From c880be8d45c5e09d8a27a8fb5990ee22650c0a37 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 21 Oct 2022 10:38:32 -0400 Subject: [PATCH 1/3] use curator defaults.yaml merged with pillar for actions --- salt/curator/files/action/so-aws-close.yml | 2 +- salt/curator/files/action/so-aws-delete.yml | 2 +- salt/curator/files/action/so-aws-warm.yml | 2 +- salt/curator/files/action/so-azure-close.yml | 2 +- salt/curator/files/action/so-azure-delete.yml | 2 +- salt/curator/files/action/so-azure-warm.yml | 2 +- salt/curator/files/action/so-barracuda-close.yml | 2 +- salt/curator/files/action/so-barracuda-delete.yml | 2 +- salt/curator/files/action/so-barracuda-warm.yml | 2 +- salt/curator/files/action/so-beats-close.yml | 2 +- salt/curator/files/action/so-beats-delete.yml | 2 +- salt/curator/files/action/so-beats-warm.yml | 2 +- salt/curator/files/action/so-bluecoat-close.yml | 2 +- salt/curator/files/action/so-bluecoat-delete.yml | 2 +- salt/curator/files/action/so-bluecoat-warm.yml | 2 +- salt/curator/files/action/so-cef-close.yml | 2 +- salt/curator/files/action/so-cef-delete.yml | 2 +- salt/curator/files/action/so-cef-warm.yml | 2 +- salt/curator/files/action/so-checkpoint-close.yml | 2 +- salt/curator/files/action/so-checkpoint-delete.yml | 2 +- salt/curator/files/action/so-checkpoint-warm.yml | 2 +- salt/curator/files/action/so-cisco-close.yml | 2 +- salt/curator/files/action/so-cisco-delete.yml | 2 +- salt/curator/files/action/so-cisco-warm.yml | 2 +- salt/curator/files/action/so-cyberark-close.yml | 2 +- salt/curator/files/action/so-cyberark-delete.yml | 2 +- salt/curator/files/action/so-cyberark-warm.yml | 2 +- salt/curator/files/action/so-cylance-close.yml | 2 +- salt/curator/files/action/so-cylance-delete.yml | 2 +- salt/curator/files/action/so-cylance-warm.yml | 2 +- salt/curator/files/action/so-elasticsearch-close.yml | 2 +- salt/curator/files/action/so-elasticsearch-delete.yml | 2 +- salt/curator/files/action/so-elasticsearch-warm.yml | 2 +- salt/curator/files/action/so-endgame-close.yml | 2 +- salt/curator/files/action/so-endgame-delete.yml | 2 +- salt/curator/files/action/so-endgame-warm.yml | 2 +- salt/curator/files/action/so-f5-close.yml | 2 +- salt/curator/files/action/so-f5-delete.yml | 2 +- salt/curator/files/action/so-f5-warm.yml | 2 +- salt/curator/files/action/so-firewall-close.yml | 2 +- salt/curator/files/action/so-firewall-delete.yml | 2 +- salt/curator/files/action/so-firewall-warm.yml | 2 +- salt/curator/files/action/so-fortinet-close.yml | 2 +- salt/curator/files/action/so-fortinet-delete.yml | 2 +- salt/curator/files/action/so-fortinet-warm.yml | 2 +- salt/curator/files/action/so-gcp-close.yml | 2 +- salt/curator/files/action/so-gcp-delete.yml | 2 +- salt/curator/files/action/so-gcp-warm.yml | 2 +- salt/curator/files/action/so-google_workspace-close.yml | 2 +- salt/curator/files/action/so-google_workspace-delete.yml | 2 +- salt/curator/files/action/so-google_workspace-warm.yml | 2 +- salt/curator/files/action/so-ids-close.yml | 2 +- salt/curator/files/action/so-ids-delete.yml | 2 +- salt/curator/files/action/so-ids-warm.yml | 2 +- salt/curator/files/action/so-imperva-close.yml | 2 +- salt/curator/files/action/so-imperva-delete.yml | 2 +- salt/curator/files/action/so-imperva-warm.yml | 2 +- salt/curator/files/action/so-import-close.yml | 2 +- salt/curator/files/action/so-import-delete.yml | 2 +- salt/curator/files/action/so-import-warm.yml | 2 +- salt/curator/files/action/so-infoblox-close.yml | 2 +- salt/curator/files/action/so-infoblox-delete.yml | 2 +- salt/curator/files/action/so-infoblox-warm.yml | 2 +- salt/curator/files/action/so-juniper-close.yml | 2 +- salt/curator/files/action/so-juniper-delete.yml | 2 +- salt/curator/files/action/so-juniper-warm.yml | 2 +- salt/curator/files/action/so-kibana-close.yml | 2 +- salt/curator/files/action/so-kibana-delete.yml | 2 +- salt/curator/files/action/so-kibana-warm.yml | 2 +- salt/curator/files/action/so-kratos-close.yml | 2 +- salt/curator/files/action/so-kratos-delete.yml | 2 +- salt/curator/files/action/so-kratos-warm.yml | 2 +- salt/curator/files/action/so-logstash-close.yml | 2 +- salt/curator/files/action/so-logstash-delete.yml | 2 +- salt/curator/files/action/so-logstash-warm.yml | 2 +- salt/curator/files/action/so-microsoft-close.yml | 2 +- salt/curator/files/action/so-microsoft-delete.yml | 2 +- salt/curator/files/action/so-microsoft-warm.yml | 2 +- salt/curator/files/action/so-misp-close.yml | 2 +- salt/curator/files/action/so-misp-delete.yml | 2 +- salt/curator/files/action/so-misp-warm.yml | 2 +- salt/curator/files/action/so-netflow-close.yml | 2 +- salt/curator/files/action/so-netflow-delete.yml | 2 +- salt/curator/files/action/so-netflow-warm.yml | 2 +- salt/curator/files/action/so-netscout-close.yml | 2 +- salt/curator/files/action/so-netscout-delete.yml | 2 +- salt/curator/files/action/so-netscout-warm.yml | 2 +- salt/curator/files/action/so-o365-close.yml | 2 +- salt/curator/files/action/so-o365-delete.yml | 2 +- salt/curator/files/action/so-o365-warm.yml | 2 +- salt/curator/files/action/so-okta-close.yml | 2 +- salt/curator/files/action/so-okta-warm.yml | 2 +- salt/curator/files/action/so-okta.delete.yml | 2 +- salt/curator/files/action/so-osquery-close.yml | 2 +- salt/curator/files/action/so-osquery-delete.yml | 2 +- salt/curator/files/action/so-osquery-warm.yml | 2 +- salt/curator/files/action/so-ossec-close.yml | 2 +- salt/curator/files/action/so-ossec-delete.yml | 2 +- salt/curator/files/action/so-ossec-warm.yml | 2 +- salt/curator/files/action/so-proofpoint-close.yml | 2 +- salt/curator/files/action/so-proofpoint-delete.yml | 2 +- salt/curator/files/action/so-proofpoint-warm.yml | 2 +- salt/curator/files/action/so-radware-close.yml | 2 +- salt/curator/files/action/so-radware-delete.yml | 2 +- salt/curator/files/action/so-radware-warm.yml | 2 +- salt/curator/files/action/so-redis-close.yml | 2 +- salt/curator/files/action/so-redis-delete.yml | 2 +- salt/curator/files/action/so-redis-warm.yml | 2 +- salt/curator/files/action/so-snort-close.yml | 2 +- salt/curator/files/action/so-snort-delete.yml | 2 +- salt/curator/files/action/so-snort-warm.yml | 2 +- salt/curator/files/action/so-snyk-close.yml | 2 +- salt/curator/files/action/so-snyk-delete.yml | 2 +- salt/curator/files/action/so-snyk-warm.yml | 2 +- salt/curator/files/action/so-sonicwall-close.yml | 2 +- salt/curator/files/action/so-sonicwall-delete.yml | 2 +- salt/curator/files/action/so-sonicwall-warm.yml | 2 +- salt/curator/files/action/so-sophos-close.yml | 2 +- salt/curator/files/action/so-sophos-delete.yml | 2 +- salt/curator/files/action/so-sophos-warm.yml | 2 +- salt/curator/files/action/so-strelka-close.yml | 2 +- salt/curator/files/action/so-strelka-delete.yml | 2 +- salt/curator/files/action/so-strelka-warm.yml | 2 +- salt/curator/files/action/so-syslog-close.yml | 2 +- salt/curator/files/action/so-syslog-delete.yml | 2 +- salt/curator/files/action/so-syslog-warm.yml | 2 +- salt/curator/files/action/so-tomcat-close.yml | 2 +- salt/curator/files/action/so-tomcat-delete.yml | 2 +- salt/curator/files/action/so-tomcat-warm.yml | 2 +- salt/curator/files/action/so-zeek-close.yml | 2 +- salt/curator/files/action/so-zeek-delete.yml | 2 +- salt/curator/files/action/so-zeek-warm.yml | 2 +- salt/curator/files/action/so-zscaler-close.yml | 2 +- salt/curator/files/action/so-zscaler-delete.yml | 2 +- salt/curator/files/action/so-zscaler-warm.yml | 2 +- salt/curator/init.sls | 4 ++++ salt/curator/map.jinja | 3 +++ salt/elasticsearch/defaults.yaml | 6 +++--- 138 files changed, 145 insertions(+), 138 deletions(-) diff --git a/salt/curator/files/action/so-aws-close.yml b/salt/curator/files/action/so-aws-close.yml index 568579d67..b7f386166 100644 --- a/salt/curator/files/action/so-aws-close.yml +++ b/salt/curator/files/action/so-aws-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-aws:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-aws.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-aws-delete.yml b/salt/curator/files/action/so-aws-delete.yml index b93f2b14d..880581a3d 100644 --- a/salt/curator/files/action/so-aws-delete.yml +++ b/salt/curator/files/action/so-aws-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-aws.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-aws-warm.yml b/salt/curator/files/action/so-aws-warm.yml index a4608f0bf..8f6366697 100644 --- a/salt/curator/files/action/so-aws-warm.yml +++ b/salt/curator/files/action/so-aws-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-aws.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-azure-close.yml b/salt/curator/files/action/so-azure-close.yml index a49825266..eaee00fa7 100644 --- a/salt/curator/files/action/so-azure-close.yml +++ b/salt/curator/files/action/so-azure-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-azure:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-azure.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-azure-delete.yml b/salt/curator/files/action/so-azure-delete.yml index 062388c0e..7027c8d15 100644 --- a/salt/curator/files/action/so-azure-delete.yml +++ b/salt/curator/files/action/so-azure-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-azure:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-azure.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-azure-warm.yml b/salt/curator/files/action/so-azure-warm.yml index aaac2fc03..79848d80e 100644 --- a/salt/curator/files/action/so-azure-warm.yml +++ b/salt/curator/files/action/so-azure-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-azure:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-azure.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-barracuda-close.yml b/salt/curator/files/action/so-barracuda-close.yml index 35032bc56..d4737612e 100644 --- a/salt/curator/files/action/so-barracuda-close.yml +++ b/salt/curator/files/action/so-barracuda-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-barracuda.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-barracuda-delete.yml b/salt/curator/files/action/so-barracuda-delete.yml index bf8e7638f..e7db59766 100644 --- a/salt/curator/files/action/so-barracuda-delete.yml +++ b/salt/curator/files/action/so-barracuda-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-barracuda.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-barracuda-warm.yml b/salt/curator/files/action/so-barracuda-warm.yml index d61cbce61..ebb4f943d 100644 --- a/salt/curator/files/action/so-barracuda-warm.yml +++ b/salt/curator/files/action/so-barracuda-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-barracuda.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-beats-close.yml b/salt/curator/files/action/so-beats-close.yml index bcd138c38..37bd2f762 100644 --- a/salt/curator/files/action/so-beats-close.yml +++ b/salt/curator/files/action/so-beats-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-beats:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-beats.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-beats-delete.yml b/salt/curator/files/action/so-beats-delete.yml index fa072c1e2..deb861f05 100644 --- a/salt/curator/files/action/so-beats-delete.yml +++ b/salt/curator/files/action/so-beats-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-beats:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-beats.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-beats-warm.yml b/salt/curator/files/action/so-beats-warm.yml index ae733ce3b..365a0a03b 100644 --- a/salt/curator/files/action/so-beats-warm.yml +++ b/salt/curator/files/action/so-beats-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-beats:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-beats.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-bluecoat-close.yml b/salt/curator/files/action/so-bluecoat-close.yml index 349a21a27..ab96964f0 100644 --- a/salt/curator/files/action/so-bluecoat-close.yml +++ b/salt/curator/files/action/so-bluecoat-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-bluecoat.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-bluecoat-delete.yml b/salt/curator/files/action/so-bluecoat-delete.yml index c2aad1419..8a496afe4 100644 --- a/salt/curator/files/action/so-bluecoat-delete.yml +++ b/salt/curator/files/action/so-bluecoat-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-bluecoat.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-bluecoat-warm.yml b/salt/curator/files/action/so-bluecoat-warm.yml index b50f0db0b..03966b053 100644 --- a/salt/curator/files/action/so-bluecoat-warm.yml +++ b/salt/curator/files/action/so-bluecoat-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-bluecoat.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-cef-close.yml b/salt/curator/files/action/so-cef-close.yml index 57bcb3a2a..093de32d2 100644 --- a/salt/curator/files/action/so-cef-close.yml +++ b/salt/curator/files/action/so-cef-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cef:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-cef.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-cef-delete.yml b/salt/curator/files/action/so-cef-delete.yml index 3bda2246f..372015d23 100644 --- a/salt/curator/files/action/so-cef-delete.yml +++ b/salt/curator/files/action/so-cef-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cef:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cef.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-cef-warm.yml b/salt/curator/files/action/so-cef-warm.yml index b2143c1ce..39ba1d574 100644 --- a/salt/curator/files/action/so-cef-warm.yml +++ b/salt/curator/files/action/so-cef-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cef:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cef.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-checkpoint-close.yml b/salt/curator/files/action/so-checkpoint-close.yml index 938eaf25f..a894bcbb5 100644 --- a/salt/curator/files/action/so-checkpoint-close.yml +++ b/salt/curator/files/action/so-checkpoint-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-checkpoint.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-checkpoint-delete.yml b/salt/curator/files/action/so-checkpoint-delete.yml index d0048162d..ebfcec86b 100644 --- a/salt/curator/files/action/so-checkpoint-delete.yml +++ b/salt/curator/files/action/so-checkpoint-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-checkpoint.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-checkpoint-warm.yml b/salt/curator/files/action/so-checkpoint-warm.yml index a66335593..73a012d99 100644 --- a/salt/curator/files/action/so-checkpoint-warm.yml +++ b/salt/curator/files/action/so-checkpoint-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-checkpoint.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-cisco-close.yml b/salt/curator/files/action/so-cisco-close.yml index a097e466d..06b6d9f4b 100644 --- a/salt/curator/files/action/so-cisco-close.yml +++ b/salt/curator/files/action/so-cisco-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cisco:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-cisco.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-cisco-delete.yml b/salt/curator/files/action/so-cisco-delete.yml index 0cb98a634..f057a1de0 100644 --- a/salt/curator/files/action/so-cisco-delete.yml +++ b/salt/curator/files/action/so-cisco-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cisco:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cisco.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-cisco-warm.yml b/salt/curator/files/action/so-cisco-warm.yml index 5240f401b..9ca5812ad 100644 --- a/salt/curator/files/action/so-cisco-warm.yml +++ b/salt/curator/files/action/so-cisco-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cisco:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cisco.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-cyberark-close.yml b/salt/curator/files/action/so-cyberark-close.yml index deb0dd869..56a769682 100644 --- a/salt/curator/files/action/so-cyberark-close.yml +++ b/salt/curator/files/action/so-cyberark-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-cyberark.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-cyberark-delete.yml b/salt/curator/files/action/so-cyberark-delete.yml index 1fbf83f44..51256ce58 100644 --- a/salt/curator/files/action/so-cyberark-delete.yml +++ b/salt/curator/files/action/so-cyberark-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cyberark.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-cyberark-warm.yml b/salt/curator/files/action/so-cyberark-warm.yml index 3e8ef7ec2..14fa3dff6 100644 --- a/salt/curator/files/action/so-cyberark-warm.yml +++ b/salt/curator/files/action/so-cyberark-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cyberark.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-cylance-close.yml b/salt/curator/files/action/so-cylance-close.yml index 064c5f02a..2368d37d7 100644 --- a/salt/curator/files/action/so-cylance-close.yml +++ b/salt/curator/files/action/so-cylance-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cylance:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-cylance.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-cylance-delete.yml b/salt/curator/files/action/so-cylance-delete.yml index 42df1877b..0676057d5 100644 --- a/salt/curator/files/action/so-cylance-delete.yml +++ b/salt/curator/files/action/so-cylance-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cylance:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cylance.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-cylance-warm.yml b/salt/curator/files/action/so-cylance-warm.yml index 97e94c49e..6a0f7ca65 100644 --- a/salt/curator/files/action/so-cylance-warm.yml +++ b/salt/curator/files/action/so-cylance-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cylance:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cylance.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-elasticsearch-close.yml b/salt/curator/files/action/so-elasticsearch-close.yml index 517972ea6..25e6f0d10 100644 --- a/salt/curator/files/action/so-elasticsearch-close.yml +++ b/salt/curator/files/action/so-elasticsearch-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-elasticsearch.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-elasticsearch-delete.yml b/salt/curator/files/action/so-elasticsearch-delete.yml index 805d86c85..17ac1c77b 100644 --- a/salt/curator/files/action/so-elasticsearch-delete.yml +++ b/salt/curator/files/action/so-elasticsearch-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-elasticsearch.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-elasticsearch-warm.yml b/salt/curator/files/action/so-elasticsearch-warm.yml index dc844ccba..3d3f3cfa6 100644 --- a/salt/curator/files/action/so-elasticsearch-warm.yml +++ b/salt/curator/files/action/so-elasticsearch-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-elasticsearch.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-endgame-close.yml b/salt/curator/files/action/so-endgame-close.yml index 92de8afe8..a748838bf 100644 --- a/salt/curator/files/action/so-endgame-close.yml +++ b/salt/curator/files/action/so-endgame-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-endgame:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-endgame.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-endgame-delete.yml b/salt/curator/files/action/so-endgame-delete.yml index bd208da1d..efd43fc86 100644 --- a/salt/curator/files/action/so-endgame-delete.yml +++ b/salt/curator/files/action/so-endgame-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-endgame:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-endgame.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-endgame-warm.yml b/salt/curator/files/action/so-endgame-warm.yml index 5c9cd8268..f90fcacea 100644 --- a/salt/curator/files/action/so-endgame-warm.yml +++ b/salt/curator/files/action/so-endgame-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-endgame:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-endgame.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-f5-close.yml b/salt/curator/files/action/so-f5-close.yml index a7d3f14c7..ed9d2025d 100644 --- a/salt/curator/files/action/so-f5-close.yml +++ b/salt/curator/files/action/so-f5-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-f5:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-f5.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-f5-delete.yml b/salt/curator/files/action/so-f5-delete.yml index e696922e5..0679a50bb 100644 --- a/salt/curator/files/action/so-f5-delete.yml +++ b/salt/curator/files/action/so-f5-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-f5:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-f5.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-f5-warm.yml b/salt/curator/files/action/so-f5-warm.yml index ed3453321..51f430b88 100644 --- a/salt/curator/files/action/so-f5-warm.yml +++ b/salt/curator/files/action/so-f5-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-f5:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-f5.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-firewall-close.yml b/salt/curator/files/action/so-firewall-close.yml index dccf7068b..f153e0547 100644 --- a/salt/curator/files/action/so-firewall-close.yml +++ b/salt/curator/files/action/so-firewall-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-firewall:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-firewall.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-firewall-delete.yml b/salt/curator/files/action/so-firewall-delete.yml index fff3315b9..99046c6fe 100644 --- a/salt/curator/files/action/so-firewall-delete.yml +++ b/salt/curator/files/action/so-firewall-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-firewall:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-firewall.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-firewall-warm.yml b/salt/curator/files/action/so-firewall-warm.yml index a882f34ab..e68067d8a 100644 --- a/salt/curator/files/action/so-firewall-warm.yml +++ b/salt/curator/files/action/so-firewall-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-firewall:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-firewall.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-fortinet-close.yml b/salt/curator/files/action/so-fortinet-close.yml index 7218e83a2..e001efc6d 100644 --- a/salt/curator/files/action/so-fortinet-close.yml +++ b/salt/curator/files/action/so-fortinet-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-fortinet.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-fortinet-delete.yml b/salt/curator/files/action/so-fortinet-delete.yml index 707ef5da5..1299baf89 100644 --- a/salt/curator/files/action/so-fortinet-delete.yml +++ b/salt/curator/files/action/so-fortinet-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-fortinet.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-fortinet-warm.yml b/salt/curator/files/action/so-fortinet-warm.yml index 4b0959022..b419c073c 100644 --- a/salt/curator/files/action/so-fortinet-warm.yml +++ b/salt/curator/files/action/so-fortinet-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-fortinet.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-gcp-close.yml b/salt/curator/files/action/so-gcp-close.yml index 1541f9076..1dbd29d5c 100644 --- a/salt/curator/files/action/so-gcp-close.yml +++ b/salt/curator/files/action/so-gcp-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-gcp:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-gcp.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-gcp-delete.yml b/salt/curator/files/action/so-gcp-delete.yml index d7d463332..4486161a4 100644 --- a/salt/curator/files/action/so-gcp-delete.yml +++ b/salt/curator/files/action/so-gcp-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-gcp:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-gcp.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-gcp-warm.yml b/salt/curator/files/action/so-gcp-warm.yml index 52ec004f7..cf76c3ec6 100644 --- a/salt/curator/files/action/so-gcp-warm.yml +++ b/salt/curator/files/action/so-gcp-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-gcp:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-gcp.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-google_workspace-close.yml b/salt/curator/files/action/so-google_workspace-close.yml index 00b44e1e1..0de4162ab 100644 --- a/salt/curator/files/action/so-google_workspace-close.yml +++ b/salt/curator/files/action/so-google_workspace-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-google_workspace.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-google_workspace-delete.yml b/salt/curator/files/action/so-google_workspace-delete.yml index ca8a7571a..6ab479909 100644 --- a/salt/curator/files/action/so-google_workspace-delete.yml +++ b/salt/curator/files/action/so-google_workspace-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-google_workspace.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-google_workspace-warm.yml b/salt/curator/files/action/so-google_workspace-warm.yml index 94f9d8bd5..535095275 100644 --- a/salt/curator/files/action/so-google_workspace-warm.yml +++ b/salt/curator/files/action/so-google_workspace-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-google_workspace.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-ids-close.yml b/salt/curator/files/action/so-ids-close.yml index e7ea3f073..de1e601b9 100644 --- a/salt/curator/files/action/so-ids-close.yml +++ b/salt/curator/files/action/so-ids-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-ids:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-ids.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-ids-delete.yml b/salt/curator/files/action/so-ids-delete.yml index f5748d08d..75419b365 100644 --- a/salt/curator/files/action/so-ids-delete.yml +++ b/salt/curator/files/action/so-ids-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ids:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-ids.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-ids-warm.yml b/salt/curator/files/action/so-ids-warm.yml index e79621e72..c079b1932 100644 --- a/salt/curator/files/action/so-ids-warm.yml +++ b/salt/curator/files/action/so-ids-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ids:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-ids.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-imperva-close.yml b/salt/curator/files/action/so-imperva-close.yml index 74b5c47e6..c219abc0b 100644 --- a/salt/curator/files/action/so-imperva-close.yml +++ b/salt/curator/files/action/so-imperva-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-imperva:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-imperva.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-imperva-delete.yml b/salt/curator/files/action/so-imperva-delete.yml index 08e781e95..82307b7ca 100644 --- a/salt/curator/files/action/so-imperva-delete.yml +++ b/salt/curator/files/action/so-imperva-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-imperva:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-imperva.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-imperva-warm.yml b/salt/curator/files/action/so-imperva-warm.yml index 220ef1fe6..5586abac8 100644 --- a/salt/curator/files/action/so-imperva-warm.yml +++ b/salt/curator/files/action/so-imperva-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-imperva:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-imperva.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-import-close.yml b/salt/curator/files/action/so-import-close.yml index e851798e8..d6c4d768c 100644 --- a/salt/curator/files/action/so-import-close.yml +++ b/salt/curator/files/action/so-import-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-import:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-import.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-import-delete.yml b/salt/curator/files/action/so-import-delete.yml index a3ba76435..7be96b2d4 100644 --- a/salt/curator/files/action/so-import-delete.yml +++ b/salt/curator/files/action/so-import-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-import:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-import.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-import-warm.yml b/salt/curator/files/action/so-import-warm.yml index b29bfe96b..4d17d1811 100644 --- a/salt/curator/files/action/so-import-warm.yml +++ b/salt/curator/files/action/so-import-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-import:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-import.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-infoblox-close.yml b/salt/curator/files/action/so-infoblox-close.yml index 8c50d291f..d5a68bedc 100644 --- a/salt/curator/files/action/so-infoblox-close.yml +++ b/salt/curator/files/action/so-infoblox-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-infoblox.