CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

merge pillar with the defaults https://github.com/Security-Onion-Solutions/securityonion/issues/2319

Browse Source
This commit is contained in:
m0duspwnens
2020-12-11 14:35:06 -05:00
parent b8e8510dd2
commit 09b3a4a0dd
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/zeek/policy/securityonion/file-extraction/extract.zeek
View File

@@ -1,5 +1,5 @@
{%- import_yaml "zeek/fileextraction_defaults.yaml" as zeek_default %} {% import_yaml "zeek/fileextraction_defaults.yaml" as zeek_default -%}
{%- set zeek = salt['grains.filter_by'](zeek_default, default='zeek', merge=salt['pillar.get']('zeek', {})) %} {% set zeek = salt['grains.filter_by'](zeek_default, default='zeek', merge=salt['pillar.get']('zeek', {})) -%}
# Directory to stage Zeek extracted files before processing # Directory to stage Zeek extracted files before processing
redef FileExtract::prefix = "/nsm/zeek/extracted/"; redef FileExtract::prefix = "/nsm/zeek/extracted/";
# Set a limit to the file size # Set a limit to the file size
@@ -7,7 +7,7 @@ redef FileExtract::default_limit = 9000000;
# These are the mimetypes we want to rip off the networks # These are the mimetypes we want to rip off the networks
export { export {
global _mime_whitelist: table[string] of string = { global _mime_whitelist: table[string] of string = {
{%- for li in zeek.zeek.policy.file_extraction %} {%- for li in zeek.policy.file_extraction %}
{%- if not loop.last %} {%- if not loop.last %}
{%- for k,v in li.items() %} {%- for k,v in li.items() %}
["{{ k }}"] = "{{ v }}", ["{{ k }}"] = "{{ v }}",