From cce580494b7d94d3bfb8cfe8b7217ae39504a41d Mon Sep 17 00:00:00 2001 From: alaynsn <57141017+alaynsn@users.noreply.github.com> Date: Thu, 18 Apr 2024 05:00:25 -0300 Subject: [PATCH] Others bugs (#18) --- Correlation Rules/README.md | 12 +++--- Installation/SSLConfiguration.md | 43 ++++++------------- .../Configuration/ApplicationSetting.md | 11 ----- 3 files changed, 18 insertions(+), 48 deletions(-) diff --git a/Correlation Rules/README.md b/Correlation Rules/README.md index 7240104..fb11fae 100644 --- a/Correlation Rules/README.md +++ b/Correlation Rules/README.md @@ -50,15 +50,15 @@ How often in seconds the alert should be checked. This field declares that the iterations will occur on the cache of the correlation engine and contains the definition of said iterations. When this field is used, the search field is not used and vice versa. -**cache -> allOff** +**cache -> allOf** All comparisons within this field must be met for the rule to generate an alert. -**cache -> oneOff** +**cache -> oneOf** Any comparison within this field must be met for the rule to generate an alert. -**cache -> \[allOff | oneOff\] -> field** +**cache -> \[allOf | oneOf\] -> field** The field on which the comparison will be applied. @@ -99,13 +99,13 @@ This description also applies to \[cache | search\] -> save -> field "friends.#(nets.#(=="fb"))#.first" >> ["Dale","Roger"] ``` -**cache -> \[allOff | oneOff\] -> operator** +**cache -> \[allOf | oneOf\] -> operator** Operator to use in the comparison. See information about the operators in [Operators](https://github.com/AtlasInsideCorp/UTMStackCorrelationRules/blob/master/README.md#:~:text=simple%20quotation%20marks.-,Operators,-%3D%3D) -**cache -> \[allOff | oneOff\] -> value** +**cache -> \[allOf | oneOf\] -> value** -Value to compare the content of "cache -> \[allOff | oneOff\] -> field". In the second iteration case or onwards, you can use an alias to use the content of that alias as a value. +Value to compare the content of "cache -> \[allOf | oneOf\] -> field". In the second iteration case or onwards, you can use an alias to use the content of that alias as a value. **cache -> timeLapse** diff --git a/Installation/SSLConfiguration.md b/Installation/SSLConfiguration.md index e3fbbd6..e415985 100644 --- a/Installation/SSLConfiguration.md +++ b/Installation/SSLConfiguration.md @@ -45,28 +45,17 @@ systemctl restart docker Once these steps are completed, your SSL certificate will be installed and configured for UTMStack. For any issues or questions during the installation, please contact our support team. ## Generate SSL with Certbot in UTMStack without DNS Change -1. Allow Necessary Ports - Open ports for Certbot and Nginx: -``` -ufw allow 80/tcp -ufw allow 443/tcp -ufw allow 1194/tcp -ufw reload -``` - -2. Install Certbot +1. Install Certbot Install the necessary tools and dependencies: ``` sudo apt install certbot python3-certbot-nginx ``` -3. Manage Services -Stop Nginx and frontend services: +2. Manage Services pause utmstack_frontend services: ``` -systemctl stop nginx -docker stop frontend +docker service scale utmstack_frontend=0 docker ps | grep frontend ``` Then, start Nginx: @@ -84,29 +73,22 @@ sudo certbot --nginx -d siem.domain.com 5. Update SSL Certificate in UTMStack ``` -systemctl stop nginx -systemctl disable nginx cp /etc/letsencrypt/live/*/fullchain.pem /UTMStack/cert/utm.crt cp /etc/letsencrypt/live/*/privkey.pem /UTMStack/cert/utm.key -systemctl stop docker -systemctl start docker +docker service scale utmstack_frontend=1 +docker ps | grep frontend +systemctl restart docker ``` ## Renew the Certificate Generated by Certbot in UTMStack -1. Manage Frontend Service +1. Manage Services pause utmstack_frontend services: ``` -docker stop frontend -``` - -2. Start Nginx - -``` -systemctl start nginx +docker service scale utmstack_frontend=0 ``` -3. Renew SSL Certificate +2. Renew SSL Certificate ``` certbot renew @@ -117,11 +99,10 @@ certbot renew Replace "siem.domain.com" with your specific domain: ``` -systemctl stop nginx -systemctl disable nginx cp /etc/letsencrypt/live/siem.domain.com/fullchain.pem /UTMStack/cert/utm.crt cp /etc/letsencrypt/live/siem.domain.com/privkey.pem /UTMStack/cert/utm.key -systemctl stop docker -systemctl start docker +docker service scale utmstack_frontend=1 +docker ps | grep frontend +systemctl restart docker ``` diff --git a/UTMStackComponents/Configuration/ApplicationSetting.md b/UTMStackComponents/Configuration/ApplicationSetting.md index 14305b7..ce7eae9 100644 --- a/UTMStackComponents/Configuration/ApplicationSetting.md +++ b/UTMStackComponents/Configuration/ApplicationSetting.md @@ -9,17 +9,6 @@ nav_order: 4 UTMStack offers a comprehensive configuration module where administrators can adjust various settings to customize the application according to their organizational preferences. Here's a detailed breakdown: -## SMS Notifications using Twilio - -UTMStack has integrated with Twilio, a renowned cloud communications platform, to facilitate SMS notifications. To ensure timely and accurate SMS delivery, it's crucial to configure the following parameters: - -- **Twilio Authentication Token**: This secret token is used to authenticate your Twilio account. Ensure you enter the correct token to maintain seamless communication. - -- **Twilio Account SID**: Your unique Twilio Account identifier. It's crucial for distinguishing and authorizing your Twilio account. - -- **Twilio Virtual Phone Number**: This is the dedicated phone number from which SMS notifications will be sent. It must be procured from your Twilio dashboard. - - ## Email Notifications Configure the email settings to send emails notifications for the alerts and incidents: