Skip to content
This repository has been archived by the owner on Sep 27, 2022. It is now read-only.

Installation Steps

Jump to bottom
markusza edited this page Aug 11, 2017 · 3 revisions
  1. Getting started
1. Download/Clone the respository as a ZIP file. 2. Copy the zip file to your elastalert server 3. Ensure Python PIP is installed `apt-get install python-pip` 4. Install the pip package. `pip install elastalert_hive_alerter-master.zip` 5. Add your TheHive connection details to the ElastAlert configuration file `/etc/elastalert.yaml` or wherever your file is located. 
 hive_connection:
   hive_host: http://localhost
   hive_port: 9000
   hive_username: admin
   hive_password: 123456

6. Configure your first alert. See below an example.

`es_host: localhost es_port: 9201 name: My Example Alert

type: any index: logstash-* timeframe: 

  hours: 1

filter: - query: 

    query_string:
      query: "Name:foo AND Surname:bar"

alert: - "elastalert_hive_alerter.hive_alerter.HiveAlerter"

hive_alert_config: 

   type: ''
   source: 'elastalert'
   description: 'The following user "{match[Name]}" "{match[Surname]}" accessed a restricted resource.'

   severity: 1
   tags: ['tag2', 'tag1']
   tlp: 2
   status: 'New'
   follow: True

hive_observable_data_mapping: 

  - other: "{match[Name]}"
  - other: "{match[Surname]}"

`

Clone this wiki locally