Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion-saltstack into dev

2025-12-07 17:52:46 +01:00 · 2020-04-27 16:48:14 -04:00
parent 95ddb80612 90aabde4c9
commit 3b5736f983
69 changed files with 519 additions and 467 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-1.2.1
+1.2.2
--- a/pillar/docker/config.sls
+++ b/pillar/docker/config.sls
@@ -10,7 +10,7 @@
 eval:
  containers:
-    - so-core
+    - so-nginx
    - so-telegraf
    {% if  GRAFANA == '1' %}
    - so-influxdb
@@ -54,7 +54,7 @@ eval:
    {% endif %}
 heavy_node:
  containers:
-    - so-core
+    - so-nginx
    - so-telegraf
    - so-redis
    - so-logstash
@@ -69,7 +69,7 @@ heavy_node:
    {% endif %}
 helix:
  containers:
-    - so-core
+    - so-nginx
    - so-telegraf
    - so-idstools
    - so-steno
@@ -79,14 +79,14 @@ helix:
    - so-filebeat
 hot_node:
  containers:
-    - so-core
+    - so-nginx
    - so-telegraf
    - so-logstash
    - so-elasticsearch
    - so-curator
 master_search:
  containers:
-    - so-core
+    - so-nginx
    - so-telegraf
    - so-soc
    - so-kratos
@@ -127,7 +127,7 @@ master_search:
 master:
  containers:
    - so-dockerregistry
-    - so-core
+    - so-nginx
    - so-telegraf
    {% if  GRAFANA == '1' %}
    - so-influxdb
@@ -169,12 +169,12 @@ master:
    {% endif %}
 parser_node:
  containers:
-    - so-core
+    - so-nginx
    - so-telegraf
    - so-logstash
 search_node:
  containers:
-    - so-core
+    - so-nginx
    - so-telegraf
    - so-logstash
    - so-elasticsearch
@@ -185,7 +185,7 @@ search_node:
    {% endif %}
 sensor:
  containers:
-    - so-core
+    - so-nginx
    - so-telegraf
    - so-steno
    - so-suricata
@@ -196,7 +196,7 @@ sensor:
    - so-filebeat
 warm_node:
  containers:
-    - so-core
+    - so-nginx
    - so-telegraf
    - so-elasticsearch
 fleet:
@@ -206,6 +206,6 @@ fleet:
    - so-fleet
    - so-redis
    - so-filebeat
-    - so-core
+    - so-nginx
    - so-telegraf
    {% endif %}
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -1,8 +1,3 @@
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
 {% set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) %}
 {% set FLEETNODE = salt['pillar.get']('static:fleet_node', False) %}
 # Add socore Group
 socoregroup:
  group.present:
@@ -18,34 +13,15 @@ socore:
    - createhome: True
    - shell: /bin/bash
 # Create a state directory
 statedir:
  file.directory:
    - name: /opt/so/state
    - user: 939
    - group: 939
    - makedirs: True
 salttmp:
  file.directory:
    - name: /opt/so/tmp
    - user: 939
    - group: 939
    - makedirs: True
 # Install packages needed for the sensor
 sensorpkgs:
  pkg.installed:
    - skip_suggestions: False
    - pkgs:
      - docker-ce
      - wget
      - jq
      {% if grains['os'] != 'CentOS' %}
      - python-docker
      - python-m2crypto
      - apache2-utils
      {% else %}
      - net-tools
@@ -64,7 +40,6 @@ alwaysupdated:
    - skip_suggestions: True
 # Set time to UTC
 Etc/UTC:
  timezone.system
@@ -77,339 +52,3 @@ utilsyncscripts:
    - file_mode: 755
    - template: jinja
    - source: salt://common/tools/sbin
 # Make sure Docker is running!
 docker:
  service.running:
    - enable: True
 # Drop the correct nginx config based on role
 nginxconfdir:
  file.directory:
    - name: /opt/so/conf/nginx
    - user: 939
    - group: 939
    - makedirs: True
 nginxconf:
  file.managed:
    - name: /opt/so/conf/nginx/nginx.conf
    - user: 939
    - group: 939
    - template: jinja
    - source: salt://common/nginx/nginx.conf.{{ grains.role }}
 nginxlogdir:
  file.directory:
    - name: /opt/so/log/nginx/
    - user: 939
    - group: 939
    - makedirs: True
 nginxtmp:
  file.directory:
    - name: /opt/so/tmp/nginx/tmp
    - user: 939
    - group: 939
    - makedirs: True
 so-core:
  docker_container.running:
    - image: {{ MASTER }}:5000/soshybridhunter/so-core:{{ VERSION }}
    - hostname: so-core
    - user: socore
    - binds:
      - /opt/so:/opt/so:rw
      - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - /opt/so/log/nginx/:/var/log/nginx:rw
      - /opt/so/tmp/nginx/:/var/lib/nginx:rw
      - /opt/so/tmp/nginx/:/run:rw
      - /etc/pki/masterssl.crt:/etc/pki/nginx/server.crt:ro
      - /etc/pki/masterssl.key:/etc/pki/nginx/server.key:ro
      - /opt/so/conf/fleet/packages:/opt/socore/html/packages
    - cap_add: NET_BIND_SERVICE
    - port_bindings:
      - 80:80
      - 443:443
    {%- if FLEETMASTER or FLEETNODE %}
      - 8090:8090
    {%- endif %}
    - watch:
      - file: /opt/so/conf/nginx/nginx.conf
 # Add Telegraf to monitor all the things.
 tgraflogdir:
  file.directory:
    - name: /opt/so/log/telegraf
    - makedirs: True
 tgrafetcdir:
  file.directory:
    - name: /opt/so/conf/telegraf/etc
    - makedirs: True
 tgrafetsdir:
  file.directory:
    - name: /opt/so/conf/telegraf/scripts
    - makedirs: True
 tgrafsyncscripts:
  file.recurse:
    - name: /opt/so/conf/telegraf/scripts
    - user: 939
    - group: 939
    - file_mode: 755
    - template: jinja
    - source: salt://common/telegraf/scripts
 tgrafconf:
  file.managed:
    - name: /opt/so/conf/telegraf/etc/telegraf.conf
    - user: 939
    - group: 939
    - template: jinja
    - source: salt://common/telegraf/etc/telegraf.conf
 so-telegraf:
  docker_container.running:
    - image: {{ MASTER }}:5000/soshybridhunter/so-telegraf:{{ VERSION }}
    - environment:
      - HOST_PROC=/host/proc
      - HOST_ETC=/host/etc
      - HOST_SYS=/host/sys
      - HOST_MOUNT_PREFIX=/host
    - network_mode: host
    - port_bindings:
      - 127.0.0.1:8094:8094
    - binds:
      - /opt/so/log/telegraf:/var/log/telegraf:rw
      - /opt/so/conf/telegraf/etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro
      - /var/run/utmp:/var/run/utmp:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /:/host/root:ro
      - /sys:/host/sys:ro
      - /proc:/host/proc:ro
      - /nsm:/host/nsm:ro
      - /etc:/host/etc:ro
      {% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' or grains['role'] == 'so-mastersearch' %}
      - /etc/pki/ca.crt:/etc/telegraf/ca.crt:ro
      {% else %}
      - /etc/ssl/certs/intca.crt:/etc/telegraf/ca.crt:ro
      {% endif %}
      - /etc/pki/influxdb.crt:/etc/telegraf/telegraf.crt:ro
      - /etc/pki/influxdb.key:/etc/telegraf/telegraf.key:ro
      - /opt/so/conf/telegraf/scripts:/scripts:ro
      - /opt/so/log/stenographer:/var/log/stenographer:ro
      - /opt/so/log/suricata:/var/log/suricata:ro
    - watch:
      - /opt/so/conf/telegraf/etc/telegraf.conf
      - /opt/so/conf/telegraf/scripts
 # If its a master or eval lets install the back end for now
 {% if grains['role'] in ['so-master', 'so-mastersearch', 'so-eval'] and GRAFANA == 1 %}
 # Influx DB
 influxconfdir:
  file.directory:
    - name: /opt/so/conf/influxdb/etc
    - makedirs: True
 influxdbdir:
  file.directory:
    - name: /nsm/influxdb
    - makedirs: True
 influxdbconf:
  file.managed:
    - name: /opt/so/conf/influxdb/etc/influxdb.conf
    - user: 939
    - group: 939
    - template: jinja
    - source: salt://common/influxdb/etc/influxdb.conf
 so-influxdb:
  docker_container.running:
    - image: {{ MASTER }}:5000/soshybridhunter/so-influxdb:{{ VERSION }}
    - hostname: influxdb
    - environment:
      - INFLUXDB_HTTP_LOG_ENABLED=false
    - binds:
      - /opt/so/conf/influxdb/etc/influxdb.conf:/etc/influxdb/influxdb.conf:ro
      - /nsm/influxdb:/var/lib/influxdb:rw
      - /etc/pki/influxdb.crt:/etc/ssl/influxdb.crt:ro
      - /etc/pki/influxdb.key:/etc/ssl/influxdb.key:ro
    - port_bindings:
      - 0.0.0.0:8086:8086
    - watch:
      - file: /opt/so/conf/influxdb/etc/influxdb.conf
 # Grafana all the things
 grafanadir:
  file.directory:
    - name: /nsm/grafana
    - user: 939
    - group: 939
    - makedirs: True
 grafanaconfdir:
  file.directory:
    - name: /opt/so/conf/grafana/etc
    - user: 939
    - group: 939
    - makedirs: True
 grafanadashdir:
  file.directory:
    - name: /opt/so/conf/grafana/grafana_dashboards
    - user: 939
    - group: 939
    - makedirs: True
 grafanadashmdir:
  file.directory:
    - name: /opt/so/conf/grafana/grafana_dashboards/master
    - user: 939
    - group: 939
    - makedirs: True
 grafanadashevaldir:
  file.directory:
    - name: /opt/so/conf/grafana/grafana_dashboards/eval
    - user: 939
    - group: 939
    - makedirs: True
 grafanadashfndir:
  file.directory:
    - name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes
    - user: 939
    - group: 939
    - makedirs: True
 grafanadashsndir:
  file.directory:
    - name: /opt/so/conf/grafana/grafana_dashboards/search_nodes
    - user: 939
    - group: 939
    - makedirs: True
 grafanaconf:
  file.recurse:
    - name: /opt/so/conf/grafana/etc
    - user: 939
    - group: 939
    - template: jinja
    - source: salt://common/grafana/etc
 {% if salt['pillar.get']('mastertab', False) %}
 {% for SN, SNDATA in salt['pillar.get']('mastertab', {}).items() %}
 {% set NODETYPE = SN.split('_')|last %}
 {% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
 dashboard-master:
  file.managed:
    - name: /opt/so/conf/grafana/grafana_dashboards/master/{{ SN }}-Master.json
    - user: 939
    - group: 939
    - template: jinja
    - source: salt://common/grafana/grafana_dashboards/master/master.json
    - defaults:
      SERVERNAME: {{ SN }}
      MANINT: {{ SNDATA.manint }}
      MONINT: {{ SNDATA.manint }}
      CPUS: {{ SNDATA.totalcpus }}
      UID: {{ SNDATA.guid }}
      ROOTFS: {{ SNDATA.rootfs }}
      NSMFS: {{ SNDATA.nsmfs }}
 {% endfor %}
 {% endif %}
 {% if salt['pillar.get']('sensorstab', False) %}
 {% for SN, SNDATA in salt['pillar.get']('sensorstab', {}).items() %}
 {% set NODETYPE = SN.split('_')|last %}
 {% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
 dashboard-{{ SN }}:
  file.managed:
    - name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes/{{ SN }}-Sensor.json
    - user: 939
