From aa420b914b2bcc42f2d1d520a7b8b187e01dcc8f Mon Sep 17 00:00:00 2001
From: Josh Brower <Josh@Defensivedepth.com>
Date: Fri, 20 Aug 2021 16:27:09 -0400
Subject: [PATCH] Initial version so-playbook-import

---
 salt/common/tools/sbin/so-playbook-import | 22 ++++++++++++++++++++++
 salt/soctopus/init.sls                    |  3 ++-
 2 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 salt/common/tools/sbin/so-playbook-import

diff --git a/salt/common/tools/sbin/so-playbook-import b/salt/common/tools/sbin/so-playbook-import
new file mode 100644
index 000000000..107851278
--- /dev/null
+++ b/salt/common/tools/sbin/so-playbook-import
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+ENABLEPLAY=${1:-False}
+
+docker exec so-soctopus /usr/local/bin/python -c "import playbook; print(playbook.play_import($ENABLEPLAY))"
diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls
index c2c8dc1ac..724e5a617 100644
--- a/salt/soctopus/init.sls
+++ b/salt/soctopus/init.sls
@@ -10,7 +10,7 @@
 
 soctopusdir:
   file.directory:
-    - name: /opt/so/conf/soctopus
+    - name: /opt/so/conf/soctopus/sigma-import
     - user: 939
     - group: 939
     - makedirs: True
@@ -63,6 +63,7 @@ so-soctopus:
       - /opt/so/log/soctopus/:/var/log/SOCtopus/:rw
       - /opt/so/rules/elastalert/playbook:/etc/playbook-rules:rw
       - /opt/so/conf/navigator/nav_layer_playbook.json:/etc/playbook/nav_layer_playbook.json:rw
+      - /opt/so/conf/soctopus/sigma-import/:/SOCtopus/sigma-import/:rw    
       {% if ISAIRGAP is sameas true %}
       - /nsm/repo/rules/sigma:/soctopus/sigma
       {% endif %}