From 0b8a7f5b67566b6230cf51fd9132630e6dbe06de Mon Sep 17 00:00:00 2001
From: Josh Patterson <josh.patterson@securityonionsolutions.com>
Date: Wed, 2 Apr 2025 10:10:34 -0400
Subject: [PATCH] fix strelka annotations. restart strelka containers on config
 change

---
 salt/strelka/backend/enabled.sls    | 4 ++++
 salt/strelka/filestream/enabled.sls | 2 ++
 salt/strelka/frontend/enabled.sls   | 2 ++
 salt/strelka/manager/enabled.sls    | 2 ++
 salt/strelka/soc_strelka.yaml       | 4 ++--
 5 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/salt/strelka/backend/enabled.sls b/salt/strelka/backend/enabled.sls
index a26905e1f..3a830c9b0 100644
--- a/salt/strelka/backend/enabled.sls
+++ b/salt/strelka/backend/enabled.sls
@@ -44,6 +44,10 @@ strelka_backend:
     - restart_policy: on-failure
     - watch:
       - file: strelkasensorcompiledrules
+      - file: backend_backend_config
+      - file: backend_logging_config
+      - file: backend_passwords
+      - file: backend_taste
 
 delete_so-strelka-backend_so-status.disabled:
   file.uncomment:
diff --git a/salt/strelka/filestream/enabled.sls b/salt/strelka/filestream/enabled.sls
index f04631eca..c90b1e83f 100644
--- a/salt/strelka/filestream/enabled.sls
+++ b/salt/strelka/filestream/enabled.sls
@@ -41,6 +41,8 @@ strelka_filestream:
       - {{ XTRAENV }}
       {% endfor %}
     {% endif %}
+    - watch:
+      - file: filestream_config
 
 delete_so-strelka-filestream_so-status.disabled:
   file.uncomment:
diff --git a/salt/strelka/frontend/enabled.sls b/salt/strelka/frontend/enabled.sls
index e4ecc7ca5..f95a31a7e 100644
--- a/salt/strelka/frontend/enabled.sls
+++ b/salt/strelka/frontend/enabled.sls
@@ -46,6 +46,8 @@ strelka_frontend:
       - {{ XTRAENV }}
       {% endfor %}
     {% endif %}
+    - watch:
+      - file: frontend_config
 
 delete_so-strelka-frontend_so-status.disabled:
   file.uncomment:
diff --git a/salt/strelka/manager/enabled.sls b/salt/strelka/manager/enabled.sls
index aec44b4b0..6158a5c28 100644
--- a/salt/strelka/manager/enabled.sls
+++ b/salt/strelka/manager/enabled.sls
@@ -40,6 +40,8 @@ strelka_manager:
       - {{ XTRAENV }}
       {% endfor %}
     {% endif %}
+    - watch:
+      - file: manager_config
 
 delete_so-strelka-manager_so-status.disabled:
   file.uncomment:
diff --git a/salt/strelka/soc_strelka.yaml b/salt/strelka/soc_strelka.yaml
index 1dc4fa455..609223db6 100644
--- a/salt/strelka/soc_strelka.yaml
+++ b/salt/strelka/soc_strelka.yaml
@@ -70,8 +70,8 @@ strelka:
             global: False
             helpLink: strelka.html
             advanced: True
-            type: json
-            multiline: True
+            forcedType: "[]{}"
+            syntax: json
           'ScanBatch': *scannerOptions
           'ScanBzip2': *scannerOptions
           'ScanDocx': *scannerOptions