Merge pull request #12116 from Security-Onion-Solutions/issue/12033

Issue/12033
2025-12-06 09:12:45 +01:00 · 2024-01-04 09:54:29 -05:00
parent cab7c9d573 2eaf0e812a
commit 93cdac592e
3 changed files with 15 additions and 3 deletions
--- a/salt/elasticfleet/defaults.yaml
+++ b/salt/elasticfleet/defaults.yaml
@@ -1,5 +1,6 @@
 elasticfleet:
  enabled: False
+  enable_manager_output: True
  config:
    server:
      custom_fqdn: []
--- a/salt/elasticfleet/soc_elasticfleet.yaml
+++ b/salt/elasticfleet/soc_elasticfleet.yaml
@@ -3,12 +3,18 @@ elasticfleet:
    description: You can enable or disable Elastic Fleet.
    advanced: True
    helpLink: elastic-fleet.html
+  enable_manager_output:
+    description: Setting this option to False should only be considered if there is at least one receiver node in the grid. If True, Elastic Agent will send events to the manager and receivers. If False, events will only be send to the receivers.
+    advanced: True
+    global: True
+    forcedType: bool
+    helpLink: elastic-fleet.html
  logging:
    zeek:
      excluded:
        description: This is a list of Zeek logs that are excluded from being shipped through the data processing pipeline. If you remove a log from this list, Elastic Agent will attempt to process it. If an ingest node pipeline is not available to process the logs, you may experience errors.
        forcedType: "[]string"
-        helpLink: zeek.html 
+        helpLink: zeek.html
  config:
    server:
      custom_fqdn:
--- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-outputs-update
+++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-outputs-update
@@ -34,12 +34,17 @@ fi
 CURRENT_LIST=$(jq -c -r '.item.hosts' <<<  "$RAW_JSON")
 CURRENT_HASH=$(sha1sum <<< "$CURRENT_LIST" | awk '{print $1}')

+declare -a NEW_LIST=()
+
+{# If we select to not send to manager via SOC, then omit the code that adds manager to NEW_LIST #}
+{% if ELASTICFLEETMERGED.enable_manager_output %}
 # Create array & add initial elements
 if [ "{{ GLOBALS.hostname }}" = "{{ GLOBALS.url_base }}" ]; then
-    NEW_LIST=("{{ GLOBALS.url_base }}:5055")
+    NEW_LIST+=("{{ GLOBALS.url_base }}:5055")
 else
-    NEW_LIST=("{{ GLOBALS.url_base }}:5055" "{{ GLOBALS.hostname }}:5055")
+    NEW_LIST+=("{{ GLOBALS.url_base }}:5055" "{{ GLOBALS.hostname }}:5055")
 fi
+{% endif %}

 # Query for FQDN entries & add them to the list
 {% if ELASTICFLEETMERGED.config.server.custom_fqdn | length > 0 %}