Merge pull request #9852 from Security-Onion-Solutions/kilo

Remove FleetDM tool from SOC instead of deactivating it; generate SRV key during setup

salt/soc/defaults.yaml

@@ -1091,11 +1091,6 @@ soc:
           icon: fa-external-link-alt
           target: so-playbook
           link: /playbook/projects/detection-playbooks/issues/
-        - name: toolFleet
-          description: toolFleetHelp
-          icon: fa-external-link-alt
-          target: so-fleet
-          link: /fleet/
         - name: toolNavigator
           description: toolNavigatorHelp
           icon: fa-external-link-alt

salt/soc/merged.map.jinja

@@ -29,8 +29,6 @@
 {%   do SOCMERGED.server.client.inactiveTools.append('toolPlaybook') %}
 {% endif %}
 
-{% do SOCMERGED.server.client.inactiveTools.append('toolFleet') %}
-
 {% set standard_actions = SOCMERGED.pop('actions') %}
 {% if pillar.global.endgamehost is defined %}
 {%   set endgame_dict = {

salt/soc/soc_soc.yaml

@@ -47,6 +47,11 @@ soc:
       global: True
       advanced: True
   server:
+    srvKey:
+      description: Unique key for protecting the integrity of user submitted data via the web browser.
+      global: True
+      sensitive: True
+      advanced: True
     maxPacketCount:
       description: Maximum number of packets to show in the PCAP viewer. Larger values can cause more resource utilization on both the SOC server and the browser.
       global: True

setup/so-functions

@@ -1239,6 +1239,7 @@ generate_passwords(){
   SENSORONIKEY=$(get_random_value)
   KRATOSKEY=$(get_random_value)
   REDISPASS=$(get_random_value)
+  SOCSRVKEY=$(get_random_value 64)
 }
 
 generate_interface_vars() {
@@ -1374,7 +1375,11 @@ idstools_pillar() {
 soc_pillar() {
 	title "Creating the SOC pillar"
 	touch $adv_soc_pillar_file
-	touch $soc_pillar_file
+	printf '%s\n'\
+		"soc:"\
+		"  server:"\
+		"    srvKey: '$SOCSRVKEY'"\
+		"" > "$soc_pillar_file"
 }
 
 telegraf_pillar() {