CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add error handling

Browse Source
This commit is contained in:
DefensiveDepth
2025-11-29 16:27:22 -05:00
parent 87477ae4f6
commit 65c96b2edf
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
salt/manager/tools/sbin/soup
View File

@@ -1124,10 +1124,17 @@ if [[ -f /opt/so/conf/soc/so-detections-backup.py ]]; then
# Verify backup by comparing counts
echo "Verifying detection overrides backup..."
es_override_count=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -k -L \
"https://localhost:9200/so-detection/_count" \
-H "Content-Type: application/json" \
-d '{"query": {"bool": {"must": [{"exists": {"field": "so_detection.overrides"}}]}}}' | jq -r '.count')
es_override_count=$(/sbin/so-elasticsearch-query 'so-detection/_count' \
-H 'Content-Type: application/json' \
-d '{"query": {"bool": {"must": [{"exists": {"field": "so_detection.overrides"}}]}}}' | jq -r '.count') || {
echo " Error: Failed to query Elasticsearch for override count"
exit 1
}
if [[ ! "$es_override_count" =~ ^[0-9]+$ ]]; then
echo " Error: Invalid override count from Elasticsearch: '$es_override_count'"
exit 1
fi
backup_override_count=$(find /nsm/backup/detections/repo/*/overrides -type f 2>/dev/null | wc -l)