Merge remote-tracking branch 'origin/2.4/dev' into vlb2

salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup

@@ -79,7 +79,7 @@ if DEFAULTPOLICY=$(fleet_api "outputs/fleet-default-output"); then
     fleet_default=$(echo "$DEFAULTPOLICY" | jq -er '.item.is_default')
     fleet_default_monitoring=$(echo "$DEFAULTPOLICY" | jq -er '.item.is_default_monitoring')
 #   Check that fleet-default-output isn't configured as a default for anything ( both variables return false )
-    if [[ $fleet_default ]] && [[ $fleet_default_monitoring ]]; then
+    if [[ ! $fleet_default ]] && [[ ! $fleet_default_monitoring ]]; then
         echo -e "\nso-manager_elasticsearch is configured as the current default policy..."
     else
         echo -e "\nVerification of so-manager_elasticsearch policy failed... The default 'fleet-default-output' output is still active..."

salt/kratos/enabled.sls

@@ -54,6 +54,9 @@ so-kratos:
       - file: kratosconfig
       - file: kratoslogdir
       - file: kratosdir
+    - retry:
+        attempts: 10
+        interval: 10
 
 delete_so-kratos_so-status.disabled:
   file.uncomment:

salt/soc/defaults.yaml

@@ -2545,7 +2545,7 @@ soc:
               level: 'high'  # info | low | medium | high | critical
         assistant:
           enabled: false
-          investigationPrompt: Investigate Alert ID {socid}
+          investigationPrompt: Investigate Alert ID {socId}
           contextLimitSmall: 200000
           contextLimitLarge: 1000000
           thresholdColorRatioLow: 0.5