add state to add os patch schedule and state to apply patches - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/84

pillar/top.sls

@@ -1,4 +1,7 @@
 base:
+  '*':
+    - patch.os.{{ grains.id }}
+
   'G@role:so-sensor':
     - sensors.{{ grains.id }}
     - static

salt/patch/os.sls

@@ -0,0 +1,4 @@
+patch_os:
+  pkg.uptodate:
+    - name: patch_os
+    - refresh: True

salt/patch/schedule/os.sls

@@ -0,0 +1,32 @@
+{% if salt['pillar.get']('patch:os:schedule') != 'manual' and salt['pillar.get']('patch:os:schedule') != 'auto' %}
+
+patch_os_schedule:
+  schedule.present:
+    - function: state.sls
+    - job_args:
+      - patch.os
+    - when:
+  {% for day in pillar['patch']['os']['schedule'] %}
+    {% for day, time in day.iteritems() %}
+      {% for each_time in time %}
+        - {{day}} {{each_time}}
+      {% endfor %}
+    {% endfor %}
+  {% endfor %}
+    - splay:
+        start: 5
+        end: 10
+
+{% elif salt['pillar.get']('patch:os:schedule') == 'auto' %}
+
+patch_os_schedule:
+  schedule.present:
+    - function: state.sls
+    - job_args:
+      - patch.os
+    - minutes: 20
+    - splay:
+        start: 150
+        end: 300
+
+{% endif %}

salt/top.sls

@@ -5,6 +5,9 @@
 {%- set THEHIVE = salt['pillar.get']('master:thehive', '0') -%}
 {%- set PLAYBOOK = salt['pillar.get']('master:playbook', '0') -%}
 base:
+  '*':
+    - patch.schedule.os
+
   'G@role:so-sensor':
     - ca
     - ssl