    - group: 939
    - template: jinja
    - source: salt://common/grafana/grafana_dashboards/sensor_nodes/sensor.json
    - defaults:
      SERVERNAME: {{ SN }}
      MONINT: {{ SNDATA.monint }}
      MANINT: {{ SNDATA.manint }}
      CPUS: {{ SNDATA.totalcpus }}
      UID: {{ SNDATA.guid }}
      ROOTFS: {{ SNDATA.rootfs }}
      NSMFS: {{ SNDATA.nsmfs }}
 {% endfor %}
 {% endif %}
 {% if salt['pillar.get']('nodestab', False) %}
 {% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
 {% set NODETYPE = SN.split('_')|last %}
 {% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
 dashboardsearch-{{ SN }}:
  file.managed:
    - name: /opt/so/conf/grafana/grafana_dashboards/search_nodes/{{ SN }}-Node.json
    - user: 939
    - group: 939
    - template: jinja
    - source: salt://common/grafana/grafana_dashboards/search_nodes/searchnode.json
    - defaults:
      SERVERNAME: {{ SN }}
      MANINT: {{ SNDATA.manint }}
      MONINT: {{ SNDATA.manint }}
      CPUS: {{ SNDATA.totalcpus }}
      UID: {{ SNDATA.guid }}
      ROOTFS: {{ SNDATA.rootfs }}
      NSMFS: {{ SNDATA.nsmfs }}
 {% endfor %}
 {% endif %}
 {% if salt['pillar.get']('evaltab', False) %}
 {% for SN, SNDATA in salt['pillar.get']('evaltab', {}).items() %}
 {% set NODETYPE = SN.split('_')|last %}
 {% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
 dashboard-{{ SN }}:
  file.managed:
    - name: /opt/so/conf/grafana/grafana_dashboards/eval/{{ SN }}-Node.json
    - user: 939
    - group: 939
    - template: jinja
    - source: salt://common/grafana/grafana_dashboards/eval/eval.json
    - defaults:
      SERVERNAME: {{ SN }}
      MANINT: {{ SNDATA.manint }}
      MONINT: {{ SNDATA.monint }}
      CPUS: {{ SNDATA.totalcpus }}
      UID: {{ SNDATA.guid }}
      ROOTFS: {{ SNDATA.rootfs }}
      NSMFS: {{ SNDATA.nsmfs }}
 {% endfor %}
 {% endif %}
 so-grafana:
  docker_container.running:
    - image: {{ MASTER }}:5000/soshybridhunter/so-grafana:{{ VERSION }}
    - hostname: grafana
    - user: socore
    - binds:
      - /nsm/grafana:/var/lib/grafana:rw
      - /opt/so/conf/grafana/etc/grafana.ini:/etc/grafana/grafana.ini:ro
      - /opt/so/conf/grafana/etc/datasources:/etc/grafana/provisioning/datasources:rw
      - /opt/so/conf/grafana/etc/dashboards:/etc/grafana/provisioning/dashboards:rw
      - /opt/so/conf/grafana/grafana_dashboards:/etc/grafana/grafana_dashboards:rw
    - environment:
      - GF_SECURITY_ADMIN_PASSWORD=augusta
    - port_bindings:
      - 0.0.0.0:3000:3000
    - watch:
      - file: /opt/so/conf/grafana/*
 {% endif %}
--- a/salt/common/tools/sbin/so-elastic-download
+++ b/salt/common/tools/sbin/so-elastic-download
@@ -2,7 +2,7 @@
 MASTER=MASTER
 VERSION="HH1.1.4"
 TRUSTED_CONTAINERS=( \
-"so-core:$VERSION" \
+"so-nginx:$VERSION" \
 "so-thehive-cortex:$VERSION" \
 "so-curator:$VERSION" \
 "so-domainstats:$VERSION" \
--- a/salt/curator/init.sls
+++ b/salt/curator/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% if grains['role'] == 'so-node' or grains['role'] == 'so-eval' %}
 # Curator
--- a/salt/docker/init.sls
+++ b/salt/docker/init.sls
@@ -0,0 +1,8 @@
 installdocker:
  pkg.installed:
    - name: docker-ce
 # Make sure Docker is running!
 docker:
  service.running:
    - enable: True
--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -12,7 +12,7 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% if grains['role'] == 'so-master' %}
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -12,7 +12,7 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
 {% if FEATURES %}
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -11,7 +11,7 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set MASTERIP = salt['pillar.get']('static:masterip', '') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
--- a/salt/fleet/files/scripts/so-fleet-setup
+++ b/salt/fleet/files/scripts/so-fleet-setup
@@ -41,7 +41,7 @@ sleep 120
 echo "Installing launcher via salt..."
 salt-call state.apply fleet.install_package queue=True >> /root/fleet-setup.log
 salt-call state.apply filebeat queue=True >> /root/fleet-setup.log
-docker stop so-core
+docker stop so-nginx
 salt-call state.apply common queue=True >> /root/fleet-setup.log
 echo "Fleet Setup Complete - Login here: https://{{ MAIN_HOSTNAME }}"
--- a/salt/fleet/init.sls
+++ b/salt/fleet/init.sls
@@ -1,7 +1,7 @@
 {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
 {%- set FLEETPASS = salt['pillar.get']('secrets:fleet', None) -%}
 {%- set FLEETJWT = salt['pillar.get']('secrets:fleet_jwt', None) -%}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set MAINIP = salt['pillar.get']('node:mainip') %}
 {% set FLEETARCH = salt['grains.get']('role') %}
--- a/salt/common/grafana/grafana_dashboards/eval/eval.json
+++ b/salt/common/grafana/grafana_dashboards/eval/eval.json
--- a/salt/common/grafana/grafana_dashboards/master/master.json
+++ b/salt/common/grafana/grafana_dashboards/master/master.json
--- a/salt/common/grafana/grafana_dashboards/search_nodes/searchnode.json
+++ b/salt/common/grafana/grafana_dashboards/search_nodes/searchnode.json
--- a/salt/common/grafana/grafana_dashboards/sensor_nodes/sensor.json
+++ b/salt/common/grafana/grafana_dashboards/sensor_nodes/sensor.json
--- a/salt/common/grafana/etc/dashboards/dashboard.yml
+++ b/salt/common/grafana/etc/dashboards/dashboard.yml
--- a/salt/common/grafana/etc/datasources/influxdb.yaml
+++ b/salt/common/grafana/etc/datasources/influxdb.yaml
