|
|
@@ -20,32 +20,6 @@ Whether or not you assign roles/users/etc. is not required at this point. We add
|
|
|
|
|
|
Copy the Okta client ID and client secret. You will add them to the customer's pillar variables file as described below.
|
|
|
|
|
|
-## Creating the Cribl Infrastructure for a Customer
|
|
|
-
|
|
|
-Copy the `175-splunk-alsi` directory from an existing customer (or test Moose) to the customer's directory in the `xdr-terraform-live` repository.
|
|
|
-
|
|
|
-```shell
|
|
|
-cp -a ~/xdr-terraform-live/prod/aws-us-gov/mdr-prod-bas/175-splunk-alsi ~/xdr-terraform-live/prod/aws-us-gov/mdr-prod-<customer>/
|
|
|
-```
|
|
|
-
|
|
|
-### Create Worker nodes
|
|
|
-
|
|
|
-To create one or more worker nodes along with the leader, modify `xdr-terraform-modules/base/splunk_servers/alsi/config.sls` and set the number of workers as an exception, using the account name found in `account.hcl`.
|
|
|
-
|
|
|
-```hcl
|
|
|
- # If cribl is being used for log ingestion, remember to turn on splunk_private_hec
|
|
|
- # in `splunk_servers/indexer_cluster/config.tf`, too.
|
|
|
- alsi_workers_default = 0 # how many cribl workers
|
|
|
- alsi_workers_exceptions = {
|
|
|
- afs-mdr-test-c2-gov = 2,
|
|
|
- mdr-prod-bas = 2,
|
|
|
- }
|
|
|
-```
|
|
|
-
|
|
|
-If the customer requires public ELBs for HEC, enable those in `config.tf` as well.
|
|
|
-
|
|
|
-> :warning: Do not create the infrastructer yet.
|
|
|
-
|
|
|
### Add Cribl Pillars to Customer Variables SLS
|
|
|
|
|
|
#### Add the `mdr_wildcard_cert` pillars to Salt's `pillar/top.sls` for the ALSI instances.
|
|
|
@@ -86,3 +60,27 @@ cribl:
|
|
|
```
|
|
|
|
|
|
> :information_source: See the GnuPG (gpg) Notes document for instructions on how to GPG-encrypt the various values.
|
|
|
+
|
|
|
+## Creating the Cribl Infrastructure for a Customer
|
|
|
+
|
|
|
+Copy the `175-splunk-alsi` directory from an existing customer (or test Moose) to the customer's directory in the `xdr-terraform-live` repository.
|
|
|
+
|
|
|
+```shell
|
|
|
+cp -a ~/xdr-terraform-live/prod/aws-us-gov/mdr-prod-bas/175-splunk-alsi ~/xdr-terraform-live/prod/aws-us-gov/mdr-prod-<customer>/
|
|
|
+```
|
|
|
+
|
|
|
+### Create Worker nodes
|
|
|
+
|
|
|
+To create one or more worker nodes along with the leader, modify `xdr-terraform-modules/base/splunk_servers/alsi/config.sls` and set the number of workers as an exception, using the account name found in `account.hcl`.
|
|
|
+
|
|
|
+```hcl
|
|
|
+ # If cribl is being used for log ingestion, remember to turn on splunk_private_hec
|
|
|
+ # in `splunk_servers/indexer_cluster/config.tf`, too.
|
|
|
+ alsi_workers_default = 0 # how many cribl workers
|
|
|
+ alsi_workers_exceptions = {
|
|
|
+ afs-mdr-test-c2-gov = 2,
|
|
|
+ mdr-prod-bas = 2,
|
|
|
+ }
|
|
|
+```
|
|
|
+
|
|
|
+If the customer requires public ELBs for HEC, enable those in `config.tf` as well.
|
Colby Williams