diff --git a/salt/curator/defaults.yaml b/salt/curator/defaults.yaml index 17c5170fd..cf2ab38c2 100644 --- a/salt/curator/defaults.yaml +++ b/salt/curator/defaults.yaml @@ -88,6 +88,10 @@ elasticsearch: warm: 7 close: 30 delete: 365 + so-kratos: + warm: 7 + close: 30 + delete: 365 so-kibana: warm: 7 close: 30 @@ -124,6 +128,10 @@ elasticsearch: warm: 7 close: 30 delete: 365 + so-ossec: + warm: 7 + close: 30 + delete: 365 so-proofpoint: warm: 7 close: 30 @@ -171,4 +179,4 @@ elasticsearch: so-zscaler: warm: 7 close: 30 - delete: 365 \ No newline at end of file + delete: 365 diff --git a/salt/curator/files/action/so-aws-close.yml b/salt/curator/files/action/so-aws-close.yml index 568579d67..31ea2426b 100644 --- a/salt/curator/files/action/so-aws-close.yml +++ b/salt/curator/files/action/so-aws-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-aws:close') -%} +{%- set cur_close_days = CURATORMERGED['so-aws'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-aws-delete.yml b/salt/curator/files/action/so-aws-delete.yml index b93f2b14d..fb49fae03 100644 --- a/salt/curator/files/action/so-aws-delete.yml +++ b/salt/curator/files/action/so-aws-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-aws'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-aws-warm.yml b/salt/curator/files/action/so-aws-warm.yml index a4608f0bf..2d55cdaf3 100644 --- a/salt/curator/files/action/so-aws-warm.yml +++ b/salt/curator/files/action/so-aws-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-aws'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-azure-close.yml b/salt/curator/files/action/so-azure-close.yml index a49825266..08bc5e39b 100644 --- a/salt/curator/files/action/so-azure-close.yml +++ b/salt/curator/files/action/so-azure-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-azure:close') -%} +{%- set cur_close_days = CURATORMERGED['so-azure'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-azure-delete.yml b/salt/curator/files/action/so-azure-delete.yml index 062388c0e..49d205b39 100644 --- a/salt/curator/files/action/so-azure-delete.yml +++ b/salt/curator/files/action/so-azure-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-azure:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-azure'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-azure-warm.yml b/salt/curator/files/action/so-azure-warm.yml index aaac2fc03..bacc7b49d 100644 --- a/salt/curator/files/action/so-azure-warm.yml +++ b/salt/curator/files/action/so-azure-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-azure:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-azure'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-barracuda-close.yml b/salt/curator/files/action/so-barracuda-close.yml index 35032bc56..18aa7a22a 100644 --- a/salt/curator/files/action/so-barracuda-close.yml +++ b/salt/curator/files/action/so-barracuda-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:close') -%} +{%- set cur_close_days = CURATORMERGED['so-barracuda'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-barracuda-delete.yml b/salt/curator/files/action/so-barracuda-delete.yml index bf8e7638f..1c88b20e7 100644 --- a/salt/curator/files/action/so-barracuda-delete.yml +++ b/salt/curator/files/action/so-barracuda-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-barracuda'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-barracuda-warm.yml b/salt/curator/files/action/so-barracuda-warm.yml index d61cbce61..1ff20c16c 100644 --- a/salt/curator/files/action/so-barracuda-warm.yml +++ b/salt/curator/files/action/so-barracuda-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-barracuda'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-beats-close.yml b/salt/curator/files/action/so-beats-close.yml index bcd138c38..bf54bc1ef 100644 --- a/salt/curator/files/action/so-beats-close.yml +++ b/salt/curator/files/action/so-beats-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-beats:close') -%} +{%- set cur_close_days = CURATORMERGED['so-beats'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-beats-delete.yml b/salt/curator/files/action/so-beats-delete.yml index fa072c1e2..86cb6d3da 100644 --- a/salt/curator/files/action/so-beats-delete.yml +++ b/salt/curator/files/action/so-beats-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-beats:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-beats'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-beats-warm.yml b/salt/curator/files/action/so-beats-warm.yml index ae733ce3b..2f3f519d5 100644 --- a/salt/curator/files/action/so-beats-warm.yml +++ b/salt/curator/files/action/so-beats-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-beats:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-beats'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-bluecoat-close.yml b/salt/curator/files/action/so-bluecoat-close.yml index 349a21a27..10901e426 100644 --- a/salt/curator/files/action/so-bluecoat-close.yml +++ b/salt/curator/files/action/so-bluecoat-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:close') -%} +{%- set cur_close_days = CURATORMERGED['so-bluecoat'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-bluecoat-delete.yml b/salt/curator/files/action/so-bluecoat-delete.yml index c2aad1419..b8641b4bd 100644 --- a/salt/curator/files/action/so-bluecoat-delete.yml +++ b/salt/curator/files/action/so-bluecoat-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-bluecoat'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-bluecoat-warm.yml b/salt/curator/files/action/so-bluecoat-warm.yml index b50f0db0b..b5552e0c2 100644 --- a/salt/curator/files/action/so-bluecoat-warm.yml +++ b/salt/curator/files/action/so-bluecoat-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-bluecoat'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-cef-close.yml b/salt/curator/files/action/so-cef-close.yml index 57bcb3a2a..91ae740ff 100644 --- a/salt/curator/files/action/so-cef-close.yml +++ b/salt/curator/files/action/so-cef-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cef:close') -%} +{%- set cur_close_days = CURATORMERGED['so-cef'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-cef-delete.yml b/salt/curator/files/action/so-cef-delete.yml index 3bda2246f..e2c23381d 100644 --- a/salt/curator/files/action/so-cef-delete.yml +++ b/salt/curator/files/action/so-cef-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cef:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-cef'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-cef-warm.yml b/salt/curator/files/action/so-cef-warm.yml index b2143c1ce..a99209dfc 100644 --- a/salt/curator/files/action/so-cef-warm.yml +++ b/salt/curator/files/action/so-cef-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cef:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-cef'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-checkpoint-close.yml b/salt/curator/files/action/so-checkpoint-close.yml index 938eaf25f..1fed22538 100644 --- a/salt/curator/files/action/so-checkpoint-close.yml +++ b/salt/curator/files/action/so-checkpoint-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:close') -%} +{%- set cur_close_days = CURATORMERGED['so-checkpoint'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-checkpoint-delete.yml b/salt/curator/files/action/so-checkpoint-delete.yml index d0048162d..6e2b84bc9 100644 --- a/salt/curator/files/action/so-checkpoint-delete.yml +++ b/salt/curator/files/action/so-checkpoint-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-checkpoint'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-checkpoint-warm.yml b/salt/curator/files/action/so-checkpoint-warm.yml index a66335593..9c2034781 100644 --- a/salt/curator/files/action/so-checkpoint-warm.yml +++ b/salt/curator/files/action/so-checkpoint-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-checkpoint'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-cisco-close.yml b/salt/curator/files/action/so-cisco-close.yml index a097e466d..fe1af6fdc 100644 --- a/salt/curator/files/action/so-cisco-close.yml +++ b/salt/curator/files/action/so-cisco-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cisco:close') -%} +{%- set cur_close_days = CURATORMERGED['so-cisco'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-cisco-delete.yml b/salt/curator/files/action/so-cisco-delete.yml index 0cb98a634..d9dc8e0aa 100644 --- a/salt/curator/files/action/so-cisco-delete.yml +++ b/salt/curator/files/action/so-cisco-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cisco:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-cisco'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-cisco-warm.yml b/salt/curator/files/action/so-cisco-warm.yml index 5240f401b..65dc9c8b9 100644 --- a/salt/curator/files/action/so-cisco-warm.yml +++ b/salt/curator/files/action/so-cisco-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cisco:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-cisco'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-cyberark-close.yml b/salt/curator/files/action/so-cyberark-close.yml index deb0dd869..19e670a72 100644 --- a/salt/curator/files/action/so-cyberark-close.yml +++ b/salt/curator/files/action/so-cyberark-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:close') -%} +{%- set cur_close_days = CURATORMERGED['so-cyberark'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-cyberark-delete.yml b/salt/curator/files/action/so-cyberark-delete.yml index 1fbf83f44..626432c86 100644 --- a/salt/curator/files/action/so-cyberark-delete.yml +++ b/salt/curator/files/action/so-cyberark-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-cyberark'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-cyberark-warm.yml b/salt/curator/files/action/so-cyberark-warm.yml index 3e8ef7ec2..388533af2 100644 --- a/salt/curator/files/action/so-cyberark-warm.yml +++ b/salt/curator/files/action/so-cyberark-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-cyberark'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-cylance-close.yml b/salt/curator/files/action/so-cylance-close.yml index 064c5f02a..d4f40caf6 100644 --- a/salt/curator/files/action/so-cylance-close.yml +++ b/salt/curator/files/action/so-cylance-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cylance:close') -%} +{%- set cur_close_days = CURATORMERGED['so-cylance'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-cylance-delete.yml b/salt/curator/files/action/so-cylance-delete.yml index 42df1877b..d8b1a5be0 100644 --- a/salt/curator/files/action/so-cylance-delete.yml +++ b/salt/curator/files/action/so-cylance-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cylance:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-cylance'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-cylance-warm.yml b/salt/curator/files/action/so-cylance-warm.yml index 97e94c49e..c15639e88 100644 --- a/salt/curator/files/action/so-cylance-warm.yml +++ b/salt/curator/files/action/so-cylance-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cylance:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-cylance'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-elasticsearch-close.yml b/salt/curator/files/action/so-elasticsearch-close.yml index 517972ea6..7bf496d4d 100644 --- a/salt/curator/files/action/so-elasticsearch-close.yml +++ b/salt/curator/files/action/so-elasticsearch-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:close') -%} +{%- set cur_close_days = CURATORMERGED['so-elasticsearch'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-elasticsearch-delete.yml b/salt/curator/files/action/so-elasticsearch-delete.yml index 805d86c85..e61ae4aa0 100644 --- a/salt/curator/files/action/so-elasticsearch-delete.yml +++ b/salt/curator/files/action/so-elasticsearch-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-elasticsearch'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-elasticsearch-warm.yml b/salt/curator/files/action/so-elasticsearch-warm.yml index dc844ccba..8b1eb45b8 100644 --- a/salt/curator/files/action/so-elasticsearch-warm.yml +++ b/salt/curator/files/action/so-elasticsearch-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-elasticsearch'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-endgame-close.yml b/salt/curator/files/action/so-endgame-close.yml index 92de8afe8..fd77ac69e 100644 --- a/salt/curator/files/action/so-endgame-close.yml +++ b/salt/curator/files/action/so-endgame-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-endgame:close') -%} +{%- set cur_close_days = CURATORMERGED['so-endgame'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-endgame-delete.yml b/salt/curator/files/action/so-endgame-delete.yml index bd208da1d..d7ec48ccf 100644 --- a/salt/curator/files/action/so-endgame-delete.yml +++ b/salt/curator/files/action/so-endgame-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-endgame:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-endgame'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-endgame-warm.yml b/salt/curator/files/action/so-endgame-warm.yml index 5c9cd8268..498b15a11 100644 --- a/salt/curator/files/action/so-endgame-warm.yml +++ b/salt/curator/files/action/so-endgame-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-endgame:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-endgame'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-f5-close.yml b/salt/curator/files/action/so-f5-close.yml index a7d3f14c7..b87cd5c90 100644 --- a/salt/curator/files/action/so-f5-close.yml +++ b/salt/curator/files/action/so-f5-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-f5:close') -%} +{%- set cur_close_days = CURATORMERGED['so-f5'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-f5-delete.yml b/salt/curator/files/action/so-f5-delete.yml index e696922e5..e1dbea0bf 100644 --- a/salt/curator/files/action/so-f5-delete.yml +++ b/salt/curator/files/action/so-f5-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-f5:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-f5'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-f5-warm.yml b/salt/curator/files/action/so-f5-warm.yml index ed3453321..a60f9259c 100644 --- a/salt/curator/files/action/so-f5-warm.yml +++ b/salt/curator/files/action/so-f5-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-f5:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-f5'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-firewall-close.yml b/salt/curator/files/action/so-firewall-close.yml index dccf7068b..80385c50b 100644 --- a/salt/curator/files/action/so-firewall-close.yml +++ b/salt/curator/files/action/so-firewall-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-firewall:close') -%} +{%- set cur_close_days = CURATORMERGED['so-firewall'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-firewall-delete.yml b/salt/curator/files/action/so-firewall-delete.yml index fff3315b9..5998f5c5c 100644 --- a/salt/curator/files/action/so-firewall-delete.yml +++ b/salt/curator/files/action/so-firewall-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-firewall:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-firewall'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-firewall-warm.yml b/salt/curator/files/action/so-firewall-warm.yml index a882f34ab..afd22c3d6 100644 --- a/salt/curator/files/action/so-firewall-warm.yml +++ b/salt/curator/files/action/so-firewall-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-firewall:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-firewall'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-fortinet-close.yml b/salt/curator/files/action/so-fortinet-close.yml index 7218e83a2..046409e3d 100644 --- a/salt/curator/files/action/so-fortinet-close.yml +++ b/salt/curator/files/action/so-fortinet-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:close') -%} +{%- set cur_close_days = CURATORMERGED['so-fortinet'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-fortinet-delete.yml b/salt/curator/files/action/so-fortinet-delete.yml index 707ef5da5..b8b17b594 100644 --- a/salt/curator/files/action/so-fortinet-delete.yml +++ b/salt/curator/files/action/so-fortinet-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-fortinet'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-fortinet-warm.yml b/salt/curator/files/action/so-fortinet-warm.yml index 4b0959022..9f5ccab17 100644 --- a/salt/curator/files/action/so-fortinet-warm.yml +++ b/salt/curator/files/action/so-fortinet-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-fortinet'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-gcp-close.yml b/salt/curator/files/action/so-gcp-close.yml index 1541f9076..f28070509 100644 --- a/salt/curator/files/action/so-gcp-close.yml +++ b/salt/curator/files/action/so-gcp-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-gcp:close') -%} +{%- set cur_close_days = CURATORMERGED['so-gcp'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-gcp-delete.yml b/salt/curator/files/action/so-gcp-delete.yml index d7d463332..ab34fd0f7 100644 --- a/salt/curator/files/action/so-gcp-delete.yml +++ b/salt/curator/files/action/so-gcp-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-gcp:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-gcp'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-gcp-warm.yml b/salt/curator/files/action/so-gcp-warm.yml index 52ec004f7..187c9aaa8 100644 --- a/salt/curator/files/action/so-gcp-warm.yml +++ b/salt/curator/files/action/so-gcp-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-gcp:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-gcp'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-google_workspace-close.yml b/salt/curator/files/action/so-google_workspace-close.yml index 00b44e1e1..76d942a9e 100644 --- a/salt/curator/files/action/so-google_workspace-close.yml +++ b/salt/curator/files/action/so-google_workspace-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:close') -%} +{%- set cur_close_days = CURATORMERGED['so-google_workspace'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-google_workspace-delete.yml b/salt/curator/files/action/so-google_workspace-delete.yml index ca8a7571a..18d3826c2 100644 --- a/salt/curator/files/action/so-google_workspace-delete.yml +++ b/salt/curator/files/action/so-google_workspace-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-google_workspace'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-google_workspace-warm.yml b/salt/curator/files/action/so-google_workspace-warm.yml index 94f9d8bd5..777f21184 100644 --- a/salt/curator/files/action/so-google_workspace-warm.yml +++ b/salt/curator/files/action/so-google_workspace-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-google_workspace'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-ids-close.yml b/salt/curator/files/action/so-ids-close.yml index e7ea3f073..d9c153b4b 100644 --- a/salt/curator/files/action/so-ids-close.yml +++ b/salt/curator/files/action/so-ids-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-ids:close') -%} +{%- set cur_close_days = CURATORMERGED['so-ids'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-ids-delete.yml b/salt/curator/files/action/so-ids-delete.yml index f5748d08d..08afd47ba 100644 --- a/salt/curator/files/action/so-ids-delete.yml +++ b/salt/curator/files/action/so-ids-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ids:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-ids'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-ids-warm.yml b/salt/curator/files/action/so-ids-warm.yml index e79621e72..7467b7734 100644 --- a/salt/curator/files/action/so-ids-warm.yml +++ b/salt/curator/files/action/so-ids-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ids:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-ids'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-imperva-close.yml b/salt/curator/files/action/so-imperva-close.yml index 74b5c47e6..38f0fcecb 100644 --- a/salt/curator/files/action/so-imperva-close.yml +++ b/salt/curator/files/action/so-imperva-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-imperva:close') -%} +{%- set cur_close_days = CURATORMERGED['so-imperva'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-imperva-delete.yml b/salt/curator/files/action/so-imperva-delete.yml index 08e781e95..394581d8c 100644 --- a/salt/curator/files/action/so-imperva-delete.yml +++ b/salt/curator/files/action/so-imperva-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-imperva:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-imperva'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-imperva-warm.yml b/salt/curator/files/action/so-imperva-warm.yml index 220ef1fe6..04ba6c37b 100644 --- a/salt/curator/files/action/so-imperva-warm.yml +++ b/salt/curator/files/action/so-imperva-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-imperva:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-imperva'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-import-close.yml b/salt/curator/files/action/so-import-close.yml index e851798e8..ed53a2d0d 100644 --- a/salt/curator/files/action/so-import-close.yml +++ b/salt/curator/files/action/so-import-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-import:close') -%} +{%- set cur_close_days = CURATORMERGED['so-import'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-import-delete.yml b/salt/curator/files/action/so-import-delete.yml index a3ba76435..ac477b8a6 100644 --- a/salt/curator/files/action/so-import-delete.yml +++ b/salt/curator/files/action/so-import-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-import:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-import'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-import-warm.yml b/salt/curator/files/action/so-import-warm.yml index b29bfe96b..3eed3735d 100644 --- a/salt/curator/files/action/so-import-warm.yml +++ b/salt/curator/files/action/so-import-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-import:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-import'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-infoblox-close.yml b/salt/curator/files/action/so-infoblox-close.yml index 8c50d291f..e96e971cb 100644 --- a/salt/curator/files/action/so-infoblox-close.yml +++ b/salt/curator/files/action/so-infoblox-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:close') -%} +{%- set cur_close_days = CURATORMERGED['so-infoblox'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-infoblox-delete.yml b/salt/curator/files/action/so-infoblox-delete.yml index e231af0b5..479e0affb 100644 --- a/salt/curator/files/action/so-infoblox-delete.yml +++ b/salt/curator/files/action/so-infoblox-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-infoblox'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-infoblox-warm.yml b/salt/curator/files/action/so-infoblox-warm.yml index 712a96c6b..3e500a78b 100644 --- a/salt/curator/files/action/so-infoblox-warm.yml +++ b/salt/curator/files/action/so-infoblox-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-infoblox'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-juniper-close.yml b/salt/curator/files/action/so-juniper-close.yml index 266e884df..ce1162d8d 100644 --- a/salt/curator/files/action/so-juniper-close.yml +++ b/salt/curator/files/action/so-juniper-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-juniper:close') -%} +{%- set cur_close_days = CURATORMERGED['so-juniper'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-juniper-delete.yml b/salt/curator/files/action/so-juniper-delete.yml index bbe59cf5e..5c9854c48 100644 --- a/salt/curator/files/action/so-juniper-delete.yml +++ b/salt/curator/files/action/so-juniper-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-juniper:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-juniper'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-juniper-warm.yml b/salt/curator/files/action/so-juniper-warm.yml index a4608f0bf..2d55cdaf3 100644 --- a/salt/curator/files/action/so-juniper-warm.yml +++ b/salt/curator/files/action/so-juniper-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-aws'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-kibana-close.yml b/salt/curator/files/action/so-kibana-close.yml index 47bc752df..853a09630 100644 --- a/salt/curator/files/action/so-kibana-close.yml +++ b/salt/curator/files/action/so-kibana-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-kibana:close') -%} +{%- set cur_close_days = CURATORMERGED['so-kibana'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-kibana-delete.yml b/salt/curator/files/action/so-kibana-delete.yml index c1da5997c..fe9ab6a26 100644 --- a/salt/curator/files/action/so-kibana-delete.yml +++ b/salt/curator/files/action/so-kibana-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kibana:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-kibana'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-kibana-warm.yml b/salt/curator/files/action/so-kibana-warm.yml index d1c2f55eb..db0de8511 100644 --- a/salt/curator/files/action/so-kibana-warm.yml +++ b/salt/curator/files/action/so-kibana-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kibana:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-kibana'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-kratos-close.yml b/salt/curator/files/action/so-kratos-close.yml index b12bec607..c58662b6f 100644 --- a/salt/curator/files/action/so-kratos-close.yml +++ b/salt/curator/files/action/so-kratos-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-kratos:close') -%} +{%- set cur_close_days = CURATORMERGED['so-kratos'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-kratos-delete.yml b/salt/curator/files/action/so-kratos-delete.yml index 86d457d32..04a8a90d5 100644 --- a/salt/curator/files/action/so-kratos-delete.yml +++ b/salt/curator/files/action/so-kratos-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kratos:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-kratos'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-kratos-warm.yml b/salt/curator/files/action/so-kratos-warm.yml index 509792f4c..e6b826716 100644 --- a/salt/curator/files/action/so-kratos-warm.yml +++ b/salt/curator/files/action/so-kratos-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kratos:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-kratos'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-logstash-close.yml b/salt/curator/files/action/so-logstash-close.yml index e91ce0fd9..ef8c0a0cc 100644 --- a/salt/curator/files/action/so-logstash-close.yml +++ b/salt/curator/files/action/so-logstash-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-logstash:close') -%} +{%- set cur_close_days = CURATORMERGED['so-logstash'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-logstash-delete.yml b/salt/curator/files/action/so-logstash-delete.yml index 3aa73874d..5b8cf9047 100644 --- a/salt/curator/files/action/so-logstash-delete.yml +++ b/salt/curator/files/action/so-logstash-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-logstash:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-logstash'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-logstash-warm.yml b/salt/curator/files/action/so-logstash-warm.yml index 8865026b0..71179db54 100644 --- a/salt/curator/files/action/so-logstash-warm.yml +++ b/salt/curator/files/action/so-logstash-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-logstash:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-logstash'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-microsoft-close.yml b/salt/curator/files/action/so-microsoft-close.yml index 0401883f0..e8b02e13e 100644 --- a/salt/curator/files/action/so-microsoft-close.yml +++ b/salt/curator/files/action/so-microsoft-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:close') -%} +{%- set cur_close_days = CURATORMERGED['so-microsoft'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-microsoft-delete.yml b/salt/curator/files/action/so-microsoft-delete.yml index 35aa95173..d344579d2 100644 --- a/salt/curator/files/action/so-microsoft-delete.yml +++ b/salt/curator/files/action/so-microsoft-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-microsoft'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-microsoft-warm.yml b/salt/curator/files/action/so-microsoft-warm.yml index f702bbbe9..8bdd0b372 100644 --- a/salt/curator/files/action/so-microsoft-warm.yml +++ b/salt/curator/files/action/so-microsoft-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-microsoft'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-misp-close.yml b/salt/curator/files/action/so-misp-close.yml index c32b3992a..86a9ec694 100644 --- a/salt/curator/files/action/so-misp-close.yml +++ b/salt/curator/files/action/so-misp-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-misp:close') -%} +{%- set cur_close_days = CURATORMERGED['so-misp'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-misp-delete.yml b/salt/curator/files/action/so-misp-delete.yml index 7e432c969..884b526a7 100644 --- a/salt/curator/files/action/so-misp-delete.yml +++ b/salt/curator/files/action/so-misp-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-misp:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-misp'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-misp-warm.yml b/salt/curator/files/action/so-misp-warm.yml index be0447c7e..e95ebc0a1 100644 --- a/salt/curator/files/action/so-misp-warm.yml +++ b/salt/curator/files/action/so-misp-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-misp:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-misp'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-netflow-close.yml b/salt/curator/files/action/so-netflow-close.yml index 1069aebb4..93eddfdfe 100644 --- a/salt/curator/files/action/so-netflow-close.yml +++ b/salt/curator/files/action/so-netflow-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-netflow:close') -%} +{%- set cur_close_days = CURATORMERGED['so-netflow'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-netflow-delete.yml b/salt/curator/files/action/so-netflow-delete.yml index f697daf33..36eff999c 100644 --- a/salt/curator/files/action/so-netflow-delete.yml +++ b/salt/curator/files/action/so-netflow-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netflow:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-netflow'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-netflow-warm.yml b/salt/curator/files/action/so-netflow-warm.yml index 4d0dcf1ff..84bbd3566 100644 --- a/salt/curator/files/action/so-netflow-warm.yml +++ b/salt/curator/files/action/so-netflow-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netflow:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-netflow'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-netscout-close.yml b/salt/curator/files/action/so-netscout-close.yml index d5ebfe41d..c41842fab 100644 --- a/salt/curator/files/action/so-netscout-close.yml +++ b/salt/curator/files/action/so-netscout-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-netscout:close') -%} +{%- set cur_close_days = CURATORMERGED['so-netscout'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-netscout-delete.yml b/salt/curator/files/action/so-netscout-delete.yml index 46ea94c76..07508454e 100644 --- a/salt/curator/files/action/so-netscout-delete.yml +++ b/salt/curator/files/action/so-netscout-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netscout:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-netscout'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-netscout-warm.yml b/salt/curator/files/action/so-netscout-warm.yml index 9b568ca36..cc086d5d1 100644 --- a/salt/curator/files/action/so-netscout-warm.yml +++ b/salt/curator/files/action/so-netscout-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netscout:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-netscout'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-o365-close.yml b/salt/curator/files/action/so-o365-close.yml index db0202e07..d4f87e6d8 100644 --- a/salt/curator/files/action/so-o365-close.yml +++ b/salt/curator/files/action/so-o365-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-o365:close') -%} +{%- set cur_close_days = CURATORMERGED['so-o365'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-o365-delete.yml b/salt/curator/files/action/so-o365-delete.yml index 350808e3d..b258b42c8 100644 --- a/salt/curator/files/action/so-o365-delete.yml +++ b/salt/curator/files/action/so-o365-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-o365:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-o365'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-o365-warm.yml b/salt/curator/files/action/so-o365-warm.yml index 60f9b7364..e008d9267 100644 --- a/salt/curator/files/action/so-o365-warm.yml +++ b/salt/curator/files/action/so-o365-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-o365:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-o365'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-okta-close.yml b/salt/curator/files/action/so-okta-close.yml index ddbb4852f..58d18764c 100644 --- a/salt/curator/files/action/so-okta-close.yml +++ b/salt/curator/files/action/so-okta-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-okta:close') -%} +{%- set cur_close_days = CURATORMERGED['so-okta'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-okta-warm.yml b/salt/curator/files/action/so-okta-warm.yml index 31d2bcf41..07569f147 100644 --- a/salt/curator/files/action/so-okta-warm.yml +++ b/salt/curator/files/action/so-okta-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-okta:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-okta'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-okta.delete.yml b/salt/curator/files/action/so-okta.delete.yml index 358c387d5..5ba196d11 100644 --- a/salt/curator/files/action/so-okta.delete.yml +++ b/salt/curator/files/action/so-okta.delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-okta:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-okta'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-osquery-close.yml b/salt/curator/files/action/so-osquery-close.yml index b19f1c26d..a5576088f 100644 --- a/salt/curator/files/action/so-osquery-close.yml +++ b/salt/curator/files/action/so-osquery-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-osquery:close') -%} +{%- set cur_close_days = CURATORMERGED['so-osquery'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-osquery-delete.yml b/salt/curator/files/action/so-osquery-delete.yml index 468ab5715..48294a6e6 100644 --- a/salt/curator/files/action/so-osquery-delete.yml +++ b/salt/curator/files/action/so-osquery-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-osquery:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-osquery'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-osquery-warm.yml b/salt/curator/files/action/so-osquery-warm.yml index 24cc30848..57ed61f74 100644 --- a/salt/curator/files/action/so-osquery-warm.yml +++ b/salt/curator/files/action/so-osquery-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-osquery:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-osquery'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-ossec-close.yml b/salt/curator/files/action/so-ossec-close.yml index bd4c3bea0..0ec8f1969 100644 --- a/salt/curator/files/action/so-ossec-close.yml +++ b/salt/curator/files/action/so-ossec-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-ossec:close') -%} +{%- set cur_close_days = CURATORMERGED['so-ossec'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-ossec-delete.yml b/salt/curator/files/action/so-ossec-delete.yml index 4149fd767..2d6992128 100644 --- a/salt/curator/files/action/so-ossec-delete.yml +++ b/salt/curator/files/action/so-ossec-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ossec:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-ossec'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-ossec-warm.yml b/salt/curator/files/action/so-ossec-warm.yml index 6913aa06b..a27ee4154 100644 --- a/salt/curator/files/action/so-ossec-warm.yml +++ b/salt/curator/files/action/so-ossec-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ossec:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-ossec'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-proofpoint-close.yml b/salt/curator/files/action/so-proofpoint-close.yml index 89bb191d4..8ce599021 100644 --- a/salt/curator/files/action/so-proofpoint-close.yml +++ b/salt/curator/files/action/so-proofpoint-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:close') -%} +{%- set cur_close_days = CURATORMERGED['so-proofpoint'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-proofpoint-delete.yml b/salt/curator/files/action/so-proofpoint-delete.yml index aad867ddd..39bd6014e 100644 --- a/salt/curator/files/action/so-proofpoint-delete.yml +++ b/salt/curator/files/action/so-proofpoint-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-proofpoint'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-proofpoint-warm.yml b/salt/curator/files/action/so-proofpoint-warm.yml index fd686d728..cab9b603b 100644 --- a/salt/curator/files/action/so-proofpoint-warm.yml +++ b/salt/curator/files/action/so-proofpoint-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-proofpoint'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-radware-close.yml b/salt/curator/files/action/so-radware-close.yml index dacd1d369..f9e1d657e 100644 --- a/salt/curator/files/action/so-radware-close.yml +++ b/salt/curator/files/action/so-radware-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-radware:close') -%} +{%- set cur_close_days = CURATORMERGED['so-radware'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-radware-delete.yml b/salt/curator/files/action/so-radware-delete.yml index 5793adbe9..7126d7b42 100644 --- a/salt/curator/files/action/so-radware-delete.yml +++ b/salt/curator/files/action/so-radware-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-radware:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-radware'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-radware-warm.yml b/salt/curator/files/action/so-radware-warm.yml index 29859a96a..591b0f565 100644 --- a/salt/curator/files/action/so-radware-warm.yml +++ b/salt/curator/files/action/so-radware-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-radware:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-radware'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-redis-close.yml b/salt/curator/files/action/so-redis-close.yml index bca8129fc..28fccb7f3 100644 --- a/salt/curator/files/action/so-redis-close.yml +++ b/salt/curator/files/action/so-redis-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-redis:close') -%} +{%- set cur_close_days = CURATORMERGED['so-redis'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-redis-delete.yml b/salt/curator/files/action/so-redis-delete.yml index 47af44653..6dc8d6823 100644 --- a/salt/curator/files/action/so-redis-delete.yml +++ b/salt/curator/files/action/so-redis-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-redis:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-redis'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-redis-warm.yml b/salt/curator/files/action/so-redis-warm.yml index 38d0ee577..429462a81 100644 --- a/salt/curator/files/action/so-redis-warm.yml +++ b/salt/curator/files/action/so-redis-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-redis:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-redis'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-snort-close.yml b/salt/curator/files/action/so-snort-close.yml index 7555db52b..a2487637e 100644 --- a/salt/curator/files/action/so-snort-close.yml +++ b/salt/curator/files/action/so-snort-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-snort:close') -%} +{%- set cur_close_days = CURATORMERGED['so-snort'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-snort-delete.yml b/salt/curator/files/action/so-snort-delete.yml index 5c70a08fa..2c56b19bf 100644 --- a/salt/curator/files/action/so-snort-delete.yml +++ b/salt/curator/files/action/so-snort-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-snort:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-snort'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-snort-warm.yml b/salt/curator/files/action/so-snort-warm.yml index 2c95ad699..506d3a4d3 100644 --- a/salt/curator/files/action/so-snort-warm.yml +++ b/salt/curator/files/action/so-snort-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-snort:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-snort'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-snyk-close.yml b/salt/curator/files/action/so-snyk-close.yml index cda27ffcf..9802077bb 100644 --- a/salt/curator/files/action/so-snyk-close.yml +++ b/salt/curator/files/action/so-snyk-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-snyk:close') -%} +{%- set cur_close_days = CURATORMERGED['so-snyk'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-snyk-delete.yml b/salt/curator/files/action/so-snyk-delete.yml index b3e306bcd..5dc00a7fa 100644 --- a/salt/curator/files/action/so-snyk-delete.yml +++ b/salt/curator/files/action/so-snyk-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-snyk:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-snyk'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-snyk-warm.yml b/salt/curator/files/action/so-snyk-warm.yml index 01394605d..598d72d6a 100644 --- a/salt/curator/files/action/so-snyk-warm.yml +++ b/salt/curator/files/action/so-snyk-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-snyk:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-snyk'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-sonicwall-close.yml b/salt/curator/files/action/so-sonicwall-close.yml index ad5520607..7a96385df 100644 --- a/salt/curator/files/action/so-sonicwall-close.yml +++ b/salt/curator/files/action/so-sonicwall-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:close') -%} +{%- set cur_close_days = CURATORMERGED['so-sonicwall'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-sonicwall-delete.yml b/salt/curator/files/action/so-sonicwall-delete.yml index efa598bdb..bcd6b6984 100644 --- a/salt/curator/files/action/so-sonicwall-delete.yml +++ b/salt/curator/files/action/so-sonicwall-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-sonicwall'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-sonicwall-warm.yml b/salt/curator/files/action/so-sonicwall-warm.yml index 5d9cfbfc4..03e1fe565 100644 --- a/salt/curator/files/action/so-sonicwall-warm.yml +++ b/salt/curator/files/action/so-sonicwall-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-sonicwall'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-sophos-close.yml b/salt/curator/files/action/so-sophos-close.yml index 0a4cd9c26..b23c5c78e 100644 --- a/salt/curator/files/action/so-sophos-close.yml +++ b/salt/curator/files/action/so-sophos-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-sophos:close') -%} +{%- set cur_close_days = CURATORMERGED['so-sophos'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-sophos-delete.yml b/salt/curator/files/action/so-sophos-delete.yml index 0bcf922a6..38c8270b8 100644 --- a/salt/curator/files/action/so-sophos-delete.yml +++ b/salt/curator/files/action/so-sophos-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-sophos:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-sophos'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-sophos-warm.yml b/salt/curator/files/action/so-sophos-warm.yml index 50874c8ae..b88fd3cef 100644 --- a/salt/curator/files/action/so-sophos-warm.yml +++ b/salt/curator/files/action/so-sophos-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-sophos:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-sophos'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-strelka-close.yml b/salt/curator/files/action/so-strelka-close.yml index 1af30fd6c..b31eb2c9c 100644 --- a/salt/curator/files/action/so-strelka-close.yml +++ b/salt/curator/files/action/so-strelka-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-strelka:close') -%} +{%- set cur_close_days = CURATORMERGED['so-strelka'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-strelka-delete.yml