Merge pull request #10387 from Security-Onion-Solutions/airgaps

Docker Enhancements

setup/so-functions

@@ -1542,15 +1542,9 @@ create_strelka_pillar() {
 		"strelka:"\
 		"  enabled: $STRELKA"\
 		"  rules: 1" > "$strelka_pillar_file"
-		if [[ $is_airgap ]]; then
-			printf '%s\n'\
-				"  repos:"\
-				"    - 'https://$HOSTNAME/repo/rules/strelka'" >> "$strelka_pillar_file"
-		else 
-			printf '%s\n'\
-				"  repos:"\
-				"    - 'https://github.com/Neo23x0/signature-base'" >> "$strelka_pillar_file"
-		fi
+		printf '%s\n'\
+			"  repos:"\
+			"    - 'https://$HOSTNAME:7788/yara'" >> "$strelka_pillar_file"
 }
 
 backup_pillar() {

setup/so-setup

@@ -644,6 +644,13 @@ if ! [[ -f $install_opt_file ]]; then
 		logCmd "salt-call state.apply -l info manager"
 		logCmd "salt-call state.apply influxdb -l info"
 		logCmd "salt-call state.highstate -l info"
+		if [[ ! $is_airgap ]]; then
+			title "Downloading IDS Rules"
+			logCmd "so-rule-update"
+			title "Downloading YARA rules"
+			logCmd "runuser -l socore 'so-yara-update'"
+			title "Restarting Strelka to use new rules"
+		fi
 		title "Setting up Kibana Default Space"
 		logCmd "so-kibana-space-defaults"
 		add_web_user