diff --git a/salt/soc/merged.map.jinja b/salt/soc/merged.map.jinja index 2012917af2..c22ed2210d 100644 --- a/salt/soc/merged.map.jinja +++ b/salt/soc/merged.map.jinja @@ -35,18 +35,16 @@ {% do SOCMERGED.config.server.modules.pop('elastalertengine') %} {% do SOCMERGED.config.server.modules.pop('strelkaengine') %} {% do SOCMERGED.config.server.modules.pop('suricataengine') %} +{% elif pillar.global.airgap %} + {# if system is Airgap, don't autoupdate Yara & Sigma rules #} + {% do SOCMERGED.config.server.modules.elastalertengine.update({'autoUpdateEnabled': false}) %} + {% do SOCMERGED.config.server.modules.strelkaengine.update({'autoUpdateEnabled': false}) %} {% endif %} {% if pillar.manager.playbook == 0 %} {% do SOCMERGED.config.server.client.inactiveTools.append('toolPlaybook') %} {% endif %} -{# if system is Airgap, don't autoupdate Yara & Sigma rules #} -{% if pillar.global.airgap %} - {% do SOCMERGED.config.server.modules.elastalertengine.update({'autoUpdateEnabled': false}) %} - {% do SOCMERGED.config.server.modules.strelkaengine.update({'autoUpdateEnabled': false}) %} -{% endif %} - {% set standard_actions = SOCMERGED.config.pop('actions') %} {% if pillar.global.endgamehost != '' %}