replace(' ','T'):replaceFirst('\+(\d\d)(\d\d)','+$1:$2')}</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>3bf497f2-3aed-3465-b91c-72ef6e53f0ea</id>
- <name>Normalize fields</name>
- <position x="-1121.1565561587029" y="706.9002449806696" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.jolt.record.JoltTransformRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-jolt-record-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>jolt-record-record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>jolt-record-record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>jolt-record-transform</name>
- <value>jolt-transform-chain</value>
- </property>
- <property>
- <name>jolt-record-custom-class</name>
- </property>
- <property>
- <name>jolt-record-custom-modules</name>
- </property>
- <property>
- <name>jolt-record-spec</name>
- <value>[{
- "operation": "modify-overwrite-beta",
- "spec": {
- "*": "=recursivelySquashNulls"
- }
- },{
- "operation": "shift",
- "spec": {
- "*": {
- "json": {
- "*": "[&2].&"
- },
- "host": {
- "name": "[&2].labels.source_host"
- },
- "source": "[&1].labels.source"
- }
- }
-}, {
- "operation": "shift",
- "spec": {
- "*": {
- "ts": "[&1].timestamp",
- "id.resp_h":"[&1].destination.ip",
- "id.resp_p":"[&1].destination.port",
- "id.orig_h":"[&1].source.ip",
- "id.orig_p":"[&1].source.port",
- "*": "[&1].&"
- }
- }
-}, {
- "operation": "modify-overwrite-beta",
- "spec": {
- "*": {
- "timestamp": "=toString"
- }
- }
-}]</value>
- </property>
- <property>
- <name>jolt-record-transform-cache-size</name>
- <value>1</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- <autoTerminatedRelationship>original</autoTerminatedRelationship>
- </processor>
- <inputPort>
- <id>349b3362-a821-1197-ffff-ffff91d0e6c0</id>
- <name>Input</name>
- <position x="-1072.0" y="520.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <outputPort>
- <id>a28a9e95-1003-3ea6-9af6-a334c1aec07c</id>
- <name>To enrichment</name>
- <position x="-1065.7090714972117" y="1164.8389289189608" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
- <connection>
- <id>c8be8213-0170-1000-0000-0000695bc36c</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>fec43039-de5d-1e3b-850a-5e25d7b93c76</sourceId>
- <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>a28a9e95-1003-3ea6-9af6-a334c1aec07c</destinationId>
- <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>2d0f222e-d08e-31fd-b5e1-1ce178368e4c</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>3bf497f2-3aed-3465-b91c-72ef6e53f0ea</sourceId>
- <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>9027e415-c8cd-355e-af16-0c635f43832f</destinationId>
- <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>c8be6e60-0170-1000-ffff-ffffe34d52ef</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>9027e415-c8cd-355e-af16-0c635f43832f</sourceId>
- <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>fec43039-de5d-1e3b-850a-5e25d7b93c76</destinationId>
- <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>349b3364-a821-1197-0000-000063d0c208</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>349b3362-a821-1197-ffff-ffff91d0e6c0</sourceId>
- <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>3bf497f2-3aed-3465-b91c-72ef6e53f0ea</destinationId>
- <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <processGroup>
- <id>31b13b40-8e26-1798-9777-2272881c6031</id>
- <name>Zookeeper</name>
- <position x="-440.0" y="1488.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>b09b367b-060f-1e74-9a96-ca5ba5f88858</id>
- <name>UpdateRecord</name>
- <position x="352.0" y="472.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.UpdateRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>replacement-value-strategy</name>
- <value>literal-value</value>
- </property>
- <property>
- <name>/labels/source_host</name>
- <value>${source_host}</value>
- </property>
- <property>
- <name>/timestamp</name>
- <value>${field.value:toDate('yyyy-MM-dd HH:mm:ss,SSS'):format("yyyy-MM-dd'T'HH:mm:ss.SSSXXX")}</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>dd3b361c-4e9c-158c-ba31-61006a0b21b7</id>
- <name>UpdateAttribute</name>
- <position x="1072.0" y="472.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Delete Attributes Expression</name>
- </property>
- <property>
- <name>Store State</name>
- <value>Do not store state</value>
- </property>
- <property>
- <name>Stateful Variables Initial Value</name>
- </property>
- <property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
- </property>
- <property>
- <name>data_index</name>
- <value>logs-zookeeper</value>
- </property>
- </processor>
- <processor>
- <id>4b1c38b7-8f98-1a81-96c9-17e3eccc45b2</id>
- <name>Extract message</name>
- <position x="352.0" y="280.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.ConvertRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>bc8e5957-0175-1000-0000-00003346421d</value>
- </property>
- <property>
- <name>include-zero-record-flowfiles</name>
- <value>true</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>38f03e95-db26-1287-be1a-4218f647596a</id>
- <name>Convert to json</name>
- <position x="1064.0" y="272.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.ConvertRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>record-reader</name>
- <value>7504a565-0176-1000-ffff-ffff9c0f0741</value>
- </property>
- <property>
- <name>record-writer</name>
- <value>17b30955-5464-3709-8a32-69a459850cfa</value>
- </property>
- <property>
- <name>include-zero-record-flowfiles</name>
- <value>false</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <inputPort>
- <id>a77d3c33-9575-1926-b230-9cf1fca55e7e</id>
- <name>Input</name>
- <position x="397.9999517774115" y="110.99999315685733" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <outputPort>
- <id>f1e73393-065a-1450-9ad0-fd7cdb57853f</id>
- <name>Output</name>
- <position x="1120.0" y="808.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
- <connection>
- <id>4b353d86-8a69-1ca1-bc1c-8db0049f5886</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>38f03e95-db26-1287-be1a-4218f647596a</sourceId>
- <sourceGroupId>31b13b40-8e26-1798-9777-2272881c6031</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>b09b367b-060f-1e74-9a96-ca5ba5f88858</destinationId>
- <destinationGroupId>31b13b40-8e26-1798-9777-2272881c6031</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>b05339e8-7bbc-1975-a9b2-4bc789dda2df</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>a77d3c33-9575-1926-b230-9cf1fca55e7e</sourceId>
- <sourceGroupId>31b13b40-8e26-1798-9777-2272881c6031</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>4b1c38b7-8f98-1a81-96c9-17e3eccc45b2</destinationId>
- <destinationGroupId>31b13b40-8e26-1798-9777-2272881c6031</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>5d6f3995-2075-11db-ba4b-1b76e1ed6473</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>b09b367b-060f-1e74-9a96-ca5ba5f88858</sourceId>
- <sourceGroupId>31b13b40-8e26-1798-9777-2272881c6031</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>dd3b361c-4e9c-158c-ba31-61006a0b21b7</destinationId>
- <destinationGroupId>31b13b40-8e26-1798-9777-2272881c6031</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>2a0131b7-9c0d-157d-a9ac-abd12398f2a8</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>4b1c38b7-8f98-1a81-96c9-17e3eccc45b2</sourceId>
- <sourceGroupId>31b13b40-8e26-1798-9777-2272881c6031</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>38f03e95-db26-1287-be1a-4218f647596a</destinationId>
- <destinationGroupId>31b13b40-8e26-1798-9777-2272881c6031</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>5a2e3db4-49d3-187d-9db9-3f0b48a2c6af</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>dd3b361c-4e9c-158c-ba31-61006a0b21b7</sourceId>
- <sourceGroupId>31b13b40-8e26-1798-9777-2272881c6031</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>f1e73393-065a-1450-9ad0-fd7cdb57853f</destinationId>
- <destinationGroupId>31b13b40-8e26-1798-9777-2272881c6031</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <processGroup>
- <id>f0f934a9-853a-1a19-a9cc-f878a5606bce</id>
- <name>Kibana</name>
- <position x="-440.0" y="864.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>992c3710-1c87-169c-ab17-d2597387a25e</id>
- <name>UpdateAttribute</name>
- <position x="360.0" y="512.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Delete Attributes Expression</name>
- </property>
- <property>
- <name>Store State</name>
- <value>Do not store state</value>
- </property>
- <property>
- <name>Stateful Variables Initial Value</name>
- </property>
- <property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
- </property>
- <property>
- <name>data_index</name>
- <value>logs-kibana</value>
- </property>
- </processor>
- <inputPort>
- <id>a22b30c4-53f8-19c0-bdbb-0632e99a17d9</id>
- <name>Input</name>
- <position x="408.0" y="320.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <outputPort>
- <id>887c36a6-39d6-1b60-8a83-d4d10ea7e03b</id>
- <name>Output</name>
- <position x="408.0" y="760.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
- <connection>
- <id>cc403fb4-8d68-1c68-82c3-b9af4affddaa</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>a22b30c4-53f8-19c0-bdbb-0632e99a17d9</sourceId>
- <sourceGroupId>f0f934a9-853a-1a19-a9cc-f878a5606bce</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>992c3710-1c87-169c-ab17-d2597387a25e</destinationId>
- <destinationGroupId>f0f934a9-853a-1a19-a9cc-f878a5606bce</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>b9e33c29-910f-134a-8390-2970800d7fcf</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>992c3710-1c87-169c-ab17-d2597387a25e</sourceId>
- <sourceGroupId>f0f934a9-853a-1a19-a9cc-f878a5606bce</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>887c36a6-39d6-1b60-8a83-d4d10ea7e03b</destinationId>
- <destinationGroupId>f0f934a9-853a-1a19-a9cc-f878a5606bce</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <connection>
- <id>fbbe3f1b-5336-11c9-ffff-ffffd29d2f5c</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>84dc3511-1322-175b-8083-9729037f8edb</sourceId>
- <sourceGroupId>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
- <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>56e5f029-0176-1000-ffff-fffff7512a3b</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>328b35e2-eb52-1f47-b84d-52941eff8a07</sourceId>
- <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
- <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>e43535d0-23e9-15af-ffff-ffffa44d6172</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>bcbb33ba-112e-1f53-8982-d5ae9f0e701f</sourceId>
- <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
- <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>349b339b-a821-1197-0000-00002e648df6</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>a28a9e95-1003-3ea6-9af6-a334c1aec07c</sourceId>
- <sourceGroupId>83691174-683f-3c7c-8526-8fc00397aee1</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
- <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>75109cc1-0176-1000-ffff-ffff86db235d</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>f1e73393-065a-1450-9ad0-fd7cdb57853f</sourceId>
- <sourceGroupId>31b13b40-8e26-1798-9777-2272881c6031</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
- <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>8d0ea3d4-0175-1000-0000-0000471b8522</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
- <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>89639d3d-0175-1000-ffff-ffffb446c257</destinationId>
- <destinationGroupId>89636688-0175-1000-ffff-ffffb1b28a38</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship>unmatched</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>7558e6dd-0176-1000-ffff-ffffec9061a8</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
- <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>39ce3238-1ebd-1c2c-b724-01d18f147b6f</destinationId>
- <destinationGroupId>7263390f-914c-1f6e-9451-75f908ed8816</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship>elasticsearch</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>fbbe3ee1-5336-11c9-ffff-ffffa7c97811</id>
- <name />
- <bendPoints>
- <bendPoint x="-720.0" y="1016.0" />
- <bendPoint x="-584.0" y="1152.0" />
- </bendPoints>
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
- <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>10cb3b64-e867-1d81-bd59-eb9cf6883f24</destinationId>
- <destinationGroupId>f88732b0-d93f-1f6e-ba01-40b41ea20fe3</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship>keycloak</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>8d1fe825-0175-1000-ffff-fffff0505cdc</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
- <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>8d13c952-0175-1000-0000-00007e8f4cae</destinationId>
- <destinationGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship>suricata</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>74ff448b-0176-1000-0000-00002e302e83</id>
- <name />
- <bendPoints>
- <bendPoint x="-688.0" y="1576.0" />
- </bendPoints>
- <labelIndex>0</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
- <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>a77d3c33-9575-1926-b230-9cf1fca55e7e</destinationId>
- <destinationGroupId>31b13b40-8e26-1798-9777-2272881c6031</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship>zookeeper</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>349b3398-a821-1197-ffff-ffffc5ae6471</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
- <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>349b3362-a821-1197-ffff-ffff91d0e6c0</destinationId>
- <destinationGroupId>83691174-683f-3c7c-8526-8fc00397aee1</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship>zeek</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>61c51cd8-0176-1000-ffff-ffff9247ba7c</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>887c36a6-39d6-1b60-8a83-d4d10ea7e03b</sourceId>
- <sourceGroupId>f0f934a9-853a-1a19-a9cc-f878a5606bce</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
- <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>bc6e50cc-0175-1000-ffff-ffffbd982e0c</id>
- <name />
- <bendPoints />
- <labelIndex>0</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
- <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>bc6c2159-0175-1000-ffff-ffffb4de4d47</destinationId>
- <destinationGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship>nifi</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>56e5add3-0176-1000-ffff-ffffd667d1f6</id>
- <name />
- <bendPoints>
- <bendPoint x="-584.0" y="624.0" />
- </bendPoints>
- <labelIndex>0</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
- <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>65a33e05-e157-1bfc-8741-adf11b3df720</destinationId>
- <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship>haproxy</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>6196cd03-0176-1000-ffff-ffffd39b8c82</id>
- <name />
- <bendPoints>
- <bendPoint x="-576.0" y="896.0" />
- </bendPoints>
- <labelIndex>0</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
- <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>a22b30c4-53f8-19c0-bdbb-0632e99a17d9</destinationId>
- <destinationGroupId>f0f934a9-853a-1a19-a9cc-f878a5606bce</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship>kibana</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>89630460-0175-1000-0000-00006b5f18c8</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>89620b1a-0175-1000-0000-000078566f34</sourceId>
- <sourceGroupId>895eab20-0175-1000-0000-00007e13267d</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>8962ad5a-0175-1000-ffff-ffffde6db5a6</destinationId>
- <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>349b3303-a821-1197-ffff-ffffa12b866d</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8963b202-0175-1000-0000-000022d64ba2</sourceId>
- <sourceGroupId>89636688-0175-1000-ffff-ffffb1b28a38</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
- <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>bcadaf87-0175-1000-0000-000048464ec3</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>bca9636a-0175-1000-0000-000013fa95aa</sourceId>
- <sourceGroupId>bc6be78f-0175-1000-ffff-ffffbcd0f569</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>bcb879d5-0175-1000-0000-000070879ad0</destinationId>
- <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>349b3301-a821-1197-0000-0000070259c4</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>055308a4-d020-39a9-9da4-b165796ef717</sourceId>
- <sourceGroupId>bd12dc14-015e-3428-bfdf-b1219d2d6fdb</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
- <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>e43535c9-23e9-15af-ffff-ffffcd7d888a</id>
- <name />
- <bendPoints>
- <bendPoint x="-704.0" y="1256.0" />
- <bendPoint x="-584.0" y="1368.0" />
- </bendPoints>
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
- <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>7f683020-779c-1bc9-85da-5bad079d5d9d</destinationId>
- <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship>mysql</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>7575486d-0176-1000-0000-00002542d6de</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>bbc63756-9681-13b9-8c07-20c82f62ceca</sourceId>
- <sourceGroupId>7263390f-914c-1f6e-9451-75f908ed8816</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>bcb879d5-0175-1000-0000-000070879ad0</destinationId>
- <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <processGroup>
- <id>b3d57504-7c06-37a3-b59b-8723f60fa728</id>
- <name>Test data</name>
- <position x="-496.0" y="552.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <outputPort>
- <id>d30dc946-251a-307c-8e88-f2262b0bb194</id>
- <name>To enrichment</name>
- <position x="731.0454088698874" y="433.2315817172085" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
- <processGroup>
- <id>0c83ef26-0175-1000-ffff-ffffcac37910</id>
- <name>Suricata</name>
- <position x="462.0553417896858" y="119.99261716112323" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>bb7dc9ff-2d25-3134-9617-cca3cabe9179</id>
- <name>Alerts</name>
- <position x="496.0" y="392.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.GenerateFlowFile</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>10 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>File Size</name>
- <value>0B</value>
- </property>
- <property>
- <name>Batch Size</name>
- <value>1</value>
- </property>
- <property>
- <name>Data Format</name>
- <value>Text</value>
- </property>
- <property>
- <name>Unique FlowFiles</name>
- <value>false</value>
- </property>
- <property>
- <name>generate-ff-custom-text</name>
- <value>[{"stream": 0,"flow": {"bytes_toserver": 74,"bytes_toclient": 0,"start": "${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}","pkts_toserver": 1,"pkts_toclient": 0},"vlan": 665,"ip_dst_port": 54323,"in_iface": "ens1f3","payload": "","timestamp": "${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}","proto": "TCP","event_type": "alert","alert": {"category": "Not Suspicious Traffic","severity": 3,"action": "allowed","gid": 1,"signature_id": 29999991,"rev": 1,"signature": "SOC TEST1"},"payload_printable": "","ip_src_addr": "10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","ip_src_port": 43844,"ip_dst_addr": "10.0.0.${random():mod(254):plus(1)}","host":"nifi.soctools.geant.org","host_domain":"geant.org"},
-{"timestamp":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}","alert":{"action":"allowed","category":"Potentially Bad Traffic","gid":1,"metadata":{"affected_product":["Any"],"attack_target":["Client_Endpoint"],"created_at":["2019_07_26"],"deployment":["Perimeter"],"former_category":["DNS"],"signature_severity":["Minor"],"updated_at":["2019_09_28"]},"rev":3,"severity":2,"signature":"ET DNS Query for .cc TLD","signature_id":2027758},"app_proto":"dns","destination":{"ip":"10.10.10.${random():mod(254):plus(1)}","port":53},"dns":{"query":[{"id":37261,"rrname":"example.evil","rrtype":"A","tx_id":2,"type":"query"}]},"event_type":"alert","flow":{"bytes_toclient":1039,"bytes_toserver":343,"pkts_toclient":2,"pkts_toserver":3,"start":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}"},"flow_id":1889254052511234,"in_iface":"if1","payload":"kY0BAAABAAAAAAABBnN0YXRpYwdhcmR1aW5vAmNjAAABAAEAACkPoAAAgAAAAA==","payload_printable":".............example.evil.......)........","proto":"UDP","source":{"ip":"10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","port":64164},"stream":0,"tx_id":2},
-{"timestamp":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}","TLP":"AMBER","alert":{"action":"allowed","category":"Attempted Information Leak","gid":1,"metadata":{"created_at":["2014_10_15"],"former_category":["CURRENT_EVENTS"],"updated_at":["2014_10_15"]},"rev":6,"severity":2,"signature":"ET EXPLOIT SSL excessive fatal alerts (possible POODLE attack against server)","signature_id":2019418},"app_proto":"tls","destination":{"ip":"10.10.10.${random():mod(10):plus(1)}","port":37220},"event_type":"alert","flow":{"bytes_toclient":247,"bytes_toserver":298,"pkts_toclient":4,"pkts_toserver":4,"start":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}"},"flow_id":43047386649621,"payload":"FQMAAAICKA==","payload_printable":"......(","proto":"TCP","source":{"ip":"10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","port":443},"stream":1,"tls":{"ja3":{},"version":"SSLv3"},"tx_id":0}]</value>
- </property>
- <property>
- <name>character-set</name>
- <value>UTF-8</value>
- </property>
- <property>
- <name>mime-type</name>
- </property>
- <property>
- <name>mime.type</name>
- <value>application/json</value>
- </property>
- <property>
- <name>enrich_domain1</name>
- <value>/host_domain</value>
- </property>
- <property>
- <name>enrich_ip1</name>
- <value>/source/ip</value>
- </property>
- <property>
- <name>enrich_fqdn1</name>
- <value>/host</value>
- </property>
- <property>
- <name>data_id</name>
- <value>suricata_alert</value>
- </property>
- <property>
- <name>data_index</name>
- <value>logs-suricata-alert</value>
- </property>
- <property>
- <name>data_type</name>
- <value>suricata</value>
- </property>
- <property>
- <name>enrich_ip2</name>
- <value>/destination/ip</value>
- </property>
- </processor>
- <processor>
- <id>f8143c19-b547-1c84-90b7-2e3c37a659e7</id>
- <name>TLS</name>
- <position x="496.0" y="536.0" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.GenerateFlowFile</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>10 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>File Size</name>
- <value>0B</value>
- </property>
- <property>
- <name>Batch Size</name>
- <value>1</value>
- </property>
- <property>
- <name>Data Format</name>
- <value>Text</value>
- </property>
- <property>
- <name>Unique FlowFiles</name>
- <value>false</value>
- </property>
- <property>
- <name>generate-ff-custom-text</name>
- <value>[{"timestamp":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}","TLP":"AMBER","destination":{"ip":"10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","port":443},"event_type":"tls","flow_id":852792667052212,"in_iface":"if1","proto":"TCP","source":{"ip":"10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","port":53466},"tls":{"ja3":{"hash":"e5b607b5862a46cab44d7bacd582b3cd","string":"771,4867-4865-4866-52393-52392-49195-49199-49196-49200-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0"},"sni":"clients3.google.com","sni_domain":"google.com","version":"TLS 1.3"}}]</value>
- </property>
- <property>
- <name>character-set</name>
- <value>UTF-8</value>
- </property>
- <property>
- <name>mime-type</name>
- </property>
- <property>
- <name>mime.type</name>
- <value>application/json</value>
- </property>
- <property>
- <name>enrich_domain1</name>
- <value>/tls/sni_domain</value>
- </property>
- <property>
- <name>enrich_fqdn1</name>
- <value>/tls/sni</value>
- </property>
- <property>
- <name>enrich_ip1</name>
- <value>/source/ip</value>
- </property>
- <property>
- <name>data_id</name>
- <value>suricata_tls</value>
- </property>
- <property>
- <name>data_index</name>
- <value>logs-suricata-tls</value>
- </property>
- <property>
- <name>data_type</name>
- <value>suricata</value>
- </property>
- <property>
- <name>enrich_ip2</name>
- <value>/destination/ip</value>
- </property>
- </processor>
- <outputPort>
- <id>0c864b15-0175-1000-0000-00001d403b1e</id>
- <name>To enrichment</name>
- <position x="1192.0" y="576.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </outputPort>
- <connection>
- <id>1cb3658c-0175-1000-ffff-ffff93193081</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>f8143c19-b547-1c84-90b7-2e3c37a659e7</sourceId>
- <sourceGroupId>0c83ef26-0175-1000-ffff-ffffcac37910</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>0c864b15-0175-1000-0000-00001d403b1e</destinationId>
- <destinationGroupId>0c83ef26-0175-1000-ffff-ffffcac37910</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>0c865d01-0175-1000-0000-0000559b408d</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>bb7dc9ff-2d25-3134-9617-cca3cabe9179</sourceId>
- <sourceGroupId>0c83ef26-0175-1000-ffff-ffffcac37910</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>0c864b15-0175-1000-0000-00001d403b1e</destinationId>
- <destinationGroupId>0c83ef26-0175-1000-ffff-ffffcac37910</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <connection>
- <id>0c866fa6-0175-1000-ffff-ffffe866c936</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>0c864b15-0175-1000-0000-00001d403b1e</sourceId>
- <sourceGroupId>0c83ef26-0175-1000-ffff-ffffcac37910</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>d30dc946-251a-307c-8e88-f2262b0bb194</destinationId>
- <destinationGroupId>b3d57504-7c06-37a3-b59b-8723f60fa728</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <connection>
- <id>c5fe676f-baa5-3d90-956e-fe502db0ac68</id>
- <name />
- <bendPoints />
- <labelIndex>0</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>d30dc946-251a-307c-8e88-f2262b0bb194</sourceId>
- <sourceGroupId>b3d57504-7c06-37a3-b59b-8723f60fa728</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>20b01ab3-3a8d-3573-b95d-a4a45494050f</destinationId>
- <destinationGroupId>870d6d68-7a0a-3505-8c42-0d6064fe43f6</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>349b33a3-a821-1197-0000-00001ce4370e</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>349b32fe-a821-1197-0000-00003a0b6fe5</sourceId>
- <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>20b01ab3-3a8d-3573-b95d-a4a45494050f</destinationId>
- <destinationGroupId>870d6d68-7a0a-3505-8c42-0d6064fe43f6</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>bcb8ef9d-0175-1000-0000-000017e52ef1</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>bcb879d5-0175-1000-0000-000070879ad0</sourceId>
- <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>21a9e277-2d80-359a-9c57-cb76d8962e6d</destinationId>
- <destinationGroupId>870d6d68-7a0a-3505-8c42-0d6064fe43f6</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>27d64272-0172-1000-0000-000079e1c9c6</id>
- <name />
- <bendPoints>
- <bendPoint x="88.0" y="864.0" />
- </bendPoints>
- <labelIndex>0</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>27d5761b-0172-1000-0000-000059275dad</sourceId>
- <sourceGroupId>27d51d04-0172-1000-0000-00004573c6ec</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>20b01ab3-3a8d-3573-b95d-a4a45494050f</destinationId>
- <destinationGroupId>870d6d68-7a0a-3505-8c42-0d6064fe43f6</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>27d65fe7-0172-1000-ffff-ffffec2db03b</id>
- <name />
- <bendPoints>
- <bendPoint x="-744.0" y="856.0" />
- </bendPoints>
- <labelIndex>0</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>27d5dab2-0172-1000-ffff-ffffab5c50be</sourceId>
- <sourceGroupId>27d51d04-0172-1000-0000-00004573c6ec</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>21a9e277-2d80-359a-9c57-cb76d8962e6d</destinationId>
- <destinationGroupId>870d6d68-7a0a-3505-8c42-0d6064fe43f6</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <controllerService>
- <id>94600c6c-704e-3ff8-a2a4-f2f25c71dc3b</id>
- <name>JsonRecordSetWriter</name>
- <comment />
- <class>org.apache.nifi.json.JsonRecordSetWriter</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-record-serialization-services-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <enabled>true</enabled>
- <property>
- <name>Schema Write Strategy</name>
- <value>no-schema</value>
- </property>
- <property>
- <name>schema-cache</name>
- </property>
- <property>
- <name>schema-protocol-version</name>
- <value>1</value>
- </property>
- <property>
- <name>schema-access-strategy</name>
- <value>inherit-record-schema</value>
- </property>
- <property>
- <name>schema-registry</name>
- </property>
- <property>
- <name>schema-name</name>
- <value>${schema.name}</value>
- </property>
- <property>
- <name>schema-version</name>
- </property>
- <property>
- <name>schema-branch</name>
- </property>
- <property>
- <name>schema-text</name>
- <value>${avro.schema}</value>
- </property>
- <property>
- <name>Date Format</name>
- </property>
- <property>
- <name>Time Format</name>
- </property>
- <property>
- <name>Timestamp Format</name>
- </property>
- <property>
- <name>Pretty Print JSON</name>
- <value>false</value>
- </property>
- <property>
- <name>suppress-nulls</name>
- <value>suppress-missing</value>
- </property>
- <property>
- <name>output-grouping</name>
- <value>output-array</value>
- </property>
- <property>
- <name>compression-format</name>
- <value>none</value>
- </property>
- <property>
- <name>compression-level</name>
- <value>1</value>
- </property>
- </controllerService>
- <controllerService>
- <id>09b4fa02-0459-358d-939f-54fda8aea702</id>
- <name>VolatileSchemaCache</name>
- <comment />
- <class>org.apache.nifi.schema.inference.VolatileSchemaCache</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-record-serialization-services-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <enabled>false</enabled>
- <property>
- <name>max-cache-size</name>
- <value>100</value>
- </property>
- </controllerService>
- </processGroup>
- <processGroup>
- <id>e9c19adc-c8a4-327e-ad24-24e71fd3474e</id>
- <name>Data output</name>
- <position x="829.4446253936723" y="1015.2711478364996" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <inputPort>
- <id>e333b82d-7408-3747-8dd2-46473704e51b</id>
- <name>Data input</name>
- <position x="-688.0" y="496.0" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <processGroup>
- <id>7ebf304b-4978-3adc-ac31-470fb76e5029</id>
- <name>Elastic odfe</name>
- <position x="-759.1319580078125" y="739.6137390136719" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>8b48f28f-2379-3f0f-81fe-4e1b93e72666</id>
- <name>PutElasticsearchHttpRecord</name>
- <position x="-856.2311706542969" y="629.8186340332031" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.elasticsearch.PutElasticsearchHttpRecord</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-elasticsearch-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>elasticsearch-http-url</name>
- <value>${elastic_url}</value>
- </property>
- <property>
- <name>SSL Context Service</name>
- <value>83443c00-b286-366a-b8e0-2f51527ab8e5</value>
- </property>
- <property>
- <name>Character Set</name>
- <value>UTF-8</value>
- </property>
- <property>
- <name>Username</name>
- <value>${elastic_username}</value>
- </property>
- <property>
- <name>Password</name>
- <value>enc{e3c6c99d66e95dfa569c6dab15f7bd5cb2142d215044a4c556aba0a2bed19ac85c899bd8837e09bb49300f0823011b45}</value>
- </property>
- <property>
- <name>elasticsearch-http-connect-timeout</name>
- <value>5 secs</value>
- </property>
- <property>
- <name>elasticsearch-http-response-timeout</name>
- <value>15 secs</value>
- </property>
- <property>
- <name>proxy-configuration-service</name>
- </property>
- <property>
- <name>elasticsearch-http-proxy-host</name>
- </property>
- <property>
- <name>elasticsearch-http-proxy-port</name>
- </property>
- <property>
- <name>proxy-username</name>
- </property>
- <property>
- <name>proxy-password</name>
- </property>
- <property>
- <name>put-es-record-record-reader</name>
- <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
- </property>
- <property>
- <name>put-es-record-record-writer</name>
- </property>
- <property>
- <name>put-es-record-log-all-errors</name>
- <value>false</value>
- </property>
- <property>
- <name>put-es-record-id-path</name>
- </property>
- <property>
- <name>put-es-record-index</name>
- <value>${data_index}-${now():format("yyyy-MM-dd")}</value>
- </property>
- <property>
- <name>put-es-record-type</name>
- <value>_doc</value>
- </property>
- <property>
- <name>put-es-record-index-op</name>
- <value>index</value>
- </property>
- <property>
- <name>suppress-nulls</name>
- <value>always-suppress</value>
- </property>
- <property>
- <name>Date Format</name>
- </property>
- <property>
- <name>Time Format</name>
- </property>
- <property>
- <name>Timestamp Format</name>
- </property>
- <autoTerminatedRelationship>success</autoTerminatedRelationship>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <inputPort>
- <id>e7d34e01-babe-3022-ad9b-a7620e7c0f38</id>
- <name>Data input</name>
- <position x="-803.9990234375" y="484.5271301269531" />
- <comments />
- <scheduledState>RUNNING</scheduledState>
- </inputPort>
- <connection>
- <id>3280c550-2117-37a6-8b5e-3bc1953fa17e</id>
- <name />
- <bendPoints>
- <bendPoint x="-393.2311706542969" y="669.8186340332031" />
- <bendPoint x="-393.2311706542969" y="719.8186340332031" />
- </bendPoints>
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8b48f28f-2379-3f0f-81fe-4e1b93e72666</sourceId>
- <sourceGroupId>7ebf304b-4978-3adc-ac31-470fb76e5029</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>8b48f28f-2379-3f0f-81fe-4e1b93e72666</destinationId>
- <destinationGroupId>7ebf304b-4978-3adc-ac31-470fb76e5029</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>retry</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>5de8f98f-ce46-3565-b0ce-7f8ecf518c53</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>e7d34e01-babe-3022-ad9b-a7620e7c0f38</sourceId>
- <sourceGroupId>7ebf304b-4978-3adc-ac31-470fb76e5029</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>8b48f28f-2379-3f0f-81fe-4e1b93e72666</destinationId>
- <destinationGroupId>7ebf304b-4978-3adc-ac31-470fb76e5029</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>60 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <processGroup>
- <id>2bb2f914-0172-1000-0000-0000240c76e4</id>
- <name>Custom output</name>
- <position x="-160.0" y="736.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <inputPort>
- <id>2bb31aa5-0172-1000-0000-00000869fb70</id>
- <name>Input</name>
- <position x="-648.0" y="496.0" />
- <comments />
- <scheduledState>STOPPED</scheduledState>
- </inputPort>
- </processGroup>
- <connection>
- <id>9349cb73-0175-1000-ffff-ffff90dc265d</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>e333b82d-7408-3747-8dd2-46473704e51b</sourceId>
- <sourceGroupId>e9c19adc-c8a4-327e-ad24-24e71fd3474e</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>2bb31aa5-0172-1000-0000-00000869fb70</destinationId>
- <destinationGroupId>2bb2f914-0172-1000-0000-0000240c76e4</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>1 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>34772170-2400-3eb6-b9c5-c03b912a38f3</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>e333b82d-7408-3747-8dd2-46473704e51b</sourceId>
- <sourceGroupId>e9c19adc-c8a4-327e-ad24-24e71fd3474e</sourceGroupId>
- <sourceType>INPUT_PORT</sourceType>
- <destinationId>e7d34e01-babe-3022-ad9b-a7620e7c0f38</destinationId>
- <destinationGroupId>7ebf304b-4978-3adc-ac31-470fb76e5029</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <connection>
- <id>875a975e-46e1-36fa-a035-4799201abd63</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>20b01ab3-3a8d-3573-b95d-a4a45494050f</sourceId>
- <sourceGroupId>870d6d68-7a0a-3505-8c42-0d6064fe43f6</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>74abf119-faa6-3e9e-bb31-da2e79f89a38</destinationId>
- <destinationGroupId>fcbcacd1-542d-3a15-a5aa-9c1302328954</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>bbc37560-0171-1000-0000-000055178fff</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>c164884d-277f-31af-ac3c-18b211667bbf</sourceId>
- <sourceGroupId>fcbcacd1-542d-3a15-a5aa-9c1302328954</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>e333b82d-7408-3747-8dd2-46473704e51b</destinationId>
- <destinationGroupId>e9c19adc-c8a4-327e-ad24-24e71fd3474e</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>9cdaaee8-0e39-3dbd-a7cc-06a89056bb7c</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>21a9e277-2d80-359a-9c57-cb76d8962e6d</sourceId>
- <sourceGroupId>870d6d68-7a0a-3505-8c42-0d6064fe43f6</sourceGroupId>
- <sourceType>OUTPUT_PORT</sourceType>
- <destinationId>e333b82d-7408-3747-8dd2-46473704e51b</destinationId>
- <destinationGroupId>e9c19adc-c8a4-327e-ad24-24e71fd3474e</destinationGroupId>
- <destinationType>INPUT_PORT</destinationType>
- <relationship />
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <controllerService>
- <id>b7794eb3-9227-36dd-8751-e87d1c2321ee</id>
- <name>Misp DistributedMapCacheClientService</name>
- <comment />
- <class>org.apache.nifi.distributed.cache.client.DistributedMapCacheClientService</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-distributed-cache-services-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <enabled>true</enabled>
- <property>
- <name>Server Hostname</name>
- <value>localhost</value>
- </property>
- <property>
- <name>Server Port</name>
- <value>6000</value>
- </property>
- <property>
- <name>SSL Context Service</name>
- </property>
- <property>
- <name>Communications Timeout</name>
- <value>30 secs</value>
- </property>
- </controllerService>
- </processGroup>
- <processGroup>
- <id>72eb009e-0c2f-302d-bc6c-2d02c29c25a9</id>
- <name>Enrichment data</name>
- <position x="1720.0" y="248.0" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processGroup>
- <id>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</id>
- <name>Top domains</name>
- <position x="970.3727876614566" y="673.4981494769316" />
- <comment>Downloads CSV files containing top domains from Alexa and Umbrella</comment>
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>857cd537-4aeb-31fb-9740-0513e6cc46fe</id>
- <name>Unzip CSV files</name>
- <position x="-297.30227379373514" y="212.70767899178307" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.UnpackContent</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Packaging Format</name>
- <value>zip</value>
- </property>
- <property>
- <name>File Filter</name>
- <value>.*</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- <autoTerminatedRelationship>original</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>937de5fc-7d4a-35af-a071-46f04d6ea4fa</id>
- <name>Save to disk</name>
- <position x="326.18698401876486" y="392.4228279175642" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.PutFile</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Directory</name>
- <value>/opt/nifi/nifi-current/conf/</value>
- </property>
- <property>
- <name>Conflict Resolution Strategy</name>
- <value>replace</value>
- </property>
- <property>
- <name>Create Missing Directories</name>
- <value>true</value>
- </property>
- <property>
- <name>Maximum File Count</name>
- </property>
- <property>
- <name>Last Modified Time</name>
- </property>
- <property>
- <name>Permissions</name>
- </property>
- <property>
- <name>Owner</name>
- </property>
- <property>
- <name>Group</name>
- </property>
- <autoTerminatedRelationship>success</autoTerminatedRelationship>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>3c4d65a9-aa39-380f-b16b-2aea028a019b</id>
- <name>Download Alexa CSV file</name>
- <position x="197.54468055196799" y="-60.57735518790443" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.GetHTTP</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>1 day</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>URL</name>
- <value>http://s3.amazonaws.com/alexa-static/top-1m.csv.zip</value>
- </property>
- <property>
- <name>Filename</name>
- <value>alexa-top-1m.csv.zip</value>
- </property>
- <property>
- <name>SSL Context Service</name>
- </property>
- <property>
- <name>Username</name>
- </property>
- <property>
- <name>Password</name>
- </property>
- <property>
- <name>Connection Timeout</name>
- <value>30 sec</value>
- </property>
- <property>
- <name>Data Timeout</name>
- <value>10 min</value>
- </property>
- <property>
- <name>User Agent</name>
- </property>
- <property>
- <name>Accept Content-Type</name>
- </property>
- <property>
- <name>Follow Redirects</name>
- <value>false</value>
- </property>
- <property>
- <name>redirect-cookie-policy</name>
- <value>default</value>
- </property>
- <property>
- <name>proxy-configuration-service</name>
- </property>
- <property>
- <name>Proxy Host</name>
- </property>
- <property>
- <name>Proxy Port</name>
- </property>
- <property>
- <name>filename</name>
- <value>alexa-top-1m.csv</value>
- </property>
- </processor>
- <processor>
- <id>9d3d9047-fb85-3ae6-a815-0e19cc860c60</id>
- <name>Download Umbrella CSV file</name>
- <position x="-297.30227379373514" y="-61.444390100013806" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.GetHTTP</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>1 day</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>URL</name>
- <value>http://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip</value>
- </property>
- <property>
- <name>Filename</name>
- <value>umbrella-top-1m.csv.zip</value>
- </property>
- <property>
- <name>SSL Context Service</name>
- </property>
- <property>
- <name>Username</name>
- </property>
- <property>
- <name>Password</name>
- </property>
- <property>
- <name>Connection Timeout</name>
- <value>30 sec</value>
- </property>
- <property>
- <name>Data Timeout</name>
- <value>10 min</value>
- </property>
- <property>
- <name>User Agent</name>
- </property>
- <property>
- <name>Accept Content-Type</name>
- </property>
- <property>
- <name>Follow Redirects</name>
- <value>false</value>
- </property>
- <property>
- <name>redirect-cookie-policy</name>
- <value>default</value>
- </property>
- <property>
- <name>proxy-configuration-service</name>
- </property>
- <property>
- <name>Proxy Host</name>
- </property>
- <property>
- <name>Proxy Port</name>
- </property>
- <property>
- <name>filename</name>
- <value>umbrella-top-1m.csv</value>
- </property>
- </processor>
- <processor>
- <id>9009320d-fb62-357e-ad94-bef8e95ea142</id>
- <name>Set filename</name>
- <position x="-294.78310875467264" y="388.04684866613775" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Delete Attributes Expression</name>
- </property>
- <property>
- <name>Store State</name>
- <value>Do not store state</value>
- </property>
- <property>
- <name>Stateful Variables Initial Value</name>
- </property>
- <property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
- </property>
- <property>
- <name>filename</name>
- <value>${segment.original.filename}</value>
- </property>
- </processor>
- <processor>
- <id>86fdf574-d86b-3f35-9aa0-3ada1867aff8</id>
- <name>Add headers</name>
- <position x="325.04416175313986" y="201.70740433357992" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.ReplaceText</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Regular Expression</name>
- <value>(?s)(^.*$)</value>
- </property>
- <property>
- <name>Replacement Value</name>
- <value>index,domain
-</value>
- </property>
- <property>
- <name>Character Set</name>
- <value>UTF-8</value>
- </property>
- <property>
- <name>Maximum Buffer Size</name>
- <value>1 MB</value>
- </property>
- <property>
- <name>Replacement Strategy</name>
- <value>Prepend</value>
- </property>
- <property>
- <name>Evaluation Mode</name>
- <value>Entire text</value>
- </property>
- <property>
- <name>Line-by-Line Evaluation Mode</name>
- <value>All</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <connection>
- <id>652026e5-0acd-3009-b45a-f68f3e37bef9</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>9d3d9047-fb85-3ae6-a815-0e19cc860c60</sourceId>
- <sourceGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>857cd537-4aeb-31fb-9740-0513e6cc46fe</destinationId>
- <destinationGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>bfe27587-bb06-388c-a59a-8aad9830cda1</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>3c4d65a9-aa39-380f-b16b-2aea028a019b</sourceId>
- <sourceGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>857cd537-4aeb-31fb-9740-0513e6cc46fe</destinationId>
- <destinationGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>7af7ff86-6b85-3fd1-bbc4-efa4e04593d9</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>857cd537-4aeb-31fb-9740-0513e6cc46fe</sourceId>
- <sourceGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>86fdf574-d86b-3f35-9aa0-3ada1867aff8</destinationId>
- <destinationGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>e2d60b76-d9bf-380f-9cfd-eeda1422ad73</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>86fdf574-d86b-3f35-9aa0-3ada1867aff8</sourceId>
- <sourceGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>9009320d-fb62-357e-ad94-bef8e95ea142</destinationId>
- <destinationGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>58b9bce4-6f7a-369c-a93f-dc23e252c670</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>9009320d-fb62-357e-ad94-bef8e95ea142</sourceId>
- <sourceGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>937de5fc-7d4a-35af-a071-46f04d6ea4fa</destinationId>
- <destinationGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <processGroup>
- <id>b997e46b-7905-33e8-8bbc-f4d51b0cc735</id>
- <name>Tor Nodes</name>
- <position x="968.7335178760902" y="456.9915202898361" />
- <comment>Downloads a CSV file of IP addresses used as Tor nodes</comment>
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>ad366a87-89d6-38ff-affe-a1f3575faa8a</id>
- <name>Save to disk</name>
- <position x="-328.58331298828125" y="-153.10000610351562" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.PutFile</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Directory</name>
- <value>/opt/nifi/nifi-current/conf/</value>
- </property>
- <property>
- <name>Conflict Resolution Strategy</name>
- <value>replace</value>
- </property>
- <property>
- <name>Create Missing Directories</name>
- <value>true</value>
- </property>
- <property>
- <name>Maximum File Count</name>
- </property>
- <property>
- <name>Last Modified Time</name>
- </property>
- <property>
- <name>Permissions</name>
- </property>
- <property>
- <name>Owner</name>
- </property>
- <property>
- <name>Group</name>
- </property>
- <autoTerminatedRelationship>success</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>34f52e1e-164e-34e4-b5fc-e5d16f773b19</id>
- <name>Get CSV file with Tor nodes</name>
- <position x="-323.0833282470703" y="-647.6000061035156" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.GetHTTP</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>1 day</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>URL</name>
- <value>https://check.torproject.org/torbulkexitlist</value>
- </property>
- <property>
- <name>Filename</name>
- <value>tornodes.csv</value>
- </property>
- <property>
- <name>SSL Context Service</name>
- <value>8972e39a-0176-1000-ffff-ffffb8dd96f4</value>
- </property>
- <property>
- <name>Username</name>
- </property>
- <property>
- <name>Password</name>
- </property>
- <property>
- <name>Connection Timeout</name>
- <value>30 sec</value>
- </property>
- <property>
- <name>Data Timeout</name>
- <value>30 sec</value>
- </property>
- <property>
- <name>User Agent</name>
- </property>
- <property>
- <name>Accept Content-Type</name>
- </property>
- <property>
- <name>Follow Redirects</name>
- <value>false</value>
- </property>
- <property>
- <name>redirect-cookie-policy</name>
- <value>default</value>
- </property>
- <property>
- <name>proxy-configuration-service</name>
- </property>
- <property>
- <name>Proxy Host</name>
- </property>
- <property>
- <name>Proxy Port</name>
- </property>
- </processor>
- <processor>
- <id>8c69ccb6-616f-3ce2-b0cd-57276cae3749</id>
- <name>Add header</name>
- <position x="-325.5833282470703" y="-410.1000061035156" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.ReplaceText</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Regular Expression</name>
- <value>(?s)(^.*$)</value>
- </property>
- <property>
- <name>Replacement Value</name>
- <value>ip_addr
-</value>
- </property>
- <property>
- <name>Character Set</name>
- <value>UTF-8</value>
- </property>
- <property>
- <name>Maximum Buffer Size</name>
- <value>1 MB</value>
- </property>
- <property>
- <name>Replacement Strategy</name>
- <value>Prepend</value>
- </property>
- <property>
- <name>Evaluation Mode</name>
- <value>Entire text</value>
- </property>
- <property>
- <name>Line-by-Line Evaluation Mode</name>
- <value>All</value>
- </property>
- </processor>
- <connection>
- <id>33cb6d60-d003-3954-b9d0-f51ac40ed983</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8c69ccb6-616f-3ce2-b0cd-57276cae3749</sourceId>
- <sourceGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>ad366a87-89d6-38ff-affe-a1f3575faa8a</destinationId>
- <destinationGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>cd13f619-bb19-37c2-b8fe-c962edfbf213</id>
- <name />
- <bendPoints>
- <bendPoint x="137.4166717529297" y="-370.1000061035156" />
- <bendPoint x="137.4166717529297" y="-320.1000061035156" />
- </bendPoints>
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>8c69ccb6-616f-3ce2-b0cd-57276cae3749</sourceId>
- <sourceGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>8c69ccb6-616f-3ce2-b0cd-57276cae3749</destinationId>
- <destinationGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>3941ee86-e740-3b8f-951a-c7da71e78fbe</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>34f52e1e-164e-34e4-b5fc-e5d16f773b19</sourceId>
- <sourceGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>8c69ccb6-616f-3ce2-b0cd-57276cae3749</destinationId>
- <destinationGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>19de0f5c-c244-3e7d-b711-ee165b493ea2</id>
- <name />
- <bendPoints>
- <bendPoint x="134.41668701171875" y="-113.10000610351562" />
- <bendPoint x="134.41668701171875" y="-63.100006103515625" />
- </bendPoints>
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>ad366a87-89d6-38ff-affe-a1f3575faa8a</sourceId>
- <sourceGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>ad366a87-89d6-38ff-affe-a1f3575faa8a</destinationId>
- <destinationGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>8130df3d-dc8c-32c2-975d-9c94438cac05</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>34f52e1e-164e-34e4-b5fc-e5d16f773b19</sourceId>
- <sourceGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>8c69ccb6-616f-3ce2-b0cd-57276cae3749</destinationId>
- <destinationGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <processGroup>
- <id>194a653f-0c92-3704-8bd4-ffa079643515</id>
- <name>Misp</name>
- <position x="548.9658647769079" y="453.4916238226681" />
- <comment>Polls Misp database once every minute and places new IOCs in a NiFi memcache.</comment>
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>283bea4b-2774-3f2d-aabe-cf96989e9997</id>
- <name>Set timestamp as FlowFile content</name>
- <position x="506.47715414708637" y="587.6551663734834" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.ReplaceText</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Regular Expression</name>
- <value>(?s)(^.*$)</value>
- </property>
- <property>
- <name>Replacement Value</name>
- <value>${timestamp}</value>
- </property>
- <property>
- <name>Character Set</name>
- <value>UTF-8</value>
- </property>
- <property>
- <name>Maximum Buffer Size</name>
- <value>1 MB</value>
- </property>
- <property>
- <name>Replacement Strategy</name>
- <value>Always Replace</value>
- </property>
- <property>
- <name>Evaluation Mode</name>
- <value>Entire text</value>
- </property>
- <property>
- <name>Line-by-Line Evaluation Mode</name>
- <value>All</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>e1e2caef-8178-3c91-b3ca-99f05f619064</id>
- <name>Get timestamp of last successful poll</name>
- <position x="-168.51082396716333" y="-293.9956980367642" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.FetchDistributedMapCache</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Cache Entry Identifier</name>
- <value>${lookup_id}</value>
- </property>
- <property>
- <name>Distributed Cache Service</name>
- <value>ad4d31bf-b1fb-35e0-b634-b969b200f3a6</value>
- </property>
- <property>
- <name>Put Cache Value In Attribute</name>
- <value>last_run</value>
- </property>
- <property>
- <name>Max Length To Put In Attribute</name>
- <value>256</value>
- </property>
- <property>
- <name>Character Set</name>
- <value>UTF-8</value>
- </property>
- </processor>
- <processor>
- <id>192802be-4416-3abc-ba03-90934f2df860</id>
- <name>Get events</name>
- <position x="-151.66592451726592" y="335.6012170464188" />
- <styles />
- <comment>Normally the query will have a filter at the end "/last:${last}" so that only new events are pulled. This has been removed from this demo.</comment>
- <class>org.apache.nifi.processors.standard.InvokeHTTP</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>HTTP Method</name>
- <value>GET</value>
- </property>
- <property>
- <name>Remote URL</name>
- <value>${misp_url}/attributes/restSearch/returnFormat:json/type:ip-src||ip-dst/last:${last}</value>
- </property>
- <property>
- <name>SSL Context Service</name>
- <value>83443c00-b286-366a-b8e0-2f51527ab8e5</value>
- </property>
- <property>
- <name>Connection Timeout</name>
- <value>5 secs</value>
- </property>
- <property>
- <name>Read Timeout</name>
- <value>15 secs</value>
- </property>
- <property>
- <name>idle-timeout</name>
- <value>5 mins</value>
- </property>
- <property>
- <name>max-idle-connections</name>
- <value>5</value>
- </property>
- <property>
- <name>Include Date Header</name>
- <value>True</value>
- </property>
- <property>
- <name>Follow Redirects</name>
- <value>True</value>
- </property>
- <property>
- <name>Attributes to Send</name>
- </property>
- <property>
- <name>Useragent</name>
- </property>
- <property>
- <name>Basic Authentication Username</name>
- </property>
- <property>
- <name>Basic Authentication Password</name>
- </property>
- <property>
- <name>proxy-configuration-service</name>
- </property>
- <property>
- <name>Proxy Host</name>
- </property>
- <property>
- <name>Proxy Port</name>
- </property>
- <property>
- <name>Proxy Type</name>
- <value>http</value>
- </property>
- <property>
- <name>invokehttp-proxy-user</name>
- </property>
- <property>
- <name>invokehttp-proxy-password</name>
- </property>
- <property>
- <name>Put Response Body In Attribute</name>
- </property>
- <property>
- <name>Max Length To Put In Attribute</name>
- <value>256</value>
- </property>
- <property>
- <name>Digest Authentication</name>
- <value>false</value>
- </property>
- <property>
- <name>Always Output Response</name>
- <value>false</value>
- </property>
- <property>
- <name>Add Response Headers to Request</name>
- <value>false</value>
- </property>
- <property>
- <name>Content-Type</name>
- <value>${mime.type}</value>
- </property>
- <property>
- <name>send-message-body</name>
- <value>true</value>
- </property>
- <property>
- <name>Use Chunked Encoding</name>
- <value>false</value>
- </property>
- <property>
- <name>Penalize on "No Retry"</name>
- <value>false</value>
- </property>
- <property>
- <name>use-etag</name>
- <value>false</value>
- </property>
- <property>
- <name>etag-max-cache-size</name>
- <value>10MB</value>
- </property>
- <property>
- <name>ignore-response-content</name>
- <value>false</value>
- </property>
- <property>
- <name>form-body-form-name</name>
- </property>
- <property>
- <name>set-form-filename</name>
- <value>true</value>
- </property>
- <property>
- <name>Authorization</name>
- <value>${misp_token}</value>
- </property>
- <autoTerminatedRelationship>Original</autoTerminatedRelationship>
- <autoTerminatedRelationship>Failure</autoTerminatedRelationship>
- <autoTerminatedRelationship>Retry</autoTerminatedRelationship>
- <autoTerminatedRelationship>No Retry</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>671c4e42-604f-389d-9cee-27431ca36448</id>
- <name>Store timestamp</name>
- <position x="504.4604101497308" y="824.0677052542044" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.PutDistributedMapCache</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Cache Entry Identifier</name>
- <value>${lookup_id}</value>
- </property>
- <property>
- <name>Distributed Cache Service</name>
- <value>ad4d31bf-b1fb-35e0-b634-b969b200f3a6</value>
- </property>
- <property>
- <name>Cache update strategy</name>
- <value>replace</value>
- </property>
- <property>
- <name>Max cache entry size</name>
- <value>1 MB</value>
- </property>
- <autoTerminatedRelationship>success</autoTerminatedRelationship>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>c7cc4e24-7d9a-3a17-8af1-ca655f46595f</id>
- <name>Update cache</name>
- <position x="-775.4735301448745" y="930.3624699197178" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.PutDistributedMapCache</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Cache Entry Identifier</name>
- <value>${misp_ip}</value>
- </property>
- <property>
- <name>Distributed Cache Service</name>
- <value>ad4d31bf-b1fb-35e0-b634-b969b200f3a6</value>
- </property>
- <property>
- <name>Cache update strategy</name>
- <value>replace</value>
- </property>
- <property>
- <name>Max cache entry size</name>
- <value>1 MB</value>
- </property>
- <autoTerminatedRelationship>success</autoTerminatedRelationship>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>81ec71a0-719a-3205-9360-6a535072f7c6</id>
- <name>Set attributes to get all events for the last x days</name>
- <position x="-378.1916613806792" y="-12.197472102501479" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Delete Attributes Expression</name>
- </property>
- <property>
- <name>Store State</name>
- <value>Do not store state</value>
- </property>
- <property>
- <name>Stateful Variables Initial Value</name>
- </property>
- <property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
- </property>
- <property>
- <name>last</name>
- <value>${misp_first_interval}</value>
- </property>
- <property>
- <name>timestamp</name>
- <value>${now():toNumber()}</value>
- </property>
- </processor>
- <processor>
- <id>6d78b76c-5463-3610-b8c8-4796fa09c59b</id>
- <name>Periodic polling</name>
- <position x="-171.36520083798905" y="-518.6967632987289" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.GenerateFlowFile</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>1 minute</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>File Size</name>
- <value>0B</value>
- </property>
- <property>
- <name>Batch Size</name>
- <value>1</value>
- </property>
- <property>
- <name>Data Format</name>
- <value>Text</value>
- </property>
- <property>
- <name>Unique FlowFiles</name>
- <value>false</value>
- </property>
- <property>
- <name>generate-ff-custom-text</name>
- </property>
- <property>
- <name>character-set</name>
- <value>UTF-8</value>
- </property>
- <property>
- <name>mime-type</name>
- </property>
- <property>
- <name>lookup_id</name>
- <value>ip</value>
- </property>
- </processor>
- <processor>
- <id>dbc236e3-8c68-3c6b-b1e9-d1fc8f57327d</id>
- <name>Extract IP address</name>
- <position x="-156.69110558236184" y="543.7042207790005" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.EvaluateJsonPath</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Destination</name>
- <value>flowfile-attribute</value>
- </property>
- <property>
- <name>Return Type</name>
- <value>auto-detect</value>
- </property>
- <property>
- <name>Path Not Found Behavior</name>
- <value>ignore</value>
- </property>
- <property>
- <name>Null Value Representation</name>
- <value>empty string</value>
- </property>
- <property>
- <name>misp_ip</name>
- <value>$.value</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- <autoTerminatedRelationship>unmatched</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>74d66e0e-0b65-36d2-96f1-4b836d2c4222</id>
- <name>Set attributes to get new events since last poll</name>
- <position x="81.93877074822706" y="-13.058372981407729" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-update-attribute-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Delete Attributes Expression</name>
- </property>
- <property>
- <name>Store State</name>
- <value>Do not store state</value>
- </property>
- <property>
- <name>Stateful Variables Initial Value</name>
- </property>
- <property>
- <name>canonical-value-lookup-cache-size</name>
- <value>100</value>
- </property>
- <property>
- <name>last</name>
- <value>${now():toNumber():minus(${last_run}):divide(60000):plus(1):append("m")}</value>
- </property>
- <property>
- <name>timestamp</name>
- <value>${now():toNumber()}</value>
- </property>
- </processor>
- <processor>
- <id>ba1b7e7e-a03c-3ace-9182-7f43569537e2</id>
- <name>Create one FlowFile for each IP address</name>
- <position x="-789.5267777615984" y="546.1428879861119" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.SplitJson</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>JsonPath Expression</name>
- <value>$.response.Attribute</value>
- </property>
- <property>
- <name>Null Value Representation</name>
- <value>empty string</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- <autoTerminatedRelationship>original</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>d850fc04-df9a-36b7-b53f-8b397a1be69a</id>
- <name>Extract Misp event ID and store it to FlowFile</name>
- <position x="-783.5607955237681" y="719.2550630641567" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.EvaluateJsonPath</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Destination</name>
- <value>flowfile-content</value>
- </property>
- <property>
- <name>Return Type</name>
- <value>auto-detect</value>
- </property>
- <property>
- <name>Path Not Found Behavior</name>
- <value>ignore</value>
- </property>
- <property>
- <name>Null Value Representation</name>
- <value>empty string</value>
- </property>
- <property>
- <name>event_id</name>
- <value>$.event_id</value>
- </property>
- <autoTerminatedRelationship>failure</autoTerminatedRelationship>
- <autoTerminatedRelationship>unmatched</autoTerminatedRelationship>
- </processor>
- <connection>
- <id>39f7b787-0995-3721-8d50-700838b7a256</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>6d78b76c-5463-3610-b8c8-4796fa09c59b</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>e1e2caef-8178-3c91-b3ca-99f05f619064</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>adc3f55b-8d9a-33d0-a7af-0d795fa234ba</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>d850fc04-df9a-36b7-b53f-8b397a1be69a</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>c7cc4e24-7d9a-3a17-8af1-ca655f46595f</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>matched</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>4a797ab8-fb0e-3c9a-b397-b3394eca1ce4</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>ba1b7e7e-a03c-3ace-9182-7f43569537e2</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>dbc236e3-8c68-3c6b-b1e9-d1fc8f57327d</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>split</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>4707ebf2-4b30-3e97-8abc-6ca8a9d168fd</id>
- <name>Consecutive poll</name>
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>e1e2caef-8178-3c91-b3ca-99f05f619064</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>74d66e0e-0b65-36d2-96f1-4b836d2c4222</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>5e84f4ae-bf61-37d8-b115-0af74b89a6aa</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>dbc236e3-8c68-3c6b-b1e9-d1fc8f57327d</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>d850fc04-df9a-36b7-b53f-8b397a1be69a</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>matched</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>58cc41df-404e-309b-9df6-2ea67e1fe2b7</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>283bea4b-2774-3f2d-aabe-cf96989e9997</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>671c4e42-604f-389d-9cee-27431ca36448</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>a9d8c7a2-6b55-3684-9954-92934d5a69e8</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>74d66e0e-0b65-36d2-96f1-4b836d2c4222</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>192802be-4416-3abc-ba03-90934f2df860</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>c022992b-534a-317a-943c-86142ee1cf81</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>81ec71a0-719a-3205-9360-6a535072f7c6</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>192802be-4416-3abc-ba03-90934f2df860</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>424c08f5-1ad1-3a0a-923c-c3fd988f7d2e</id>
- <name>Update timestamp</name>
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>192802be-4416-3abc-ba03-90934f2df860</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>283bea4b-2774-3f2d-aabe-cf96989e9997</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>Response</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>70fec2c7-4dd5-3dd1-92fa-59c3027bffb4</id>
- <name />
- <bendPoints>
- <bendPoint x="294.48917603283667" y="-253.99569803676422" />
- <bendPoint x="294.48917603283667" y="-203.99569803676422" />
- </bendPoints>
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>e1e2caef-8178-3c91-b3ca-99f05f619064</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>e1e2caef-8178-3c91-b3ca-99f05f619064</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>d19116d2-0da0-3f86-8fd3-3285a839648e</id>
- <name>First poll</name>
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>e1e2caef-8178-3c91-b3ca-99f05f619064</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>81ec71a0-719a-3205-9360-6a535072f7c6</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>not-found</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>d375a69b-2139-3d9a-b6e3-48e0f69ec589</id>
- <name>Update cache with new events</name>
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>192802be-4416-3abc-ba03-90934f2df860</sourceId>
- <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>ba1b7e7e-a03c-3ace-9182-7f43569537e2</destinationId>
- <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>Response</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- </processGroup>
- <processGroup>
- <id>c4a200ea-5317-332a-97a4-ff76f951ecde</id>
- <name>GeoIP</name>
- <position x="556.427978515625" y="673.0274658203125" />
- <comment />
- <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
- <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
- <processor>
- <id>6292665b-f188-3551-b366-95476b5ac36f</id>
- <name>Save to disk</name>
- <position x="-357.78594755036767" y="656.471512008819" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.PutFile</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Directory</name>
- <value>/opt/nifi/nifi-current/conf/</value>
- </property>
- <property>
- <name>Conflict Resolution Strategy</name>
- <value>replace</value>
- </property>
- <property>
- <name>Create Missing Directories</name>
- <value>true</value>
- </property>
- <property>
- <name>Maximum File Count</name>
- </property>
- <property>
- <name>Last Modified Time</name>
- </property>
- <property>
- <name>Permissions</name>
- </property>
- <property>
- <name>Owner</name>
- </property>
- <property>
- <name>Group</name>
- </property>
- <autoTerminatedRelationship>success</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>c8b26516-0170-1000-ffff-fffffa357a77</id>
- <name>InvokeHTTP</name>
- <position x="-354.33263208075834" y="-1.6134650355261897" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.InvokeHTTP</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>HTTP Method</name>
- <value>GET</value>
- </property>
- <property>
- <name>Remote URL</name>
- <value>https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=${maxmind_key}&suffix=tar.gz</value>
- </property>
- <property>
- <name>SSL Context Service</name>
- <value>83443c00-b286-366a-b8e0-2f51527ab8e5</value>
- </property>
- <property>
- <name>Connection Timeout</name>
- <value>5 secs</value>
- </property>
- <property>
- <name>Read Timeout</name>
- <value>15 secs</value>
- </property>
- <property>
- <name>idle-timeout</name>
- <value>5 mins</value>
- </property>
- <property>
- <name>max-idle-connections</name>
- <value>5</value>
- </property>
- <property>
- <name>Include Date Header</name>
- <value>True</value>
- </property>
- <property>
- <name>Follow Redirects</name>
- <value>True</value>
- </property>
- <property>
- <name>Attributes to Send</name>
- </property>
- <property>
- <name>Useragent</name>
- </property>
- <property>
- <name>Basic Authentication Username</name>
- </property>
- <property>
- <name>Basic Authentication Password</name>
- </property>
- <property>
- <name>proxy-configuration-service</name>
- </property>
- <property>
- <name>Proxy Host</name>
- </property>
- <property>
- <name>Proxy Port</name>
- </property>
- <property>
- <name>Proxy Type</name>
- <value>http</value>
- </property>
- <property>
- <name>invokehttp-proxy-user</name>
- </property>
- <property>
- <name>invokehttp-proxy-password</name>
- </property>
- <property>
- <name>Put Response Body In Attribute</name>
- </property>
- <property>
- <name>Max Length To Put In Attribute</name>
- <value>256</value>
- </property>
- <property>
- <name>Digest Authentication</name>
- <value>false</value>
- </property>
- <property>
- <name>Always Output Response</name>
- <value>false</value>
- </property>
- <property>
- <name>Add Response Headers to Request</name>
- <value>false</value>
- </property>
- <property>
- <name>Content-Type</name>
- <value>${mime.type}</value>
- </property>
- <property>
- <name>send-message-body</name>
- <value>true</value>
- </property>
- <property>
- <name>Use Chunked Encoding</name>
- <value>false</value>
- </property>
- <property>
- <name>Penalize on "No Retry"</name>
- <value>false</value>
- </property>
- <property>
- <name>use-etag</name>
- <value>false</value>
- </property>
- <property>
- <name>etag-max-cache-size</name>
- <value>10MB</value>
- </property>
- <property>
- <name>ignore-response-content</name>
- <value>false</value>
- </property>
- <property>
- <name>form-body-form-name</name>
- </property>
- <property>
- <name>set-form-filename</name>
- <value>true</value>
- </property>
- <autoTerminatedRelationship>Original</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>b99eab15-7e38-33fa-87d1-41d772306d9c</id>
- <name>Uncompress</name>
- <position x="-359.13545011384423" y="239.87525101326742" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.CompressContent</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Mode</name>
- <value>decompress</value>
- </property>
- <property>
- <name>Compression Format</name>
- <value>use mime.type attribute</value>
- </property>
- <property>
- <name>Compression Level</name>
- <value>1</value>
- </property>
- <property>
- <name>Update Filename</name>
- <value>false</value>
- </property>
- </processor>
- <processor>
- <id>c8b20333-0170-1000-0000-000010760524</id>
- <name>RouteOnAttribute</name>
- <position x="-353.2358571852152" y="-223.16639543708658" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.RouteOnAttribute</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Routing Strategy</name>
- <value>Route to Property name</value>
- </property>
- <property>
- <name>maxmind_key</name>
- <value>${maxmind_key:length():gt(1)}</value>
- </property>
- <autoTerminatedRelationship>unmatched</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>aad91df7-8e80-3598-a3eb-9b000045b843</id>
- <name>UnpackContent</name>
- <position x="-358.13545011384423" y="448.82544805040084" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.UnpackContent</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>0 sec</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>Packaging Format</name>
- <value>tar</value>
- </property>
- <property>
- <name>File Filter</name>
- <value>GeoLite2-City.mmdb</value>
- </property>
- <autoTerminatedRelationship>original</autoTerminatedRelationship>
- </processor>
- <processor>
- <id>c8b1bafd-0170-1000-0000-0000753f5f5b</id>
- <name>GenerateFlowFile</name>
- <position x="-366.3974570271698" y="-455.687252544095" />
- <styles />
- <comment />
- <class>org.apache.nifi.processors.standard.GenerateFlowFile</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-standard-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <maxConcurrentTasks>1</maxConcurrentTasks>
- <schedulingPeriod>1 week</schedulingPeriod>
- <penalizationPeriod>30 sec</penalizationPeriod>
- <yieldPeriod>1 sec</yieldPeriod>
- <bulletinLevel>WARN</bulletinLevel>
- <lossTolerant>false</lossTolerant>
- <scheduledState>RUNNING</scheduledState>
- <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
- <executionNode>ALL</executionNode>
- <runDurationNanos>0</runDurationNanos>
- <property>
- <name>File Size</name>
- <value>0B</value>
- </property>
- <property>
- <name>Batch Size</name>
- <value>1</value>
- </property>
- <property>
- <name>Data Format</name>
- <value>Text</value>
- </property>
- <property>
- <name>Unique FlowFiles</name>
- <value>false</value>
- </property>
- <property>
- <name>generate-ff-custom-text</name>
- </property>
- <property>
- <name>character-set</name>
- <value>UTF-8</value>
- </property>
- <property>
- <name>mime-type</name>
- </property>
- </processor>
- <funnel>
- <id>c2cac6f3-c926-3038-b685-68f71f76fda3</id>
- <position x="457.8712158203125" y="380.06201171875" />
- </funnel>
- <connection>
- <id>c8b21bba-0170-1000-0000-0000281b44ba</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>c8b1bafd-0170-1000-0000-0000753f5f5b</sourceId>
- <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>c8b20333-0170-1000-0000-000010760524</destinationId>
- <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>1d0b1e6f-7b01-34c5-82f8-c95918e700ae</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>b99eab15-7e38-33fa-87d1-41d772306d9c</sourceId>
- <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>c2cac6f3-c926-3038-b685-68f71f76fda3</destinationId>
- <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>e8e86b3f-6936-3080-8eb6-036d532cb483</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>6292665b-f188-3551-b366-95476b5ac36f</sourceId>
- <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>c2cac6f3-c926-3038-b685-68f71f76fda3</destinationId>
- <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>e2f43878-959f-379c-b898-6d7c3a72af44</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>b99eab15-7e38-33fa-87d1-41d772306d9c</sourceId>
- <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>aad91df7-8e80-3598-a3eb-9b000045b843</destinationId>
- <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
+ <class>org.apache.nifi.processors.standard.GenerateFlowFile</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>10 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>File Size</name>
+ <value>0B</value>
+ </property>
+ <property>
+ <name>Batch Size</name>
+ <value>1</value>
+ </property>
+ <property>
+ <name>Data Format</name>
+ <value>Text</value>
+ </property>
+ <property>
+ <name>Unique FlowFiles</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>generate-ff-custom-text</name>
+ <value>[{"timestamp":"${now():format('yyyy-MM-dd HH:mm:ss.SSS'):replaceFirst(' ','T')}","TLP":"AMBER","destination":{"ip":"10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","port":443},"event_type":"tls","flow_id":852792667052212,"in_iface":"if1","proto":"TCP","source":{"ip":"10.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}.${random():mod(254):plus(1)}","port":53466},"tls":{"ja3":{"hash":"e5b607b5862a46cab44d7bacd582b3cd","string":"771,4867-4865-4866-52393-52392-49195-49199-49196-49200-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0"},"sni":"clients3.google.com","sni_domain":"google.com","version":"TLS 1.3"}}]</value>
+ </property>
+ <property>
+ <name>character-set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>mime.type</name>
+ <value>application/json</value>
+ </property>
+ <property>
+ <name>enrich_domain1</name>
+ <value>/tls/sni_domain</value>
+ </property>
+ <property>
+ <name>enrich_fqdn1</name>
+ <value>/tls/sni</value>
+ </property>
+ <property>
+ <name>enrich_ip1</name>
+ <value>/source/ip</value>
+ </property>
+ <property>
+ <name>data_id</name>
+ <value>suricata_tls</value>
+ </property>
+ <property>
+ <name>data_index</name>
+ <value>logs-suricata-tls</value>
+ </property>
+ <property>
+ <name>data_type</name>
+ <value>suricata</value>
+ </property>
+ <property>
+ <name>enrich_ip2</name>
+ <value>/destination/ip</value>
+ </property>
+ </processor>
+ <outputPort>
+ <id>0c864b15-0175-1000-0000-00001d403b1e</id>
+ <name>To enrichment</name>
+ <position x="1192.0" y="576.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <connection>
+ <id>1cb3658c-0175-1000-ffff-ffff93193081</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>f8143c19-b547-1c84-90b7-2e3c37a659e7</sourceId>
+ <sourceGroupId>0c83ef26-0175-1000-ffff-ffffcac37910</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>0c864b15-0175-1000-0000-00001d403b1e</destinationId>
+ <destinationGroupId>0c83ef26-0175-1000-ffff-ffffcac37910</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>0c865d01-0175-1000-0000-0000559b408d</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>bb7dc9ff-2d25-3134-9617-cca3cabe9179</sourceId>
+ <sourceGroupId>0c83ef26-0175-1000-ffff-ffffcac37910</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>0c864b15-0175-1000-0000-00001d403b1e</destinationId>
