CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 01:02:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

prevent endgame_dict from being added to standard_actions if it is already present

Browse Source
This commit is contained in:
m0duspwnens
2023-09-07 14:01:19 -04:00
parent ffaab4a1b4
commit 60f1947eb4
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
salt/soc/merged.map.jinja
View File

@@ -35,7 +35,17 @@
{% endif %}
{% set standard_actions = SOCMERGED.config.pop('actions') %}
{% if pillar.global.endgamehost != '' %}
{# this is added to prevent endgame_dict from being added to standard_actions for each time this file is rendered #}
{% set endgame = namespace(add=true) %}
{% for d in standard_actions %}
{% if d.name is defined %}
{% if d.name == 'Endgame' %}
{% set endgame.add = false %}
{% endif %}
{% endif %}
{% endfor %}
{% set endgame_dict = {
"name": "Endgame",
"description": "Endgame Endpoint Investigation and Response",
@@ -44,7 +54,9 @@
"links": ["https://" ~ pillar.global.endgamehost ~ "/endpoints/{:agent.id}"]
}
%}
{% do standard_actions.append(endgame_dict) %}
{% if endgame.add %}
{% do standard_actions.append(endgame_dict) %}
{% endif %}
{% endif %}
{% do SOCMERGED.config.server.client.hunt.update({'actions': standard_actions}) %}