Removed uneeded bind

Add context
2025-12-06 01:02:46 +01:00 · 2025-11-29 15:40:10 -05:00 · 2025-11-29 15:17:28 -05:00
3 changed files with 6 additions and 5 deletions
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -1234,11 +1234,12 @@ check_config_file() {
        echo "Does not match known default - custom configuration detected"
        echo "Custom $file_display_name detected (hash: $file_hash)" >> /opt/so/conf/soc/fingerprints/suricataengine.syncBlock

-        # If this is so-rule-update, check for ETPRO key
+        # If this is so-rule-update, check for ETPRO license code and write out to the syncBlock file
+        # If ETPRO is enabled, the license code already exists in the so-rule-update script, this is just making it easier to migrate
        if [[ "$file_display_name" == "so-rule-update" ]]; then
-            etpro_key=$(grep -oP '\-\-etpro=\K[0-9a-fA-F]+' "$file" 2>/dev/null || true)
-            if [[ -n "$etpro_key" ]]; then
-                echo "ETPRO key found: $etpro_key" >> /opt/so/conf/soc/fingerprints/suricataengine.syncBlock
+            etpro_code=$(grep -oP '\-\-etpro=\K[0-9a-fA-F]+' "$file" 2>/dev/null || true)
+            if [[ -n "$etpro_code" ]]; then
+                echo "ETPRO code found: $etpro_code" >> /opt/so/conf/soc/fingerprints/suricataengine.syncBlock
            fi
        fi

--- a/salt/soc/enabled.sls
+++ b/salt/soc/enabled.sls
@@ -26,7 +26,6 @@ so-soc:
      - /nsm/rules:/nsm/rules:rw
      - /opt/so/conf/strelka:/opt/sensoroni/yara:rw
      - /opt/so/conf/sigma:/opt/sensoroni/sigma:rw
-      - /opt/so/conf/suricata:/opt/sensoroni/suricata:rw
      - /opt/so/rules/elastalert/rules:/opt/sensoroni/elastalert:rw
      - /opt/so/saltstack/local/salt/suricata/rules:/opt/sensoroni/suricata/rules:rw
      - /opt/so/saltstack/local/salt/suricata/files:/opt/sensoroni/suricata/threshold:rw
--- a/salt/soc/merged.map.jinja
+++ b/salt/soc/merged.map.jinja
@@ -108,6 +108,7 @@
 {%     if ruleset.name == 'Emerging-Threats' %}
 {%       if ruleset.licenseKey and ruleset.licenseKey != '' %}
 {#         License key is defined - transform to ETPRO #}
+{#         Engine Version is hardcoded in the URL - this does not change often: https://community.emergingthreats.net/t/supported-engines/71 #}
 {%         do ruleset.update({
             'name': 'ETPRO',
             'sourcePath': 'https://rules.emergingthreatspro.com/' ~ ruleset.licenseKey ~ '/suricata-7.0.3/etpro.rules.tar.gz',
Author	SHA1	Message	Date
DefensiveDepth	87477ae4f6	Removed uneeded bind	2025-11-29 15:40:10 -05:00
DefensiveDepth	89a9106d79	Add context	2025-11-29 15:17:28 -05:00