From 1284150382791b919c0ebd415a6da4f55d546563 Mon Sep 17 00:00:00 2001
From: DefensiveDepth <josh@defensivedepth.com>
Date: Thu, 27 Nov 2025 08:39:19 -0500
Subject: [PATCH] Move to manager init

---
 salt/manager/init.sls    | 22 ++++++++++++++++++++++
 salt/suricata/config.sls | 14 --------------
 2 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/salt/manager/init.sls b/salt/manager/init.sls
index da829c1ce..cf97a6f0b 100644
--- a/salt/manager/init.sls
+++ b/salt/manager/init.sls
@@ -211,6 +211,28 @@ git_config_set_safe_dirs:
       - /opt/so/conf/soc/ai_summary_repos/securityonion-resources
       - /nsm/airgap-resources/playbooks
       - /opt/so/conf/soc/playbooks
+
+surinsmrulesdir:
+  file.directory:
+    - name: /nsm/rules/suricata
+    - user: 939
+    - group: 939
+    - makedirs: True
+
+suriextractionrules:
+  file.managed:
+    - name: /nsm/rules/suricata/so_extraction.rules
+    - source: salt://suricata/files/so_extraction.rules
+    - user: 939
+    - group: 939
+
+surifiltersrules:
+  file.managed:
+    - name: /nsm/rules/suricata/so_filters.rules
+    - source: salt://suricata/files/so_filters.rules
+    - user: 939
+    - group: 939
+
 {% else %}
 
 {{sls}}_state_not_allowed:
diff --git a/salt/suricata/config.sls b/salt/suricata/config.sls
index 46f5b1d7e..7ce605e0b 100644
--- a/salt/suricata/config.sls
+++ b/salt/suricata/config.sls
@@ -126,20 +126,6 @@ surirulesync:
     - group: 940
     - show_changes: False
 
-suriextractionrules:
-  file.managed:
-    - name: /nsm/rules/suricata/so_extraction.rules
-    - source: salt://suricata/files/so_extraction.rules
-    - user: 939
-    - group: 939
-
-surifiltersrules:
-  file.managed:
-    - name: /nsm/rules/suricata/so_filters.rules
-    - source: salt://suricata/files/so_filters.rules
-    - user: 939
-    - group: 939
-
 surilogscript:
   file.managed:
     - name: /usr/local/bin/surilogcompress