Ok, so u need to execute this commands

corecfg set -p SiemAddress 192.168.0.9

and

corecfg set -p SiemElasticsearchHost 192.168.0.9

is it normal to take long time ?

Yes, absolutely

can be merged into one command corecfg set -p SiemAddress 192.168.0.9 SiemElasticsearchHost 192.168.0.9

если бы не пин, я бы подумал, что ошибся чатиком...

:)

О, ещё интернационал

RoleId = '3f678b9a-eb86-405b-bf64-72c53c0dcd19' (String)
HostAddress = '192.168.0.6' (String)
CybsiEnabled = 'False' (String)
CybsiHost = 'localhost' (String)
CybsiPort = '2443' (String)
SiemAddress = '192.168.0.9' (String)
SiemRMQUser = 'mpx_siem' (String)
SiemRMQPassword = 'P@ssw0rd' (String)
SiemElasticsearchHost = '192.168.0.9' (String)
CoreSiteId = '4D617850-6174-726F-6C39-536974654964' (String)
CoreInstallationId = 'd328246d-7a98-4ff0-ad67-e3cfdba00f41' (String)
SiteName = 'SIEM' (String)
DistributedDeployment = 'False' (Bool)
SqlServerName = 'localhost\MaxPatrolXCore' (String)
SqlServerUserName = 'sa' (String)
SqlServerPassword = 'P@ssw0rdP@ssw0rd' (String)
PostgreHost = 'localhost' (String)
PostgreUserName = 'pt_system' (String)
PostgrePassword = 'P@ssw0rdP@ssw0rd' (String)
SSLCertificateThumb = '805A6F12A9BF2978BCC718D718DB7E9F269E2D53' (String)
SmtpSender = 'Notification System <NoReply@SiemNotifications.com>' (String)
SmtpHost = 'localhost' (String)
SmtpPort = '25' (String)
SmtpUseDefaultCredentials = 'True' (Bool)
SmtpUser = '' (String)
SmtpPassword = '' (String)
SmtpSslEnabled = 'False' (Bool)
EmailNotificationRetryPeriodSeconds = '60' (String)
EmailNotificationRetryCount = '10' (String)
PtkbDbName = 'vm_content' (String)
UsePtbkServer = 'True' (Bool)
MongoDbHost = 'localhost' (String)
MongoDbPort = '27017' (String)
MongoDbLogin = 'admin' (String)
MongoDbPassword = 'P@ssw0rd' (String)
MongoDbAuthSource = 'admin' (String)
HideVulnerabilityGroups = 'False' (Bool)
PtkbFeatureHost = '192.168.0.6' (String)
DataVersion = '21.1.3058' (String)
InstallerVersion = '21.1.3058' (String)
RMQHost = 'localhost' (String)
RMQVirtualHost = 'mpx' (String)
RMQUser = 'mpx_core' (String)
RMQPassword = 'P@ssw0rd' (String)
RMQSslServerName = 'localhost' (String)
RMQSslCertPath = 'E:\Program Files\Positive Technologies\MaxPatrol SIEM Core\.install\scripts\Certificates\RMQ_Core_Client.p12' (String)
RMQSslCertPassword = 'oxah4kie2O' (String)
ServicesRMQHost = 'localhost' (String)
ServicesRMQVirtualHost = '/' (String)
ServicesRMQUser = 'mpx_core' (String)
ServicesRMQPassword = 'P@ssw0rd' (String)
ServicesRMQSslServerName = 'localhost' (String)
ServicesRMQSslCertPath = 'E:\Program Files\Positive Technologies\MaxPatrol SIEM Core\.install\scripts\Certificates\RMQ_Core_Client.p12' (String)
ServicesRMQSslCertPassword = 'oxah4kie2O' (String)
Replication = 'False' (Bool)
ReplicationPerScan = 'False' (Bool)
ReplicationInterval = '00:30:00' (String)
ReplicatedCores = '' (String)
StopOnMicroserviceError = 'False' (Bool)
IncidentAggregationTimeout = '00:01:00' (String)
IncidentIdenticalNotificationLimit = '100' (String)
PtmcHostAddress = '192.168.0.6' (String)
DefaultLocale = 'en-US' (String)
DefaultAssetTtl = '90.00:00:00' (String)
TtlCheckPeriod = '01.00:00:00' (String)
SaltMasterHost = '192.168.0.9' (String)
SaltMasterPort = '9035' (String)
MicroservicesCertificateThumb = '7EA87DDE95A95FD2D2BA8C9C1237110A9177DA46' (String)
OnlineHelpPortalUrl = '' (String)
UseOnlineHelpPortal = 'False' (Bool)
ConsiderEventsImportance = 'True' (Bool)

Ok, seems SIEM will work correctly from now

Please check elasticsearch health via http://192.168.0.9:9200/_cluster/health  and connectivity to siem server frontend via  http://192.168.0.9:8013/about

{"cluster_name":"ptsiem","status":"green","timed_out":false,"number_of_nodes":4,"number_of_data_nodes":2,"active_primary_shards":0,"active_shards":0,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0}

elastic is ok - ,"status":"green"

Please check frontend service status on 192.168.0.9 (something like systemctl status siemserver-frontend)