From 45d541d4f212433f917d19e32a94538e8aae025d Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@securityonionsolutions.com>
Date: Fri, 30 May 2025 09:55:53 -0400
Subject: [PATCH 1/4] FIX: so-elasticsearch-ilm-start needs shebang #14688

---
 salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-start | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-start b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-start
index d9c63f8ea..3f1c8e41d 100755
--- a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-start
+++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-start
@@ -1,4 +1,4 @@
-/bin/bash
+#!/bin/bash
 # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
 # https://securityonion.net/license; you may not use this file except in compliance with the
@@ -6,6 +6,5 @@
 
 . /usr/sbin/so-common
 
-
 echo "Starting ILM..."
 curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -X POST https://localhost:9200/_ilm/start

From 90b8d6b2f76b48d9a92a7fa674294ccd252b2f2e Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@securityonionsolutions.com>
Date: Fri, 30 May 2025 11:41:11 -0400
Subject: [PATCH 2/4] add echo to end of so-elasticsearch-ilm-start

---
 salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-start | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-start b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-start
index 3f1c8e41d..c13d91fe5 100755
--- a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-start
+++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-start
@@ -8,3 +8,4 @@
 
 echo "Starting ILM..."
 curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -X POST https://localhost:9200/_ilm/start
+echo

From bf38055a6c20fb93a03bd57f99cb44e8374f962a Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@securityonionsolutions.com>
Date: Fri, 30 May 2025 11:41:50 -0400
Subject: [PATCH 3/4] add echo to end of so-elasticsearch-ilm-stop

---
 salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-stop | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-stop b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-stop
index 034082699..e53a4939a 100755
--- a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-stop
+++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-stop
@@ -8,3 +8,4 @@
 
 echo "Stopping ILM..."
 curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -X POST https://localhost:9200/_ilm/stop
+echo

From 0277891392263ed68c6d6b95408ad9fe86ec8a5c Mon Sep 17 00:00:00 2001
From: Josh Brower <Josh@defensivedepth.com>
Date: Mon, 2 Jun 2025 13:10:13 -0400
Subject: [PATCH 4/4] Use Stable branch

---
 salt/soc/defaults.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index d756489e1..f1ec6e452 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1465,9 +1465,9 @@ soc:
           playbookImportFrequencySeconds: 86400
           playbookImportErrorSeconds: 600
           playbookRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources
-          playbookRepoBranch: playbook-stable
+          playbookRepoBranch: playbooks-stable
           playbookRepoPath: /opt/sensoroni/playbooks/
-          playbookPathInRepo: playbook/dev
+          playbookPathInRepo: securityonion-normalized
         salt:
           queueDir: /opt/sensoroni/queue
           timeoutMs: 45000