From 1afa12e6073644bd649dc2436e4d6c6eb2f2b473 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 13 Oct 2020 16:08:15 -0400
Subject: [PATCH] add elasticsearch template manager pillar and assign to
 manager node

---
 pillar/elasticsearch/manager.sls | 13 ++++++++++++
 pillar/top.sls                   | 35 ++++++++++++++++----------------
 2 files changed, 31 insertions(+), 17 deletions(-)
 create mode 100644 pillar/elasticsearch/manager.sls

diff --git a/pillar/elasticsearch/manager.sls b/pillar/elasticsearch/manager.sls
new file mode 100644
index 000000000..9ff97de5b
--- /dev/null
+++ b/pillar/elasticsearch/manager.sls
@@ -0,0 +1,13 @@
+elasticsearch:
+  templates:
+    - so/so-beats-template.json.jinja
+    - so/so-common-template.json
+    - so/so-firewall-template.json.jinja
+    - so/so-flow-template.json.jinja
+    - so/so-ids-template.json.jinja
+    - so/so-import-template.json.jinja
+    - so/so-osquery-template.json.jinja
+    - so/so-ossec-template.json.jinja
+    - so/so-strelka-template.json.jinja
+    - so/so-syslog-template.json.jinja
+    - so/so-zeek-template.json.jinja
diff --git a/pillar/top.sls b/pillar/top.sls
index 488286c6a..77db6fe60 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -14,22 +14,23 @@ base:
     - logstash.search
     - elasticsearch.search
 
-  '*_sensor':
-    - global
-    - zeeklogs
-    - healthcheck.sensor
-    - minions.{{ grains.id }}
-
-  '*_manager or *_managersearch':
-    - match: compound
-    - global
-    - data.*
-    - secrets
-    - minions.{{ grains.id }}
-
   '*_manager':
     - logstash
     - logstash.manager
+    - elasticsearch.manager
+
+  '*_manager or *_managersearch':
+    - match: compound
+    - data.*
+    - secrets
+    - global
+    - minions.{{ grains.id }}
+
+  '*_sensor':
+    - zeeklogs
+    - healthcheck.sensor
+    - global
+    - minions.{{ grains.id }}
 
   '*_eval':
     - data.*
@@ -57,29 +58,29 @@ base:
     - minions.{{ grains.id }}
 
   '*_heavynode':
-    - global
     - zeeklogs
+    - global
     - minions.{{ grains.id }}
 
   '*_helix':
-    - global
     - fireeye
     - zeeklogs
     - logstash
     - logstash.helix
+    - global
     - minions.{{ grains.id }}
 
   '*_fleet':
-    - global
     - data.*
     - secrets
+    - global
     - minions.{{ grains.id }}
 
   '*_searchnode':
-    - global
     - logstash
     - logstash.search
     - elasticsearch.search
+    - global
     - minions.{{ grains.id }}
 
   '*_import':