b/salt/curator/files/action/so-strelka-delete.yml index c48a80c92..d7365c9b4 100644 --- a/salt/curator/files/action/so-strelka-delete.yml +++ b/salt/curator/files/action/so-strelka-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-strelka:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-strelka'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-strelka-warm.yml b/salt/curator/files/action/so-strelka-warm.yml index 641601e7a..9cc40c114 100644 --- a/salt/curator/files/action/so-strelka-warm.yml +++ b/salt/curator/files/action/so-strelka-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-strelka:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-strelka'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-syslog-close.yml b/salt/curator/files/action/so-syslog-close.yml index d04a7e1ac..958cd8152 100644 --- a/salt/curator/files/action/so-syslog-close.yml +++ b/salt/curator/files/action/so-syslog-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-syslog:close') -%} +{%- set cur_close_days = CURATORMERGED['so-syslog'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-syslog-delete.yml b/salt/curator/files/action/so-syslog-delete.yml index 5fa7878c8..a7b03e2d4 100644 --- a/salt/curator/files/action/so-syslog-delete.yml +++ b/salt/curator/files/action/so-syslog-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-syslog:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-syslog'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-syslog-warm.yml b/salt/curator/files/action/so-syslog-warm.yml index e94a1f118..72eb1d535 100644 --- a/salt/curator/files/action/so-syslog-warm.yml +++ b/salt/curator/files/action/so-syslog-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-syslog:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-syslog'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-tomcat-close.yml b/salt/curator/files/action/so-tomcat-close.yml index ac75659a3..e42b3180c 100644 --- a/salt/curator/files/action/so-tomcat-close.yml +++ b/salt/curator/files/action/so-tomcat-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:close') -%} +{%- set cur_close_days = CURATORMERGED['so-tomcat'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-tomcat-delete.yml b/salt/curator/files/action/so-tomcat-delete.yml index cf68c0933..e2fd1b1c0 100644 --- a/salt/curator/files/action/so-tomcat-delete.yml +++ b/salt/curator/files/action/so-tomcat-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-tomcat'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-tomcat-warm.yml b/salt/curator/files/action/so-tomcat-warm.yml index 0b2772d6c..31d9a2fd3 100644 --- a/salt/curator/files/action/so-tomcat-warm.yml +++ b/salt/curator/files/action/so-tomcat-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-tomcat'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-zeek-close.yml b/salt/curator/files/action/so-zeek-close.yml index de18b146b..cbedd0aa2 100644 --- a/salt/curator/files/action/so-zeek-close.yml +++ b/salt/curator/files/action/so-zeek-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-zeek:close') -%} +{%- set cur_close_days = CURATORMERGED['so-zeek'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-zeek-delete.yml b/salt/curator/files/action/so-zeek-delete.yml index bc902fd5c..00fafeb53 100644 --- a/salt/curator/files/action/so-zeek-delete.yml +++ b/salt/curator/files/action/so-zeek-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-zeek:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-zeek'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-zeek-warm.yml b/salt/curator/files/action/so-zeek-warm.yml index 490e21c12..a568d1594 100644 --- a/salt/curator/files/action/so-zeek-warm.yml +++ b/salt/curator/files/action/so-zeek-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-zeek:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-zeek'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-zscaler-close.yml b/salt/curator/files/action/so-zscaler-close.yml index ba1d36029..fa6117791 100644 --- a/salt/curator/files/action/so-zscaler-close.yml +++ b/salt/curator/files/action/so-zscaler-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:close') -%} +{%- set cur_close_days = CURATORMERGED['so-zscaler'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-zscaler-delete.yml b/salt/curator/files/action/so-zscaler-delete.yml index fe663ba3a..6869ad14f 100644 --- a/salt/curator/files/action/so-zscaler-delete.yml +++ b/salt/curator/files/action/so-zscaler-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED['so-zscaler'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-zscaler-warm.yml b/salt/curator/files/action/so-zscaler-warm.yml index c5d20b868..e4938ce30 100644 --- a/salt/curator/files/action/so-zscaler-warm.yml +++ b/salt/curator/files/action/so-zscaler-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:warm') -%} +{%- set WARM_DAYS = CURATORMERGED['so-zscaler'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/init.sls b/salt/curator/init.sls index 7c47c23d4..9671020e5 100644 --- a/salt/curator/init.sls +++ b/salt/curator/init.sls @@ -7,6 +7,7 @@ {% if sls in allowed_states %} {% from 'vars/globals.map.jinja' import GLOBALS %} {% from "curator/map.jinja" import CURATOROPTIONS %} +{% from "curator/map.jinja" import CURATORMERGED %} {% set REMOVECURATORCRON = False %} # Curator @@ -45,6 +46,9 @@ actionconfs: - user: 934 - group: 939 - template: jinja + - defaults: + CURATORMERGED: {{ CURATORMERGED }} + curconf: file.managed: diff --git a/salt/curator/map.jinja b/salt/curator/map.jinja index 1fcebf5ad..65d9f580d 100644 --- a/salt/curator/map.jinja +++ b/salt/curator/map.jinja @@ -13,3 +13,6 @@ {% do CURATOROPTIONS.update({'start': True}) %} {% do CURATOROPTIONS.update({'status': 'running'}) %} {% endif %} + +{% import_yaml 'curator/defaults.yaml' as CURATORDEFAULTS %} +{% set CURATORMERGED = salt['pillar.get']('elasticsearch:index_settings', CURATORDEFAULTS.elasticsearch.index_settings, merge=true) %} diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 37eab28a0..f1a5a7dd5 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -9,9 +9,9 @@ elasticsearch: disk: threshold_enabled: true watermark: - low: 85% - high: 90% - flood_stage: 95% + low: 80% + high: 85% + flood_stage: 90% network: host: 0.0.0.0 path: