From 743ed316f89b0ca9a4542aa6b271b6d9b32d4749 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 30 May 2023 16:10:41 -0400
Subject: [PATCH] dont apply suricata.enabled on import nodes

---
 salt/suricata/init.sls | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index 34e1cdcdf..64a000109 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -3,11 +3,15 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
+{% from 'vars/globals.map.jinja' import GLOBALS %}
 {% from 'suricata/map.jinja' import SURICATAMERGED %}
 
 include:
-{% if SURICATAMERGED.enabled %}
+{% if SURICATAMERGED.enabled and GLOBALS.role != 'so-import' %}
   - suricata.enabled
+{% elif GLOBALS.role == 'so-import' %}
+  - suricata.config
+  - suricata.disabled
 {% else %}
   - suricata.disabled
 {% endif %}