+ <destinationGroupId>0c83ef26-0175-1000-ffff-ffffcac37910</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <connection>
+ <id>0c866fa6-0175-1000-ffff-ffffe866c936</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>0c864b15-0175-1000-0000-00001d403b1e</sourceId>
+ <sourceGroupId>0c83ef26-0175-1000-ffff-ffffcac37910</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>d30dc946-251a-307c-8e88-f2262b0bb194</destinationId>
+ <destinationGroupId>b3d57504-7c06-37a3-b59b-8723f60fa728</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
<connection>
- <id>dc7524de-fb6c-3e02-8c60-f821d81aff29</id>
+ <id>c5fe676f-baa5-3d90-956e-fe502db0ac68</id>
<name />
<bendPoints />
- <labelIndex>1</labelIndex>
+ <labelIndex>0</labelIndex>
<zIndex>0</zIndex>
- <sourceId>aad91df7-8e80-3598-a3eb-9b000045b843</sourceId>
- <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>6292665b-f188-3551-b366-95476b5ac36f</destinationId>
- <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>success</relationship>
+ <sourceId>d30dc946-251a-307c-8e88-f2262b0bb194</sourceId>
+ <sourceGroupId>b3d57504-7c06-37a3-b59b-8723f60fa728</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>20b01ab3-3a8d-3573-b95d-a4a45494050f</destinationId>
+ <destinationGroupId>870d6d68-7a0a-3505-8c42-0d6064fe43f6</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -10960,18 +5770,18 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>39a11e18-3397-3f1a-a020-49b895ff6f81</id>
+ <id>214d5013-0175-1000-ffff-ffff9b7dbebb</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>aad91df7-8e80-3598-a3eb-9b000045b843</sourceId>
- <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>c2cac6f3-c926-3038-b685-68f71f76fda3</destinationId>
- <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
+ <sourceId>1ef39440-1985-3bbb-8e03-859a1c5ee4b1</sourceId>
+ <sourceGroupId>84607b52-9748-3d38-b519-b0a05cddd097</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>21a9e277-2d80-359a-9c57-cb76d8962e6d</destinationId>
+ <destinationGroupId>870d6d68-7a0a-3505-8c42-0d6064fe43f6</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -10980,82 +5790,20 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>c8b2e58b-0170-1000-ffff-ffff997c6e6c</id>
+ <id>27d64272-0172-1000-0000-000079e1c9c6</id>
<name />
<bendPoints>
- <bendPoint x="108.66736791924166" y="38.38653496447381" />
- <bendPoint x="136.0" y="88.0" />
+ <bendPoint x="88.0" y="864.0" />
</bendPoints>
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>c8b26516-0170-1000-ffff-fffffa357a77</sourceId>
- <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>c8b26516-0170-1000-ffff-fffffa357a77</destinationId>
- <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>Retry</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>c8b29bee-0170-1000-ffff-fffff516df5d</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>c8b26516-0170-1000-ffff-fffffa357a77</sourceId>
- <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>b99eab15-7e38-33fa-87d1-41d772306d9c</destinationId>
- <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>Response</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>c8b2cb01-0170-1000-0000-000005baadda</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
- <zIndex>0</zIndex>
- <sourceId>c8b26516-0170-1000-ffff-fffffa357a77</sourceId>
- <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>c2cac6f3-c926-3038-b685-68f71f76fda3</destinationId>
- <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>No Retry</relationship>
- <relationship>Failure</relationship>
- <maxWorkQueueSize>10000</maxWorkQueueSize>
- <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
- <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
- <partitioningAttribute />
- <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
- </connection>
- <connection>
- <id>c8b5c90e-0170-1000-ffff-ffff9864e7e4</id>
- <name />
- <bendPoints />
- <labelIndex>1</labelIndex>
+ <labelIndex>0</labelIndex>
<zIndex>0</zIndex>
- <sourceId>c8b20333-0170-1000-0000-000010760524</sourceId>
- <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
- <sourceType>PROCESSOR</sourceType>
- <destinationId>c8b26516-0170-1000-ffff-fffffa357a77</destinationId>
- <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
- <destinationType>PROCESSOR</destinationType>
- <relationship>maxmind_key</relationship>
+ <sourceId>27d5761b-0172-1000-0000-000059275dad</sourceId>
+ <sourceGroupId>27d51d04-0172-1000-0000-00004573c6ec</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>20b01ab3-3a8d-3573-b95d-a4a45494050f</destinationId>
+ <destinationGroupId>870d6d68-7a0a-3505-8c42-0d6064fe43f6</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -11063,436 +5811,2776 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
- </processGroup>
- </processGroup>
- <controllerService>
- <id>349b34c7-a821-1197-ffff-ffff85d82877</id>
- <name>Contry code to region</name>
- <comment />
- <class>org.apache.nifi.lookup.SimpleCsvFileLookupService</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-lookup-services-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <enabled>true</enabled>
- <property>
- <name>csv-file</name>
- <value>/opt/nifi/nifi-current/conf/enrich/CountriesWithRegionalCodes.csv</value>
- </property>
- <property>
- <name>CSV Format</name>
- <value>default</value>
- </property>
- <property>
- <name>Character Set</name>
- <value>UTF-8</value>
- </property>
- <property>
- <name>lookup-key-column</name>
- <value>alpha-2</value>
- </property>
- <property>
- <name>ignore-duplicates</name>
- <value>true</value>
- </property>
- <property>
- <name>Value Separator</name>
- <value>,</value>
- </property>
- <property>
- <name>Quote Character</name>
- <value>"</value>
- </property>
- <property>
- <name>Quote Mode</name>
- <value>MINIMAL</value>
- </property>
- <property>
- <name>Comment Marker</name>
- </property>
- <property>
- <name>Escape Character</name>
- <value>\</value>
- </property>
- <property>
- <name>Trim Fields</name>
- <value>true</value>
- </property>
- <property>
- <name>lookup-value-column</name>
- <value>region</value>
- </property>
- </controllerService>
- <controllerService>
- <id>8972e39a-0176-1000-ffff-ffffb8dd96f4</id>
- <name>Common CA</name>
- <comment />
- <class>org.apache.nifi.ssl.StandardSSLContextService</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-ssl-context-service-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <enabled>true</enabled>
- <property>
- <name>Keystore Filename</name>
- </property>
- <property>
- <name>Keystore Password</name>
- </property>
- <property>
- <name>key-password</name>
- </property>
- <property>
- <name>Keystore Type</name>
- </property>
- <property>
- <name>Truststore Filename</name>
- <value>/opt/nifi/nifi-current/conf/common-cacerts.jks</value>
- </property>
- <property>
- <name>Truststore Password</name>
- <value>enc{2650a175fb2f75e2dcd038b4b506ac6368b7e025f6cb80fa6a82b187b0755443}</value>
- </property>
- <property>
- <name>Truststore Type</name>
- <value>JKS</value>
- </property>
- <property>
- <name>SSL Protocol</name>
- <value>TLS</value>
- </property>
- </controllerService>
- <controllerService>
- <id>bbd4d3a2-0175-1000-0000-00000b0fb8bd</id>
- <name>Tor node CSV</name>
- <comment />
- <class>org.apache.nifi.lookup.SimpleCsvFileLookupService</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-lookup-services-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <enabled>true</enabled>
- <property>
- <name>csv-file</name>
- <value>/opt/nifi/nifi-current/conf/enrich/tornodes.csv</value>
- </property>
- <property>
- <name>CSV Format</name>
- <value>default</value>
- </property>
- <property>
- <name>Character Set</name>
- <value>UTF-8</value>
- </property>
- <property>
- <name>lookup-key-column</name>
- <value>ip_addr</value>
- </property>
- <property>
- <name>ignore-duplicates</name>
- <value>true</value>
- </property>
- <property>
- <name>Value Separator</name>
- <value>,</value>
- </property>
- <property>
- <name>Quote Character</name>
- <value>"</value>
- </property>
- <property>
- <name>Quote Mode</name>
- <value>MINIMAL</value>
- </property>
- <property>
- <name>Comment Marker</name>
- </property>
- <property>
- <name>Escape Character</name>
- <value>\</value>
- </property>
- <property>
- <name>Trim Fields</name>
- <value>true</value>
- </property>
- <property>
- <name>lookup-value-column</name>
- <value>ip_addr</value>
- </property>
- </controllerService>
- <controllerService>
- <id>14453a95-7646-1485-0000-00002c675762</id>
- <name>Mysql audit log</name>
- <comment />
- <class>org.apache.nifi.csv.CSVReader</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-record-serialization-services-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <enabled>true</enabled>
- <property>
- <name>schema-access-strategy</name>
- <value>infer-schema</value>
- </property>
- <property>
- <name>schema-registry</name>
- </property>
- <property>
- <name>schema-name</name>
- <value>${schema.name}</value>
- </property>
- <property>
- <name>schema-version</name>
- </property>
- <property>
- <name>schema-branch</name>
- </property>
- <property>
- <name>schema-text</name>
- <value>${avro.schema}</value>
- </property>
- <property>
- <name>csv-reader-csv-parser</name>
- <value>commons-csv</value>
- </property>
- <property>
- <name>Date Format</name>
- </property>
- <property>
- <name>Time Format</name>
- </property>
- <property>
- <name>Timestamp Format</name>
- </property>
- <property>
- <name>CSV Format</name>
- <value>custom</value>
- </property>
- <property>
- <name>Value Separator</name>
- <value>,</value>
- </property>
- <property>
- <name>Record Separator</name>
- <value>\n</value>
- </property>
- <property>
- <name>Skip Header Line</name>
- <value>true</value>
- </property>
- <property>
- <name>ignore-csv-header</name>
- <value>false</value>
- </property>
- <property>
- <name>Quote Character</name>
- <value>"</value>
- </property>
- <property>
- <name>Escape Character</name>
- <value>\</value>
- </property>
- <property>
- <name>Comment Marker</name>
- </property>
- <property>
- <name>Null String</name>
- </property>
- <property>
- <name>Trim Fields</name>
- <value>true</value>
- </property>
- <property>
- <name>csvutils-character-set</name>
- <value>UTF-8</value>
- </property>
- </controllerService>
- <controllerService>
- <id>7504a565-0176-1000-ffff-ffff9c0f0741</id>
- <name>Zookeeper logs</name>
- <comment />
- <class>org.apache.nifi.grok.GrokReader</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-record-serialization-services-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <enabled>true</enabled>
- <property>
- <name>schema-access-strategy</name>
- <value>string-fields-from-grok-expression</value>
- </property>
- <property>
- <name>schema-registry</name>
- </property>
- <property>
- <name>schema-name</name>
- <value>${schema.name}</value>
- </property>
- <property>
- <name>schema-version</name>
- </property>
- <property>
- <name>schema-branch</name>
- </property>
- <property>
- <name>schema-text</name>
- <value>${avro.schema}</value>
- </property>
- <property>
- <name>Grok Pattern File</name>
- </property>
- <property>
- <name>Grok Expression</name>
- <value>%{GREEDYDATA:timestamp} \[%{DATA:id}\] - %{DATA:level} \[%{DATA:process}\] - %{GREEDYDATA:message}</value>
- </property>
- <property>
- <name>no-match-behavior</name>
- <value>append-to-previous-message</value>
- </property>
- </controllerService>
- <controllerService>
- <id>8b1dd8bb-0170-1000-0000-000007446e6a</id>
- <name>Misp DistributedMapCacheServer</name>
- <comment />
- <class>org.apache.nifi.distributed.cache.server.map.DistributedMapCacheServer</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-distributed-cache-services-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <enabled>true</enabled>
- <property>
- <name>Port</name>
- <value>4557</value>
- </property>
- <property>
- <name>Maximum Cache Entries</name>
- <value>10000</value>
- </property>
- <property>
- <name>Eviction Strategy</name>
- <value>Least Frequently Used</value>
- </property>
- <property>
- <name>Persistence Directory</name>
- <value>/opt/nifi/nifi-current/conf/</value>
- </property>
- <property>
- <name>SSL Context Service</name>
- </property>
- </controllerService>
- <controllerService>
- <id>56ebe0aa-0176-1000-ffff-ffffbd212f01</id>
- <name>Haproxy GrokReader</name>
+ <connection>
+ <id>27d65fe7-0172-1000-ffff-ffffec2db03b</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="-744.0" y="856.0" />
+ </bendPoints>
+ <labelIndex>0</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>27d5dab2-0172-1000-ffff-ffffab5c50be</sourceId>
+ <sourceGroupId>27d51d04-0172-1000-0000-00004573c6ec</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>21a9e277-2d80-359a-9c57-cb76d8962e6d</destinationId>
+ <destinationGroupId>870d6d68-7a0a-3505-8c42-0d6064fe43f6</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <controllerService>
+ <id>94600c6c-704e-3ff8-a2a4-f2f25c71dc3b</id>
+ <name>JsonRecordSetWriter</name>
+ <comment />
+ <class>org.apache.nifi.json.JsonRecordSetWriter</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-record-serialization-services-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <enabled>true</enabled>
+ <property>
+ <name>Schema Write Strategy</name>
+ <value>no-schema</value>
+ </property>
+ <property>
+ <name>schema-cache</name>
+ </property>
+ <property>
+ <name>schema-access-strategy</name>
+ <value>inherit-record-schema</value>
+ </property>
+ <property>
+ <name>schema-registry</name>
+ </property>
+ <property>
+ <name>schema-name</name>
+ <value>${schema.name}</value>
+ </property>
+ <property>
+ <name>schema-version</name>
+ </property>
+ <property>
+ <name>schema-branch</name>
+ </property>
+ <property>
+ <name>schema-text</name>
+ <value>${avro.schema}</value>
+ </property>
+ <property>
+ <name>Date Format</name>
+ </property>
+ <property>
+ <name>Time Format</name>
+ </property>
+ <property>
+ <name>Timestamp Format</name>
+ </property>
+ <property>
+ <name>Pretty Print JSON</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>suppress-nulls</name>
+ <value>suppress-missing</value>
+ </property>
+ <property>
+ <name>output-grouping</name>
+ <value>output-array</value>
+ </property>
+ <property>
+ <name>compression-format</name>
+ <value>none</value>
+ </property>
+ <property>
+ <name>compression-level</name>
+ <value>1</value>
+ </property>
+ </controllerService>
+ <controllerService>
+ <id>09b4fa02-0459-358d-939f-54fda8aea702</id>
+ <name>VolatileSchemaCache</name>
+ <comment />
+ <class>org.apache.nifi.schema.inference.VolatileSchemaCache</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-record-serialization-services-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <enabled>false</enabled>
+ <property>
+ <name>max-cache-size</name>
+ <value>100</value>
+ </property>
+ </controllerService>
+ </processGroup>
+ <processGroup>
+ <id>e9c19adc-c8a4-327e-ad24-24e71fd3474e</id>
+ <name>Data output</name>
+ <position x="829.4446253936723" y="1015.2711478364996" />
+ <comment />
+ <inputPort>
+ <id>e333b82d-7408-3747-8dd2-46473704e51b</id>
+ <name>Data input</name>
+ <position x="-688.0" y="496.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <processGroup>
+ <id>7ebf304b-4978-3adc-ac31-470fb76e5029</id>
+ <name>Elastic odfe</name>
+ <position x="-759.1319580078125" y="739.6137390136719" />
+ <comment />
+ <processor>
+ <id>8b48f28f-2379-3f0f-81fe-4e1b93e72666</id>
+ <name>PutElasticsearchHttpRecord</name>
+ <position x="-856.2311706542969" y="629.8186340332031" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.elasticsearch.PutElasticsearchHttpRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-elasticsearch-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>elasticsearch-http-url</name>
+ <value>${elastic_url}</value>
+ </property>
+ <property>
+ <name>SSL Context Service</name>
+ <value>83443c00-b286-366a-b8e0-2f51527ab8e5</value>
+ </property>
+ <property>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>Username</name>
+ <value>${elastic_username}</value>
+ </property>
+ <property>
+ <name>Password</name>
+ <value>enc{aa0e200e6ad20acb3eb1e1f1c7ab08154fc11ccf55c6176c4c8b12fab9f339cba76c4cf1f567bb8aeb4802017cc50639}</value>
+ </property>
+ <property>
+ <name>elasticsearch-http-connect-timeout</name>
+ <value>5 secs</value>
+ </property>
+ <property>
+ <name>elasticsearch-http-response-timeout</name>
+ <value>15 secs</value>
+ </property>
+ <property>
+ <name>proxy-configuration-service</name>
+ </property>
+ <property>
+ <name>elasticsearch-http-proxy-host</name>
+ </property>
+ <property>
+ <name>elasticsearch-http-proxy-port</name>
+ </property>
+ <property>
+ <name>proxy-username</name>
+ </property>
+ <property>
+ <name>proxy-password</name>
+ </property>
+ <property>
+ <name>put-es-record-record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>put-es-record-record-writer</name>
+ </property>
+ <property>
+ <name>put-es-record-log-all-errors</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>put-es-record-id-path</name>
+ </property>
+ <property>
+ <name>put-es-record-index</name>
+ <value>${data_index}-${now():format("yyyy-MM-dd")}</value>
+ </property>
+ <property>
+ <name>put-es-record-type</name>
+ <value>_doc</value>
+ </property>
+ <property>
+ <name>put-es-record-index-op</name>
+ <value>index</value>
+ </property>
+ <property>
+ <name>suppress-nulls</name>
+ <value>always-suppress</value>
+ </property>
+ <property>
+ <name>Date Format</name>
+ </property>
+ <property>
+ <name>Time Format</name>
+ </property>
+ <property>
+ <name>Timestamp Format</name>
+ </property>
+ <autoTerminatedRelationship>success</autoTerminatedRelationship>
+ </processor>
+ <inputPort>
+ <id>e7d34e01-babe-3022-ad9b-a7620e7c0f38</id>
+ <name>Data input</name>
+ <position x="-803.9990234375" y="484.5271301269531" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <funnel>
+ <id>a8cf8491-c2a7-3986-b803-58aff43326de</id>
+ <position x="-709.0761208187066" y="911.6861746431973" />
+ </funnel>
+ <connection>
+ <id>3280c550-2117-37a6-8b5e-3bc1953fa17e</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="-393.2311706542969" y="669.8186340332031" />
+ <bendPoint x="-393.2311706542969" y="719.8186340332031" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8b48f28f-2379-3f0f-81fe-4e1b93e72666</sourceId>
+ <sourceGroupId>7ebf304b-4978-3adc-ac31-470fb76e5029</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>8b48f28f-2379-3f0f-81fe-4e1b93e72666</destinationId>
+ <destinationGroupId>7ebf304b-4978-3adc-ac31-470fb76e5029</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>retry</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>02a9e341-0590-34a8-9f0c-9d6992869e59</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8b48f28f-2379-3f0f-81fe-4e1b93e72666</sourceId>
+ <sourceGroupId>7ebf304b-4978-3adc-ac31-470fb76e5029</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>a8cf8491-c2a7-3986-b803-58aff43326de</destinationId>
+ <destinationGroupId>7ebf304b-4978-3adc-ac31-470fb76e5029</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>1 min</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>5de8f98f-ce46-3565-b0ce-7f8ecf518c53</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>e7d34e01-babe-3022-ad9b-a7620e7c0f38</sourceId>
+ <sourceGroupId>7ebf304b-4978-3adc-ac31-470fb76e5029</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>8b48f28f-2379-3f0f-81fe-4e1b93e72666</destinationId>
+ <destinationGroupId>7ebf304b-4978-3adc-ac31-470fb76e5029</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>10 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <processGroup>
+ <id>2bb2f914-0172-1000-0000-0000240c76e4</id>
+ <name>Custom output</name>
+ <position x="-328.0" y="744.0" />
+ <comment />
+ <inputPort>
+ <id>2bb31aa5-0172-1000-0000-00000869fb70</id>
+ <name>Input</name>
+ <position x="-648.0" y="496.0" />
+ <comments />
+ <scheduledState>STOPPED</scheduledState>
+ </inputPort>
+ </processGroup>
+ <connection>
+ <id>34772170-2400-3eb6-b9c5-c03b912a38f3</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>e333b82d-7408-3747-8dd2-46473704e51b</sourceId>
+ <sourceGroupId>e9c19adc-c8a4-327e-ad24-24e71fd3474e</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>e7d34e01-babe-3022-ad9b-a7620e7c0f38</destinationId>
+ <destinationGroupId>7ebf304b-4978-3adc-ac31-470fb76e5029</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <connection>
+ <id>875a975e-46e1-36fa-a035-4799201abd63</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>20b01ab3-3a8d-3573-b95d-a4a45494050f</sourceId>
+ <sourceGroupId>870d6d68-7a0a-3505-8c42-0d6064fe43f6</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>74abf119-faa6-3e9e-bb31-da2e79f89a38</destinationId>
+ <destinationGroupId>fcbcacd1-542d-3a15-a5aa-9c1302328954</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>bbc37560-0171-1000-0000-000055178fff</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>c164884d-277f-31af-ac3c-18b211667bbf</sourceId>
+ <sourceGroupId>fcbcacd1-542d-3a15-a5aa-9c1302328954</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>e333b82d-7408-3747-8dd2-46473704e51b</destinationId>
+ <destinationGroupId>e9c19adc-c8a4-327e-ad24-24e71fd3474e</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>9cdaaee8-0e39-3dbd-a7cc-06a89056bb7c</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>21a9e277-2d80-359a-9c57-cb76d8962e6d</sourceId>
+ <sourceGroupId>870d6d68-7a0a-3505-8c42-0d6064fe43f6</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>e333b82d-7408-3747-8dd2-46473704e51b</destinationId>
+ <destinationGroupId>e9c19adc-c8a4-327e-ad24-24e71fd3474e</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <controllerService>
+ <id>b7794eb3-9227-36dd-8751-e87d1c2321ee</id>
+ <name>Misp DistributedMapCacheClientService</name>
+ <comment />
+ <class>org.apache.nifi.distributed.cache.client.DistributedMapCacheClientService</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-distributed-cache-services-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <enabled>false</enabled>
+ <property>
+ <name>Server Hostname</name>
+ <value>localhost</value>
+ </property>
+ <property>
+ <name>Server Port</name>
+ <value>6000</value>
+ </property>
+ <property>
+ <name>SSL Context Service</name>
+ </property>
+ <property>
+ <name>Communications Timeout</name>
+ <value>30 secs</value>
+ </property>
+ </controllerService>
+ </processGroup>
+ <processGroup>
+ <id>72eb009e-0c2f-302d-bc6c-2d02c29c25a9</id>
+ <name>Enrichment data</name>
+ <position x="1720.0" y="248.0" />
<comment />
- <class>org.apache.nifi.grok.GrokReader</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-record-serialization-services-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <enabled>true</enabled>
- <property>
- <name>schema-access-strategy</name>
- <value>string-fields-from-grok-expression</value>
- </property>
- <property>
- <name>schema-registry</name>
- </property>
- <property>
- <name>schema-name</name>
- <value>${schema.name}</value>
- </property>
- <property>
- <name>schema-version</name>
- </property>
- <property>
- <name>schema-branch</name>
- </property>
- <property>
- <name>schema-text</name>
- <value>${avro.schema}</value>
- </property>
- <property>
- <name>Grok Pattern File</name>
- <value>/opt/nifi/nifi-current/conf/enrich/haproxy.groklib</value>
- </property>
- <property>
- <name>Grok Expression</name>
- <value>%{PROG:process.name}(?:\[%{POSINT:process.pid}\])?: %{HAPROXYHTTPBASE}</value>
- </property>
- <property>
- <name>no-match-behavior</name>
- <value>append-to-previous-message</value>
- </property>
- </controllerService>
+ <processGroup>
+ <id>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</id>
+ <name>Top domains</name>
+ <position x="970.3727876614566" y="673.4981494769316" />
+ <comment>Downloads CSV files containing top domains from Alexa and Umbrella</comment>
+ <processor>
+ <id>857cd537-4aeb-31fb-9740-0513e6cc46fe</id>
+ <name>Unzip CSV files</name>
+ <position x="-297.30227379373514" y="212.70767899178307" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.UnpackContent</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Packaging Format</name>
+ <value>zip</value>
+ </property>
+ <property>
+ <name>File Filter</name>
+ <value>.*</value>
+ </property>
+ <autoTerminatedRelationship>original</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>937de5fc-7d4a-35af-a071-46f04d6ea4fa</id>
+ <name>Save to disk</name>
+ <position x="326.18698401876486" y="392.4228279175642" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.PutFile</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Directory</name>
+ <value>/opt/nifi/nifi-current/conf/</value>
+ </property>
+ <property>
+ <name>Conflict Resolution Strategy</name>
+ <value>replace</value>
+ </property>
+ <property>
+ <name>Create Missing Directories</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>Maximum File Count</name>
+ </property>
+ <property>
+ <name>Last Modified Time</name>
+ </property>
+ <property>
+ <name>Permissions</name>
+ </property>
+ <property>
+ <name>Owner</name>
+ </property>
+ <property>
+ <name>Group</name>
+ </property>
+ <autoTerminatedRelationship>success</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>3c4d65a9-aa39-380f-b16b-2aea028a019b</id>
+ <name>Download Alexa CSV file</name>
+ <position x="197.54468055196799" y="-60.57735518790443" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.GetHTTP</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>1 day</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>URL</name>
+ <value>http://s3.amazonaws.com/alexa-static/top-1m.csv.zip</value>
+ </property>
+ <property>
+ <name>Filename</name>
+ <value>alexa-top-1m.csv.zip</value>
+ </property>
+ <property>
+ <name>SSL Context Service</name>
+ </property>
+ <property>
+ <name>Username</name>
+ </property>
+ <property>
+ <name>Password</name>
+ </property>
+ <property>
+ <name>Connection Timeout</name>
+ <value>30 sec</value>
+ </property>
+ <property>
+ <name>Data Timeout</name>
+ <value>10 min</value>
+ </property>
+ <property>
+ <name>User Agent</name>
+ </property>
+ <property>
+ <name>Accept Content-Type</name>
+ </property>
+ <property>
+ <name>Follow Redirects</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>redirect-cookie-policy</name>
+ <value>default</value>
+ </property>
+ <property>
+ <name>proxy-configuration-service</name>
+ </property>
+ <property>
+ <name>Proxy Host</name>
+ </property>
+ <property>
+ <name>Proxy Port</name>
+ </property>
+ <property>
+ <name>filename</name>
+ <value>alexa-top-1m.csv</value>
+ </property>
+ </processor>
+ <processor>
+ <id>9d3d9047-fb85-3ae6-a815-0e19cc860c60</id>
+ <name>Download Umbrella CSV file</name>
+ <position x="-297.30227379373514" y="-61.444390100013806" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.GetHTTP</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>1 day</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>URL</name>
+ <value>http://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip</value>
+ </property>
+ <property>
+ <name>Filename</name>
+ <value>umbrella-top-1m.csv.zip</value>
+ </property>
+ <property>
+ <name>SSL Context Service</name>
+ </property>
+ <property>
+ <name>Username</name>
+ </property>
+ <property>
+ <name>Password</name>
+ </property>
+ <property>
+ <name>Connection Timeout</name>
+ <value>30 sec</value>
+ </property>
+ <property>
+ <name>Data Timeout</name>
+ <value>10 min</value>
+ </property>
+ <property>
+ <name>User Agent</name>
+ </property>
+ <property>
+ <name>Accept Content-Type</name>
+ </property>
+ <property>
+ <name>Follow Redirects</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>redirect-cookie-policy</name>
+ <value>default</value>
+ </property>
+ <property>
+ <name>proxy-configuration-service</name>
+ </property>
+ <property>
+ <name>Proxy Host</name>
+ </property>
+ <property>
+ <name>Proxy Port</name>
+ </property>
+ <property>
+ <name>filename</name>
+ <value>umbrella-top-1m.csv</value>
+ </property>
+ </processor>
+ <processor>
+ <id>9009320d-fb62-357e-ad94-bef8e95ea142</id>
+ <name>Set filename</name>
+ <position x="-294.78310875467264" y="388.04684866613775" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Delete Attributes Expression</name>
+ </property>
+ <property>
+ <name>Store State</name>
+ <value>Do not store state</value>
+ </property>
+ <property>
+ <name>Stateful Variables Initial Value</name>
+ </property>
+ <property>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>filename</name>
+ <value>${segment.original.filename}</value>
+ </property>
+ </processor>
+ <processor>
+ <id>86fdf574-d86b-3f35-9aa0-3ada1867aff8</id>
+ <name>Add headers</name>
+ <position x="325.04416175313986" y="201.70740433357992" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ReplaceText</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Regular Expression</name>
+ <value>(?s)(^.*$)</value>
+ </property>
+ <property>
+ <name>Replacement Value</name>
+ <value>index,domain
+</value>
+ </property>
+ <property>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>Maximum Buffer Size</name>
+ <value>1 MB</value>
+ </property>
+ <property>
+ <name>Replacement Strategy</name>
+ <value>Prepend</value>
+ </property>
+ <property>
+ <name>Evaluation Mode</name>
+ <value>Entire text</value>
+ </property>
+ <property>
+ <name>Line-by-Line Evaluation Mode</name>
+ <value>All</value>
+ </property>
+ </processor>
+ <connection>
+ <id>652026e5-0acd-3009-b45a-f68f3e37bef9</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>9d3d9047-fb85-3ae6-a815-0e19cc860c60</sourceId>
+ <sourceGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>857cd537-4aeb-31fb-9740-0513e6cc46fe</destinationId>
+ <destinationGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>b400d4e7-7106-3ea3-8b1a-0b9d2a8795b2</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="787.0441617531399" y="276.7074043335799" />
+ <bendPoint x="788.0441617531399" y="291.7074043335799" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>86fdf574-d86b-3f35-9aa0-3ada1867aff8</sourceId>
+ <sourceGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>86fdf574-d86b-3f35-9aa0-3ada1867aff8</destinationId>
+ <destinationGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>5d7b82fa-10f8-3a32-9ffa-ebce53eb6070</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="-414.74468712381326" y="221.65236588143148" />
+ <bendPoint x="-451.48125938943826" y="275.1232673706893" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>857cd537-4aeb-31fb-9740-0513e6cc46fe</sourceId>
+ <sourceGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>857cd537-4aeb-31fb-9740-0513e6cc46fe</destinationId>
+ <destinationGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>bfe27587-bb06-388c-a59a-8aad9830cda1</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>3c4d65a9-aa39-380f-b16b-2aea028a019b</sourceId>
+ <sourceGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>857cd537-4aeb-31fb-9740-0513e6cc46fe</destinationId>
+ <destinationGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>7af7ff86-6b85-3fd1-bbc4-efa4e04593d9</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>857cd537-4aeb-31fb-9740-0513e6cc46fe</sourceId>
+ <sourceGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>86fdf574-d86b-3f35-9aa0-3ada1867aff8</destinationId>
+ <destinationGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>e2d60b76-d9bf-380f-9cfd-eeda1422ad73</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>86fdf574-d86b-3f35-9aa0-3ada1867aff8</sourceId>
+ <sourceGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>9009320d-fb62-357e-ad94-bef8e95ea142</destinationId>
+ <destinationGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>58b9bce4-6f7a-369c-a93f-dc23e252c670</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>9009320d-fb62-357e-ad94-bef8e95ea142</sourceId>
+ <sourceGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>937de5fc-7d4a-35af-a071-46f04d6ea4fa</destinationId>
+ <destinationGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>dea956ed-2b3b-39de-8cd8-a4d1f7a88aa2</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="790.1869840187649" y="473.4228279175642" />
+ <bendPoint x="789.1869840187649" y="482.42282791756406" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>937de5fc-7d4a-35af-a071-46f04d6ea4fa</sourceId>
+ <sourceGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>937de5fc-7d4a-35af-a071-46f04d6ea4fa</destinationId>
+ <destinationGroupId>a97a2cb2-e5b2-3c82-a365-ebe5139e2be6</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <processGroup>
+ <id>b997e46b-7905-33e8-8bbc-f4d51b0cc735</id>
+ <name>Tor Nodes</name>
+ <position x="968.7335178760902" y="456.9915202898361" />
+ <comment>Downloads a CSV file of IP addresses used as Tor nodes</comment>
+ <processor>
+ <id>ad366a87-89d6-38ff-affe-a1f3575faa8a</id>
+ <name>Save to disk</name>
+ <position x="-328.58331298828125" y="-153.10000610351562" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.PutFile</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Directory</name>
+ <value>/opt/nifi/nifi-current/conf/</value>
+ </property>
+ <property>
+ <name>Conflict Resolution Strategy</name>
+ <value>replace</value>
+ </property>
+ <property>
+ <name>Create Missing Directories</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>Maximum File Count</name>
+ </property>
+ <property>
+ <name>Last Modified Time</name>
+ </property>
+ <property>
+ <name>Permissions</name>
+ </property>
+ <property>
+ <name>Owner</name>
+ </property>
+ <property>
+ <name>Group</name>
+ </property>
+ <autoTerminatedRelationship>success</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>34f52e1e-164e-34e4-b5fc-e5d16f773b19</id>
+ <name>Get CSV file with Tor nodes</name>
+ <position x="-323.0833282470703" y="-647.6000061035156" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.GetHTTP</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>1 day</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>STOPPED</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>URL</name>
+ <value>http://check.torproject.org/torbulkexitlist</value>
+ </property>
+ <property>
+ <name>Filename</name>
+ <value>tornodes.csv</value>
+ </property>
+ <property>
+ <name>SSL Context Service</name>
+ </property>
+ <property>
+ <name>Username</name>
+ </property>
+ <property>
+ <name>Password</name>
+ </property>
+ <property>
+ <name>Connection Timeout</name>
+ <value>30 sec</value>
+ </property>
+ <property>
+ <name>Data Timeout</name>
+ <value>30 sec</value>
+ </property>
+ <property>
+ <name>User Agent</name>
+ </property>
+ <property>
+ <name>Accept Content-Type</name>
+ </property>
+ <property>
+ <name>Follow Redirects</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>redirect-cookie-policy</name>
+ <value>default</value>
+ </property>
+ <property>
+ <name>proxy-configuration-service</name>
+ </property>
+ <property>
+ <name>Proxy Host</name>
+ </property>
+ <property>
+ <name>Proxy Port</name>
+ </property>
+ </processor>
+ <processor>
+ <id>8c69ccb6-616f-3ce2-b0cd-57276cae3749</id>
+ <name>Add header</name>
+ <position x="-325.5833282470703" y="-410.1000061035156" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ReplaceText</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Regular Expression</name>
+ <value>(?s)(^.*$)</value>
+ </property>
+ <property>
+ <name>Replacement Value</name>
+ <value>ip_addr
+</value>
+ </property>
+ <property>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>Maximum Buffer Size</name>
+ <value>1 MB</value>
+ </property>
+ <property>
+ <name>Replacement Strategy</name>
+ <value>Prepend</value>
+ </property>
+ <property>
+ <name>Evaluation Mode</name>
+ <value>Entire text</value>
+ </property>
+ <property>
+ <name>Line-by-Line Evaluation Mode</name>
+ <value>All</value>
+ </property>
+ </processor>
+ <connection>
+ <id>33cb6d60-d003-3954-b9d0-f51ac40ed983</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8c69ccb6-616f-3ce2-b0cd-57276cae3749</sourceId>
+ <sourceGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>ad366a87-89d6-38ff-affe-a1f3575faa8a</destinationId>
+ <destinationGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>cd13f619-bb19-37c2-b8fe-c962edfbf213</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="137.4166717529297" y="-370.1000061035156" />
+ <bendPoint x="137.4166717529297" y="-320.1000061035156" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8c69ccb6-616f-3ce2-b0cd-57276cae3749</sourceId>
+ <sourceGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>8c69ccb6-616f-3ce2-b0cd-57276cae3749</destinationId>
+ <destinationGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>3941ee86-e740-3b8f-951a-c7da71e78fbe</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>34f52e1e-164e-34e4-b5fc-e5d16f773b19</sourceId>
+ <sourceGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>8c69ccb6-616f-3ce2-b0cd-57276cae3749</destinationId>
+ <destinationGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>19de0f5c-c244-3e7d-b711-ee165b493ea2</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="134.41668701171875" y="-113.10000610351562" />
+ <bendPoint x="134.41668701171875" y="-63.100006103515625" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>ad366a87-89d6-38ff-affe-a1f3575faa8a</sourceId>
+ <sourceGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>ad366a87-89d6-38ff-affe-a1f3575faa8a</destinationId>
+ <destinationGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8130df3d-dc8c-32c2-975d-9c94438cac05</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>34f52e1e-164e-34e4-b5fc-e5d16f773b19</sourceId>
+ <sourceGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>8c69ccb6-616f-3ce2-b0cd-57276cae3749</destinationId>
+ <destinationGroupId>b997e46b-7905-33e8-8bbc-f4d51b0cc735</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <processGroup>
+ <id>194a653f-0c92-3704-8bd4-ffa079643515</id>
+ <name>Misp</name>
+ <position x="548.9658647769079" y="453.4916238226681" />
+ <comment>Polls Misp database once every minute and places new IOCs in a NiFi memcache.</comment>
+ <processor>
+ <id>283bea4b-2774-3f2d-aabe-cf96989e9997</id>
+ <name>Set timestamp as FlowFile content</name>
+ <position x="506.47715414708637" y="587.6551663734834" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ReplaceText</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Regular Expression</name>
+ <value>(?s)(^.*$)</value>
+ </property>
+ <property>
+ <name>Replacement Value</name>
+ <value>${timestamp}</value>
+ </property>
+ <property>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>Maximum Buffer Size</name>
+ <value>1 MB</value>
+ </property>
+ <property>
+ <name>Replacement Strategy</name>
+ <value>Always Replace</value>
+ </property>
+ <property>
+ <name>Evaluation Mode</name>
+ <value>Entire text</value>
+ </property>
+ <property>
+ <name>Line-by-Line Evaluation Mode</name>
+ <value>All</value>
+ </property>
+ </processor>
+ <processor>
+ <id>e1e2caef-8178-3c91-b3ca-99f05f619064</id>
+ <name>Get timestamp of last successful poll</name>
+ <position x="-168.51082396716333" y="-293.9956980367642" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.FetchDistributedMapCache</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Cache Entry Identifier</name>
+ <value>${lookup_id}</value>
+ </property>
+ <property>
+ <name>Distributed Cache Service</name>
+ <value>ad4d31bf-b1fb-35e0-b634-b969b200f3a6</value>
+ </property>
+ <property>
+ <name>Put Cache Value In Attribute</name>
+ <value>last_run</value>
+ </property>
+ <property>
+ <name>Max Length To Put In Attribute</name>
+ <value>256</value>
+ </property>
+ <property>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ </processor>
+ <processor>
+ <id>192802be-4416-3abc-ba03-90934f2df860</id>
+ <name>Get events</name>
+ <position x="-151.66592451726592" y="335.6012170464188" />
+ <styles />
+ <comment>Normally the query will have a filter at the end "/last:${last}" so that only new events are pulled. This has been removed from this demo.</comment>
+ <class>org.apache.nifi.processors.standard.InvokeHTTP</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>HTTP Method</name>
+ <value>GET</value>
+ </property>
+ <property>
+ <name>Remote URL</name>
+ <value>${misp_url}/attributes/restSearch/returnFormat:json/type:ip-src||ip-dst</value>
+ </property>
+ <property>
+ <name>SSL Context Service</name>
+ <value>83443c00-b286-366a-b8e0-2f51527ab8e5</value>
+ </property>
+ <property>
+ <name>Connection Timeout</name>
+ <value>5 secs</value>
+ </property>
+ <property>
+ <name>Read Timeout</name>
+ <value>15 secs</value>
+ </property>
+ <property>
+ <name>Include Date Header</name>
+ <value>True</value>
+ </property>
+ <property>
+ <name>Follow Redirects</name>
+ <value>True</value>
+ </property>
+ <property>
+ <name>Attributes to Send</name>
+ </property>
+ <property>
+ <name>Basic Authentication Username</name>
+ </property>
+ <property>
+ <name>Basic Authentication Password</name>
+ </property>
+ <property>
+ <name>proxy-configuration-service</name>
+ </property>
+ <property>
+ <name>Proxy Host</name>
+ </property>
+ <property>
+ <name>Proxy Port</name>
+ </property>
+ <property>
+ <name>Proxy Type</name>
+ <value>http</value>
+ </property>
+ <property>
+ <name>invokehttp-proxy-user</name>
+ </property>
+ <property>
+ <name>invokehttp-proxy-password</name>
+ </property>
+ <property>
+ <name>Put Response Body In Attribute</name>
+ </property>
+ <property>
+ <name>Max Length To Put In Attribute</name>
+ <value>256</value>
+ </property>
+ <property>
+ <name>Digest Authentication</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>Always Output Response</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>Add Response Headers to Request</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>Content-Type</name>
+ <value>${mime.type}</value>
+ </property>
+ <property>
+ <name>send-message-body</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>Use Chunked Encoding</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>Penalize on "No Retry"</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>use-etag</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>etag-max-cache-size</name>
+ <value>10MB</value>
+ </property>
+ <property>
+ <name>ignore-response-content</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>Authorization</name>
+ <value>${misp_token}</value>
+ </property>
+ <autoTerminatedRelationship>Original</autoTerminatedRelationship>
+ <autoTerminatedRelationship>Retry</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>671c4e42-604f-389d-9cee-27431ca36448</id>
+ <name>Store timestamp</name>
+ <position x="504.4604101497308" y="824.0677052542044" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.PutDistributedMapCache</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Cache Entry Identifier</name>
+ <value>${lookup_id}</value>
+ </property>
+ <property>
+ <name>Distributed Cache Service</name>
+ <value>ad4d31bf-b1fb-35e0-b634-b969b200f3a6</value>
+ </property>
+ <property>
+ <name>Cache update strategy</name>
+ <value>replace</value>
+ </property>
+ <property>
+ <name>Max cache entry size</name>
+ <value>1 MB</value>
+ </property>
+ <autoTerminatedRelationship>success</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>c7cc4e24-7d9a-3a17-8af1-ca655f46595f</id>
+ <name>Update cache</name>
+ <position x="-775.4735301448745" y="930.3624699197178" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.PutDistributedMapCache</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Cache Entry Identifier</name>
+ <value>${misp_ip}</value>
+ </property>
+ <property>
+ <name>Distributed Cache Service</name>
+ <value>ad4d31bf-b1fb-35e0-b634-b969b200f3a6</value>
+ </property>
+ <property>
+ <name>Cache update strategy</name>
+ <value>replace</value>
+ </property>
+ <property>
+ <name>Max cache entry size</name>
+ <value>1 MB</value>
+ </property>
+ <autoTerminatedRelationship>success</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>81ec71a0-719a-3205-9360-6a535072f7c6</id>
+ <name>Set attributes to get all events for the last x days</name>
+ <position x="-378.1916613806792" y="-12.197472102501479" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Delete Attributes Expression</name>
+ </property>
+ <property>
+ <name>Store State</name>
+ <value>Do not store state</value>
+ </property>
+ <property>
+ <name>Stateful Variables Initial Value</name>
+ </property>
+ <property>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>last</name>
+ <value>${misp_ip_first_interval}</value>
+ </property>
+ <property>
+ <name>timestamp</name>
+ <value>${now():toNumber()}</value>
+ </property>
+ </processor>
+ <processor>
+ <id>6d78b76c-5463-3610-b8c8-4796fa09c59b</id>
+ <name>Periodic polling</name>
+ <position x="-171.36520083798905" y="-518.6967632987289" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.GenerateFlowFile</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>1 minute</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>STOPPED</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>File Size</name>
+ <value>0B</value>
+ </property>
+ <property>
+ <name>Batch Size</name>
+ <value>1</value>
+ </property>
+ <property>
+ <name>Data Format</name>
+ <value>Text</value>
+ </property>
+ <property>
+ <name>Unique FlowFiles</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>generate-ff-custom-text</name>
+ </property>
+ <property>
+ <name>character-set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>lookup_id</name>
+ <value>ip</value>
+ </property>
+ </processor>
+ <processor>
+ <id>dbc236e3-8c68-3c6b-b1e9-d1fc8f57327d</id>
+ <name>Extract IP address</name>
+ <position x="-156.69110558236184" y="543.7042207790005" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.EvaluateJsonPath</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Destination</name>
+ <value>flowfile-attribute</value>
+ </property>
+ <property>
+ <name>Return Type</name>
+ <value>auto-detect</value>
+ </property>
+ <property>
+ <name>Path Not Found Behavior</name>
+ <value>ignore</value>
+ </property>
+ <property>
+ <name>Null Value Representation</name>
+ <value>empty string</value>
+ </property>
+ <property>
+ <name>misp_ip</name>
+ <value>$.value</value>
+ </property>
+ </processor>
+ <processor>
+ <id>74d66e0e-0b65-36d2-96f1-4b836d2c4222</id>
+ <name>Set attributes to get new events since last poll</name>
+ <position x="81.93877074822706" y="-13.058372981407729" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Delete Attributes Expression</name>
+ </property>
+ <property>
+ <name>Store State</name>
+ <value>Do not store state</value>
+ </property>
+ <property>
+ <name>Stateful Variables Initial Value</name>
+ </property>
+ <property>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>last</name>
+ <value>${now():toNumber():minus(${last_run}):divide(60000):plus(1):append("m")}</value>
+ </property>
+ <property>
+ <name>timestamp</name>
+ <value>${now():toNumber()}</value>
+ </property>
+ </processor>
+ <processor>
+ <id>ba1b7e7e-a03c-3ace-9182-7f43569537e2</id>
+ <name>Create one FlowFile for each IP address</name>
+ <position x="-789.5267777615984" y="546.1428879861119" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.SplitJson</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>JsonPath Expression</name>
+ <value>$.response.Attribute</value>
+ </property>
+ <property>
+ <name>Null Value Representation</name>
+ <value>empty string</value>
+ </property>
+ <autoTerminatedRelationship>original</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>d850fc04-df9a-36b7-b53f-8b397a1be69a</id>
+ <name>Extract Misp event ID and store it to FlowFile</name>
+ <position x="-783.5607955237681" y="719.2550630641567" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.EvaluateJsonPath</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Destination</name>
+ <value>flowfile-content</value>
+ </property>
+ <property>
+ <name>Return Type</name>
+ <value>auto-detect</value>
+ </property>
+ <property>
+ <name>Path Not Found Behavior</name>
+ <value>ignore</value>
+ </property>
+ <property>
+ <name>Null Value Representation</name>
+ <value>empty string</value>
+ </property>
+ <property>
+ <name>event_id</name>
+ <value>$.event_id</value>
+ </property>
+ </processor>
+ <funnel>
+ <id>c490b6b5-0170-1000-0000-000035bc685d</id>
+ <position x="601.9534533822577" y="371.9240905653907" />
+ </funnel>
+ <connection>
+ <id>39f7b787-0995-3721-8d50-700838b7a256</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>6d78b76c-5463-3610-b8c8-4796fa09c59b</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>e1e2caef-8178-3c91-b3ca-99f05f619064</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>adc3f55b-8d9a-33d0-a7af-0d795fa234ba</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>d850fc04-df9a-36b7-b53f-8b397a1be69a</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>c7cc4e24-7d9a-3a17-8af1-ca655f46595f</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>matched</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>4a797ab8-fb0e-3c9a-b397-b3394eca1ce4</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>ba1b7e7e-a03c-3ace-9182-7f43569537e2</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>dbc236e3-8c68-3c6b-b1e9-d1fc8f57327d</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>split</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>4707ebf2-4b30-3e97-8abc-6ca8a9d168fd</id>
+ <name>Consecutive poll</name>
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>e1e2caef-8178-3c91-b3ca-99f05f619064</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>74d66e0e-0b65-36d2-96f1-4b836d2c4222</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>58cc41df-404e-309b-9df6-2ea67e1fe2b7</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>283bea4b-2774-3f2d-aabe-cf96989e9997</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>671c4e42-604f-389d-9cee-27431ca36448</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>5e84f4ae-bf61-37d8-b115-0af74b89a6aa</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>dbc236e3-8c68-3c6b-b1e9-d1fc8f57327d</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>d850fc04-df9a-36b7-b53f-8b397a1be69a</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>matched</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>a9d8c7a2-6b55-3684-9954-92934d5a69e8</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>74d66e0e-0b65-36d2-96f1-4b836d2c4222</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>192802be-4416-3abc-ba03-90934f2df860</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>c2a99429-58ab-325b-b755-dffeb30b0fc1</id>
+ <name />
+ <bendPoints />
+ <labelIndex>0</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>192802be-4416-3abc-ba03-90934f2df860</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>c490b6b5-0170-1000-0000-000035bc685d</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>No Retry</relationship>
+ <relationship>Failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>a146ab21-f626-3fa5-a736-fdeec786eaf8</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="-312.47353014487453" y="970.3624699197178" />
+ <bendPoint x="-312.47353014487453" y="1020.3624699197178" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>c7cc4e24-7d9a-3a17-8af1-ca655f46595f</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>c7cc4e24-7d9a-3a17-8af1-ca655f46595f</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>c022992b-534a-317a-943c-86142ee1cf81</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>81ec71a0-719a-3205-9360-6a535072f7c6</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>192802be-4416-3abc-ba03-90934f2df860</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>424c08f5-1ad1-3a0a-923c-c3fd988f7d2e</id>
+ <name>Update timestamp</name>
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>192802be-4416-3abc-ba03-90934f2df860</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>283bea4b-2774-3f2d-aabe-cf96989e9997</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>Response</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>5b9b78c7-890c-3fe0-a1b1-b2dc5bbd944b</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="306.30889441763816" y="583.7042207790005" />
+ <bendPoint x="306.30889441763816" y="633.7042207790005" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>dbc236e3-8c68-3c6b-b1e9-d1fc8f57327d</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>dbc236e3-8c68-3c6b-b1e9-d1fc8f57327d</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>failure</relationship>
+ <relationship>unmatched</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>c98425f5-d4f3-36f7-b045-834923ca235a</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="-911.4283280545671" y="539.9664353493931" />
+ <bendPoint x="-945.2909989530046" y="613.0546921853306" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>ba1b7e7e-a03c-3ace-9182-7f43569537e2</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>ba1b7e7e-a03c-3ace-9182-7f43569537e2</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>d19c9d34-8896-39ff-9d2d-f29651b24c18</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="967.4604101497307" y="864.0677052542044" />
+ <bendPoint x="967.4604101497307" y="914.0677052542044" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>671c4e42-604f-389d-9cee-27431ca36448</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>671c4e42-604f-389d-9cee-27431ca36448</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>70fec2c7-4dd5-3dd1-92fa-59c3027bffb4</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="294.48917603283667" y="-253.99569803676422" />
+ <bendPoint x="294.48917603283667" y="-203.99569803676422" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>e1e2caef-8178-3c91-b3ca-99f05f619064</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>e1e2caef-8178-3c91-b3ca-99f05f619064</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>d19116d2-0da0-3f86-8fd3-3285a839648e</id>
+ <name>First poll</name>
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>e1e2caef-8178-3c91-b3ca-99f05f619064</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>81ec71a0-719a-3205-9360-6a535072f7c6</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>not-found</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>d375a69b-2139-3d9a-b6e3-48e0f69ec589</id>
+ <name>Update cache with new events</name>
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>192802be-4416-3abc-ba03-90934f2df860</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>ba1b7e7e-a03c-3ace-9182-7f43569537e2</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>Response</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>8d3dfbef-370e-374b-a6c6-89e4cdf6216b</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="-320.5607955237681" y="759.2550630641567" />
+ <bendPoint x="-320.5607955237681" y="809.2550630641567" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>d850fc04-df9a-36b7-b53f-8b397a1be69a</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>d850fc04-df9a-36b7-b53f-8b397a1be69a</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>failure</relationship>
+ <relationship>unmatched</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>536817e5-12a1-3a94-82ae-7638937a07e8</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="969.4771541470864" y="627.6551663734834" />
+ <bendPoint x="969.4771541470864" y="677.6551663734834" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>283bea4b-2774-3f2d-aabe-cf96989e9997</sourceId>
+ <sourceGroupId>194a653f-0c92-3704-8bd4-ffa079643515</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>283bea4b-2774-3f2d-aabe-cf96989e9997</destinationId>
+ <destinationGroupId>194a653f-0c92-3704-8bd4-ffa079643515</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <processGroup>
+ <id>c4a200ea-5317-332a-97a4-ff76f951ecde</id>
+ <name>GeoIP</name>
+ <position x="556.427978515625" y="673.0274658203125" />
+ <comment />
+ <processor>
+ <id>6292665b-f188-3551-b366-95476b5ac36f</id>
+ <name>Save to disk</name>
+ <position x="-357.78594755036767" y="656.471512008819" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.PutFile</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Directory</name>
+ <value>/opt/nifi/nifi-current/conf/</value>
+ </property>
+ <property>
+ <name>Conflict Resolution Strategy</name>
+ <value>replace</value>
+ </property>
+ <property>
+ <name>Create Missing Directories</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>Maximum File Count</name>
+ </property>
+ <property>
+ <name>Last Modified Time</name>
+ </property>
+ <property>
+ <name>Permissions</name>
+ </property>
+ <property>
+ <name>Owner</name>
+ </property>
+ <property>
+ <name>Group</name>
+ </property>
+ <autoTerminatedRelationship>success</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>c8b26516-0170-1000-ffff-fffffa357a77</id>
+ <name>InvokeHTTP</name>
+ <position x="-354.33263208075834" y="-1.6134650355261897" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.InvokeHTTP</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>STOPPED</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>HTTP Method</name>
+ <value>GET</value>
+ </property>
+ <property>
+ <name>Remote URL</name>
+ <value>https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=${maxmind_key}&suffix=tar.gz</value>
+ </property>
+ <property>
+ <name>SSL Context Service</name>
+ <value>83443c00-b286-366a-b8e0-2f51527ab8e5</value>
+ </property>
+ <property>
+ <name>Connection Timeout</name>
+ <value>5 secs</value>
+ </property>
+ <property>
+ <name>Read Timeout</name>
+ <value>15 secs</value>
+ </property>
+ <property>
+ <name>Include Date Header</name>
+ <value>True</value>
+ </property>
+ <property>
+ <name>Follow Redirects</name>
+ <value>True</value>
+ </property>
+ <property>
+ <name>Attributes to Send</name>
+ </property>
+ <property>
+ <name>Basic Authentication Username</name>
+ </property>
+ <property>
+ <name>Basic Authentication Password</name>
+ </property>
+ <property>
+ <name>proxy-configuration-service</name>
+ </property>
+ <property>
+ <name>Proxy Host</name>
+ </property>
+ <property>
+ <name>Proxy Port</name>
+ </property>
+ <property>
+ <name>Proxy Type</name>
+ <value>http</value>
+ </property>
+ <property>
+ <name>invokehttp-proxy-user</name>
+ </property>
+ <property>
+ <name>invokehttp-proxy-password</name>
+ </property>
+ <property>
+ <name>Put Response Body In Attribute</name>
+ </property>
+ <property>
+ <name>Max Length To Put In Attribute</name>
+ <value>256</value>
+ </property>
+ <property>
+ <name>Digest Authentication</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>Always Output Response</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>Add Response Headers to Request</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>Content-Type</name>
+ <value>${mime.type}</value>
+ </property>
+ <property>
+ <name>send-message-body</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>Use Chunked Encoding</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>Penalize on "No Retry"</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>use-etag</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>etag-max-cache-size</name>
+ <value>10MB</value>
+ </property>
+ <property>
+ <name>ignore-response-content</name>
+ <value>false</value>
+ </property>
+ <autoTerminatedRelationship>Original</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>b99eab15-7e38-33fa-87d1-41d772306d9c</id>
+ <name>Uncompress</name>
+ <position x="-359.13545011384423" y="239.87525101326742" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.CompressContent</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Mode</name>
+ <value>decompress</value>
+ </property>
+ <property>
+ <name>Compression Format</name>
+ <value>use mime.type attribute</value>
+ </property>
+ <property>
+ <name>Compression Level</name>
+ <value>1</value>
+ </property>
+ <property>
+ <name>Update Filename</name>
+ <value>false</value>
+ </property>
+ </processor>
+ <processor>
+ <id>c8b20333-0170-1000-0000-000010760524</id>
+ <name>RouteOnAttribute</name>
+ <position x="-353.2358571852152" y="-223.16639543708658" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.RouteOnAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Routing Strategy</name>
+ <value>Route to Property name</value>
+ </property>
+ <property>
+ <name>maxmind_key</name>
+ <value>${maxmind_key:length():gt(1)}</value>
+ </property>
+ <autoTerminatedRelationship>unmatched</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>aad91df7-8e80-3598-a3eb-9b000045b843</id>
+ <name>UnpackContent</name>
+ <position x="-358.13545011384423" y="448.82544805040084" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.UnpackContent</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Packaging Format</name>
+ <value>tar</value>
+ </property>
+ <property>
+ <name>File Filter</name>
+ <value>GeoLite2-City.mmdb</value>
+ </property>
+ <autoTerminatedRelationship>original</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>c8b1bafd-0170-1000-0000-0000753f5f5b</id>
+ <name>GenerateFlowFile</name>
+ <position x="-366.3974570271698" y="-455.687252544095" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.GenerateFlowFile</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>1 week</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>STOPPED</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>File Size</name>
+ <value>0B</value>
+ </property>
+ <property>
+ <name>Batch Size</name>
+ <value>1</value>
+ </property>
+ <property>
+ <name>Data Format</name>
+ <value>Text</value>
+ </property>
+ <property>
+ <name>Unique FlowFiles</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>generate-ff-custom-text</name>
+ </property>
+ <property>
+ <name>character-set</name>
+ <value>UTF-8</value>
+ </property>
+ </processor>
+ <funnel>
+ <id>c2cac6f3-c926-3038-b685-68f71f76fda3</id>
+ <position x="457.8712158203125" y="380.06201171875" />
+ </funnel>
+ <connection>
+ <id>c8b21bba-0170-1000-0000-0000281b44ba</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>c8b1bafd-0170-1000-0000-0000753f5f5b</sourceId>
+ <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>c8b20333-0170-1000-0000-000010760524</destinationId>
+ <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>1d0b1e6f-7b01-34c5-82f8-c95918e700ae</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>b99eab15-7e38-33fa-87d1-41d772306d9c</sourceId>
+ <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>c2cac6f3-c926-3038-b685-68f71f76fda3</destinationId>
+ <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>e8e86b3f-6936-3080-8eb6-036d532cb483</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>6292665b-f188-3551-b366-95476b5ac36f</sourceId>
+ <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>c2cac6f3-c926-3038-b685-68f71f76fda3</destinationId>
+ <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>e2f43878-959f-379c-b898-6d7c3a72af44</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>b99eab15-7e38-33fa-87d1-41d772306d9c</sourceId>
+ <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>aad91df7-8e80-3598-a3eb-9b000045b843</destinationId>
+ <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>dc7524de-fb6c-3e02-8c60-f821d81aff29</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>aad91df7-8e80-3598-a3eb-9b000045b843</sourceId>
+ <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>6292665b-f188-3551-b366-95476b5ac36f</destinationId>
+ <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>39a11e18-3397-3f1a-a020-49b895ff6f81</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>aad91df7-8e80-3598-a3eb-9b000045b843</sourceId>
+ <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>c2cac6f3-c926-3038-b685-68f71f76fda3</destinationId>
+ <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>c8b2e58b-0170-1000-ffff-ffff997c6e6c</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="108.66736791924166" y="38.38653496447381" />
+ <bendPoint x="108.66736791924166" y="88.38653496447381" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>c8b26516-0170-1000-ffff-fffffa357a77</sourceId>
+ <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>c8b26516-0170-1000-ffff-fffffa357a77</destinationId>
+ <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>Retry</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>c8b29bee-0170-1000-ffff-fffff516df5d</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>c8b26516-0170-1000-ffff-fffffa357a77</sourceId>
+ <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>b99eab15-7e38-33fa-87d1-41d772306d9c</destinationId>
+ <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>Response</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>c8b2cb01-0170-1000-0000-000005baadda</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>c8b26516-0170-1000-ffff-fffffa357a77</sourceId>
+ <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>c2cac6f3-c926-3038-b685-68f71f76fda3</destinationId>
+ <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>No Retry</relationship>
+ <relationship>Failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>c8b5c90e-0170-1000-ffff-ffff9864e7e4</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>c8b20333-0170-1000-0000-000010760524</sourceId>
+ <sourceGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>c8b26516-0170-1000-ffff-fffffa357a77</destinationId>
+ <destinationGroupId>c4a200ea-5317-332a-97a4-ff76f951ecde</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>maxmind_key</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ </processGroup>
<controllerService>
- <id>bc97858d-0175-1000-0000-0000130a84f8</id>
- <name>Nifi logs GrokReader</name>
+ <id>bf81debc-0171-1000-0000-00002936ae5a</id>
+ <name>Tor node CSV</name>
<comment />
- <class>org.apache.nifi.grok.GrokReader</class>
+ <class>org.apache.nifi.lookup.CSVRecordLookupService</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-record-serialization-services-nar</artifact>
- <version>1.12.1</version>
+ <artifact>nifi-lookup-services-nar</artifact>
+ <version>1.11.4</version>
</bundle>
<enabled>true</enabled>
<property>
- <name>schema-access-strategy</name>
- <value>string-fields-from-grok-expression</value>
- </property>
- <property>
- <name>schema-registry</name>
- </property>
- <property>
- <name>schema-name</name>
- <value>${schema.name}</value>
- </property>
- <property>
- <name>schema-version</name>
- </property>
- <property>
- <name>schema-branch</name>
- </property>
- <property>
- <name>schema-text</name>
- <value>${avro.schema}</value>
- </property>
- <property>
- <name>Grok Pattern File</name>
+ <name>csv-file</name>
+ <value>/opt/nifi/nifi-current/conf/enrich/tornodes.csv</value>
</property>
<property>
- <name>Grok Expression</name>
- <value>%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} \[%{DATA:thread}\] %{DATA:class} %{GREEDYDATA:message}</value>
+ <name>csv-format</name>
+ <value>Default</value>
</property>
<property>
- <name>no-match-behavior</name>
- <value>append-to-previous-message</value>
+ <name>Character Set</name>
+ <value>UTF-8</value>
</property>
- </controllerService>
- <controllerService>
- <id>bc8e5957-0175-1000-0000-00003346421d</id>
- <name>Extract message field</name>
- <comment />
- <class>org.apache.nifi.text.FreeFormTextRecordSetWriter</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-record-serialization-services-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <enabled>true</enabled>
<property>
- <name>Text</name>
- <value>${message}</value>
+ <name>lookup-key-column</name>
+ <value>ip_addr</value>
</property>
<property>
- <name>Character Set</name>
- <value>UTF-8</value>
+ <name>ignore-duplicates</name>
+ <value>true</value>
</property>
</controllerService>
<controllerService>
@@ -11503,7 +8591,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-lookup-services-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<enabled>true</enabled>
<property>
@@ -11523,7 +8611,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-distributed-cache-services-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<enabled>true</enabled>
<property>
@@ -11542,46 +8630,6 @@
<value>30 secs</value>
</property>
</controllerService>
- <controllerService>
- <id>83443c00-b286-366a-b8e0-2f51527ab8e5</id>
- <name>Soctools CA</name>
- <comment />
- <class>org.apache.nifi.ssl.StandardRestrictedSSLContextService</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-ssl-context-service-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <enabled>true</enabled>
- <property>
- <name>Keystore Filename</name>
- </property>
- <property>
- <name>Keystore Password</name>
- </property>
- <property>
- <name>key-password</name>
- </property>
- <property>
- <name>Keystore Type</name>
- </property>
- <property>
- <name>Truststore Filename</name>
- <value>/opt/nifi/nifi-current/conf/cacerts.jks</value>
- </property>
- <property>
- <name>Truststore Password</name>
- <value>{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}</value>
- </property>
- <property>
- <name>Truststore Type</name>
- <value>JKS</value>
- </property>
- <property>
- <name>SSL Protocol</name>
- <value>TLS</value>
- </property>
- </controllerService>
<controllerService>
<id>17b30955-5464-3709-8a32-69a459850cfa</id>
<name>Inferred JsonRecordSetWriter</name>
@@ -11590,7 +8638,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-record-serialization-services-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<enabled>true</enabled>
<property>
@@ -11600,10 +8648,6 @@
<property>
<name>schema-cache</name>
</property>
- <property>
- <name>schema-protocol-version</name>
- <value>1</value>
- </property>
<property>
<name>schema-access-strategy</name>
<value>inherit-record-schema</value>
@@ -11656,47 +8700,74 @@
</property>
</controllerService>
<controllerService>
- <id>70ea12d7-0176-1000-ffff-ffffee2ee306</id>
- <name>Mysql log GrokReader</name>
+ <id>8b1dd8bb-0170-1000-0000-000007446e6a</id>
+ <name>Misp DistributedMapCacheServer</name>
<comment />
- <class>org.apache.nifi.grok.GrokReader</class>
+ <class>org.apache.nifi.distributed.cache.server.map.DistributedMapCacheServer</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-record-serialization-services-nar</artifact>
- <version>1.12.1</version>
+ <artifact>nifi-distributed-cache-services-nar</artifact>
+ <version>1.11.4</version>
</bundle>
<enabled>true</enabled>
<property>
- <name>schema-access-strategy</name>
- <value>string-fields-from-grok-expression</value>
+ <name>Port</name>
+ <value>4557</value>
</property>
<property>
- <name>schema-registry</name>
+ <name>Maximum Cache Entries</name>
+ <value>10000</value>
</property>
<property>
- <name>schema-name</name>
- <value>${schema.name}</value>
+ <name>Eviction Strategy</name>
+ <value>Least Frequently Used</value>
</property>
<property>
- <name>schema-version</name>
+ <name>Persistence Directory</name>
+ <value>/opt/nifi/nifi-current/conf/</value>
</property>
<property>
- <name>schema-branch</name>
+ <name>SSL Context Service</name>
</property>
+ </controllerService>
+ <controllerService>
+ <id>83443c00-b286-366a-b8e0-2f51527ab8e5</id>
+ <name>Common CA</name>
+ <comment />
+ <class>org.apache.nifi.ssl.StandardRestrictedSSLContextService</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-ssl-context-service-nar</artifact>
+ <version>1.11.4</version>
+ </bundle>
+ <enabled>true</enabled>
<property>
- <name>schema-text</name>
- <value>${avro.schema}</value>
+ <name>Keystore Filename</name>
+ </property>
+ <property>
+ <name>Keystore Password</name>
+ </property>
+ <property>
+ <name>key-password</name>
+ </property>
+ <property>
+ <name>Keystore Type</name>
+ </property>
+ <property>
+ <name>Truststore Filename</name>
+ <value>/opt/nifi/nifi-current/conf/cacerts.jks</value>
</property>
<property>
- <name>Grok Pattern File</name>
+ <name>Truststore Password</name>
+ <value>enc{a4ca3924cb58cb8c28fec2766ce1a66f9bec9ca13f5cb90008f3b0719d4777b2}</value>
</property>
<property>
- <name>Grok Expression</name>
- <value>%{GREEDYDATA:timestamp} %{DATA:process}: %{GREEDYDATA:message}</value>
+ <name>Truststore Type</name>
+ <value>JKS</value>
</property>
<property>
- <name>no-match-behavior</name>
- <value>append-to-previous-message</value>
+ <name>SSL Protocol</name>
+ <value>TLS</value>
</property>
</controllerService>
<controllerService>
@@ -11707,7 +8778,7 @@
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-record-serialization-services-nar</artifact>
- <version>1.12.1</version>
+ <version>1.11.4</version>
</bundle>
<enabled>true</enabled>
<property>
@@ -11744,13 +8815,13 @@
<name>Timestamp Format</name>
</property>
</controllerService>
- <variable name="misp_token" value="{{lookup('file','{{playbook_dir}}/secrets/tokens/misp')}}" />
+ <variable name="misp_token" value="{{ misp_token }}" />
<variable name="maxmind_key" value="{{ maxmind_key }}" />
- <variable name="misp_first_interval" value="60d" />
+ <variable name="misp_ip_first_interval" value="60d" />
<variable name="elastic_username" value="{{ elastic_username }}" />
<variable name="misp_url" value="{{ misp_url }}" />
- <variable name="elastic_url" value="https://{{ soctoolsproxy }}:9200" />
- <variable name="elastic_password" value="{{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}" />
+ <variable name="elastic_url" value="https://{{ dslproxy }}:9200" />
+ <variable name="elastic_password" value="{{ odfees_adminpass }}" />
</rootGroup>
<controllerServices />
<reportingTasks />
diff --git a/roles/nifi/templates/nifi.properties.j2 b/roles/nifi/templates/nifi.properties.j2
index c2dafaff8e4019ebc0e5c6a206b3378863110f80..426e5ce0d6c5975ff27cef19449d2deea9a93b20 100644
--- a/roles/nifi/templates/nifi.properties.j2
+++ b/roles/nifi/templates/nifi.properties.j2
@@ -120,8 +120,8 @@ nifi.provenance.repository.buffer.size=100000
# Component Status Repository
nifi.components.status.repository.implementation=org.apache.nifi.controller.status.history.VolatileComponentStatusRepository
-nifi.components.status.repository.buffer.size=288
-nifi.components.status.snapshot.frequency=5 min
+nifi.components.status.repository.buffer.size=1440
+nifi.components.status.snapshot.frequency=1 min
# Site to Site properties
nifi.remote.input.host={{ inventory_hostname }}
@@ -143,7 +143,7 @@ nifi.web.jetty.working.directory=./work/jetty
nifi.web.jetty.threads=200
nifi.web.max.header.size=16 KB
nifi.web.proxy.context.path=/nifi
-nifi.web.proxy.host={{ soctoolsproxy }}:9443
+nifi.web.proxy.host={{ dslproxy }}:9443
# security properties #
nifi.sensitive.props.key=
@@ -154,21 +154,21 @@ nifi.sensitive.props.additional.keys=
nifi.security.keystore=./conf/{{ inventory_hostname }}.p12
nifi.security.keystoreType=pkcs12
-nifi.security.keystorePasswd={{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}
+nifi.security.keystorePasswd={{ kspass}}
#nifi.security.keyPasswd=IP7Jgn7amiAYi3LRSRk5LGg3t4zlfh0kEKcAaaoxHDo
nifi.security.truststore=./conf/cacerts.jks
nifi.security.truststoreType=jks
-nifi.security.truststorePasswd={{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}
+nifi.security.truststorePasswd={{ tspass}}
nifi.security.user.authorizer=managed-authorizer
nifi.security.user.login.identity.provider=
nifi.security.ocsp.responder.url=
nifi.security.ocsp.responder.certificate=
# OpenId Connect SSO Properties #
-nifi.security.user.oidc.discovery.url=https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration
-nifi.security.user.oidc.connect.timeout=10 secs
-nifi.security.user.oidc.read.timeout=10 secs
-nifi.security.user.oidc.client.id=soctools-nifi
+nifi.security.user.oidc.discovery.url=https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration
+nifi.security.user.oidc.connect.timeout=5 secs
+nifi.security.user.oidc.read.timeout=5 secs
+nifi.security.user.oidc.client.id=dsoclab-nifi
nifi.security.user.oidc.client.secret={{nifisecret.value}}
nifi.security.user.oidc.preferred.jwsalgorithm=
nifi.security.user.oidc.additional.scopes={{openid_scope}}
@@ -226,9 +226,9 @@ nifi.cluster.load.balance.max.thread.count=8
nifi.cluster.load.balance.comms.timeout=30 sec
# zookeeper properties, used for cluster management #
-nifi.zookeeper.connect.string=soctools-zookeeper:2181
-nifi.zookeeper.connect.timeout=60 secs
-nifi.zookeeper.session.timeout=60 secs
+nifi.zookeeper.connect.string=dsoclab-zookeeper:2181
+nifi.zookeeper.connect.timeout=3 secs
+nifi.zookeeper.session.timeout=3 secs
nifi.zookeeper.root.node=/nifi
# Zookeeper properties for the authentication scheme used when creating acls on znodes used for cluster management
diff --git a/roles/odfees/files/Arne Oslebo.p12 b/roles/odfees/files/Arne Oslebo.p12
new file mode 100644
index 0000000000000000000000000000000000000000..273c8018b7bed8f691d9e9c24f5fa9d6425a0e79
Binary files /dev/null and b/roles/odfees/files/Arne Oslebo.p12 differ
diff --git a/roles/odfees/files/Bozidar Proevski.p12 b/roles/odfees/files/Bozidar Proevski.p12
new file mode 100644
index 0000000000000000000000000000000000000000..24010a64063a960d554cd4e895e17b9e2e62362a
Binary files /dev/null and b/roles/odfees/files/Bozidar Proevski.p12 differ
diff --git a/roles/odfees/files/SOCTOOLS-CA.crt b/roles/odfees/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/odfees/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/odfees/files/cacerts.jks b/roles/odfees/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
Binary files /dev/null and b/roles/odfees/files/cacerts.jks differ
diff --git a/roles/odfees/files/dsoclab-odfe-1.p12 b/roles/odfees/files/dsoclab-odfe-1.p12
new file mode 100644
index 0000000000000000000000000000000000000000..ed4bd60a1d96595774f510ecfd8c864a09e8d338
Binary files /dev/null and b/roles/odfees/files/dsoclab-odfe-1.p12 differ
diff --git a/roles/odfees/files/dsoclab-odfe-2.p12 b/roles/odfees/files/dsoclab-odfe-2.p12
new file mode 100644
index 0000000000000000000000000000000000000000..106170ff7a325bccade7cfecf2f60642e866a4a0
Binary files /dev/null and b/roles/odfees/files/dsoclab-odfe-2.p12 differ
