From 7686a05f421bc224cc2877cb18e5877ce638a55f Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Fri, 14 Aug 2020 15:33:38 +0000
Subject: [PATCH] Set Strelka rules enabled by default for Eval Mode

---
 setup/so-setup | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/setup/so-setup b/setup/so-setup
index b1b142b8c..7d9320b02 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -148,6 +148,7 @@ if [ "$install_type" = 'EVAL' ]; then
 	is_manager=true
 	is_sensor=true
 	is_eval=true
+	STRELKARULES=1
 elif [ "$install_type" = 'STANDALONE' ]; then
 	is_manager=true
 	is_distmanager=true
@@ -308,6 +309,10 @@ if [[ $is_manager && ! $is_eval ]]; then
 		whiptail_oinkcode
 	fi
 
+	if [[ $STRELKA == 1 ]]; then
+            whiptail_strelka_rules
+        fi
+
 	if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then
 		whiptail_manager_adv_service_zeeklogs
 	fi
@@ -316,9 +321,6 @@ fi
 if [[ $is_manager ]]; then
 	whiptail_components_adv_warning
 	whiptail_enable_components
-	if [[ $STRELKA == 1 ]]; then
-	    whiptail_strelka_rules
-	fi
 fi
 
 if [[ $is_manager || $is_import ]]; then