CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-22 16:11:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11269 from Security-Onion-Solutions/issue/11210

Browse Source 
Issue/11210
This commit is contained in:
Josh Patterson
2023-09-07 16:54:16 -04:00
committed by GitHub
parent 70e1309c9f 8d269fee30
commit 3780ed1b4f
1 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
salt/soc/merged.map.jinja
View File

@@ -35,7 +35,18 @@
{% endif %}
{% set standard_actions = SOCMERGED.config.pop('actions') %}
{% if pillar.global.endgamehost is defined %}
{% if pillar.global.endgamehost != '' %}
{# this is added to prevent endgame_dict from being added to standard_actions for each time this file is rendered #}
{# since this map file is rendered 3 times, it causes endgame_dict to appened 3 times if custom actions are defined in the pillar #}
{% set endgame = namespace(add=true) %}
{% for d in standard_actions %}
{% if d.name is defined %}
{% if d.name == 'Endgame' %}
{% set endgame.add = false %}
{% endif %}
{% endif %}
{% endfor %}
{% set endgame_dict = {
"name": "Endgame",
"description": "Endgame Endpoint Investigation and Response",
@@ -44,7 +55,9 @@
"links": ["https://" ~ pillar.global.endgamehost ~ "/endpoints/{:agent.id}"]
}
%}
{% do standard_actions.append(endgame_dict) %}
{% if endgame.add %}
{% do standard_actions.append(endgame_dict) %}
{% endif %}
{% endif %}
{% do SOCMERGED.config.server.client.hunt.update({'actions': standard_actions}) %}