From a496b03de70b21267b9d77cf069d4e9d45456609 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Tue, 9 Mar 2021 20:52:34 -0500
Subject: [PATCH 1/5] Add missing MTU var for automation of advanced sensor

---
 setup/automation/distributed-iso-sensor | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/automation/distributed-iso-sensor b/setup/automation/distributed-iso-sensor
index 5df368336..9752e0f24 100644
--- a/setup/automation/distributed-iso-sensor
+++ b/setup/automation/distributed-iso-sensor
@@ -50,7 +50,7 @@ MNIC=eth0
 # MSEARCH=
 MSRV=distributed-manager
 MSRVIP=10.66.166.42
-# MTU=
+MTU=1500
 # NIDS=Suricata
 # NODE_ES_HEAP_SIZE=
 # NODE_LS_HEAP_SIZE=

From 46af6a5c84f016e6c3026f440e5aace8cc9209d1 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 10 Mar 2021 08:14:25 -0500
Subject: [PATCH 2/5] Ensure MTU is defined for advanced sensor automation

---
 setup/automation/distributed-net-ubuntu-suricata-sensor | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/automation/distributed-net-ubuntu-suricata-sensor b/setup/automation/distributed-net-ubuntu-suricata-sensor
index 6aa32c03d..6feadd6a4 100644
--- a/setup/automation/distributed-net-ubuntu-suricata-sensor
+++ b/setup/automation/distributed-net-ubuntu-suricata-sensor
@@ -50,7 +50,7 @@ MNIC=ens18
 # MSEARCH=
 MSRV=distributed-manager
 MSRVIP=10.66.166.66
-# MTU=
+MTU=1500
 # NIDS=Suricata
 # NODE_ES_HEAP_SIZE=
 # NODE_LS_HEAP_SIZE=

From 18203513abf657cff09427665dcab09688b5e8fb Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Wed, 10 Mar 2021 09:14:14 -0500
Subject: [PATCH 3/5] Update cert location for eval.import

---
 salt/filebeat/etc/filebeat.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index b6aa218ef..c680d61c1 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -261,6 +261,7 @@ output.{{ type }}:
 output.elasticsearch:
   enabled: true
   hosts: ["https://{{ MANAGER }}:9200"]
+  ssl.certificate_authorities: ["/usr/share/filebeat/intraca.crt"]
   pipelines:
     - pipeline: "%{[module]}.%{[dataset]}"
   indices:

From 180bba782e954e88bbc4d0c2672b7215165e0cef Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 10 Mar 2021 09:26:11 -0500
Subject: [PATCH 4/5] Expose zeek and suri pins for automation

---
 setup/automation/distributed-iso-sensor                 | 2 ++
 setup/automation/distributed-net-ubuntu-suricata-sensor | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/setup/automation/distributed-iso-sensor b/setup/automation/distributed-iso-sensor
index 9752e0f24..955019bd8 100644
--- a/setup/automation/distributed-iso-sensor
+++ b/setup/automation/distributed-iso-sensor
@@ -71,8 +71,10 @@ PATCHSCHEDULENAME=auto
 SOREMOTEPASS1=onionuser
 SOREMOTEPASS2=onionuser
 # STRELKA=1
+SURIPINS=(2 3)
 # THEHIVE=1
 # WAZUH=1
 # WEBUSER=onionuser@somewhere.invalid
 # WEBPASSWD1=0n10nus3r
 # WEBPASSWD2=0n10nus3r
+ZEEKPINS=(0 1)
diff --git a/setup/automation/distributed-net-ubuntu-suricata-sensor b/setup/automation/distributed-net-ubuntu-suricata-sensor
index 6feadd6a4..9489fb0f4 100644
--- a/setup/automation/distributed-net-ubuntu-suricata-sensor
+++ b/setup/automation/distributed-net-ubuntu-suricata-sensor
@@ -71,8 +71,10 @@ PATCHSCHEDULENAME=auto
 SOREMOTEPASS1=onionuser
 SOREMOTEPASS2=onionuser
 # STRELKA=1
+SURIPINS=(2 3)
 # THEHIVE=1
 # WAZUH=1
 # WEBUSER=onionuser@somewhere.invalid
 # WEBPASSWD1=0n10nus3r
 # WEBPASSWD2=0n10nus3r
+ZEEKPINS=(0 1)
\ No newline at end of file

From 3eb4a37c7600a0869a426b0c27e948389f16626f Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 10 Mar 2021 09:26:46 -0500
Subject: [PATCH 5/5] Expose zeek and suri pins for automation

---
 setup/automation/distributed-net-ubuntu-suricata-sensor | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/automation/distributed-net-ubuntu-suricata-sensor b/setup/automation/distributed-net-ubuntu-suricata-sensor
index 9489fb0f4..5540e4211 100644
--- a/setup/automation/distributed-net-ubuntu-suricata-sensor
+++ b/setup/automation/distributed-net-ubuntu-suricata-sensor
@@ -77,4 +77,4 @@ SURIPINS=(2 3)
 # WEBUSER=onionuser@somewhere.invalid
 # WEBPASSWD1=0n10nus3r
 # WEBPASSWD2=0n10nus3r
-ZEEKPINS=(0 1)
\ No newline at end of file
+ZEEKPINS=(0 1)