Add context

salt/manager/tools/sbin/soup

@@ -1234,11 +1234,12 @@ check_config_file() {
         echo "Does not match known default - custom configuration detected"
         echo "Custom $file_display_name detected (hash: $file_hash)" >> /opt/so/conf/soc/fingerprints/suricataengine.syncBlock
 
-        # If this is so-rule-update, check for ETPRO key
+        # If this is so-rule-update, check for ETPRO license code and write out to the syncBlock file
+        # If ETPRO is enabled, the license code already exists in the so-rule-update script, this is just making it easier to migrate
         if [[ "$file_display_name" == "so-rule-update" ]]; then
-            etpro_key=$(grep -oP '\-\-etpro=\K[0-9a-fA-F]+' "$file" 2>/dev/null || true)
+            etpro_code=$(grep -oP '\-\-etpro=\K[0-9a-fA-F]+' "$file" 2>/dev/null || true)
-            if [[ -n "$etpro_key" ]]; then
+            if [[ -n "$etpro_code" ]]; then
-                echo "ETPRO key found: $etpro_key" >> /opt/so/conf/soc/fingerprints/suricataengine.syncBlock
+                echo "ETPRO code found: $etpro_code" >> /opt/so/conf/soc/fingerprints/suricataengine.syncBlock
             fi
         fi
 

salt/soc/merged.map.jinja

@@ -108,6 +108,7 @@
 {%     if ruleset.name == 'Emerging-Threats' %}
 {%       if ruleset.licenseKey and ruleset.licenseKey != '' %}
 {#         License key is defined - transform to ETPRO #}
+{#         Engine Version is hardcoded in the URL - this does not change often: https://community.emergingthreats.net/t/supported-engines/71 #}
 {%         do ruleset.update({
              'name': 'ETPRO',
              'sourcePath': 'https://rules.emergingthreatspro.com/' ~ ruleset.licenseKey ~ '/suricata-7.0.3/etpro.rules.tar.gz',