CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove cron if disabled

Browse Source
This commit is contained in:
defensivedepth
2024-09-24 12:38:49 -04:00
parent 01f87218de
commit 0a74a53254
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/elasticfleet/config.sls
View File

@@ -113,7 +113,7 @@ elasticdefendcustom:
- mode: 600 - mode: 600
{% if ELASTICFLEETMERGED.config.defend_filters.enable_auto_configuration %} {% if ELASTICFLEETMERGED.config.defend_filters.enable_auto_configuration %}
cronelasticdefendfilters: cron-elastic-defend-filters-add:
cron.present: cron.present:
- name: python3 /sbin/so-elastic-defend-manage-filters.py -c /opt/so/conf/elasticsearch/curl.config -d /opt/so/conf/elastic-fleet/defend-exclusions/disabled-filters.yaml -i /nsm/securityonion-resources/event_filters/ -i /opt/so/conf/elastic-fleet/defend-exclusions/rulesets/custom-filters/ &>> /opt/so/log/elasticfleet/elastic-defend-manage-filters.log - name: python3 /sbin/so-elastic-defend-manage-filters.py -c /opt/so/conf/elasticsearch/curl.config -d /opt/so/conf/elastic-fleet/defend-exclusions/disabled-filters.yaml -i /nsm/securityonion-resources/event_filters/ -i /opt/so/conf/elastic-fleet/defend-exclusions/rulesets/custom-filters/ &>> /opt/so/log/elasticfleet/elastic-defend-manage-filters.log
- identifier: elastic-defend-filters - identifier: elastic-defend-filters
@@ -123,6 +123,10 @@ cronelasticdefendfilters:
- daymonth: '*' - daymonth: '*'
- month: '*' - month: '*'
- dayweek: '*' - dayweek: '*'
{% else %}
cron-elastic-defend-filters-remove:
cron.absent:
- identifier: elastic-defend-filters
{% endif %} {% endif %}
eaintegrationsdir: eaintegrationsdir:

4
salt/elasticfleet/enabled.sls
View File

@@ -154,8 +154,8 @@ so-elastic-defend-manage-filters-file-watch:
cmd.run: cmd.run:
- name: python3 /sbin/so-elastic-defend-manage-filters.py -c /opt/so/conf/elasticsearch/curl.config -d /opt/so/conf/elastic-fleet/defend-exclusions/disabled-filters.yaml -i /nsm/securityonion-resources/event_filters/ -i /opt/so/conf/elastic-fleet/defend-exclusions/rulesets/custom-filters/ &>> /opt/so/log/elasticfleet/elastic-defend-manage-filters.log - name: python3 /sbin/so-elastic-defend-manage-filters.py -c /opt/so/conf/elasticsearch/curl.config -d /opt/so/conf/elastic-fleet/defend-exclusions/disabled-filters.yaml -i /nsm/securityonion-resources/event_filters/ -i /opt/so/conf/elastic-fleet/defend-exclusions/rulesets/custom-filters/ &>> /opt/so/log/elasticfleet/elastic-defend-manage-filters.log
- onchanges: - onchanges:
- file: /opt/so/conf/elastic-fleet/defend-exclusions/rulesets/custom-filters-raw - file: elasticdefendcustom
- file: /opt/so/conf/elastic-fleet/defend-exclusions/disabled-filters.yaml - file: elasticdefenddisabled
{% endif %} {% endif %}
{% endif %} {% endif %}