https://github.com/Security-Onion-Solutions/securityonion/issues/404

files/firewall/assigned_hostgroups.local.map.yaml

@@ -13,8 +13,8 @@ role:
   fleet:
   heavynode:
   helixsensor:
-  master:
+  manager:
-  mastersearch:
+  managersearch:
   standalone:
   searchnode:
   sensor:

files/firewall/hostgroups.local.yaml

@@ -24,7 +24,7 @@ firewall:
       ips:
         delete:
         insert:
-    master:
+    manager:
       ips:
         delete:
         insert:

pillar/docker/config.sls

@@ -1,12 +1,12 @@
-{%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
+{%- set FLEETMANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
 {%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
-{% set WAZUH = salt['pillar.get']('master:wazuh', '0') %}
+{% set WAZUH = salt['pillar.get']('manager:wazuh', '0') %}
-{% set THEHIVE = salt['pillar.get']('master:thehive', '0') %}
+{% set THEHIVE = salt['pillar.get']('manager:thehive', '0') %}
-{% set PLAYBOOK = salt['pillar.get']('master:playbook', '0') %}
+{% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
-{% set FREQSERVER = salt['pillar.get']('master:freq', '0') %}
+{% set FREQSERVER = salt['pillar.get']('manager:freq', '0') %}
-{% set DOMAINSTATS = salt['pillar.get']('master:domainstats', '0') %}
+{% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %}
 {% set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %}
-{% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
+{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
 
 eval:
   containers:
@@ -20,7 +20,7 @@ eval:
     - so-soc
     - so-kratos
     - so-idstools
-    {% if FLEETMASTER %}
+    {% if FLEETMANAGER %}
     - so-mysql
     - so-fleet
     - so-redis
@@ -83,7 +83,7 @@ hot_node:
     - so-logstash
     - so-elasticsearch
     - so-curator
-master_search:
+manager_search:
   containers:
     - so-nginx
     - so-telegraf
@@ -99,7 +99,7 @@ master_search:
     - so-elastalert
     - so-filebeat
     - so-soctopus
-    {% if FLEETMASTER %}
+    {% if FLEETMANAGER %}
     - so-mysql
     - so-fleet
     - so-redis
@@ -122,7 +122,7 @@ master_search:
     {% if DOMAINSTATS != '0' %}
     - so-domainstats
     {% endif %}
-master:
+manager:
   containers:
     - so-dockerregistry
     - so-nginx
@@ -141,7 +141,7 @@ master:
     - so-kibana
     - so-elastalert
     - so-filebeat
-    {% if FLEETMASTER %}
+    {% if FLEETMANAGER %}
     - so-mysql
     - so-fleet
     - so-redis

pillar/firewall/ports.sls

@@ -17,7 +17,7 @@ firewall:
         - 5644
         - 9822
       udp:
-  master:
+  manager:
     ports:
       tcp:
         - 1514

pillar/logstash/manager.sls

@@ -1,6 +1,6 @@
 logstash:
   pipelines:
-    master:
+    manager:
       config:
         - so/0009_input_beats.conf      
         - so/0010_input_hhbeats.conf

pillar/top.sls

@@ -6,10 +6,10 @@ base:
     - match: compound
     - zeek
 
-  '*_mastersearch or *_heavynode':
+  '*_managersearch or *_heavynode':
     - match: compound
     - logstash
-    - logstash.master
+    - logstash.manager
     - logstash.search
 
   '*_sensor':
@@ -18,16 +18,16 @@ base:
     - healthcheck.sensor
     - minions.{{ grains.id }}
 
-  '*_master or *_mastersearch':
+  '*_manager or *_managersearch':
     - match: compound
     - static
     - data.*
     - secrets
     - minions.{{ grains.id }}
 
-  '*_master':
+  '*_manager':
     - logstash
-    - logstash.master
+    - logstash.manager
 
   '*_eval':
     - static
@@ -39,7 +39,7 @@ base:
 
   '*_standalone':
     - logstash
-    - logstash.master
+    - logstash.manager
     - logstash.search
     - data.*
     - brologs

salt/_modules/telegraf.py

@@ -6,7 +6,7 @@ import socket
 
 def send(data):
 
-  mainint = __salt__['pillar.get']('sensor:mainint', __salt__['pillar.get']('master:mainint'))
+  mainint = __salt__['pillar.get']('sensor:mainint', __salt__['pillar.get']('manager:mainint'))
   mainip = __salt__['grains.get']('ip_interfaces').get(mainint)[0]
   dstport = 8094
 

salt/ca/init.sls

@@ -1,4 +1,4 @@
-{% set master = salt['grains.get']('master') %}
+{% set manager = salt['grains.get']('manager') %}
 /etc/salt/minion.d/signing_policies.conf:
   file.managed:
     - source: salt://ca/files/signing_policies.conf
@@ -20,7 +20,7 @@ pki_private_key:
 /etc/pki/ca.crt:
   x509.certificate_managed:
     - signing_private_key: /etc/pki/ca.key
-    - CN: {{ master }}
+    - CN: {{ manager }}
     - C: US
     - ST: Utah
     - L: Salt Lake City

salt/common/maps/so-status.map.jinja

@@ -18,14 +18,14 @@
   } 
 },grain='id', merge=salt['pillar.get']('docker')) %}
 
-{% if role in ['eval', 'mastersearch', 'master', 'standalone'] %}
+{% if role in ['eval', 'managersearch', 'manager', 'standalone'] %}
-  {{ append_containers('master', 'grafana', 0) }}
+  {{ append_containers('manager', 'grafana', 0) }}
-  {{ append_containers('static', 'fleet_master', 0) }}
+  {{ append_containers('static', 'fleet_manager', 0) }}
-  {{ append_containers('master', 'wazuh', 0) }}
+  {{ append_containers('manager', 'wazuh', 0) }}
-  {{ append_containers('master', 'thehive', 0) }}
+  {{ append_containers('manager', 'thehive', 0) }}
-  {{ append_containers('master', 'playbook', 0) }}
+  {{ append_containers('manager', 'playbook', 0) }}
-  {{ append_containers('master', 'freq', 0) }}
+  {{ append_containers('manager', 'freq', 0) }}
-  {{ append_containers('master', 'domainstats', 0) }}
+  {{ append_containers('manager', 'domainstats', 0) }}
 {% endif %}
 
 {% if role in ['eval', 'heavynode', 'sensor', 'standalone'] %}
@@ -37,7 +37,7 @@
 {% endif %}
 
 {% if role == 'searchnode' %}
-  {{ append_containers('master', 'wazuh', 0) }}
+  {{ append_containers('manager', 'wazuh', 0) }}
 {% endif %}
 
 {% if role == 'sensor' %}

salt/common/tools/sbin/so-bro-logs

@@ -11,7 +11,7 @@ bro_logs_enabled() {
 
 }
 
-whiptail_master_adv_service_brologs() {
+whiptail_manager_adv_service_brologs() {
 
   BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please Select Logs to Send:" 24 78 12 \
   "conn" "Connection Logging" ON \
@@ -54,5 +54,5 @@ whiptail_master_adv_service_brologs() {
   "x509" "x.509 Logs" ON 3>&1 1>&2 2>&3 )
 }
 
-whiptail_master_adv_service_brologs
+whiptail_manager_adv_service_brologs
 bro_logs_enabled

salt/common/tools/sbin/so-docker-refresh

@@ -21,13 +21,13 @@ got_root(){
     fi
 }
 
-master_check() {
+manager_check() {
-  # Check to see if this is a master
+  # Check to see if this is a manager
-  MASTERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
+  MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
-  if [ $MASTERCHECK == 'so-eval' ] || [ $MASTERCHECK == 'so-master' ] || [ $MASTERCHECK == 'so-mastersearch' ] || [ $MASTERCHECK == 'so-standalone' ] || [ $MASTERCHECK == 'so-helix' ]; then
+  if [ $MANAGERCHECK == 'so-eval' ] || [ $MANAGERCHECK == 'so-manager' ] || [ $MANAGERCHECK == 'so-managersearch' ] || [ $MANAGERCHECK == 'so-standalone' ] || [ $MANAGERCHECK == 'so-helix' ]; then
-    echo "This is a master. We can proceed"
+    echo "This is a manager. We can proceed"
   else
-    echo "Please run soup on the master. The master controls all updates."
+    echo "Please run soup on the manager. The manager controls all updates."
     exit 1
   fi
 }
@@ -56,13 +56,13 @@ version_check() {
   fi
 }
 got_root
-master_check
+manager_check
 version_check
 
 # Use the hostname
 HOSTNAME=$(hostname)
 # List all the containers
-if [ $MASTERCHECK != 'so-helix' ]; then
+if [ $MANAGERCHECK != 'so-helix' ]; then
     TRUSTED_CONTAINERS=( \
     "so-acng:$VERSION" \
     "so-thehive-cortex:$VERSION" \

salt/common/tools/sbin/so-elastic-clear

@@ -14,7 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{%- set MASTERIP = salt['pillar.get']('static:masterip', '') -%}
+{%- set MANAGERIP = salt['pillar.get']('static:managerip', '') -%}
 . /usr/sbin/so-common
 
 SKIP=0
@@ -50,7 +50,7 @@ done
 if [ $SKIP -ne 1 ]; then
         # List indices
         echo 
-        curl {{ MASTERIP }}:9200/_cat/indices?v
+        curl {{ MANAGERIP }}:9200/_cat/indices?v
         echo
         # Inform user we are about to delete all data
         echo
@@ -89,10 +89,10 @@ fi
 # Delete data
 echo "Deleting data..."
 
