Airgap support

salt/manager/tools/sbin/soup

@@ -888,6 +888,12 @@ update_airgap_rules() {
   rsync -av $UPDATE_DIR/agrules/suricata/* /nsm/rules/suricata/
   rsync -av $UPDATE_DIR/agrules/detect-sigma/* /nsm/rules/detect-sigma/
   rsync -av $UPDATE_DIR/agrules/detect-yara/* /nsm/rules/detect-yara/
+  # Checkout the stable summaries branch and copy them over for SOC
+  git -C $UPDATE_DIR/agrules/securityonion-resources/ checkout generated-summaries-stable
+  rsync -av $UPDATE_DIR/agrules/securityonion-resources/* /opt/so/conf/soc/ai_summary_repos
+  # Checkout the main branch and copy them over to nsm
+  git -C $UPDATE_DIR/agrules/securityonion-resources/ checkout main
+  rsync -av $UPDATE_DIR/agrules/securityonion-resources/* /nsm/securityonion-resources/
 }
 
 update_airgap_repo() {

setup/so-functions

@@ -42,9 +42,10 @@ logCmd() {
 ### End Logging Section ###
 
 airgap_rules() {
-	# Copy the rules for suricata if using Airgap
+	# Copy the rules for detections if using Airgap
 	mkdir -p /nsm/rules
-	cp -Rv /root/SecurityOnion/agrules/* /nsm/rules/
+	rsync -av --exclude='securityonion-resources' /root/SecurityOnion/agrules/ /nsm/rules/
+	rsync -av  /root/SecurityOnion/agrules/securityonion-resources/ /nsm/
 }
 
 add_admin_user() {