Add BPF

2026-01-14 20:21:24 +01:00 · 2022-09-16 08:36:44 -04:00
parent 2c0d90bea4
commit 9a6fe3e8de
6 changed files with 15 additions and 4 deletions
--- a/salt/bpf/defaults.yaml
+++ b/salt/bpf/defaults.yaml
@@ -0,0 +1,4 @@
+bpf:
+    pcap: []
+    suricta: []
+    zeek: []
--- a/salt/bpf/soc_bpf.yaml
+++ b/salt/bpf/soc_bpf.yaml
@@ -0,0 +1,7 @@
+bpf:
+  pcap:
+    description: List of BPF filters to apply to PCAP.
+  suricata:
+    description: List of BPF filters to apply to Suricata.
+  zeek:
+    description: List of BPF filters to apply to Zeek.
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -13,7 +13,7 @@
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
-{% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
+{% set BPF_STENO = salt['pillar.get']('bpf:pcap', None) %}
 {% set BPF_COMPILED = "" %}

 # PCAP Section
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -12,7 +12,7 @@
 {% set VERSION = salt['pillar.get']('global:soversion') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
-{% set BPF_NIDS = salt['pillar.get']('nids:bpf') %}
+{% set BPF_NIDS = salt['pillar.get']('bpf:suricata', None) %}
 {% set BPF_STATUS = 0  %}

 {# import_yaml 'suricata/files/defaults2.yaml' as suricata #}
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -11,7 +11,7 @@
 {% set VERSION = salt['pillar.get']('global:soversion') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
-{% set BPF_ZEEK = salt['pillar.get']('zeek:bpf', {}) %}
+{% set BPF_ZEEK = salt['pillar.get']('bpf:zeek', {}) %}
 {% set BPF_STATUS = 0  %}
 {% set INTERFACE = salt['pillar.get']('sensor:interface') %}