small fixes

2025-12-12 12:12:59 +01:00 · 2025-12-10 15:19:44 -05:00
parent e105bd12e6
commit 8ef6c2f91d
2 changed files with 14 additions and 1 deletions
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -1113,7 +1113,7 @@ suricata_idstools_removal_pre() {
 install -d -o 939 -g 939 -m 755 /opt/so/conf/soc/fingerprints
 install -o 939 -g 939 -m 644 /dev/null /opt/so/conf/soc/fingerprints/suricataengine.syncBlock
 cat > /opt/so/conf/soc/fingerprints/suricataengine.syncBlock << EOF
-Suricata ruleset sync is blocked until this file is removed. Make sure that you have manually added any custom Suricata rulesets via SOC config - review the documentation for more details: securityonion.net/docs
+Suricata ruleset sync is blocked until this file is removed. **CRITICAL** Make sure that you have manually added any custom Suricata rulesets via SOC config before removing this file - review the documentation for more details: https://docs.securityonion.net/en/2.4/nids.html#sync-block
 EOF

 # Remove possible symlink & create salt local rules dir
@@ -1131,6 +1131,7 @@ if [[ -f /opt/so/conf/soc/so-detections-backup.py ]]; then
    # Verify backup by comparing counts
    echo "Verifying detection overrides backup..."
    es_override_count=$(/sbin/so-elasticsearch-query 'so-detection/_count' \
+       --retry 5 --retry-delay 10 --retry-all-errors \
       -d '{"query": {"bool": {"must": [{"exists": {"field": "so_detection.overrides"}}]}}}' | jq -r '.count') || {
        echo "  Error: Failed to query Elasticsearch for override count"
        exit 1
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -608,6 +608,18 @@ soc:
                label: Delete Unreferenced (Deletes rules that are no longer referenced by ruleset source)
                forcedType: bool
                required: False
+              - field: proxyURL
+                label: HTTP/HTTPS proxy URL for downloading the ruleset.
+                required: False
+              - field: proxyUsername
+                label: Proxy authentication username.
+                required: False
+              - field: proxyPassword
+                label: Proxy authentication password.
+                required: False
+              - field: proxyCACert
+                label: Path to CA certificate file for MITM proxy verification.
+                required: False
            airgap: *serulesetSources
        navigator:
          intervalMinutes: