Merge branch 'dev' into foxtrot

salt/logstash/pipelines/config/so/0011_input_endgame.conf

@@ -3,6 +3,8 @@ input {
     id => "endgame_data"
     port => 3765
     codec => es_bulk
+    request_headers_target_field => client_headers
+    remote_host_target_field => client_host
     ssl => true
     ssl_certificate_authorities => ["/usr/share/filebeat/ca.crt"]
     ssl_certificate => "/usr/share/logstash/filebeat.crt"

salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja

@@ -8,7 +8,7 @@
 filter {
   if [event][module] =~ "endgame" {
     mutate {
-      remove_field => ["headers", "host"]
+      remove_field => ["client_headers", "client_host"]
     }
   }
 }

salt/pcap/init.sls

@@ -117,8 +117,6 @@ so-steno:
     - start: {{ STENOOPTIONS.start }}
     - network_mode: host
     - privileged: True
-    - port_bindings:
-      - 127.0.0.1:1234:1234
     - binds:
       - /opt/so/conf/steno/certs:/etc/stenographer/certs:rw
       - /opt/so/conf/steno/config:/etc/stenographer/config:rw

setup/so-whiptail

@@ -285,7 +285,7 @@ whiptail_storage_requirements() {
 
 		You need ${needed_val} to meet minimum requirements.
 
-		Visit https://docs.securityonion.net/en/2.1/hardware.html for more information.
+		Visit https://docs.securityonion.net/en/latest/hardware.html for more information.
 
 		Select YES to continue anyway, or select NO to cancel.
 	EOM
@@ -1776,7 +1776,7 @@ whiptail_storage_requirements() {
 
 		You need ${needed_val} to meet minimum requirements.
 
-		Visit https://docs.securityonion.net/en/2.1/hardware.html for more information.
+		Visit https://docs.securityonion.net/en/latest/hardware.html for more information.
 
 		Press YES to continue anyway, or press NO to cancel.
 	EOM