diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index bb827c0af..c57749570 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -159,9 +159,11 @@ update_docker_containers() { fi local highest_es_version=$(compare_es_versions "$v1" "$v2") local image=$i:$highest_es_version$IMAGE_TAG_SUFFIX + local sig_url=https://sigs.securityonion.net/es-$highest_es_version/$image.sig else # this is not an es container so use the so version for the version local image=$i:$VERSION$IMAGE_TAG_SUFFIX + local sig_url=https://sigs.securityonion.net/$VERSION/$image.sig fi # Pull down the trusted docker image run_check_net_err \ @@ -170,7 +172,7 @@ update_docker_containers() { # Get signature run_check_net_err \ - "curl --retry 5 --retry-delay 60 -A '$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)' https://sigs.securityonion.net/$VERSION/$image.sig --output $SIGNPATH/$image.sig" \ + "curl --retry 5 --retry-delay 60 -A '$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)' $sig_url --output $SIGNPATH/$image.sig" \ "Could not pull signature file for $image, please ensure connectivity to https://sigs.securityonion.net " \ noretry >> "$LOG_FILE" 2>&1 # Dump our hash values diff --git a/salt/elasticfleet/defaults.yaml b/salt/elasticfleet/defaults.yaml index 48b24809e..ad2a7cc91 100644 --- a/salt/elasticfleet/defaults.yaml +++ b/salt/elasticfleet/defaults.yaml @@ -36,6 +36,7 @@ elasticfleet: - aws - azure - barracuda + - barracuda_cloudgen_firewall - carbonblack_edr - cef - checkpoint @@ -66,6 +67,7 @@ elasticfleet: - http_endpoint - httpjson - iis + - imperva_cloud_waf - journald - juniper - juniper_srx diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 15df57f4c..06f5392d8 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -2366,6 +2366,52 @@ elasticsearch: set_priority: priority: 50 min_age: 30d + so-logs-barracuda_cloudgen_firewall_x_log: + index_sorting: False + index_template: + ignore_missing_component_templates: + - logs-barracuda_cloudgen_firewall.log@custom + index_patterns: + - "logs-barracuda_cloudgen_firewall.log-*" + template: + settings: + index: + lifecycle: + name: so-logs-barracuda_cloudgen_firewall.log-logs + number_of_replicas: 0 + composed_of: + - "logs-barracuda_cloudgen_firewall.log@package" + - "logs-barracuda_cloudgen_firewall.log@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d so-logs-carbonblack_edr_x_log: index_sorting: false index_template: @@ -6556,6 +6602,52 @@ elasticsearch: set_priority: priority: 50 min_age: 30d + so-logs-imperva_cloud_waf_x_event: + index_sorting: False + index_template: + ignore_missing_component_templates: + - logs-imperva_cloud_waf.event@custom + index_patterns: + - "logs-imperva_cloud_waf.event-*" + template: + settings: + index: + lifecycle: + name: so-logs-imperva_cloud_waf.event-logs + number_of_replicas: 0 + composed_of: + - "logs-imperva_cloud_waf.event@package" + - "logs-imperva_cloud_waf.event@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d so-logs-juniper_srx_x_log: index_sorting: false index_template: diff --git a/salt/elasticsearch/soc_elasticsearch.yaml b/salt/elasticsearch/soc_elasticsearch.yaml index a4c350254..b489bfe78 100644 --- a/salt/elasticsearch/soc_elasticsearch.yaml +++ b/salt/elasticsearch/soc_elasticsearch.yaml @@ -381,6 +381,7 @@ elasticsearch: so-logs-azure_x_signinlogs: *indexSettings so-logs-azure_x_springcloudlogs: *indexSettings so-logs-barracuda_x_waf: *indexSettings + so-logs-barracuda_cloudgen_firewall_x_log: *indexSettings so-logs-cef_x_log: *indexSettings so-logs-cisco_asa_x_log: *indexSettings so-logs-cisco_ftd_x_log: *indexSettings @@ -435,6 +436,7 @@ elasticsearch: so-logs-httpjson_x_generic: *indexSettings so-logs-iis_x_access: *indexSettings so-logs-iis_x_error: *indexSettings + so-logs-imperva_cloud_waf_x_event: *indexSettings so-logs-juniper_x_junos: *indexSettings so-logs-juniper_x_netscreen: *indexSettings so-logs-juniper_x_srx: *indexSettings diff --git a/setup/so-functions b/setup/so-functions index 23b16156d..0c2cbf3e0 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1330,8 +1330,8 @@ create_global() { echo " registry_host: '$HOSTNAME'" >> $global_pillar_file echo " endgamehost: '$ENDGAMEHOST'" >> $global_pillar_file - if [ "$install_type" = 'EVAL' ]; then - echo " pcapengine: SURICATA" >> $global_pillar_file + if [[ $is_standalone || $is_eval ]]; then + echo " pcapengine: SURICATA" >> $global_pillar_file fi }