From 6769386c86e173678b39cb683ea561e5698340dc Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Thu, 22 Jun 2023 10:59:24 -0600
Subject: [PATCH] Change upload path

---
 salt/soc/defaults.yaml | 16 ++++++++--------
 salt/soc/enabled.sls   |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 8eb222e01..156446b7f 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -580,18 +580,18 @@ soc:
         - event.dataset
         - process.executable
         - user.name
-      '::process_terminated': 
+      '::process_terminated':
         - soc_timestamp
         - process.executable
         - process.pid
         - winlog.computer_name
-      '::file_create': 
+      '::file_create':
         - soc_timestamp
         - file.target
         - process.executable
         - process.pid
         - winlog.computer_name
-      '::registry_value_set': 
+      '::registry_value_set':
         - soc_timestamp
         - winlog.event_data.TargetObject
         - process.executable
@@ -1000,13 +1000,13 @@ soc:
         -  destination.port
         -  tds.header_type
         -  log.id.uid
-        -  event.dataset    
+        -  event.dataset
     server:
       bindAddress: 0.0.0.0:9822
       baseUrl: /
       maxPacketCount: 5000
       htmlDir: html
-      importUploadDir: /opt/sensoroni/uploads
+      importUploadDir: /nsm/soc/uploads
       airgapEnabled: false
       modules:
         cases: soc
@@ -1034,7 +1034,7 @@ soc:
           asyncThreshold: 10
         influxdb:
           hostUrl:
-          token: 
+          token:
           org: Security Onion
           bucket: telegraf/so_short_term
           verifyCert: false
@@ -1409,7 +1409,7 @@ soc:
             - name: Host Registry Changes
               description: Windows Registry changes
               query: 'event.category: registry | groupby -sankey event.action host.name | groupby event.dataset event.action | groupby host.name | groupby process.executable | groupby registry.path | groupby process.executable registry.path'
-            - name: Host DNS & Process Mappings 
+            - name: Host DNS & Process Mappings
               description: DNS queries mapped to originating processes
               query: 'event.category: network AND _exists_:process.executable  AND (_exists_:dns.question.name OR _exists_:dns.answers.data)  | groupby -sankey host.name dns.question.name | groupby event.dataset event.type | groupby host.name | groupby process.executable | groupby dns.question.name | groupby dns.answers.data'
             - name: Host Process Activity
@@ -1686,7 +1686,7 @@ soc:
             - name: Templates
               query: 'so_case.category:template'
         case:
-          analyzerNodeId: 
+          analyzerNodeId:
           mostRecentlyUsedLimit: 5
           renderAbbreviatedCount: 30
           presets:
diff --git a/salt/soc/enabled.sls b/salt/soc/enabled.sls
index c5e116db2..4169f90ca 100644
--- a/salt/soc/enabled.sls
+++ b/salt/soc/enabled.sls
@@ -23,7 +23,7 @@ so-soc:
         - ipv4_address: {{ DOCKER.containers['so-soc'].ip }}
     - binds:
       - /nsm/soc/jobs:/opt/sensoroni/jobs:rw
-      - /nsm/soc/uploads:/opt/sensoroni/uploads:rw
+      - /nsm/soc/uploads:/nsm/soc/uploads:rw
       - /opt/so/log/soc/:/opt/sensoroni/logs/:rw
       - /opt/so/conf/soc/soc.json:/opt/sensoroni/sensoroni.json:ro
       - /opt/so/conf/soc/motd.md:/opt/sensoroni/html/motd.md:ro