From f5916e26a263014cfd37db5e9ad8263736c33c69 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Mon, 7 Sep 2020 04:42:11 -0400
Subject: [PATCH 1/5] read ca.crt from filesystem when possible

---
 salt/ssl/init.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 70d4c4b6a..733deed92 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -8,7 +8,7 @@
 {% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('global:fleet_custom_hostname', None) %}
 
 {% if grains.id.split('_')|last in ['manager', 'eval', 'standalone', 'import'] %}
-    {% set trusttheca_text =  salt['mine.get'](grains.id, 'x509.get_pem_entries')[grains.id]['/etc/pki/ca.crt']|replace('\n', '') %}
+    {% set trusttheca_text = salt['cmd.shell']('cat /etc/pki/ca.crt')|replace('\n','') %}
     {% set ca_server = grains.id %}
 {% else %}
     {% set x509dict =  salt['mine.get']('*', 'x509.get_pem_entries') %}

From f8ebed43d7a71326edd9d147d63996a80a4ecb16 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Mon, 7 Sep 2020 04:45:26 -0400
Subject: [PATCH 2/5] fix spacing

---
 salt/ssl/init.sls | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 733deed92..1d4cb2f37 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -8,10 +8,10 @@
 {% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('global:fleet_custom_hostname', None) %}
 
 {% if grains.id.split('_')|last in ['manager', 'eval', 'standalone', 'import'] %}
-    {% set trusttheca_text = salt['cmd.shell']('cat /etc/pki/ca.crt')|replace('\n','') %}
+    {% set trusttheca_text = salt['cmd.shell']('cat /etc/pki/ca.crt')|replace('\n', '') %}
     {% set ca_server = grains.id %}
 {% else %}
-    {% set x509dict =  salt['mine.get']('*', 'x509.get_pem_entries') %}
+    {% set x509dict = salt['mine.get']('*', 'x509.get_pem_entries') %}
     {% for host in x509dict %}
       {% if 'manager' in host.split('_')|last or host.split('_')|last == 'standalone' %}
         {% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %}

From ad05e75ce77dfe5db71ebb472ecbdcf2e3e8be3c Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 9 Sep 2020 00:46:18 -0400
Subject: [PATCH 3/5] Add new quick actions to SOC config template

---
 salt/soc/files/soc/soc.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json
index f4a817ff3..81efcb447 100644
--- a/salt/soc/files/soc/soc.json
+++ b/salt/soc/files/soc/soc.json
@@ -141,6 +141,11 @@
           { "name": "x509", "description": "x.509 grouped by issuer", "query": "event.dataset:x509 | groupby x509.certificate.issuer"},
           { "name": "x509", "description": "x.509 grouped by subject", "query": "event.dataset:x509 | groupby x509.certificate.subject"},
           { "name": "Firewall", "description": "Firewall events grouped by action", "query": "event_type:firewall | groupby action"}
+        ],
+        "actions": [
+          { "name": "", "description": "actionPcapHelp", "icon": "fa-stream", "link": "/joblookup?esid={eventId}" },
+          { "name": "", "description": "actionAlertHelp", "icon": "fa-bell", "link": "/soctopus/thehive/alert/{eventId}" },
+          { "name": "", "description": "actionVirtusTotalHelp", "icon": "fa-globe", "link": "https://www.virustotal.com/gui/ip-address/{value}/detection", "fields": [ "source.ip", "destination.ip" ] }
         ]
       }
     }

From 7facff2b7dfd37ed56094c0afad0c7d0ff9883e2 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 9 Sep 2020 10:34:53 -0400
Subject: [PATCH 4/5] change from cmd.run to cp.get_file_str

---
 salt/ssl/init.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 1d4cb2f37..416e13af5 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -8,7 +8,7 @@
 {% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('global:fleet_custom_hostname', None) %}
 
 {% if grains.id.split('_')|last in ['manager', 'eval', 'standalone', 'import'] %}
-    {% set trusttheca_text = salt['cmd.shell']('cat /etc/pki/ca.crt')|replace('\n', '') %}
+    {% set trusttheca_text = salt['cp.get_file_str']('/etc/pki/ca.crt')|replace('\n', '') %}
     {% set ca_server = grains.id %}
 {% else %}
     {% set x509dict = salt['mine.get']('*', 'x509.get_pem_entries') %}

From eaf3281ab7ca31d4c28baf067b6350429b123f82 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Wed, 9 Sep 2020 10:43:41 -0400
Subject: [PATCH 5/5] Remove Suricata version numbers from Setup screens #1300

https://github.com/Security-Onion-Solutions/securityonion/issues/1300
---
 setup/so-whiptail | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/setup/so-whiptail b/setup/so-whiptail
index e590a30d9..d760373af 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -97,8 +97,8 @@ whiptail_zeek_version() {
 
 	[ -n "$TESTING" ] && return
 
-	ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 75 4 "ZEEK" "Install Zeek (aka Bro)"  ON \
-	"SURICATA" "Use Suricata 5" OFF 3>&1 1>&2 2>&3)
+	ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate metadata?" 20 75 4 "ZEEK" "Zeek (formerly known as Bro)"  ON \
+	"SURICATA" "Suricata" OFF 3>&1 1>&2 2>&3)
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -623,7 +623,7 @@ whiptail_nids() {
 	NIDS=$(whiptail --title "Security Onion Setup" --radiolist \
 	"Choose which IDS to run. \n 
 	Snort 3.0 support will be added once it is out of beta:" 25 75 4 \
-	"Suricata" "Suricata 4.X" ON  \
+	"Suricata" "Suricata" ON  \
 	"Snort" "Placeholder for Snort 3.0  " OFF 3>&1 1>&2 2>&3 )
 
 	local exitstatus=$?