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-infoblox-delete.yml b/salt/curator/files/action/so-infoblox-delete.yml index e231af0b5..2d9064c9b 100644 --- a/salt/curator/files/action/so-infoblox-delete.yml +++ b/salt/curator/files/action/so-infoblox-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-infoblox.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-infoblox-warm.yml b/salt/curator/files/action/so-infoblox-warm.yml index 712a96c6b..86b2e0c52 100644 --- a/salt/curator/files/action/so-infoblox-warm.yml +++ b/salt/curator/files/action/so-infoblox-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-infoblox.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-juniper-close.yml b/salt/curator/files/action/so-juniper-close.yml index 266e884df..268982cd5 100644 --- a/salt/curator/files/action/so-juniper-close.yml +++ b/salt/curator/files/action/so-juniper-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-juniper:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-juniper.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-juniper-delete.yml b/salt/curator/files/action/so-juniper-delete.yml index bbe59cf5e..0f00e0fd1 100644 --- a/salt/curator/files/action/so-juniper-delete.yml +++ b/salt/curator/files/action/so-juniper-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-juniper:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-juniper.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-juniper-warm.yml b/salt/curator/files/action/so-juniper-warm.yml index a4608f0bf..8f6366697 100644 --- a/salt/curator/files/action/so-juniper-warm.yml +++ b/salt/curator/files/action/so-juniper-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-aws.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-kibana-close.yml b/salt/curator/files/action/so-kibana-close.yml index 47bc752df..04b4fbf66 100644 --- a/salt/curator/files/action/so-kibana-close.yml +++ b/salt/curator/files/action/so-kibana-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-kibana:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-kibana.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-kibana-delete.yml b/salt/curator/files/action/so-kibana-delete.yml index c1da5997c..661932445 100644 --- a/salt/curator/files/action/so-kibana-delete.yml +++ b/salt/curator/files/action/so-kibana-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kibana:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-kibana.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-kibana-warm.yml b/salt/curator/files/action/so-kibana-warm.yml index d1c2f55eb..e224fe5b1 100644 --- a/salt/curator/files/action/so-kibana-warm.yml +++ b/salt/curator/files/action/so-kibana-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kibana:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-kibana.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-kratos-close.yml b/salt/curator/files/action/so-kratos-close.yml index b12bec607..161184416 100644 --- a/salt/curator/files/action/so-kratos-close.yml +++ b/salt/curator/files/action/so-kratos-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-kratos:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-kratos.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-kratos-delete.yml b/salt/curator/files/action/so-kratos-delete.yml index 86d457d32..96153e194 100644 --- a/salt/curator/files/action/so-kratos-delete.yml +++ b/salt/curator/files/action/so-kratos-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kratos:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-kratos.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-kratos-warm.yml b/salt/curator/files/action/so-kratos-warm.yml index 509792f4c..360cc1b7f 100644 --- a/salt/curator/files/action/so-kratos-warm.yml +++ b/salt/curator/files/action/so-kratos-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kratos:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-kratos.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-logstash-close.yml b/salt/curator/files/action/so-logstash-close.yml index e91ce0fd9..157053e71 100644 --- a/salt/curator/files/action/so-logstash-close.yml +++ b/salt/curator/files/action/so-logstash-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-logstash:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-logstash.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-logstash-delete.yml b/salt/curator/files/action/so-logstash-delete.yml index 3aa73874d..ef3934e0f 100644 --- a/salt/curator/files/action/so-logstash-delete.yml +++ b/salt/curator/files/action/so-logstash-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-logstash:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-logstash.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-logstash-warm.yml b/salt/curator/files/action/so-logstash-warm.yml index 8865026b0..141cf70ed 100644 --- a/salt/curator/files/action/so-logstash-warm.yml +++ b/salt/curator/files/action/so-logstash-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-logstash:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-logstash.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-microsoft-close.yml b/salt/curator/files/action/so-microsoft-close.yml index 0401883f0..77bd0492d 100644 --- a/salt/curator/files/action/so-microsoft-close.yml +++ b/salt/curator/files/action/so-microsoft-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-microsoft.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-microsoft-delete.yml b/salt/curator/files/action/so-microsoft-delete.yml index 35aa95173..ccea10afd 100644 --- a/salt/curator/files/action/so-microsoft-delete.yml +++ b/salt/curator/files/action/so-microsoft-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-microsoft.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-microsoft-warm.yml b/salt/curator/files/action/so-microsoft-warm.yml index f702bbbe9..76cd09f1e 100644 --- a/salt/curator/files/action/so-microsoft-warm.yml +++ b/salt/curator/files/action/so-microsoft-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-microsoft.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-misp-close.yml b/salt/curator/files/action/so-misp-close.yml index c32b3992a..396f10b1e 100644 --- a/salt/curator/files/action/so-misp-close.yml +++ b/salt/curator/files/action/so-misp-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-misp:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-misp.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-misp-delete.yml b/salt/curator/files/action/so-misp-delete.yml index 7e432c969..f3c3c5932 100644 --- a/salt/curator/files/action/so-misp-delete.yml +++ b/salt/curator/files/action/so-misp-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-misp:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-misp.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-misp-warm.yml b/salt/curator/files/action/so-misp-warm.yml index be0447c7e..5986e1f11 100644 --- a/salt/curator/files/action/so-misp-warm.yml +++ b/salt/curator/files/action/so-misp-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-misp:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-misp.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-netflow-close.yml b/salt/curator/files/action/so-netflow-close.yml index 1069aebb4..2c32d9d32 100644 --- a/salt/curator/files/action/so-netflow-close.yml +++ b/salt/curator/files/action/so-netflow-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-netflow:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-netflow.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-netflow-delete.yml b/salt/curator/files/action/so-netflow-delete.yml index f697daf33..f2cf3aec6 100644 --- a/salt/curator/files/action/so-netflow-delete.yml +++ b/salt/curator/files/action/so-netflow-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netflow:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-netflow.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-netflow-warm.yml b/salt/curator/files/action/so-netflow-warm.yml index 4d0dcf1ff..974629e85 100644 --- a/salt/curator/files/action/so-netflow-warm.yml +++ b/salt/curator/files/action/so-netflow-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netflow:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-netflow.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-netscout-close.yml b/salt/curator/files/action/so-netscout-close.yml index d5ebfe41d..ebc56788f 100644 --- a/salt/curator/files/action/so-netscout-close.yml +++ b/salt/curator/files/action/so-netscout-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-netscout:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-netscout.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-netscout-delete.yml b/salt/curator/files/action/so-netscout-delete.yml index 46ea94c76..3d359e7c6 100644 --- a/salt/curator/files/action/so-netscout-delete.yml +++ b/salt/curator/files/action/so-netscout-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netscout:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-netscout.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-netscout-warm.yml b/salt/curator/files/action/so-netscout-warm.yml index 9b568ca36..76170ddb7 100644 --- a/salt/curator/files/action/so-netscout-warm.yml +++ b/salt/curator/files/action/so-netscout-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netscout:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-netscout.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-o365-close.yml b/salt/curator/files/action/so-o365-close.yml index db0202e07..56ea536d2 100644 --- a/salt/curator/files/action/so-o365-close.yml +++ b/salt/curator/files/action/so-o365-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-o365:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-o365.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-o365-delete.yml b/salt/curator/files/action/so-o365-delete.yml index 350808e3d..9decade30 100644 --- a/salt/curator/files/action/so-o365-delete.yml +++ b/salt/curator/files/action/so-o365-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-o365:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-o365.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-o365-warm.yml b/salt/curator/files/action/so-o365-warm.yml index 60f9b7364..9d06cc41d 100644 --- a/salt/curator/files/action/so-o365-warm.yml +++ b/salt/curator/files/action/so-o365-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-o365:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-o365.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-okta-close.yml b/salt/curator/files/action/so-okta-close.yml index ddbb4852f..40190d55a 100644 --- a/salt/curator/files/action/so-okta-close.yml +++ b/salt/curator/files/action/so-okta-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-okta:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-okta.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-okta-warm.yml b/salt/curator/files/action/so-okta-warm.yml index 31d2bcf41..2b4cae686 100644 --- a/salt/curator/files/action/so-okta-warm.yml +++ b/salt/curator/files/action/so-okta-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-okta:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-okta.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-okta.delete.yml b/salt/curator/files/action/so-okta.delete.yml index 358c387d5..b20cd08ba 100644 --- a/salt/curator/files/action/so-okta.delete.yml +++ b/salt/curator/files/action/so-okta.delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-okta:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-okta.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-osquery-close.yml b/salt/curator/files/action/so-osquery-close.yml index b19f1c26d..94b9bd038 100644 --- a/salt/curator/files/action/so-osquery-close.yml +++ b/salt/curator/files/action/so-osquery-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-osquery:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-osquery.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-osquery-delete.yml b/salt/curator/files/action/so-osquery-delete.yml index 468ab5715..9cac814ea 100644 --- a/salt/curator/files/action/so-osquery-delete.yml +++ b/salt/curator/files/action/so-osquery-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-osquery:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-osquery.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-osquery-warm.yml b/salt/curator/files/action/so-osquery-warm.yml index 24cc30848..ffc9ffbe5 100644 --- a/salt/curator/files/action/so-osquery-warm.yml +++ b/salt/curator/files/action/so-osquery-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-osquery:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-osquery.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-ossec-close.yml b/salt/curator/files/action/so-ossec-close.yml index bd4c3bea0..68bae31bb 100644 --- a/salt/curator/files/action/so-ossec-close.yml +++ b/salt/curator/files/action/so-ossec-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-ossec:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-ossec.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-ossec-delete.yml b/salt/curator/files/action/so-ossec-delete.yml index 4149fd767..9b0570eb3 100644 --- a/salt/curator/files/action/so-ossec-delete.yml +++ b/salt/curator/files/action/so-ossec-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ossec:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-ossec.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-ossec-warm.yml b/salt/curator/files/action/so-ossec-warm.yml index 6913aa06b..f54f7384f 100644 --- a/salt/curator/files/action/so-ossec-warm.yml +++ b/salt/curator/files/action/so-ossec-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ossec:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-ossec.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-proofpoint-close.yml b/salt/curator/files/action/so-proofpoint-close.yml index 89bb191d4..b142db9cf 100644 --- a/salt/curator/files/action/so-proofpoint-close.yml +++ b/salt/curator/files/action/so-proofpoint-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-proofpoint.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-proofpoint-delete.yml b/salt/curator/files/action/so-proofpoint-delete.yml index aad867ddd..33a32df1b 100644 --- a/salt/curator/files/action/so-proofpoint-delete.yml +++ b/salt/curator/files/action/so-proofpoint-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-proofpoint.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-proofpoint-warm.yml b/salt/curator/files/action/so-proofpoint-warm.yml index fd686d728..2ef035564 100644 --- a/salt/curator/files/action/so-proofpoint-warm.yml +++ b/salt/curator/files/action/so-proofpoint-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-proofpoint.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-radware-close.yml b/salt/curator/files/action/so-radware-close.yml index dacd1d369..6d75da94a 100644 --- a/salt/curator/files/action/so-radware-close.yml +++ b/salt/curator/files/action/so-radware-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-radware:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-radware.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-radware-delete.yml b/salt/curator/files/action/so-radware-delete.yml index 5793adbe9..a55a9589c 100644 --- a/salt/curator/files/action/so-radware-delete.yml +++ b/salt/curator/files/action/so-radware-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-radware:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-radware.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-radware-warm.yml b/salt/curator/files/action/so-radware-warm.yml index 29859a96a..cb414cbac 100644 --- a/salt/curator/files/action/so-radware-warm.yml +++ b/salt/curator/files/action/so-radware-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-radware:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-radware.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-redis-close.yml b/salt/curator/files/action/so-redis-close.yml index bca8129fc..bb645a1bf 100644 --- a/salt/curator/files/action/so-redis-close.yml +++ b/salt/curator/files/action/so-redis-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-redis:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-redis.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-redis-delete.yml b/salt/curator/files/action/so-redis-delete.yml index 47af44653..eca656080 100644 --- a/salt/curator/files/action/so-redis-delete.yml +++ b/salt/curator/files/action/so-redis-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-redis:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-redis.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-redis-warm.yml b/salt/curator/files/action/so-redis-warm.yml index 38d0ee577..c4df91472 100644 --- a/salt/curator/files/action/so-redis-warm.yml +++ b/salt/curator/files/action/so-redis-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-redis:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-redis.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-snort-close.yml b/salt/curator/files/action/so-snort-close.yml index 7555db52b..5f1b9ca5b 100644 --- a/salt/curator/files/action/so-snort-close.yml +++ b/salt/curator/files/action/so-snort-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-snort:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-snort.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-snort-delete.yml b/salt/curator/files/action/so-snort-delete.yml index 5c70a08fa..e8996b925 100644 --- a/salt/curator/files/action/so-snort-delete.yml +++ b/salt/curator/files/action/so-snort-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-snort:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-snort.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-snort-warm.yml b/salt/curator/files/action/so-snort-warm.yml index 2c95ad699..83dcc886c 100644 --- a/salt/curator/files/action/so-snort-warm.yml +++ b/salt/curator/files/action/so-snort-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-snort:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-snort.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-snyk-close.yml b/salt/curator/files/action/so-snyk-close.yml index cda27ffcf..6d36d7fa3 100644 --- a/salt/curator/files/action/so-snyk-close.yml +++ b/salt/curator/files/action/so-snyk-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-snyk:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-snyk.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-snyk-delete.yml b/salt/curator/files/action/so-snyk-delete.yml index b3e306bcd..fd6ca2327 100644 --- a/salt/curator/files/action/so-snyk-delete.yml +++ b/salt/curator/files/action/so-snyk-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-snyk:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-snyk.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-snyk-warm.yml b/salt/curator/files/action/so-snyk-warm.yml index 01394605d..481889e7d 100644 --- a/salt/curator/files/action/so-snyk-warm.yml +++ b/salt/curator/files/action/so-snyk-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-snyk:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-snyk.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-sonicwall-close.yml b/salt/curator/files/action/so-sonicwall-close.yml index ad5520607..1d2a3f0cd 100644 --- a/salt/curator/files/action/so-sonicwall-close.yml +++ b/salt/curator/files/action/so-sonicwall-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-sonicwall.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-sonicwall-delete.yml b/salt/curator/files/action/so-sonicwall-delete.yml index efa598bdb..041ef66e0 100644 --- a/salt/curator/files/action/so-sonicwall-delete.yml +++ b/salt/curator/files/action/so-sonicwall-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-sonicwall.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-sonicwall-warm.yml b/salt/curator/files/action/so-sonicwall-warm.yml index 5d9cfbfc4..44e548c02 100644 --- a/salt/curator/files/action/so-sonicwall-warm.yml +++ b/salt/curator/files/action/so-sonicwall-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-sonicwall.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-sophos-close.yml b/salt/curator/files/action/so-sophos-close.yml index 0a4cd9c26..fd1cda641 100644 --- a/salt/curator/files/action/so-sophos-close.yml +++ b/salt/curator/files/action/so-sophos-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-sophos:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-sophos.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-sophos-delete.yml b/salt/curator/files/action/so-sophos-delete.yml index 0bcf922a6..43eceee9a 100644 --- a/salt/curator/files/action/so-sophos-delete.yml +++ b/salt/curator/files/action/so-sophos-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-sophos:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-sophos.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-sophos-warm.yml b/salt/curator/files/action/so-sophos-warm.yml index 50874c8ae..8c427feb1 100644 --- a/salt/curator/files/action/so-sophos-warm.yml +++ b/salt/curator/files/action/so-sophos-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-sophos:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-sophos.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-strelka-close.yml b/salt/curator/files/action/so-strelka-close.yml index 1af30fd6c..77478da98 100644 --- a/salt/curator/files/action/so-strelka-close.yml +++ b/salt/curator/files/action/so-strelka-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-strelka:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-strelka.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-strelka-delete.yml b/salt/curator/files/action/so-strelka-delete.yml index c48a80c92..251e51dd7 100644 --- a/salt/curator/files/action/so-strelka-delete.yml +++ b/salt/curator/files/action/so-strelka-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-strelka:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-strelka.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-strelka-warm.yml b/salt/curator/files/action/so-strelka-warm.yml index 641601e7a..42526b350 100644 --- a/salt/curator/files/action/so-strelka-warm.yml +++ b/salt/curator/files/action/so-strelka-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-strelka:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-strelka.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-syslog-close.yml b/salt/curator/files/action/so-syslog-close.yml index d04a7e1ac..821d384f1 100644 --- a/salt/curator/files/action/so-syslog-close.yml +++ b/salt/curator/files/action/so-syslog-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-syslog:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-syslog.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-syslog-delete.yml b/salt/curator/files/action/so-syslog-delete.yml index 5fa7878c8..00d7a3546 100644 --- a/salt/curator/files/action/so-syslog-delete.yml +++ b/salt/curator/files/action/so-syslog-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-syslog:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-syslog.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-syslog-warm.yml b/salt/curator/files/action/so-syslog-warm.yml index e94a1f118..90572f8e5 100644 --- a/salt/curator/files/action/so-syslog-warm.yml +++ b/salt/curator/files/action/so-syslog-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-syslog:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-syslog.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-tomcat-close.yml b/salt/curator/files/action/so-tomcat-close.yml index ac75659a3..922e35cba 100644 --- a/salt/curator/files/action/so-tomcat-close.yml +++ b/salt/curator/files/action/so-tomcat-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-tomcat.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-tomcat-delete.yml b/salt/curator/files/action/so-tomcat-delete.yml index cf68c0933..45e952424 100644 --- a/salt/curator/files/action/so-tomcat-delete.yml +++ b/salt/curator/files/action/so-tomcat-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-tomcat.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-tomcat-warm.yml b/salt/curator/files/action/so-tomcat-warm.yml index 0b2772d6c..3306e8107 100644 --- a/salt/curator/files/action/so-tomcat-warm.yml +++ b/salt/curator/files/action/so-tomcat-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-tomcat.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-zeek-close.yml b/salt/curator/files/action/so-zeek-close.yml index de18b146b..dcf151961 100644 --- a/salt/curator/files/action/so-zeek-close.yml +++ b/salt/curator/files/action/so-zeek-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-zeek:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-zeek.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-zeek-delete.yml b/salt/curator/files/action/so-zeek-delete.yml index bc902fd5c..799554af3 100644 --- a/salt/curator/files/action/so-zeek-delete.yml +++ b/salt/curator/files/action/so-zeek-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-zeek:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-zeek.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-zeek-warm.yml b/salt/curator/files/action/so-zeek-warm.yml index 490e21c12..244619ba7 100644 --- a/salt/curator/files/action/so-zeek-warm.yml +++ b/salt/curator/files/action/so-zeek-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-zeek:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-zeek.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-zscaler-close.yml b/salt/curator/files/action/so-zscaler-close.yml index ba1d36029..37c59ff18 100644 --- a/salt/curator/files/action/so-zscaler-close.yml +++ b/salt/curator/files/action/so-zscaler-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-zscaler.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-zscaler-delete.yml b/salt/curator/files/action/so-zscaler-delete.yml index fe663ba3a..66fa8337e 100644 --- a/salt/curator/files/action/so-zscaler-delete.yml +++ b/salt/curator/files/action/so-zscaler-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-zscaler.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-zscaler-warm.yml b/salt/curator/files/action/so-zscaler-warm.yml index c5d20b868..cdebe867a 100644 --- a/salt/curator/files/action/so-zscaler-warm.yml +++ b/salt/curator/files/action/so-zscaler-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-zscaler.warm -%} actions: 1: action: allocation diff --git a/salt/curator/init.sls b/salt/curator/init.sls index 7c47c23d4..9671020e5 100644 --- a/salt/curator/init.sls +++ b/salt/curator/init.sls @@ -7,6 +7,7 @@ {% if sls in allowed_states %} {% from 'vars/globals.map.jinja' import GLOBALS %} {% from "curator/map.jinja" import CURATOROPTIONS %} +{% from "curator/map.jinja" import CURATORMERGED %} {% set REMOVECURATORCRON = False %} # Curator @@ -45,6 +46,9 @@ actionconfs: - user: 934 - group: 939 - template: jinja + - defaults: + CURATORMERGED: {{ CURATORMERGED }} + curconf: file.managed: diff --git a/salt/curator/map.jinja b/salt/curator/map.jinja index 1fcebf5ad..f049603d9 100644 --- a/salt/curator/map.jinja +++ b/salt/curator/map.jinja @@ -13,3 +13,6 @@ {% do CURATOROPTIONS.update({'start': True}) %} {% do CURATOROPTIONS.update({'status': 'running'}) %} {% endif %} + +{% import 'curator/defaults.yaml' as CURATORDEFAULTS %} +{% set CURATORMERGED = salt['pillar.get']('elasticsearch:index_settings', CURATORDEFAULTS, merge=true) %} diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 37eab28a0..f1a5a7dd5 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -9,9 +9,9 @@ elasticsearch: disk: threshold_enabled: true watermark: - low: 85% - high: 90% - flood_stage: 95% + low: 80% + high: 85% + flood_stage: 90% network: host: 0.0.0.0 path: From 71eaa715b6b9391d9908325ada81007b5a6b58a3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 21 Oct 2022 11:09:52 -0400 Subject: [PATCH 2/3] update jinja --- salt/curator/files/action/so-aws-close.yml | 2 +- salt/curator/files/action/so-aws-delete.yml | 2 +- salt/curator/files/action/so-aws-warm.yml | 2 +- salt/curator/files/action/so-azure-close.yml | 2 +- salt/curator/files/action/so-azure-delete.yml | 2 +- salt/curator/files/action/so-azure-warm.yml | 2 +- salt/curator/files/action/so-barracuda-close.yml | 2 +- salt/curator/files/action/so-barracuda-delete.yml | 2 +- salt/curator/files/action/so-barracuda-warm.yml | 2 +- salt/curator/files/action/so-beats-close.yml | 2 +- salt/curator/files/action/so-beats-delete.yml | 2 +- salt/curator/files/action/so-beats-warm.yml | 2 +- salt/curator/files/action/so-bluecoat-close.yml | 2 +- salt/curator/files/action/so-bluecoat-delete.yml | 2 +- salt/curator/files/action/so-bluecoat-warm.yml | 2 +- salt/curator/files/action/so-cef-close.yml | 2 +- salt/curator/files/action/so-cef-delete.yml | 2 +- salt/curator/files/action/so-cef-warm.yml | 2 +- salt/curator/files/action/so-checkpoint-close.yml | 2 +- salt/curator/files/action/so-checkpoint-delete.yml | 2 +- salt/curator/files/action/so-checkpoint-warm.yml | 2 +- salt/curator/files/action/so-cisco-close.yml | 2 +- salt/curator/files/action/so-cisco-delete.yml | 2 +- salt/curator/files/action/so-cisco-warm.yml | 2 +- salt/curator/files/action/so-cyberark-close.yml | 2 +- salt/curator/files/action/so-cyberark-delete.yml | 2 +- salt/curator/files/action/so-cyberark-warm.yml | 2 +- salt/curator/files/action/so-cylance-close.yml | 2 +- salt/curator/files/action/so-cylance-delete.yml | 2 +- salt/curator/files/action/so-cylance-warm.yml | 2 +- salt/curator/files/action/so-elasticsearch-close.yml | 2 +- salt/curator/files/action/so-elasticsearch-delete.yml | 2 +- salt/curator/files/action/so-elasticsearch-warm.yml | 2 +- salt/curator/files/action/so-endgame-close.yml | 2 +- salt/curator/files/action/so-endgame-delete.yml | 2 +- salt/curator/files/action/so-endgame-warm.yml | 2 +- salt/curator/files/action/so-f5-close.yml | 2 +- salt/curator/files/action/so-f5-delete.yml | 2 +- salt/curator/files/action/so-f5-warm.yml | 2 +- salt/curator/files/action/so-firewall-close.yml | 2 +- salt/curator/files/action/so-firewall-delete.yml | 2 +- salt/curator/files/action/so-firewall-warm.yml | 2 +- salt/curator/files/action/so-fortinet-close.yml | 2 +- salt/curator/files/action/so-fortinet-delete.yml | 2 +- salt/curator/files/action/so-fortinet-warm.yml | 2 +- salt/curator/files/action/so-gcp-close.yml | 2 +- salt/curator/files/action/so-gcp-delete.yml | 2 +- salt/curator/files/action/so-gcp-warm.yml | 2 +- salt/curator/files/action/so-google_workspace-close.yml | 2 +- salt/curator/files/action/so-google_workspace-delete.yml | 2 +- salt/curator/files/action/so-google_workspace-warm.yml | 2 +- salt/curator/files/action/so-ids-close.yml | 2 +- salt/curator/files/action/so-ids-delete.yml | 2 +- salt/curator/files/action/so-ids-warm.yml | 2 +- salt/curator/files/action/so-imperva-close.yml | 2 +- salt/curator/files/action/so-imperva-delete.yml | 2 +- salt/curator/files/action/so-imperva-warm.yml | 2 +- salt/curator/files/action/so-import-close.yml | 2 +- salt/curator/files/action/so-import-delete.yml | 2 +- salt/curator/files/action/so-import-warm.yml | 2 +- salt/curator/files/action/so-infoblox-close.yml | 2 +- salt/curator/files/action/so-infoblox-delete.yml | 2 +- salt/curator/files/action/so-infoblox-warm.yml | 2 +- salt/curator/files/action/so-juniper-close.yml | 2 +- salt/curator/files/action/so-juniper-delete.yml | 2 +- salt/curator/files/action/so-juniper-warm.yml | 2 +- salt/curator/files/action/so-kibana-close.yml | 2 +- salt/curator/files/action/so-kibana-delete.yml | 2 +- salt/curator/files/action/so-kibana-warm.yml | 2 +- salt/curator/files/action/so-kratos-close.yml | 2 +- salt/curator/files/action/so-kratos-delete.yml | 2 +- salt/curator/files/action/so-kratos-warm.yml | 2 +- salt/curator/files/action/so-logstash-close.yml | 2 +- salt/curator/files/action/so-logstash-delete.yml | 2 +- salt/curator/files/action/so-logstash-warm.yml | 2 +- salt/curator/files/action/so-microsoft-close.yml | 2 +- salt/curator/files/action/so-microsoft-delete.yml | 2 +- salt/curator/files/action/so-microsoft-warm.yml | 2 +- salt/curator/files/action/so-misp-close.yml | 2 +- salt/curator/files/action/so-misp-delete.yml | 2 +- salt/curator/files/action/so-misp-warm.yml | 2 +- salt/curator/files/action/so-netflow-close.yml | 2 +- salt/curator/files/action/so-netflow-delete.yml | 2 +- salt/curator/files/action/so-netflow-warm.yml | 2 +- salt/curator/files/action/so-netscout-close.yml | 2 +- salt/curator/files/action/so-netscout-delete.yml | 2 +- salt/curator/files/action/so-netscout-warm.yml | 2 +- salt/curator/files/action/so-o365-close.yml | 2 +- salt/curator/files/action/so-o365-delete.yml | 2 +- salt/curator/files/action/so-o365-warm.yml | 2 +- salt/curator/files/action/so-okta-close.yml | 2 +- salt/curator/files/action/so-okta-warm.yml | 2 +- salt/curator/files/action/so-okta.delete.yml | 2 +- salt/curator/files/action/so-osquery-close.yml | 2 +- salt/curator/files/action/so-osquery-delete.yml | 2 +- salt/curator/files/action/so-osquery-warm.yml | 2 +- salt/curator/files/action/so-ossec-close.yml | 2 +- salt/curator/files/action/so-ossec-delete.yml | 2 +- salt/curator/files/action/so-ossec-warm.yml | 2 +- salt/curator/files/action/so-proofpoint-close.yml | 2 +- salt/curator/files/action/so-proofpoint-delete.yml | 2 +- salt/curator/files/action/so-proofpoint-warm.yml | 2 +- salt/curator/files/action/so-radware-close.yml | 2 +- salt/curator/files/action/so-radware-delete.yml | 2 +- salt/curator/files/action/so-radware-warm.yml | 2 +- salt/curator/files/action/so-redis-close.yml | 2 +- salt/curator/files/action/so-redis-delete.yml | 2 +- salt/curator/files/action/so-redis-warm.yml | 2 +- salt/curator/files/action/so-snort-close.yml | 2 +- salt/curator/files/action/so-snort-delete.yml | 2 +- salt/curator/files/action/so-snort-warm.yml | 2 +- salt/curator/files/action/so-snyk-close.yml | 2 +- salt/curator/files/action/so-snyk-delete.yml | 2 +- salt/curator/files/action/so-snyk-warm.yml | 2 +- salt/curator/files/action/so-sonicwall-close.yml | 2 +- salt/curator/files/action/so-sonicwall-delete.yml | 2 +- salt/curator/files/action/so-sonicwall-warm.yml | 2 +- salt/curator/files/action/so-sophos-close.yml | 2 +- salt/curator/files/action/so-sophos-delete.yml | 2 +- salt/curator/files/action/so-sophos-warm.yml | 2 +- salt/curator/files/action/so-strelka-close.yml | 2 +- salt/curator/files/action/so-strelka-delete.yml | 2 +- salt/curator/files/action/so-strelka-warm.yml | 2 +- salt/curator/files/action/so-syslog-close.yml | 2 +- salt/curator/files/action/so-syslog-delete.yml | 2 +- salt/curator/files/action/so-syslog-warm.yml | 2 +- salt/curator/files/action/so-tomcat-close.yml | 2 +- salt/curator/files/action/so-tomcat-delete.yml | 2 +- salt/curator/files/action/so-tomcat-warm.yml | 2 +- salt/curator/files/action/so-zeek-close.yml | 2 +- salt/curator/files/action/so-zeek-delete.yml | 2 +- salt/curator/files/action/so-zeek-warm.yml | 2 +- salt/curator/files/action/so-zscaler-close.yml | 2 +- salt/curator/files/action/so-zscaler-delete.yml | 2 +- salt/curator/files/action/so-zscaler-warm.yml | 2 +- salt/curator/map.jinja | 4 ++-- 136 files changed, 137 insertions(+), 137 deletions(-) diff --git a/salt/curator/files/action/so-aws-close.yml b/salt/curator/files/action/so-aws-close.yml index b7f386166..31ea2426b 100644 --- a/salt/curator/files/action/so-aws-close.yml +++ b/salt/curator/files/action/so-aws-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-aws.close -%} +{%- set cur_close_days = CURATORMERGED['so-aws'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-aws-delete.yml b/salt/curator/files/action/so-aws-delete.yml index 880581a3d..fb49fae03 100644 --- a/salt/curator/files/action/so-aws-delete.yml +++ b/salt/curator/files/action/so-aws-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-aws.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-aws'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-aws-warm.yml b/salt/curator/files/action/so-aws-warm.yml index 8f6366697..2d55cdaf3 100644 --- a/salt/curator/files/action/so-aws-warm.yml +++ b/salt/curator/files/action/so-aws-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-aws.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-aws'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-azure-close.yml b/salt/curator/files/action/so-azure-close.yml index eaee00fa7..08bc5e39b 100644 --- a/salt/curator/files/action/so-azure-close.yml +++ b/salt/curator/files/action/so-azure-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-azure.close -%} +{%- set cur_close_days = CURATORMERGED['so-azure'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-azure-delete.yml b/salt/curator/files/action/so-azure-delete.yml index 7027c8d15..49d205b39 100644 --- a/salt/curator/files/action/so-azure-delete.yml +++ b/salt/curator/files/action/so-azure-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-azure.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-azure'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-azure-warm.yml b/salt/curator/files/action/so-azure-warm.yml index 79848d80e..bacc7b49d 100644 --- a/salt/curator/files/action/so-azure-warm.yml +++ b/salt/curator/files/action/so-azure-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-azure.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-azure'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-barracuda-close.yml b/salt/curator/files/action/so-barracuda-close.yml index d4737612e..18aa7a22a 100644 --- a/salt/curator/files/action/so-barracuda-close.yml +++ b/salt/curator/files/action/so-barracuda-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-barracuda.close -%} +{%- set cur_close_days = CURATORMERGED['so-barracuda'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-barracuda-delete.yml b/salt/curator/files/action/so-barracuda-delete.yml index e7db59766..1c88b20e7 100644 --- a/salt/curator/files/action/so-barracuda-delete.yml +++ b/salt/curator/files/action/so-barracuda-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-barracuda.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-barracuda'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-barracuda-warm.yml b/salt/curator/files/action/so-barracuda-warm.yml index ebb4f943d..1ff20c16c 100644 --- a/salt/curator/files/action/so-barracuda-warm.yml +++ b/salt/curator/files/action/so-barracuda-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-barracuda.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-barracuda'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-beats-close.yml b/salt/curator/files/action/so-beats-close.yml index 37bd2f762..bf54bc1ef 100644 --- a/salt/curator/files/action/so-beats-close.yml +++ b/salt/curator/files/action/so-beats-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-beats.close -%} +{%- set cur_close_days = CURATORMERGED['so-beats'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-beats-delete.yml b/salt/curator/files/action/so-beats-delete.yml index deb861f05..86cb6d3da 100644 --- a/salt/curator/files/action/so-beats-delete.yml +++ b/salt/curator/files/action/so-beats-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-beats.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-beats'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-beats-warm.yml b/salt/curator/files/action/so-beats-warm.yml index 365a0a03b..2f3f519d5 100644 --- a/salt/curator/files/action/so-beats-warm.yml +++ b/salt/curator/files/action/so-beats-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-beats.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-beats'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-bluecoat-close.yml b/salt/curator/files/action/so-bluecoat-close.yml index ab96964f0..10901e426 100644 --- a/salt/curator/files/action/so-bluecoat-close.yml +++ b/salt/curator/files/action/so-bluecoat-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-bluecoat.close -%} +{%- set cur_close_days = CURATORMERGED['so-bluecoat'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-bluecoat-delete.yml b/salt/curator/files/action/so-bluecoat-delete.yml index 8a496afe4..b8641b4bd 100644 --- a/salt/curator/files/action/so-bluecoat-delete.yml +++ b/salt/curator/files/action/so-bluecoat-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-bluecoat.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-bluecoat'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-bluecoat-warm.yml b/salt/curator/files/action/so-bluecoat-warm.yml index 03966b053..b5552e0c2 100644 --- a/salt/curator/files/action/so-bluecoat-warm.yml +++ b/salt/curator/files/action/so-bluecoat-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-bluecoat.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-bluecoat'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-cef-close.yml b/salt/curator/files/action/so-cef-close.yml index 093de32d2..91ae740ff 100644 --- a/salt/curator/files/action/so-cef-close.yml +++ b/salt/curator/files/action/so-cef-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-cef.close -%} +{%- set cur_close_days = CURATORMERGED['so-cef'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-cef-delete.yml b/salt/curator/files/action/so-cef-delete.yml index 372015d23..e2c23381d 100644 --- a/salt/curator/files/action/so-cef-delete.yml +++ b/salt/curator/files/action/so-cef-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cef.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-cef'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-cef-warm.yml b/salt/curator/files/action/so-cef-warm.yml index 39ba1d574..a99209dfc 100644 --- a/salt/curator/files/action/so-cef-warm.yml +++ b/salt/curator/files/action/so-cef-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cef.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-cef'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-checkpoint-close.yml b/salt/curator/files/action/so-checkpoint-close.yml index a894bcbb5..1fed22538 100644 --- a/salt/curator/files/action/so-checkpoint-close.yml +++ b/salt/curator/files/action/so-checkpoint-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-checkpoint.close -%} +{%- set cur_close_days = CURATORMERGED['so-checkpoint'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-checkpoint-delete.yml b/salt/curator/files/action/so-checkpoint-delete.yml index ebfcec86b..6e2b84bc9 100644 --- a/salt/curator/files/action/so-checkpoint-delete.yml +++ b/salt/curator/files/action/so-checkpoint-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-checkpoint.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-checkpoint'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-checkpoint-warm.yml b/salt/curator/files/action/so-checkpoint-warm.yml index 73a012d99..9c2034781 100644 --- a/salt/curator/files/action/so-checkpoint-warm.yml +++ b/salt/curator/files/action/so-checkpoint-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-checkpoint.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-checkpoint'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-cisco-close.yml b/salt/curator/files/action/so-cisco-close.yml index 06b6d9f4b..fe1af6fdc 100644 --- a/salt/curator/files/action/so-cisco-close.yml +++ b/salt/curator/files/action/so-cisco-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-cisco.close -%} +{%- set cur_close_days = CURATORMERGED['so-cisco'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-cisco-delete.yml b/salt/curator/files/action/so-cisco-delete.yml index f057a1de0..d9dc8e0aa 100644 --- a/salt/curator/files/action/so-cisco-delete.yml +++ b/salt/curator/files/action/so-cisco-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cisco.