--- a/salt/common/grafana/etc/grafana.ini
+++ b/salt/common/grafana/etc/grafana.ini
--- a/salt/grafana/init.sls
+++ b/salt/grafana/init.sls
@@ -0,0 +1,175 @@
 {% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% if grains['role'] in ['so-master', 'so-mastersearch', 'so-eval'] and GRAFANA == 1 %}
 # Grafana all the things
 grafanadir:
  file.directory:
    - name: /nsm/grafana
    - user: 939
    - group: 939
    - makedirs: True
 grafanaconfdir:
  file.directory:
    - name: /opt/so/conf/grafana/etc
    - user: 939
    - group: 939
    - makedirs: True
 grafanadashdir:
  file.directory:
    - name: /opt/so/conf/grafana/grafana_dashboards
    - user: 939
    - group: 939
    - makedirs: True
 grafanadashmdir:
  file.directory:
    - name: /opt/so/conf/grafana/grafana_dashboards/master
    - user: 939
    - group: 939
    - makedirs: True
 grafanadashevaldir:
  file.directory:
    - name: /opt/so/conf/grafana/grafana_dashboards/eval
    - user: 939
    - group: 939
    - makedirs: True
 grafanadashfndir:
  file.directory:
    - name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes
    - user: 939
    - group: 939
    - makedirs: True
 grafanadashsndir:
  file.directory:
    - name: /opt/so/conf/grafana/grafana_dashboards/search_nodes
    - user: 939
    - group: 939
    - makedirs: True
 grafanaconf:
  file.recurse:
    - name: /opt/so/conf/grafana/etc
    - user: 939
    - group: 939
    - template: jinja
    - source: salt://grafana/etc
 {% if salt['pillar.get']('mastertab', False) %}
 {% for SN, SNDATA in salt['pillar.get']('mastertab', {}).items() %}
 {% set NODETYPE = SN.split('_')|last %}
 {% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
 dashboard-master:
  file.managed:
    - name: /opt/so/conf/grafana/grafana_dashboards/master/{{ SN }}-Master.json
    - user: 939
    - group: 939
    - template: jinja
    - source: salt://grafana/dashboards/master/master.json
    - defaults:
      SERVERNAME: {{ SN }}
      MANINT: {{ SNDATA.manint }}
      MONINT: {{ SNDATA.manint }}
      CPUS: {{ SNDATA.totalcpus }}
      UID: {{ SNDATA.guid }}
      ROOTFS: {{ SNDATA.rootfs }}
      NSMFS: {{ SNDATA.nsmfs }}
 {% endfor %}
 {% endif %}
 {% if salt['pillar.get']('sensorstab', False) %}
 {% for SN, SNDATA in salt['pillar.get']('sensorstab', {}).items() %}
 {% set NODETYPE = SN.split('_')|last %}
 {% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
 dashboard-{{ SN }}:
  file.managed:
    - name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes/{{ SN }}-Sensor.json
    - user: 939
    - group: 939
    - template: jinja
    - source: salt://grafana/dashboards/sensor_nodes/sensor.json
    - defaults:
      SERVERNAME: {{ SN }}
      MONINT: {{ SNDATA.monint }}
      MANINT: {{ SNDATA.manint }}
      CPUS: {{ SNDATA.totalcpus }}
      UID: {{ SNDATA.guid }}
      ROOTFS: {{ SNDATA.rootfs }}
      NSMFS: {{ SNDATA.nsmfs }}
 {% endfor %}
 {% endif %}
 {% if salt['pillar.get']('nodestab', False) %}
 {% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
 {% set NODETYPE = SN.split('_')|last %}
 {% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
 dashboardsearch-{{ SN }}:
  file.managed:
    - name: /opt/so/conf/grafana/grafana_dashboards/search_nodes/{{ SN }}-Node.json
    - user: 939
    - group: 939
    - template: jinja
    - source: salt://grafana/dashboards/search_nodes/searchnode.json
    - defaults:
      SERVERNAME: {{ SN }}
      MANINT: {{ SNDATA.manint }}
      MONINT: {{ SNDATA.manint }}
      CPUS: {{ SNDATA.totalcpus }}
      UID: {{ SNDATA.guid }}
      ROOTFS: {{ SNDATA.rootfs }}
      NSMFS: {{ SNDATA.nsmfs }}
 {% endfor %}
 {% endif %}
 {% if salt['pillar.get']('evaltab', False) %}
 {% for SN, SNDATA in salt['pillar.get']('evaltab', {}).items() %}
 {% set NODETYPE = SN.split('_')|last %}
 {% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
 dashboard-{{ SN }}:
  file.managed:
    - name: /opt/so/conf/grafana/grafana_dashboards/eval/{{ SN }}-Node.json
    - user: 939
    - group: 939
    - template: jinja
    - source: salt://grafana/dashboards/eval/eval.json
    - defaults:
      SERVERNAME: {{ SN }}
      MANINT: {{ SNDATA.manint }}
      MONINT: {{ SNDATA.monint }}
      CPUS: {{ SNDATA.totalcpus }}
      UID: {{ SNDATA.guid }}
      ROOTFS: {{ SNDATA.rootfs }}
      NSMFS: {{ SNDATA.nsmfs }}
 {% endfor %}
 {% endif %}
 so-grafana:
  docker_container.running:
    - image: {{ MASTER }}:5000/soshybridhunter/so-grafana:{{ VERSION }}
    - hostname: grafana
    - user: socore
    - binds:
      - /nsm/grafana:/var/lib/grafana:rw
      - /opt/so/conf/grafana/etc/grafana.ini:/etc/grafana/grafana.ini:ro
      - /opt/so/conf/grafana/etc/datasources:/etc/grafana/provisioning/datasources:rw
      - /opt/so/conf/grafana/etc/dashboards:/etc/grafana/provisioning/dashboards:rw
      - /opt/so/conf/grafana/grafana_dashboards:/etc/grafana/grafana_dashboards:rw
    - environment:
      - GF_SECURITY_ADMIN_PASSWORD=augusta
    - port_bindings:
      - 0.0.0.0:3000:3000
    - watch:
      - file: /opt/so/conf/grafana/*
 {% endif %}
--- a/salt/hive/init.sls
+++ b/salt/hive/init.sls
@@ -1,5 +1,5 @@
 {% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 hiveconfdir:
  file.directory:
--- a/salt/idstools/init.sls
+++ b/salt/idstools/init.sls
@@ -12,7 +12,7 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 # IDSTools Setup
 idstoolsdir:
