From 492e021fa49ae433c669fd4253773148687e5170 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 18 May 2020 17:08:04 -0400
Subject: [PATCH 1/7] remove so-nginx from sensor so-status map

---
 salt/common/maps/sensor.map.jinja | 1 -
 1 file changed, 1 deletion(-)

diff --git a/salt/common/maps/sensor.map.jinja b/salt/common/maps/sensor.map.jinja
index e77352692..f172dd55d 100644
--- a/salt/common/maps/sensor.map.jinja
+++ b/salt/common/maps/sensor.map.jinja
@@ -1,6 +1,5 @@
 {% set docker = {
   'containers': [
-    'so-nginx',
     'so-telegraf',
     'so-steno',
     'so-suricata',

From def928804f380ce7b2f231c804254167e681f25b Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Mon, 18 May 2020 17:12:20 -0400
Subject: [PATCH 2/7] Fix Hunt DHCP message_types query #728

https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/728
---
 salt/soc/files/soc/soc.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json
index fdead6459..6193e7343 100644
--- a/salt/soc/files/soc/soc.json
+++ b/salt/soc/files/soc/soc.json
@@ -100,7 +100,7 @@
           { "name": "Connections", "description": "Connections grouped by source country", "query": "event.module:zeek AND event.dataset:conn | groupby source.geo.country_name"},
           { "name": "DCE_RPC", "description": "DCE_RPC grouped by operation", "query": "event.module:zeek AND event.dataset:dce_rpc | groupby operation"},
           { "name": "DHCP", "description": "DHCP leases", "query": "event.module:zeek AND event.dataset:dhcp | groupby host.hostname host.domain dhcp.requested_address"},
-          { "name": "DHCP", "description": "DHCP grouped by message type", "query": "event.module:zeek AND event.dataset:dhcp | groupby message_types"},
+          { "name": "DHCP", "description": "DHCP grouped by message type", "query": "event.module:zeek AND event.dataset:dhcp | groupby dhcp.message_types"},
           { "name": "DNP3", "description": "DNP3 grouped by reply", "query": "event.module:zeek AND event.dataset:dnp3 | groupby dnp3.fc_reply"},
           { "name": "DNS", "description": "DNS queries grouped by port ", "query": "event.module:zeek AND event.dataset:dns | groupby dns.query.name destination.port"},
           { "name": "DNS", "description": "DNS queries grouped by type", "query": "event.module:zeek AND event.dataset:dns | groupby dns.query.type_name destination.port"},

From 8202344d01745199830a0b9fc68e55b82f913663 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Mon, 18 May 2020 17:28:26 -0400
Subject: [PATCH 3/7] Fix for Strelka

---
 salt/firewall/init.sls | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index 6440ef4e2..b6c928eba 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -683,7 +683,14 @@ enable_cluster_ES_9300_{{ip}}:
 
 # Rules if you are a Sensor
 {% if grains['role'] == 'so-sensor' %}
-
+iptables_allow_sensor_docker:
+  iptables.insert:
+    - table: filter
+    - chain: INPUT
+    - jump: ACCEPT
+    - source: 172.17.0.0/24
+    - position: 1
+    - save: True
 {% endif %}
 
 # Rules if you are a Hot Node

From 5638c386db5eed2550f5f125de080a483fc79881 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 18 May 2020 17:36:32 -0400
Subject: [PATCH 4/7] add strelka container list for so-status

---
 salt/common/maps/so-status.map.jinja    |  4 ++++
 salt/common/maps/strelka.map copy.jinja | 10 ++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 salt/common/maps/strelka.map copy.jinja

diff --git a/salt/common/maps/so-status.map.jinja b/salt/common/maps/so-status.map.jinja
index 0a5d951b0..f67f4bcd6 100644
--- a/salt/common/maps/so-status.map.jinja
+++ b/salt/common/maps/so-status.map.jinja
@@ -28,6 +28,10 @@
   {{ append_containers('master', 'domainstats', 0) }}
 {% endif %}
 
