Merge pull request #3121 from Security-Onion-Solutions/strelkainstall

Fix Strelka Rule updates, repo fix
2025-12-06 09:12:45 +01:00 · 2021-02-24 17:13:41 -05:00
parent 39860ea6bd 701cfe7e9a
commit c39b516f38
5 changed files with 52 additions and 27 deletions
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1558,9 +1558,17 @@ manager_global() {
 		"  node_checkin_interval_ms: $NODE_CHECKIN_INTERVAL_MS"\
 		"strelka:"\
 		"  enabled: $STRELKA"\
-		"  rules: 1"\
-		"  repos:"\
-		"    - https://github.com/Neo23x0/signature-base"\
+		"  rules: 1" >> "$global_pillar"
+		if [[ $is_airgap ]]; then
+		    printf '%s\n'\
+			    "  repos:"\
+			    "    - 'https://$HOSTNAME/repo/rules/strelka'" >> "$global_pillar"
+	    else 
+		    printf '%s\n'\
+		        "  repos:"\
+			    "    - 'https://github.com/Neo23x0/signature-base'" >> "$global_pillar"
+	    fi
+	printf '%s\n'\
 		"curator:"\
 		"  hot_warm: False"\
 		"elastic:"\