diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index af9bcaa5d..3edda8a4c 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -47,7 +47,9 @@ 'pcap', 'suricata', 'healthcheck', - 'tcpreplay' + 'tcpreplay', + 'zeek', + 'strelka' ] %} {% set kafka_states = [ @@ -78,14 +80,12 @@ ssl_states + manager_states + sensor_states + - elastic_stack_states + elastic_stack_states | reject('equalto', 'logstash') | list ), 'so-heavynode': ( ssl_states + sensor_states + - ['elasticagent', 'zeek', 'strelka'] + - ['elasticsearch', 'logstash', 'redis'] + - stig_states + ['elasticagent', 'elasticsearch', 'logstash', 'redis', 'nginx'] ), 'so-idh': ( ssl_states + @@ -94,9 +94,8 @@ 'so-import': ( ssl_states + manager_states + - sensor_states + - ['zeek'] + - ['elasticsearch', 'elasticsearch.auth', 'kibana', 'kibana.secrets'] + sensor_states | reject('equalto', 'strelka') | reject('equalto', 'healthcheck') | list + + ['elasticsearch', 'elasticsearch.auth', 'kibana', 'kibana.secrets', 'strelka.manager'] ), 'so-manager': ( ssl_states + @@ -124,7 +123,7 @@ ), 'so-searchnode': ( ssl_states + - ['kafka.ca', 'kafka.ssl', 'elasticsearch', 'logstash'] + + ['kafka.ca', 'kafka.ssl', 'elasticsearch', 'logstash', 'nginx'] + stig_states ), 'so-standalone': ( @@ -133,13 +132,12 @@ sensor_states + stig_states + kafka_states + - elastic_stack_states + - ['zeek', 'strelka'] + elastic_stack_states ), 'so-sensor': ( ssl_states + sensor_states + - ['nginx', 'zeek', 'strelka'] + + ['nginx'] + stig_states ), 'so-fleet': (