Fix bindings

salt/soc/defaults.yaml

@@ -1004,8 +1004,8 @@ soc:
           hostUrl:
         elastalertengine:
           communityRulesImportFrequencySeconds: 180
-          elastAlertRulesFolder: /opt/so/rules/elastalert
+          elastAlertRulesFolder: /opt/sensoroni/elastalert
-          rulesFingerprintFile: /opt/so/conf/soc/sigma.fingerprint
+          rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
           sigmaRulePackages: all
         elastic:
           hostUrl:
@@ -1053,10 +1053,10 @@ soc:
           reposFolder: /nsm/rules/strelka/repos
           rulesRepos:
           - https://github.com/Security-Onion-Solutions/securityonion-yara
-          yaraRulesFolder: /opt/so/conf/strelka/rules
+          yaraRulesFolder: /opt/sensoroni/yara
         suricataengine:
           communityRulesFile: /nsm/rules/suricata/emerging-all.rules
-          rulesFingerprintFile: /opt/so/conf/soc/emerging-all.fingerprint
+          rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint
       client:
         enableReverseLookup: false
         docsUrl: /docs/

salt/soc/enabled.sls

@@ -23,6 +23,9 @@ so-soc:
         - ipv4_address: {{ DOCKER.containers['so-soc'].ip }}
     - binds:
       - /nsm/rules:/nsm/rules:rw #Need to tighten this up?
+      - /opt/so/rules/yara:/opt/sensoroni/yara:rw
+      - /opt/so/rules/elastalert/rules:/opt/sensoroni/elastalert:rw
+      - /opt/so/conf/soc/fingerprints:/opt/sensoroni/fingerprints:rw
       - /nsm/soc/jobs:/opt/sensoroni/jobs:rw
       - /nsm/soc/uploads:/nsm/soc/uploads:rw
       - /opt/so/log/soc/:/opt/sensoroni/logs/:rw