CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactors playbook repo configuration

Browse Source 
Replaces individual playbook repo fields with an array of repos to support multiple playbook sources. Refactor Jinja.
This commit is contained in:
Corey Ogburn
2025-06-30 11:43:02 -06:00
parent fe76a79ebd
commit 33c23c30d3
2 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
salt/soc/defaults.yaml
View File

@@ -1464,12 +1464,16 @@ soc:
autoUpdateEnabled: true
playbookImportFrequencySeconds: 86400
playbookImportErrorSeconds: 600
playbookRepoUrl:
default: https://github.com/Security-Onion-Solutions/securityonion-resources-playbooks
airgap: file:///nsm/airgap-resources/playbooks/securityonion-resources-playbooks
playbookRepoBranch: main
playbookRepoPath: /opt/sensoroni/playbooks/
playbookPathInRepo: securityonion-normalized
playbookRepos:
default:
- repo: https://github.com/Security-Onion-Solutions/securityonion-resources-playbooks
branch: main
folder: securityonion-normalized
airgap:
- repo: file:///nsm/airgap-resources/playbooks/securityonion-resources-playbooks
branch: main
folder: securityonion-normalized
salt:
queueDir: /opt/sensoroni/queue
timeoutMs: 45000

6
salt/soc/merged.map.jinja
View File

@@ -61,11 +61,11 @@
{% do SOCMERGED.config.server.update({'airgapEnabled': false}) %}
{% endif %}
{# set playbookRepoUrl based on airgap or not #}
{# set playbookRepos based on airgap or not #}
{% if GLOBALS.airgap %}
{% do SOCMERGED.config.server.modules.playbook.update({'playbookRepoUrl': SOCMERGED.config.server.modules.playbook.playbookRepoUrl.airgap}) %}
{% do SOCMERGED.config.server.modules.playbook.update({'playbookRepos': SOCMERGED.config.server.modules.playbook.playbookRepos.airgap}) %}
{% else %}
{% do SOCMERGED.config.server.modules.playbook.update({'playbookRepoUrl': SOCMERGED.config.server.modules.playbook.playbookRepoUrl.default}) %}
{% do SOCMERGED.config.server.modules.playbook.update({'playbookRepos': SOCMERGED.config.server.modules.playbook.playbookRepos.default}) %}
{% endif %}
{# remove these modules if detections is disabled #}