From 9a7e2153eedec1fbeb61df3db918ba5b7e7baa39 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 26 Feb 2024 11:01:53 -0500
Subject: [PATCH] add classification.config

---
 salt/suricata/classification/classification.config | 2 ++
 salt/suricata/config.sls                           | 7 +++++++
 salt/suricata/enabled.sls                          | 1 +
 salt/suricata/soc_suricata.yaml                    | 7 +++++++
 4 files changed, 17 insertions(+)
 create mode 100644 salt/suricata/classification/classification.config

diff --git a/salt/suricata/classification/classification.config b/salt/suricata/classification/classification.config
new file mode 100644
index 000000000..69918fed7
--- /dev/null
+++ b/salt/suricata/classification/classification.config
@@ -0,0 +1,2 @@
+# configuration classification: shortname,description,priority
+# configuration classification: misc-activity,Misc activity,3
diff --git a/salt/suricata/config.sls b/salt/suricata/config.sls
index 3ec1324bf..00364f384 100644
--- a/salt/suricata/config.sls
+++ b/salt/suricata/config.sls
@@ -129,6 +129,13 @@ surithresholding:
     - group: 940
     - template: jinja
 
+suriclassifications:
+  file.managed:
+    - name: /opt/so/conf/suricata/classification.config
+    - source: salt://suricata/classification/classification.config
+    - user: 940
+    - group: 940
+
 # BPF compilation and configuration
 {% if SURICATABPF %}
    {% set BPF_CALC = salt['cmd.script']('salt://common/tools/sbin/so-bpf-compile', GLOBALS.sensor.interface + ' ' + SURICATABPF|join(" "),cwd='/root') %}
diff --git a/salt/suricata/enabled.sls b/salt/suricata/enabled.sls
index ce309e41a..f96472ae2 100644
--- a/salt/suricata/enabled.sls
+++ b/salt/suricata/enabled.sls
@@ -27,6 +27,7 @@ so-suricata:
     - binds:
       - /opt/so/conf/suricata/suricata.yaml:/etc/suricata/suricata.yaml:ro
       - /opt/so/conf/suricata/threshold.conf:/etc/suricata/threshold.conf:ro
+      - /opt/so/conf/suricata/classification.config:/etc/suricata/classification.config:ro
       - /opt/so/conf/suricata/rules:/etc/suricata/rules:ro
       - /opt/so/log/suricata/:/var/log/suricata/:rw
       - /nsm/suricata/:/nsm/:rw
diff --git a/salt/suricata/soc_suricata.yaml b/salt/suricata/soc_suricata.yaml
index 30f277c0a..4fd720ef1 100644
--- a/salt/suricata/soc_suricata.yaml
+++ b/salt/suricata/soc_suricata.yaml
@@ -11,6 +11,13 @@ suricata:
       multiline: True
       title: SIDS
       helpLink: suricata.html
+  classification:
+    classification__config:
+      description: Classifications config file.
+      file: True
+      global: True
+      multiline: True
+      helpLink: suricata.html
   config:
     af-packet:
       interface: