From 8844e305ab5da068c670061a45c0382f500ee40d Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 9 Aug 2023 11:18:47 -0400
Subject: [PATCH] use sensor.interface for suricata. make af-packet.interface
 ro in soc ui

---
 salt/suricata/map.jinja         | 2 +-
 salt/suricata/soc_suricata.yaml | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/salt/suricata/map.jinja b/salt/suricata/map.jinja
index 5576117cc..2d79c30fd 100644
--- a/salt/suricata/map.jinja
+++ b/salt/suricata/map.jinja
@@ -11,7 +11,7 @@
 {# suricata.config.af-packet has to be rewritten here since we cant display '- interface' in the ui #}
 {# we are limited to only one iterface #}
 {% load_yaml as afpacket %}
-- interface: {{ SURICATAMERGED.config['af-packet'].interface }}
+- interface: {{ GLOBALS.sensor.interface) }}
   cluster-id: {{ SURICATAMERGED.config['af-packet']['cluster-id'] }}
   cluster-type: {{ SURICATAMERGED.config['af-packet']['cluster-type'] }}
   defrag: {{ SURICATAMERGED.config['af-packet'].defrag }}
diff --git a/salt/suricata/soc_suricata.yaml b/salt/suricata/soc_suricata.yaml
index f13e89618..30f277c0a 100644
--- a/salt/suricata/soc_suricata.yaml
+++ b/salt/suricata/soc_suricata.yaml
@@ -14,7 +14,9 @@ suricata:
   config:
     af-packet:
       interface:
-        description: The network interface that Suricata will monitor.
+        description: The network interface that Suricata will monitor. This is set under sensor > interface.
+        advanced: True
+        readonly: True
         helpLink: suricata.html
       cluster-id:
         advanced: True