trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Re-fix threathunting app and update ESXi logger role

Browse Source
This commit is contained in:
Chris Long
2020-07-26 15:24:26 -07:00
parent b9edc1591e
commit 2058aae44e
2 changed files with 74 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Vagrant/bootstrap.sh
View File

@@ -165,9 +165,10 @@ install_splunk() {
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/link-analysis-app-for-splunk_161.tgz -auth 'admin:changeme'
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/threathunting_143.tgz -auth 'admin:changeme'
## Fix a bug with the ThreatHunting App (https://github.com/olafhartong/ThreatHunting/issues/53)
mv /opt/splunk/etc/apps/ThreatHunting/lookups/sysmonevencodes.csv /opt/splunk/etc/apps/ThreatHunting/lookups/sysmoneventcode.csv
sed -i 's/= sysmoneventcode/= sysmoneventcode.csv/g' /opt/splunk/etc/apps/ThreatHunting/default/props.conf
## Fix a bug with the ThreatHunting App (https://github.com/olafhartong/ThreatHunting/pull/57)
mv /opt/splunk/etc/apps/ThreatHunting/lookups/sysmonevencodes.csv /opt/splunk/etc/apps/ThreatHunting/lookups/sysmoneventcodes.csv
sed -i 's/= sysmoneventcode /= sysmoneventcodes.csv /g' /opt/splunk/etc/apps/ThreatHunting/default/props.conf
sed -i 's/sysmoneventcode.csv/sysmoneventcodes.csv/g' /opt/splunk/etc/apps/ThreatHunting/default/props.conf
# Install the Maxmind license key for the ASNgen App
if [ -n "$MAXMIND_LICENSE" ]; then