--- a/salt/common/influxdb/etc/influxdb.conf
+++ b/salt/common/influxdb/etc/influxdb.conf
--- a/salt/influxdb/init.sls
+++ b/salt/influxdb/init.sls
@@ -0,0 +1,43 @@
 {% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% if grains['role'] in ['so-master', 'so-mastersearch', 'so-eval'] and GRAFANA == 1 %}
 # Influx DB
 influxconfdir:
  file.directory:
    - name: /opt/so/conf/influxdb/etc
    - makedirs: True
 influxdbdir:
  file.directory:
    - name: /nsm/influxdb
    - makedirs: True
 influxdbconf:
  file.managed:
    - name: /opt/so/conf/influxdb/etc/influxdb.conf
    - user: 939
    - group: 939
    - template: jinja
    - source: salt://influxdb/etc/influxdb.conf
 so-influxdb:
  docker_container.running:
    - image: {{ MASTER }}:5000/soshybridhunter/so-influxdb:{{ VERSION }}
    - hostname: influxdb
    - environment:
      - INFLUXDB_HTTP_LOG_ENABLED=false
    - binds:
      - /opt/so/conf/influxdb/etc/influxdb.conf:/etc/influxdb/influxdb.conf:ro
      - /nsm/influxdb:/var/lib/influxdb:rw
      - /etc/pki/influxdb.crt:/etc/ssl/influxdb.crt:ro
      - /etc/pki/influxdb.key:/etc/ssl/influxdb.key:ro
    - port_bindings:
      - 0.0.0.0:8086:8086
    - watch:
      - file: influxdbconf
 {% endif %}
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
 {% if FEATURES %}
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -12,7 +12,7 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
 {% if FEATURES %}
--- a/salt/master/files/registry/scripts/so-docker-download
+++ b/salt/master/files/registry/scripts/so-docker-download
@@ -1,9 +1,9 @@
 #!/bin/bash
 MASTER={{ MASTER }}
-VERSION="HH1.2.1"
+VERSION="HH1.2.2"
 TRUSTED_CONTAINERS=( \
-"so-core:$VERSION" \
+"so-nginx:$VERSION" \
 "so-cyberchef:$VERSION" \
 "so-acng:$VERSION" \
 "so-soc:$VERSION" \
--- a/salt/master/init.sls
+++ b/salt/master/init.sls
@@ -12,7 +12,7 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set masterproxy = salt['pillar.get']('static:masterupdate', '0') %}
--- a/salt/mysql/init.sls
+++ b/salt/mysql/init.sls
@@ -1,6 +1,6 @@
 {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) %}
 {%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set MAINIP = salt['pillar.get']('node:mainip') %}
 {% set FLEETARCH = salt['grains.get']('role') %}
--- a/salt/common/nginx/nginx.conf.so-eval
+++ b/salt/common/nginx/nginx.conf.so-eval
@@ -299,12 +299,12 @@ http {
          return        302 /auth/self-service/browser/flows/login;
        }
-        error_page 404 /404.html;
+        #error_page 404 /404.html;
-            location = /40x.html {
+        #    location = /usr/share/nginx/html/40x.html {
-        }
+        #}
        error_page 500 502 503 504 /50x.html;
-            location = /50x.html {
+            location = /usr/share/nginx/html/50x.html {
        }
    }
--- a/salt/common/nginx/nginx.conf.so-fleet
+++ b/salt/common/nginx/nginx.conf.so-fleet
@@ -86,12 +86,12 @@ http {
        }
-        error_page 404 /404.html;
+        #error_page 404 /404.html;
-            location = /40x.html {
+        #    location = /40x.html {
-        }
+        #}
        error_page 500 502 503 504 /50x.html;
-            location = /50x.html {
+            location = /usr/share/nginx/html/50x.html {
        }
    }
--- a/salt/common/nginx/nginx.conf.so-heavynode
+++ b/salt/common/nginx/nginx.conf.so-heavynode
@@ -77,12 +77,12 @@ http {
 #        location / {
 #        }
 #
-#        error_page 404 /404.html;
+#        #error_page 404 /404.html;
-#            location = /40x.html {
+#        #    location = /40x.html {
-#        }
+#        #}
 #
 #        error_page 500 502 503 504 /50x.html;
-#            location = /50x.html {
+#            location = /usr/share/nginx/html/50x.html {
 #        }
 #    }
--- a/salt/common/nginx/nginx.conf.so-helix
+++ b/salt/common/nginx/nginx.conf.so-helix
@@ -47,12 +47,12 @@ http {
        location / {
        }
-        error_page 404 /404.html;
+        #error_page 404 /404.html;
-            location = /40x.html {
+        #    location = /40x.html {
-        }
+        #}
        error_page 500 502 503 504 /50x.html;
-            location = /50x.html {
+            location = /usr/share/nginx/html/50x.html {
        }
    }
--- a/salt/common/nginx/nginx.conf.so-master
+++ b/salt/common/nginx/nginx.conf.so-master
@@ -299,12 +299,12 @@ http {
          return        302 /auth/self-service/browser/flows/login;
        }
-        error_page 404 /404.html;
+        #error_page 404 /404.html;
-            location = /40x.html {
+        #    location = /40x.html {
-        }
+        #}
        error_page 500 502 503 504 /50x.html;
-            location = /50x.html {
+            location = /usr/share/nginx/html/50x.html {
        }
    }
--- a/salt/common/nginx/nginx.conf.so-mastersearch
+++ b/salt/common/nginx/nginx.conf.so-mastersearch
@@ -299,12 +299,12 @@ http {
          return        302 /auth/self-service/browser/flows/login;
        }
-        error_page 404 /404.html;
+        #error_page 404 /404.html;
-            location = /40x.html {
+        #    location = /40x.html {
-        }
+        #}
        error_page 500 502 503 504 /50x.html;
-            location = /50x.html {
+            location = /usr/share/nginx/html/50x.html {
        }
    }
--- a/salt/common/nginx/nginx.conf.so-node
+++ b/salt/common/nginx/nginx.conf.so-node
@@ -47,12 +47,12 @@ http {
        location / {
        }
-        error_page 404 /404.html;
+        #error_page 404 /404.html;
-            location = /40x.html {
+        #    location = /40x.html {
-        }
+        #}
        error_page 500 502 503 504 /50x.html;
-            location = /50x.html {
+            location = /usr/share/nginx/html/50x.html {
        }
    }
--- a/salt/common/nginx/nginx.conf.so-sensor
+++ b/salt/common/nginx/nginx.conf.so-sensor
@@ -47,12 +47,12 @@ http {
        location / {
        }
-        error_page 404 /404.html;
+        #error_page 404 /404.html;
-            location = /40x.html {
+        #    location = /40x.html {
-        }
+        #}
        error_page 500 502 503 504 /50x.html;
-            location = /50x.html {
+            location = /usr/share/nginx/html/50x.html {
        }
    }
--- a/salt/nginx/html/favicon-16x16.png
+++ b/salt/nginx/html/favicon-16x16.png
--- a/salt/nginx/html/favicon-32x32.png
+++ b/salt/nginx/html/favicon-32x32.png
--- a/salt/nginx/html/favicon.ico
+++ b/salt/nginx/html/favicon.ico
--- a/salt/nginx/html/index.html
+++ b/salt/nginx/html/index.html
@@ -0,0 +1,13 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
 <title>Security Onion - Hybrid Hunter</title>
 <meta charset="utf-8">
 <meta name="viewport" content="width=device-width, initial-scale=1">
 <link rel="icon" type="image/png" href="favicon-32x32.png" sizes="32x32" />
 <link rel="icon" type="image/png" href="favicon-16x16.png" sizes="16x16" />
 </head>
 <body>
 Security Onion
 </body>
 </html>
--- a/salt/nginx/init.sls
+++ b/salt/nginx/init.sls
@@ -0,0 +1,64 @@
 {% set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) %}
 {% set FLEETNODE = salt['pillar.get']('static:fleet_node', False) %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 # Drop the correct nginx config based on role
 nginxconfdir:
  file.directory:
    - name: /opt/so/conf/nginx/html
    - user: 939
    - group: 939
    - makedirs: True
 nginxhtml:
  file.recurse:
    - name: /opt/so/conf/nginx/html
    - source: salt://nginx/html/
    - user: 939
    - group: 939
 nginxconf:
  file.managed:
    - name: /opt/so/conf/nginx/nginx.conf
    - user: 939
    - group: 939
    - template: jinja
    - source: salt://nginx/etc/nginx.conf.{{ grains.role }}
 nginxlogdir:
  file.directory:
    - name: /opt/so/log/nginx/
    - user: 939
    - group: 939
    - makedirs: True
 nginxtmp:
  file.directory:
    - name: /opt/so/tmp/nginx/tmp
    - user: 939
    - group: 939
    - makedirs: True
 so-nginx:
  docker_container.running:
    - image: {{ MASTER }}:5000/soshybridhunter/so-nginx:{{ VERSION }}
    - hostname: so-nginx
    - binds:
      - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - /opt/so/log/nginx/:/var/log/nginx:rw
      - /opt/so/tmp/nginx/:/var/lib/nginx:rw
      - /opt/so/tmp/nginx/:/run:rw
      - /etc/pki/masterssl.crt:/etc/pki/nginx/server.crt:ro
      - /etc/pki/masterssl.key:/etc/pki/nginx/server.key:ro
      - /opt/so/conf/fleet/packages:/opt/socore/html/packages
    - cap_add: NET_BIND_SERVICE
    - port_bindings:
      - 80:80
      - 443:443
    {%- if FLEETMASTER or FLEETNODE %}
      - 8090:8090
    {%- endif %}
    - watch:
      - file: nginxconf
      - file: nginxconfdir
--- a/salt/nodered/init.sls
+++ b/salt/nodered/init.sls
@@ -61,7 +61,7 @@ noderedlog:
 so-nodered:
  docker_container.running:
-    - image: soshybridhunter/so-nodered:HH1.2.1
+    - image: soshybridhunter/so-nodered:HH1.2.2
    - interactive: True
    - binds:
      - /opt/so/conf/nodered/:/data:rw
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -12,7 +12,7 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
 {% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
--- a/salt/playbook/init.sls
+++ b/salt/playbook/init.sls
@@ -1,5 +1,5 @@
 {% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 playbookdb:
--- a/salt/reactor/fleet.sls
+++ b/salt/reactor/fleet.sls
@@ -55,7 +55,7 @@ def run():
      # Run Docker container that will build the packages
      gen_packages = subprocess.run(["docker", "run","--rm", "--mount", "type=bind,source=/opt/so/saltstack/salt/fleet/packages,target=/output", \
-         "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:HH1.2.1", \
+         "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:HH1.2.2", \
         f"{ESECRET}", f"{HOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii')  
      # Update the 'packages-built' timestamp on the webpage (stored in the static pillar)
--- a/salt/redis/init.sls
+++ b/salt/redis/init.sls
@@ -13,7 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set lsaccessip = salt['pillar.get']('master:lsaccessip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 # Redis Setup
--- a/salt/salt/init.sls
+++ b/salt/salt/init.sls
@@ -1,3 +1,28 @@
 # Create a state directory
 statedir:
  file.directory:
    - name: /opt/so/state
    - user: 939
    - group: 939
    - makedirs: True
 salttmp:
  file.directory:
    - name: /opt/so/tmp
    - user: 939
    - group: 939
    - makedirs: True
 {% if grains['os'] != 'CentOS' %}    
 saltpymodules:
  pkg.installed:
    - pkgs:
      - python-docker
      - python-m2crypto
  {% endif %}
 salt_minion_service:
  service.running:
    - name: salt-minion
--- a/salt/sensoroni/init.sls
+++ b/salt/sensoroni/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 sensoronidir:
--- a/salt/soc/files/kratos/kratos.yaml
+++ b/salt/soc/files/kratos/kratos.yaml
@@ -6,6 +6,13 @@ selfservice:
    password:
      enabled: true
  settings:
    privileged_session_max_age: 1m
    after:
      profile:
        hooks:
          - hook: verify
  verify:
    return_to: https://{{ WEBACCESS }}/
@@ -14,29 +21,14 @@ selfservice:
  login:
    request_lifespan: 10m
    after:
      password:
        -
          job: session
        -
          job: redirect
          config:
            default_redirect_url: https://{{ WEBACCESS }}/
            allow_user_defined_redirect: true
  registration:
    request_lifespan: 10m
    after:
      password:
-        -
+        hooks:
-          job: verify
+          - hook: session
-        -
+          - hook: verify
          job: session
        -
          job: redirect
          config:
            default_redirect_url: https://{{ WEBACCESS }}/
            allow_user_defined_redirect: true
 log:
  level: debug
@@ -58,7 +50,7 @@ urls:
    public: https://{{ WEBACCESS }}/auth/
    admin: https://{{ WEBACCESS }}/kratos/
  default_return_to: https://{{ WEBACCESS }}/
-  whitelisted_return_to_domains:
+  whitelisted_return_to_urls:
    - http://127.0.0.1
 hashers:
--- a/salt/soc/init.sls
+++ b/salt/soc/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 socdir:
--- a/salt/soctopus/init.sls
+++ b/salt/soctopus/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 soctopusdir:
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -14,7 +14,7 @@
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {%- set MASTER = grains['master'] %}
 {%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 # Strelka config
 strelkaconfdir:
@@ -72,7 +72,7 @@ strelka_gatekeeper:
 strelka_frontend:
  docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-frontend:HH1.2.1
+    - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-frontend:HH1.2.2
    - binds:
      - /opt/so/conf/strelka/frontend/:/etc/strelka/:ro
      - /nsm/strelka/log/:/var/log/strelka/:rw
@@ -84,7 +84,7 @@ strelka_frontend:
 strelka_backend:
  docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-backend:HH1.2.1
+    - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-backend:HH1.2.2
    - binds:
      - /opt/so/conf/strelka/backend/:/etc/strelka/:ro
      - /opt/so/conf/strelka/backend/yara:/etc/yara/:ro
@@ -94,7 +94,7 @@ strelka_backend:
 strelka_manager:
  docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-manager:HH1.2.1
+    - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-manager:HH1.2.2
    - binds:
      - /opt/so/conf/strelka/manager/:/etc/strelka/:ro
    - name: so-strelka-manager
@@ -102,7 +102,7 @@ strelka_manager:
 strelka_filestream:
  docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-filestream:HH1.2.1
+    - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-filestream:HH1.2.2
    - binds:
      - /opt/so/conf/strelka/filestream/:/etc/strelka/:ro
      - /nsm/strelka:/nsm/strelka
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -15,7 +15,7 @@
 {% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
 {% set BROVER = salt['pillar.get']('static:broversion', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set BPF_NIDS = salt['pillar.get']('nids:bpf') %}
 {% set BPF_STATUS = 0  %}
--- a/salt/tcpreplay/init.sls
+++ b/salt/tcpreplay/init.sls
@@ -1,5 +1,5 @@
 {% if grains['role'] == 'so-sensor' or grains['role'] == 'so-eval' %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 so-tcpreplay:
--- a/salt/common/telegraf/etc/telegraf.conf
+++ b/salt/common/telegraf/etc/telegraf.conf
--- a/salt/telegraf/init.sls
+++ b/salt/telegraf/init.sls
@@ -0,0 +1,70 @@
 {% set MASTER = salt['grains.get']('master') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 # Add Telegraf to monitor all the things.
 tgraflogdir:
  file.directory:
    - name: /opt/so/log/telegraf
    - makedirs: True
 tgrafetcdir:
  file.directory:
    - name: /opt/so/conf/telegraf/etc
    - makedirs: True
 tgrafetsdir:
  file.directory:
    - name: /opt/so/conf/telegraf/scripts
    - makedirs: True
 tgrafsyncscripts:
  file.recurse:
    - name: /opt/so/conf/telegraf/scripts
    - user: 939
    - group: 939
    - file_mode: 755
    - template: jinja
    - source: salt://telegraf/scripts
 tgrafconf:
  file.managed:
    - name: /opt/so/conf/telegraf/etc/telegraf.conf
    - user: 939
    - group: 939
    - template: jinja
    - source: salt://telegraf/etc/telegraf.conf
 so-telegraf:
  docker_container.running:
    - image: {{ MASTER }}:5000/soshybridhunter/so-telegraf:{{ VERSION }}
    - environment:
      - HOST_PROC=/host/proc
      - HOST_ETC=/host/etc
      - HOST_SYS=/host/sys
      - HOST_MOUNT_PREFIX=/host
    - network_mode: host
    - port_bindings:
      - 127.0.0.1:8094:8094
    - binds:
      - /opt/so/log/telegraf:/var/log/telegraf:rw
      - /opt/so/conf/telegraf/etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro
      - /var/run/utmp:/var/run/utmp:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /:/host/root:ro
      - /sys:/host/sys:ro
      - /proc:/host/proc:ro
      - /nsm:/host/nsm:ro
      - /etc:/host/etc:ro
      {% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' or grains['role'] == 'so-mastersearch' %}
      - /etc/pki/ca.crt:/etc/telegraf/ca.crt:ro
      {% else %}
      - /etc/ssl/certs/intca.crt:/etc/telegraf/ca.crt:ro
      {% endif %}
      - /etc/pki/influxdb.crt:/etc/telegraf/telegraf.crt:ro
      - /etc/pki/influxdb.key:/etc/telegraf/telegraf.key:ro
      - /opt/so/conf/telegraf/scripts:/scripts:ro
      - /opt/so/log/stenographer:/var/log/stenographer:ro
      - /opt/so/log/suricata:/var/log/suricata:ro
    - watch:
      - file: tgrafconf
      - file: tgrafsyncscripts
--- a/salt/common/telegraf/scripts/broloss.sh
+++ b/salt/common/telegraf/scripts/broloss.sh
--- a/salt/common/telegraf/scripts/checkfiles.sh
+++ b/salt/common/telegraf/scripts/checkfiles.sh
--- a/salt/common/telegraf/scripts/helixeps.sh
+++ b/salt/common/telegraf/scripts/helixeps.sh
--- a/salt/common/telegraf/scripts/influxdbsize.sh
+++ b/salt/common/telegraf/scripts/influxdbsize.sh
--- a/salt/common/telegraf/scripts/oldpcap.sh
+++ b/salt/common/telegraf/scripts/oldpcap.sh
--- a/salt/common/telegraf/scripts/redis.sh
+++ b/salt/common/telegraf/scripts/redis.sh
--- a/salt/common/telegraf/scripts/stenoloss.sh
+++ b/salt/common/telegraf/scripts/stenoloss.sh
--- a/salt/common/telegraf/scripts/suriloss.sh
+++ b/salt/common/telegraf/scripts/suriloss.sh
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -11,15 +11,17 @@
 base:
  '*':
    - salt
    - docker
    - patch.os.schedule
    - motd
    - salt
  '*_helix':
    - ca
    - ssl
    - registry
    - common
    - telegraf
    - firewall
    - idstools
    - pcap
@@ -34,6 +36,7 @@ base:
    - ca
    - ssl
    - common
    - telegraf
    - firewall
    - pcap
    - suricata
@@ -57,6 +60,10 @@ base:
    - registry
    - master
    - common
    - nginx
    - telegraf
    - influxdb
    - grafana
    - soc
    - firewall
    - idstools
@@ -105,6 +112,10 @@ base:
    - ssl
    - registry
    - common
    - nginx
    - telegraf
    - influxdb
    - grafana
    - soc
    - firewall
    - master
@@ -179,6 +190,7 @@ base:
    - ca
    - ssl
    - common
    - telegraf
    - firewall
    {%- if WAZUH != 0 %}
    - wazuh
@@ -194,6 +206,10 @@ base:
  '*_mastersensor':
    - common
    - nginx
    - telegraf
    - influxdb
    - grafana
    - firewall
    - sensor
    - master
@@ -207,6 +223,10 @@ base:
    - ssl
    - registry
    - common
    - nginx
    - telegraf
    - influxdb
    - grafana
    - soc
    - firewall
    - master
@@ -248,6 +268,7 @@ base:
    - ca
    - ssl
    - common
    - telegraf
    - firewall
    - redis
    {%- if WAZUH != 0 %}
@@ -272,6 +293,8 @@ base:
    - ca
    - ssl
    - common
    - nginx
    - telegraf
    - firewall
    - mysql
    - redis
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -1,5 +1,5 @@
 {%- set HOSTNAME = salt['grains.get']('host', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 # Add ossec group
 ossecgroup:
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set BPF_ZEEK = salt['pillar.get']('zeek:bpf', {}) %}
 {% set BPF_STATUS = 0  %}
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -17,7 +17,7 @@
 SCRIPTDIR=$(dirname "$0")
 source $SCRIPTDIR/so-whiptail
-SOVERSION=1.2.1
+SOVERSION=1.2.2
 accept_salt_key_local() {
 	echo "Accept the key locally on the master" >> $SETUPLOG 2>&1
@@ -579,7 +579,7 @@ docker_seed_registry() {
  if [ $INSTALLTYPE != 'HELIXSENSOR' ]; then
    TRUSTED_CONTAINERS=( \
    "so-acng:$VERSION" \
-    "so-core:$VERSION" \
+    "so-nginx:$VERSION" \
    "so-thehive-cortex:$VERSION" \
    "so-curator:$VERSION" \
    "so-domainstats:$VERSION" \
@@ -614,7 +614,7 @@ docker_seed_registry() {
    "so-zeek:$VERSION" )
  else
    TRUSTED_CONTAINERS=( \
-    "so-core:$VERSION" \
+    "so-nginx:$VERSION" \
    "so-filebeat:$VERSION" \
    "so-idstools:$VERSION" \
    "so-logstash:$VERSION" \
@@ -626,7 +626,7 @@ docker_seed_registry() {
    "so-zeek:$VERSION" )
  fi
-  if [ ! -f /nsm/docker-registry/docker/so-dockers-$VERSION.tar ]; then
+  if [ ! -f /nsm/docker-registry/docker/registry.tar ]; then
    # Download the container from the interwebs
    for i in "${TRUSTED_CONTAINERS[@]}"
    do
@@ -646,8 +646,8 @@ docker_seed_registry() {
  else
    # We already have the goods son
    cd /nsm/docker-registry/docker
-    tar xvf so-dockers-$VERSION.tar
+	tar xvf registry.tar  
-    rm /nsm/docker-registry/docker/so-dockers-$VERSION.tar
+    rm /nsm/docker-registry/docker/registry.tar
  fi
 }
--- a/upgrade/so-update-functions
+++ b/upgrade/so-update-functions
@@ -17,7 +17,7 @@
 # Set the new SO Version
-UPDATEVERSION=1.2.1
+UPDATEVERSION=1.2.2
 BUILD=HH
 #Determine the current install version
@@ -35,7 +35,6 @@ HOSTNAME=$(hostname)
 if [ $MASTERCHECK != 'so-helix' ]; then
    TRUSTED_CONTAINERS=( \
    "so-acng:$BUILD$UPDATEVERSION" \
    "so-core:$BUILD$UPDATEVERSION" \
    "so-thehive-cortex:$BUILD$UPDATEVERSION" \
    "so-curator:$BUILD$UPDATEVERSION" \
    "so-domainstats:$BUILD$UPDATEVERSION" \
@@ -53,6 +52,7 @@ if [ $MASTERCHECK != 'so-helix' ]; then
    "so-logstash:$BUILD$UPDATEVERSION" \
    "so-mysql:$BUILD$UPDATEVERSION" \
    "so-navigator:$BUILD$UPDATEVERSION" \
    "so-nginx:$BUILD$UPDATEVERSION" \
    "so-playbook:$BUILD$UPDATEVERSION" \
    "so-redis:$BUILD$UPDATEVERSION" \
    "so-soc:$BUILD$UPDATEVERSION" \
@@ -67,10 +67,10 @@ if [ $MASTERCHECK != 'so-helix' ]; then
    "so-zeek:$BUILD$UPDATEVERSION" )
  else
    TRUSTED_CONTAINERS=( \
    "so-core:$BUILD$UPDATEVERSION" \
    "so-filebeat:$BUILD$UPDATEVERSION" \
    "so-idstools:$BUILD$UPDATEVERSION" \
    "so-logstash:$BUILD$UPDATEVERSION" \
    "so-nginx:$BUILD$UPDATEVERSION" \
    "so-redis:$BUILD$UPDATEVERSION" \
    "so-steno:$BUILD$UPDATEVERSION" \
    "so-suricata:$BUILD$UPDATEVERSION" \