From 4c4cdb7189bb49f6f0ffd5cd706f1f23e1d2ca2a Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Mon, 9 Dec 2019 16:27:03 -0500
Subject: [PATCH] Helix changes and Wazuh

---
 salt/logstash/conf/conf.enabled.txt.so-helix | 9 +--------
 salt/top.sls                                 | 1 +
 salt/wazuh/init.sls                          | 6 +++---
 3 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/salt/logstash/conf/conf.enabled.txt.so-helix b/salt/logstash/conf/conf.enabled.txt.so-helix
index 6464496fa..5d10847cd 100644
--- a/salt/logstash/conf/conf.enabled.txt.so-helix
+++ b/salt/logstash/conf/conf.enabled.txt.so-helix
@@ -7,12 +7,5 @@
 # /usr/share/logstash/pipeline.custom/1234_input_custom.conf
 ##
 # All of the defaults are loaded.
-/usr/share/logstash/pipeline.so/0000_input_syslogng.conf
-/usr/share/logstash/pipeline.so/0001_input_json.conf
-/usr/share/logstash/pipeline.so/0002_input_windows_json.conf
-/usr/share/logstash/pipeline.so/0003_input_syslog.conf
-/usr/share/logstash/pipeline.so/0005_input_suricata.conf
-#/usr/share/logstash/pipeline.dynamic/0006_input_beats.conf
 /usr/share/logstash/pipeline.dynamic/0010_input_hhbeats.conf
-/usr/share/logstash/pipeline.so/0007_input_import.conf
-/usr/share/logstash/pipeline.dynamic/9999_output_redis.conf
+/usr/share/logstash/pipeline.dynamic/9997_output_helix.conf
diff --git a/salt/top.sls b/salt/top.sls
index bf3725f9f..7a6d5b99b 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -14,6 +14,7 @@ base:
     - ssl
     - common
     - firewall
+    - idstools
     - pcap
     - suricata
     - bro
diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls
index 8ee1371ff..a59a1d215 100644
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -5,7 +5,7 @@ ossecgroup:
   group.present:
     - name: ossec
     - gid: 945
-    
+
 # Add ossecm user
 ossecm:
   user.present:
@@ -64,13 +64,13 @@ wazuhagentregister:
 
 so-wazuhimage:
  cmd.run:
-   - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-wazuh:HH1.1.0
+   - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-wazuh:HH1.1.3
 
 so-wazuh:
   docker_container.running:
     - require:
       - so-wazuhimage
-    - image: docker.io/soshybridhunter/so-wazuh:HH1.1.0
+    - image: docker.io/soshybridhunter/so-wazuh:HH1.1.3
     - hostname: {{HOSTNAME}}-wazuh-manager
     - name: so-wazuh
     - detach: True