Handle YARA rules for distributed deployments

salt/allowed_states.map.jinja

@@ -65,6 +65,7 @@
           'registry',
           'manager',
           'nginx',
+          'strelka.manager',
           'soc',
           'kratos',
           'influxdb',
@@ -91,6 +92,7 @@
           'nginx',
           'telegraf',
           'influxdb',
+          'strelka.manager',
           'soc',
           'kratos',
           'elasticfleet',
@@ -111,6 +113,7 @@
           'nginx',
           'telegraf',
           'influxdb',
+          'strelka.manager',
           'soc',
           'kratos',
           'elastic-fleet-package-registry',

salt/strelka/config.sls

@@ -29,6 +29,15 @@ strelkarulesdir:
     - group: 939
     - makedirs: True
 
+{%- if grains.role in ['so-sensor', 'so-heavynode'] %}
+strelkasensorrules:
+  file.managed:
+    - name: /opt/so/conf/strelka/rules/compiled/rules.compiled
+    - source: salt://strelka/rules/compiled/rules.compiled
+    - user: 939
+    - group: 939
+{%- endif %}
+
 strelkareposdir:
   file.directory:
     - name: /opt/so/conf/strelka/repos

salt/top.sls

@@ -87,6 +87,7 @@ base:
     - registry
     - nginx
     - influxdb
+    - strelka.manager
     - soc
     - kratos
     - firewall
@@ -161,6 +162,7 @@ base:
     - registry
     - nginx
     - influxdb
+    - strelka.manager
     - soc
     - kratos
     - firewall
@@ -210,6 +212,7 @@ base:
     - manager
     - nginx
     - influxdb
+    - strelka.manager
     - soc
     - kratos
     - sensoroni