Oct 1, 2019

How to enable the Playbook / Navigator

Edit /opt/so/saltstack/pillar/masters/<HOSTNAME>.sls

Change the 0 to a 1 on the following line which is near the bottom of the file:

playbook: 0

Then you can wait for the changes to be applied automatically (up to 15 minutes), or apply the changes right away by running:

sudo salt-call state.apply playbook

You can now access Playbook by navigating to: https://MASTER/playbook and login with the following credentials:

Username: analyst Password: changeme

Sigma Support

Sigma support currently extends to the following logsources in Security Onion:
-network (via bro logs)
-Windows Eventlogs (via Winlogbeat)

