From 89d789fe0f7cfd1707ee2bae7f230ce96b185919 Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Wed, 31 May 2023 12:47:44 -0600
Subject: [PATCH] New folder for salt to maintain

This folder is where a manager will initially store uploaded PCAP/EVTX files before sending to sensors. Sensors will store uploads in this folder on their own system.
---
 salt/soc/config.sls | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/salt/soc/config.sls b/salt/soc/config.sls
index 399ff72cd..42c24c9e0 100644
--- a/salt/soc/config.sls
+++ b/salt/soc/config.sls
@@ -1,5 +1,5 @@
 # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
-# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
@@ -78,7 +78,7 @@ soc_sbin:
 #    - name: /usr/sbin
 #    - source: salt://soc/tools/sbin_jinja
 #    - user: 939
-#    - group: 939 
+#    - group: 939
 #    - file_mode: 755
 #    - template: jinja
 
@@ -106,6 +106,13 @@ socusersroles:
     - require:
       - sls: manager.sync_es_users
 
+socuploaddir:
+  file.directory:
+    - name: /nsm/soc/uploads
+    - user: 939
+    - group: 939
+    - makedirs: True
+
 {% else %}
 
 {{sls}}_state_not_allowed: