Merge pull request #12456 from Security-Onion-Solutions/feature/detections-airgap

Feature/detections airgap
2025-12-07 17:52:46 +01:00 · 2024-02-28 09:41:13 -05:00
parent d1e55d5ab7 e2dd0f8cf1
commit aa3b917368
2 changed files with 6 additions and 4 deletions
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -950,8 +950,10 @@ main() {
    preupgrade_changes
    echo ""

-    echo "Updating Airgap Rule Files to the Latest."
-    update_airgap_rules
+    if [[ $is_airgap -eq 0 ]]; then
+      echo "Updating Rule Files to the Latest."
+      update_airgap_rules
+    fi

    # since we don't run the backup.config_backup state on import we wont snapshot previous version states and pillars
    if [[ ! "$MINIONID" =~ "_import" ]]; then
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -83,7 +83,7 @@ soc:
            global: True
            advanced: False
          autoUpdateEnabled:
-            description: 'Set to true to enable automatic updates of the Sigma Community Ruleset.'
+            description: 'Set to true to enable automatic Internet-connected updates of the Sigma Community Ruleset. If this is an Airgap system, this setting will be overridden and set to false.'
            global: True
            advanced: True
        elastic:
@@ -146,7 +146,7 @@ soc:
            advanced: True
        strelkaengine:
          autoUpdateEnabled:
-            description: 'Set to true to enable automatic updates of the Yara ruleset.'
+            description: 'Set to true to enable automatic Internet-connected updates of the Yara rulesets. If this is an Airgap system, this setting will be overridden and set to false.'
            global: True
            advanced: True
      client: