Skip to content

HOWTO configure kibana plugin

Why do that

In some cases, you might want to configure the kibana punch plugin finely.

Available Settings

kibana.yml Section configuration example for Punch plugin:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
punchplatform:
  enabled: true
  tmp_path: './tmp'
  security:
    enabled: false
    roles: 
      - 'pp_plugin_view'
      - 'pp_data_extraction'
      - 'pp_configuration_view'
      - 'pp_configuration_edit'
      - 'pp_platform_channel_control'
      - 'pp_pml_view'
      - 'pp_job_editor_view'
      - 'pp_pml_edit'
      - 'pp_pml_execute'
      - 'pp_testers_view'
      - 'pp_ioc_view'
      - 'pp_ioc_edit'
  documentation:
    enabled: true
    path: '../../doc/html'
  tools:
    enabled: true
  zookeeper:
    hosts: ['localhost:2181']
    cluster: 'punchplatform-primary' # /!\ Zookeeper root node, not cluster...
  extraction:
    enabled: true
    tenant: 'punch'
    index: 'jobs'  # will create '<tenant>-jobs index'
    path: './extractions'
    formats: ['csv', 'json', 'elasticsearch']
    es_data_cluster:
      type: 'data_node' 
      hosts: ['localhost'] # overrides 'type' if specified
      port: 9200
      settings: 
        - "es.index.read.missing.as.empty: yes"
        - "es.nodes.discovery: true"
        - "es.nodes.client.only: false"
        - "es.nodes.data.only: false"
        - "es.nodes.ingest.only: false"
        - "es.http.timeout: 1m"
        - "es.nodes.resolve.hostname: true"
        - "es.nodes.path.prefix:"
    es_metric_cluster:
      type: 'data_node' 
      hosts: ['localhost'] # overrides 'type' if specified
      port: 9200
      index: 'metrics'  # will create '<tenant>-metrics-YYYY-MM-DD index'
      settings: # not supported for the moment
        - "es.nodes.discovery: true"
        - "es.nodes.client.only: false"
        - "es.nodes.data.only: false"
        - "es.nodes.ingest.only: false"
        - "es.http.timeout: 1m"
        - "es.nodes.resolve.hostname: true"
        - "es.nodes.path.prefix:"   
  job_editor:
      enabled: true
      tenant: 'punch'
      index: 'jobs'
      path: '../editor'
      foreground:
          enabled: true
      background:
          enabled: true
  analytics:
      foreground:
          options: ["--punchline", "{{job}}"]
      background:
          options: ["--punchline", "{{job}}"]
      scanner:
          options: []
  platform_editor:
      enabled: true
      tenants: ['mytenant']
      channels:
          enabled: true

Roles

 key  Description
pp_plugin_view User can use Punchplatform Plugin
pp_data_extraction User can extract data from data extraction service
pp_configuration_view User can read platform configuration
pp_configuration_edit User can edit platform configuration (need pp_configuration_view)
pp_platform_channel_control User can start/stop/reload channels
pp_pml_view User can view PML
pp_job_editor_view User can view PML
pp_pml_edit User can create/delete and save PML
pp_pml_execute User can exectute PML
pp_testers_view User can use Punch and Grok tester
pp_ioc_view User can view IoC lists
pp_ioc_edit User can edit IoC lists