diff --git a/roles/odfees/tasks/main.yml b/roles/odfees/tasks/main.yml
index 016e8786ed6a31238dd2c7efc68e9aec7c7a9912..ae6ae65701c4bebcf8cbd04bc4d4ddb9e246acfd 100644
--- a/roles/odfees/tasks/main.yml
+++ b/roles/odfees/tasks/main.yml
@@ -1,17 +1,118 @@
---
-- include: start.yml
+- name: Copy cacert to ca-trust dir
+ remote_user: root
+ copy:
+ src: "files/{{ca_cn}}.crt"
+ dest: /etc/pki/ca-trust/source/anchors/ca.crt
tags:
- - start
-- include: stop.yml
+ - start
+
+- name: Install cacert to root truststore
+ remote_user: root
+ command: "update-ca-trust"
+ tags:
+ - start
+
+- name: Copy certificates in odfe conf dir
+ copy:
+ src: "{{ item }}"
+ dest: "config/{{ item }}"
+ mode: 0600
+ with_items:
+ - "{{ inventory_hostname }}.p12"
+ - cacerts.jks
+ - "{{soctools_users[0].CN}}.p12"
+ tags:
+ - start
+
+- name: Configure sysconfig
+ template:
+ src: sysconfig_elasticsearch.j2
+ dest: sysconfig_elasticsearch
+ tags:
+ - start
+
+- name: Copy sysconfig to /etc
+ command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
+ tags:
+ - start
+
+- name: Configure odfe properties
+ template:
+ src: "config/{{item}}.j2"
+ dest: "config/{{item}}"
+ with_items:
+ - elasticsearch.yml
+ - jvm.options
+ - log4j2.properties
+ tags:
+ - start
+
+- name: Change password for admin
+ command: "bash plugins/opendistro_security/tools/hash.sh -p {{odfees_adminpass}}"
+ register: adminhash
+ # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
+ tags:
+ - start
+
+- set_fact:
+ adminhashpwd: "{{ adminhash.stdout }}"
+ #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
+ tags:
+ - start
+
+- name: Change password for cortex
+ command: "bash plugins/opendistro_security/tools/hash.sh -p {{cortex_odfe_pass}}"
+ register: cortexhash
+ # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
tags:
- - stop
- - stop-odfees
-- include: update-config.yml
+ - start
+
+- set_fact:
+ cortexhashpwd: "{{ cortexhash.stdout }}"
+ #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
tags:
- - update-config
- - update-odfees-config
-- include: restart.yml
+ - start
+
+- name: Configure opendistro_security properties
+ template:
+ src: "securityconfig/{{item}}.j2"
+ dest: "plugins/opendistro_security/securityconfig/{{item}}"
+ with_items:
+ - internal_users.yml
+ - config.yml
+ - roles_mapping.yml
tags:
- - restart
- - restart-odfees
+ - start
+
+#- name: Exit here to test ODFE
+# meta: end_play
+# tags:
+# - start
+
+- name: Start OpenDistro for Elasticsearch
+ command: "/usr/share/elasticsearch/bin/elasticsearch -p {{ inventory_hostname }}.pid -d"
+ tags:
+ - start
+
+- name: Wait for ElasticSearch
+ wait_for:
+ host: "{{groups['odfeescontainers'][0]}}"
+ port: 9200
+ state: started
+ delay: 5
+ tags:
+ - start
+
+- name: Configure OpenDistro security
+ command: "bash ./plugins/opendistro_security/tools/securityadmin.sh -h {{groups['odfeescontainers'][0]}} -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -ks '/usr/share/elasticsearch/config/{{soctools_users[0].CN}}.p12' -kspass {{soctools_users[0].password}} -ts /usr/share/elasticsearch/config/cacerts.jks -tspass {{tspass}} -cn dsoclab-cluster"
+ when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
+ tags:
+ - start
+
+- name: Stop OpenDistro for Elasticsearch
+ command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
+ tags:
+ - stop
+
diff --git a/roles/odfees/tasks/restart.yml b/roles/odfees/tasks/restart.yml
deleted file mode 100644
index 130f200cb0e139f54001e92ebb0bff025e803136..0000000000000000000000000000000000000000
--- a/roles/odfees/tasks/restart.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-
-- name: Restart OpenDistro for Elasticsearch
- remote_user: root
- command: "supervisorctl restart odfe"
-
-- name: Wait for ElasticSearch
- remote_user: root
- wait_for:
- host: "{{groups['odfeescontainers'][0]}}"
- port: 9200
- state: started
- delay: 5
-
diff --git a/roles/odfees/tasks/start.yml b/roles/odfees/tasks/start.yml
deleted file mode 100644
index 622a1cd65e9e634472048a5ab79207ffa60850fd..0000000000000000000000000000000000000000
--- a/roles/odfees/tasks/start.yml
+++ /dev/null
@@ -1,102 +0,0 @@
----
-
-- name: Copy cacert to ca-trust dir
- remote_user: root
- copy:
- src: "{{playbook_dir}}/secrets/CA/ca.crt"
- dest: /etc/pki/ca-trust/source/anchors/ca.crt
-
-- name: Install cacert to root truststore
- remote_user: root
- command: "update-ca-trust"
-
-- name: Copy certificates in odfe conf dir
- remote_user: elasticsearch
- copy:
- src: "{{ item }}"
- dest: "config/"
- mode: 0600
- with_items:
- - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12"
- - "{{playbook_dir}}/secrets/CA/cacerts.jks"
- - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12"
-
-- name: Configure sysconfig
- remote_user: elasticsearch
- template:
- src: sysconfig_elasticsearch.j2
- dest: sysconfig_elasticsearch
-
-- name: Copy sysconfig to /etc
- remote_user: elasticsearch
- command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
-
-- name: Configure odfe properties
- remote_user: elasticsearch
- template:
- src: "config/{{item}}.j2"
- dest: "config/{{item}}"
- with_items:
- - elasticsearch.yml
- - jvm.options
- - log4j2.properties
-
-- name: Change password for admin
- remote_user: elasticsearch
- command: "bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}"
- register: adminhash
- # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
-
-- set_fact:
- adminhashpwd: "{{ adminhash.stdout }}"
- #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
- remote_user: elasticsearch
-
-- name: Change password for cortex
- remote_user: elasticsearch
- command: "bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_odfe')}}"
- register: cortexhash
- # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
-
-- set_fact:
- cortexhashpwd: "{{ cortexhash.stdout }}"
- #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
- remote_user: elasticsearch
-
-- name: Configure opendistro_security properties
- remote_user: elasticsearch
- template:
- src: "securityconfig/{{item}}.j2"
- dest: "plugins/opendistro_security/securityconfig/{{item}}"
- with_items:
- - internal_users.yml
- - config.yml
- - roles_mapping.yml
-
-#- name: Exit here to test ODFE
-# meta: end_play
-
-- name: Start OpenDistro for Elasticsearch
- remote_user: root
- command: "supervisorctl start odfe"
-
-- name: Wait for ElasticSearch
- remote_user: root
- wait_for:
- host: "{{groups['odfeescontainers'][0]}}"
- port: 9200
- state: started
- delay: 5
-
-- name: Configure OpenDistro security
- remote_user: elasticsearch
- command: "bash ./plugins/opendistro_security/tools/securityadmin.sh -h {{groups['odfeescontainers'][0]}} -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -ks '/usr/share/elasticsearch/config/{{soctools_users[0].CN}}.p12' -kspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} {{lookup('password','{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} -ts /usr/share/elasticsearch/config/cacerts.jks -tspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}} -cn soctools-cluster"
- when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
-
-- name: Set Autostart for supervisord's services
- remote_user: root
- replace:
- path: /etc/supervisord.conf
- regexp: '^autostart=false$'
- replace: 'autostart=true'
-
diff --git a/roles/odfees/tasks/stop.yml b/roles/odfees/tasks/stop.yml
deleted file mode 100644
index 1302cc8bf86e04950e347eb12436b0a6cc0aac0f..0000000000000000000000000000000000000000
--- a/roles/odfees/tasks/stop.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-
-- name: Stop OpenDistro for Elasticsearch
- remote_user: root
- command: "supervisorctl stop odfe"
-
diff --git a/roles/odfees/tasks/update-config.yml b/roles/odfees/tasks/update-config.yml
deleted file mode 100644
index a40d487df503d8edc00dd641352d61d3f892042e..0000000000000000000000000000000000000000
--- a/roles/odfees/tasks/update-config.yml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-
-- name: Configure sysconfig
- remote_user: elasticsearch
- template:
- src: sysconfig_elasticsearch.j2
- dest: sysconfig_elasticsearch
-
-- name: Copy sysconfig to /etc
- remote_user: elasticsearch
- command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
-
-- name: Configure odfe properties
- remote_user: elasticsearch
- template:
- src: "config/{{item}}.j2"
- dest: "config/{{item}}"
- with_items:
- - elasticsearch.yml
- - jvm.options
- - log4j2.properties
-
-- name: Configure opendistro_security properties
- remote_user: elasticsearch
- template:
- src: "securityconfig/{{item}}.j2"
- dest: "plugins/opendistro_security/securityconfig/{{item}}"
- with_items:
- - internal_users.yml
- - config.yml
- - roles_mapping.yml
-
diff --git a/roles/odfees/templates/config/elasticsearch.yml.j2 b/roles/odfees/templates/config/elasticsearch.yml.j2
index 5e8e18fc2999f2622cca3b0c229265a379c49b44..ef61cd36dac6bdefebeaeab66a3c15b97aa3a25d 100644
--- a/roles/odfees/templates/config/elasticsearch.yml.j2
+++ b/roles/odfees/templates/config/elasticsearch.yml.j2
@@ -1,4 +1,4 @@
-cluster.name: "soctools-cluster"
+cluster.name: "dsoclab-cluster"
#network.host: 0.0.0.0
network.host: {{ inventory_hostname }}
discovery.seed_hosts:
@@ -30,11 +30,11 @@ cluster.initial_master_nodes:
opendistro_security.ssl.transport.keystore_type: pkcs12
opendistro_security.ssl.transport.keystore_filepath: {{ inventory_hostname }}.p12
-opendistro_security.ssl.transport.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
+opendistro_security.ssl.transport.keystore_password: {{ kspass }}
#opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.transport.truststore_type: jks
opendistro_security.ssl.transport.truststore_filepath: cacerts.jks
-opendistro_security.ssl.transport.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
+opendistro_security.ssl.transport.truststore_password: {{ tspass }}
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.http.enabled: true
@@ -42,10 +42,10 @@ opendistro_security.ssl.http.enabled: true
# opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.http.keystore_type: pkcs12
opendistro_security.ssl.http.keystore_filepath: {{ inventory_hostname }}.p12
-opendistro_security.ssl.http.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
+opendistro_security.ssl.http.keystore_password: {{ kspass }}
opendistro_security.ssl.http.truststore_type: jks
opendistro_security.ssl.http.truststore_filepath: cacerts.jks
-opendistro_security.ssl.http.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
+opendistro_security.ssl.http.truststore_password: {{ tspass }}
#opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
#opendistro_security.ssl.http.clientauth_mode: optional
opendistro_security.allow_unsafe_democertificates: false
diff --git a/roles/odfees/templates/config/log4j2.properties.j2 b/roles/odfees/templates/config/log4j2.properties.j2
index ee01d9a1406720d46fe983efacf16cc8d52c3729..9ad290ad82679309319cee88bee3eaf9d49814eb 100644
--- a/roles/odfees/templates/config/log4j2.properties.j2
+++ b/roles/odfees/templates/config/log4j2.properties.j2
@@ -5,27 +5,5 @@ appender.console.name = console
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
-appender.rolling.type = RollingFile
-appender.rolling.name = rolling
-appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_server.json
-appender.rolling.layout.type = ESJsonLayout
-appender.rolling.layout.type_name = server
-appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz
-appender.rolling.policies.type = Policies
-appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
-appender.rolling.policies.time.interval = 1
-appender.rolling.policies.time.modulate = true
-appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
-appender.rolling.policies.size.size = 20MB
-appender.rolling.strategy.type = DefaultRolloverStrategy
-appender.rolling.strategy.fileIndex = nomax
-appender.rolling.strategy.action.type = Delete
-appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path}
-appender.rolling.strategy.action.condition.type = IfFileName
-appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-*
-appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize
-appender.rolling.strategy.action.condition.nested_condition.exceeds = 100MB
-
rootLogger.level = info
-#rootLogger.appenderRef.console.ref = console
-rootLogger.appenderRef.rolling.ref = rolling
+rootLogger.appenderRef.console.ref = console
diff --git a/roles/odfees/templates/securityconfig/config.yml.j2 b/roles/odfees/templates/securityconfig/config.yml.j2
index 49368676333bb6153b32e988dcd9bd60764426b2..26e77a4fa806fe68767015fc40ad620117985ac5 100644
--- a/roles/odfees/templates/securityconfig/config.yml.j2
+++ b/roles/odfees/templates/securityconfig/config.yml.j2
@@ -116,7 +116,7 @@ config:
config:
subject_key: {{openid_subjkey}}
roles_key: roles
- openid_connect_url: https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration
+ openid_connect_url: https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration
enable_ssl: true
verify_hostnames: false
pemtrustedcas_filepath: "/usr/share/elasticsearch/config/{{ca_cn}}.crt"
diff --git a/roles/odfekibana/files/Arne Oslebo.p12 b/roles/odfekibana/files/Arne Oslebo.p12
new file mode 100644
index 0000000000000000000000000000000000000000..273c8018b7bed8f691d9e9c24f5fa9d6425a0e79
Binary files /dev/null and b/roles/odfekibana/files/Arne Oslebo.p12 differ
diff --git a/roles/odfekibana/files/Bozidar Proevski.p12 b/roles/odfekibana/files/Bozidar Proevski.p12
new file mode 100644
index 0000000000000000000000000000000000000000..24010a64063a960d554cd4e895e17b9e2e62362a
Binary files /dev/null and b/roles/odfekibana/files/Bozidar Proevski.p12 differ
diff --git a/roles/odfekibana/files/SOCTOOLS-CA.crt b/roles/odfekibana/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/odfekibana/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/odfekibana/files/cacerts.jks b/roles/odfekibana/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
Binary files /dev/null and b/roles/odfekibana/files/cacerts.jks differ
diff --git a/roles/odfekibana/files/dsoclab-kibana.crt b/roles/odfekibana/files/dsoclab-kibana.crt
new file mode 100644
index 0000000000000000000000000000000000000000..f47839f66eda87805afce110cf5d0c2e136e8abe
--- /dev/null
+++ b/roles/odfekibana/files/dsoclab-kibana.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 7d:fc:33:45:75:73:e8:f1:60:94:a7:4e:6b:2f:23:f1
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:27 2020 GMT
+ Not After : Oct 15 10:47:27 2023 GMT
+ Subject: CN=dsoclab-kibana
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ce:4f:c9:0f:84:4d:4e:7b:dc:11:90:c9:49:a8:
+ f3:60:44:a8:25:1b:59:83:64:0b:d1:e0:bc:59:50:
+ 22:a5:f5:88:7a:c8:40:65:e4:22:3d:77:d2:8f:9e:
+ 30:17:80:5e:20:85:bc:70:67:61:cb:d8:e2:9f:9a:
+ 7c:7b:a6:e8:4e:79:7b:cd:86:6e:26:52:37:45:b6:
+ ab:b7:6f:40:8f:7a:55:8b:d1:91:cc:21:6f:55:37:
+ 50:3b:72:1f:2d:3b:bf:75:47:91:88:6a:1c:ea:39:
+ dd:8b:25:31:55:0e:bc:52:6f:bf:0b:96:ef:e3:12:
+ 5c:da:63:22:54:e5:b3:95:8b:02:9e:57:3e:7b:4f:
+ a0:f5:6f:07:a8:5b:45:7c:cb:34:83:77:34:a5:b1:
+ ff:05:12:88:8f:cc:c4:05:5d:e9:e7:7d:2b:12:fa:
+ bb:4d:25:f4:f7:04:e7:95:06:95:ea:a9:c4:75:4e:
+ f7:03:67:2d:9c:9a:f4:01:f6:2a:8d:6c:6d:d0:59:
+ a9:ce:1f:12:b1:76:39:c8:07:d4:20:73:1e:f3:9c:
+ b9:67:83:3b:a8:7c:6e:fb:86:ea:3f:6a:8e:98:4c:
+ 39:a9:d1:4d:be:9f:0a:43:49:1b:fd:09:67:b6:62:
+ 71:fd:87:9a:63:25:00:aa:c7:a1:4d:23:12:e3:56:
+ 0f:6f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 50:F3:7D:4F:B2:8C:A5:09:FD:64:CB:C1:97:F1:F8:49:C8:6B:30:4D
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-kibana, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ ae:be:82:6f:6d:e6:c4:cb:c3:2a:d9:d6:ee:11:52:a6:de:89:
+ 9e:31:a3:e2:86:07:e9:d1:fe:95:c9:a2:38:90:df:05:ff:e5:
+ 99:27:e8:d8:55:00:8a:85:b3:15:a5:e5:5b:ce:4e:4f:01:3b:
+ 74:a4:b2:09:fc:6e:95:92:94:2f:76:0d:c7:97:1b:78:c1:08:
+ 1e:3a:0e:fa:a6:ab:db:1e:22:26:86:39:f4:bb:89:a1:a1:d1:
+ 55:f6:c3:ff:9b:a5:eb:1b:6a:84:8a:1d:3c:5f:7c:03:0d:08:
+ 42:6f:d7:14:86:61:38:66:65:f7:c2:86:68:db:81:e9:41:0f:
+ 82:cf:bb:be:fd:d7:94:48:cc:f8:cf:4a:40:ce:33:c4:75:51:
+ 00:7e:c7:93:f6:3b:92:c1:5e:8a:ce:5f:2c:c2:f4:fe:ec:77:
+ 9e:ea:30:d9:53:ee:f9:b9:fd:50:f5:6b:92:1c:57:d2:e0:f3:
+ 05:d8:79:a9:63:16:13:09:cf:5f:39:dc:ec:43:e4:65:45:43:
+ 65:e4:7c:39:a3:a2:81:47:ab:8f:57:a9:89:9d:56:4b:77:b1:
+ 04:c8:9c:54:d2:5c:28:f5:d3:66:ae:9a:9c:a5:91:c7:eb:20:
+ 69:fb:58:99:c7:5e:be:ec:4a:7a:62:09:fe:3b:30:f2:4a:d7:
+ 1d:f9:0b:c3
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQffwzRXVz6PFglKdOay8j8TANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjdaFw0yMzEwMTUx
+MDQ3MjdaMBkxFzAVBgNVBAMMDmRzb2NsYWIta2liYW5hMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzk/JD4RNTnvcEZDJSajzYESoJRtZg2QL0eC8WVAi
+pfWIeshAZeQiPXfSj54wF4BeIIW8cGdhy9jin5p8e6boTnl7zYZuJlI3Rbart29A
+j3pVi9GRzCFvVTdQO3IfLTu/dUeRiGoc6jndiyUxVQ68Um+/C5bv4xJc2mMiVOWz
+lYsCnlc+e0+g9W8HqFtFfMs0g3c0pbH/BRKIj8zEBV3p530rEvq7TSX09wTnlQaV
+6qnEdU73A2ctnJr0AfYqjWxt0Fmpzh8SsXY5yAfUIHMe85y5Z4M7qHxu+4bqP2qO
+mEw5qdFNvp8KQ0kb/QlntmJx/YeaYyUAqsehTSMS41YPbwIDAQABo4HcMIHZMAkG
+A1UdEwQCMAAwHQYDVR0OBBYEFFDzfU+yjKUJ/WTLwZfx+EnIazBNMEYGA1UdIwQ/
+MD2AFHkGykDTn5pUrtMzTfI4PrYL8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09M
+Uy1DQYIJAIp0kyaAW0K3MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAL
+BgNVHQ8EBAMCBaAwOQYDVR0RBDIwMIIOZHNvY2xhYi1raWJhbmGCHmRzb2NsYWIu
+Z240LTMtd3A4LXNvYy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOCAQEArr6Cb23m
+xMvDKtnW7hFSpt6JnjGj4oYH6dH+lcmiOJDfBf/lmSfo2FUAioWzFaXlW85OTwE7
+dKSyCfxulZKUL3YNx5cbeMEIHjoO+qar2x4iJoY59LuJoaHRVfbD/5ul6xtqhIod
+PF98Aw0IQm/XFIZhOGZl98KGaNuB6UEPgs+7vv3XlEjM+M9KQM4zxHVRAH7Hk/Y7
+ksFeis5fLML0/ux3nuow2VPu+bn9UPVrkhxX0uDzBdh5qWMWEwnPXznc7EPkZUVD
+ZeR8OaOigUerj1epiZ1WS3exBMicVNJcKPXTZq6anKWRx+sgaftYmcdevuxKemIJ
+/jsw8krXHfkLww==
+-----END CERTIFICATE-----
diff --git a/roles/odfekibana/files/dsoclab-kibana.key b/roles/odfekibana/files/dsoclab-kibana.key
new file mode 100644
index 0000000000000000000000000000000000000000..9eec2e4fa77aee5162699b82640aad24869304a8
--- /dev/null
+++ b/roles/odfekibana/files/dsoclab-kibana.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDOT8kPhE1Oe9wR
+kMlJqPNgRKglG1mDZAvR4LxZUCKl9Yh6yEBl5CI9d9KPnjAXgF4ghbxwZ2HL2OKf
+mnx7puhOeXvNhm4mUjdFtqu3b0CPelWL0ZHMIW9VN1A7ch8tO791R5GIahzqOd2L
+JTFVDrxSb78Llu/jElzaYyJU5bOViwKeVz57T6D1bweoW0V8yzSDdzSlsf8FEoiP
+zMQFXennfSsS+rtNJfT3BOeVBpXqqcR1TvcDZy2cmvQB9iqNbG3QWanOHxKxdjnI
+B9Qgcx7znLlngzuofG77huo/ao6YTDmp0U2+nwpDSRv9CWe2YnH9h5pjJQCqx6FN
+IxLjVg9vAgMBAAECggEBAKJC7gdeLs8Da1oFXcqpLoEQfo5wrD5CeWlgL8Ku3BFa
+wzSOOtfoTWW6z8hUyc4yD9XUWRiutqP0uIh+oFlANIVD1rMWf5t0HjSeLv/eaBBw
+Tsfg06KQyVdkYZ3fa9XPoA1FdJitnIA7cpr1bY9QP502djNPSux0jMLWJTJQVqXN
+fXykLoIvB8xIPWbJAJMgF75turJMFT3wGN+qjCzbsZqIHmqp4eaKoH4Mz+Y6SJcA
+uSzCdGKVPxHUVZbtkXn5GZXFx5YQ0wwRHJRWQ6Fn49HtKc5vBc7PN8fG18+s3DA2
+BR7MLgIaHGBKsnJgcOOZQiRCQP/uBBEIxIF0qU3h5UECgYEA6aiUvvBNcShCRaaH
+Wf5GpYTT1ANNv5+3sCTy4KKt3yCxyyn5ENEFL1i8w6/LffGIAsoLnoEcxWV/fhLy
+ZH5FzIYxlR/w2rddUyOXENx/9CWw/IhL91U9525JCJ0B0TBkZ9842ORX7kcI8+0g
+4oaC5bDYTZotAto4ftNIzmfznesCgYEA4gnREIl4nv9v28x5aUS+HhSpsH9kkVrr
+FQ0amCJSHu4U9J39MXS3Fju3rlmZG59J9ymEQ4tr0Hq3S+tsTy4hP5d67/KtoxKr
+3smyKduX6gfOmEy3TjCSc+OMebM7lX0crX2+0JCm355yDC8fxdAGxpmqYvwmVw9Q
+NbIb2mHR/40CgYEAjshlnQhbSnq/hLBupZ+srBivGS+rox2Gsizh/kNq3J6uBuhv
+Osd/0572Ot6CC0Q9SPcOgp2DZ1zOu8v4M1C2dnTKd8Y8+Gp0rQlilvsndZpSvP7M
+7Sc53OKX3puTMLHRqWfO5TskQIdIAUc2gTaRZqragxFj0App25ZhN0BurmECgYEA
+uM8L5vhu7ZitjUk17zKsOo3sW4kc4ZczY4fOOZq+B9niukm+LMRfuUbkHCHXg/UN
+lY6VPGBuqwraeLEoYei2eHbSpgKFozHt4f6Is55+K3Nsn6sBqGUgKK5gOVSon8Wm
+P9byvzW1qlmyp3GUCbjXAWO8IqhEdKPpka1pBnk6KDUCgYAhGqRGJ7NG4+Wz/0/5
+Z/IQeEsLO4lB7EuIADn9udmrYgYqv7sHDzhIUOviJPRgf2ag68LEXXZsC029famu
+/wbhD6pw1yq0QKGDcgH/LzHL9+74TqRlT7drPyOFPqOGPKtc88wL/aXRC90n7dsT
+jFEbunnLOfUUjgxXiJpNU0FtjQ==
+-----END PRIVATE KEY-----
diff --git a/roles/odfekibana/files/dsoclab-kibana.p12 b/roles/odfekibana/files/dsoclab-kibana.p12
new file mode 100644
index 0000000000000000000000000000000000000000..f9e8737d615ab77c25857cf3b3c8eb2d77f03104
Binary files /dev/null and b/roles/odfekibana/files/dsoclab-kibana.p12 differ
diff --git a/roles/odfekibana/files/kibana_graphs.ndjson b/roles/odfekibana/files/kibana_graphs.ndjson
index f6e604f541a023d488df4f3f76e97d4342d72476..086e784c413a2ff1ad657f886be9030d158a6735 100644
--- a/roles/odfekibana/files/kibana_graphs.ndjson
+++ b/roles/odfekibana/files/kibana_graphs.ndjson
@@ -1,62 +1,11 @@
-{"attributes":{"buildNum":26506,"defaultIndex":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b"},"id":"7.4.2","references":[],"type":"config","updated_at":"2020-12-20T14:02:51.577Z","version":"WzM0LDRd"}
-{"attributes":{"fields":"[{\"name\":\"TLP\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"TLP.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"TLP\",\"subType\":\"multi\"},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"destination.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination.ip\",\"subType\":\"multi\"},{\"name\":\"destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination/ip_geo_city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination/ip_geo_city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination/ip_geo_city\",\"subType\":\"multi\"},{\"name\":\"destination/ip_geo_country\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination/ip_geo_country.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination/ip_geo_country\",\"subType\":\"multi\"},{\"name\":\"destination/ip_geo_country_iso\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination/ip_geo_country_iso.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination/ip_geo_country_iso\",\"subType\":\"multi\"},{\"name\":\"destination/ip_geo_lat\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination/ip_geo_lat.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination/ip_geo_lat\",\"subType\":\"multi\"},{\"name\":\"destination/ip_geo_lon\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination/ip_geo_lon.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination/ip_geo_lon\",\"subType\":\"multi\"},{\"name\":\"destination/ip_ipreg_comment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination/ip_ipreg_comment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination/ip_ipreg_comment\",\"subType\":\"multi\"},{\"name\":\"destination/ip_ipreg_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination/ip_ipreg_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination/ip_ipreg_domain\",\"subType\":\"multi\"},{\"name\":\"destination/ip_ipreg_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination/ip_ipreg_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"destination/ip_ipreg_name\",\"subType\":\"multi\"},{\"name\":\"event_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"event_type\",\"subType\":\"multi\"},{\"name\":\"flow_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_iface\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_iface.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"in_iface\",\"subType\":\"multi\"},{\"name\":\"proto\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proto.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"proto\",\"subType\":\"multi\"},{\"name\":\"source.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source.ip\",\"subType\":\"multi\"},{\"name\":\"source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source/ip_geo_city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source/ip_geo_city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source/ip_geo_city\",\"subType\":\"multi\"},{\"name\":\"source/ip_geo_country\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source/ip_geo_country.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source/ip_geo_country\",\"subType\":\"multi\"},{\"name\":\"source/ip_geo_country_iso\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source/ip_geo_country_iso.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source/ip_geo_country_iso\",\"subType\":\"multi\"},{\"name\":\"source/ip_geo_lat\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source/ip_geo_lat.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source/ip_geo_lat\",\"subType\":\"multi\"},{\"name\":\"source/ip_geo_lon\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source/ip_geo_lon.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source/ip_geo_lon\",\"subType\":\"multi\"},{\"name\":\"source/ip_ipreg_comment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source/ip_ipreg_comment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source/ip_ipreg_comment\",\"subType\":\"multi\"},{\"name\":\"source/ip_ipreg_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source/ip_ipreg_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source/ip_ipreg_domain\",\"subType\":\"multi\"},{\"name\":\"source/ip_ipreg_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source/ip_ipreg_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source/ip_ipreg_name\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.ja3.hash\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.ja3.hash.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"tls.ja3.hash\",\"subType\":\"multi\"},{\"name\":\"tls.ja3.string\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.ja3.string.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"tls.ja3.string\",\"subType\":\"multi\"},{\"name\":\"tls.sni\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.sni.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"tls.sni\",\"subType\":\"multi\"},{\"name\":\"tls.sni_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.sni_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"tls.sni_domain\",\"subType\":\"multi\"},{\"name\":\"tls.sni_domain_alexa\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.sni_domain_alexa.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"tls.sni_domain_alexa\",\"subType\":\"multi\"},{\"name\":\"tls.sni_umbrella\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.sni_umbrella.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"tls.sni_umbrella\",\"subType\":\"multi\"},{\"name\":\"tls.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"tls.version\",\"subType\":\"multi\"}]","timeFieldName":"timestamp","title":"logs-suricata-tls-*"},"id":"74bb7bb0-430a-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-21T10:26:54.470Z","version":"Wzk4LDRd"}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata TLS - Histogram","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Suricata TLS - Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-12-20T08:53:14.254Z\",\"max\":\"2020-12-21T08:53:14.254Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"080a28d0-436a-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"74bb7bb0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T10:31:45.324Z","version":"WzExMCw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata TLS - Top source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata TLS - Top source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP addr\"}}]}"},"id":"649dd8c0-436b-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"74bb7bb0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T09:18:57.076Z","version":"WzgwLDRd"}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata TLS - Top destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata TLS - Top destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dest. IP addr\"}}]}"},"id":"e95d6ae0-436a-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"74bb7bb0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T09:19:11.119Z","version":"WzgxLDRd"}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata TLS - Top SNI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata TLS - Top SNI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.sni.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SNI\"}}]}"},"id":"fbeb5370-436a-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"74bb7bb0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T10:30:58.208Z","version":"WzEwNyw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata TLS - Top destination ports","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata TLS - Top destination ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dest. port\"}}]}"},"id":"d5917220-436c-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"74bb7bb0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T10:31:21.254Z","version":"WzEwOCw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata TLS - TLS version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Suricata TLS - TLS version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"f99b0560-436b-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"74bb7bb0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T10:28:59.999Z","version":"WzEwMyw0XQ=="}
-{"attributes":{"columns":["in_iface","source.ip","destination.ip","destination.port","tls.version","tls.sni","tls.sni_domain_alexa","tls.sni_umbrella"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Suricata TLS logs","version":1},"id":"2fb21020-4377-11eb-b75a-bbebe0b50e97","migrationVersion":{"search":"7.4.0"},"references":[{"id":"74bb7bb0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-21T10:27:54.529Z","version":"Wzk5LDRd"}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":9,\"i\":\"bf273f44-b0c6-4a76-85ae-271bace06b5c\"},\"panelIndex\":\"bf273f44-b0c6-4a76-85ae-271bace06b5c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":15,\"i\":\"f3f513d2-c57c-402d-a7eb-9335533b9cee\"},\"panelIndex\":\"f3f513d2-c57c-402d-a7eb-9335533b9cee\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":10,\"y\":9,\"w\":11,\"h\":15,\"i\":\"280a69a1-470e-455f-a2af-e0f67a5b6899\"},\"panelIndex\":\"280a69a1-470e-455f-a2af-e0f67a5b6899\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":21,\"y\":9,\"w\":17,\"h\":15,\"i\":\"e2966d9f-3a5f-40c6-8046-921ca11dca36\"},\"panelIndex\":\"e2966d9f-3a5f-40c6-8046-921ca11dca36\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":38,\"y\":9,\"w\":10,\"h\":8,\"i\":\"8b66f551-7eea-46fd-a693-83291441986a\"},\"panelIndex\":\"8b66f551-7eea-46fd-a693-83291441986a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":38,\"y\":17,\"w\":10,\"h\":7,\"i\":\"91965e77-41d0-4046-b51b-acf16494b52c\"},\"panelIndex\":\"91965e77-41d0-4046-b51b-acf16494b52c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":24,\"w\":48,\"h\":22,\"i\":\"66a787fc-5c09-4a60-b878-5d453d6d5738\"},\"panelIndex\":\"66a787fc-5c09-4a60-b878-5d453d6d5738\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Suricata TLS","version":1},"id":"2d8baeb0-436c-11eb-b75a-bbebe0b50e97","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"080a28d0-436a-11eb-b75a-bbebe0b50e97","name":"panel_0","type":"visualization"},{"id":"649dd8c0-436b-11eb-b75a-bbebe0b50e97","name":"panel_1","type":"visualization"},{"id":"e95d6ae0-436a-11eb-b75a-bbebe0b50e97","name":"panel_2","type":"visualization"},{"id":"fbeb5370-436a-11eb-b75a-bbebe0b50e97","name":"panel_3","type":"visualization"},{"id":"d5917220-436c-11eb-b75a-bbebe0b50e97","name":"panel_4","type":"visualization"},{"id":"f99b0560-436b-11eb-b75a-bbebe0b50e97","name":"panel_5","type":"visualization"},{"id":"2fb21020-4377-11eb-b75a-bbebe0b50e97","name":"panel_6","type":"search"}],"type":"dashboard","updated_at":"2020-12-21T10:30:30.675Z","version":"WzEwNSw0XQ=="}
-{"attributes":{"fieldFormatMap":"{\"ip_dst_addr_misp_url\":{\"id\":\"url\"}}","fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"alert.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"alert.action\",\"subType\":\"multi\"},{\"name\":\"alert.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"alert.category\",\"subType\":\"multi\"},{\"name\":\"alert.gid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.rev\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.signature\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.signature.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"alert.signature\",\"subType\":\"multi\"},{\"name\":\"alert.signature_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"event_type\",\"subType\":\"multi\"},{\"name\":\"flow.bytes_toclient\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bytes_toserver\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.pkts_toclient\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.pkts_toserver\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"host\",\"subType\":\"multi\"},{\"name\":\"host_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"host_domain\",\"subType\":\"multi\"},{\"name\":\"host_domain_freq1\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_domain_freq2\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_iface\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_iface.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"in_iface\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr_geo.geo.accuracy\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_dst_addr_geo.geo.city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr_geo.geo.city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr_geo.geo.city\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr_geo.geo.country.isoCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr_geo.geo.country.isoCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr_geo.geo.country.isoCode\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr_geo.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr_geo.geo.country.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr_geo.geo.country.name\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr_geo.geo.latitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_dst_addr_geo.geo.longitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_dst_addr_misp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr_misp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr_misp\",\"subType\":\"multi\"},{\"name\":\"ip_dst_port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_src_addr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo.geo.accuracy\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_src_addr_geo.geo.city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo.geo.city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo.geo.city\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo.geo.country.isoCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo.geo.country.isoCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo.geo.country.isoCode\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo.geo.country.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo.geo.country.name\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo.geo.latitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_src_addr_geo.geo.longitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_src_port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"payload\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"payload.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"payload\",\"subType\":\"multi\"},{\"name\":\"payload_printable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"payload_printable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"payload_printable\",\"subType\":\"multi\"},{\"name\":\"proto\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proto.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"proto\",\"subType\":\"multi\"},{\"name\":\"stream\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vlan\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"timestamp","title":"logs-suricata-alert-*"},"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-20T21:20:28.734Z","version":"WzM1LDRd"}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata Alerts Histogram","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Suricata Alerts Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"71a37750-0b7c-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-20T14:01:02.393Z","version":"WzIzLDRd"}
-{"attributes":{"columns":["alert.signature_id","alert.signature","ip_src_addr","ip_dst_addr"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Suricata Alerts","version":1},"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"search":"7.4.0"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-20T14:01:02.393Z","version":"WzI0LDRd"}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top signatures","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata alerts - top signatures\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature.keyword\",\"order\":\"desc\",\"size\":10,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"}}]}"},"id":"d7d96e70-0b7d-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-12-20T14:01:02.393Z","version":"WzI1LDRd"}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top ip_dst_addr ","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata alerts - top ip_dst_addr \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"cardinality\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"alert.signature_id\",\"customLabel\":\"Unique\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip_dst_addr.keyword\",\"order\":\"desc\",\"size\":10,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dst IP\"}}]}"},"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-12-20T14:01:02.393Z","version":"WzI2LDRd"}
-{"attributes":{"columns":["ip_dst_addr_misp","ip_dst_addr","alert.signature","ip_dst_addr_misp_url"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"ip_dst_addr_misp>0\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Suricata Alerts Misp","version":1},"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"search":"7.4.0"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-20T14:01:02.393Z","version":"WzI3LDRd"}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Dst IP in misp","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Dst IP in misp\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip_dst_addr.keyword\",\"order\":\"desc\",\"size\":5,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"}}]}"},"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-12-20T14:01:02.393Z","version":"WzI4LDRd"}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata alerts - the Hive","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Suricata alerts - the Hive\",\"type\":\"thehive_button\",\"params\":{\"url\":\"https://hive.soctools.geant.org/\",\"apikey\":\"ebMZixrFT+4qeWDf0iW3D5qFr/GbwA4j\",\"owner\":\"odfe\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"ip_src_addr.keyword\",\"order\":\"desc\",\"size\":20,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"48992900-62d3-11ea-aaa3-bb2f31340783","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-20T14:01:02.393Z","version":"WzI5LDRd"}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":7,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":16,\"w\":48,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":7,\"w\":15,\"h\":9,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":15,\"y\":7,\"w\":9,\"h\":9,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":24,\"y\":7,\"w\":11,\"h\":9,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":39,\"y\":7,\"w\":9,\"h\":4,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"Suricata Alerts","version":1},"id":"368ddb80-0b7f-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"71a37750-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_0","type":"visualization"},{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_1","type":"search"},{"id":"d7d96e70-0b7d-11ea-bc07-2bc38b4c4b9b","name":"panel_2","type":"visualization"},{"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","name":"panel_3","type":"visualization"},{"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","name":"panel_4","type":"visualization"},{"id":"48992900-62d3-11ea-aaa3-bb2f31340783","name":"panel_5","type":"visualization"}],"type":"dashboard","updated_at":"2020-12-21T21:58:35.823Z","version":"WzIxMSw0XQ=="}
