Disable by default

2025-12-06 09:12:45 +01:00 · 2024-09-24 10:51:52 -04:00
parent 9c7bedb715
commit 5286739414
2 changed files with 14 additions and 1 deletions
--- a/salt/elasticfleet/config.sls
+++ b/salt/elasticfleet/config.sls
@@ -85,7 +85,7 @@ soresourcesrepoclone:
  git.latest:
    - name: https://github.com/Security-Onion-Solutions/securityonion-resources.git
    - target: /nsm/securityonion-resources
-    - rev: 'dev/defend_filters'
+    - rev: 'main'
    - depth: 1
 {% endif %}
@@ -112,6 +112,7 @@ elasticdefendcustom:
    - group: 939
    - mode: 600
 {% if ELASTICFLEETMERGED.config.defend_filters.enable_auto_configuration %}
 cronelasticdefendfilters:
  cron.present:
    - name: python3 /sbin/so-elastic-defend-manage-filters.py -c /opt/so/conf/elasticsearch/curl.config -d /opt/so/conf/elastic-fleet/defend-exclusions/disabled-filters.yaml -i /nsm/securityonion-resources/event_filters/ -i /opt/so/conf/elastic-fleet/defend-exclusions/rulesets/custom-filters/ &>> /opt/so/log/elasticfleet/elastic-defend-manage-filters.log
@@ -122,6 +123,7 @@ cronelasticdefendfilters:
    - daymonth: '*'
    - month: '*'
    - dayweek: '*'
 {% endif %}
 eaintegrationsdir:
  file.directory:
--- a/salt/elasticfleet/enabled.sls
+++ b/salt/elasticfleet/enabled.sls
@@ -17,10 +17,12 @@ include:
  - elasticfleet.sostatus
  - ssl
 {% if grains.role not in ['so-fleet'] %}
 # Wait for Elasticsearch to be ready - no reason to try running Elastic Fleet server if ES is not ready
 wait_for_elasticsearch_elasticfleet:
  cmd.run:
    - name: so-elasticsearch-wait
 {% endif %}
 # If enabled, automatically update Fleet Logstash Outputs
 {% if ELASTICFLEETMERGED.config.server.enable_auto_configuration and grains.role not in ['so-import', 'so-eval', 'so-fleet'] %}
@@ -146,6 +148,15 @@ so-elastic-agent-grid-upgrade:
 so-elastic-fleet-integration-upgrade:
  cmd.run:
    - name: /usr/sbin/so-elastic-fleet-integration-upgrade
 {%   if ELASTICFLEETMERGED.config.defend_filters.enable_auto_configuration %}
 so-elastic-defend-manage-filters-file-watch:
  cmd.run:
    - name: python3 /sbin/so-elastic-defend-manage-filters.py -c /opt/so/conf/elasticsearch/curl.config -d /opt/so/conf/elastic-fleet/defend-exclusions/disabled-filters.yaml -i /nsm/securityonion-resources/event_filters/ -i /opt/so/conf/elastic-fleet/defend-exclusions/rulesets/custom-filters/ &>> /opt/so/log/elasticfleet/elastic-defend-manage-filters.log
    - onchanges:
      - file: /opt/so/conf/elastic-fleet/defend-exclusions/rulesets/custom-filters-raw
      - file: /opt/so/conf/elastic-fleet/defend-exclusions/disabled-filters.yaml
 {%    endif %}
 {%  endif %}
 delete_so-elastic-fleet_so-status.disabled: