From ba32b3e6e9d23a7c34fadef272f5bf8ec2e52ae3 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 11 Mar 2024 14:07:45 -0400
Subject: [PATCH] fix bpf for transition

---
 salt/bpf/pcap.map.jinja | 2 +-
 salt/soc/defaults.yaml  | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/salt/bpf/pcap.map.jinja b/salt/bpf/pcap.map.jinja
index a6deae4f4..4d8fef460 100644
--- a/salt/bpf/pcap.map.jinja
+++ b/salt/bpf/pcap.map.jinja
@@ -1,6 +1,6 @@
 {% from 'vars/globals.map.jinja' import GLOBALS %}
 {% if GLOBALS.pcap_engine == "TRANSITION" %}
-{%   set PCAPBPF = "ip and host 255.255.255.1 and port 1" %}
+{%   set PCAPBPF = ["ip and host 255.255.255.1 and port 1"] %}
 {% else %}
 {%   import_yaml 'bpf/defaults.yaml' as BPFDEFAULTS %}
 {%   set BPFMERGED = salt['pillar.get']('bpf', BPFDEFAULTS.bpf, merge=True) %}
diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 5699c7722..7be2db772 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1132,7 +1132,8 @@ soc:
           compileYaraPythonScriptPath: /opt/so/conf/strelka/compile_yara.py
           reposFolder: /opt/sensoroni/yara/repos
           rulesRepos:
-          - https://github.com/Security-Onion-Solutions/securityonion-yara
+          - repo: https://github.com/Security-Onion-Solutions/securityonion-yara
+            license: DRL
           yaraRulesFolder: /opt/sensoroni/yara/rules
         suricataengine:
           communityRulesFile: /nsm/rules/suricata/emerging-all.rules