Merge pull request #13000 from Security-Onion-Solutions/soupz

Backup Suricata for migration

salt/manager/tools/sbin/soup

@@ -583,6 +583,7 @@ up_to_2.4.60() {
 
 up_to_2.4.70() {
   playbook_migration
+  suricata_idstools_migration
   toggle_telemetry
   add_detection_test_pillars
   INSTALLEDVERSION=2.4.70
@@ -634,6 +635,26 @@ ASSIST_EOF
   fi
 }
 
+suricata_idstools_migration() {
+  #Backup the pillars for idstools
+  mkdir -p /nsm/backup/detections-migration/idstools
+  rsync -av /opt/so/saltstack/local/pillar/idstools/* /nsm/backup/detections-migration/idstools
+  if [[ $? -eq 0 ]]; then
+  	echo "IDStools configuration has been backed up."
+  else
+  	fail "Error: rsync failed to copy the files. IDStools configuration has not been backed up."
+  fi
+
+  #Backup Thresholds
+  mkdir -p /nsm/backup/detections-migration/suricata
+  rsync -av /opt/so/saltstack/local/salt/suricata/thresholding /nsm/backup/detections-migration/suricata
+  if [[ $? -eq 0 ]]; then
+  	echo "Suricata thresholds have been backed up."
+  else
+  	fail "Error: rsync failed to copy the files. Thresholds have not been backed up."
+  fi
+}
+
 playbook_migration() {
   # Start SOC Detections migration
   mkdir -p /nsm/backup/detections-migration/{suricata,sigma/rules,elastalert}