add classification.config

salt/suricata/classification/classification.config

@@ -0,0 +1,2 @@
+# configuration classification: shortname,description,priority
+# configuration classification: misc-activity,Misc activity,3

salt/suricata/config.sls

@@ -129,6 +129,13 @@ surithresholding:
     - group: 940
     - template: jinja
 
+suriclassifications:
+  file.managed:
+    - name: /opt/so/conf/suricata/classification.config
+    - source: salt://suricata/classification/classification.config
+    - user: 940
+    - group: 940
+
 # BPF compilation and configuration
 {% if SURICATABPF %}
    {% set BPF_CALC = salt['cmd.script']('salt://common/tools/sbin/so-bpf-compile', GLOBALS.sensor.interface + ' ' + SURICATABPF|join(" "),cwd='/root') %}

salt/suricata/enabled.sls

@@ -27,6 +27,7 @@ so-suricata:
     - binds:
       - /opt/so/conf/suricata/suricata.yaml:/etc/suricata/suricata.yaml:ro
       - /opt/so/conf/suricata/threshold.conf:/etc/suricata/threshold.conf:ro
+      - /opt/so/conf/suricata/classification.config:/etc/suricata/classification.config:ro
       - /opt/so/conf/suricata/rules:/etc/suricata/rules:ro
       - /opt/so/log/suricata/:/var/log/suricata/:rw
       - /nsm/suricata/:/nsm/:rw

salt/suricata/soc_suricata.yaml

@@ -11,6 +11,13 @@ suricata:
       multiline: True
       title: SIDS
       helpLink: suricata.html
+  classification:
+    classification__config:
+      description: Classifications config file.
+      file: True
+      global: True
+      multiline: True
+      helpLink: suricata.html
   config:
     af-packet:
       interface: