From 02d013c0cc41bd37ee2d8ee4f1319910072a99c3 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 15 Mar 2023 16:47:43 -0400
Subject: [PATCH] Re-Work IDSTOOLS

---
 salt/idstools/etc/rulecat.conf | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/salt/idstools/etc/rulecat.conf b/salt/idstools/etc/rulecat.conf
index 771b87ff8..8a6840267 100644
--- a/salt/idstools/etc/rulecat.conf
+++ b/salt/idstools/etc/rulecat.conf
@@ -1,6 +1,6 @@
 {%- from 'vars/globals.map.jinja' import GLOBALS %}
 {%- import_yaml 'idstools/defaults.yaml' as IDSTOOLSDEFAULTS %}
-{%- set IDSTOOLSMERGED = salt['pillar.get']('idstools:config', IDSTOOLSDEFAULTS.config, merge=True) %}
+{%- set IDSTOOLSMERGED = salt['pillar.get']('idstools', IDSTOOLSDEFAULTS, merge=True) %}
 {%- if GLOBALS.airgap is sameas true -%}
 --merged=/opt/so/rules/nids/all.rules
 --local=/opt/so/rules/nids/local.rules
@@ -23,16 +23,16 @@
 --disable=/opt/so/idstools/etc/disable.conf
 --enable=/opt/so/idstools/etc/enable.conf
 --modify=/opt/so/idstools/etc/modify.conf
-{%-   if IDSTOOLSMERGED.ruleset == 'ETOPEN' %}
+{%-   if IDSTOOLSMERGED.config.ruleset == 'ETOPEN' %}
 --etopen
-{%-   elif IDSTOOLSMERGED.ruleset == 'ETPRO' %}
---etpro={{ IDSTOOLSMERGED.oinkcode }}
-{%-   elif IDSTOOLSMERGED.ruleset == 'TALOS' %}
---url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ IDSTOOLSMERGED.oinkcode }}
+{%-   elif IDSTOOLSMERGED.config.ruleset == 'ETPRO' %}
+--etpro={{ IDSTOOLSMERGED.config.oinkcode }}
+{%-   elif IDSTOOLSMERGED.config.ruleset == 'TALOS' %}
+--url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ IDSTOOLSMERGED.config.oinkcode }}
 {%-   endif %}
 {%- endif %}
-{%- if IDSTOOLSMERGED.urls | length > 0 %}
-{%-   for URL in IDSTOOLSMERGED.urls %}
+{%- if IDSTOOLSMERGED.config.urls | length > 0 %}
+{%-   for URL in IDSTOOLSMERGED.config.urls %}
 --url={{ URL }}
 {%-   endfor %}
 {%- endif %}
\ No newline at end of file