+{% if role in ['eval', 'heavynode', 'sensor', 'standalone'] %}
+  {{ append_containers('static', 'strelka', 0) }}
+{% endif %}
+
 {% if role in ['heavynode', 'standalone'] %}
   {{ append_containers('static', 'broversion', 'SURICATA') }}
 {% endif %}
diff --git a/salt/common/maps/strelka.map copy.jinja b/salt/common/maps/strelka.map copy.jinja
new file mode 100644
index 000000000..e7a892675
--- /dev/null
+++ b/salt/common/maps/strelka.map copy.jinja	
@@ -0,0 +1,10 @@
+{% set docker = {
+  'containers': [
+    'so-strelka-coordinator',
+    'so-strelka-gatekeeper',
+    'so-strelka-manager',
+    'so-strelka-frontend',
+    'so-strelka-backend',
+    'so-strelka-filestream'
+  ]
+} %}
\ No newline at end of file

From e6bc8f2d26ecda57d91f43b0b68eeceb56509307 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 18 May 2020 17:46:14 -0400
Subject: [PATCH 5/7] add strelka container list for so-status

---
 salt/common/maps/{strelka.map copy.jinja => strelka.map.jinja} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename salt/common/maps/{strelka.map copy.jinja => strelka.map.jinja} (100%)

diff --git a/salt/common/maps/strelka.map copy.jinja b/salt/common/maps/strelka.map.jinja
similarity index 100%
rename from salt/common/maps/strelka.map copy.jinja
rename to salt/common/maps/strelka.map.jinja

From 411389b68ec5240df9319ab263cf13d8ed91b111 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 18 May 2020 17:52:47 -0400
Subject: [PATCH 6/7] removing strelka-backend from strelka so-status map

---
 salt/common/maps/strelka.map.jinja | 1 -
 1 file changed, 1 deletion(-)

diff --git a/salt/common/maps/strelka.map.jinja b/salt/common/maps/strelka.map.jinja
index e7a892675..b26a1241b 100644
--- a/salt/common/maps/strelka.map.jinja
+++ b/salt/common/maps/strelka.map.jinja
@@ -4,7 +4,6 @@
     'so-strelka-gatekeeper',
     'so-strelka-manager',
     'so-strelka-frontend',
-    'so-strelka-backend',
     'so-strelka-filestream'
   ]
 } %}
\ No newline at end of file

From 1d677bb5299eee75c5d1bdef88fc64176f9ddaca Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Tue, 19 May 2020 09:36:36 -0400
Subject: [PATCH 7/7] Update known issues list

---
 salt/soc/files/soc/changes.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json
index 95f934f72..b7ffa4733 100644
--- a/salt/soc/files/soc/changes.json
+++ b/salt/soc/files/soc/changes.json
@@ -25,6 +25,7 @@
     { "summary": "Mastersearch previously used the same Grafana dashboard as a Search node. It now has its own dashboard that incorporates panels from the Master node and Search node dashboards." },
     { "summary": "KNOWN ISSUE: The Hunt feature is currently considered \"Preview\" and although very useful in its current state, not everything works. We wanted to get this out as soon as possible to get the feedback from you! Let us know what you want to see! Let us know what you think we should call it!" },
     { "summary": "KNOWN ISSUE: You cannot pivot to PCAP from Suricata alerts in Kibana or Hunt." },
+    { "summary": "KNOWN ISSUE: Navigator is currently not working when using hostname to access SOC. IP mode works correctly." },
     { "summary": "KNOWN ISSUE: Updating users via the SOC ui is known to fail. To change a user, delete the user and re-add them." },
     { "summary": "KNOWN ISSUE: Due to the move to ECS, the current Playbook plays may not alert correctly at this time." },
     { "summary": "KNOWN ISSUE: The osquery MacOS package does not install correctly." }