diff --git a/modules/utilities/unix/logging/elastalert/elastalert.pp b/modules/utilities/unix/logging/elastalert/elastalert.pp
new file mode 100644
index 000000000..4adf52a53
--- /dev/null
+++ b/modules/utilities/unix/logging/elastalert/elastalert.pp
@@ -0,0 +1 @@
+include elastalert::install
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/elastalert/manifests/install.pp b/modules/utilities/unix/logging/elastalert/manifests/install.pp
new file mode 100644
index 000000000..309e41f86
--- /dev/null
+++ b/modules/utilities/unix/logging/elastalert/manifests/install.pp
@@ -0,0 +1,9 @@
+class elastalert::configure {
+ $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+ $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0]
+ $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0]
+
+ ensure_packages('pip3')
+ ensure_packages(['elastalert', 'setuptools>=11.3'], { 'package' => 'pip3', 'require' => 'pip3' })
+
+}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/watcher/secgen_metadata.xml b/modules/utilities/unix/logging/elastalert/secgen_metadata.xml
similarity index 85%
rename from modules/utilities/unix/logging/watcher/secgen_metadata.xml
rename to modules/utilities/unix/logging/elastalert/secgen_metadata.xml
index fcb8b8106..807d73607 100644
--- a/modules/utilities/unix/logging/watcher/secgen_metadata.xml
+++ b/modules/utilities/unix/logging/elastalert/secgen_metadata.xml
@@ -3,9 +3,8 @@
- Watcher
+ Elastalert
Thomas Shaw
- Elastic
Apache v2
TODO
@@ -27,8 +26,8 @@
update
-
- .*elasticsearch
-
+
+
+
diff --git a/modules/utilities/unix/logging/watcher/templates/watch.json.erb b/modules/utilities/unix/logging/elastalert/templates/watch.json.erb
similarity index 100%
rename from modules/utilities/unix/logging/watcher/templates/watch.json.erb
rename to modules/utilities/unix/logging/elastalert/templates/watch.json.erb
diff --git a/modules/utilities/unix/logging/watcher/manifests/configure.pp b/modules/utilities/unix/logging/watcher/manifests/configure.pp
deleted file mode 100644
index 4d667d64d..000000000
--- a/modules/utilities/unix/logging/watcher/manifests/configure.pp
+++ /dev/null
@@ -1,23 +0,0 @@
-class watcher::configure {
-
- $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
- $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0]
- $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0]
-
- # Search string within kibana for a successful login on account: 'test'
- # "event.category : user-login and event.type : user_login and auditd.result : success and user.name_map.auid : test"
-
-
- # TODO: Need some automated curl script that utilises a template to generate "create watcher" request
-
- # Need to send a request to: "172.16.0.2":9200 [ $elasticsearch_ip:$elasticsearch_port ]
- # PUT _xpack/watcher/watch/my-watch
- # templates('watcher/watch.json.erb')
-
- # First: Get it working within Kibana, there is a testing tool within 'Dev tools' section
- # Second: Create a way to detect whether the watcher is registered correctly, we can GET the watcher endpoint in kibana to check
- # Third: Implement functionality so the watcher fires a HTTP request to 172.16.0.2:8080
- # Fourth: Implement a dummy webserver running on 8080 that can recieve requests + displays their contents on the screen.
- # Fifth: Look into adding SSL to this whole process.
-
-}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/watcher/watcher.pp b/modules/utilities/unix/logging/watcher/watcher.pp
deleted file mode 100644
index 812b7ba24..000000000
--- a/modules/utilities/unix/logging/watcher/watcher.pp
+++ /dev/null
@@ -1 +0,0 @@
-include watcher::configure
\ No newline at end of file
diff --git a/modules/utilities/unix/update/unix_update/manifests/unix.pp b/modules/utilities/unix/update/unix_update/manifests/unix.pp
index 9d2dd85cf..31f3d6f9c 100644
--- a/modules/utilities/unix/update/unix_update/manifests/unix.pp
+++ b/modules/utilities/unix/update/unix_update/manifests/unix.pp
@@ -2,7 +2,7 @@ class unix_update::unix{
case $operatingsystem {
'Debian': {
exec { 'update':
- command => "/usr/bin/apt-get update --fix-missing && /usr/bin/apt-get install apt-transport-https ca-certificates --fix-missing -y",
+ command => "/usr/bin/apt-get install apt-transport-https ca-certificates --fix-missing -y", # /usr/bin/apt-get update --fix-missing &&
tries => 5,
try_sleep => 30,
}
diff --git a/scenarios/tests/test_scenario.xml b/scenarios/tests/test_scenario.xml
index e41dccff2..3b223920b 100644
--- a/scenarios/tests/test_scenario.xml
+++ b/scenarios/tests/test_scenario.xml
@@ -5,22 +5,16 @@
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
testing
-
+
172.17.0.0
-
-
- true
-
-
- IP_addresses
-
-
+
-
+
+
IP_addresses