From 383714ec06f349cfeec001874d1233af0e3f8726 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 15 Sep 2022 12:38:55 -0400
Subject: [PATCH 1/3] Fix pcap error

---
 salt/pcap/soc_pcap.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/pcap/soc_pcap.yaml b/salt/pcap/soc_pcap.yaml
index 053874da6..2ed91bd7f 100644
--- a/salt/pcap/soc_pcap.yaml
+++ b/salt/pcap/soc_pcap.yaml
@@ -1,6 +1,6 @@
 pcap:
   enabled: 
-  description: Enable or Disable Stenographer on all sensors or a single sensor
+    description: Enable or Disable Stenographer on all sensors or a single sensor
   config:
     maxdirectoryfiles:
       description: The maximum number of packet/index files to create before deleting old files. The default is about 8 days regardless of free space. 

From 73d45bd9fc8e8e7f408fd1233dfe86a9a2462903 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 15 Sep 2022 12:56:02 -0400
Subject: [PATCH 2/3] Update defaults for Steno

---
 salt/pcap/defaults.yaml | 4 ++--
 salt/pcap/soc_pcap.yaml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/salt/pcap/defaults.yaml b/salt/pcap/defaults.yaml
index bb93ec6cc..701cde04d 100644
--- a/salt/pcap/defaults.yaml
+++ b/salt/pcap/defaults.yaml
@@ -6,6 +6,6 @@ pcap:
         blocks: 2048
         preallocate_file_mb: 4096
         aiops: 128
-        stenopin: False
-        stenopins: []
+        pin_to_cpu: False
+        cpus_to_pin_to: []
         disks: []
\ No newline at end of file
diff --git a/salt/pcap/soc_pcap.yaml b/salt/pcap/soc_pcap.yaml
index 2ed91bd7f..321e93713 100644
--- a/salt/pcap/soc_pcap.yaml
+++ b/salt/pcap/soc_pcap.yaml
@@ -18,7 +18,7 @@ pcap:
     pin_to_cpu:
       description: Enable CPU pinning for PCAP.
     cpus_to_pin_to:
-      description: CPU to pin PCAP to. Currently only a single SPU is supported
+      description: CPU to pin PCAP to. Currently only a single CPU is supported
     disks:
       description: List of disks to use for PCAP. This is currently not used.
       advanced: True

From 7d6e847f86481c4249e1645f2d8917d611d303ac Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 15 Sep 2022 13:11:03 -0400
Subject: [PATCH 3/3] Fix Zeek PIllar

---
 salt/common/tools/sbin/so-minion  |  3 ++-
 salt/suricata/afpacket.map.jinja  | 14 --------------
 salt/suricata/threading.map.jinja | 32 -------------------------------
 3 files changed, 2 insertions(+), 47 deletions(-)
 delete mode 100644 salt/suricata/afpacket.map.jinja
 delete mode 100644 salt/suricata/threading.map.jinja

diff --git a/salt/common/tools/sbin/so-minion b/salt/common/tools/sbin/so-minion
index adaf1d344..3bfd626ad 100755
--- a/salt/common/tools/sbin/so-minion
+++ b/salt/common/tools/sbin/so-minion
@@ -165,7 +165,8 @@ function add_sensor_to_minion() {
 	echo "  mtu: 9000" >> $PILLARFILE
 	echo "zeek:" >> $PILLARFILE
 	echo "    config:" >> $PILLARFILE
-	echo "        lb_procs: '$CORECOUNT'" >> $PILLARFILE
+	echo "        node:" >> $PILLARFILE
+	echo "            lb_procs: '$CORECOUNT'" >> $PILLARFILE
 	echo "suricata:" >> $PILLARFILE
 	echo "    config:" >> $PILLARFILE
 	echo "        af-packet:" >> $PILLARFILE
diff --git a/salt/suricata/afpacket.map.jinja b/salt/suricata/afpacket.map.jinja
deleted file mode 100644
index 2c575c456..000000000
--- a/salt/suricata/afpacket.map.jinja
+++ /dev/null
@@ -1,14 +0,0 @@
-{% import_yaml 'suricata/defaults.yaml' as suricata_defaults with context %}
-{% set suricata_pillar = pillar.suricata %}
-{% set surimerge = salt['defaults.merge'](suricata_defaults, suricata_pillar, in_place=False)
-{% load_yaml as afpacket %}
-af-packet:
-  - interface: {{ surimerge.suricata.config.af-packet.interface }}
-    cluster-id: {{ surimerge.suricata.config.af-packet.cluster-id }}
-    cluster-type: {{ surimerge.suricata.config.af-packet.cluster-type }}
-    defrag: {{ surimerge.suricata.config.af-packet.defrag }}
-    use-mmap: {{ surimerge.suricata.config.af-packet.use-mmap }}
-    threads: {{ surimerge.suricata.config.af-packet.threads }}
-    tpacket-v3: {{ surimerge.suricata.config.af-packet.tpacket-v3 }}
-    ring-size: {{ surimerge.suricata.config.af-packet.ring-size }}
-{% endload %}
diff --git a/salt/suricata/threading.map.jinja b/salt/suricata/threading.map.jinja
deleted file mode 100644
index 16bffb165..000000000
--- a/salt/suricata/threading.map.jinja
+++ /dev/null
@@ -1,32 +0,0 @@
-{% if salt['pillar.get']('sensor:suripins') %}
-  {% load_yaml as cpu_affinity%}
-cpu-affinity:
-  - management-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]  # include only these cpus in affinity settings
-  - receive-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]  # include only these cpus in affinity settings
-  - worker-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]
-      mode: "exclusive"
-      threads: {{ salt['pillar.get']('sensor:suripins')|length }}
-      prio:
-        default: "high"
-  {% endload %}
-{% elif salt['pillar.get']('sensor:suriprocs') %}
-  {% load_yaml as cpu_affinity%}
-cpu-affinity:
-  - management-cpu-set:
-      cpu: [ all ]  # include only these CPUs in affinity settings
-  - receive-cpu-set:
-      cpu: [ all ]  # include only these CPUs in affinity settings
-  - worker-cpu-set:
-      cpu: [ "all" ]
-      mode: "exclusive"
-      threads: {{ salt['pillar.get']('sensor:suriprocs') }}
-      prio:
-        low: [ 0 ]
-        medium: [ "1-2" ]
-        high: [ 3 ]
-        default: "high"
-  {% endload %}
-{% endif %}