Merge pull request #12456 from Security-Onion-Solutions/feature/detections-airgap

Feature/detections airgap

salt/manager/tools/sbin/soup

@@ -950,8 +950,10 @@ main() {
     preupgrade_changes
     echo ""
 
-    echo "Updating Airgap Rule Files to the Latest."
+    if [[ $is_airgap -eq 0 ]]; then
-    update_airgap_rules
+      echo "Updating Rule Files to the Latest."
+      update_airgap_rules
+    fi
 
     # since we don't run the backup.config_backup state on import we wont snapshot previous version states and pillars
     if [[ ! "$MINIONID" =~ "_import" ]]; then

salt/soc/soc_soc.yaml

@@ -83,7 +83,7 @@ soc:
             global: True
             advanced: False
           autoUpdateEnabled:
-            description: 'Set to true to enable automatic updates of the Sigma Community Ruleset.'
+            description: 'Set to true to enable automatic Internet-connected updates of the Sigma Community Ruleset. If this is an Airgap system, this setting will be overridden and set to false.'
             global: True
             advanced: True
         elastic:
@@ -146,7 +146,7 @@ soc:
             advanced: True
         strelkaengine:
           autoUpdateEnabled:
-            description: 'Set to true to enable automatic updates of the Yara ruleset.'
+            description: 'Set to true to enable automatic Internet-connected updates of the Yara rulesets. If this is an Airgap system, this setting will be overridden and set to false.'
             global: True
             advanced: True
       client: