Helix changes and Wazuh

salt/logstash/conf/conf.enabled.txt.so-helix

@@ -7,12 +7,5 @@
 # /usr/share/logstash/pipeline.custom/1234_input_custom.conf
 ##
 # All of the defaults are loaded.
-/usr/share/logstash/pipeline.so/0000_input_syslogng.conf
-/usr/share/logstash/pipeline.so/0001_input_json.conf
-/usr/share/logstash/pipeline.so/0002_input_windows_json.conf
-/usr/share/logstash/pipeline.so/0003_input_syslog.conf
-/usr/share/logstash/pipeline.so/0005_input_suricata.conf
-#/usr/share/logstash/pipeline.dynamic/0006_input_beats.conf
 /usr/share/logstash/pipeline.dynamic/0010_input_hhbeats.conf
-/usr/share/logstash/pipeline.so/0007_input_import.conf
-/usr/share/logstash/pipeline.dynamic/9999_output_redis.conf
+/usr/share/logstash/pipeline.dynamic/9997_output_helix.conf

salt/top.sls

@@ -14,6 +14,7 @@ base:
     - ssl
     - common
     - firewall
+    - idstools
     - pcap
     - suricata
     - bro

salt/wazuh/init.sls

@@ -5,7 +5,7 @@ ossecgroup:
   group.present:
     - name: ossec
     - gid: 945
-    
+
 # Add ossecm user
 ossecm:
   user.present:
@@ -64,13 +64,13 @@ wazuhagentregister:
 
 so-wazuhimage:
  cmd.run:
-   - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-wazuh:HH1.1.0
+   - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-wazuh:HH1.1.3
 
 so-wazuh:
   docker_container.running:
     - require:
       - so-wazuhimage
-    - image: docker.io/soshybridhunter/so-wazuh:HH1.1.0
+    - image: docker.io/soshybridhunter/so-wazuh:HH1.1.3
     - hostname: {{HOSTNAME}}-wazuh-manager
     - name: so-wazuh
     - detach: True