trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Actually add files

Browse Source
This commit is contained in:
Chris Long
2019-05-26 21:36:10 -07:00
parent cd722dab8b
commit e78c312bc5
10 changed files with 27 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
Vagrant/bootstrap.sh
View File

@@ -13,7 +13,7 @@ apt_install_prerequisites() {
apt-get -qq update
apt-get -qq install -y apt-fast
echo "[$(date +%H:%M:%S)]: Running apt-fast install..."
apt-fast -qq install -y jq whois build-essential git docker docker-compose unzip
apt-fast -qq install -y jq whois build-essential git docker docker-compose unzip htop
}
test_prerequisites() {
@@ -110,12 +110,17 @@ install_splunk() {
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_forwarder/splunk-add-on-for-microsoft-windows_500.tgz -auth 'admin:changeme'
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/add-on-for-microsoft-sysmon_800.tgz -auth 'admin:changeme'
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/asn-lookup-generator_100.tgz -auth 'admin:changeme'
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/lookup-file-editor_331.tgz
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/force-directed-app-for-splunk_200.tgz -auth 'admin:changeme'
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/punchcard-custom-visualization_130.tgz -auth 'admin:changeme'
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/sankey-diagram-custom-visualization_130.tgz -auth 'admin:changeme'
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/threathunting_13.tar.gz -auth 'admin:changeme'
# Add custom Macro definitions for ThreatHunting App
cp /vagrant/resources/splunk_server/macros.conf /opt/splunk/etc/apps/ThreatHunting/default/macros.conf
# Fix Windows TA macros
mkdir /opt/splunk/etc/apps/Splunk_TA_windows/local
cp /opt/splunk/etc/apps/Splunk_TA_windows/default/macros.conf /opt/splunk/etc/apps/Splunk_TA_windows/local
sed -i 's/wineventlog_windows/wineventlog/g' /opt/splunk/etc/apps/Splunk_TA_windows/local/macros.conf
# Fix Force Directed App until 2.0.1 is released (https://answers.splunk.com/answers/668959/invalid-key-in-stanza-default-value-light.html#answer-669418)
rm /opt/splunk/etc/apps/force_directed_viz/default/savedsearches.conf
@@ -140,7 +145,7 @@ install_splunk() {
dismissedInstrumentationOptInVersion = 2
[general_default]
hideInstrumentationOptInModal = 1
showWhatsNew = 0' > /opt/splunk/etc/apps/user-prefs/local/user-prefs.conf
showWhatsNew = 0' > /opt/splunk/etc/system/local/user-prefs.conf
# Enable SSL Login for Splunk
echo -e "[settings]\nenableSplunkWebSSL = true" > /opt/splunk/etc/system/local/web.conf