-INDXS=$(curl -s -XGET {{ MASTERIP }}:9200/_cat/indices?v | egrep 'logstash|elastalert|so-' | awk '{ print $3 }')
+INDXS=$(curl -s -XGET {{ MANAGERIP }}:9200/_cat/indices?v | egrep 'logstash|elastalert|so-' | awk '{ print $3 }')
 for INDX in ${INDXS}
 do
-    curl -XDELETE "{{ MASTERIP }}:9200/${INDX}" > /dev/null 2>&1
+    curl -XDELETE "{{ MANAGERIP }}:9200/${INDX}" > /dev/null 2>&1
 done
 
 #Start Logstash/Filebeat

salt/common/tools/sbin/so-elastic-download

@@ -1,5 +1,5 @@
 #!/bin/bash
-MASTER=MASTER
+MANAGER=MANAGER
 VERSION="HH1.1.4"
 TRUSTED_CONTAINERS=( \
 "so-nginx:$VERSION" \
@@ -37,7 +37,7 @@ do
   echo "Downloading $i"
   docker pull --disable-content-trust=false docker.io/soshybridhunter/$i
   # Tag it with the new registry destination
-  docker tag soshybridhunter/$i $MASTER:5000/soshybridhunter/$i
+  docker tag soshybridhunter/$i $MANAGER:5000/soshybridhunter/$i
-  docker push $MASTER:5000/soshybridhunter/$i
+  docker push $MANAGER:5000/soshybridhunter/$i
   docker rmi soshybridhunter/$i
 done

salt/common/tools/sbin/so-elasticsearch-indices-rw

@@ -15,7 +15,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-IP={{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}
+IP={{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}
 ESPORT=9200
 THEHIVEESPORT=9400
 

salt/common/tools/sbin/so-elasticsearch-templates

@@ -1,4 +1,4 @@
-{% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
+{% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %}
 #!/bin/bash
 # Copyright 2014,2015,2016,2017,2018,2019 Security Onion Solutions, LLC
 #
@@ -16,7 +16,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 default_salt_dir=/opt/so/saltstack/default
-ELASTICSEARCH_HOST="{{ MASTERIP}}"
+ELASTICSEARCH_HOST="{{ MANAGERIP}}"
 ELASTICSEARCH_PORT=9200
 #ELASTICSEARCH_AUTH=""
 

salt/common/tools/sbin/so-import-pcap

@@ -15,9 +15,9 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
 {% set VERSION = salt['pillar.get']('static:soversion') %}
-{%- set MASTERIP = salt['pillar.get']('static:masterip') -%}
+{%- set MANAGERIP = salt['pillar.get']('static:managerip') -%}
 
 function usage {
   cat << EOF
@@ -30,13 +30,13 @@ EOF
 function pcapinfo() {
   PCAP=$1
   ARGS=$2
-  docker run --rm -v $PCAP:/input.pcap --entrypoint capinfos {{ MASTER }}:5000/soshybridhunter/so-pcaptools:{{ VERSION }} /input.pcap $ARGS
+  docker run --rm -v $PCAP:/input.pcap --entrypoint capinfos {{ MANAGER }}:5000/soshybridhunter/so-pcaptools:{{ VERSION }} /input.pcap $ARGS
 }
 
 function pcapfix() {
   PCAP=$1
   PCAP_OUT=$2
-  docker run --rm -v $PCAP:/input.pcap -v $PCAP_OUT:$PCAP_OUT --entrypoint pcapfix {{ MASTER }}:5000/soshybridhunter/so-pcaptools:{{ VERSION }} /input.pcap -o $PCAP_OUT > /dev/null 2>&1
+  docker run --rm -v $PCAP:/input.pcap -v $PCAP_OUT:$PCAP_OUT --entrypoint pcapfix {{ MANAGER }}:5000/soshybridhunter/so-pcaptools:{{ VERSION }} /input.pcap -o $PCAP_OUT > /dev/null 2>&1
 }
 
 function suricata() {
@@ -57,7 +57,7 @@ function suricata() {
     -v ${NSM_PATH}/:/nsm/:rw \
     -v $PCAP:/input.pcap:ro \
     -v /opt/so/conf/suricata/bpf:/etc/suricata/bpf:ro \
-    {{ MASTER }}:5000/soshybridhunter/so-suricata:{{ VERSION }} \
+    {{ MANAGER }}:5000/soshybridhunter/so-suricata:{{ VERSION }} \
     --runmode single -k none -r /input.pcap > $LOG_PATH/console.log 2>&1
 }
 
@@ -85,7 +85,7 @@ function zeek() {
     -v /opt/so/conf/zeek/bpf:/opt/zeek/etc/bpf:ro \
     --entrypoint /opt/zeek/bin/zeek \
     -w /nsm/zeek/logs \
-    {{ MASTER }}:5000/soshybridhunter/so-zeek:{{ VERSION }} \
+    {{ MANAGER }}:5000/soshybridhunter/so-zeek:{{ VERSION }} \
     -C -r /input.pcap local > $NSM_PATH/logs/console.log 2>&1
 }
 
@@ -212,7 +212,7 @@ cat << EOF
 Import complete!
 
 You can use the following hyperlink to view data in the time range of your import.  You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser:
-https://{{ MASTERIP }}/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:'${START_OLDEST}T00:00:00.000Z',mode:absolute,to:'${END_NEWEST}T00:00:00.000Z'))
+https://{{ MANAGERIP }}/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:'${START_OLDEST}T00:00:00.000Z',mode:absolute,to:'${END_NEWEST}T00:00:00.000Z'))
 
 or you can manually set your Time Range to be:
 From: $START_OLDEST    To: $END_NEWEST

salt/common/tools/sbin/so-kibana-config-export

@@ -1,9 +1,9 @@
 #!/bin/bash
 #
-# {%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master', False) -%}
+# {%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
 # {%- set FLEET_NODE = salt['pillar.get']('static:fleet_node', False) -%}
 # {%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', '') %}
-# {%- set MASTER = salt['pillar.get']('master:url_base', '') %}
+# {%- set MANAGER = salt['pillar.get']('manager:url_base', '') %}
 #
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
@@ -20,7 +20,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-KIBANA_HOST={{ MASTER }}
+KIBANA_HOST={{ MANAGER }}
 KSO_PORT=5601
 OUTFILE="saved_objects.ndjson"
 curl -s -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -XPOST $KIBANA_HOST:$KSO_PORT/api/saved_objects/_export -d '{ "type": [ "index-pattern", "config", "visualization", "dashboard", "search" ], "excludeExportDetails": false }' > $OUTFILE
@@ -29,7 +29,7 @@ curl -s -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -XPOST $KIBANA_H
 sed -i "s/$KIBANA_HOST/PLACEHOLDER/g" $OUTFILE
 
 # Clean up for Fleet, if applicable
-# {% if FLEET_NODE or FLEET_MASTER %}
+# {% if FLEET_NODE or FLEET_MANAGER %}
 # Fleet IP
-sed -i "s/{{ MASTER }}/FLEETPLACEHOLDER/g" $OUTFILE
+sed -i "s/{{ MANAGER }}/FLEETPLACEHOLDER/g" $OUTFILE
 # {% endif %}

salt/curator/files/action/close.yml

@@ -1,7 +1,7 @@
 {%- if grains['role'] in ['so-node', 'so-searchnode', 'so-heavynode'] %}
   {%- set cur_close_days = salt['pillar.get']('elasticsearch:cur_close_days', '') -%}
-{%- elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
+{%- elif grains['role'] in ['so-eval', 'so-managersearch', 'so-standalone'] %}
-  {%- set cur_close_days = salt['pillar.get']('master:cur_close_days', '') -%}
+  {%- set cur_close_days = salt['pillar.get']('manager:cur_close_days', '') -%}
 {%- endif -%}
 
 ---

salt/curator/files/action/delete.yml

@@ -1,7 +1,7 @@
 {%- if grains['role'] in ['so-node', 'so-searchnode', 'so-heavynode'] %}
   {%- set log_size_limit = salt['pillar.get']('elasticsearch:log_size_limit', '') -%}
-{%- elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
+{%- elif grains['role'] in ['so-eval', 'so-managersearch', 'so-standalone'] %}
-  {%- set log_size_limit = salt['pillar.get']('master:log_size_limit', '') -%}
+  {%- set log_size_limit = salt['pillar.get']('manager:log_size_limit', '') -%}
 {%- endif %}
 ---
 # Remember, leave a key empty if there is no value.  None will be a string,

salt/curator/files/bin/so-curator-closed-delete-delete

@@ -5,10 +5,10 @@
   {%- set ELASTICSEARCH_HOST = salt['pillar.get']('elasticsearch:mainip', '') -%}  
   {%- set ELASTICSEARCH_PORT = salt['pillar.get']('elasticsearch:es_port', '') -%}
   {%- set LOG_SIZE_LIMIT = salt['pillar.get']('elasticsearch:log_size_limit', '') -%}
-{%- elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
+{%- elif grains['role'] in ['so-eval', 'so-managersearch', 'so-standalone'] %}
-  {%- set ELASTICSEARCH_HOST = salt['pillar.get']('master:mainip', '') -%}
+  {%- set ELASTICSEARCH_HOST = salt['pillar.get']('manager:mainip', '') -%}
-  {%- set ELASTICSEARCH_PORT = salt['pillar.get']('master:es_port', '') -%}
+  {%- set ELASTICSEARCH_PORT = salt['pillar.get']('manager:es_port', '') -%}
-  {%- set LOG_SIZE_LIMIT = salt['pillar.get']('master:log_size_limit', '') -%}
+  {%- set LOG_SIZE_LIMIT = salt['pillar.get']('manager:log_size_limit', '') -%}
 {%- endif -%}
 
 # Copyright 2014,2015,2016,2017,2018 Security Onion Solutions, LLC

salt/curator/files/curator.yml

@@ -1,7 +1,7 @@
 {% if grains['role'] in ['so-node', 'so-heavynode'] %}
   {%- set elasticsearch = salt['pillar.get']('elasticsearch:mainip', '') -%}
-{% elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
+{% elif grains['role'] in ['so-eval', 'so-managersearch', 'so-standalone'] %}
-  {%- set elasticsearch = salt['pillar.get']('master:mainip', '') -%}
+  {%- set elasticsearch = salt['pillar.get']('manager:mainip', '') -%}
 {%- endif %}
 
