From e5c936e8cf088fe46597333e6aaa921a99c6ccc9 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Mon, 16 Oct 2023 15:18:26 -0400
Subject: [PATCH 1/2] Replace external zeek-community-id with builtin
 community-id. Disable plugin-tds + plugin-profinet. Not updated for Zeek 6.x

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
---
 salt/zeek/defaults.yaml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/salt/zeek/defaults.yaml b/salt/zeek/defaults.yaml
index 4435670a2..ad34e1a93 100644
--- a/salt/zeek/defaults.yaml
+++ b/salt/zeek/defaults.yaml
@@ -49,12 +49,13 @@ zeek:
         - frameworks/files/hash-all-files
         - frameworks/files/detect-MHR
         - policy/frameworks/notice/extend-email/hostnames
+        - policy/frameworks/notice/community-id
+        - policy/protocols/conn/community-id-logging
         - ja3
         - hassh
         - intel
         - cve-2020-0601
         - securityonion/bpfconf
-        - securityonion/communityid
         - securityonion/file-extraction
         - oui-logging
         - icsnpp-modbus
@@ -65,8 +66,8 @@ zeek:
         - icsnpp-opcua-binary
         - icsnpp-bsap
         - icsnpp-s7comm
-        - zeek-plugin-tds
-        - zeek-plugin-profinet
+        # - zeek-plugin-tds
+        # - zeek-plugin-profinet
         - zeek-spicy-wireguard
         - zeek-spicy-stun
       load-sigs:
@@ -75,7 +76,7 @@ zeek:
         - LogAscii::use_json = T;
         - CaptureLoss::watch_interval = 5 mins;
     networks:
-      HOME_NET: 
+      HOME_NET:
         - 192.168.0.0/16
         - 10.0.0.0/8
         - 172.16.0.0/12
@@ -120,4 +121,4 @@ zeek:
       - stats
       - stderr
       - stdout
- 
+

From ed693a7ae67e63e547e45a141fc570030749e7a5 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Mon, 16 Oct 2023 15:48:51 -0400
Subject: [PATCH 2/2] Remove commented lines in defaults.yaml to avoid UI
 issues.

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
---
 salt/zeek/defaults.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/salt/zeek/defaults.yaml b/salt/zeek/defaults.yaml
index ad34e1a93..ce22c1aef 100644
--- a/salt/zeek/defaults.yaml
+++ b/salt/zeek/defaults.yaml
@@ -66,8 +66,6 @@ zeek:
         - icsnpp-opcua-binary
         - icsnpp-bsap
         - icsnpp-s7comm
-        # - zeek-plugin-tds
-        # - zeek-plugin-profinet
         - zeek-spicy-wireguard
         - zeek-spicy-stun
       load-sigs: