diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja
index 36fd86321..a1f6cdb8c 100644
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -1,6 +1,5 @@
{% set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
{% set WAZUH = salt['pillar.get']('global:wazuh', '0') %}
-{% set THEHIVE = salt['pillar.get']('manager:thehive', '0') %}
{% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
{% set FREQSERVER = salt['pillar.get']('manager:freq', '0') %}
{% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %}
@@ -273,10 +272,6 @@
{% do allowed_states.append('elastalert') %}
{% endif %}
- {% if (THEHIVE != 0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
- {% do allowed_states.append('thehive') %}
- {% endif %}
-
{% if (PLAYBOOK !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
{% do allowed_states.append('playbook') %}
{% endif %}
diff --git a/salt/common/tools/sbin/so-elasticsearch-indices-rw b/salt/common/tools/sbin/so-elasticsearch-indices-rw
index 166c4b284..5aa24f91a 100755
--- a/salt/common/tools/sbin/so-elasticsearch-indices-rw
+++ b/salt/common/tools/sbin/so-elasticsearch-indices-rw
@@ -17,9 +17,7 @@
# along with this program. If not, see .
IP={{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}
ESPORT=9200
-THEHIVEESPORT=9400
echo "Removing read only attributes for indices..."
echo
{{ ELASTICCURL }} -s -k -XPUT -H "Content-Type: application/json" -L https://$IP:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute. Please ensure Elasticsearch is running.";fi;
-{{ ELASTICCURL }} -XPUT -H "Content-Type: application/json" -L http://$IP:9400/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute. Please ensure Elasticsearch is running.";fi;
diff --git a/salt/common/tools/sbin/so-restart b/salt/common/tools/sbin/so-restart
index ecb58c301..dda4baf57 100755
--- a/salt/common/tools/sbin/so-restart
+++ b/salt/common/tools/sbin/so-restart
@@ -15,7 +15,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-# Usage: so-restart filebeat | kibana | playbook | thehive
+# Usage: so-restart filebeat | kibana | playbook
. /usr/sbin/so-common
@@ -31,7 +31,6 @@ if [ $# -ge 1 ]; then
fi
case $1 in
- "cortex") docker stop so-thehive-cortex so-thehive && docker rm so-thehive-cortex so-thehive && salt-call state.apply hive queue=True;;
"steno") docker stop so-steno && docker rm so-steno && salt-call state.apply pcap queue=True;;
*) docker stop so-$1 ; docker rm so-$1 ; salt-call state.apply $1 queue=True;;
esac
diff --git a/salt/common/tools/sbin/so-start b/salt/common/tools/sbin/so-start
index 7859e8820..a592388d4 100755
--- a/salt/common/tools/sbin/so-start
+++ b/salt/common/tools/sbin/so-start
@@ -15,7 +15,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-# Usage: so-start all | filebeat | kibana | playbook | thehive
+# Usage: so-start all | filebeat | kibana | playbook
. /usr/sbin/so-common
diff --git a/salt/top.sls b/salt/top.sls
index 8630ac318..83c911992 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -277,9 +277,6 @@ base:
- utility
- schedule
- soctopus
- {%- if THEHIVE != 0 %}
- - thehive
- {%- endif %}
{%- if PLAYBOOK != 0 %}
- playbook
{%- endif %}
@@ -369,9 +366,6 @@ base:
- fleet.install_package
{%- endif %}
- soctopus
- {%- if THEHIVE != 0 %}
- - thehive
- {%- endif %}
{%- if PLAYBOOK != 0 %}
- playbook
{%- endif %}