 ---

salt/curator/init.sls

@@ -1,6 +1,6 @@
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
-{% if grains['role'] in ['so-eval', 'so-node', 'so-mastersearch', 'so-heavynode', 'so-standalone'] %}
+{% if grains['role'] in ['so-eval', 'so-node', 'so-managersearch', 'so-heavynode', 'so-standalone'] %}
 # Curator
 # Create the group
 curatorgroup:
@@ -119,7 +119,7 @@ so-curatordeletecron:
 
 so-curator:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-curator:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-curator:{{ VERSION }}
     - hostname: curator
     - name: so-curator
     - user: curator

salt/deprecated-bro/files/local.bro

@@ -127,11 +127,11 @@
 @load policy/hassh
 
 # You can load your own intel into:
-# /opt/so/saltstack/bro/policy/intel/ on the master
+# /opt/so/saltstack/bro/policy/intel/ on the manager
 @load intel
 
 # Load a custom Bro policy
-# /opt/so/saltstack/bro/policy/custom/ on the master
+# /opt/so/saltstack/bro/policy/custom/ on the manager
 #@load custom/somebropolicy.bro
 
 # Write logs in JSON

salt/deprecated-bro/files/local.bro.community

@@ -121,11 +121,11 @@
 @load policy/ja3
 
 # You can load your own intel into:
-# /opt/so/saltstack/bro/policy/intel/ on the master
+# /opt/so/saltstack/bro/policy/intel/ on the manager
 @load intel
 
 # Load a custom Bro policy
-# /opt/so/saltstack/bro/policy/custom/ on the master
+# /opt/so/saltstack/bro/policy/custom/ on the manager
 #@load custom/somebropolicy.bro
 
 # Use JSON

salt/elastalert/files/elastalert_config.yaml

@@ -1,5 +1,5 @@
-{% set esip = salt['pillar.get']('master:mainip', '') %}
+{% set esip = salt['pillar.get']('manager:mainip', '') %}
-{% set esport = salt['pillar.get']('master:es_port', '') %}
+{% set esport = salt['pillar.get']('manager:es_port', '') %}
 # This is the folder that contains the rule yaml files
 # Any .yaml file will be loaded as a rule
 rules_folder: /opt/elastalert/rules/

salt/elastalert/files/rules/so/suricata_thehive.yaml

@@ -1,7 +1,7 @@
-{% set es = salt['pillar.get']('static:masterip', '') %}
+{% set es = salt['pillar.get']('static:managerip', '') %}
-{% set hivehost = salt['pillar.get']('static:masterip', '') %}
+{% set hivehost = salt['pillar.get']('static:managerip', '') %}
 {% set hivekey = salt['pillar.get']('static:hivekey', '') %}
-{% set MASTER = salt['pillar.get']('master:url_base', '') %}
+{% set MANAGER = salt['pillar.get']('manager:url_base', '') %}
 
 # Elastalert rule to forward Suricata alerts from Security Onion to a specified TheHive instance.
 #
@@ -39,7 +39,7 @@ hive_alert_config:
   title: '{match[rule][name]}'
   type: 'NIDS'
   source: 'SecurityOnion'
-  description: "`SOC Hunt Pivot:` \n\n <https://{{MASTER}}/#/hunt?q=network.community_id%3A%20%20%22{match[network][community_id]}%22%20%7C%20groupby%20source.ip%20destination.ip,event.module,%20event.dataset>  \n\n `Kibana Dashboard Pivot:` \n\n <https://{{MASTER}}/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'*:so-*',key:network.community_id,negate:!f,params:(query:'{match[network][community_id]}'),type:phrase),query:(match_phrase:(network.community_id:'{match[network][community_id]}')))),refreshInterval:(pause:!t,value:0),time:(from:now-7d,to:now))>  \n\n `IPs: `{match[source][ip]}:{match[source][port]} --> {match[destination][ip]}:{match[destination][port]} \n\n `Signature:`{match[rule][rule]}"
+  description: "`SOC Hunt Pivot:` \n\n <https://{{MANAGER}}/#/hunt?q=network.community_id%3A%20%20%22{match[network][community_id]}%22%20%7C%20groupby%20source.ip%20destination.ip,event.module,%20event.dataset>  \n\n `Kibana Dashboard Pivot:` \n\n <https://{{MANAGER}}/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'*:so-*',key:network.community_id,negate:!f,params:(query:'{match[network][community_id]}'),type:phrase),query:(match_phrase:(network.community_id:'{match[network][community_id]}')))),refreshInterval:(pause:!t,value:0),time:(from:now-7d,to:now))>  \n\n `IPs: `{match[source][ip]}:{match[source][port]} --> {match[destination][ip]}:{match[destination][port]} \n\n `Signature:`{match[rule][rule]}"
   severity: 2
   tags: ['{match[rule][uuid]}','{match[source][ip]}','{match[destination][ip]}']
   tlp: 3

salt/elastalert/files/rules/so/wazuh_thehive.yaml

@@ -1,7 +1,7 @@
-{% set es = salt['pillar.get']('static:masterip', '') %}
+{% set es = salt['pillar.get']('static:managerip', '') %}
-{% set hivehost = salt['pillar.get']('static:masterip', '') %}
+{% set hivehost = salt['pillar.get']('static:managerip', '') %}
 {% set hivekey = salt['pillar.get']('static:hivekey', '') %}
-{% set MASTER = salt['pillar.get']('master:url_base', '') %}
+{% set MANAGER = salt['pillar.get']('manager:url_base', '') %}
 
 # Elastalert rule to forward high level Wazuh alerts from Security Onion to a specified TheHive instance.
 #
@@ -38,7 +38,7 @@ hive_alert_config:
   title: '{match[rule][name]}'
   type: 'wazuh'
   source: 'SecurityOnion'
-  description: "`SOC Hunt Pivot:` \n\n <https://{{MASTER}}/#/hunt?q=event.module%3A%20ossec%20AND%20rule.id%3A{match[rule][id]}%20%7C%20groupby%20host.name%20rule.name>  \n\n `Kibana Dashboard Pivot:` \n\n <https://{{MASTER}}/kibana/app/kibana#/dashboard/ed6f7e20-e060-11e9-8f0c-2ddbf5ed9290?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'sid:')),sort:!('@timestamp',desc))>"
+  description: "`SOC Hunt Pivot:` \n\n <https://{{MANAGER}}/#/hunt?q=event.module%3A%20ossec%20AND%20rule.id%3A{match[rule][id]}%20%7C%20groupby%20host.name%20rule.name>  \n\n `Kibana Dashboard Pivot:` \n\n <https://{{MANAGER}}/kibana/app/kibana#/dashboard/ed6f7e20-e060-11e9-8f0c-2ddbf5ed9290?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'sid:')),sort:!('@timestamp',desc))>"
   severity: 2
   tags: ['{match[rule][id]}','{match[host][name]}']
   tlp: 3

salt/elastalert/init.sls

@@ -13,12 +13,12 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
 
-{% if grains['role'] in ['so-eval','so-mastersearch', 'so-master', 'so-standalone'] %}
+{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone'] %}
-  {% set esalert = salt['pillar.get']('master:elastalert', '1') %}
+  {% set esalert = salt['pillar.get']('manager:elastalert', '1') %}
-  {% set esip = salt['pillar.get']('master:mainip', '') %}
+  {% set esip = salt['pillar.get']('manager:mainip', '') %}
-  {% set esport = salt['pillar.get']('master:es_port', '') %}
+  {% set esport = salt['pillar.get']('manager:es_port', '') %}
 {% elif grains['role'] == 'so-node' %}
   {% set esalert = salt['pillar.get']('elasticsearch:elastalert', '0') %}
 {% endif %}
@@ -101,7 +101,7 @@ elastaconf:
 
 so-elastalert:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-elastalert:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-elastalert:{{ VERSION }}
     - hostname: elastalert
     - name: so-elastalert
     - user: elastalert

salt/elasticsearch/files/elasticsearch.yml

@@ -1,5 +1,5 @@
-{% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %}
+{% if grains['role'] == 'so-manager' or grains['role'] == 'so-eval' %}
-{%- set esclustername = salt['pillar.get']('master:esclustername', '') %}
+{%- set esclustername = salt['pillar.get']('manager:esclustername', '') %}
 cluster.name: "{{ esclustername }}"
 network.host: 0.0.0.0
 

salt/elasticsearch/init.sls

@@ -13,7 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
 
 {% if FEATURES %}
@@ -22,9 +22,9 @@
   {% set FEATURES = '' %}
 {% endif %}
 
-{% if grains['role'] in ['so-eval','so-mastersearch', 'so-master', 'so-standalone'] %}
+{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone'] %}
-  {% set esclustername = salt['pillar.get']('master:esclustername', '') %}
+  {% set esclustername = salt['pillar.get']('manager:esclustername', '') %}
-  {% set esheap = salt['pillar.get']('master:esheap', '') %}
+  {% set esheap = salt['pillar.get']('manager:esheap', '') %}
 {% elif grains['role'] in ['so-node','so-heavynode'] %}
   {% set esclustername = salt['pillar.get']('elasticsearch:esclustername', '') %}
   {% set esheap = salt['pillar.get']('elasticsearch:esheap', '') %}
@@ -101,7 +101,7 @@ eslogdir:
 
 so-elasticsearch:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-elasticsearch:{{ VERSION }}{{ FEATURES }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-elasticsearch:{{ VERSION }}{{ FEATURES }}
     - hostname: elasticsearch
     - name: so-elasticsearch
     - user: elasticsearch
@@ -141,7 +141,7 @@ so-elasticsearch-pipelines:
       - file: esyml
       - file: so-elasticsearch-pipelines-file
 
-{% if grains['role'] in ['so-master', 'so-eval', 'so-mastersearch', 'so-standalone'] %}
+{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone'] %}
 so-elasticsearch-templates:
   cmd.run:
     - name: /usr/sbin/so-elasticsearch-templates

salt/filebeat/etc/filebeat.yml

@@ -1,7 +1,7 @@
 {%- if grains.role == 'so-heavynode' %}
-{%- set MASTER = salt['pillar.get']('sensor:mainip' '') %}
+{%- set MANAGER = salt['pillar.get']('sensor:mainip' '') %}
 {%- else %}
-{%- set MASTER = grains['master'] %}
+{%- set MANAGER = grains['manager'] %}
 {%- endif %}
 
 
@@ -9,7 +9,7 @@
 {%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %}
 {%- set WAZUHENABLED = salt['pillar.get']('static:wazuh', '0') %}
 {%- set STRELKAENABLED = salt['pillar.get']('strelka:enabled', '0') %}
-{%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
+{%- set FLEETMANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
 {%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
 
 name: {{ HOSTNAME }}
@@ -214,7 +214,7 @@ filebeat.inputs:
 
 {%- endif %}
 
-{%- if FLEETMASTER or FLEETNODE %}
+{%- if FLEETMANAGER or FLEETNODE %}
 
 - type: log
   paths:
@@ -252,7 +252,7 @@ output.{{ type }}:
   {%- if grains['role'] == "so-eval" %}
 output.elasticsearch:
   enabled: true
-  hosts: ["{{ MASTER }}:9200"]
+  hosts: ["{{ MANAGER }}:9200"]
   pipelines:
     - pipeline: "%{[module]}.%{[dataset]}"
   indices:
@@ -280,7 +280,7 @@ output.logstash:
   enabled: true
 
   # The Logstash hosts
-  hosts: ["{{ MASTER }}:5644"]
+  hosts: ["{{ MANAGER }}:5644"]
 
   # Number of workers per Logstash host.
   #worker: 1

salt/filebeat/init.sls

@@ -12,8 +12,8 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
-{% set MASTERIP = salt['pillar.get']('static:masterip', '') %}
+{% set MANAGERIP = salt['pillar.get']('static:managerip', '') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
 {% if FEATURES %}
   {% set FEATURES = "-features" %}
@@ -51,10 +51,10 @@ filebeatconfsync:
         OUTPUT: {{ salt['pillar.get']('filebeat:config:output', {}) }}
 so-filebeat:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-filebeat:{{ VERSION }}{{ FEATURES }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-filebeat:{{ VERSION }}{{ FEATURES }}
     - hostname: so-filebeat
     - user: root
-    - extra_hosts: {{ MASTER }}:{{ MASTERIP }}
+    - extra_hosts: {{ MANAGER }}:{{ MANAGERIP }}
     - binds:
       - /nsm:/nsm:ro
       - /opt/so/log/filebeat:/usr/share/filebeat/logs:rw

salt/firewall/assigned_hostgroups.map.yaml

@@ -6,7 +6,7 @@ role:
     chain:
       DOCKER-USER:
         hostgroups:
-          master:
+          manager:
             portgroups:
               - {{ portgroups.wazuh_agent }}
               - {{ portgroups.wazuh_api }}
@@ -85,12 +85,12 @@ role:
               - {{ portgroups.all }}
           minion:
             portgroups:
-              - {{ portgroups.salt_master }}
+              - {{ portgroups.salt_manager }}
-  master:
+  manager:
     chain:
       DOCKER-USER:
         hostgroups:
-          master:
+          manager:
             portgroups:
               - {{ portgroups.wazuh_agent }}
               - {{ portgroups.wazuh_api }}
@@ -166,12 +166,12 @@ role:
               - {{ portgroups.all }}
           minion:
             portgroups:
-              - {{ portgroups.salt_master }}
+              - {{ portgroups.salt_manager }}
-  mastersearch:
+  managersearch:
     chain:
       DOCKER-USER:
         hostgroups:
-          master:
+          manager:
             portgroups:
               - {{ portgroups.wazuh_agent }}
               - {{ portgroups.wazuh_api }}
@@ -247,12 +247,12 @@ role:
               - {{ portgroups.all }}
           minion:
             portgroups:
-              - {{ portgroups.salt_master }}
+              - {{ portgroups.salt_manager }}
   standalone:
     chain:
       DOCKER-USER:
         hostgroups:
-          master:
+          manager:
             portgroups:
               - {{ portgroups.wazuh_agent }}
               - {{ portgroups.wazuh_api }}
@@ -328,12 +328,12 @@ role:
               - {{ portgroups.all }}
           minion:
             portgroups:
-              - {{ portgroups.salt_master }}
+              - {{ portgroups.salt_manager }}
   helixsensor:
     chain:
       DOCKER-USER:
         hostgroups:
-          master:
+          manager:
             portgroups:
               - {{ portgroups.wazuh_agent }}
               - {{ portgroups.playbook }}
@@ -391,12 +391,12 @@ role:
               - {{ portgroups.all }}
           minion:
             portgroups:
-              - {{ portgroups.salt_master }}
+              - {{ portgroups.salt_manager }}
   searchnode:
     chain:
       DOCKER-USER:
         hostgroups:
-          master:
+          manager:
             portgroups:
               - {{ portgroups.elasticsearch_node }}
           dockernet:

salt/firewall/hostgroups.yaml

@@ -19,4 +19,4 @@ firewall:
       ips:
         delete:
         insert:
-          - {{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}
+          - {{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}

salt/firewall/portgroups.yaml

@@ -61,7 +61,7 @@ firewall:
       redis:
         tcp:
           - 6379
-      salt_master:
+      salt_manager:
         tcp:
           - 4505
           - 4506

salt/fleet/event_gen-packages.sls

@@ -1,4 +1,4 @@
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
 {% set ENROLLSECRET = salt['pillar.get']('secrets:fleet_enroll-secret') %}
 {% set CURRENTPACKAGEVERSION = salt['pillar.get']('static:fleet_packages-version') %}
 {% set VERSION = salt['pillar.get']('static:soversion') %}
@@ -19,6 +19,6 @@ so/fleet:
         mainip: {{ grains.host }}
         enroll-secret: {{ ENROLLSECRET }}
         current-package-version: {{ CURRENTPACKAGEVERSION }}
-        master: {{ MASTER }}
+        manager: {{ MANAGER }}
         version: {{ VERSION }}
         

salt/fleet/init.sls

@@ -2,14 +2,14 @@
 {%- set FLEETPASS = salt['pillar.get']('secrets:fleet', None) -%}
 {%- set FLEETJWT = salt['pillar.get']('secrets:fleet_jwt', None) -%}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
 {% set FLEETARCH = salt['grains.get']('role') %}
 
 {% if FLEETARCH == "so-fleet" %}
   {% set MAININT = salt['pillar.get']('host:mainint') %}
   {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
 {% else %}
-  {% set MAINIP = salt['pillar.get']('static:masterip') %}
+  {% set MAINIP = salt['pillar.get']('static:managerip') %}
 {% endif %}
 
 include:
@@ -105,7 +105,7 @@ fleet_password_none:
 
 so-fleet:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-fleet:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-fleet:{{ VERSION }}
     - hostname: so-fleet
     - port_bindings:
       - 0.0.0.0:8080:8080

salt/fleet/install_package.sls

@@ -1,4 +1,4 @@
-{%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
+{%- set FLEETMANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
 {%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
 {%- set FLEETHOSTNAME = salt['pillar.get']('static:fleet_hostname', False) -%}
 {%- set FLEETIP = salt['pillar.get']('static:fleet_ip', False) -%}

salt/grafana/etc/dashboards/dashboard.yml

@@ -9,14 +9,14 @@ providers:
   disableDeletion: false
   editable: true
   options:
-    path: /etc/grafana/grafana_dashboards/master
+    path: /etc/grafana/grafana_dashboards/manager
 - name: 'Master Search'
   folder: 'Master Search'
   type: file
   disableDeletion: false
   editable: true
   options:
-    path: /etc/grafana/grafana_dashboards/mastersearch
+    path: /etc/grafana/grafana_dashboards/managersearch
 - name: 'Sensor Nodes'
   folder: 'Sensor Nodes'
   type: file

salt/grafana/etc/datasources/influxdb.yaml

@@ -1,4 +1,4 @@
-{%- set MASTER = salt['pillar.get']('static:masterip', '') %}
+{%- set MANAGER = salt['pillar.get']('static:managerip', '') %}
 apiVersion: 1
 
 deleteDatasources:
@@ -10,7 +10,7 @@ datasources:
     type: influxdb
     access: proxy
     database: telegraf
-    url: https://{{ MASTER }}:8086
+    url: https://{{ MANAGER }}:8086
     jsonData:
       tlsAuth: false
       tlsAuthWithCACert: false

salt/grafana/init.sls

@@ -1,8 +1,8 @@
-{% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
+{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 
-{% if grains['role'] in ['so-master', 'so-mastersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %}
+{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %}
 
 # Grafana all the things
 grafanadir:
@@ -28,14 +28,14 @@ grafanadashdir:
 
 grafanadashmdir:
   file.directory:
-    - name: /opt/so/conf/grafana/grafana_dashboards/master
+    - name: /opt/so/conf/grafana/grafana_dashboards/manager
     - user: 939
     - group: 939
     - makedirs: True
 
 grafanadashmsdir:
   file.directory:
-    - name: /opt/so/conf/grafana/grafana_dashboards/mastersearch
+    - name: /opt/so/conf/grafana/grafana_dashboards/managersearch
     - user: 939
     - group: 939
     - makedirs: True
@@ -76,17 +76,17 @@ grafanaconf:
     - template: jinja
     - source: salt://grafana/etc
 
-{% if salt['pillar.get']('mastertab', False) %}
+{% if salt['pillar.get']('managertab', False) %}
-{% for SN, SNDATA in salt['pillar.get']('mastertab', {}).items() %}
+{% for SN, SNDATA in salt['pillar.get']('managertab', {}).items() %}
 {% set NODETYPE = SN.split('_')|last %}
 {% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
-dashboard-master:
+dashboard-manager:
   file.managed:
-    - name: /opt/so/conf/grafana/grafana_dashboards/master/{{ SN }}-Master.json
+    - name: /opt/so/conf/grafana/grafana_dashboards/manager/{{ SN }}-Master.json
     - user: 939
     - group: 939
     - template: jinja
-    - source: salt://grafana/dashboards/master/master.json
+    - source: salt://grafana/dashboards/manager/manager.json
     - defaults:
       SERVERNAME: {{ SN }}
       MANINT: {{ SNDATA.manint }}
@@ -99,17 +99,17 @@ dashboard-master:
 {% endfor %}
 {% endif %}
 
-{% if salt['pillar.get']('mastersearchtab', False) %}
+{% if salt['pillar.get']('managersearchtab', False) %}
-{% for SN, SNDATA in salt['pillar.get']('mastersearchtab', {}).items() %}
+{% for SN, SNDATA in salt['pillar.get']('managersearchtab', {}).items() %}
 {% set NODETYPE = SN.split('_')|last %}
 {% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
-dashboard-mastersearch:
+dashboard-managersearch:
   file.managed:
-    - name: /opt/so/conf/grafana/grafana_dashboards/mastersearch/{{ SN }}-MasterSearch.json
+    - name: /opt/so/conf/grafana/grafana_dashboards/managersearch/{{ SN }}-MasterSearch.json
     - user: 939
     - group: 939
     - template: jinja
-    - source: salt://grafana/dashboards/mastersearch/mastersearch.json
+    - source: salt://grafana/dashboards/managersearch/managersearch.json
     - defaults:
       SERVERNAME: {{ SN }}
       MANINT: {{ SNDATA.manint }}
@@ -216,7 +216,7 @@ dashboard-{{ SN }}:
 
 so-grafana:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-grafana:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-grafana:{{ VERSION }}
     - hostname: grafana
     - user: socore
     - binds:

salt/idstools/init.sls

@@ -13,7 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
 # IDSTools Setup
 idstoolsdir:
   file.directory:
@@ -60,7 +60,7 @@ synclocalnidsrules:
 
 so-idstools:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-idstools:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-idstools:{{ VERSION }}
     - hostname: so-idstools
     - user: socore
     - binds:

salt/influxdb/init.sls

@@ -1,9 +1,9 @@
-{% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
+{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 
 
-{% if grains['role'] in ['so-master', 'so-mastersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %}
+{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %}
 
 # Influx DB
 influxconfdir:
@@ -26,7 +26,7 @@ influxdbconf:
 
 so-influxdb:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-influxdb:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-influxdb:{{ VERSION }}
     - hostname: influxdb
     - environment:
       - INFLUXDB_HTTP_LOG_ENABLED=false

salt/kibana/bin/keepkibanahappy.sh

@@ -1,4 +1,4 @@
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 # Wait for ElasticSearch to come up, so that we can query for version infromation
 echo -n "Waiting for ElasticSearch..."
 COUNT=0

salt/kibana/bin/so-kibana-config-load

@@ -1,20 +1,20 @@
 #!/bin/bash
-# {%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master', False) -%}
+# {%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
 # {%- set FLEET_NODE = salt['pillar.get']('static:fleet_node', False) -%}
-# {%- set MASTER = salt['pillar.get']('master:url_base', '') %}
+# {%- set MANAGER = salt['pillar.get']('manager:url_base', '') %}
 
 KIBANA_VERSION="7.6.1"
 
 # Copy template file
 cp /opt/so/conf/kibana/saved_objects.ndjson.template /opt/so/conf/kibana/saved_objects.ndjson
 
-# {% if FLEET_NODE or FLEET_MASTER %}
+# {% if FLEET_NODE or FLEET_MANAGER %}
 # Fleet IP
-sed -i "s/FLEETPLACEHOLDER/{{ MASTER }}/g" /opt/so/conf/kibana/saved_objects.ndjson
+sed -i "s/FLEETPLACEHOLDER/{{ MANAGER }}/g" /opt/so/conf/kibana/saved_objects.ndjson
 # {% endif %}
 
 # SOCtopus and Master
-sed -i "s/PLACEHOLDER/{{ MASTER }}/g" /opt/so/conf/kibana/saved_objects.ndjson
+sed -i "s/PLACEHOLDER/{{ MANAGER }}/g" /opt/so/conf/kibana/saved_objects.ndjson
 
 # Load saved objects
 curl -X POST "localhost:5601/api/saved_objects/_import" -H "kbn-xsrf: true" --form file=@/opt/so/conf/kibana/saved_objects.ndjson > /dev/null 2>&1

salt/kibana/etc/kibana.yml

@@ -1,6 +1,6 @@
 ---
 # Default Kibana configuration from kibana-docker.
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 server.name: kibana
 server.host: "0"
 server.basePath: /kibana

salt/kibana/init.sls

@@ -1,5 +1,5 @@
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
 {% if FEATURES %}
   {% set FEATURES = "-features" %}
@@ -69,13 +69,13 @@ kibanabin:
 # Start the kibana docker
 so-kibana:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-kibana:{{ VERSION }}{{ FEATURES }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-kibana:{{ VERSION }}{{ FEATURES }}
     - hostname: kibana
     - user: kibana
     - environment:
-      - ELASTICSEARCH_HOST={{ MASTER }}
+      - ELASTICSEARCH_HOST={{ MANAGER }}
       - ELASTICSEARCH_PORT=9200
-      - MASTER={{ MASTER }}
+      - MANAGER={{ MANAGER }}
     - binds:
       - /opt/so/conf/kibana/etc:/usr/share/kibana/config:rw
       - /opt/so/log/kibana:/var/log/kibana:rw
@@ -94,7 +94,7 @@ kibanadashtemplate:
 wait_for_kibana:
   module.run:
     - http.wait_for_successful_query:
-      - url: "http://{{MASTER}}:5601/api/saved_objects/_find?type=config"
+      - url: "http://{{MANAGER}}:5601/api/saved_objects/_find?type=config"
       - wait_for: 180
     - onchanges:
       - file: kibanadashtemplate

salt/logstash/init.sls

@@ -13,7 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
 
 {% if FEATURES %}
@@ -24,13 +24,13 @@
 
 # Logstash Section - Decide which pillar to use
 {% set lsheap = salt['pillar.get']('logstash_settings:lsheap', '') %}
-{% if grains['role'] in ['so-eval','so-mastersearch', 'so-master', 'so-standalone'] %}
+{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone'] %}
-  {% set freq = salt['pillar.get']('master:freq', '0') %}
+  {% set freq = salt['pillar.get']('manager:freq', '0') %}
-  {% set dstats = salt['pillar.get']('master:domainstats', '0') %}
+  {% set dstats = salt['pillar.get']('manager:domainstats', '0') %}
   {% set nodetype = salt['grains.get']('role', '')  %}
 {% elif grains['role'] == 'so-helix' %}
-  {% set freq = salt['pillar.get']('master:freq', '0') %}
+  {% set freq = salt['pillar.get']('manager:freq', '0') %}
-  {% set dstats = salt['pillar.get']('master:domainstats', '0') %}
+  {% set dstats = salt['pillar.get']('manager:domainstats', '0') %}
   {% set nodetype = salt['grains.get']('role', '')  %}
 {% endif %}
 
@@ -159,7 +159,7 @@ lslogdir:
 
 so-logstash:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-logstash:{{ VERSION }}{{ FEATURES }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-logstash:{{ VERSION }}{{ FEATURES }}
     - hostname: so-logstash
     - name: so-logstash
     - user: logstash

salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja

@@ -1,13 +1,13 @@
 {%- if grains.role == 'so-heavynode' %}
-{%- set MASTER = salt['pillar.get']('elasticsearch:mainip', '') %}
+{%- set MANAGER = salt['pillar.get']('elasticsearch:mainip', '') %}
 {%- else %}
-{%- set MASTER = salt['pillar.get']('static:masterip', '') %}
+{%- set MANAGER = salt['pillar.get']('static:managerip', '') %}
 {% endif -%}
 {%- set THREADS = salt['pillar.get']('logstash_settings:ls_input_threads', '') %}
 
 input {
 	redis {
-		host => '{{ MASTER }}'
+		host => '{{ MANAGER }}'
 		data_type => 'list'
 		key => 'logstash:unparsed'
 		type => 'redis-input'

salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9001_output_switch.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9002_output_import.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9026_output_dhcp.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9029_output_esxi.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9030_output_greensql.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9031_output_iis.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9032_output_mcafee.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9300_output_windows.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9301_output_dns_windows.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja

@@ -1,5 +1,5 @@
 {%- if grains['role'] == 'so-eval' -%}
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}

salt/logstash/pipelines/config/so/9999_output_redis.conf.jinja

@@ -1,9 +1,9 @@
-{% set MASTER = salt['pillar.get']('static:masterip', '') %}
+{% set MANAGER = salt['pillar.get']('static:managerip', '') %}
 {% set BATCH = salt['pillar.get']('logstash_settings:ls_pipeline_batch_size', 125) %}
 
 output {
 	redis {
-		host => '{{ MASTER }}'
+		host => '{{ MANAGER }}'
 		data_type => 'list'
 		key => 'logstash:unparsed'
 		congestion_interval => 1

salt/manager/files/registry/scripts/so-docker-download

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-MASTER={{ MASTER }}
+MANAGER={{ MANAGER }}
 VERSION="HH1.2.2"
 TRUSTED_CONTAINERS=( \
 "so-nginx:$VERSION" \
@@ -41,6 +41,6 @@ do
   # Pull down the trusted docker image
   docker pull --disable-content-trust=false docker.io/soshybridhunter/$i
   # Tag it with the new registry destination
-  docker tag soshybridhunter/$i $MASTER:5000/soshybridhunter/$i
+  docker tag soshybridhunter/$i $MANAGER:5000/soshybridhunter/$i
-  docker push $MASTER:5000/soshybridhunter/$i
+  docker push $MANAGER:5000/soshybridhunter/$i
 done

salt/manager/init.sls

@@ -13,8 +13,8 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
-{% set masterproxy = salt['pillar.get']('static:masterupdate', '0') %}
+{% set managerproxy = salt['pillar.get']('static:managerupdate', '0') %}
 
 socore_own_saltstack:
   file.directory:
@@ -25,7 +25,7 @@ socore_own_saltstack:
       - user
       - group
 
-{% if masterproxy == 1 %}
+{% if managerproxy == 1 %}
 
 # Create the directories for apt-cacher-ng
 aptcacherconfdir:
@@ -54,12 +54,12 @@ aptcacherlogdir:
 acngcopyconf:
   file.managed:
     - name: /opt/so/conf/aptcacher-ng/etc/acng.conf
-    - source: salt://master/files/acng/acng.conf
+    - source: salt://manager/files/acng/acng.conf
 
 # Install the apt-cacher-ng container
 so-aptcacherng:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-acng:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-acng:{{ VERSION }}
     - hostname: so-acng
     - restart_policy: always
     - port_bindings:

salt/minio/init.sls

@@ -13,8 +13,8 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-{% set access_key = salt['pillar.get']('master:access_key', '') %}
+{% set access_key = salt['pillar.get']('manager:access_key', '') %}
-{% set access_secret = salt['pillar.get']('master:access_secret', '') %}
+{% set access_secret = salt['pillar.get']('manager:access_secret', '') %}
 
 # Minio Setup
 minioconfdir:

salt/mysql/init.sls

@@ -1,7 +1,7 @@
 {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) %}
-{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
+{%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
 {% set MAINIP = salt['pillar.get']('elasticsearch:mainip') %}
 {% set FLEETARCH = salt['grains.get']('role') %}
 
@@ -9,7 +9,7 @@
   {% set MAININT = salt['pillar.get']('host:mainint') %}
   {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
 {% else %}
-  {% set MAINIP = salt['pillar.get']('static:masterip') %}
+  {% set MAINIP = salt['pillar.get']('static:managerip') %}
 {% endif %}
 
 # MySQL Setup
@@ -71,7 +71,7 @@ mysql_password_none:
 
 so-mysql:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-mysql:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-mysql:{{ VERSION }}
     - hostname: so-mysql
     - user: socore
     - port_bindings:

salt/nginx/etc/nginx.conf.so-eval

@@ -1,5 +1,5 @@
-{%- set masterip = salt['pillar.get']('master:mainip', '') %}
+{%- set managerip = salt['pillar.get']('manager:mainip', '') %}
-{%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %}
+{%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager') %}
 {%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
 {%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %}
 # For more information on configuration, see:
@@ -66,7 +66,7 @@ http {
 			return 301 https://$host$request_uri;
 	}
 
-{% if FLEET_MASTER %}
+{% if FLEET_MANAGER %}
 	server {
 		listen       8090 ssl http2 default_server;
 		server_name  _;
@@ -81,7 +81,7 @@ http {
 		ssl_prefer_server_ciphers on;
 
 		location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
-			grpc_pass  grpcs://{{ masterip }}:8080;
+			grpc_pass  grpcs://{{ managerip }}:8080;
 			grpc_set_header Host $host;
 			grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 			proxy_buffering off;
@@ -110,7 +110,7 @@ http {
 		#include /etc/nginx/default.d/*.conf;
 
 		location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
-			proxy_pass            http://{{ masterip }}:9822;
+			proxy_pass            http://{{ managerip }}:9822;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -124,7 +124,7 @@ http {
 
 		location / {
 			auth_request          /auth/sessions/whoami;
-			proxy_pass            http://{{ masterip }}:9822/;
+			proxy_pass            http://{{ managerip }}:9822/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -138,7 +138,7 @@ http {
 
 		location ~ ^/auth/.*?(whoami|login|logout|settings) {
 			rewrite               /auth/(.*) /$1 break;
-			proxy_pass            http://{{ masterip }}:4433;
+			proxy_pass            http://{{ managerip }}:4433;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -185,7 +185,7 @@ http {
 		location /grafana/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /grafana/(.*) /$1 break;
-			proxy_pass            http://{{ masterip }}:3000/;
+			proxy_pass            http://{{ managerip }}:3000/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -198,7 +198,7 @@ http {
 		location /kibana/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /kibana/(.*) /$1 break;
-			proxy_pass            http://{{ masterip }}:5601/;
+			proxy_pass            http://{{ managerip }}:5601/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -209,7 +209,7 @@ http {
 		}
 
 		location /nodered/ {
-			proxy_pass http://{{ masterip }}:1880/;
+			proxy_pass http://{{ managerip }}:1880/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -222,7 +222,7 @@ http {
 		}
 		
 		location /playbook/ {
-			proxy_pass            http://{{ masterip }}:3200/playbook/;
+			proxy_pass            http://{{ managerip }}:3200/playbook/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -238,7 +238,7 @@ http {
 		}
 	{%- else %}
 		location /fleet/ {
-			proxy_pass https://{{ masterip }}:8080;
+			proxy_pass https://{{ managerip }}:8080;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -250,7 +250,7 @@ http {
 	{%- endif %}
 
 		location /thehive/ {
-			proxy_pass            http://{{ masterip }}:9000/thehive/;
+			proxy_pass            http://{{ managerip }}:9000/thehive/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_http_version    1.1; # this is essential for chunked responses to work
@@ -262,7 +262,7 @@ http {
 		}
 
 		location /cortex/ {
-			proxy_pass            http://{{ masterip }}:9001/cortex/;
+			proxy_pass            http://{{ managerip }}:9001/cortex/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_http_version    1.1; # this is essential for chunked responses to work
@@ -274,7 +274,7 @@ http {
 		}
 		
 		location /soctopus/ {
-			proxy_pass            http://{{ masterip }}:7000/;
+			proxy_pass            http://{{ managerip }}:7000/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -297,7 +297,7 @@ http {
 		}
 
 		location /sensoroniagents/ {
-			proxy_pass            http://{{ masterip }}:9822/;
+			proxy_pass            http://{{ managerip }}:9822/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;

salt/nginx/etc/nginx.conf.so-manager

@@ -1,5 +1,5 @@
-{%- set masterip = salt['pillar.get']('master:mainip', '') %}
+{%- set managerip = salt['pillar.get']('manager:mainip', '') %}
-{%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %}
+{%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager') %}
 {%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
 {%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %}
 # For more information on configuration, see:
@@ -66,7 +66,7 @@ http {
 			return 301 https://$host$request_uri;
 	}
 
-{% if FLEET_MASTER %}
+{% if FLEET_MANAGER %}
 	server {
 		listen       8090 ssl http2 default_server;
 		server_name  _;
@@ -81,7 +81,7 @@ http {
 		ssl_prefer_server_ciphers on;
 
 		location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
-			grpc_pass  grpcs://{{ masterip }}:8080;
+			grpc_pass  grpcs://{{ managerip }}:8080;
 			grpc_set_header Host $host;
 			grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 			proxy_buffering off;
@@ -110,7 +110,7 @@ http {
 		#include /etc/nginx/default.d/*.conf;
 
 		location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
-			proxy_pass            http://{{ masterip }}:9822;
+			proxy_pass            http://{{ managerip }}:9822;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -124,7 +124,7 @@ http {
 
 		location / {
 			auth_request          /auth/sessions/whoami;
-			proxy_pass            http://{{ masterip }}:9822/;
+			proxy_pass            http://{{ managerip }}:9822/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -138,7 +138,7 @@ http {
 
 		location ~ ^/auth/.*?(whoami|login|logout|settings) {
 			rewrite               /auth/(.*) /$1 break;
-			proxy_pass            http://{{ masterip }}:4433;
+			proxy_pass            http://{{ managerip }}:4433;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -185,7 +185,7 @@ http {
 		location /grafana/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /grafana/(.*) /$1 break;
-			proxy_pass            http://{{ masterip }}:3000/;
+			proxy_pass            http://{{ managerip }}:3000/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -198,7 +198,7 @@ http {
 		location /kibana/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /kibana/(.*) /$1 break;
-			proxy_pass            http://{{ masterip }}:5601/;
+			proxy_pass            http://{{ managerip }}:5601/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -209,7 +209,7 @@ http {
 		}
 
 		location /nodered/ {
-			proxy_pass http://{{ masterip }}:1880/;
+			proxy_pass http://{{ managerip }}:1880/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -222,7 +222,7 @@ http {
 		}
 		
 		location /playbook/ {
-			proxy_pass            http://{{ masterip }}:3200/playbook/;
+			proxy_pass            http://{{ managerip }}:3200/playbook/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -238,7 +238,7 @@ http {
 		}
 	{%- else %}
 		location /fleet/ {
-			proxy_pass https://{{ masterip }}:8080;
+			proxy_pass https://{{ managerip }}:8080;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -250,7 +250,7 @@ http {
 	{%- endif %}
 
 		location /thehive/ {
-			proxy_pass            http://{{ masterip }}:9000/thehive/;
+			proxy_pass            http://{{ managerip }}:9000/thehive/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_http_version    1.1; # this is essential for chunked responses to work
@@ -262,7 +262,7 @@ http {
 		}
 
 		location /cortex/ {
-			proxy_pass            http://{{ masterip }}:9001/cortex/;
+			proxy_pass            http://{{ managerip }}:9001/cortex/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_http_version    1.1; # this is essential for chunked responses to work
@@ -274,7 +274,7 @@ http {
 		}
 		
 		location /soctopus/ {
-			proxy_pass            http://{{ masterip }}:7000/;
+			proxy_pass            http://{{ managerip }}:7000/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -297,7 +297,7 @@ http {
 		}
 
 		location /sensoroniagents/ {
-			proxy_pass            http://{{ masterip }}:9822/;
+			proxy_pass            http://{{ managerip }}:9822/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;

salt/nginx/etc/nginx.conf.so-managersearch

@@ -1,5 +1,5 @@
-{%- set masterip = salt['pillar.get']('master:mainip', '') %}
+{%- set managerip = salt['pillar.get']('manager:mainip', '') %}
-{%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %}
+{%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager') %}
 {%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
 {%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %}
 # For more information on configuration, see:
@@ -66,7 +66,7 @@ http {
 		return 301 https://$host$request_uri;
 	}
 
-{% if FLEET_MASTER %}
+{% if FLEET_MANAGER %}
 	server {
 		listen       8090 ssl http2 default_server;
 		server_name  _;
@@ -81,7 +81,7 @@ http {
 		ssl_prefer_server_ciphers on;
 
 		location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
-			grpc_pass  grpcs://{{ masterip }}:8080;
+			grpc_pass  grpcs://{{ managerip }}:8080;
 			grpc_set_header Host $host;
 			grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 			proxy_buffering off;
@@ -109,7 +109,7 @@ http {
 		#include /etc/nginx/default.d/*.conf;
 
 		location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
-			proxy_pass            http://{{ masterip }}:9822;
+			proxy_pass            http://{{ managerip }}:9822;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -123,7 +123,7 @@ http {
 
 		location / {
 			auth_request          /auth/sessions/whoami;
-			proxy_pass            http://{{ masterip }}:9822/;
+			proxy_pass            http://{{ managerip }}:9822/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -137,7 +137,7 @@ http {
 
 		location ~ ^/auth/.*?(whoami|login|logout|settings) {
 			rewrite               /auth/(.*) /$1 break;
-			proxy_pass            http://{{ masterip }}:4433;
+			proxy_pass            http://{{ managerip }}:4433;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -184,7 +184,7 @@ http {
 		location /grafana/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /grafana/(.*) /$1 break;
-			proxy_pass            http://{{ masterip }}:3000/;
+			proxy_pass            http://{{ managerip }}:3000/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -197,7 +197,7 @@ http {
 		location /kibana/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /kibana/(.*) /$1 break;
-			proxy_pass            http://{{ masterip }}:5601/;
+			proxy_pass            http://{{ managerip }}:5601/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -208,7 +208,7 @@ http {
 		}
 
 		location /nodered/ {
-			proxy_pass http://{{ masterip }}:1880/;
+			proxy_pass http://{{ managerip }}:1880/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -221,7 +221,7 @@ http {
 		}
 		
 		location /playbook/ {
-			proxy_pass            http://{{ masterip }}:3200/playbook/;
+			proxy_pass            http://{{ managerip }}:3200/playbook/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -237,7 +237,7 @@ http {
 		}
 	{%- else %}
 		location /fleet/ {
-			proxy_pass https://{{ masterip }}:8080;
+			proxy_pass https://{{ managerip }}:8080;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -249,7 +249,7 @@ http {
 	{%- endif %}
 
 		location /thehive/ {
-			proxy_pass            http://{{ masterip }}:9000/thehive/;
+			proxy_pass            http://{{ managerip }}:9000/thehive/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_http_version    1.1; # this is essential for chunked responses to work
@@ -261,7 +261,7 @@ http {
 		}
 
 		location /cortex/ {
-			proxy_pass            http://{{ masterip }}:9001/cortex/;
+			proxy_pass            http://{{ managerip }}:9001/cortex/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_http_version    1.1; # this is essential for chunked responses to work
@@ -273,7 +273,7 @@ http {
 		}
 		
 		location /soctopus/ {
-			proxy_pass            http://{{ masterip }}:7000/;
+			proxy_pass            http://{{ managerip }}:7000/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -296,7 +296,7 @@ http {
 		}
 
 		location /sensoroniagents/ {
-			proxy_pass            http://{{ masterip }}:9822/;
+			proxy_pass            http://{{ managerip }}:9822/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;

salt/nginx/etc/nginx.conf.so-standalone

@@ -1,5 +1,5 @@
-{%- set masterip = salt['pillar.get']('master:mainip', '') %}
+{%- set managerip = salt['pillar.get']('manager:mainip', '') %}
-{%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %}
+{%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager') %}
 {%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
 {%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %}
 # For more information on configuration, see:
@@ -66,7 +66,7 @@ http {
 			return 301 https://$host$request_uri;
 	}
 
-{% if FLEET_MASTER %}
+{% if FLEET_MANAGER %}
 	server {
 		listen       8090 ssl http2 default_server;
 		server_name  _;
@@ -81,7 +81,7 @@ http {
 		ssl_prefer_server_ciphers on;
 
 		location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
-			grpc_pass  grpcs://{{ masterip }}:8080;
+			grpc_pass  grpcs://{{ managerip }}:8080;
 			grpc_set_header Host $host;
 			grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 			proxy_buffering off;
@@ -110,7 +110,7 @@ http {
 		#include /etc/nginx/default.d/*.conf;
 
 		location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
-			proxy_pass            http://{{ masterip }}:9822;
+			proxy_pass            http://{{ managerip }}:9822;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -124,7 +124,7 @@ http {
 
 		location / {
 			auth_request          /auth/sessions/whoami;
-			proxy_pass            http://{{ masterip }}:9822/;
+			proxy_pass            http://{{ managerip }}:9822/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -138,7 +138,7 @@ http {
 
 		location ~ ^/auth/.*?(whoami|login|logout|settings) {
 			rewrite               /auth/(.*) /$1 break;
-			proxy_pass            http://{{ masterip }}:4433;
+			proxy_pass            http://{{ managerip }}:4433;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -185,7 +185,7 @@ http {
 		location /grafana/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /grafana/(.*) /$1 break;
-			proxy_pass            http://{{ masterip }}:3000/;
+			proxy_pass            http://{{ managerip }}:3000/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -198,7 +198,7 @@ http {
 		location /kibana/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /kibana/(.*) /$1 break;
-			proxy_pass            http://{{ masterip }}:5601/;
+			proxy_pass            http://{{ managerip }}:5601/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -209,7 +209,7 @@ http {
 		}
 
 		location /nodered/ {
-			proxy_pass http://{{ masterip }}:1880/;
+			proxy_pass http://{{ managerip }}:1880/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -222,7 +222,7 @@ http {
 		}
 		
 		location /playbook/ {
-			proxy_pass            http://{{ masterip }}:3200/playbook/;
+			proxy_pass            http://{{ managerip }}:3200/playbook/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -238,7 +238,7 @@ http {
 		}
 	{%- else %}
 		location /fleet/ {
-			proxy_pass https://{{ masterip }}:8080;
+			proxy_pass https://{{ managerip }}:8080;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -250,7 +250,7 @@ http {
 	{%- endif %}
 
 		location /thehive/ {
-			proxy_pass            http://{{ masterip }}:9000/thehive/;
+			proxy_pass            http://{{ managerip }}:9000/thehive/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_http_version    1.1; # this is essential for chunked responses to work
@@ -262,7 +262,7 @@ http {
 		}
 
 		location /cortex/ {
-			proxy_pass            http://{{ masterip }}:9001/cortex/;
+			proxy_pass            http://{{ managerip }}:9001/cortex/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_http_version    1.1; # this is essential for chunked responses to work
@@ -274,7 +274,7 @@ http {
 		}
 		
 		location /soctopus/ {
-			proxy_pass            http://{{ masterip }}:7000/;
+			proxy_pass            http://{{ managerip }}:7000/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -297,7 +297,7 @@ http {
 		}
 
 		location /sensoroniagents/ {
-			proxy_pass            http://{{ masterip }}:9822/;
+			proxy_pass            http://{{ managerip }}:9822/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;

salt/nginx/files/navigator_config.json

@@ -1,4 +1,4 @@
-{%- set ip = salt['pillar.get']('static:masterip', '') %}
+{%- set ip = salt['pillar.get']('static:managerip', '') %}
 
 {
     "enterprise_attack_url": "https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json",

salt/nginx/init.sls

@@ -1,6 +1,6 @@
-{% set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) %}
+{% set FLEETMANAGER = salt['pillar.get']('static:fleet_manager', False) %}
 {% set FLEETNODE = salt['pillar.get']('static:fleet_node', False) %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 
 # Drop the correct nginx config based on role
@@ -61,15 +61,15 @@ navigatordefaultlayer:
 
 so-nginx:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-nginx:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-nginx:{{ VERSION }}
     - hostname: so-nginx
     - binds:
       - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
       - /opt/so/log/nginx/:/var/log/nginx:rw
       - /opt/so/tmp/nginx/:/var/lib/nginx:rw
       - /opt/so/tmp/nginx/:/run:rw
-      - /etc/pki/masterssl.crt:/etc/pki/nginx/server.crt:ro
+      - /etc/pki/managerssl.crt:/etc/pki/nginx/server.crt:ro
-      - /etc/pki/masterssl.key:/etc/pki/nginx/server.key:ro
+      - /etc/pki/managerssl.key:/etc/pki/nginx/server.key:ro
       - /opt/so/conf/fleet/packages:/opt/socore/html/packages
       # ATT&CK Navigator binds
       - /opt/so/conf/navigator/navigator_config.json:/opt/socore/html/navigator/assets/config.json:ro
@@ -78,7 +78,7 @@ so-nginx:
     - port_bindings:
       - 80:80
       - 443:443
-    {%- if FLEETMASTER or FLEETNODE %}
+    {%- if FLEETMANAGER or FLEETNODE %}
       - 8090:8090
     {%- endif %}
     - watch:

salt/nodered/files/nodered_load_flows

@@ -1,4 +1,4 @@
-{%- set ip = salt['pillar.get']('static:masterip', '') -%}
+{%- set ip = salt['pillar.get']('static:managerip', '') -%}
 #!/bin/bash
 default_salt_dir=/opt/so/saltstack/default
 

salt/pcap/files/sensoroni.json

@@ -1,11 +1,11 @@
-{%- set MASTER = grains['master'] -%}
+{%- set MANAGER = grains['manager'] -%}
 {%- set SENSORONIKEY = salt['pillar.get']('static:sensoronikey', '') -%}
 {
   "logFilename": "/opt/sensoroni/logs/sensoroni.log",
   "logLevel":"debug",
   "agent": {
     "pollIntervalMs": 10000,
-    "serverUrl": "https://{{ MASTER }}/sensoroniagents",
+    "serverUrl": "https://{{ MANAGER }}/sensoroniagents",
     "verifyCert": false,
     "modules": {
       "statickeyauth": {

salt/pcap/init.sls

@@ -13,7 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
 {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
 {% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
 {% set BPF_COMPILED = "" %}
@@ -129,7 +129,7 @@ sensoronilog:
 
 so-steno:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-steno:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-steno:{{ VERSION }}
     - network_mode: host
     - privileged: True
     - port_bindings:
@@ -146,7 +146,7 @@ so-steno:
 
 so-sensoroni:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-soc:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-soc:{{ VERSION }}
     - network_mode: host
     - binds:
       - /opt/so/conf/steno/certs:/etc/stenographer/certs:rw

salt/playbook/init.sls

@@ -1,7 +1,7 @@
-{% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
+{% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
-{% set MAINIP = salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] %}
+{% set MAINIP = salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] %}
 {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
 {%- set PLAYBOOKPASS = salt['pillar.get']('secrets:playbook', None) -%}
 
@@ -40,7 +40,7 @@ query_playbookdbuser_grants:
 query_updatwebhooks:
   mysql_query.run:
     - database: playbook
-    - query:    "update webhooks set url = 'http://{{MASTERIP}}:7000/playbook/webhook' where project_id = 1"
+    - query:    "update webhooks set url = 'http://{{MANAGERIP}}:7000/playbook/webhook' where project_id = 1"
     - connection_host: {{ MAINIP }}
     - connection_port: 3306
     - connection_user: root
@@ -53,8 +53,8 @@ query_updatepluginurls:
         update settings set value = 
         "--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess
         project: '1'
-        convert_url: http://{{MASTERIP}}:7000/playbook/sigmac
+        convert_url: http://{{MANAGERIP}}:7000/playbook/sigmac
-        create_url: http://{{MASTERIP}}:7000/playbook/play"
+        create_url: http://{{MANAGERIP}}:7000/playbook/play"
         where id  = 43
     - connection_host: {{ MAINIP }}
     - connection_port: 3306
@@ -73,11 +73,11 @@ playbook_password_none:
 
 so-playbook:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-playbook:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-playbook:{{ VERSION }}
     - hostname: playbook
     - name: so-playbook
     - environment:
-      - REDMINE_DB_MYSQL={{ MASTERIP }}
+      - REDMINE_DB_MYSQL={{ MANAGERIP }}
       - REDMINE_DB_DATABASE=playbook
       - REDMINE_DB_USERNAME=playbookdbuser
       - REDMINE_DB_PASSWORD={{ PLAYBOOKPASS }}

salt/reactor/fleet.sls

@@ -13,7 +13,7 @@ def run():
   STATICFILE = f"{LOCAL_SALT_DIR}/pillar/static.sls"  
   SECRETSFILE = f"{LOCAL_SALT_DIR}/pillar/secrets.sls"
 
-  if MINIONID.split('_')[-1] in ['master','eval','fleet','mastersearch','standalone']:
+  if MINIONID.split('_')[-1] in ['manager','eval','fleet','managersearch','standalone']:
     if ACTION == 'enablefleet':
       logging.info('so/fleet enablefleet reactor')
 
@@ -27,7 +27,7 @@ def run():
         if ROLE == 'so-fleet':
           line = re.sub(r'fleet_node: \S*', f"fleet_node: True", line.rstrip())
         else:
-          line = re.sub(r'fleet_master: \S*', f"fleet_master: True", line.rstrip())
+          line = re.sub(r'fleet_manager: \S*', f"fleet_manager: True", line.rstrip())
         print(line) 
 
       # Update the enroll secret in the secrets pillar
@@ -50,7 +50,7 @@ def run():
 
       PACKAGEVERSION = data['data']['current-package-version']
       PACKAGEHOSTNAME = data['data']['package-hostname']
-      MASTER = data['data']['master']
+      MANAGER = data['data']['manager']
       VERSION = data['data']['version']
       ESECRET = data['data']['enroll-secret']
       
@@ -59,7 +59,7 @@ def run():
 
       # Run Docker container that will build the packages
       gen_packages = subprocess.run(["docker", "run","--rm", "--mount", f"type=bind,source={LOCAL_SALT_DIR}/salt/fleet/packages,target=/output", \
-         "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:{ VERSION }", \
+         "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MANAGER }:5000/soshybridhunter/so-fleet-launcher:{ VERSION }", \
          f"{ESECRET}", f"{PACKAGEHOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii')  
       
       # Update the 'packages-built' timestamp on the webpage (stored in the static pillar)

salt/redis/init.sls

@@ -13,7 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
 
 # Redis Setup
 redisconfdir:
@@ -47,7 +47,7 @@ redisconfsync:
 
 so-redis:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-redis:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-redis:{{ VERSION }}
     - hostname: so-redis
     - user: socore
     - port_bindings:

salt/soc/files/kratos/kratos.yaml

@@ -1,4 +1,4 @@
-{%- set WEBACCESS = salt['pillar.get']('master:url_base', '') -%}
+{%- set WEBACCESS = salt['pillar.get']('manager:url_base', '') -%}
 {%- set KRATOSKEY = salt['pillar.get']('kratos:kratoskey', '') -%}
 
 selfservice:

salt/soc/files/soc/soc.json

@@ -1,4 +1,4 @@
-{%- set MASTERIP = salt['pillar.get']('static:masterip', '') -%}
+{%- set MANAGERIP = salt['pillar.get']('static:managerip', '') -%}
 {%- set SENSORONIKEY = salt['pillar.get']('static:sensoronikey', '') -%}
 {
   "logFilename": "/opt/sensoroni/logs/sensoroni-server.log",
@@ -12,10 +12,10 @@
         "jobDir": "jobs"
       },
       "kratos": {
-        "hostUrl": "http://{{ MASTERIP }}:4434/"
+        "hostUrl": "http://{{ MANAGERIP }}:4434/"
       },
       "elastic": {
-        "hostUrl": "http://{{ MASTERIP }}:9200",
+        "hostUrl": "http://{{ MANAGERIP }}:9200",
         "username": "",
         "password": "",
         "verifyCert": false

salt/soc/init.sls

@@ -1,5 +1,5 @@
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
-{% set MASTER = salt['grains.get']('master') %}
+{% set MANAGER = salt['grains.get']('manager') %}
 
 socdir:
   file.directory:
@@ -33,7 +33,7 @@ socsync:
 
 so-soc:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-soc:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-soc:{{ VERSION }}
     - hostname: soc
     - name: so-soc
     - binds:
@@ -84,7 +84,7 @@ kratossync:
 
 so-kratos:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-kratos:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/soshybridhunter/so-kratos:{{ VERSION }}
     - hostname: kratos
     - name: so-kratos
     - binds:

salt/soctopus/files/SOCtopus.conf

@@ -1,10 +1,10 @@
-{%- set MASTER = salt['pillar.get']('master:url_base', '') %}
+{%- set MANAGER = salt['pillar.get']('manager:url_base', '') %}
 {%- set HIVEKEY = salt['pillar.get']('static:hivekey', '') %}
 {%- set CORTEXKEY = salt['pillar.get']('static:cortexorguserkey', '') %}
 
 [es]
-es_url = http://{{MASTER}}:9200
+es_url = http://{{MANAGER}}:9200
-es_ip = {{MASTER}}
+es_ip = {{MANAGER}}
 es_user = YOURESUSER
 es_pass = YOURESPASS
 es_index_pattern = so-*
@@ -12,7 +12,7 @@ es_verifycert = no
 
 [cortex]
 auto_analyze_alerts = no
-cortex_url = https://{{MASTER}}/cortex/
+cortex_url = https://{{MANAGER}}/cortex/
 cortex_key = {{ CORTEXKEY }}
 supported_analyzers = Urlscan_io_Search,CERTatPassiveDNS
 
@@ -33,7 +33,7 @@ grr_user = YOURGRRUSER
 grr_pass = YOURGRRPASS
 
 [hive]
-hive_url = https://{{MASTER}}/thehive/
+hive_url = https://{{MANAGER}}/thehive/
 hive_key = {{ HIVEKEY }}
 hive_tlp = 3
 hive_verifycert = no
@@ -60,7 +60,7 @@ slack_url = YOURSLACKWORKSPACE
 slack_webhook = YOURSLACKWEBHOOK
 
 [playbook]
-playbook_url = http://{{MASTER}}:3200/playbook
+playbook_url = http://{{MANAGER}}:3200/playbook
 playbook_key = de6639318502476f2fa5aa06f43f51fb389a3d7f
 playbook_verifycert = no
 playbook_unit_test_index = playbook-testing

salt/soctopus/files/templates/es-generic.template

@@ -1,4 +1,4 @@
-{% set ES = salt['pillar.get']('static:masterip', '') %}
+{% set ES = salt['pillar.get']('static:managerip', '') %}
 
 alert: modules.so.playbook-es.PlaybookESAlerter
 elasticsearch_host: "{{ ES }}:9200"

salt/soctopus/files/templates/generic.template

@@ -1,5 +1,5 @@
-{% set es = salt['pillar.get']('static:masterip', '') %}
+{% set es = salt['pillar.get']('static:managerip', '') %}
-{% set hivehost = salt['pillar.get']('static:masterip', '') %}
+{% set hivehost = salt['pillar.get']('static:managerip', '') %}
 {% set hivekey = salt['pillar.get']('static:hivekey', '') %}
 alert: hivealerter
 

salt/soctopus/files/templates/osquery.template

@@ -1,5 +1,5 @@
-{% set es = salt['pillar.get']('static:masterip', '') %}
+{% set es = salt['pillar.get']('static:managerip', '') %}
-{% set hivehost = salt['pillar.get']('static:masterip', '') %}
+{% set hivehost = salt['pillar.get']('static:managerip', '') %}
 {% set hivekey = salt['pillar.get']('static:hivekey', '') %}
 alert: hivealerter