Update Manager templates for integrations
This commit is contained in:
limitup
parent
af115d73a2
commit
68166a49e1
@ -260,6 +260,26 @@ wazuh_manager_config:
|
||||
- server: null
|
||||
port: null
|
||||
format: null
|
||||
integrations:
|
||||
- name: 'slack'
|
||||
hook_url: <hook_url>
|
||||
alert_level: 10
|
||||
alert_format: 'json'
|
||||
- name: 'pagerduty'
|
||||
api_key: <api_key>
|
||||
alert_level: 10
|
||||
monitor_aws:
|
||||
disable: 'no'
|
||||
internal: '10m'
|
||||
run_on_start: 'yes'
|
||||
skip_on_error: 'yes'
|
||||
s3:
|
||||
- name: 's3-bucket-example-name'
|
||||
bucket_type: 'guardduty'
|
||||
path: 'path'
|
||||
only_logs_after: '1970-JAN-01'
|
||||
access_key: <access key>
|
||||
secret_key: <secret key>
|
||||
labels:
|
||||
enable: false
|
||||
list:
|
||||
|
||||
@ -200,6 +200,16 @@
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Retrieving external API Credentials
|
||||
include_vars: external_API_creds.yml
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Retrieving AWS Credentials
|
||||
include_vars: aws_creds.yml
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Retrieving Wazuh-API User Credentials
|
||||
include_vars: wazuh_api_creds.yml
|
||||
when:
|
||||
|
||||
@ -530,6 +530,55 @@
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if wazuh_manager_config.integrations is defined %}
|
||||
{% for integration in wazuh_manager_config.integrations %}
|
||||
{% if integration.name is not none %}
|
||||
<!-- Integration with {{ integration.name }} -->
|
||||
<integration>
|
||||
<name>{{ integration.name }}</name>
|
||||
{% if integration.hook_url is defined %}
|
||||
<hook_url>{{ integration.hook_url }}</hook_url>
|
||||
{% endif %}
|
||||
{% if integration.api_key is defined %}
|
||||
<api_key>{{ integration.api_key }}</api_key>
|
||||
{% endif %}
|
||||
{% if integration.alert_format is defined %}
|
||||
<alert_format>{{ integration.alert_format }}</alert_format>
|
||||
{% endif %}
|
||||
{% if integration.alert_level is defined %}
|
||||
<level>{{ integration.alert_level }}</level>
|
||||
{% endif %}
|
||||
{% if integration.rule_id is defined %}
|
||||
<rule_id>{{ integration.rule_id }}</rule_id>
|
||||
{% endif %}
|
||||
</integration>
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if monitor_aws is defined %}
|
||||
<!-- S3 -->
|
||||
<wodle name="aws-s3">
|
||||
<disabled>{{ monitor_aws.disable }}</disabled>
|
||||
<interval>{{ monitor_aws.interval }}</interval>
|
||||
<run_on_start>{{ monitor_aws.run_on_start }}</run_on_start>
|
||||
<skip_on_error>{{ monitor_aws.skip_on_error }}</skip_on_error>
|
||||
{% for bucket in monitor_aws.s3 %}
|
||||
<bucket type="{{ bucket.bucket_type }}">
|
||||
<name>{{ bucket.name }}</name>
|
||||
{% if bucket.path is defined %}
|
||||
<path>{{ bucket.path }}</path>
|
||||
{% endif %}
|
||||
{% if bucket.only_logs_after is defined %}
|
||||
<only_logs_after>{{ bucket.only_logs_after }}</only_logs_after>
|
||||
{% endif %}
|
||||
<access_key>{{ bucket.access_key }}</access_key>
|
||||
<secret_key>{{ bucket.secret_key }}</secret_key>
|
||||
</bucket>
|
||||
{% endfor %}
|
||||
</wodle>
|
||||
{% endif %}
|
||||
|
||||
{% if wazuh_manager_config.labels.enable == true %}
|
||||
<labels>
|
||||
{% for label in wazuh_manager_config.labels.list %}
|
||||
|
||||
11
roles/wazuh/ansible-wazuh-manager/vars/aws_creds.yml
Normal file
11
roles/wazuh/ansible-wazuh-manager/vars/aws_creds.yml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
monitor_aws:
|
||||
disable: 'no'
|
||||
interval: '10m'
|
||||
run_on_start: 'yes'
|
||||
skip_on_error: 'yes'
|
||||
s3:
|
||||
- name: 'S3_bucket'
|
||||
bucket_type: 'guardduty'
|
||||
access_key: ''
|
||||
secret_key: ''
|
||||
@ -0,0 +1,9 @@
|
||||
#---
|
||||
#integrations:
|
||||
# - name: 'slack'
|
||||
# hook_url: <hook_url>
|
||||
# alert_level: 10
|
||||
# alert_format: 'json'
|
||||
# - name: 'pagerduty'
|
||||
# api_key: <api_key>
|
||||
# alert_level: 10
|
||||
Loading…
Reference in New Issue
Block a user