afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Manager templates for integrations

Browse Source
This commit is contained in:
limitup 2019-10-14 17:01:56 -05:00
parent af115d73a2
commit 68166a49e1
5 changed files with 99 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -260,6 +260,26 @@ wazuh_manager_config:
- server: null - server: null
port: null port: null
format: null format: null
integrations:
- name: 'slack'
hook_url: <hook_url>
alert_level: 10
alert_format: 'json'
- name: 'pagerduty'
api_key: <api_key>
alert_level: 10
monitor_aws:
disable: 'no'
internal: '10m'
run_on_start: 'yes'
skip_on_error: 'yes'
s3:
- name: 's3-bucket-example-name'
bucket_type: 'guardduty'
path: 'path'
only_logs_after: '1970-JAN-01'
access_key: <access key>
secret_key: <secret key>
labels: labels:
enable: false enable: false
list: list:

10
roles/wazuh/ansible-wazuh-manager/tasks/main.yml
View File

@ -200,6 +200,16 @@
tags: tags:
- config - config
- name: Retrieving external API Credentials
include_vars: external_API_creds.yml
tags:
- config
- name: Retrieving AWS Credentials
include_vars: aws_creds.yml
tags:
- config
- name: Retrieving Wazuh-API User Credentials - name: Retrieving Wazuh-API User Credentials
include_vars: wazuh_api_creds.yml include_vars: wazuh_api_creds.yml
when: when:

49
roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
View File

@ -530,6 +530,55 @@
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if wazuh_manager_config.integrations is defined %}
{% for integration in wazuh_manager_config.integrations %}
{% if integration.name is not none %}
<!-- Integration with {{ integration.name }} -->
<integration>
<name>{{ integration.name }}</name>
{% if integration.hook_url is defined %}
<hook_url>{{ integration.hook_url }}</hook_url>
{% endif %}
{% if integration.api_key is defined %}
<api_key>{{ integration.api_key }}</api_key>
{% endif %}
{% if integration.alert_format is defined %}
<alert_format>{{ integration.alert_format }}</alert_format>
{% endif %}
{% if integration.alert_level is defined %}
<level>{{ integration.alert_level }}</level>
{% endif %}
{% if integration.rule_id is defined %}
<rule_id>{{ integration.rule_id }}</rule_id>
{% endif %}
</integration>
{% endif %}
{% endfor %}
{% endif %}
{% if monitor_aws is defined %}
<!-- S3 -->
<wodle name="aws-s3">
<disabled>{{ monitor_aws.disable }}</disabled>
<interval>{{ monitor_aws.interval }}</interval>
<run_on_start>{{ monitor_aws.run_on_start }}</run_on_start>
<skip_on_error>{{ monitor_aws.skip_on_error }}</skip_on_error>
{% for bucket in monitor_aws.s3 %}
<bucket type="{{ bucket.bucket_type }}">
<name>{{ bucket.name }}</name>
{% if bucket.path is defined %}
<path>{{ bucket.path }}</path>
{% endif %}
{% if bucket.only_logs_after is defined %}
<only_logs_after>{{ bucket.only_logs_after }}</only_logs_after>
{% endif %}
<access_key>{{ bucket.access_key }}</access_key>
<secret_key>{{ bucket.secret_key }}</secret_key>
</bucket>
{% endfor %}
</wodle>
{% endif %}
{% if wazuh_manager_config.labels.enable == true %} {% if wazuh_manager_config.labels.enable == true %}
<labels> <labels>
{% for label in wazuh_manager_config.labels.list %} {% for label in wazuh_manager_config.labels.list %}

11
roles/wazuh/ansible-wazuh-manager/vars/aws_creds.yml Normal file
View File

@ -0,0 +1,11 @@
---
monitor_aws:
disable: 'no'
interval: '10m'
run_on_start: 'yes'
skip_on_error: 'yes'
s3:
- name: 'S3_bucket'
bucket_type: 'guardduty'
access_key: ''
secret_key: ''

9
roles/wazuh/ansible-wazuh-manager/vars/external_API_creds.yml Normal file
View File

@ -0,0 +1,9 @@
#---
#integrations:
# - name: 'slack'
# hook_url: <hook_url>
# alert_level: 10
# alert_format: 'json'
# - name: 'pagerduty'
# api_key: <api_key>
# alert_level: 10