-{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"class\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"class\",\"subType\":\"multi\"},{\"name\":\"level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"level\",\"subType\":\"multi\"},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"message\",\"subType\":\"multi\"},{\"name\":\"source_file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_file\",\"subType\":\"multi\"},{\"name\":\"source_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_host\",\"subType\":\"multi\"},{\"name\":\"stackTrace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"stackTrace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"stackTrace\",\"subType\":\"multi\"},{\"name\":\"thread\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"thread.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"thread\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"timestamp","title":"logs-nifi-*"},"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-21T10:42:10.466Z","version":"WzEyNiw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"NiFi Logs - Histogram","uiStateJSON":"{\"vis\":{\"colors\":{\"ERROR\":\"#BF1B00\",\"WARN\":\"#CCA300\",\"INFO\":\"#1F78C1\"}}}","version":1,"visState":"{\"title\":\"NiFi Logs - Histogram\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-12-20T10:47:07.185Z\",\"max\":\"2020-12-21T10:47:07.185Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"bottom\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"level.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"085d3790-437a-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T10:49:20.127Z","version":"WzEyOSw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"NiFi logs - Source host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NiFi logs - Source host\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source_host.keyword\",\"orderBy\":\"_key\",\"order\":\"asc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"3ad86f30-438b-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:53:41.198Z","version":"WzIwNCw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"NiFi logs - Level","uiStateJSON":"{\"vis\":{\"colors\":{\"ERROR\":\"#E24D42\",\"INFO\":\"#1F78C1\",\"WARN\":\"#CCA300\"}}}","version":1,"visState":"{\"title\":\"NiFi logs - Level\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"level.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"03184750-438b-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T12:49:49.637Z","version":"WzEzMyw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"NiFI logs - source files","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NiFI logs - source files\",\"type\":\"table\",\"params\":{\"perPage\":4,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_file.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source file\"}}]}"},"id":"e16c89f0-437a-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T10:54:21.199Z","version":"WzEzMiw0XQ=="}
-{"attributes":{"columns":["source_host","level","source_file","message"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"NiFi logs","version":1},"id":"53a1d270-4379-11eb-b75a-bbebe0b50e97","migrationVersion":{"search":"7.4.0"},"references":[{"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-21T10:43:13.810Z","version":"WzEyNyw0XQ=="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":11,\"i\":\"41579e7d-a833-4988-8e87-30e9934c9153\"},\"panelIndex\":\"41579e7d-a833-4988-8e87-30e9934c9153\",\"embeddableConfig\":{\"vis\":{\"colors\":{\"ERROR\":\"#E24D42\",\"WARN\":\"#CCA300\",\"INFO\":\"#1F78C1\"}}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":11,\"w\":12,\"h\":10,\"i\":\"26a9e301-ca86-4313-8321-e5b8b67fa097\"},\"panelIndex\":\"26a9e301-ca86-4313-8321-e5b8b67fa097\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":12,\"y\":11,\"w\":9,\"h\":10,\"i\":\"0d515b73-44ae-48f0-9fbe-c330d044544a\"},\"panelIndex\":\"0d515b73-44ae-48f0-9fbe-c330d044544a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":21,\"y\":11,\"w\":13,\"h\":10,\"i\":\"9cf35fdc-5e6b-4a9b-a1fd-88c379d343da\"},\"panelIndex\":\"9cf35fdc-5e6b-4a9b-a1fd-88c379d343da\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":21,\"w\":48,\"h\":22,\"i\":\"e52833e0-30de-4451-80db-22c74ec92fcb\"},\"panelIndex\":\"e52833e0-30de-4451-80db-22c74ec92fcb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"NiFi logs","version":1},"id":"4b6ae5a0-437a-11eb-b75a-bbebe0b50e97","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"085d3790-437a-11eb-b75a-bbebe0b50e97","name":"panel_0","type":"visualization"},{"id":"3ad86f30-438b-11eb-b75a-bbebe0b50e97","name":"panel_1","type":"visualization"},{"id":"03184750-438b-11eb-b75a-bbebe0b50e97","name":"panel_2","type":"visualization"},{"id":"e16c89f0-437a-11eb-b75a-bbebe0b50e97","name":"panel_3","type":"visualization"},{"id":"53a1d270-4379-11eb-b75a-bbebe0b50e97","name":"panel_4","type":"search"}],"type":"dashboard","updated_at":"2020-12-21T12:53:06.300Z","version":"WzEzNiw0XQ=="}
-{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.ephemeral_id\",\"subType\":\"multi\"},{\"name\":\"agent.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.hostname\",\"subType\":\"multi\"},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.id\",\"subType\":\"multi\"},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.name\",\"subType\":\"multi\"},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.type\",\"subType\":\"multi\"},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.version\",\"subType\":\"multi\"},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ecs.version\",\"subType\":\"multi\"},{\"name\":\"error.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"error.message\",\"subType\":\"multi\"},{\"name\":\"error.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"error.name\",\"subType\":\"multi\"},{\"name\":\"error.stack\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.stack.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"error.stack\",\"subType\":\"multi\"},{\"name\":\"fields.log_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fields.log_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"fields.log_type\",\"subType\":\"multi\"},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"host.name\",\"subType\":\"multi\"},{\"name\":\"input.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"input.type\",\"subType\":\"multi\"},{\"name\":\"level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"level\",\"subType\":\"multi\"},{\"name\":\"log.file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"log.file.path\",\"subType\":\"multi\"},{\"name\":\"log.offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"message\",\"subType\":\"multi\"},{\"name\":\"metadata.beat\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.beat.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.beat\",\"subType\":\"multi\"},{\"name\":\"metadata.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.type\",\"subType\":\"multi\"},{\"name\":\"metadata.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.version\",\"subType\":\"multi\"},{\"name\":\"method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"method\",\"subType\":\"multi\"},{\"name\":\"pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prevMsg\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prevMsg.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"prevMsg\",\"subType\":\"multi\"},{\"name\":\"prevState\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prevState.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"prevState\",\"subType\":\"multi\"},{\"name\":\"req.headers.accept\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.accept-encoding\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.accept-encoding.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.accept-encoding\",\"subType\":\"multi\"},{\"name\":\"req.headers.accept-language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.accept-language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.accept-language\",\"subType\":\"multi\"},{\"name\":\"req.headers.accept.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.accept\",\"subType\":\"multi\"},{\"name\":\"req.headers.cache-control\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.cache-control.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.cache-control\",\"subType\":\"multi\"},{\"name\":\"req.headers.connection\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.connection.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.connection\",\"subType\":\"multi\"},{\"name\":\"req.headers.content-length\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.content-length.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.content-length\",\"subType\":\"multi\"},{\"name\":\"req.headers.content-type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.content-type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.content-type\",\"subType\":\"multi\"},{\"name\":\"req.headers.host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.host\",\"subType\":\"multi\"},{\"name\":\"req.headers.if-none-match\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.if-none-match.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.if-none-match\",\"subType\":\"multi\"},{\"name\":\"req.headers.kbn-version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.kbn-version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.kbn-version\",\"subType\":\"multi\"},{\"name\":\"req.headers.origin\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.origin.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.origin\",\"subType\":\"multi\"},{\"name\":\"req.headers.referer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.referer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.referer\",\"subType\":\"multi\"},{\"name\":\"req.headers.upgrade-insecure-requests\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.upgrade-insecure-requests.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.upgrade-insecure-requests\",\"subType\":\"multi\"},{\"name\":\"req.headers.user-agent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.headers.user-agent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.headers.user-agent\",\"subType\":\"multi\"},{\"name\":\"req.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.method\",\"subType\":\"multi\"},{\"name\":\"req.referer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.referer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.referer\",\"subType\":\"multi\"},{\"name\":\"req.remoteAddress\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.remoteAddress.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.remoteAddress\",\"subType\":\"multi\"},{\"name\":\"req.url\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.url.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.url\",\"subType\":\"multi\"},{\"name\":\"req.userAgent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"req.userAgent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"req.userAgent\",\"subType\":\"multi\"},{\"name\":\"res.contentLength\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"res.responseTime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"res.statusCode\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"state\",\"subType\":\"multi\"},{\"name\":\"statusCode\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"tags\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"type\",\"subType\":\"multi\"}]","timeFieldName":"timestamp","title":"logs-kibana-*"},"id":"55426280-430a-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-21T16:15:49.869Z","version":"WzE0Nyw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Kibana logs - Histogram","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kibana logs - Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"84735610-43a8-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"55426280-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T16:21:02.064Z","version":"WzE0OCw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Kibana logs - Top IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kibana logs - Top IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"req.remoteAddress.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Remote address\"}}]}"},"id":"22b8f4d0-43cf-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"55426280-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T20:57:28.477Z","version":"WzE1Niw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Kibana logs - Response time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Kibana logs - Response time\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{\"interval\":100},\"aggType\":\"histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]},\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":50,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"orderBucketsBySum\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"res.responseTime\",\"interval\":50,\"min_doc_count\":false,\"has_extended_bounds\":false,\"extended_bounds\":{\"max\":\"\",\"min\":\"\"},\"customLabel\":\"Response time [ms]\"}}]}"},"id":"90d03420-43ce-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"55426280-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T20:53:23.681Z","version":"WzE1NSw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Kibana logs - Status codes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kibana logs - Status codes\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"res.statusCode\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status code\"}}]}"},"id":"8f67bff0-43cd-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"55426280-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T20:46:11.822Z","version":"WzE1NCw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Kibana logs - Top URLs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kibana logs - Top URLs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"req.url.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Requested URL\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"req.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"id":"d921f4a0-43a8-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"55426280-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T20:43:48.516Z","version":"WzE1Myw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Kibana logs - Top User-Agents","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kibana logs - Top User-Agents\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"req.headers.user-agent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User-Agent\"}}]}"},"id":"baef0cb0-43cc-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"55426280-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T20:40:15.354Z","version":"WzE1MSw0XQ=="}
-{"attributes":{"columns":["method","req.url","res.statusCode","req.remoteAddress","req.headers.user-agent"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Kibana logs","version":1},"id":"8f07c570-43a8-11eb-b75a-bbebe0b50e97","migrationVersion":{"search":"7.4.0"},"references":[{"id":"55426280-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-21T16:21:19.815Z","version":"WzE0OSw0XQ=="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":8,\"i\":\"04285b5f-cd0f-4514-857c-0392c04dd759\"},\"panelIndex\":\"04285b5f-cd0f-4514-857c-0392c04dd759\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":8,\"w\":11,\"h\":12,\"i\":\"d6cba6b1-29d2-41bf-862b-85094bc155db\"},\"panelIndex\":\"d6cba6b1-29d2-41bf-862b-85094bc155db\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":11,\"y\":8,\"w\":23,\"h\":12,\"i\":\"2f0b8c11-89a2-4faa-bf5f-201803edae1d\"},\"panelIndex\":\"2f0b8c11-89a2-4faa-bf5f-201803edae1d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":34,\"y\":8,\"w\":14,\"h\":12,\"i\":\"99a7d5fc-d91f-4202-8c7e-48bfbf515084\"},\"panelIndex\":\"99a7d5fc-d91f-4202-8c7e-48bfbf515084\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":20,\"w\":28,\"h\":15,\"i\":\"7c98c844-9efd-4289-94b0-83101b21ee9b\"},\"panelIndex\":\"7c98c844-9efd-4289-94b0-83101b21ee9b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":28,\"y\":20,\"w\":20,\"h\":15,\"i\":\"08ce3890-961f-408f-9e2b-f9f028415e07\"},\"panelIndex\":\"08ce3890-961f-408f-9e2b-f9f028415e07\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":21,\"i\":\"0b4b31f9-53d5-4212-aedc-a261ee4be5e8\"},\"panelIndex\":\"0b4b31f9-53d5-4212-aedc-a261ee4be5e8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Kibana logs","version":1},"id":"6e0402e0-43cf-11eb-b75a-bbebe0b50e97","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"84735610-43a8-11eb-b75a-bbebe0b50e97","name":"panel_0","type":"visualization"},{"id":"22b8f4d0-43cf-11eb-b75a-bbebe0b50e97","name":"panel_1","type":"visualization"},{"id":"90d03420-43ce-11eb-b75a-bbebe0b50e97","name":"panel_2","type":"visualization"},{"id":"8f67bff0-43cd-11eb-b75a-bbebe0b50e97","name":"panel_3","type":"visualization"},{"id":"d921f4a0-43a8-11eb-b75a-bbebe0b50e97","name":"panel_4","type":"visualization"},{"id":"baef0cb0-43cc-11eb-b75a-bbebe0b50e97","name":"panel_5","type":"visualization"},{"id":"8f07c570-43a8-11eb-b75a-bbebe0b50e97","name":"panel_6","type":"search"}],"type":"dashboard","updated_at":"2020-12-21T20:59:34.797Z","version":"WzE1Nyw0XQ=="}
-{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.ephemeral_id\",\"subType\":\"multi\"},{\"name\":\"agent.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.hostname\",\"subType\":\"multi\"},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.id\",\"subType\":\"multi\"},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.name\",\"subType\":\"multi\"},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.type\",\"subType\":\"multi\"},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.version\",\"subType\":\"multi\"},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ecs.version\",\"subType\":\"multi\"},{\"name\":\"event.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fields.log_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fields.log_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"fields.log_type\",\"subType\":\"multi\"},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"host.name\",\"subType\":\"multi\"},{\"name\":\"input.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"input.type\",\"subType\":\"multi\"},{\"name\":\"log.file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"log.file.path\",\"subType\":\"multi\"},{\"name\":\"log.offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.source.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.source.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"log.source.address\",\"subType\":\"multi\"},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"message\",\"subType\":\"multi\"},{\"name\":\"metadata.beat\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.beat.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.beat\",\"subType\":\"multi\"},{\"name\":\"metadata.truncated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"metadata.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.type\",\"subType\":\"multi\"},{\"name\":\"metadata.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.version\",\"subType\":\"multi\"},{\"name\":\"syslog.facility\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog.facility_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.facility_label.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"syslog.facility_label\",\"subType\":\"multi\"},{\"name\":\"syslog.priority\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog.severity_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.severity_label.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"syslog.severity_label\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"timestamp","title":"logs-filebeat-unknown-*"},"id":"b8cf4490-4309-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-21T21:44:27.290Z","version":"WzE5Myw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Other logs - Histogram","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Other logs - Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT3H\",\"format\":\"YYYY-MM-DD HH:mm\",\"bounds\":{\"min\":\"2020-12-14T21:46:19.383Z\",\"max\":\"2020-12-21T21:46:19.383Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"fields.log_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"timeRange\":{\"from\":\"now-7d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"f4775b50-43d5-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"b8cf4490-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:46:26.845Z","version":"WzE5Nyw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Other logs - Host name","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Other logs - Host name\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"3579d010-43d6-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"b8cf4490-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:48:06.416Z","version":"WzE5OSw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Other logs - Log type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Other logs - Log type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"fields.log_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"1fe05530-43d6-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"b8cf4490-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:47:30.178Z","version":"WzE5OCw0XQ=="}
-{"attributes":{"columns":["fields.log_type","message"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Filebeat unknown logs","version":1},"id":"bfaaf800-43d5-11eb-b75a-bbebe0b50e97","migrationVersion":{"search":"7.4.0"},"references":[{"id":"b8cf4490-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-21T21:44:48.767Z","version":"WzE5NCw0XQ=="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":9,\"i\":\"bf3a414b-96f0-4090-b163-43664f901493\"},\"panelIndex\":\"bf3a414b-96f0-4090-b163-43664f901493\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":15,\"h\":9,\"i\":\"d6977944-5a19-48b6-8829-2e50838363e7\"},\"panelIndex\":\"d6977944-5a19-48b6-8829-2e50838363e7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":15,\"y\":9,\"w\":15,\"h\":9,\"i\":\"4cc8faa1-db1f-49e4-aaed-4e6010ff066b\"},\"panelIndex\":\"4cc8faa1-db1f-49e4-aaed-4e6010ff066b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":18,\"w\":48,\"h\":21,\"i\":\"09bccade-e7cc-455e-b5e7-af2403262ba6\"},\"panelIndex\":\"09bccade-e7cc-455e-b5e7-af2403262ba6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]","timeRestore":false,"title":"Other logs","version":1},"id":"7104bb90-43d6-11eb-b75a-bbebe0b50e97","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"f4775b50-43d5-11eb-b75a-bbebe0b50e97","name":"panel_0","type":"visualization"},{"id":"3579d010-43d6-11eb-b75a-bbebe0b50e97","name":"panel_1","type":"visualization"},{"id":"1fe05530-43d6-11eb-b75a-bbebe0b50e97","name":"panel_2","type":"visualization"},{"id":"bfaaf800-43d5-11eb-b75a-bbebe0b50e97","name":"panel_3","type":"search"}],"type":"dashboard","updated_at":"2020-12-21T21:49:46.312Z","version":"WzIwMCw0XQ=="}
-{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.ephemeral_id\",\"subType\":\"multi\"},{\"name\":\"agent.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.hostname\",\"subType\":\"multi\"},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.id\",\"subType\":\"multi\"},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.name\",\"subType\":\"multi\"},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.type\",\"subType\":\"multi\"},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"agent.version\",\"subType\":\"multi\"},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ecs.version\",\"subType\":\"multi\"},{\"name\":\"error.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"error.message\",\"subType\":\"multi\"},{\"name\":\"error.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"error.type\",\"subType\":\"multi\"},{\"name\":\"fields.log_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fields.log_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"fields.log_type\",\"subType\":\"multi\"},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"host.name\",\"subType\":\"multi\"},{\"name\":\"hostName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"hostName\",\"subType\":\"multi\"},{\"name\":\"input.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"input.type\",\"subType\":\"multi\"},{\"name\":\"level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"level\",\"subType\":\"multi\"},{\"name\":\"log.file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"log.file.path\",\"subType\":\"multi\"},{\"name\":\"log.offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"loggerClassName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"loggerClassName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"loggerClassName\",\"subType\":\"multi\"},{\"name\":\"loggerName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"loggerName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"loggerName\",\"subType\":\"multi\"},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"message\",\"subType\":\"multi\"},{\"name\":\"metadata.beat\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.beat.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.beat\",\"subType\":\"multi\"},{\"name\":\"metadata.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.type\",\"subType\":\"multi\"},{\"name\":\"metadata.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"metadata.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"metadata.version\",\"subType\":\"multi\"},{\"name\":\"ndc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ndc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ndc\",\"subType\":\"multi\"},{\"name\":\"processId\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"processName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"processName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"processName\",\"subType\":\"multi\"},{\"name\":\"sequence\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sourceClassName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sourceClassName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"sourceClassName\",\"subType\":\"multi\"},{\"name\":\"sourceFileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sourceFileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"sourceFileName\",\"subType\":\"multi\"},{\"name\":\"sourceLineNumber\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sourceMethodName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sourceMethodName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"sourceMethodName\",\"subType\":\"multi\"},{\"name\":\"sourceModuleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sourceModuleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"sourceModuleName\",\"subType\":\"multi\"},{\"name\":\"sourceModuleVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sourceModuleVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"sourceModuleVersion\",\"subType\":\"multi\"},{\"name\":\"threadId\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threadName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"threadName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"threadName\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"timestamp","title":"logs-keycloak-*"},"id":"b9a340f0-430a-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-21T21:01:56.865Z","version":"WzE2MCw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Keycloak logs - Histogram","uiStateJSON":"{\"vis\":{\"colors\":{\"INFO\":\"#1F78C1\"},\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"Keycloak logs - Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-12-20T21:05:22.930Z\",\"max\":\"2020-12-21T21:05:22.930Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"level.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"4b5e4560-43d0-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"b9a340f0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:05:46.166Z","version":"WzE2Miw0XQ=="}
-{"attributes":{"columns":["level","message"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Keycloak logs","version":1},"id":"14c6e610-43d0-11eb-b75a-bbebe0b50e97","migrationVersion":{"search":"7.4.0"},"references":[{"id":"b9a340f0-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-21T21:04:14.577Z","version":"WzE2MSw0XQ=="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":9,\"i\":\"f4adefb8-580f-47fa-a7b8-27be3af78eb1\"},\"panelIndex\":\"f4adefb8-580f-47fa-a7b8-27be3af78eb1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":48,\"h\":20,\"i\":\"2f33edae-d9c7-4eaa-8e4d-494db3b1cf73\"},\"panelIndex\":\"2f33edae-d9c7-4eaa-8e4d-494db3b1cf73\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Keycloak logs","version":1},"id":"717b80f0-43d0-11eb-b75a-bbebe0b50e97","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"4b5e4560-43d0-11eb-b75a-bbebe0b50e97","name":"panel_0","type":"visualization"},{"id":"14c6e610-43d0-11eb-b75a-bbebe0b50e97","name":"panel_1","type":"search"}],"type":"dashboard","updated_at":"2020-12-21T21:06:50.111Z","version":"WzE2Myw0XQ=="}
-{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"actconn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"actconn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"actconn\",\"subType\":\"multi\"},{\"name\":\"backend_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"backend_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"backend_name\",\"subType\":\"multi\"},{\"name\":\"backend_queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"backend_queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"backend_queue\",\"subType\":\"multi\"},{\"name\":\"beconn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beconn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"beconn\",\"subType\":\"multi\"},{\"name\":\"bytes_read\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"bytes_read.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"bytes_read\",\"subType\":\"multi\"},{\"name\":\"captured_request_cookie\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"captured_request_cookie.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"captured_request_cookie\",\"subType\":\"multi\"},{\"name\":\"captured_response_cookie\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"captured_response_cookie.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"captured_response_cookie\",\"subType\":\"multi\"},{\"name\":\"client.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip\",\"subType\":\"multi\"},{\"name\":\"client.ip_geo_city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip_geo_city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip_geo_city\",\"subType\":\"multi\"},{\"name\":\"client.ip_geo_country\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip_geo_country.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip_geo_country\",\"subType\":\"multi\"},{\"name\":\"client.ip_geo_country_iso\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip_geo_country_iso.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip_geo_country_iso\",\"subType\":\"multi\"},{\"name\":\"client.ip_geo_lat\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip_geo_lat.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip_geo_lat\",\"subType\":\"multi\"},{\"name\":\"client.ip_geo_lon\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip_geo_lon.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip_geo_lon\",\"subType\":\"multi\"},{\"name\":\"client.ip_ipreg_comment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip_ipreg_comment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip_ipreg_comment\",\"subType\":\"multi\"},{\"name\":\"client.ip_ipreg_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip_ipreg_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip_ipreg_domain\",\"subType\":\"multi\"},{\"name\":\"client.ip_ipreg_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip_ipreg_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.ip_ipreg_name\",\"subType\":\"multi\"},{\"name\":\"client.port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"client.port\",\"subType\":\"multi\"},{\"name\":\"feconn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"feconn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"feconn\",\"subType\":\"multi\"},{\"name\":\"frontend_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frontend_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"frontend_name\",\"subType\":\"multi\"},{\"name\":\"http_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_host\",\"subType\":\"multi\"},{\"name\":\"http_proto\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_proto.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_proto\",\"subType\":\"multi\"},{\"name\":\"http_request\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_request.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_request\",\"subType\":\"multi\"},{\"name\":\"http_status_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_status_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_status_code\",\"subType\":\"multi\"},{\"name\":\"http_user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_user\",\"subType\":\"multi\"},{\"name\":\"http_verb\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_verb.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_verb\",\"subType\":\"multi\"},{\"name\":\"http_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_version\",\"subType\":\"multi\"},{\"name\":\"process.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"process.name\",\"subType\":\"multi\"},{\"name\":\"process.pid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"process.pid\",\"subType\":\"multi\"},{\"name\":\"retries\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"retries.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"retries\",\"subType\":\"multi\"},{\"name\":\"server.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"server.domain\",\"subType\":\"multi\"},{\"name\":\"source_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_host\",\"subType\":\"multi\"},{\"name\":\"srv_queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"srv_queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"srv_queue\",\"subType\":\"multi\"},{\"name\":\"srvconn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"srvconn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"srvconn\",\"subType\":\"multi\"},{\"name\":\"termination_state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"termination_state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"termination_state\",\"subType\":\"multi\"},{\"name\":\"time_backend_connect\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"time_backend_connect.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"time_backend_connect\",\"subType\":\"multi\"},{\"name\":\"time_backend_response\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"time_backend_response.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"time_backend_response\",\"subType\":\"multi\"},{\"name\":\"time_duration\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"time_duration.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"time_duration\",\"subType\":\"multi\"},{\"name\":\"time_queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"time_queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"time_queue\",\"subType\":\"multi\"},{\"name\":\"time_request\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"time_request.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"time_request\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"timestamp","title":"logs-haproxy-*"},"id":"ece0e360-4309-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-21T21:27:29.655Z","version":"WzE3NSw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"haproxy logs - Histogram","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"haproxy logs - Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-12-20T21:34:47.670Z\",\"max\":\"2020-12-21T21:34:47.670Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"backend_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"74693590-43d1-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"ece0e360-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:35:01.074Z","version":"WzE4MSw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"haproxy logs - Top clients","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"haproxy logs - Top clients\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client IP addr\"}}]}"},"id":"d2b6e700-43d1-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"ece0e360-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:16:42.736Z","version":"WzE2Niw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"haproxy logs - Top requests","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"haproxy logs - Top requests\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"backend_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Backend name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http_request.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http_status_code.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}"},"id":"33158c30-43d4-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"ece0e360-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:38:09.088Z","version":"WzE4NCw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"haproxy logs - Status codes","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"http_status_code.keyword\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"bottom\",\"type\":\"pie\"},\"title\":\"haproxy logs - Status codes\",\"type\":\"pie\"}"},"id":"96a9c140-43d3-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"ece0e360-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:29:37.571Z","version":"WzE3OCw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"haproxy logs - Backends","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"haproxy logs - Backends\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"bottom\",\"type\":\"pie\",\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"backend_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"2c952900-43d5-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"ece0e360-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:40:42.000Z","version":"WzE4OCw0XQ=="}
