diff --git a/salt/common/tools/sbin/so-allow b/salt/common/tools/sbin/so-allow index 68f3f37ce..6e0cd1763 100755 --- a/salt/common/tools/sbin/so-allow +++ b/salt/common/tools/sbin/so-allow @@ -86,7 +86,7 @@ echo "Adding $IP to the $FULLROLE role. This can take a few seconds" if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then # If analyst, add to Wazuh AR whitelist if [ "$FULLROLE" == "analyst" ]; then - WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf" + WAZUH_MGR_CFG="/opt/so/conf/wazuh/etc/ossec.conf" if ! grep -q "$IP" $WAZUH_MGR_CFG ; then DATE=`date` sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls index 5c7287fd2..ea7a84150 100644 --- a/salt/filebeat/init.sls +++ b/salt/filebeat/init.sls @@ -57,8 +57,8 @@ so-filebeat: - /opt/so/conf/filebeat/etc/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro - /nsm/zeek:/nsm/zeek:ro - /opt/so/log/suricata:/suricata:ro - - /opt/so/log/wazuh/logs/alerts:/wazuh/alerts:ro - - /opt/so/log/wazuh/logs/archives:/wazuh/archives:ro + - /opt/so/conf/wazuh/logs/alerts:/wazuh/alerts:ro + - /opt/so/conf/wazuh/logs/archives:/wazuh/archives:ro - /opt/so/log/fleet/:/osquery/logs:ro - /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro - /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index af1d23c0e..0d475101d 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -241,8 +241,8 @@ so-logstash: {%- if grains['role'] == 'so-eval' %} - /nsm/zeek:/nsm/zeek:ro - /opt/so/log/suricata:/suricata:ro - - /opt/so/log/wazuh/logs/alerts:/wazuh/alerts:ro - - /opt/so/log/wazuh/logs/archives:/wazuh/archives:ro + - /opt/so/conf/wazuh/logs/alerts:/wazuh/alerts:ro + - /opt/so/conf/wazuh/logs/archives:/wazuh/archives:ro - /opt/so/log/fleet/:/osquery/logs:ro - /opt/so/log/strelka:/strelka:ro {%- endif %}