From 259df2ed6b809d9f9e5a2047cf9907e333d174e7 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Sat, 12 Sep 2020 23:06:06 -0400
Subject: [PATCH] Fix Strelka

---
 salt/common/tools/sbin/so-yara-update | 1 +
 setup/so-functions                    | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/salt/common/tools/sbin/so-yara-update b/salt/common/tools/sbin/so-yara-update
index 918d6a9aa..1404b53d7 100755
--- a/salt/common/tools/sbin/so-yara-update
+++ b/salt/common/tools/sbin/so-yara-update
@@ -16,6 +16,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') -%}
 
+
 output_dir="/opt/so/saltstack/default/salt/strelka/rules"
 #mkdir -p $output_dir
 repos="$output_dir/repos.txt"
diff --git a/setup/so-functions b/setup/so-functions
index 17736dd76..0b017f269 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -55,7 +55,7 @@ airgap_rules() {
 	cp -Rv /root/SecurityOnion/agrules/sigma /nsm/repo/rules/
 
 	# Don't leave Strelka out
-	cp -v /root/SecurityOnion/agrules/strelka /nsm/repo/rules/
+	cp -Rv /root/SecurityOnion/agrules/strelka /nsm/repo/rules/
 
 
 }