From d2397c3c1c1309176ab6dce8915e03a89a7d3653 Mon Sep 17 00:00:00 2001
From: defensivedepth <josh@defensivedepth.com>
Date: Tue, 24 Sep 2024 13:03:51 -0400
Subject: [PATCH] Refactor cron logic

---
 salt/elasticfleet/config.sls | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/salt/elasticfleet/config.sls b/salt/elasticfleet/config.sls
index 4ff284ffa..d29b9ddb2 100644
--- a/salt/elasticfleet/config.sls
+++ b/salt/elasticfleet/config.sls
@@ -113,8 +113,12 @@ elasticdefendcustom:
     - mode: 600
 
 {% if ELASTICFLEETMERGED.config.defend_filters.enable_auto_configuration %}
-cron-elastic-defend-filters-add:
-  cron.present:
+{%   set ap = "present" %}
+{% else %}
+{%   set ap = "absent" %}
+{% endif %}
+cron-elastic-defend-filters:
+  cron.{{ap}}:
     - name: python3 /sbin/so-elastic-defend-manage-filters.py -c /opt/so/conf/elasticsearch/curl.config -d /opt/so/conf/elastic-fleet/defend-exclusions/disabled-filters.yaml -i /nsm/securityonion-resources/event_filters/ -i /opt/so/conf/elastic-fleet/defend-exclusions/rulesets/custom-filters/ &>> /opt/so/log/elasticfleet/elastic-defend-manage-filters.log
     - identifier: elastic-defend-filters
     - user: root
@@ -123,11 +127,6 @@ cron-elastic-defend-filters-add:
     - daymonth: '*'
     - month: '*'
     - dayweek: '*'
-{% else %}
-cron-elastic-defend-filters-remove:
-  cron.absent:
-    - identifier: elastic-defend-filters
-{% endif %}
 
 eaintegrationsdir:
   file.directory: