Merge branch '2.4/dev' into issue/13021

salt/common/tools/sbin/so-log-check

@@ -202,6 +202,7 @@ if [[ $EXCLUDE_KNOWN_ERRORS == 'Y' ]]; then
     EXCLUDED_ERRORS="$EXCLUDED_ERRORS|parsing_exception"            # Elastalert EQL parsing issue. Temp.
     EXCLUDED_ERRORS="$EXCLUDED_ERRORS|context deadline exceeded"
     EXCLUDED_ERRORS="$EXCLUDED_ERRORS|Error running query:"         # Specific issues with detection rules
+    EXCLUDED_ERRORS="$EXCLUDED_ERRORS|detect-parse"                 # Suricata encountering a malformed rule
 fi
 
 RESULT=0

salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers

@@ -72,5 +72,5 @@ do
     printf "\n### $GOOS/$GOARCH Installer Generated...\n"
 done
 
-printf "\n### Cleaning up temp files in /nsm/elastic-agent-workspace"
+printf "\n### Cleaning up temp files in /nsm/elastic-agent-workspace\n"
 rm -rf /nsm/elastic-agent-workspace

salt/manager/tools/sbin/soup

@@ -438,7 +438,7 @@ post_to_2.4.60() {
 }
 
 post_to_2.4.70() {
-  echo "Removing idh.services from any existing IDH node pillar files"
+  printf "\nRemoving idh.services from any existing IDH node pillar files\n"
   for file in /opt/so/saltstack/local/pillar/minions/*.sls; do
     if [[ $file =~ "_idh.sls" && ! $file =~ "/opt/so/saltstack/local/pillar/minions/adv_" ]]; then
       echo "Removing idh.services from: $file"
@@ -663,6 +663,7 @@ suricata_idstools_migration() {
   #Tell SOC to migrate
   mkdir -p /opt/so/conf/soc/migrations
   echo "0" > /opt/so/conf/soc/migrations/suricata-migration-2.4.70
+  chown -R socore:socore /opt/so/conf/soc/migrations
 }
 
 playbook_migration() {

salt/soc/defaults.yaml

@@ -2182,9 +2182,9 @@ soc:
             manualSync:
               customEnabled: false
               labels:
-              - Suricata
-              - Strelka
               - ElastAlert
+              - Strelka
+              - Suricata
           eventFields:
             default:
               - so_detection.title

salt/suricata/soc_suricata.yaml

@@ -12,7 +12,7 @@ suricata:
       title: SIDS
       helpLink: suricata.html
       readonlyUi: True
-      advanced: true
+      advanced: True
   classification:
     classification__config:
       description: Classifications config file.