Updating bootstrap.sh to not install BOTSv2 by default
This commit is contained in:
Chris Long
@@ -115,43 +115,51 @@ install_splunk() {
|
|||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/punchcard-custom-visualization_130.tgz -auth 'admin:changeme'
|
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/punchcard-custom-visualization_130.tgz -auth 'admin:changeme'
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/sankey-diagram-custom-visualization_130.tgz -auth 'admin:changeme'
|
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/sankey-diagram-custom-visualization_130.tgz -auth 'admin:changeme'
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/threathunting_134.tgz -auth 'admin:changeme'
|
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/threathunting_134.tgz -auth 'admin:changeme'
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/base64_11.tgz -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/jellyfisher_010.tgz -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/palo-alto-networks-add-on-for-splunk_611.tgz -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/SA-ctf_scoreboard_admin-master.zip -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/SA-ctf_scoreboard-master.zip -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/sa-investigator-for-enterprise-security_200.tgz -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-add-on-for-apache-web-server_100.tgz -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-add-on-for-microsoft-cloud-services_310.tgz -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-add-on-for-microsoft-iis_101.tgz -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-add-on-for-microsoft-windows_600.tgz -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-add-on-for-symantec-endpoint-protection_230.tgz -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-add-on-for-unix-and-linux_602.tgz -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-app-for-osquery_10.tgz -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-common-information-model-cim_4130.tgz -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-security-essentials_241.tgz -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-ta-for-suricata_233.tgz -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/ssl-certificate-checker_32.tgz -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/url-toolbox_16.tgz -auth 'admin:changeme'
|
|
||||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/website-monitoring_274.tgz -auth 'admin:changeme'
|
|
||||||
|
|
||||||
# Install Splunk BOTsv2 FULL dataset
|
# Uncomment the following block to install BOTSv2
|
||||||
# More information https://github.com/splunk/botsv2
|
# Thanks to @MHaggis for this addition!
|
||||||
|
# It is recommended to only uncomment the attack-only dataset comment block.
|
||||||
|
# You may also link to the full dataset which is ~12GB if you prefer.
|
||||||
|
# More information on BOTSv2 can be found at https://github.com/splunk/botsv2
|
||||||
|
|
||||||
#echo "[$(date +%H:%M:%S)]: Downloading Splunk BOTSv2..."
|
### BOTSv2 COMMENT BLOCK BEGINS ###
|
||||||
#wget --progress=bar:force https://s3.amazonaws.com/botsdataset/botsv2/botsv2_data_set.tgz /opt/
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/base64_11.tgz -auth 'admin:changeme'
|
||||||
#echo "[$(date +%H:%M:%S)]: Download Complete."
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/jellyfisher_010.tgz -auth 'admin:changeme'
|
||||||
#echo "[$(date +%H:%M:%S)]: Extracting to Splunk Apps directory"
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/palo-alto-networks-add-on-for-splunk_611.tgz -auth 'admin:changeme'
|
||||||
#tar zxvf botsv2_data_set.tgz /opt/splunk/etc/apps
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/SA-ctf_scoreboard_admin-master.zip -auth 'admin:changeme'
|
||||||
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/SA-ctf_scoreboard-master.zip -auth 'admin:changeme'
|
||||||
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/sa-investigator-for-enterprise-security_200.tgz -auth 'admin:changeme'
|
||||||
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-add-on-for-apache-web-server_100.tgz -auth 'admin:changeme'
|
||||||
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-add-on-for-microsoft-cloud-services_310.tgz -auth 'admin:changeme'
|
||||||
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-add-on-for-microsoft-iis_101.tgz -auth 'admin:changeme'
|
||||||
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-add-on-for-microsoft-windows_600.tgz -auth 'admin:changeme'
|
||||||
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-add-on-for-symantec-endpoint-protection_230.tgz -auth 'admin:changeme'
|
||||||
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-add-on-for-unix-and-linux_602.tgz -auth 'admin:changeme'
|
||||||
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-app-for-osquery_10.tgz -auth 'admin:changeme'
|
||||||
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-common-information-model-cim_4130.tgz -auth 'admin:changeme'
|
||||||
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-security-essentials_241.tgz -auth 'admin:changeme'
|
||||||
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-ta-for-suricata_233.tgz -auth 'admin:changeme'
|
||||||
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/ssl-certificate-checker_32.tgz -auth 'admin:changeme'
|
||||||
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/url-toolbox_16.tgz -auth 'admin:changeme'
|
||||||
|
# /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/website-monitoring_274.tgz -auth 'admin:changeme'
|
||||||
|
|
||||||
# Install Splunk BOTsv2 Attack Only dataset
|
### UNCOMMENT THIS BLOCK FOR THE ATTACK-ONLY DATASET (Recommended) ###
|
||||||
# More information https://github.com/splunk/botsv2
|
# echo "[$(date +%H:%M:%S)]: Downloading Splunk BOTSv2 Attack Only Dataset..."
|
||||||
|
# wget --progress=bar:force -P /opt/ https://s3.amazonaws.com/botsdataset/botsv2/botsv2_data_set_attack_only.tgz
|
||||||
|
# echo "[$(date +%H:%M:%S)]: Download Complete."
|
||||||
|
# echo "[$(date +%H:%M:%S)]: Extracting to Splunk Apps directory"
|
||||||
|
# tar zxvf /opt/botsv2_data_set_attack_only.tgz -C /opt/splunk/etc/apps/
|
||||||
|
### ATTACK-ONLY COMMENT BLOCK ENDS ###
|
||||||
|
|
||||||
echo "[$(date +%H:%M:%S)]: Downloading Splunk BOTSv2 Attack Only Dataset..."
|
### UNCOMMENT THIS BLOCK FOR THE FULL 12GB DATASET (Not recommended) ###
|
||||||
wget --progress=bar:force -P /opt/ https://s3.amazonaws.com/botsdataset/botsv2/botsv2_data_set_attack_only.tgz
|
# echo "[$(date +%H:%M:%S)]: Downloading Splunk BOTSv2..."
|
||||||
echo "[$(date +%H:%M:%S)]: Download Complete."
|
# wget --progress=bar:force https://s3.amazonaws.com/botsdataset/botsv2/botsv2_data_set.tgz /opt/
|
||||||
echo "[$(date +%H:%M:%S)]: Extracting to Splunk Apps directory"
|
# echo "[$(date +%H:%M:%S)]: Download Complete."
|
||||||
tar zxvf /opt/botsv2_data_set_attack_only.tgz -C /opt/splunk/etc/apps/
|
# echo "[$(date +%H:%M:%S)]: Extracting to Splunk Apps directory"
|
||||||
|
# tar zxvf botsv2_data_set.tgz /opt/splunk/etc/apps
|
||||||
|
### FULL DATASET COMMENT BLOCK ENDS ###
|
||||||
|
|
||||||
|
### BOTSv2 COMMENT BLOCK ENDS ###
|
||||||
|
|
||||||
# Add custom Macro definitions for ThreatHunting App
|
# Add custom Macro definitions for ThreatHunting App
|
||||||
cp /vagrant/resources/splunk_server/macros.conf /opt/splunk/etc/apps/ThreatHunting/default/macros.conf
|
cp /vagrant/resources/splunk_server/macros.conf /opt/splunk/etc/apps/ThreatHunting/default/macros.conf
|
||||||
|
|||||||
Reference in New Issue
Block a user