Add support for Airgap for Playbooks

2025-12-20 16:03:06 +01:00 · 2025-06-06 16:17:14 -04:00
parent aca54b4645
commit a3b5db5945
5 changed files with 28 additions and 1 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1464,7 +1464,9 @@ soc:
          autoUpdateEnabled: true
          playbookImportFrequencySeconds: 86400
          playbookImportErrorSeconds: 600
-          playbookRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources-playbooks
+          playbookRepoUrl:
+            default: https://github.com/Security-Onion-Solutions/securityonion-resources-playbooks
+            airgap: file:///nsm/airgap-resources/playbooks/securityonion-resources-playbooks
          playbookRepoBranch: main
          playbookRepoPath: /opt/sensoroni/playbooks/
          playbookPathInRepo: securityonion-normalized
--- a/salt/soc/merged.map.jinja
+++ b/salt/soc/merged.map.jinja
@@ -61,6 +61,13 @@
 {%   do SOCMERGED.config.server.update({'airgapEnabled': false}) %}
 {% endif %}

+{# set playbookRepoUrl based on airgap or not #}
+{% if GLOBALS.airgap %}
+{%   do SOCMERGED.config.server.modules.playbook.update({'playbookRepoUrl': SOCMERGED.config.server.modules.playbook.playbookRepoUrl.airgap}) %}
+{% else %}
+{%   do SOCMERGED.config.server.modules.playbook.update({'playbookRepoUrl': SOCMERGED.config.server.modules.playbook.playbookRepoUrl.default}) %}
+{% endif %}
+
 {# remove these modules if detections is disabled #}
 {% if not SOCMERGED.config.server.client.detectionsEnabled %}
 {%   do SOCMERGED.config.server.modules.pop('elastalertengine') %}