-{"attributes":{"columns":["client.ip","backend_name","http_verb","http_request","http_status_code","bytes_read","time_duration"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"haproxy logs","version":1},"id":"6c1be520-43d3-11eb-b75a-bbebe0b50e97","migrationVersion":{"search":"7.4.0"},"references":[{"id":"ece0e360-4309-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-21T21:28:09.585Z","version":"WzE3Niw0XQ=="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":9,\"i\":\"ccce8e7d-f8cf-4074-929a-a5518428f22d\"},\"panelIndex\":\"ccce8e7d-f8cf-4074-929a-a5518428f22d\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":16,\"i\":\"ba3bb2ae-8c2d-4d7c-b31b-68236235fa54\"},\"panelIndex\":\"ba3bb2ae-8c2d-4d7c-b31b-68236235fa54\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":11,\"y\":9,\"w\":28,\"h\":16,\"i\":\"07c2a778-1266-463e-9b3a-ea6f9d93e82b\"},\"panelIndex\":\"07c2a778-1266-463e-9b3a-ea6f9d93e82b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":39,\"y\":17,\"w\":9,\"h\":8,\"i\":\"d8e80787-da38-48a5-be9d-e73a94a1f0b3\"},\"panelIndex\":\"d8e80787-da38-48a5-be9d-e73a94a1f0b3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":39,\"y\":9,\"w\":9,\"h\":8,\"i\":\"efc8e873-81b6-46d4-91c8-003c1869de67\"},\"panelIndex\":\"efc8e873-81b6-46d4-91c8-003c1869de67\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true},\"legendOpen\":false},\"panelRefName\":\"panel_4\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":25,\"w\":48,\"h\":22,\"i\":\"735a3ce2-b6f1-4d3b-af8f-05c4511e9b64\"},\"panelIndex\":\"735a3ce2-b6f1-4d3b-af8f-05c4511e9b64\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"haproxy logs","version":1},"id":"7dfc0c10-43d4-11eb-b75a-bbebe0b50e97","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"74693590-43d1-11eb-b75a-bbebe0b50e97","name":"panel_0","type":"visualization"},{"id":"d2b6e700-43d1-11eb-b75a-bbebe0b50e97","name":"panel_1","type":"visualization"},{"id":"33158c30-43d4-11eb-b75a-bbebe0b50e97","name":"panel_2","type":"visualization"},{"id":"96a9c140-43d3-11eb-b75a-bbebe0b50e97","name":"panel_3","type":"visualization"},{"id":"2c952900-43d5-11eb-b75a-bbebe0b50e97","name":"panel_4","type":"visualization"},{"id":"6c1be520-43d3-11eb-b75a-bbebe0b50e97","name":"panel_5","type":"search"}],"type":"dashboard","updated_at":"2020-12-21T21:42:37.188Z","version":"WzE4OSw0XQ=="}
-{"attributes":{"fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"audit_category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_category\",\"subType\":\"multi\"},{\"name\":\"audit_cluster_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_cluster_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_cluster_name\",\"subType\":\"multi\"},{\"name\":\"audit_format_version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"audit_node_host_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_node_host_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_node_host_address\",\"subType\":\"multi\"},{\"name\":\"audit_node_host_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_node_host_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_node_host_name\",\"subType\":\"multi\"},{\"name\":\"audit_node_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_node_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_node_id\",\"subType\":\"multi\"},{\"name\":\"audit_node_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_node_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_node_name\",\"subType\":\"multi\"},{\"name\":\"audit_request_exception_stacktrace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_request_exception_stacktrace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_request_exception_stacktrace\",\"subType\":\"multi\"},{\"name\":\"audit_request_layer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_request_layer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_request_layer\",\"subType\":\"multi\"},{\"name\":\"audit_request_origin\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"audit_request_origin.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"audit_request_origin\",\"subType\":\"multi\"}]","timeFieldName":"@timestamp","title":"security-auditlog-*"},"id":"cc44d890-430a-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-21T10:34:19.556Z","version":"WzExOCw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Audit Log - Histogram","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"Security Audit Log - Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT3H\",\"format\":\"YYYY-MM-DD HH:mm\",\"bounds\":{\"min\":\"2020-12-14T21:56:36.618Z\",\"max\":\"2020-12-21T21:56:36.618Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-7d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"audit_category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"846b6f00-4375-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"cc44d890-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:56:51.161Z","version":"WzIwOCw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Audit Log - Node name","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Audit Log - Node name\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"audit_node_name.keyword\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"b80e8d30-4378-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"cc44d890-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T21:55:05.416Z","version":"WzIwNyw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Audit Log - Category","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Audit Log - Category\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"audit_category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"ca9c27a0-4378-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"cc44d890-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T10:39:23.930Z","version":"WzEyMSw0XQ=="}
-{"attributes":{"columns":["audit_node_host_name","audit_category","audit_request_layer","audit_request_origin","audit_request_exception_stacktrace"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Audit Logs","version":1},"id":"388503f0-4378-11eb-b75a-bbebe0b50e97","migrationVersion":{"search":"7.4.0"},"references":[{"id":"cc44d890-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-12-21T10:35:18.830Z","version":"WzExOSw0XQ=="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":10,\"i\":\"963df476-bd2f-4c26-9652-3cdfa1eef34f\"},\"panelIndex\":\"963df476-bd2f-4c26-9652-3cdfa1eef34f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":10,\"w\":15,\"h\":9,\"i\":\"c87d79c0-84a1-46af-80a4-afc61cdae0a5\"},\"panelIndex\":\"c87d79c0-84a1-46af-80a4-afc61cdae0a5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":15,\"y\":10,\"w\":15,\"h\":9,\"i\":\"c32eb149-2f61-41b5-ae5a-a864fb3257cb\"},\"panelIndex\":\"c32eb149-2f61-41b5-ae5a-a864fb3257cb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":19,\"w\":48,\"h\":22,\"i\":\"cbd2ce7a-841d-4d11-b16e-79be174523e6\"},\"panelIndex\":\"cbd2ce7a-841d-4d11-b16e-79be174523e6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]","timeRestore":false,"title":"Security Audit Log","version":1},"id":"e52ea260-4377-11eb-b75a-bbebe0b50e97","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"846b6f00-4375-11eb-b75a-bbebe0b50e97","name":"panel_0","type":"visualization"},{"id":"b80e8d30-4378-11eb-b75a-bbebe0b50e97","name":"panel_1","type":"visualization"},{"id":"ca9c27a0-4378-11eb-b75a-bbebe0b50e97","name":"panel_2","type":"visualization"},{"id":"388503f0-4378-11eb-b75a-bbebe0b50e97","name":"panel_3","type":"search"}],"type":"dashboard","updated_at":"2020-12-21T10:40:45.697Z","version":"WzEyMiw0XQ=="}
-{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"data_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"data_id\",\"subType\":\"multi\"},{\"name\":\"data_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"data_type\",\"subType\":\"multi\"},{\"name\":\"http_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_version\",\"subType\":\"multi\"},{\"name\":\"ident\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ident.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ident\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_city\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_country\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_country.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_country\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_country_iso\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_country_iso.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_country_iso\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_lat\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_lat.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_lat\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_lon\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_lon.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_lon\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_ipreg_comment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_ipreg_comment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_ipreg_comment\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_ipreg_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_ipreg_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_ipreg_domain\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_ipreg_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_ipreg_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_ipreg_name\",\"subType\":\"multi\"},{\"name\":\"method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"method\",\"subType\":\"multi\"},{\"name\":\"referer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"referer\",\"subType\":\"multi\"},{\"name\":\"request_page\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_page.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"request_page\",\"subType\":\"multi\"},{\"name\":\"response_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"response_size\",\"subType\":\"multi\"},{\"name\":\"server_response\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_response.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"server_response\",\"subType\":\"multi\"},{\"name\":\"source_file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_file\",\"subType\":\"multi\"},{\"name\":\"source_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_host\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"user_agent\",\"subType\":\"multi\"}]","timeFieldName":"timestamp","title":"logs-nginx-*"},"id":"4ca554f0-893f-11ea-977f-4711a028b7c3","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-12-20T14:01:02.393Z","version":"WzMxLDRd"}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Nginx Logs - Histogram","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Nginx Logs - Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"5bafcf20-43a7-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"4ca554f0-893f-11ea-977f-4711a028b7c3","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-21T16:12:44.178Z","version":"WzEzOSw0XQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top ip_src_addr ","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata alerts - top ip_src_addr \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"cardinality\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"alert.signature_id\",\"customLabel\":\"Unique\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip_src_addr.keyword\",\"order\":\"desc\",\"size\":10,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Src IP\"}}]}"},"id":"d8322050-0b7e-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-12-20T14:01:02.393Z","version":"WzMyLDRd"}
\ No newline at end of file
+{"attributes":{"fieldFormatMap":"{\"ip_dst_addr_misp_url\":{\"id\":\"url\"}}","fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"alert.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"alert.action\",\"subType\":\"multi\"},{\"name\":\"alert.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"alert.category\",\"subType\":\"multi\"},{\"name\":\"alert.gid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.rev\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.signature\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.signature.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"alert.signature\",\"subType\":\"multi\"},{\"name\":\"alert.signature_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"event_type\",\"subType\":\"multi\"},{\"name\":\"flow.bytes_toclient\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bytes_toserver\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.pkts_toclient\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.pkts_toserver\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"host\",\"subType\":\"multi\"},{\"name\":\"host_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"host_domain\",\"subType\":\"multi\"},{\"name\":\"host_domain_freq1\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_domain_freq2\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_iface\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_iface.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"in_iface\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr_geo.geo.accuracy\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_dst_addr_geo.geo.city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr_geo.geo.city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr_geo.geo.city\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr_geo.geo.country.isoCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr_geo.geo.country.isoCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr_geo.geo.country.isoCode\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr_geo.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr_geo.geo.country.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr_geo.geo.country.name\",\"subType\":\"multi\"},{\"name\":\"ip_dst_addr_geo.geo.latitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_dst_addr_geo.geo.longitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_dst_addr_misp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_dst_addr_misp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_dst_addr_misp\",\"subType\":\"multi\"},{\"name\":\"ip_dst_port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_src_addr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo.geo.accuracy\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_src_addr_geo.geo.city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo.geo.city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo.geo.city\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo.geo.country.isoCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo.geo.country.isoCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo.geo.country.isoCode\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo.geo.country.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo.geo.country.name\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo.geo.latitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_src_addr_geo.geo.longitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_src_port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"payload\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"payload.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"payload\",\"subType\":\"multi\"},{\"name\":\"payload_printable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"payload_printable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"payload_printable\",\"subType\":\"multi\"},{\"name\":\"proto\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proto.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"proto\",\"subType\":\"multi\"},{\"name\":\"stream\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vlan\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_dst_addr_misp_url\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"if (!doc['ip_dst_addr_misp.keyword'].empty) { \\n return 'https://misp.soctools.geant.org/events/view/'+doc['ip_dst_addr_misp.keyword'].value;\\n}\\nreturn null;\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","timeFieldName":"timestamp","title":"logs-suricata-alert-*"},"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-08T12:42:14.207Z","version":"WzMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata Alerts Histogram","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Suricata Alerts Histogram\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"71a37750-0b7c-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-08T12:42:14.207Z","version":"WzQsMV0="}
+{"attributes":{"columns":["alert.signature_id","alert.signature","ip_src_addr","ip_dst_addr"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Suricata Alerts","version":1},"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"search":"7.4.0"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-08T12:42:14.207Z","version":"WzUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top signatures","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata alerts - top signatures\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature.keyword\",\"order\":\"desc\",\"size\":10,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"}}]}"},"id":"d7d96e70-0b7d-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-08T12:42:14.207Z","version":"WzYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top ip_dst_addr ","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata alerts - top ip_dst_addr \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"cardinality\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"alert.signature_id\",\"customLabel\":\"Unique\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip_dst_addr.keyword\",\"order\":\"desc\",\"size\":10,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dst IP\"}}]}"},"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-08T12:42:14.207Z","version":"WzcsMV0="}
+{"attributes":{"columns":["ip_dst_addr_misp","ip_dst_addr","alert.signature","ip_dst_addr_misp_url"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"ip_dst_addr_misp>0\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Suricata Alerts Misp","version":1},"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"search":"7.4.0"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-08T12:42:14.207Z","version":"WzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Dst IP in misp","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Dst IP in misp\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip_dst_addr.keyword\",\"order\":\"desc\",\"size\":5,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"}}]}"},"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-08T12:42:14.207Z","version":"WzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata alerts - the Hive","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Suricata alerts - the Hive\",\"type\":\"thehive_button\",\"params\":{\"url\":\"https://hive.soctools.geant.org/\",\"apikey\":\"ebMZixrFT+4qeWDf0iW3D5qFr/GbwA4j\",\"owner\":\"odfe\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"ip_src_addr.keyword\",\"order\":\"desc\",\"size\":20,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"48992900-62d3-11ea-aaa3-bb2f31340783","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-08T12:42:14.207Z","version":"WzEwLDFd"}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":7,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":15,\"w\":48,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":7,\"w\":10,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":10,\"y\":7,\"w\":9,\"h\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":19,\"y\":7,\"w\":11,\"h\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":39,\"y\":7,\"w\":9,\"h\":3,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"Suricata Alerts","version":1},"id":"368ddb80-0b7f-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"71a37750-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_0","type":"visualization"},{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_1","type":"search"},{"id":"d7d96e70-0b7d-11ea-bc07-2bc38b4c4b9b","name":"panel_2","type":"visualization"},{"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","name":"panel_3","type":"visualization"},{"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","name":"panel_4","type":"visualization"},{"id":"48992900-62d3-11ea-aaa3-bb2f31340783","name":"panel_5","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-08T12:42:14.207Z","version":"WzExLDFd"}
+{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"data_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"data_id\",\"subType\":\"multi\"},{\"name\":\"data_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"data_type\",\"subType\":\"multi\"},{\"name\":\"http_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"http_version\",\"subType\":\"multi\"},{\"name\":\"ident\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ident.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ident\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_city\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_city.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_city\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_country\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_country.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_country\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_country_iso\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_country_iso.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_country_iso\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_lat\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_lat.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_lat\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_geo_lon\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_geo_lon.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_geo_lon\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_ipreg_comment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_ipreg_comment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_ipreg_comment\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_ipreg_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_ipreg_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_ipreg_domain\",\"subType\":\"multi\"},{\"name\":\"ip_src_addr_ipreg_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_src_addr_ipreg_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip_src_addr_ipreg_name\",\"subType\":\"multi\"},{\"name\":\"method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"method\",\"subType\":\"multi\"},{\"name\":\"referer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"referer\",\"subType\":\"multi\"},{\"name\":\"request_page\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_page.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"request_page\",\"subType\":\"multi\"},{\"name\":\"response_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"response_size\",\"subType\":\"multi\"},{\"name\":\"server_response\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_response.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"server_response\",\"subType\":\"multi\"},{\"name\":\"source_file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_file\",\"subType\":\"multi\"},{\"name\":\"source_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_host\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"user_agent\",\"subType\":\"multi\"}]","timeFieldName":"timestamp","title":"logs-nginx-*"},"id":"4ca554f0-893f-11ea-977f-4711a028b7c3","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-08T12:42:14.207Z","version":"WzEyLDFd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top ip_src_addr ","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Suricata alerts - top ip_src_addr \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"cardinality\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"alert.signature_id\",\"customLabel\":\"Unique\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip_src_addr.keyword\",\"order\":\"desc\",\"size\":10,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Src IP\"}}]}"},"id":"d8322050-0b7e-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-08T12:42:14.207Z","version":"WzEzLDFd"}
\ No newline at end of file
diff --git a/roles/odfekibana/files/kibanasecret b/roles/odfekibana/files/kibanasecret
new file mode 100644
index 0000000000000000000000000000000000000000..ec28be7e844bd0eaefbc32f1d4196e27aa41e19b
--- /dev/null
+++ b/roles/odfekibana/files/kibanasecret
@@ -0,0 +1,3 @@
+{
+ "value" : "19125de3-27fa-40e8-83bf-fdb8c8338b99"
+}
\ No newline at end of file
diff --git a/roles/odfekibana/tasks/main.yml b/roles/odfekibana/tasks/main.yml
index 1662efd600ad1a43e47bc3c40acb09fe69599dda..c0854140c7d172dc700f010fb756728b5c296f55 100644
--- a/roles/odfekibana/tasks/main.yml
+++ b/roles/odfekibana/tasks/main.yml
@@ -1,17 +1,184 @@
---
-- include: start.yml
+#- name: Create config directory
+# file:
+# name: config
+# state: directory
+# mode: 0700
+# tags:
+# - start
+
+- name: Copy cacert to ca-trust dir
+ remote_user: root
+ copy:
+ src: "files/{{ca_cn}}.crt"
+ dest: /etc/pki/ca-trust/source/anchors/ca.crt
+ tags:
+ - start
+
+- name: Install cacert to root truststore
+ remote_user: root
+ command: "update-ca-trust"
+ tags:
+ - start
+
+- name: Copy certificates in odfe kibana conf dir
+ copy:
+ src: "{{ item }}"
+ dest: "config/{{ item }}"
+ mode: 0600
+ with_items:
+ - "{{ inventory_hostname }}.p12"
+ - "{{ inventory_hostname }}.crt"
+ - "{{ inventory_hostname }}.key"
+ - cacerts.jks
+ - "{{ca_cn}}.crt"
+ - "{{soctools_users[0].CN}}.p12"
tags:
- - start
-- include: stop.yml
+ - start
+
+- name: Get openid authkey
+ set_fact:
+ kibanasecret: "{{lookup('file', 'files/kibanasecret',convert_data=False) | from_json }}"
+ tags:
+ - start
+
+#- name: Configure sysconfig
+# template:
+# src: sysconfig_elasticsearch.j2
+# dest: sysconfig_elasticsearch
+# tags:
+# - start
+#
+#- name: Copy sysconfig to /etc
+# command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
+# tags:
+# - start
+
+# lineinfile:
+# path: /etc/sysconfig/elasticsearch
+# regexp: '^ES_PATH_CONF='
+# line: ES_PATH_CONF=/usr/share/elasticsearch/config
+# tags:
+# - start
+- name: Configure odfe kibana properties
+ template:
+ src: "{{item}}.j2"
+ dest: "config/{{item}}"
+ with_items:
+ - kibana.yml
tags:
- - stop
- - stop-odfekibana
-- include: update-config.yml
+ - start
+
+- name: Configure odfe kibana start script
+ template:
+ src: "{{item}}.j2"
+ dest: "{{item}}"
+ mode: 0750
+ with_items:
+ - startkibana.sh
+ tags:
+ - start
+
+#- name: Exit here to test ODFE
+# meta: end_play
+# tags:
+# - start
+
+
+- name: Generate configuration for thehive_button plugin
+ template:
+ src: files/env.js.j2
+ dest: "/usr/share/kibana/plugins/thehive_button/public/env.js"
+ owner: kibana
+ group: kibana
+ tags:
+ - start
+
+
+- name: Start OpenDistro Kibana for Elasticsearch
+ command: /usr/share/kibana/startkibana.sh
+ #shell: exec /usr/share/kibana/bin/kibana -c config/kibana.yml &
+ #shell: "nohup /usr/share/kibana/bin/kibana -c config/kibana.yml &"
tags:
- - update-config
- - update-odfekibana-config
-- include: restart.yml
+ - start
+
+- name: Wait for Kibana
+ wait_for:
+ host: "{{groups['odfekibanacontainers'][0]}}"
+ port: 5601
+ state: started
+ delay: 5
+ tags:
+ - start
+
+- name: Check Kibana health
+ shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{dslproxy}}:5601/api/status" \
+ | egrep status....overall....state...green'
+ register: result
+ until: result.rc == 0
+ retries: 90
+ delay: 2
+ ignore_errors: yes
+ tags:
+ - start
+
+- name: Copy tenant.json to container
+ remote_user: kibana
+ copy:
+ src: "files/tenant.json"
+ dest: /tmp/tenant.json
+ tags:
+ - start
+
+- name: change tenant to global
+ shell: 'curl -X "POST" "https://{{dslproxy}}:5601/api/v1/multitenancy/tenant" \
+ -b /tmp/cookie.txt -c /tmp/cookie.txt \
+ -k --user admin:{{ odfees_adminpass }} \
+ -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
+ -d @/tmp/tenant.json'
+ tags:
+ - start
+
+- name: Copy kibana_graphs.ndjson to container
+ remote_user: kibana
+ copy:
+ src: "files/kibana_graphs.ndjson"
+ dest: /tmp/kibana_graphs.ndjson
+ tags:
+ - start
+
+- name: Import graphs to kibana
+ shell: 'curl -X "POST" "https://{{dslproxy}}:5601/api/saved_objects/_import?overwrite=true" \
+ -b /tmp/cookie.txt -c /tmp/cookie.txt \
+ -k --user admin:{{ odfees_adminpass }} \
+ -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \
+ -F "file=@/tmp/kibana_graphs.ndjson"'
+ tags:
+ - start
+
+#- name: cleanup temporary files for kibana_graph import
+# shell: '/bin/rm -rf /tmp/cookie.txt /tmp/kibana_graphs.ndjson /tmp/tenant.json'
+# ignore_errors: true
+# tags:
+# - start
+
+#- name: check reachable hosts
+# gather_facts: no
+# tasks:
+# - command: ping -c1 {{ inventory_hostname }}
+# delegate_to: localhost
+# register: ping_result
+# ignore_errors: yes
+# - group_by: key=reachable
+# when: ping_result|success
+
+#- name: Stop OpenDistro Kibana for Elasticsearch
+# command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
+# tags:
+# - stop
+
+- name: Stop OpenDistro Kibana for Elasticsearch
+ command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
tags:
- - restart
- - restart-odfekibana
+ - stop
diff --git a/roles/odfekibana/tasks/restart.yml b/roles/odfekibana/tasks/restart.yml
deleted file mode 100644
index 7ef339035ddb769ec70ffad981b8a36959f735e1..0000000000000000000000000000000000000000
--- a/roles/odfekibana/tasks/restart.yml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-
-- name: Restart Kibana
- remote_user: root
- shell: "supervisorctl restart kibana"
-
-- name: Wait for Kibana
- remote_user: kibana
- wait_for:
- host: "{{groups['odfekibanacontainers'][0]}}"
- port: 5601
- state: started
- delay: 5
-
-- name: Check Kibana health
- remote_user: kibana
- shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \
- | egrep status....overall....state...green'
- register: result
- until: result.rc == 0
- retries: 90
- delay: 2
- ignore_errors: yes
-
-- name: Import graphs to kibana
- remote_user: kibana
- shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \
- -b /tmp/cookie.txt -c /tmp/cookie.txt \
- -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
- -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \
- -F "file=@/tmp/kibana_graphs.ndjson"'
-
diff --git a/roles/odfekibana/tasks/start.yml b/roles/odfekibana/tasks/start.yml
deleted file mode 100644
index 186a6a6c8effc0664dba8b6f72090aa932a7681a..0000000000000000000000000000000000000000
--- a/roles/odfekibana/tasks/start.yml
+++ /dev/null
@@ -1,166 +0,0 @@
----
-
-#- name: Create config directory
-# file:
-# name: config
-# state: directory
-# mode: 0700
-
-- name: Copy cacert to ca-trust dir
- remote_user: root
- copy:
- src: "{{playbook_dir}}/secrets/CA/ca.crt"
- dest: /etc/pki/ca-trust/source/anchors/ca.crt
-
-- name: Install cacert to root truststore
- remote_user: root
- command: "update-ca-trust"
-
-- name: Copy certificates in odfe kibana conf dir
- remote_user: kibana
- copy:
- src: "{{ item }}"
- dest: "config/"
- mode: 0600
- with_items:
- - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12"
- - "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt"
- - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key"
- - "{{playbook_dir}}/secrets/CA/cacerts.jks"
- - "{{playbook_dir}}/secrets/CA/ca.crt"
- - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12"
-
-- name: Get openid authkey
- remote_user: kibana
- set_fact:
- kibanasecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/kibanasecret',convert_data=False) | from_json }}"
-
-#- name: Configure sysconfig
-# template:
-# src: sysconfig_elasticsearch.j2
-# dest: sysconfig_elasticsearch
-#
-#- name: Copy sysconfig to /etc
-# command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
-
-# lineinfile:
-# path: /etc/sysconfig/elasticsearch
-# regexp: '^ES_PATH_CONF='
-# line: ES_PATH_CONF=/usr/share/elasticsearch/config
-
-- name: Configure odfe kibana properties
- remote_user: kibana
- template:
- src: "{{item}}.j2"
- dest: "config/{{item}}"
- with_items:
- - kibana.yml
-
-- name: Configure odfe kibana start script
- remote_user: kibana
- template:
- src: "{{item}}.j2"
- dest: "{{item}}"
- mode: 0750
- with_items:
- - startkibana.sh
-
-#- name: Exit here to test ODFE
-# meta: end_play
-
-
-- name: Generate configuration for thehive_button plugin
- remote_user: kibana
- template:
- src: files/env.js.j2
- dest: "/usr/share/kibana/plugins/thehive_button/public/env.js"
- owner: kibana
- group: kibana
-
-
-- name: Start Kibana
- remote_user: root
- shell: "supervisorctl start kibana"
-
-- name: Wait for Kibana
- remote_user: kibana
- wait_for:
- host: "{{groups['odfekibanacontainers'][0]}}"
- port: 5601
- state: started
- delay: 5
-
-- name: Check Kibana health
- remote_user: kibana
- shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \
- | egrep status....overall....state...green'
- register: result
- until: result.rc == 0
- retries: 90
- delay: 2
- ignore_errors: yes
-
-#- name: Copy tenant.json to container
-# remote_user: kibana
-# copy:
-# src: "files/tenant.json"
-# dest: /tmp/tenant.json
-#
-#- name: change tenant to global
-# shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/multitenancy/tenant" \
-# -b /tmp/cookie.txt -c /tmp/cookie.txt \
-# -k --user admin:{{ odfees_adminpass }} \
-# -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
-# -d @/tmp/tenant.json'
-
-- name: Copy kibana_graphs.ndjson to container
- remote_user: kibana
- copy:
- src: "files/kibana_graphs.ndjson"
- dest: /tmp/kibana_graphs.ndjson
-
-- name: Import graphs to kibana
- remote_user: kibana
- shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \
- -b /tmp/cookie.txt -c /tmp/cookie.txt \
- -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
- -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \
- -F "file=@/tmp/kibana_graphs.ndjson"'
-
-- name: Copy role modification json to container
- remote_user: kibana
- template:
- src: "role.json.j2"
- dest: /tmp/role.json
-
-- name: Grant admin permissions to users
- remote_user: kibana
- shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \
- -b /tmp/cookie.txt -c /tmp/cookie.txt \
- -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
- -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
- -d @/tmp/role.json'
-
-#- name: cleanup temporary files for kibana_graph import
-# shell: '/bin/rm -rf /tmp/cookie.txt /tmp/kibana_graphs.ndjson /tmp/tenant.json'
-# ignore_errors: true
-
-#- name: check reachable hosts
-# gather_facts: no
-# tasks:
-# - command: ping -c1 {{ inventory_hostname }}
-# delegate_to: localhost
-# register: ping_result
-# ignore_errors: yes
-# - group_by: key=reachable
-# when: ping_result|success
-
-#- name: Stop OpenDistro Kibana for Elasticsearch
-# command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
-
-- name: Set Autostart for supervisord's services
- replace:
- path: /etc/supervisord.conf
- regexp: '^autostart=false$'
- replace: 'autostart=true'
-
diff --git a/roles/odfekibana/tasks/stop.yml b/roles/odfekibana/tasks/stop.yml
deleted file mode 100644
index 2ab354a31339c1ee47c5d287277b9e25c6afa377..0000000000000000000000000000000000000000
--- a/roles/odfekibana/tasks/stop.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- name: Stop OpenDistro Kibana for Elasticsearch
- remote_user: root
- command: "supervisorctl stop kibana"
diff --git a/roles/odfekibana/tasks/update-config.yml b/roles/odfekibana/tasks/update-config.yml
deleted file mode 100644
index 779d95f971090d8575e3216bc1aa1179bee5eaae..0000000000000000000000000000000000000000
--- a/roles/odfekibana/tasks/update-config.yml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-
-- name: Configure odfe kibana properties
- remote_user: kibana
- template:
- src: "{{item}}.j2"
- dest: "config/{{item}}"
- with_items:
- - kibana.yml
-
-- name: Configure odfe kibana start script
- remote_user: kibana
- template:
- src: "{{item}}.j2"
- dest: "{{item}}"
- mode: 0750
- with_items:
- - startkibana.sh
-
-- name: Generate configuration for thehive_button plugin
- remote_user: kibana
- template:
- src: files/env.js.j2
- dest: "/usr/share/kibana/plugins/thehive_button/public/env.js"
- owner: kibana
- group: kibana
-
-
-- name: Copy kibana_graphs.ndjson to container
- remote_user: kibana
- copy:
- src: "files/kibana_graphs.ndjson"
- dest: /tmp/kibana_graphs.ndjson
-
diff --git a/roles/odfekibana/templates/kibana.yml.j2 b/roles/odfekibana/templates/kibana.yml.j2
index e676b3735c0f2f9ee59a2c7b3e19c020e04faa1b..0d670073c5d8f8515075abcea316f02d4863df25 100644
--- a/roles/odfekibana/templates/kibana.yml.j2
+++ b/roles/odfekibana/templates/kibana.yml.j2
@@ -29,8 +29,8 @@ elasticsearch.username: kibanaserver
elasticsearch.password: kibanaserver
elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
-opendistro_security.multitenancy.enabled: false
-#opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
+opendistro_security.multitenancy.enabled: true
+opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
opendistro_security.readonly_mode.roles: ["kibana_read_only"]
#new in 7.6
@@ -39,20 +39,20 @@ opendistro_security.readonly_mode.roles: ["kibana_read_only"]
#telemetry.enabled: false
opendistro_security.auth.type: "openid"
-opendistro_security.openid.connect_url: "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration"
-opendistro_security.openid.client_id: "soctools-kibana"
+opendistro_security.openid.connect_url: "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration"
+opendistro_security.openid.client_id: "dsoclab-kibana"
opendistro_security.openid.client_secret: "{{kibanasecret.value}}"
-opendistro_security.openid.root_ca: "/usr/share/kibana/config/ca.crt"
-opendistro_security.openid.base_redirect_url: "https://{{soctoolsproxy}}:5601"
+opendistro_security.openid.root_ca: "/usr/share/kibana/config/{{ca_cn}}.crt"
+opendistro_security.openid.base_redirect_url: "https://{{dslproxy}}:5601"
opendistro_security.cookie.secure: true
-opendistro_security.cookie.password: {{lookup("password", "{{playbook_dir}}/secrets/passwords/kibana_cookiepassword length=32")}}
+opendistro_security.cookie.password: "{{odfekibana_cookie}}"
server.ssl.enabled: true
server.ssl.key: /usr/share/kibana/config/{{inventory_hostname}}.key
server.ssl.certificate: /usr/share/kibana/config/{{inventory_hostname}}.crt
#server.ssl.keystore.path: /usr/share/kibana/config/{{inventory_hostname}}.p12
-#server.ssl.keystore.password: {{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}
+#server.ssl.keystore.password: {{kspass}}
#server.ssl.certificateAuthorities:
#server.ssl.truststore.path: jks (p12?)
#server.ssl.truststore.password:
diff --git a/roles/odfekibana/templates/role.json.j2 b/roles/odfekibana/templates/role.json.j2
deleted file mode 100644
index 9d67a52fb225237029d74bcaa8b381857a3f1eb2..0000000000000000000000000000000000000000
--- a/roles/odfekibana/templates/role.json.j2
+++ /dev/null
@@ -1,15 +0,0 @@
-{
- "backend_roles":[
- "admin"
- ],
- "hosts":[
-
- ],
- "users":[
-{% for user in ODFE_ADMIN_USERS %}
- "{{ user }}",
-{% endfor %}
- "admin"
- ],
- "description":"Maps admin to all_access"
-}
diff --git a/roles/soctools-server/tasks/main.yml b/roles/soctools-server/tasks/main.yml
index 98902dce701cf0b9f7b6d57c6b3fd5df601a85e9..55adbbdb04ed879233a41f8b11d6219358147a17 100644
--- a/roles/soctools-server/tasks/main.yml
+++ b/roles/soctools-server/tasks/main.yml
@@ -16,7 +16,7 @@
- name: Install required packages
yum:
- name: ["docker-ce","docker-ce-cli","containerd.io","python-pip","unzip"]
+ name: ["docker-ce","docker-ce-cli","containerd.io","python-pip"]
state: latest
validate_certs: no
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
diff --git a/roles/thehive/files/SOCTOOLS-CA.crt b/roles/thehive/files/SOCTOOLS-CA.crt
new file mode 100644
index 0000000000000000000000000000000000000000..04b1f203d036d2219c23c4ea3630115d68510eb8
--- /dev/null
+++ b/roles/thehive/files/SOCTOOLS-CA.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIJAIp0kyaAW0K3MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC1NPQ1RPT0xTLUNBMB4XDTIwMTAzMDEwNDcxOFoXDTMwMTAyODEwNDcxOFow
+FjEUMBIGA1UEAwwLU09DVE9PTFMtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC1GZDFZJPR7AYkhEsB9U6qtK+40di3KOeTwRosJ7hvP1FQjwnIC37B
+UlVq15KEgRTCcXgLH0CdtzC1Rkz+AUCLyKTOGmNCqmvyMcESdpuoI1NULkv0QeYX
+Mj4Q1Lh0RldqZpEr32UfsVowBPPhijAUlVAHeJLvji/tnUvI++9no2hx03UAhjTM
+M59AviYsRT3DUkciNSllpwV+7B2pgnpRgzsbVGP2cheaaRYG9DAbRTLrAtVxO0WJ
+c/zNGSpvXuOyBK30/pwGMvhNGPeckElSpDfaepuA8ZDcfaKNk0kEBvzIlUrpZBmv
+tBc5DmpfEBlSk5UK/0XSblKE5dOqlWc1AgMBAAGjgYUwgYIwHQYDVR0OBBYEFHkG
+ykDTn5pUrtMzTfI4PrYL8z3PMEYGA1UdIwQ/MD2AFHkGykDTn5pUrtMzTfI4PrYL
+8z3PoRqkGDAWMRQwEgYDVQQDDAtTT0NUT09MUy1DQYIJAIp0kyaAW0K3MAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA0XK1+Eg+j
+JdwKnUpnwPq+fsyrCs4TF1DgwtqY4yr1KCw0QSPMK9ldLp62lJaRnrPE7ZGOQ7sd
+z82yEM8nMulNREp3TZwuVFaWgs0yLVKkfqZ0jNGDuEf8AJAynI4ynRbtYxtYzBDy
+XgJPk9lKK/gR14IXBet/dGbZf4yHiMzldMCb0dWzyDS1S+Y1iLTRCmpmRbFow12g
+CjNoSxdyoJPZavcOVWa4tDc3PLMdkgdY20ewo3IvCQTOg9ogVX4Hq5/M4xTz8XUX
+nHeUqshdkPVGFCIujCBg9131RYSE0SkVrPUaIbP9tgzabkZWwhiq8oSpTBmIi9qh
+GPiQTFGknE1U
+-----END CERTIFICATE-----
diff --git a/roles/thehive/files/cacerts.jks b/roles/thehive/files/cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d4001b7d9a466941cda896b6bf145bf2f02020c
Binary files /dev/null and b/roles/thehive/files/cacerts.jks differ
diff --git a/roles/thehive/files/dsoclab-thehive.crt b/roles/thehive/files/dsoclab-thehive.crt
new file mode 100644
index 0000000000000000000000000000000000000000..0d474c2a1277de93ba6357ca841a7eac3b1cce44
--- /dev/null
+++ b/roles/thehive/files/dsoclab-thehive.crt
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 61:09:5c:2c:8d:35:ee:29:1c:99:ce:ab:d4:2b:3c:a4
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=SOCTOOLS-CA
+ Validity
+ Not Before: Oct 30 10:47:29 2020 GMT
+ Not After : Oct 15 10:47:29 2023 GMT
+ Subject: CN=dsoclab-thehive
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ba:c5:4d:20:a4:60:b7:61:21:ed:16:a1:6f:72:
+ c4:de:a1:00:c0:ef:fc:5d:a1:89:34:07:15:d2:b4:
+ 3a:14:b8:95:75:8e:81:71:49:46:1d:c8:81:cb:f1:
+ ec:c7:5a:12:f6:89:60:e4:c8:98:1a:61:c8:2d:12:
+ 8f:73:ee:f8:9d:88:b5:7f:30:70:97:29:b4:ab:43:
+ 2d:dc:db:a7:10:47:c7:b5:26:9b:11:85:fb:d3:27:
+ 8f:3a:55:bc:ea:78:17:b8:89:10:a3:a4:10:60:39:
+ c3:7f:42:25:a9:fe:84:7f:38:5e:f4:3d:c3:98:3d:
+ 56:b9:ba:81:06:55:8d:65:12:f0:4e:23:88:1d:98:
+ 0c:2f:6e:4f:67:fd:4e:67:39:91:b9:01:52:12:aa:
+ 9e:bb:7a:c8:ea:8f:4a:2d:18:f8:69:9a:3a:a0:c8:
+ 6e:e3:de:c6:db:be:4c:59:e0:cf:bc:34:4f:2c:b0:
+ ef:3e:82:5a:df:68:be:b8:fb:cc:5f:6a:f2:3e:66:
+ d4:c6:c5:f6:0b:67:e9:64:85:15:87:60:6f:dc:b4:
+ 5b:13:6f:b0:9b:f8:f3:da:c1:91:9e:81:5f:16:ca:
+ 9e:14:01:c1:1c:ce:2a:d3:c8:3c:0f:be:b1:37:aa:
+ c9:08:68:2b:de:f9:44:6c:1e:90:a4:12:bc:f5:3c:
+ 46:bd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 5B:08:8E:F2:1B:8F:12:03:BA:31:02:9C:CE:CC:BC:9F:FC:19:D1:E1
+ X509v3 Authority Key Identifier:
+ keyid:79:06:CA:40:D3:9F:9A:54:AE:D3:33:4D:F2:38:3E:B6:0B:F3:3D:CF
+ DirName:/CN=SOCTOOLS-CA
+ serial:8A:74:93:26:80:5B:42:B7
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Subject Alternative Name:
+ DNS:dsoclab-thehive, DNS:dsoclab.gn4-3-wp8-soc.sunet.se
+ Signature Algorithm: sha256WithRSAEncryption
+ 7f:b2:fa:33:d6:e3:6c:57:8a:4a:9a:ef:8b:81:2b:df:f3:d6:
+ fb:8c:bc:02:cf:71:54:a0:f2:0d:ae:3b:30:cf:5c:69:d7:d0:
+ aa:cc:16:80:4d:9d:c8:1f:a7:98:9d:26:dc:ae:8e:24:2b:bc:
+ c1:11:a6:8d:4f:ca:13:1f:7f:8f:4c:ef:dd:46:df:d6:97:0a:
+ 88:51:4e:f7:46:aa:3d:e3:70:e9:19:e8:9f:7e:22:fa:b6:38:
+ 30:00:0a:94:38:09:bf:b8:64:6c:c1:b7:05:6d:4f:f3:27:0c:
+ df:04:ef:a1:4e:e8:2d:4c:06:d0:c0:4f:4f:da:d0:6d:b8:f2:
+ b3:79:18:63:bd:62:83:53:55:38:94:d9:64:ca:e7:4d:71:ce:
+ d1:05:6d:b1:6c:fb:1a:4c:b6:ef:70:2b:3d:9b:1d:66:d8:d9:
+ 9f:f0:e5:48:29:50:e8:1b:1a:fb:b4:d2:5e:38:ec:05:45:c2:
+ e7:de:9a:9d:aa:34:67:c5:66:18:e3:86:8b:0c:1a:c4:21:20:
+ 7e:b7:ad:e2:0b:d0:0d:d4:76:e6:53:ca:77:bc:ce:d0:9b:7b:
+ 7c:fd:42:94:da:63:d8:a7:52:d2:45:f2:d5:55:ef:37:f1:a5:
+ 0e:ba:29:c9:b4:ce:99:45:04:21:2b:86:27:bb:c1:f2:86:9a:
+ 7c:51:5c:3b
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIQYQlcLI017ikcmc6r1Cs8pDANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtTT0NUT09MUy1DQTAeFw0yMDEwMzAxMDQ3MjlaFw0yMzEwMTUx
+MDQ3MjlaMBoxGDAWBgNVBAMMD2Rzb2NsYWItdGhlaGl2ZTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALrFTSCkYLdhIe0WoW9yxN6hAMDv/F2hiTQHFdK0
+OhS4lXWOgXFJRh3Igcvx7MdaEvaJYOTImBphyC0Sj3Pu+J2ItX8wcJcptKtDLdzb
+pxBHx7UmmxGF+9MnjzpVvOp4F7iJEKOkEGA5w39CJan+hH84XvQ9w5g9Vrm6gQZV
+jWUS8E4jiB2YDC9uT2f9Tmc5kbkBUhKqnrt6yOqPSi0Y+GmaOqDIbuPextu+TFng
+z7w0Tyyw7z6CWt9ovrj7zF9q8j5m1MbF9gtn6WSFFYdgb9y0WxNvsJv489rBkZ6B
+XxbKnhQBwRzOKtPIPA++sTeqyQhoK975RGwekKQSvPU8Rr0CAwEAAaOB3TCB2jAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBRbCI7yG48SA7oxApzOzLyf/BnR4TBGBgNVHSME
+PzA9gBR5BspA05+aVK7TM03yOD62C/M9z6EapBgwFjEUMBIGA1UEAwwLU09DVE9P
+TFMtQ0GCCQCKdJMmgFtCtzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgWgMDoGA1UdEQQzMDGCD2Rzb2NsYWItdGhlaGl2ZYIeZHNvY2xh
+Yi5nbjQtMy13cDgtc29jLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IBAQB/svoz
+1uNsV4pKmu+LgSvf89b7jLwCz3FUoPINrjswz1xp19CqzBaATZ3IH6eYnSbcro4k
+K7zBEaaNT8oTH3+PTO/dRt/WlwqIUU73Rqo943DpGeiffiL6tjgwAAqUOAm/uGRs
+wbcFbU/zJwzfBO+hTugtTAbQwE9P2tBtuPKzeRhjvWKDU1U4lNlkyudNcc7RBW2x
+bPsaTLbvcCs9mx1m2Nmf8OVIKVDoGxr7tNJeOOwFRcLn3pqdqjRnxWYY44aLDBrE
+ISB+t63iC9AN1HbmU8p3vM7Qm3t8/UKU2mPYp1LSRfLVVe838aUOuinJtM6ZRQQh
+K4Ynu8Hyhpp8UVw7
+-----END CERTIFICATE-----
diff --git a/roles/thehive/files/dsoclab-thehive.key b/roles/thehive/files/dsoclab-thehive.key
new file mode 100644
index 0000000000000000000000000000000000000000..6d4d8bb01b413adbe679481a68241bfe71a1c9dc
--- /dev/null
+++ b/roles/thehive/files/dsoclab-thehive.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6xU0gpGC3YSHt
+FqFvcsTeoQDA7/xdoYk0BxXStDoUuJV1joFxSUYdyIHL8ezHWhL2iWDkyJgaYcgt
+Eo9z7vidiLV/MHCXKbSrQy3c26cQR8e1JpsRhfvTJ486VbzqeBe4iRCjpBBgOcN/
+QiWp/oR/OF70PcOYPVa5uoEGVY1lEvBOI4gdmAwvbk9n/U5nOZG5AVISqp67esjq
+j0otGPhpmjqgyG7j3sbbvkxZ4M+8NE8ssO8+glrfaL64+8xfavI+ZtTGxfYLZ+lk
+hRWHYG/ctFsTb7Cb+PPawZGegV8Wyp4UAcEczirTyDwPvrE3qskIaCve+URsHpCk
+Erz1PEa9AgMBAAECggEARJH9cBeJfqoFp6LgYCd1yfq4aR1yvPl6gwR66aHLlSHz
+lXZdZbcuK+8aYEMQ2FvkjGkBjt1qonz13j5rNngtBMFVST4CiC0CrMH8S5LFMj/4
+PTTQR822F971QciKlFbE9rYzyrCIZpuuf8FMTK4p/P84NVmbvv/+IDAuAKJWSB3b
+TXVeYzqET/cENXrNZNsTMHVoPAudtsHXXa5w3yXJXhTlRQrjMtMHgV+H1O2iOvi5
+IAJUm2HVmGON9aqQKZlzYvx9txSBRczEwQK+fLPoXGEG/KhskiBPMU0y9a60SV5F
+Oi94zzBCOSf/k+C4+EhkvfSq727ZFs60zGcoEW7rzQKBgQD08umyOtqJEB6dk5hg
+RA1mc3qx332Li0Ep9ciPD0oOyt9H/pQBMYHlV4Vf26dmjxg7XMPqB38topjbnVcY
+r1QigQ8tnHXktcO1tUpx6MhTkN4sBH9dvZE4TdBiarlcThgnuCfZUhjyfyr715tR
+BIC8TA9bd/6oUaf/zd0S4aGcEwKBgQDDMnKe7PoDlHtjxaiDs8VLRRgNKocT/jaD
+SZ5j5a1e+fvIK+lqpW7pXT/AlBVvxC6ke2Zb1csgndgF0p45ZO9WsB5fV3x8AREM
+zIvrqpH4hdRBEF7o1syVDMXmTQLsPOLzj6B2UC5mpqoo2GkI9yyXpJhNR0kqzkDy
+Pclu3xZL7wKBgQCZsFAxI/w6Q4LyG8lfnVNLFOnG8RM0mwsn6K8OE+nDnka6RWFX
+3lhCLcfhfVBraR0rIelKzaleWMbQBMjBFEEV5SRA2gqele1V9YngLs6CoELGG4xO
+pMKZMTmuhogHAnjlcwaNtJUykdfGbGFnVAvyGUcJfSCrO5DNT72GO0vLQQKBgQCF
+WyPf2/r7Eygxg8qbH+h8ghnqdNGQIS9RBqzFhxapOpR/rzBrAdcCbAiwIvt6Pke3
+a+8Ecs2x3OTHJZufjovNZ8l4TaboeToSynQVb5UGezgFs4+D96wRcIaLzrVefEJ5
+L/jqm+D3lInQGfm4fFXkzDiZI0ijjAHm/btumc771QKBgBTu4KvY6rzgmHbymux1
++tr+xl3/Nb29XQJHpZV+hgFGg1+aWaR9c0WXz9mKovBanEUHJb5khqFQDFZuWMNG
+tNQ1JbwTXwxmAfVJbLYbSHnuePkh+qtpmTVa3H5NdRBI/062/Km6Rxcf5JljB8/J
+k+SqVxdKSTfaWxGqyyAZgVis
+-----END PRIVATE KEY-----
diff --git a/roles/thehive/files/logback.xml b/roles/thehive/files/logback.xml
new file mode 100644
index 0000000000000000000000000000000000000000..d7f5263595b7f2b0e8b007dec1877d41d6de1c73
--- /dev/null
+++ b/roles/thehive/files/logback.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration debug="true">
+
+ <conversionRule conversionWord="coloredLevel"
+ converterClass="play.api.libs.logback.ColoredLevel"/>
+
+ <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/thehive/application.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>/var/log/logs/application.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>10</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>10MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>%date [%level] from %logger in %thread [%X{request}|%X{tx}] %message%n%xException</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>%coloredLevel %logger{15} [%X{request}|%X{tx}] %message%n%xException{10}
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ASYNCFILE" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="FILE"/>
+ </appender>
+
+ <appender name="ASYNCSTDOUT" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT"/>
+ </appender>
+
+ <logger name="org.thp" level="INFO"/>
+
+ <root level="DEBUG">
+ <appender-ref ref="ASYNCFILE"/>
+ <appender-ref ref="ASYNCSTDOUT"/>
+ </root>
+
+</configuration>
+
diff --git a/roles/thehive/files/thehivesecret b/roles/thehive/files/thehivesecret
new file mode 100644
index 0000000000000000000000000000000000000000..f00a8d57edd365f329d95494e2242fe9d7432dbe
--- /dev/null
+++ b/roles/thehive/files/thehivesecret
@@ -0,0 +1,3 @@
+{
+ "value" : "b832e3a9-0080-4f07-bc3d-6bbc67bce741"
+}
\ No newline at end of file
diff --git a/roles/thehive/tasks/createusers.yml b/roles/thehive/tasks/createusers.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b0fbcdd9ba24fb12fba0bed5dc16b50584f0fd4c
--- /dev/null
+++ b/roles/thehive/tasks/createusers.yml
@@ -0,0 +1,28 @@
+---
+# - name: create organisation
+# uri:
+# url: "https://{{dslproxy}}:9000/api/organisation"
+# method: POST
+# headers:
+# Authorization: "Bearer {{ THEHIVE_API_KEY }}"
+# body_format: form-urlencoded
+# body:
+# name: "{{ organisation }}"
+# description: "test"
+# status_code: 201
+# tags:
+# - create_org
+- name: generate json files for creating users
+ remote_user: root
+ template:
+ src: users.json
+ dest: /tmp/{{ item.username }}.json
+ with_items:
+ - "{{ THEHIVE_USERS }}"
+- name: create users
+ remote_user: root
+ shell: "curl -k -H 'Authorization: Bearer {{ THEHIVE_API_KEY }}' -H 'Content-Type: application/json' https://{{ dslproxy }}:9000/api/user -d @/tmp/{{ item.username}}.json"
+ args:
+ warn: false
+ with_items:
+ - "{{ THEHIVE_USERS }}"
diff --git a/roles/thehive/tasks/main.yml b/roles/thehive/tasks/main.yml
index a0f7edf3191254869b03c63056db742bacb7b71e..0e560e7122b33b36a8ab31e0b0c6f6c46570153f 100644
--- a/roles/thehive/tasks/main.yml
+++ b/roles/thehive/tasks/main.yml
@@ -1,18 +1,87 @@
---
-- include: start.yml
+- name: Copy cacert to ca-trust dir
+ remote_user: root
+ copy:
+ src: "files/{{ca_cn}}.crt"
+ dest: /etc/pki/ca-trust/source/anchors/ca.crt
tags:
- - start
-- include: stop.yml
+ - start
+
+- name: Install cacert to root truststore
+ remote_user: root
+ command: "update-ca-trust"
+ tags:
+ - start
+
+- name: Copy certificates in thehive conf dir
+ copy:
+ src: "{{ item }}"
+ dest: "/etc/thehive/{{ item }}"
+ mode: 0600
+ with_items:
+ - "{{ inventory_hostname }}.crt"
+ - "{{ inventory_hostname }}.key"
+ - cacerts.jks
+ - "{{ca_cn}}.crt"
+ tags:
+ - start
+
+- name: Get openid authkey
+ set_fact:
+ thehivesecret: "{{lookup('file', 'files/thehivesecret',convert_data=False) | from_json }}"
tags:
- - stop
- - stop-thehive
-- include: update-config.yml
+ - start
+
+
+- name: Configure TheHive
+ template:
+ src: application.conf.j2
+ dest: /etc/thehive/application.conf
+ tags:
+ - start
+
+- name: Configure TheHive logging
+ copy:
+ src: logback.xml
+ dest: /etc/thehive/logback.xml
tags:
- - update-config
- - update-thehive-config
-- include: restart.yml
+ - start
+
+
+- name: Start TheHive
+ command: >
+ daemonize
+ -c /opt/thehive
+ -p /tmp/thehive.pid
+ -o /tmp/thehive-stdout.log
+ /opt/thehive/bin/thehive
+ -Dconfig.file=/etc/thehive/application.conf
+ -Dlogger.file=/etc/thehive/logback.xml
+ -J-Xms1g
+ -J-Xmx1g
+ -Dpidfile.path=/dev/null
+ tags:
+ - start
+
+- name: Wait for TheHive
+ wait_for:
+ host: "{{groups['thehive'][0]}}"
+ port: 9000
+ state: started
+ delay: 5
+ tags:
+ - start
+
+- name: Create TheHive users
+ include: createusers.yml
+ tags:
+ - createusers
+ - start
+
+- name: Stop TheHive
+ command: "pkill -SIGTERM -F /tmp/thehive.pid"
tags:
- - restart
- - restart-thehive
+ - stop
+ - stopthehive
diff --git a/roles/thehive/tasks/restart.yml b/roles/thehive/tasks/restart.yml
deleted file mode 100644
index f3b364456e14669dfcbfa61f9ce9a5ff7646c30c..0000000000000000000000000000000000000000
--- a/roles/thehive/tasks/restart.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-
-- name: Restart TheHive
- remote_user: root
- command: "supervisorctl restart thehive"
-
-- name: Wait for TheHive
- remote_user: root
- wait_for:
- host: "{{groups['thehive'][0]}}"
- port: 9000
- state: started
- delay: 5
diff --git a/roles/thehive/tasks/start.yml b/roles/thehive/tasks/start.yml
deleted file mode 100644
index 33a136bffda2f69156da07a3a97c4bcb9addecfb..0000000000000000000000000000000000000000
--- a/roles/thehive/tasks/start.yml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-
-- name: Configure TheHive
- remote_user: thehive
- template:
- src: application.conf.j2
- dest: /etc/thehive/application.conf
-
-- name: Start TheHive
- remote_user: root
- command: "supervisorctl start thehive"
-
-- name: Wait for TheHive
- remote_user: root
- wait_for:
- host: "{{groups['thehive'][0]}}"
- port: 9000
- state: started
- delay: 5
-
-- name: Set Autostart for supervisord's services
- replace:
- path: /etc/supervisord.conf
- regexp: '^autostart=false$'
- replace: 'autostart=true'
-
diff --git a/roles/thehive/tasks/stop.yml b/roles/thehive/tasks/stop.yml
deleted file mode 100644
index 87d605a59f69355208b4fe84b707d6b94c478c0c..0000000000000000000000000000000000000000
--- a/roles/thehive/tasks/stop.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- name: Stop TheHive
- remote_user: root
- command: "supervisorctl stop thehive"
diff --git a/roles/thehive/tasks/update-config.yml b/roles/thehive/tasks/update-config.yml
deleted file mode 100644
index 7b02823bbe7e65d60fc9352e732800cb4622b365..0000000000000000000000000000000000000000
--- a/roles/thehive/tasks/update-config.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-- name: Configure TheHive
- remote_user: thehive
- template:
- src: application.conf.j2
- dest: /etc/thehive/application.conf
diff --git a/roles/thehive/templates/application.conf.j2 b/roles/thehive/templates/application.conf.j2
index d25e059818a773a6a4a48fb34196cc641f79e718..a92e4f71ca871305611695aa04367054738881d0 100644
--- a/roles/thehive/templates/application.conf.j2
+++ b/roles/thehive/templates/application.conf.j2
@@ -5,7 +5,7 @@
## Include Play secret key
# More information on secret key at https://www.playframework.com/documentation/2.8.x/ApplicationSecret
#include "/etc/thehive/secret.conf"
-play.http.secret.key="{{lookup('password', '{{playbook_dir}}/secrets/passwords/thehive_secret_key')}}"
+play.http.secret.key="{{thehive_secret_key}}"
## Database configuration
db.janusgraph {
@@ -13,7 +13,7 @@ db.janusgraph {
## Cassandra configuration
# More information at https://docs.janusgraph.org/basics/configuration-reference/#storagecql
backend: cql
- hostname: ["{{groups['cassandra'][0]}}.{{soctools_netname}}"]
+ hostname: ["{{groups['cassandra'][0]}}.{{soctools_netname}}:9042"]
# Cassandra authentication (if configured)
// username: "thehive"
// password: "password"
@@ -47,17 +47,61 @@ storage {
## Authentication configuration
# More information at https://github.com/TheHive-Project/TheHiveDocs/TheHive4/Administration/Authentication.md
-//auth {
-// providers: [
+auth {
+ providers: [
// {name: session} # required !
// {name: basic, realm: thehive}
// {name: local}
// {name: key}
-// ]
+ {name: session} # required !
+ {name: basic, realm: thehive}
+ {name: local}
+ {name: key}
+ {
+ name: oauth2
+ clientId: "dsoclab-thehive"
+ clientSecret: {{thehivesecret.value}}
+ redirectUri: "https://{{dslproxy}}:9000/api/ssoLogin"
+ responseType: "code"
+ grantType: "authorization_code"
+ authorizationUrl: "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/auth"
+ authorizationHeader: "Bearer"
+ tokenUrl: "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/token"
+ userUrl: "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/userinfo"
+// scope: ["openid", "email"]
+ scope: ["openid"]
+ userIdField: "email"
+// userIdField: "name"
+ }
+ ]
+ sso {
+ autocreate: true
+ autoupdate: true
+ autologin: true
+ mapper: "simple"
+// attributes {
+// login: "login"
+// name: "name"
+// roles: "role"
+// }
+ defaultRoles: ["read", "write", "admin"]
+ defaultOrganization: "uninett.no"
+// defaultOrganization: "demo"
+ }
+ ws.ssl.trustManager {
+ stores = [
+ {
+ type: "JKS" // JKS or PEM
+ path: "cacerts.jks"
+ password: "{{tspass}}"
+ }
+ ]
+ }
# The format of logins must be valid email address format. If the provided login doesn't contain `@` the following
# domain is automatically appended
-// defaultUserDomain: "thehive.local"
-//}
+ defaultUserDomain: "uninett.no"
+# defaultUserDomain: "thehive.local"
+}
## CORTEX configuration
# More information at https://github.com/TheHive-Project/TheHiveDocs/TheHive4/Administration/Connectors.md
diff --git a/roles/thehive/templates/users.json b/roles/thehive/templates/users.json
new file mode 100644
index 0000000000000000000000000000000000000000..b16eed70fd8aaf68302b82150ce4101c8acfa430
--- /dev/null
+++ b/roles/thehive/templates/users.json
@@ -0,0 +1,6 @@
+{
+ "login": "{{ item.username }}",
+ "name": "{{ item.name }} {{ item.surname }}",
+ "roles": {{ item.roles }},
+ "organisation": "{{ item.organization }}"
+}
diff --git a/roles/thehive/vars/users.yml b/roles/thehive/vars/users.yml
new file mode 100644
index 0000000000000000000000000000000000000000..07433e6a1cc8b18ac3b239d1d0dfc48715d22a6e
--- /dev/null
+++ b/roles/thehive/vars/users.yml
@@ -0,0 +1,16 @@
+---
+
+THEHIVE_API_KEY: "1gFdNhmUSxO3BRe1SBB5JYEvkW9UOo6s"
+THEHIVE_USERS:
+ - kiril:
+ username: "kiril"
+ name: "Kiril"
+ surname: "Kiroski"
+ roles: '["read", "write", "admin"]'
+ organization: "uninett.no"
+ - temur:
+ username: "temur"
+ name: "Temur"
+ surname: "Maisuradze"
+ roles: '["read", "write", "admin"]'
+ organization: "uninett.no"
diff --git a/soctools-inventory b/soctools-inventory
new file mode 100644
index 0000000000000000000000000000000000000000..cff0d648d769176bf1292cfcd88493c12ac03120
--- /dev/null
+++ b/soctools-inventory
@@ -0,0 +1,35 @@
+[dsldev]
+localhost ansible_connection=local
+
+[nificontainers]
+dsoclab-nifi-1 ansible_connection=docker
+dsoclab-nifi-2 ansible_connection=docker
+dsoclab-nifi-3 ansible_connection=docker
+
+[odfeescontainers]
+dsoclab-odfe-1 ansible_connection=docker
+dsoclab-odfe-2 ansible_connection=docker
+
+[odfekibanacontainers]
+dsoclab-kibana ansible_connection=docker
+
+[keycloakcontainers]
+dsoclab-keycloak ansible_connection=docker
+
+[mysql]
+dsoclab-mysql ansible_connection=docker
+
+[mispcontainers]
+dsoclab-misp ansible_connection=docker
+
+[cassandra]
+dsoclab-cassandra ansible_connection=docker
+
+[thehive]
+dsoclab-thehive ansible_connection=docker
+
+[cortex]
+dsoclab-cortex ansible_connection=docker
+
+[haproxy]
+dsoclab-haproxy ansible_connection=docker
diff --git a/soctools.yml b/soctools.yml
index fb4a2196557009b772ebf937cc80fe2658d65001..c25b56f32c95d5973e64ce70d6a1d7b4c3eae539 100644
--- a/soctools.yml
+++ b/soctools.yml
@@ -2,16 +2,9 @@
- name: Start soctools cluster
import_playbook: startsoctools.yml
- when: "'start' in ansible_run_tags or 'config' in ansible_run_tags"
+ when: "'start' in ansible_run_tags"
- name: Stop soctools cluster
import_playbook: stopsoctools.yml
- when: "'stop' in ansible_run_tags or 'stop-thehive' in ansible_run_tags or 'stop-keycloak' in ansible_run_tags or 'stop-cortex' in ansible_run_tags or 'stop-haproxy' in ansible_run_tags or 'stop-cassandra' in ansible_run_tags or 'stop-filebeat' in ansible_run_tags or 'stop-misp' in ansible_run_tags or 'stop-mysql' in ansible_run_tags or 'stop-nifi' in ansible_run_tags or 'stop-odfees' in ansible_run_tags or 'stop-odfekibana' in ansible_run_tags"
+ when: "'stop' in ansible_run_tags"
-- name: Update soctools cluster configs
- import_playbook: update-config-soctools.yml
- when: "'update-config' in ansible_run_tags or 'update-keycloak-config' in ansible_run_tags or 'update-thehive-config' in ansible_run_tags or 'update-cortex-config' in ansible_run_tags or 'update-haproxy-config' in ansible_run_tags or 'update-cassandra-config' in ansible_run_tags or 'update-filebeat-config' in ansible_run_tags or 'update-misp-config' in ansible_run_tags or 'update-mysql-config' in ansible_run_tags or 'update-nifi-config' in ansible_run_tags or 'update-odfees-config' in ansible_run_tags or 'update-odfekibana-config' in ansible_run_tags"
-
-- name: restart soctools cluster servics
- import_playbook: restart-soctools.yml
- when: "'restart' in ansible_run_tags or 'restart-thehive' in ansible_run_tags or 'restart-keycloak' in ansible_run_tags or 'restart-cortex' in ansible_run_tags or 'restart-haproxy' in ansible_run_tags or 'restart-cassandra' in ansible_run_tags or 'restart-filebeat' in ansible_run_tags or 'restart-misp' in ansible_run_tags or 'restart-mysql' in ansible_run_tags or 'restart-nifi' in ansible_run_tags or 'restart-odfees' in ansible_run_tags or 'restart-odfekibana' in ansible_run_tags"
diff --git a/soctools_server.yml b/soctools_server.yml
index 382d998567a630c58950d28fd43802eaf31089d9..23716c5a7e7d32fdc7bedd0faf775afb5c55bfbc 100644
--- a/soctools_server.yml
+++ b/soctools_server.yml
@@ -1,5 +1,5 @@
---
-- hosts: soctoolsmain
+- hosts: dsldev
become: true
roles:
- soctools-server
diff --git a/startsoctools.yml b/startsoctools.yml
index c9c4c6bb95760d4da7a0a46706507bd4d5867174..f1154c340f91f5604fd36c1abd38f9cc718c58f0 100644
--- a/startsoctools.yml
+++ b/startsoctools.yml
@@ -1,7 +1,7 @@
---
- name: Start docker containers
- hosts: soctoolsmain
+ hosts: dsldev
roles:
- docker
@@ -25,11 +25,6 @@
roles:
- keycloak
-- name: Reconfigure and start MISP
- hosts: mispcontainers
- roles:
- - misp
-
- name: Reconfigure and start NiFi
hosts: nificontainers
roles:
@@ -45,10 +40,10 @@
roles:
- odfekibana
-- name: Install and run filebeat
- hosts: filebeat
+- name: Reconfigure and start MISP
+ hosts: mispcontainers
roles:
- - filebeat
+ - misp
- name: Reconfigure and start TheHive
hosts: thehive
diff --git a/stopsoctools.yml b/stopsoctools.yml
index 5bd121746729120486802cfc5538a181235b1642..045c3f06243bc3358245c8bbf219d68e9f89a9a5 100644
--- a/stopsoctools.yml
+++ b/stopsoctools.yml
@@ -6,7 +6,7 @@
- nifi
- name: Stop all containers
- hosts: soctoolsmain
+ hosts: dsldev
roles:
- docker
diff --git a/update-config-soctools.yml b/update-config-soctools.yml
deleted file mode 100644
index 138f664fee2eb1a9d882a7ebf0b8f9e390bb1e72..0000000000000000000000000000000000000000
--- a/update-config-soctools.yml
+++ /dev/null
@@ -1,52 +0,0 @@
----
-
-- name: Update Configs for haproxy
- hosts: haproxy
- roles:
- - haproxy
-
-- name: Update Configs for mysql
- hosts: mysql
- roles:
- - mysql
-
-- name: Update Configs for Cassandra
- hosts: cassandra
- roles:
- - cassandra
-
-- name: Update Configs for Keycloak
- hosts: keycloakcontainers
- roles:
- - keycloak
-
-- name: Update Configs for NiFi
- hosts: nificontainers
- roles:
- - nifi
-
-- name: Update Configs for OpenDistro for Elasticsearch
- hosts: odfeescontainers
- roles:
- - odfees
-
-- name: Update Configs for OpenDistro Kibana for Elasticsearch
- hosts: odfekibanacontainers
- roles:
- - odfekibana
-
-- name: Update Configs for MISP
- hosts: mispcontainers
- roles:
- - misp
-
-- name: Update Configs for TheHive
- hosts: thehive
- roles:
- - thehive
-
-- name: Update Configs for Cortex
- hosts: cortex
- roles:
- - cortex
-
diff --git a/utils/flow2template.py b/utils/flow2template.py
index b2018328c6ccf5d7c53bf75645c3f44122cc4ba2..570a1ef23d0606d7ef2db44b7133d5a6ec9f43b2 100755
--- a/utils/flow2template.py
+++ b/utils/flow2template.py
@@ -13,20 +13,17 @@ et = xml.etree.ElementTree.parse(f)
for v in et.findall(".//variable"):
a=v.attrib
if a['name']=="misp_token":
- a['value']="{{lookup('file','{{playbook_dir}}/secrets/tokens/misp')}}"
+ a['value']="{{ misp_token }}"
elif a['name']=="misp_url":
a['value']="{{ misp_url }}"
elif a['name']=="maxmind_key":
a['value']="{{ maxmind_key }}"
elif a['name']=="elastic_url":
- a['value']="https://{{ soctoolsproxy }}:9200"
+ a['value']="https://{{ dslproxy }}:9200"
elif a['name']=="elastic_username":
a['value']="{{ elastic_username }}"
elif a['name']=="elastic_password":
- a['value']="{{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}"
-
-for v in et.findall(".//controllerService[name='Soctools CA']/property[name='Truststore Password']/value"):
- v.text="{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
+ a['value']="{{ odfees_adminpass }}"
et.write(args.templatefile)