From 89eb2d0a8b0e49f61bddb3fcf109c9b2e58a014c Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 16 Feb 2022 14:24:58 -0500
Subject: [PATCH 1/3] Add netowrks.cfg to Zeek

---
 salt/zeek/files/networks.cfg |  6 ++++++
 salt/zeek/init.sls           | 10 ++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 salt/zeek/files/networks.cfg

diff --git a/salt/zeek/files/networks.cfg b/salt/zeek/files/networks.cfg
new file mode 100644
index 000000000..b11ce7c4c
--- /dev/null
+++ b/salt/zeek/files/networks.cfg
@@ -0,0 +1,6 @@
+{%- if salt['pillar.get']('sensor:hnsensor') %}
+{%- set HOME_NET = salt['pillar.get']('sensor:hnsensor') %}
+{%- else %}
+{%- set HOME_NET = salt['pillar.get']('global:hnmanager') %}"
+{%- endif %}
+{{ HOME_NET }}
\ No newline at end of file
diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index 277a523a8..85c665c2a 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -127,6 +127,14 @@ nodecfg:
     - group: 939
     - template: jinja
 
+networkscfg:
+  file.managed:
+    - name: /opt/so/conf/zeek/netowrks.cfg
+    - source: salt://zeek/files/networks.cfg
+    - user: 937
+    - group: 939
+    - template: jinja
+
 #zeekcleanscript:
 #  file.managed:
 #    - name: /usr/local/bin/zeek_clean
@@ -209,6 +217,7 @@ so-zeek:
       - /nsm/zeek/extracted:/nsm/zeek/extracted:rw
       - /opt/so/conf/zeek/local.zeek:/opt/zeek/share/zeek/site/local.zeek:ro
       - /opt/so/conf/zeek/node.cfg:/opt/zeek/etc/node.cfg:ro
+      - /opt/so/conf/zeek/networks.cfg:/opt/zeek/etc/networks.cfg:ro
       - /opt/so/conf/zeek/zeekctl.cfg:/opt/zeek/etc/zeekctl.cfg:ro
       - /opt/so/conf/zeek/policy/securityonion:/opt/zeek/share/zeek/policy/securityonion:ro
       - /opt/so/conf/zeek/policy/custom:/opt/zeek/share/zeek/policy/custom:ro
@@ -219,6 +228,7 @@ so-zeek:
     - watch:
       - file: /opt/so/conf/zeek/local.zeek
       - file: /opt/so/conf/zeek/node.cfg
+      - file: /opt/so/conf/zeek/networks.cfg
       - file: /opt/so/conf/zeek/zeekctl.cfg
       - file: /opt/so/conf/zeek/policy
       - file: /opt/so/conf/zeek/bpf

From 3e194c9b4b743f8ee5f20a21d059e42bcabb0d57 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 17 Feb 2022 11:33:22 -0500
Subject: [PATCH 2/3] Walk the homenet for zeek

---
 salt/zeek/files/networks.cfg | 7 +++++--
 salt/zeek/init.sls           | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/salt/zeek/files/networks.cfg b/salt/zeek/files/networks.cfg
index b11ce7c4c..9d0884d26 100644
--- a/salt/zeek/files/networks.cfg
+++ b/salt/zeek/files/networks.cfg
@@ -1,6 +1,9 @@
 {%- if salt['pillar.get']('sensor:hnsensor') %}
 {%- set HOME_NET = salt['pillar.get']('sensor:hnsensor') %}
 {%- else %}
-{%- set HOME_NET = salt['pillar.get']('global:hnmanager') %}"
+{%- set HOME_NET = salt['pillar.get']('global:hnmanager') %}
 {%- endif %}
-{{ HOME_NET }}
\ No newline at end of file
+{%- set HNLIST = HOME_NET.split(',')}
+{%- for HN in HNLIST %}
+{{ HN }}
+{%- endfor %}S
\ No newline at end of file
diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index 85c665c2a..39f4b8023 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -129,7 +129,7 @@ nodecfg:
 
 networkscfg:
   file.managed:
-    - name: /opt/so/conf/zeek/netowrks.cfg
+    - name: /opt/so/conf/zeek/networks.cfg
     - source: salt://zeek/files/networks.cfg
     - user: 937
     - group: 939

From 95eab616159b5640d862ea93a0570b594db6654c Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Fri, 18 Feb 2022 11:06:33 -0500
Subject: [PATCH 3/3] Rename to the .jinja standard

---
 salt/zeek/files/{networks.cfg => networks.cfg.jinja} | 0
 salt/zeek/init.sls                                   | 2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename salt/zeek/files/{networks.cfg => networks.cfg.jinja} (100%)

diff --git a/salt/zeek/files/networks.cfg b/salt/zeek/files/networks.cfg.jinja
similarity index 100%
rename from salt/zeek/files/networks.cfg
rename to salt/zeek/files/networks.cfg.jinja
diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index 39f4b8023..ff91762f5 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -130,7 +130,7 @@ nodecfg:
 networkscfg:
   file.managed:
     - name: /opt/so/conf/zeek/networks.cfg
-    - source: salt://zeek/files/networks.cfg
+    - source: salt://zeek/files/networks.cfg.jinja
     - user: 937
     - group: 939
     - template: jinja