ensure bool sliders for each state:enabled annotation

salt/elastalert/soc_elastalert.yaml

@@ -1,6 +1,7 @@
 elastalert:
   enabled:
     description: Enables or disables the ElastAlert 2 process. This process is critical for ensuring alerts arrive in SOC, and for outbound notification delivery.
+    forcedType: bool
     helpLink: elastalert
   alerter_parameters:
     title: Custom Configuration Parameters

salt/elastic-fleet-package-registry/soc_elastic-fleet-package-registry.yaml

@@ -1,4 +1,5 @@
 elastic_fleet_package_registry:
   enabled:
     description: Enables or disables the Fleet package registry process. This process must remain enabled to allow Elastic Agent packages to be updated.
+    forcedType: bool
     advanced: True

salt/elasticagent/soc_elasticagent.yaml

@@ -1,4 +1,5 @@
 elasticagent:
   enabled:
     description: Enables or disables the Elastic Agent process. This process must remain enabled to allow collection of node events.
+    forcedType: bool
     advanced: True

salt/elasticfleet/soc_elasticfleet.yaml

@@ -1,6 +1,7 @@
 elasticfleet:
   enabled:
     description: Enables or disables the Elastic Fleet process. This process is critical for managing Elastic Agents.
+    forcedType: bool
     advanced: True
     helpLink: elastic-fleet
   enable_manager_output:

salt/elasticsearch/soc_elasticsearch.yaml

@@ -1,6 +1,7 @@
 elasticsearch:
   enabled:
     description: Enables or disables the Elasticsearch process. This process provides the log event storage system. WARNING - Disabling this process is unsupported.
+    forcedType: bool
     advanced: True
     helpLink: elasticsearch
   version:

salt/hydra/soc_hydra.yaml

@@ -1,6 +1,7 @@
 hydra:
   enabled:
-    description: Enables or disables the API authentication system, used for service account authentication. Enabling this feature requires a valid Security Onion license key. Defaults to False. 
+    description: Enables or disables the API authentication system, used for service account authentication. Enabling this feature requires a valid Security Onion license key. Defaults to False.
+    forcedType: bool
     helpLink: connect-api
     global: True
   config:

salt/idh/soc_idh.yaml

@@ -1,6 +1,7 @@
 idh:
   enabled:
-    description: Enables or disables the Intrusion Detection Honeypot (IDH) process. 
+    description: Enables or disables the Intrusion Detection Honeypot (IDH) process.
+    forcedType: bool
     helpLink: idh
   opencanary:
     config:

salt/influxdb/soc_influxdb.yaml

@@ -1,6 +1,7 @@
 influxdb:
   enabled:
     description: Enables the grid metrics collection storage system. Security Onion grid health monitoring requires this process to remain enabled. WARNING - Disabling the process is unsupported, and will cause unexpected results.
+    forcedType: bool
     helpLink: influxdb
   config:
     assets-path:

salt/kafka/soc_kafka.yaml

@@ -1,6 +1,7 @@
 kafka:
   enabled:
     description: Set to True to enable Kafka. To avoid grid problems, do not enable Kafka until the related configuration is in place. Requires a valid Security Onion license key.
+    forcedType: bool
     helpLink: kafka
   cluster_id:
     description: The ID of the Kafka cluster.

salt/kibana/soc_kibana.yaml

@@ -1,6 +1,7 @@
 kibana:
-  enabled: 
+  enabled:
     description: Enables or disables the Kibana front-end interface to Elasticsearch. Due to Kibana being used for loading certain configuration details in Elasticsearch, this process should remain enabled. WARNING - Disabling the process is unsupported, and will cause unexpected results.
+    forcedType: bool
     helpLink: kibana
   config:
     elasticsearch:

salt/kratos/soc_kratos.yaml

@@ -1,6 +1,7 @@
 kratos:
   enabled:
     description: Enables or disables the Kratos authentication system. WARNING - Disabling this process will cause the grid to malfunction. Re-enabling this setting will require manual effort via SSH.
+    forcedType: bool
     advanced: True
     helpLink: kratos
 

salt/logstash/soc_logstash.yaml

@@ -1,6 +1,7 @@
 logstash:
-  enabled: 
+  enabled:
     description: Enables or disables the Logstash log event forwarding process. On most grid installations, when this process is disabled log events are unable to be ingested into the SOC backend.
+    forcedType: bool
     helpLink: logstash
   assigned_pipelines:
     roles:

salt/nginx/soc_nginx.yaml

@@ -1,6 +1,7 @@
 nginx:
-  enabled: 
+  enabled:
     description: Enables or disables the Nginx web server and reverse proxy. WARNING - Disabling this process will prevent access to SOC and other important web interfaces and APIs. Re-enabling the process is a manual effort. Do not change this setting without instruction from Security Onion support.
+    forcedType: bool
     advanced: True
     helpLink: nginx
   external_suricata:

salt/redis/soc_redis.yaml

@@ -1,6 +1,7 @@
 redis:
-  enabled: 
+  enabled:
     description: Enables the log event in-memory buffering process. This process might already be disabled on some installation types. Disabling this process on distributed-capable grids can result in loss of log events.
+    forcedType: bool
     helpLink: redis
   config:
     bind:

salt/registry/soc_registry.yaml

@@ -1,4 +1,5 @@
 registry:
   enabled:
     description: Enables or disables the Docker registry on the manager node. WARNING - If this process is disabled the grid will malfunction and a manual effort may be needed to re-enable the setting.
+    forcedType: bool
     advanced: True

salt/sensoroni/soc_sensoroni.yaml

@@ -1,6 +1,7 @@
 sensoroni:
   enabled:
     description: Enable or disable the per-node SOC agent process. This process is used for performing node-related jobs and reporting node metrics back to SOC. Disabling this process is unsupported and will result in an improperly functioning grid.
+    forcedType: bool
     advanced: True
     helpLink: grid
   config:

salt/soc/soc_soc.yaml

@@ -1,6 +1,7 @@
 soc:
   enabled:
     description: Enables or disables SOC. WARNING - Disabling this setting is unsupported and will cause the grid to malfunction. Re-enabling this setting is a manual effort via SSH.
+    forcedType: bool
     advanced: True
   telemetryEnabled:
     title: SOC Telemetry

salt/suricata/soc_suricata.yaml

@@ -1,6 +1,7 @@
 suricata:
-  enabled: 
+  enabled:
     description: Enables or disables the Suricata process. This process is used for triggering alerts and optionally for protocol metadata collection and full packet capture.
+    forcedType: bool
     helpLink: suricata
   thresholding:
     sids__yaml:

salt/telegraf/soc_telegraf.yaml

@@ -1,6 +1,7 @@
 telegraf:
-  enabled: 
+  enabled:
     description: Enables the grid metrics collection process. WARNING - Security Onion grid health monitoring requires this process to remain enabled. Disabling it will cause unexpected and unsupported results.
+    forcedType: bool
     advanced: True
     helpLink: influxdb
   config:

salt/zeek/soc_zeek.yaml

@@ -1,6 +1,7 @@
 zeek:
   enabled:
     description: Controls whether the Zeek (network packet inspection) process runs. Disabling this process could result in loss of network protocol metadata. If Suricata was selected as the protocol metadata engine during setup then this will already be disabled.
+    forcedType: bool
     helpLink: zeek
   ja4plus_enabled:
     description: "Enables JA4+ fingerprinting (JA4S, JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X). By enabling this, you agree to the terms of the JA4+ license (https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE-JA4)."