Cyb3rWard0g
commented
3 years ago Hello @zspacex ! I believe that is because the scripts are added to the docker image when it is built: https://github.com/Cyb3rWard0g/HELK/blob/master/docker/helk-elastalert/Dockerfile#L48
Therefore, changing the script would not trigger on the docker image since it is downloading the latest built. However, I believe you can add the entrypoint parameter to the docker-compose template you are using to deploy HELK and set it to grab the local file. Something similar to this: https://github.com/Cyb3rWard0g/HELK/blob/master/docker/helk-kibana-analysis-alert-basic.yml#L52
Let me know if that works for you. Thank you!
Describe the problem
I am using the current latest build of HELK and have enabled TLS for my ES. For Elastalert to use the TLS ES, I would need to update some parameters in elastalert-entrypoint.sh. I have edited the file under docker/helk-elastalert/scripts however, my edits were not reflected in the docker Elastalert image. It seemed to load the default elastalert-entrypoint.sh whenever I start the docker image/ reinstall the HELK.
How I change and use a customized version of elastalert-entrypoint.sh?