Merge pull request #2320 from Security-Onion-Solutions/issue/2319

zeek file extraction can now be manipulated with zeek pillar
2025-12-08 02:02:50 +01:00 · 2020-12-11 14:38:10 -05:00
parent eb735c7289 09b3a4a0dd
commit e4eea6a616
1 changed files with 3 additions and 2 deletions
--- a/salt/zeek/policy/securityonion/file-extraction/extract.zeek
+++ b/salt/zeek/policy/securityonion/file-extraction/extract.zeek
@@ -1,4 +1,5 @@
-{%- import_yaml "zeek/fileextraction_defaults.yaml" as zeek with context %}
+{% import_yaml "zeek/fileextraction_defaults.yaml" as zeek_default -%}
+{% set zeek = salt['grains.filter_by'](zeek_default, default='zeek', merge=salt['pillar.get']('zeek', {})) -%}
 # Directory to stage Zeek extracted files before processing
 redef FileExtract::prefix = "/nsm/zeek/extracted/";
 # Set a limit to the file size
@@ -6,7 +7,7 @@ redef FileExtract::default_limit = 9000000;
 # These are the mimetypes we want to rip off the networks
 export {
    global _mime_whitelist: table[string] of string = {
-        {%- for li in zeek.zeek.policy.file_extraction %}
+        {%- for li in zeek.policy.file_extraction %}
          {%- if not loop.last %}
          {%- for k,v in li.items() %}
        ["{{ k }}"] = "{{ v }}",