From 19dd9b97d29256247d24ecc9520ace3128116ab2 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Mon, 3 May 2021 09:40:53 -0400
Subject: [PATCH 1/2] Don't ask for node description on eval and import
 installs

---
 setup/so-setup | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup/so-setup b/setup/so-setup
index d7dd3b660..f85cba628 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -291,7 +291,7 @@ if ! [[ -f $install_opt_file ]]; then
 		collect_hostname
 	fi
 
-	whiptail_node_description
+	[[ ! ( $is_eval || $is_import ) ]] && whiptail_node_description
 
 	if [[ $reinit_networking ]] || ! [[ -f $net_init_file ]]; then
 		network_init_whiptail
@@ -960,4 +960,4 @@ fi
 
 install_cleanup >> "$setup_log" 2>&1
 
-if [[ -z $SKIP_REBOOT ]]; then shutdown -r now; else exit; fi
\ No newline at end of file
+if [[ -z $SKIP_REBOOT ]]; then shutdown -r now; else exit; fi

From 619402cc671bde3c99b4473d11d8effd37ddb752 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Mon, 3 May 2021 17:03:30 +0000
Subject: [PATCH 2/2] Add event_data to common template so elastalert/playbook
 event_data fields can be indexed and searchable

---
 salt/elasticsearch/templates/so/so-common-template.json | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/salt/elasticsearch/templates/so/so-common-template.json b/salt/elasticsearch/templates/so/so-common-template.json
index c1f0a6755..8adbdcf13 100644
--- a/salt/elasticsearch/templates/so/so-common-template.json
+++ b/salt/elasticsearch/templates/so/so-common-template.json
@@ -228,7 +228,11 @@
         "event":{
           "type":"object",
           "dynamic": true
-        }, 
+        },
+        "event_data":{
+          "type":"object",
+          "dynamic": true
+        },	
         "file":{
           "type":"object",
           "dynamic": true