From 554a2035414f0ddea0e01b4f8acaac55233251d9 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 6 May 2024 12:59:45 -0400
Subject: [PATCH] update airgapEnabled in map file

---
 salt/soc/defaults.yaml    | 1 -
 salt/soc/merged.map.jinja | 2 ++
 salt/soc/soc_soc.yaml     | 5 -----
 3 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 1f96c63a8..582f0af82 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1246,7 +1246,6 @@ soc:
       maxPacketCount: 5000
       htmlDir: html
       importUploadDir: /nsm/soc/uploads
-      airgapEnabled: false
       modules:
         cases: soc
         filedatastore:
diff --git a/salt/soc/merged.map.jinja b/salt/soc/merged.map.jinja
index e31fabf2a..f23d9c115 100644
--- a/salt/soc/merged.map.jinja
+++ b/salt/soc/merged.map.jinja
@@ -41,9 +41,11 @@
 {% if GLOBALS.airgap %}
 {%   do SOCMERGED.config.server.modules.elastalertengine.update({'rulesRepos': SOCMERGED.config.server.modules.elastalertengine.rulesRepos.airgap}) %}
 {%   do SOCMERGED.config.server.modules.strelkaengine.update({'rulesRepos': SOCMERGED.config.server.modules.strelkaengine.rulesRepos.airgap}) %}
+{%   do SOCMERGED.config.server.update({'airgapEnabled': true}) %}
 {% else %}
 {%   do SOCMERGED.config.server.modules.elastalertengine.update({'rulesRepos': SOCMERGED.config.server.modules.elastalertengine.rulesRepos.default}) %}
 {%   do SOCMERGED.config.server.modules.strelkaengine.update({'rulesRepos': SOCMERGED.config.server.modules.strelkaengine.rulesRepos.default}) %}
+{%   do SOCMERGED.config.server.update({'airgapEnabled': false}) %}
 {% endif %}
 
 {# remove these modules if detections is disabled #}
diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index 67305d4e9..2b1e83ec4 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -119,11 +119,6 @@ soc:
             global: True
             advanced: False
             helpLink: sigma.html
-          airgapEnabled:
-            description: 'This setting dynamically changes to the current status of Airgap on this system and is used during the Sigma ruleset update process.'
-            global: True
-            advanced: True
-            helpLink: sigma.html
         elastic:
           index:
             description: Comma-separated list of indices or index patterns (wildcard "*" supported) that SOC will search for records.