Merge pull request #150 from weslambert/elastalert

ElastAlert: Updates
dougburks · Jan 4, 2018 · 5b24e93 · 5b24e93
2 parents a5675a3 + f9e11f0
commit 5b24e93
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 3 deletions.
diff --git a/etc/elastalert/rules/bro_conn.yaml b/etc/elastalert/rules/bro_conn.yaml
@@ -15,7 +15,7 @@ type: frequency
 
 # (Required)
 # Index to search, wildcard supported
-index: logstash-bro*
+index: "*:logstash-bro*"
 
 use_strftime_index: true
 

diff --git a/etc/elastalert/rules/ids.yaml b/etc/elastalert/rules/ids.yaml
@@ -3,7 +3,7 @@ es_host: elasticsearch
 es_port: 9200
 name: Security Onion ElastAlert - New IDS Event!
 type: frequency
-index: logstash-ids*
+index: "*:logstash-ids*"
 num_events: 1
 timeframe:
     minutes: 1

diff --git a/usr/sbin/sosetup-elastic b/usr/sbin/sosetup-elastic
@@ -2024,7 +2024,12 @@ EOF
 		echo "# Please wait while stopping and disabling Kibana..." | tee -a $LOG
 		docker stop so-kibana >> $LOG 2>&1
 		sed -i 's|KIBANA_ENABLED="yes"|KIBANA_ENABLED="no"|g' $CONF
-
+
+		echo "91"
+                echo "# Please wait while stopping and disabling ElastAlert..." | tee -a $LOG
+                docker stop so-elastalert >> $LOG 2>&1
+                sed -i 's|ELASTALERT_ENABLED="yes"|ELASTALERT_ENABLED="no"|g' $CONF
+
     		echo "93"
 		echo "# Please wait while stopping and disabling MySQL..." | tee -a $LOG
 		service mysql stop >> $LOG 2>&1