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-cisco'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-cisco-warm.yml b/salt/curator/files/action/so-cisco-warm.yml index 9ca5812ad..65dc9c8b9 100644 --- a/salt/curator/files/action/so-cisco-warm.yml +++ b/salt/curator/files/action/so-cisco-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cisco.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-cisco'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-cyberark-close.yml b/salt/curator/files/action/so-cyberark-close.yml index 56a769682..19e670a72 100644 --- a/salt/curator/files/action/so-cyberark-close.yml +++ b/salt/curator/files/action/so-cyberark-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-cyberark.close -%} +{%- set cur_close_days = CURATORMERGED['so-cyberark'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-cyberark-delete.yml b/salt/curator/files/action/so-cyberark-delete.yml index 51256ce58..626432c86 100644 --- a/salt/curator/files/action/so-cyberark-delete.yml +++ b/salt/curator/files/action/so-cyberark-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cyberark.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-cyberark'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-cyberark-warm.yml b/salt/curator/files/action/so-cyberark-warm.yml index 14fa3dff6..388533af2 100644 --- a/salt/curator/files/action/so-cyberark-warm.yml +++ b/salt/curator/files/action/so-cyberark-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cyberark.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-cyberark'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-cylance-close.yml b/salt/curator/files/action/so-cylance-close.yml index 2368d37d7..d4f40caf6 100644 --- a/salt/curator/files/action/so-cylance-close.yml +++ b/salt/curator/files/action/so-cylance-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-cylance.close -%} +{%- set cur_close_days = CURATORMERGED['so-cylance'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-cylance-delete.yml b/salt/curator/files/action/so-cylance-delete.yml index 0676057d5..d8b1a5be0 100644 --- a/salt/curator/files/action/so-cylance-delete.yml +++ b/salt/curator/files/action/so-cylance-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cylance.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-cylance'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-cylance-warm.yml b/salt/curator/files/action/so-cylance-warm.yml index 6a0f7ca65..c15639e88 100644 --- a/salt/curator/files/action/so-cylance-warm.yml +++ b/salt/curator/files/action/so-cylance-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cylance.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-cylance'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-elasticsearch-close.yml b/salt/curator/files/action/so-elasticsearch-close.yml index 25e6f0d10..7bf496d4d 100644 --- a/salt/curator/files/action/so-elasticsearch-close.yml +++ b/salt/curator/files/action/so-elasticsearch-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-elasticsearch.close -%} +{%- set cur_close_days = CURATORMERGED['so-elasticsearch'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-elasticsearch-delete.yml b/salt/curator/files/action/so-elasticsearch-delete.yml index 17ac1c77b..e61ae4aa0 100644 --- a/salt/curator/files/action/so-elasticsearch-delete.yml +++ b/salt/curator/files/action/so-elasticsearch-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-elasticsearch.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-elasticsearch'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-elasticsearch-warm.yml b/salt/curator/files/action/so-elasticsearch-warm.yml index 3d3f3cfa6..8b1eb45b8 100644 --- a/salt/curator/files/action/so-elasticsearch-warm.yml +++ b/salt/curator/files/action/so-elasticsearch-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-elasticsearch.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-elasticsearch'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-endgame-close.yml b/salt/curator/files/action/so-endgame-close.yml index a748838bf..fd77ac69e 100644 --- a/salt/curator/files/action/so-endgame-close.yml +++ b/salt/curator/files/action/so-endgame-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-endgame.close -%} +{%- set cur_close_days = CURATORMERGED['so-endgame'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-endgame-delete.yml b/salt/curator/files/action/so-endgame-delete.yml index efd43fc86..d7ec48ccf 100644 --- a/salt/curator/files/action/so-endgame-delete.yml +++ b/salt/curator/files/action/so-endgame-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-endgame.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-endgame'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-endgame-warm.yml b/salt/curator/files/action/so-endgame-warm.yml index f90fcacea..498b15a11 100644 --- a/salt/curator/files/action/so-endgame-warm.yml +++ b/salt/curator/files/action/so-endgame-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-endgame.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-endgame'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-f5-close.yml b/salt/curator/files/action/so-f5-close.yml index ed9d2025d..b87cd5c90 100644 --- a/salt/curator/files/action/so-f5-close.yml +++ b/salt/curator/files/action/so-f5-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-f5.close -%} +{%- set cur_close_days = CURATORMERGED['so-f5'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-f5-delete.yml b/salt/curator/files/action/so-f5-delete.yml index 0679a50bb..e1dbea0bf 100644 --- a/salt/curator/files/action/so-f5-delete.yml +++ b/salt/curator/files/action/so-f5-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-f5.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-f5'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-f5-warm.yml b/salt/curator/files/action/so-f5-warm.yml index 51f430b88..a60f9259c 100644 --- a/salt/curator/files/action/so-f5-warm.yml +++ b/salt/curator/files/action/so-f5-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-f5.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-f5'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-firewall-close.yml b/salt/curator/files/action/so-firewall-close.yml index f153e0547..80385c50b 100644 --- a/salt/curator/files/action/so-firewall-close.yml +++ b/salt/curator/files/action/so-firewall-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-firewall.close -%} +{%- set cur_close_days = CURATORMERGED['so-firewall'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-firewall-delete.yml b/salt/curator/files/action/so-firewall-delete.yml index 99046c6fe..5998f5c5c 100644 --- a/salt/curator/files/action/so-firewall-delete.yml +++ b/salt/curator/files/action/so-firewall-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-firewall.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-firewall'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-firewall-warm.yml b/salt/curator/files/action/so-firewall-warm.yml index e68067d8a..afd22c3d6 100644 --- a/salt/curator/files/action/so-firewall-warm.yml +++ b/salt/curator/files/action/so-firewall-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-firewall.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-firewall'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-fortinet-close.yml b/salt/curator/files/action/so-fortinet-close.yml index e001efc6d..046409e3d 100644 --- a/salt/curator/files/action/so-fortinet-close.yml +++ b/salt/curator/files/action/so-fortinet-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-fortinet.close -%} +{%- set cur_close_days = CURATORMERGED['so-fortinet'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-fortinet-delete.yml b/salt/curator/files/action/so-fortinet-delete.yml index 1299baf89..b8b17b594 100644 --- a/salt/curator/files/action/so-fortinet-delete.yml +++ b/salt/curator/files/action/so-fortinet-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-fortinet.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-fortinet'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-fortinet-warm.yml b/salt/curator/files/action/so-fortinet-warm.yml index b419c073c..9f5ccab17 100644 --- a/salt/curator/files/action/so-fortinet-warm.yml +++ b/salt/curator/files/action/so-fortinet-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-fortinet.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-fortinet'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-gcp-close.yml b/salt/curator/files/action/so-gcp-close.yml index 1dbd29d5c..f28070509 100644 --- a/salt/curator/files/action/so-gcp-close.yml +++ b/salt/curator/files/action/so-gcp-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-gcp.close -%} +{%- set cur_close_days = CURATORMERGED['so-gcp'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-gcp-delete.yml b/salt/curator/files/action/so-gcp-delete.yml index 4486161a4..ab34fd0f7 100644 --- a/salt/curator/files/action/so-gcp-delete.yml +++ b/salt/curator/files/action/so-gcp-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-gcp.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-gcp'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-gcp-warm.yml b/salt/curator/files/action/so-gcp-warm.yml index cf76c3ec6..187c9aaa8 100644 --- a/salt/curator/files/action/so-gcp-warm.yml +++ b/salt/curator/files/action/so-gcp-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-gcp.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-gcp'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-google_workspace-close.yml b/salt/curator/files/action/so-google_workspace-close.yml index 0de4162ab..76d942a9e 100644 --- a/salt/curator/files/action/so-google_workspace-close.yml +++ b/salt/curator/files/action/so-google_workspace-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-google_workspace.close -%} +{%- set cur_close_days = CURATORMERGED['so-google_workspace'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-google_workspace-delete.yml b/salt/curator/files/action/so-google_workspace-delete.yml index 6ab479909..18d3826c2 100644 --- a/salt/curator/files/action/so-google_workspace-delete.yml +++ b/salt/curator/files/action/so-google_workspace-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-google_workspace.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-google_workspace'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-google_workspace-warm.yml b/salt/curator/files/action/so-google_workspace-warm.yml index 535095275..777f21184 100644 --- a/salt/curator/files/action/so-google_workspace-warm.yml +++ b/salt/curator/files/action/so-google_workspace-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-google_workspace.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-google_workspace'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-ids-close.yml b/salt/curator/files/action/so-ids-close.yml index de1e601b9..d9c153b4b 100644 --- a/salt/curator/files/action/so-ids-close.yml +++ b/salt/curator/files/action/so-ids-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-ids.close -%} +{%- set cur_close_days = CURATORMERGED['so-ids'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-ids-delete.yml b/salt/curator/files/action/so-ids-delete.yml index 75419b365..08afd47ba 100644 --- a/salt/curator/files/action/so-ids-delete.yml +++ b/salt/curator/files/action/so-ids-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-ids.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-ids'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-ids-warm.yml b/salt/curator/files/action/so-ids-warm.yml index c079b1932..7467b7734 100644 --- a/salt/curator/files/action/so-ids-warm.yml +++ b/salt/curator/files/action/so-ids-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-ids.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-ids'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-imperva-close.yml b/salt/curator/files/action/so-imperva-close.yml index c219abc0b..38f0fcecb 100644 --- a/salt/curator/files/action/so-imperva-close.yml +++ b/salt/curator/files/action/so-imperva-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-imperva.close -%} +{%- set cur_close_days = CURATORMERGED['so-imperva'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-imperva-delete.yml b/salt/curator/files/action/so-imperva-delete.yml index 82307b7ca..394581d8c 100644 --- a/salt/curator/files/action/so-imperva-delete.yml +++ b/salt/curator/files/action/so-imperva-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-imperva.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-imperva'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-imperva-warm.yml b/salt/curator/files/action/so-imperva-warm.yml index 5586abac8..04ba6c37b 100644 --- a/salt/curator/files/action/so-imperva-warm.yml +++ b/salt/curator/files/action/so-imperva-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-imperva.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-imperva'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-import-close.yml b/salt/curator/files/action/so-import-close.yml index d6c4d768c..ed53a2d0d 100644 --- a/salt/curator/files/action/so-import-close.yml +++ b/salt/curator/files/action/so-import-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-import.close -%} +{%- set cur_close_days = CURATORMERGED['so-import'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-import-delete.yml b/salt/curator/files/action/so-import-delete.yml index 7be96b2d4..ac477b8a6 100644 --- a/salt/curator/files/action/so-import-delete.yml +++ b/salt/curator/files/action/so-import-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-import.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-import'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-import-warm.yml b/salt/curator/files/action/so-import-warm.yml index 4d17d1811..3eed3735d 100644 --- a/salt/curator/files/action/so-import-warm.yml +++ b/salt/curator/files/action/so-import-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-import.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-import'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-infoblox-close.yml b/salt/curator/files/action/so-infoblox-close.yml index d5a68bedc..e96e971cb 100644 --- a/salt/curator/files/action/so-infoblox-close.yml +++ b/salt/curator/files/action/so-infoblox-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-infoblox.close -%} +{%- set cur_close_days = CURATORMERGED['so-infoblox'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-infoblox-delete.yml b/salt/curator/files/action/so-infoblox-delete.yml index 2d9064c9b..479e0affb 100644 --- a/salt/curator/files/action/so-infoblox-delete.yml +++ b/salt/curator/files/action/so-infoblox-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-infoblox.