top and seed registry for importpcap node

salt/top.sls

@@ -386,3 +386,21 @@ base:
     - fleet
     - fleet.install_package
     - filebeat
+
+  '*_importpcap and G@saltversion:{{saltversion}}':
+    - match: compound
+    - ca
+    - ssl
+    - registry
+    - manager
+    - common
+    - nginx
+    - soc
+    - firewall
+    - suricata.manager
+    - elasticsearch
+    - kibana
+    - suricata
+    - filebeat
+    - utility
+    - schedule

setup/so-functions

@@ -718,6 +718,20 @@ docker_seed_registry() {
 	local VERSION="$SOVERSION"
 
 	if ! [ -f /nsm/docker-registry/docker/registry.tar ]; then
+	    if [ "$install_type" == 'IMPORTPCAP' ]; then
+		local TRUSTED_CONTAINERS=(\
+			"so-nginx:$VERSION" \
+			"so-filebeat:$VERSION" \
+			"so-suricata:$VERSION" \
+			"so-soc:$VERSION" \
+			"so-elasticsearch:$VERSION" \
+			"so-kibana:$VERSION" \
+			"so-kratos:$VERSION" \
+			"so-suricata:$VERSION" \
+			"so-registry:$VERSION" \			
+			"so-zeek:$VERSION"
+		)
+		else
 		local TRUSTED_CONTAINERS=(\
 			"so-nginx:$VERSION" \
 			"so-filebeat:$VERSION" \
@@ -729,7 +743,8 @@ docker_seed_registry() {
 			"so-telegraf:$VERSION" \
 			"so-zeek:$VERSION"
 		)
-		if [ "$install_type" != 'HELIXSENSOR' ]; then
+		fi
+		if [ "$install_type" != 'HELIXSENSOR' ] && [ "$install_type" != 'IMPORTPCAP' ]; then
 			TRUSTED_CONTAINERS=("${TRUSTED_CONTAINERS[@]}" \
 				"so-acng:$VERSION" \
 				"so-thehive-cortex:$VERSION" \

setup/so-setup

@@ -529,10 +529,10 @@ fi
 			set_progress_str 26 'Downloading containers from the internet'
 		fi
 
-		if [[ ! $is_importpcap ]]; then
+
 		salt-call state.apply -l info registry >> $setup_log 2>&1
 		docker_seed_registry  2>> "$setup_log" # ~ 60% when finished
-		fi
+
 		
 		set_progress_str 60 "$(print_salt_state_apply 'manager')"
 		salt-call state.apply -l info manager >> $setup_log 2>&1