Skip to content

Commit

Permalink
Merge pull request #12584 from Security-Onion-Solutions/jertel/suripcap
Browse files Browse the repository at this point in the history
handle airgap when detections not enabled
  • Loading branch information
jertel authored Mar 14, 2024
2 parents cc1356c + 844cfe5 commit 09bff01
Showing 1 changed file with 4 additions and 6 deletions.
10 changes: 4 additions & 6 deletions salt/soc/merged.map.jinja
Original file line number Diff line number Diff line change
Expand Up @@ -35,18 +35,16 @@
{% do SOCMERGED.config.server.modules.pop('elastalertengine') %}
{% do SOCMERGED.config.server.modules.pop('strelkaengine') %}
{% do SOCMERGED.config.server.modules.pop('suricataengine') %}
{% elif pillar.global.airgap %}
{# if system is Airgap, don't autoupdate Yara & Sigma rules #}
{% do SOCMERGED.config.server.modules.elastalertengine.update({'autoUpdateEnabled': false}) %}
{% do SOCMERGED.config.server.modules.strelkaengine.update({'autoUpdateEnabled': false}) %}
{% endif %}

{% if pillar.manager.playbook == 0 %}
{% do SOCMERGED.config.server.client.inactiveTools.append('toolPlaybook') %}
{% endif %}

{# if system is Airgap, don't autoupdate Yara & Sigma rules #}
{% if pillar.global.airgap %}
{% do SOCMERGED.config.server.modules.elastalertengine.update({'autoUpdateEnabled': false}) %}
{% do SOCMERGED.config.server.modules.strelkaengine.update({'autoUpdateEnabled': false}) %}
{% endif %}

{% set standard_actions = SOCMERGED.config.pop('actions') %}

{% if pillar.global.endgamehost != '' %}
Expand Down

0 comments on commit 09bff01

Please sign in to comment.