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-infoblox'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-infoblox-warm.yml b/salt/curator/files/action/so-infoblox-warm.yml index 86b2e0c52..3e500a78b 100644 --- a/salt/curator/files/action/so-infoblox-warm.yml +++ b/salt/curator/files/action/so-infoblox-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-infoblox.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-infoblox'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-juniper-close.yml b/salt/curator/files/action/so-juniper-close.yml index 268982cd5..ce1162d8d 100644 --- a/salt/curator/files/action/so-juniper-close.yml +++ b/salt/curator/files/action/so-juniper-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-juniper.close -%} +{%- set cur_close_days = CURATORMERGED['so-juniper'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-juniper-delete.yml b/salt/curator/files/action/so-juniper-delete.yml index 0f00e0fd1..5c9854c48 100644 --- a/salt/curator/files/action/so-juniper-delete.yml +++ b/salt/curator/files/action/so-juniper-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-juniper.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-juniper'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-juniper-warm.yml b/salt/curator/files/action/so-juniper-warm.yml index 8f6366697..2d55cdaf3 100644 --- a/salt/curator/files/action/so-juniper-warm.yml +++ b/salt/curator/files/action/so-juniper-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-aws.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-aws'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-kibana-close.yml b/salt/curator/files/action/so-kibana-close.yml index 04b4fbf66..853a09630 100644 --- a/salt/curator/files/action/so-kibana-close.yml +++ b/salt/curator/files/action/so-kibana-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-kibana.close -%} +{%- set cur_close_days = CURATORMERGED['so-kibana'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-kibana-delete.yml b/salt/curator/files/action/so-kibana-delete.yml index 661932445..fe9ab6a26 100644 --- a/salt/curator/files/action/so-kibana-delete.yml +++ b/salt/curator/files/action/so-kibana-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-kibana.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-kibana'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-kibana-warm.yml b/salt/curator/files/action/so-kibana-warm.yml index e224fe5b1..db0de8511 100644 --- a/salt/curator/files/action/so-kibana-warm.yml +++ b/salt/curator/files/action/so-kibana-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-kibana.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-kibana'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-kratos-close.yml b/salt/curator/files/action/so-kratos-close.yml index 161184416..c58662b6f 100644 --- a/salt/curator/files/action/so-kratos-close.yml +++ b/salt/curator/files/action/so-kratos-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-kratos.close -%} +{%- set cur_close_days = CURATORMERGED['so-kratos'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-kratos-delete.yml b/salt/curator/files/action/so-kratos-delete.yml index 96153e194..04a8a90d5 100644 --- a/salt/curator/files/action/so-kratos-delete.yml +++ b/salt/curator/files/action/so-kratos-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-kratos.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-kratos'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-kratos-warm.yml b/salt/curator/files/action/so-kratos-warm.yml index 360cc1b7f..e6b826716 100644 --- a/salt/curator/files/action/so-kratos-warm.yml +++ b/salt/curator/files/action/so-kratos-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-kratos.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-kratos'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-logstash-close.yml b/salt/curator/files/action/so-logstash-close.yml index 157053e71..ef8c0a0cc 100644 --- a/salt/curator/files/action/so-logstash-close.yml +++ b/salt/curator/files/action/so-logstash-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-logstash.close -%} +{%- set cur_close_days = CURATORMERGED['so-logstash'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-logstash-delete.yml b/salt/curator/files/action/so-logstash-delete.yml index ef3934e0f..5b8cf9047 100644 --- a/salt/curator/files/action/so-logstash-delete.yml +++ b/salt/curator/files/action/so-logstash-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-logstash.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-logstash'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-logstash-warm.yml b/salt/curator/files/action/so-logstash-warm.yml index 141cf70ed..71179db54 100644 --- a/salt/curator/files/action/so-logstash-warm.yml +++ b/salt/curator/files/action/so-logstash-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-logstash.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-logstash'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-microsoft-close.yml b/salt/curator/files/action/so-microsoft-close.yml index 77bd0492d..e8b02e13e 100644 --- a/salt/curator/files/action/so-microsoft-close.yml +++ b/salt/curator/files/action/so-microsoft-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-microsoft.close -%} +{%- set cur_close_days = CURATORMERGED['so-microsoft'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-microsoft-delete.yml b/salt/curator/files/action/so-microsoft-delete.yml index ccea10afd..d344579d2 100644 --- a/salt/curator/files/action/so-microsoft-delete.yml +++ b/salt/curator/files/action/so-microsoft-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-microsoft.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-microsoft'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-microsoft-warm.yml b/salt/curator/files/action/so-microsoft-warm.yml index 76cd09f1e..8bdd0b372 100644 --- a/salt/curator/files/action/so-microsoft-warm.yml +++ b/salt/curator/files/action/so-microsoft-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-microsoft.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-microsoft'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-misp-close.yml b/salt/curator/files/action/so-misp-close.yml index 396f10b1e..86a9ec694 100644 --- a/salt/curator/files/action/so-misp-close.yml +++ b/salt/curator/files/action/so-misp-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-misp.close -%} +{%- set cur_close_days = CURATORMERGED['so-misp'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-misp-delete.yml b/salt/curator/files/action/so-misp-delete.yml index f3c3c5932..884b526a7 100644 --- a/salt/curator/files/action/so-misp-delete.yml +++ b/salt/curator/files/action/so-misp-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-misp.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-misp'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-misp-warm.yml b/salt/curator/files/action/so-misp-warm.yml index 5986e1f11..e95ebc0a1 100644 --- a/salt/curator/files/action/so-misp-warm.yml +++ b/salt/curator/files/action/so-misp-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-misp.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-misp'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-netflow-close.yml b/salt/curator/files/action/so-netflow-close.yml index 2c32d9d32..93eddfdfe 100644 --- a/salt/curator/files/action/so-netflow-close.yml +++ b/salt/curator/files/action/so-netflow-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-netflow.close -%} +{%- set cur_close_days = CURATORMERGED['so-netflow'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-netflow-delete.yml b/salt/curator/files/action/so-netflow-delete.yml index f2cf3aec6..36eff999c 100644 --- a/salt/curator/files/action/so-netflow-delete.yml +++ b/salt/curator/files/action/so-netflow-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-netflow.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-netflow'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-netflow-warm.yml b/salt/curator/files/action/so-netflow-warm.yml index 974629e85..84bbd3566 100644 --- a/salt/curator/files/action/so-netflow-warm.yml +++ b/salt/curator/files/action/so-netflow-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-netflow.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-netflow'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-netscout-close.yml b/salt/curator/files/action/so-netscout-close.yml index ebc56788f..c41842fab 100644 --- a/salt/curator/files/action/so-netscout-close.yml +++ b/salt/curator/files/action/so-netscout-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-netscout.close -%} +{%- set cur_close_days = CURATORMERGED['so-netscout'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-netscout-delete.yml b/salt/curator/files/action/so-netscout-delete.yml index 3d359e7c6..07508454e 100644 --- a/salt/curator/files/action/so-netscout-delete.yml +++ b/salt/curator/files/action/so-netscout-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-netscout.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-netscout'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-netscout-warm.yml b/salt/curator/files/action/so-netscout-warm.yml index 76170ddb7..cc086d5d1 100644 --- a/salt/curator/files/action/so-netscout-warm.yml +++ b/salt/curator/files/action/so-netscout-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-netscout.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-netscout'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-o365-close.yml b/salt/curator/files/action/so-o365-close.yml index 56ea536d2..d4f87e6d8 100644 --- a/salt/curator/files/action/so-o365-close.yml +++ b/salt/curator/files/action/so-o365-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-o365.close -%} +{%- set cur_close_days = CURATORMERGED['so-o365'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-o365-delete.yml b/salt/curator/files/action/so-o365-delete.yml index 9decade30..b258b42c8 100644 --- a/salt/curator/files/action/so-o365-delete.yml +++ b/salt/curator/files/action/so-o365-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-o365.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-o365'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-o365-warm.yml b/salt/curator/files/action/so-o365-warm.yml index 9d06cc41d..e008d9267 100644 --- a/salt/curator/files/action/so-o365-warm.yml +++ b/salt/curator/files/action/so-o365-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-o365.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-o365'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-okta-close.yml b/salt/curator/files/action/so-okta-close.yml index 40190d55a..58d18764c 100644 --- a/salt/curator/files/action/so-okta-close.yml +++ b/salt/curator/files/action/so-okta-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-okta.close -%} +{%- set cur_close_days = CURATORMERGED['so-okta'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-okta-warm.yml b/salt/curator/files/action/so-okta-warm.yml index 2b4cae686..07569f147 100644 --- a/salt/curator/files/action/so-okta-warm.yml +++ b/salt/curator/files/action/so-okta-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-okta.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-okta'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-okta.delete.yml b/salt/curator/files/action/so-okta.delete.yml index b20cd08ba..5ba196d11 100644 --- a/salt/curator/files/action/so-okta.delete.yml +++ b/salt/curator/files/action/so-okta.delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-okta.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-okta'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-osquery-close.yml b/salt/curator/files/action/so-osquery-close.yml index 94b9bd038..a5576088f 100644 --- a/salt/curator/files/action/so-osquery-close.yml +++ b/salt/curator/files/action/so-osquery-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-osquery.close -%} +{%- set cur_close_days = CURATORMERGED['so-osquery'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-osquery-delete.yml b/salt/curator/files/action/so-osquery-delete.yml index 9cac814ea..48294a6e6 100644 --- a/salt/curator/files/action/so-osquery-delete.yml +++ b/salt/curator/files/action/so-osquery-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-osquery.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-osquery'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-osquery-warm.yml b/salt/curator/files/action/so-osquery-warm.yml index ffc9ffbe5..57ed61f74 100644 --- a/salt/curator/files/action/so-osquery-warm.yml +++ b/salt/curator/files/action/so-osquery-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-osquery.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-osquery'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-ossec-close.yml b/salt/curator/files/action/so-ossec-close.yml index 68bae31bb..0ec8f1969 100644 --- a/salt/curator/files/action/so-ossec-close.yml +++ b/salt/curator/files/action/so-ossec-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-ossec.close -%} +{%- set cur_close_days = CURATORMERGED['so-ossec'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-ossec-delete.yml b/salt/curator/files/action/so-ossec-delete.yml index 9b0570eb3..2d6992128 100644 --- a/salt/curator/files/action/so-ossec-delete.yml +++ b/salt/curator/files/action/so-ossec-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-ossec.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-ossec'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-ossec-warm.yml b/salt/curator/files/action/so-ossec-warm.yml index f54f7384f..a27ee4154 100644 --- a/salt/curator/files/action/so-ossec-warm.yml +++ b/salt/curator/files/action/so-ossec-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-ossec.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-ossec'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-proofpoint-close.yml b/salt/curator/files/action/so-proofpoint-close.yml index b142db9cf..8ce599021 100644 --- a/salt/curator/files/action/so-proofpoint-close.yml +++ b/salt/curator/files/action/so-proofpoint-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-proofpoint.close -%} +{%- set cur_close_days = CURATORMERGED['so-proofpoint'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-proofpoint-delete.yml b/salt/curator/files/action/so-proofpoint-delete.yml index 33a32df1b..39bd6014e 100644 --- a/salt/curator/files/action/so-proofpoint-delete.yml +++ b/salt/curator/files/action/so-proofpoint-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-proofpoint.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-proofpoint'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-proofpoint-warm.yml b/salt/curator/files/action/so-proofpoint-warm.yml index 2ef035564..cab9b603b 100644 --- a/salt/curator/files/action/so-proofpoint-warm.yml +++ b/salt/curator/files/action/so-proofpoint-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-proofpoint.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-proofpoint'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-radware-close.yml b/salt/curator/files/action/so-radware-close.yml index 6d75da94a..f9e1d657e 100644 --- a/salt/curator/files/action/so-radware-close.yml +++ b/salt/curator/files/action/so-radware-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-radware.close -%} +{%- set cur_close_days = CURATORMERGED['so-radware'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-radware-delete.yml b/salt/curator/files/action/so-radware-delete.yml index a55a9589c..7126d7b42 100644 --- a/salt/curator/files/action/so-radware-delete.yml +++ b/salt/curator/files/action/so-radware-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-radware.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-radware'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-radware-warm.yml b/salt/curator/files/action/so-radware-warm.yml index cb414cbac..591b0f565 100644 --- a/salt/curator/files/action/so-radware-warm.yml +++ b/salt/curator/files/action/so-radware-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-radware.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-radware'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-redis-close.yml b/salt/curator/files/action/so-redis-close.yml index bb645a1bf..28fccb7f3 100644 --- a/salt/curator/files/action/so-redis-close.yml +++ b/salt/curator/files/action/so-redis-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-redis.close -%} +{%- set cur_close_days = CURATORMERGED['so-redis'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-redis-delete.yml b/salt/curator/files/action/so-redis-delete.yml index eca656080..6dc8d6823 100644 --- a/salt/curator/files/action/so-redis-delete.yml +++ b/salt/curator/files/action/so-redis-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-redis.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-redis'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-redis-warm.yml b/salt/curator/files/action/so-redis-warm.yml index c4df91472..429462a81 100644 --- a/salt/curator/files/action/so-redis-warm.yml +++ b/salt/curator/files/action/so-redis-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-redis.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-redis'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-snort-close.yml b/salt/curator/files/action/so-snort-close.yml index 5f1b9ca5b..a2487637e 100644 --- a/salt/curator/files/action/so-snort-close.yml +++ b/salt/curator/files/action/so-snort-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-snort.close -%} +{%- set cur_close_days = CURATORMERGED['so-snort'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-snort-delete.yml b/salt/curator/files/action/so-snort-delete.yml index e8996b925..2c56b19bf 100644 --- a/salt/curator/files/action/so-snort-delete.yml +++ b/salt/curator/files/action/so-snort-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-snort.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-snort'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-snort-warm.yml b/salt/curator/files/action/so-snort-warm.yml index 83dcc886c..506d3a4d3 100644 --- a/salt/curator/files/action/so-snort-warm.yml +++ b/salt/curator/files/action/so-snort-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-snort.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-snort'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-snyk-close.yml b/salt/curator/files/action/so-snyk-close.yml index 6d36d7fa3..9802077bb 100644 --- a/salt/curator/files/action/so-snyk-close.yml +++ b/salt/curator/files/action/so-snyk-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-snyk.close -%} +{%- set cur_close_days = CURATORMERGED['so-snyk'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-snyk-delete.yml b/salt/curator/files/action/so-snyk-delete.yml index fd6ca2327..5dc00a7fa 100644 --- a/salt/curator/files/action/so-snyk-delete.yml +++ b/salt/curator/files/action/so-snyk-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-snyk.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-snyk'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-snyk-warm.yml b/salt/curator/files/action/so-snyk-warm.yml index 481889e7d..598d72d6a 100644 --- a/salt/curator/files/action/so-snyk-warm.yml +++ b/salt/curator/files/action/so-snyk-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-snyk.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-snyk'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-sonicwall-close.yml b/salt/curator/files/action/so-sonicwall-close.yml index 1d2a3f0cd..7a96385df 100644 --- a/salt/curator/files/action/so-sonicwall-close.yml +++ b/salt/curator/files/action/so-sonicwall-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-sonicwall.close -%} +{%- set cur_close_days = CURATORMERGED['so-sonicwall'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-sonicwall-delete.yml b/salt/curator/files/action/so-sonicwall-delete.yml index 041ef66e0..bcd6b6984 100644 --- a/salt/curator/files/action/so-sonicwall-delete.yml +++ b/salt/curator/files/action/so-sonicwall-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-sonicwall.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-sonicwall'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-sonicwall-warm.yml b/salt/curator/files/action/so-sonicwall-warm.yml index 44e548c02..03e1fe565 100644 --- a/salt/curator/files/action/so-sonicwall-warm.yml +++ b/salt/curator/files/action/so-sonicwall-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-sonicwall.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-sonicwall'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-sophos-close.yml b/salt/curator/files/action/so-sophos-close.yml index fd1cda641..b23c5c78e 100644 --- a/salt/curator/files/action/so-sophos-close.yml +++ b/salt/curator/files/action/so-sophos-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-sophos.close -%} +{%- set cur_close_days = CURATORMERGED['so-sophos'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-sophos-delete.yml b/salt/curator/files/action/so-sophos-delete.yml index 43eceee9a..38c8270b8 100644 --- a/salt/curator/files/action/so-sophos-delete.yml +++ b/salt/curator/files/action/so-sophos-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-sophos.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-sophos'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-sophos-warm.yml b/salt/curator/files/action/so-sophos-warm.yml index 8c427feb1..b88fd3cef 100644 --- a/salt/curator/files/action/so-sophos-warm.yml +++ b/salt/curator/files/action/so-sophos-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-sophos.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-sophos'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-strelka-close.yml b/salt/curator/files/action/so-strelka-close.yml index 77478da98..b31eb2c9c 100644 --- a/salt/curator/files/action/so-strelka-close.yml +++ b/salt/curator/files/action/so-strelka-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-strelka.close -%} +{%- set cur_close_days = CURATORMERGED['so-strelka'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-strelka-delete.yml b/salt/curator/files/action/so-strelka-delete.yml index 251e51dd7..d7365c9b4 100644 --- a/salt/curator/files/action/so-strelka-delete.yml +++ b/salt/curator/files/action/so-strelka-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-strelka.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-strelka'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-strelka-warm.yml b/salt/curator/files/action/so-strelka-warm.yml index 42526b350..9cc40c114 100644 --- a/salt/curator/files/action/so-strelka-warm.yml +++ b/salt/curator/files/action/so-strelka-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-strelka.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-strelka'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-syslog-close.yml b/salt/curator/files/action/so-syslog-close.yml index 821d384f1..958cd8152 100644 --- a/salt/curator/files/action/so-syslog-close.yml +++ b/salt/curator/files/action/so-syslog-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-syslog.close -%} +{%- set cur_close_days = CURATORMERGED['so-syslog'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-syslog-delete.yml b/salt/curator/files/action/so-syslog-delete.yml index 00d7a3546..a7b03e2d4 100644 --- a/salt/curator/files/action/so-syslog-delete.yml +++ b/salt/curator/files/action/so-syslog-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-syslog.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-syslog'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-syslog-warm.yml b/salt/curator/files/action/so-syslog-warm.yml index 90572f8e5..72eb1d535 100644 --- a/salt/curator/files/action/so-syslog-warm.yml +++ b/salt/curator/files/action/so-syslog-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-syslog.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-syslog'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-tomcat-close.yml b/salt/curator/files/action/so-tomcat-close.yml index 922e35cba..e42b3180c 100644 --- a/salt/curator/files/action/so-tomcat-close.yml +++ b/salt/curator/files/action/so-tomcat-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-tomcat.close -%} +{%- set cur_close_days = CURATORMERGED['so-tomcat'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-tomcat-delete.yml b/salt/curator/files/action/so-tomcat-delete.yml index 45e952424..e2fd1b1c0 100644 --- a/salt/curator/files/action/so-tomcat-delete.yml +++ b/salt/curator/files/action/so-tomcat-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-tomcat.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-tomcat'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-tomcat-warm.yml b/salt/curator/files/action/so-tomcat-warm.yml index 3306e8107..31d9a2fd3 100644 --- a/salt/curator/files/action/so-tomcat-warm.yml +++ b/salt/curator/files/action/so-tomcat-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-tomcat.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-tomcat'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-zeek-close.yml b/salt/curator/files/action/so-zeek-close.yml index dcf151961..cbedd0aa2 100644 --- a/salt/curator/files/action/so-zeek-close.yml +++ b/salt/curator/files/action/so-zeek-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-zeek.close -%} +{%- set cur_close_days = CURATORMERGED['so-zeek'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-zeek-delete.yml b/salt/curator/files/action/so-zeek-delete.yml index 799554af3..00fafeb53 100644 --- a/salt/curator/files/action/so-zeek-delete.yml +++ b/salt/curator/files/action/so-zeek-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-zeek.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-zeek'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-zeek-warm.yml b/salt/curator/files/action/so-zeek-warm.yml index 244619ba7..a568d1594 100644 --- a/salt/curator/files/action/so-zeek-warm.yml +++ b/salt/curator/files/action/so-zeek-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-zeek.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-zeek'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-zscaler-close.yml b/salt/curator/files/action/so-zscaler-close.yml index 37c59ff18..fa6117791 100644 --- a/salt/curator/files/action/so-zscaler-close.yml +++ b/salt/curator/files/action/so-zscaler-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-zscaler.close -%} +{%- set cur_close_days = CURATORMERGED['so-zscaler'].close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-zscaler-delete.yml b/salt/curator/files/action/so-zscaler-delete.yml index 66fa8337e..6869ad14f 100644 --- a/salt/curator/files/action/so-zscaler-delete.yml +++ b/salt/curator/files/action/so-zscaler-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-zscaler.delete -%} +{%- set DELETE_DAYS = CURATORMERGED['so-zscaler'].delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-zscaler-warm.yml b/salt/curator/files/action/so-zscaler-warm.yml index cdebe867a..e4938ce30 100644 --- a/salt/curator/files/action/so-zscaler-warm.yml +++ b/salt/curator/files/action/so-zscaler-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-zscaler.warm -%} +{%- set WARM_DAYS = CURATORMERGED['so-zscaler'].warm -%} actions: 1: action: allocation diff --git a/salt/curator/map.jinja b/salt/curator/map.jinja index f049603d9..65d9f580d 100644 --- a/salt/curator/map.jinja +++ b/salt/curator/map.jinja @@ -14,5 +14,5 @@ {% do CURATOROPTIONS.update({'status': 'running'}) %} {% endif %} -{% import 'curator/defaults.yaml' as CURATORDEFAULTS %} -{% set CURATORMERGED = salt['pillar.get']('elasticsearch:index_settings', CURATORDEFAULTS, merge=true) %} +{% import_yaml 'curator/defaults.yaml' as CURATORDEFAULTS %} +{% set CURATORMERGED = salt['pillar.get']('elasticsearch:index_settings', CURATORDEFAULTS.elasticsearch.index_settings, merge=true) %} From 8b5c79fb394fe2f3ce41abf5dbfce7d0beede1cf Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 21 Oct 2022 11:21:03 -0400 Subject: [PATCH 3/3] add so-kratos and so-ossec to curator defaults --- salt/curator/defaults.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/salt/curator/defaults.yaml b/salt/curator/defaults.yaml index 17c5170fd..cf2ab38c2 100644 --- a/salt/curator/defaults.yaml +++ b/salt/curator/defaults.yaml @@ -88,6 +88,10 @@ elasticsearch: warm: 7 close: 30 delete: 365 + so-kratos: + warm: 7 + close: 30 + delete: 365 so-kibana: warm: 7 close: 30 @@ -124,6 +128,10 @@ elasticsearch: warm: 7 close: 30 delete: 365 + so-ossec: + warm: 7 + close: 30 + delete: 365 so-proofpoint: warm: 7 close: 30 @@ -171,4 +179,4 @@ elasticsearch: so-zscaler: warm: 7 close: 30 - delete: 365 \ No newline at end of file + delete: 365