Add BPF

salt/bpf/defaults.yaml

@@ -0,0 +1,4 @@
+bpf:
+    pcap: []
+    suricta: []
+    zeek: []

salt/bpf/soc_bpf.yaml

@@ -0,0 +1,7 @@
+bpf:
+  pcap:
+    description: List of BPF filters to apply to PCAP.
+  suricata:
+    description: List of BPF filters to apply to Suricata.
+  zeek:
+    description: List of BPF filters to apply to Zeek.

salt/pcap/init.sls

@@ -13,7 +13,7 @@
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
-{% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
+{% set BPF_STENO = salt['pillar.get']('bpf:pcap', None) %}
 {% set BPF_COMPILED = "" %}
 
 # PCAP Section

salt/suricata/init.sls

@@ -12,7 +12,7 @@
 {% set VERSION = salt['pillar.get']('global:soversion') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
-{% set BPF_NIDS = salt['pillar.get']('nids:bpf') %}
+{% set BPF_NIDS = salt['pillar.get']('bpf:suricata', None) %}
 {% set BPF_STATUS = 0  %}
 
 {# import_yaml 'suricata/files/defaults2.yaml' as suricata #}

salt/zeek/init.sls

@@ -11,7 +11,7 @@
 {% set VERSION = salt['pillar.get']('global:soversion') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
-{% set BPF_ZEEK = salt['pillar.get']('zeek:bpf', {}) %}
+{% set BPF_ZEEK = salt['pillar.get']('bpf:zeek', {}) %}
 {% set BPF_STATUS = 0  %}
 {% set INTERFACE = salt['pillar.get']('sensor:interface') %}