Update soup

Merge pull request #12693 from Security-Onion-Solutions/dev
2025-12-06 09:12:45 +01:00 · 2024-04-04 09:34:42 -04:00 · 2024-04-03 15:58:56 -04:00 · 2024-04-01 11:37:59 -04:00 · 2024-04-01 11:26:43 -04:00 · 2024-04-01 11:25:29 -04:00
746 changed files with 5067 additions and 1010 deletions
--- a/.github/DISCUSSION_TEMPLATE/2-4.yml
+++ b/.github/DISCUSSION_TEMPLATE/2-4.yml
@@ -0,0 +1,190 @@
+body:
+  - type: markdown
+    attributes:
+      value: |
+        ⚠️ This category is solely for conversations related to Security Onion 2.4 ⚠️
+
+        If your organization needs more immediate, enterprise grade professional support, with one-on-one virtual meetings and screensharing, contact us via our website: https://securityonion.com/support
+  - type: dropdown
+    attributes:
+      label: Version
+      description: Which version of Security Onion 2.4.x are you asking about?
+      options:
+        -
+        - 2.4 Pre-release (Beta, Release Candidate)
+        - 2.4.10
+        - 2.4.20
+        - 2.4.30
+        - 2.4.40
+        - 2.4.50
+        - 2.4.60
+        - 2.4.70
+        - 2.4.80
+        - 2.4.90
+        - 2.4.100
+        - Other (please provide detail below)
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Installation Method
+      description: How did you install Security Onion?
+      options:
+        -
+        - Security Onion ISO image
+        - Network installation on Red Hat derivative like Oracle, Rocky, Alma, etc.
+        - Network installation on Ubuntu
+        - Network installation on Debian
+        - Other (please provide detail below)
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Description
+      description: >
+        Is this discussion about installation, configuration, upgrading, or other?
+      options:
+        -
+        - installation
+        - configuration
+        - upgrading
+        - other (please provide detail below)
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Installation Type
+      description: >
+        When you installed, did you choose Import, Eval, Standalone, Distributed, or something else?
+      options:
+        -
+        - Import
+        - Eval
+        - Standalone
+        - Distributed
+        - other (please provide detail below)
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Location
+      description: >
+        Is this deployment in the cloud, on-prem with Internet access, or airgap?
+      options:
+        -
+        - cloud
+        - on-prem with Internet access
+        - airgap
+        - other (please provide detail below)
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Hardware Specs
+      description: >
+        Does your hardware meet or exceed the minimum requirements for your installation type as shown at https://docs.securityonion.net/en/2.4/hardware.html?
+      options:
+        -
+        - Meets minimum requirements
+        - Exceeds minimum requirements
+        - Does not meet minimum requirements
+        - other (please provide detail below)
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: CPU
+      description: How many CPU cores do you have?
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: RAM
+      description: How much RAM do you have?
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Storage for /
+      description: How much storage do you have for the / partition?
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Storage for /nsm
+      description: How much storage do you have for the /nsm partition?
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Network Traffic Collection
+      description: >
+        Are you collecting network traffic from a tap or span port?
+      options:
+        -
+        - tap
+        - span port
+        - other (please provide detail below)
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Network Traffic Speeds
+      description: >
+        How much network traffic are you monitoring?
+      options:
+        -
+        - Less than 1Gbps
+        - 1Gbps to 10Gbps
+        - more than 10Gbps
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Status
+      description: >
+        Does SOC Grid show all services on all nodes as running OK?
+      options:
+        -
+        - Yes, all services on all nodes are running OK
+        - No, one or more services are failed (please provide detail below)
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Salt Status
+      description: >
+        Do you get any failures when you run "sudo salt-call state.highstate"?
+      options:
+        -
+        - Yes, there are salt failures (please provide detail below)
+        - No, there are no failures
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Logs
+      description: >
+        Are there any additional clues in /opt/so/log/?
+      options:
+        -
+        - Yes, there are additional clues in /opt/so/log/ (please provide detail below)
+        - No, there are no additional clues
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Detail
+      description: Please read our discussion guidelines at https://github.com/Security-Onion-Solutions/securityonion/discussions/1720 and then provide detailed information to help us help you.
+      placeholder: |-
+        STOP! Before typing, please read our discussion guidelines at https://github.com/Security-Onion-Solutions/securityonion/discussions/1720 in their entirety!
+
+        If your organization needs more immediate, enterprise grade professional support, with one-on-one virtual meetings and screensharing, contact us via our website: https://securityonion.com/support
+    validations:
+      required: true
+  - type: checkboxes
+    attributes:
+      label: Guidelines
+      options:
+        - label: I have read the discussion guidelines at https://github.com/Security-Onion-Solutions/securityonion/discussions/1720 and assert that I have followed the guidelines.
+          required: true
--- a/.github/workflows/close-threads.yml
+++ b/.github/workflows/close-threads.yml
@@ -0,0 +1,32 @@
+name: 'Close Threads'
+
+on:
+  schedule:
+    - cron: '50 1 * * *'
+  workflow_dispatch:
+
+permissions:
+  issues: write
+  pull-requests: write
+  discussions: write
+
+concurrency:
+  group: lock-threads
+
+jobs:
+  close-threads:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v5
+        with:
+          days-before-issue-stale: -1
+          days-before-issue-close: 60
+          stale-issue-message: "This issue is stale because it has been inactive for an extended period. Stale issues convey that the issue, while important to someone, is not critical enough for the author, or other community members to work on, sponsor, or otherwise shepherd the issue through to a resolution."
+          close-issue-message: "This issue was closed because it has been stale for an extended period. It will be automatically locked in 30 days, after which no further commenting will be available."
+          days-before-pr-stale: 45
+          days-before-pr-close: 60
+          stale-pr-message: "This PR is stale because it has been inactive for an extended period. The longer a PR remains stale the more out of date with the main branch it becomes."
+          close-pr-message: "This PR was closed because it has been stale for an extended period. It will be automatically locked in 30 days. If there is still a commitment to finishing this PR re-open it before it is locked."
--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -0,0 +1,25 @@
+name: 'Lock Threads'
+
+on:
+  schedule:
+    - cron: '50 2 * * *'
+  workflow_dispatch:
+
+permissions:
+  issues: write
+  pull-requests: write
+  discussions: write
+
+concurrency:
+  group: lock-threads
+
+jobs:
+  lock-threads:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: jertel/lock-threads@main
+        with:
+          include-discussion-currently-open: true
+          discussion-inactive-days: 90
+          issue-inactive-days: 30
+          pr-inactive-days: 30
--- a/README.md
+++ b/README.md
@@ -1,6 +1,20 @@
-## Security Onion 2.3.140
+## Security Onion 2.3

-Security Onion 2.3.140 is here!
+Security Onion 2.3 is here!
+
+## End Of Life Warning
+
+Security Onion 2.3 reaches End Of Life (EOL) on April 6, 2024:
+
+https://blog.securityonion.net/2023/10/6-month-eol-notice-for-security-onion-23.html
+
+For new installations, please see the 2.4 branch of this repo:
+
+https://github.com/Security-Onion-Solutions/securityonion/tree/2.4/main
+
+If you have an existing 2.3 installation and would like to migrate to 2.4, please see:
+
+https://docs.securityonion.net/en/2.4/appendix.html

 ## Screenshots

--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.140-20220718 ISO image built on 2022/07/18
+### 2.3.300-20240401 ISO image built on 2024/04/01



 ### Download and Verify

-2.3.140-20220718 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.140-20220718.iso
+2.3.300-20240401 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.300-20240401.iso

-MD5: 9570065548DBFA6230F28FF623A8B61A  
-SHA1: D48B2CC81DF459C3EBBC0C54BD9AAFAB4327CB75  
-SHA256: 0E31E15EDFD3392B9569FCCAF1E4518432ECB0D7A174CCA745F2F22CDAC4A034 
+MD5: 5CBDA8012D773C5EC362D21C4EA3B7FB  
+SHA1: 7A34FAA0E11F09F529FF38EC3239211CD87CB1A7  
+SHA256: 123066DAFBF6F2AA0E1924296CFEFE1213002D7760E8797AB74F1FC1D683C6D7 

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.140-20220718.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.300-20240401.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.140-20220718.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.300-20240401.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.140-20220718.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.300-20240401.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.140-20220718.iso.sig securityonion-2.3.140-20220718.iso
+gpg --verify securityonion-2.3.300-20240401.iso.sig securityonion-2.3.300-20240401.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Mon 18 Jul 2022 10:16:05 AM EDT using RSA key ID FE507013
+gpg: Signature made Wed 27 Mar 2024 05:09:33 PM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/2
+++ b/2
@@ -1 +1 @@
-2.3.140
+2.3.300
--- a/files/salt/master/master
+++ b/files/salt/master/master
@@ -67,7 +67,5 @@ peer:
 reactor:
  - 'so/fleet':
    - salt://reactor/fleet.sls
-  - 'salt/beacon/*/watch_sqlite_db//opt/so/conf/kratos/db/sqlite.db':
-    - salt://reactor/kratos.sls


--- a/pillar/zeek/init.sls
+++ b/pillar/zeek/init.sls
@@ -15,6 +15,7 @@ zeek:
    SpoolDir: /nsm/zeek/spool
    CfgDir: /opt/zeek/etc
    CompressLogs: 1
+    ZeekPort: 27760
  local:
    '@load':
      - misc/loaded-scripts
@@ -41,13 +42,27 @@ zeek:
      - frameworks/files/hash-all-files
      - frameworks/files/detect-MHR
      - policy/frameworks/notice/extend-email/hostnames
+      - policy/frameworks/notice/community-id
+      - policy/protocols/conn/community-id-logging
      - ja3
      - hassh
      - intel
      - cve-2020-0601
      - securityonion/bpfconf
-      - securityonion/communityid
      - securityonion/file-extraction
+      - oui-logging
+      - icsnpp-modbus
+      - icsnpp-dnp3
+      - icsnpp-bacnet
+      - icsnpp-ethercat
+      - icsnpp-enip
+      - icsnpp-opcua-binary
+      - icsnpp-bsap
+      - icsnpp-s7comm
+      - zeek-plugin-tds
+      - zeek-plugin-profinet
+      - zeek-spicy-wireguard
+      - zeek-spicy-stun
    '@load-sigs':
      - frameworks/signatures/detect-windows-shells
    redef:
--- a/salt/ca/files/signing_policies.conf
+++ b/salt/ca/files/signing_policies.conf
@@ -37,7 +37,7 @@ x509_signing_policies:
    - ST: Utah
    - L: Salt Lake City
    - basicConstraints: "critical CA:false"
-    - keyUsage: "critical keyEncipherment"
+    - keyUsage: "critical keyEncipherment, digitalSignature"
    - subjectKeyIdentifier: hash
    - authorityKeyIdentifier: keyid,issuer:always
    - extendedKeyUsage: serverAuth
--- a/salt/common/files/sensor-rotate.conf
+++ b/salt/common/files/sensor-rotate.conf
@@ -19,4 +19,17 @@
    extension .log
    dateext
    dateyesterday
-}
+}
+
+/opt/so/log/strelka/filecheck.log
+{
+    daily
+    rotate 14
+    missingok
+    copytruncate
+    compress
+    create
+    extension .log
+    dateext
+    dateyesterday
+}
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -38,15 +38,15 @@ socore:
 soconfperms:
  file.directory:
    - name: /opt/so/conf
-    - uid: 939
-    - gid: 939
+    - user: 939
+    - group: 939
    - dir_mode: 770

 sostatusconf:
  file.directory:
    - name: /opt/so/conf/so-status
-    - uid: 939
-    - gid: 939
+    - user: 939
+    - group: 939
    - dir_mode: 770

 so-status.conf:
@@ -57,8 +57,8 @@ so-status.conf:
 sosaltstackperms:
  file.directory:
    - name: /opt/so/saltstack
-    - uid: 939
-    - gid: 939
+    - user: 939
+    - group: 939
    - dir_mode: 770

 so_log_perms:
@@ -110,7 +110,6 @@ commonpkgs:
      - libssl-dev
      - python3-dateutil
      - python3-m2crypto
-      - python3-mysqldb
      - python3-packaging
      - python3-lxml
      - git
@@ -153,7 +152,6 @@ commonpkgs:
      - python36-docker
      - python36-dateutil
      - python36-m2crypto
-      - python36-mysql
      - python36-packaging
      - python36-lxml
      - yum-utils
@@ -170,6 +168,7 @@ heldpackages:
      - docker-ce: 3:20.10.5-3.el7
      - docker-ce-cli: 1:20.10.5-3.el7
      - docker-ce-rootless-extras: 20.10.5-3.el7
+      - python36-mysql: 1.3.12-2.el7
    - hold: True
    - update_holds: True
 {% endif %}
--- a/salt/common/tools/sbin/so-allow
+++ b/salt/common/tools/sbin/so-allow
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-allow-view
+++ b/salt/common/tools/sbin/so-allow-view
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-analyst-install
+++ b/salt/common/tools/sbin/so-analyst-install
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC

 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-checkin
+++ b/salt/common/tools/sbin/so-checkin
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-config-backup
+++ b/salt/common/tools/sbin/so-config-backup
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -13,7 +13,9 @@
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.. /usr/sbin/so-common
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
 {% set BACKUPLOCATIONS = salt['pillar.get']('backup:locations', {}) %}

 TODAY=$(date '+%Y_%m_%d')
@@ -35,7 +37,7 @@ if [ ! -f $BACKUPFILE ]; then
  {%- endfor %}
  tar -rf $BACKUPFILE /etc/pki
  tar -rf $BACKUPFILE /etc/salt
-  tar -rf $BACKUPFILE /opt/so/conf/kratos
+  tar -rf $BACKUPFILE /nsm/kratos

 fi

--- a/salt/common/tools/sbin/so-cortex-restart
+++ b/salt/common/tools/sbin/so-cortex-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-cortex-start
+++ b/salt/common/tools/sbin/so-cortex-start
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-cortex-stop
+++ b/salt/common/tools/sbin/so-cortex-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-cortex-user-add
+++ b/salt/common/tools/sbin/so-cortex-user-add
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-cortex-user-enable
+++ b/salt/common/tools/sbin/so-cortex-user-enable
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-curator-restart
+++ b/salt/common/tools/sbin/so-curator-restart
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-curator-start
+++ b/salt/common/tools/sbin/so-curator-start
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-curator-stop
+++ b/salt/common/tools/sbin/so-curator-stop
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-deny
+++ b/salt/common/tools/sbin/so-deny
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-docker-prune
+++ b/salt/common/tools/sbin/so-docker-prune
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-docker-refresh
+++ b/salt/common/tools/sbin/so-docker-refresh
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastalert-restart
+++ b/salt/common/tools/sbin/so-elastalert-restart
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastalert-start
+++ b/salt/common/tools/sbin/so-elastalert-start
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastalert-stop
+++ b/salt/common/tools/sbin/so-elastalert-stop
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastic-auth
+++ b/salt/common/tools/sbin/so-elastic-auth
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastic-auth-password-reset
+++ b/salt/common/tools/sbin/so-elastic-auth-password-reset
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC

 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastic-clear
+++ b/salt/common/tools/sbin/so-elastic-clear
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -14,7 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
+{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %}
 . /usr/sbin/so-common

 SKIP=0
--- a/salt/common/tools/sbin/so-elastic-diagnose
+++ b/salt/common/tools/sbin/so-elastic-diagnose
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastic-restart
+++ b/salt/common/tools/sbin/so-elastic-restart
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastic-start
+++ b/salt/common/tools/sbin/so-elastic-start
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastic-stop
+++ b/salt/common/tools/sbin/so-elastic-stop
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elasticsearch-component-templates-list
+++ b/salt/common/tools/sbin/so-elasticsearch-component-templates-list
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -14,7 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
+{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %}
 . /usr/sbin/so-common
 if [ "$1" == "" ]; then
    {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_component_template | jq '.component_templates[] |.name'| sort
--- a/salt/common/tools/sbin/so-elasticsearch-index-templates-list
+++ b/salt/common/tools/sbin/so-elasticsearch-index-templates-list
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -14,7 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
+{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %}
 . /usr/sbin/so-common
 if [ "$1" == "" ]; then
    {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_index_template | jq '.index_templates[] |.name'| sort
--- a/salt/common/tools/sbin/so-elasticsearch-indices-list
+++ b/salt/common/tools/sbin/so-elasticsearch-indices-list
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -14,7 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>
-{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
+{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %}

 . /usr/sbin/so-common

--- a/salt/common/tools/sbin/so-elasticsearch-indices-rw
+++ b/salt/common/tools/sbin/so-elasticsearch-indices-rw
@@ -1,7 +1,7 @@
 #!/bin/bash
 #
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elasticsearch-pipeline-stats
+++ b/salt/common/tools/sbin/so-elasticsearch-pipeline-stats
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -14,7 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>
-{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
+{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %}

 . /usr/sbin/so-common

--- a/salt/common/tools/sbin/so-elasticsearch-pipeline-view
+++ b/salt/common/tools/sbin/so-elasticsearch-pipeline-view
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -14,7 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>
-{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
+{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %}

 . /usr/sbin/so-common

--- a/salt/common/tools/sbin/so-elasticsearch-pipelines-list
+++ b/salt/common/tools/sbin/so-elasticsearch-pipelines-list
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -14,7 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
+{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %}
 . /usr/sbin/so-common
 if [ "$1" == "" ]; then
    {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/* | jq 'keys'
--- a/salt/common/tools/sbin/so-elasticsearch-query
+++ b/salt/common/tools/sbin/so-elasticsearch-query
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elasticsearch-restart
+++ b/salt/common/tools/sbin/so-elasticsearch-restart
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elasticsearch-shards-list
+++ b/salt/common/tools/sbin/so-elasticsearch-shards-list
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -14,7 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>
-{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
+{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %}

 . /usr/sbin/so-common

--- a/salt/common/tools/sbin/so-elasticsearch-start
+++ b/salt/common/tools/sbin/so-elasticsearch-start
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elasticsearch-stop
+++ b/salt/common/tools/sbin/so-elasticsearch-stop
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elasticsearch-template-remove
+++ b/salt/common/tools/sbin/so-elasticsearch-template-remove
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -14,7 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>
-{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
+{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %}

 . /usr/sbin/so-common

--- a/salt/common/tools/sbin/so-elasticsearch-template-view
+++ b/salt/common/tools/sbin/so-elasticsearch-template-view
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -14,7 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>
-{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
+{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %}

 . /usr/sbin/so-common

--- a/salt/common/tools/sbin/so-elasticsearch-templates-list
+++ b/salt/common/tools/sbin/so-elasticsearch-templates-list
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -14,7 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
+{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %}
 . /usr/sbin/so-common
 if [ "$1" == "" ]; then
    {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_template/* | jq 'keys'
--- a/salt/common/tools/sbin/so-filebeat-module-setup
+++ b/salt/common/tools/sbin/so-filebeat-module-setup
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-filebeat-restart
+++ b/salt/common/tools/sbin/so-filebeat-restart
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-filebeat-start
+++ b/salt/common/tools/sbin/so-filebeat-start
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-filebeat-stop
+++ b/salt/common/tools/sbin/so-filebeat-stop
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-firewall
+++ b/salt/common/tools/sbin/so-firewall
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-fleet-restart
+++ b/salt/common/tools/sbin/so-fleet-restart
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-fleet-start
+++ b/salt/common/tools/sbin/so-fleet-start
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-fleet-stop
+++ b/salt/common/tools/sbin/so-fleet-stop
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-fleet-user-add
+++ b/salt/common/tools/sbin/so-fleet-user-add
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -53,8 +53,10 @@ if [[ $? -ne 0 ]]; then
    exit 2
 fi

+TEMPPW=$FLEET_SA_PW!
+
 # Create New User
-CREATE_OUTPUT=$(docker exec so-fleet fleetctl user create --email $USER_EMAIL --name $USER_EMAIL --password $USER_PASS --global-role admin 2>&1)
+CREATE_OUTPUT=$(docker exec so-fleet fleetctl user create --email $USER_EMAIL --name $USER_EMAIL --password $TEMPPW --global-role admin 2>&1)

 if [[ $? -eq 0 ]]; then
    echo "Successfully added user to Fleet"
@@ -64,6 +66,9 @@ else
    exit 2
 fi

+# Reset New User Password to user supplied password
+echo "$USER_PASS" | so-fleet-user-update "$USER_EMAIL"
+
 # Disable forced password reset
 MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PW fleet -e \
 "UPDATE users SET admin_forced_password_reset = 0 WHERE email = '$USER_EMAIL'" 2>&1)
--- a/salt/common/tools/sbin/so-fleet-user-delete
+++ b/salt/common/tools/sbin/so-fleet-user-delete
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-fleet-user-update
+++ b/salt/common/tools/sbin/so-fleet-user-update
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-grafana-restart
+++ b/salt/common/tools/sbin/so-grafana-restart
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-grafana-start
+++ b/salt/common/tools/sbin/so-grafana-start
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-grafana-stop
+++ b/salt/common/tools/sbin/so-grafana-stop
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-idh-restart
+++ b/salt/common/tools/sbin/so-idh-restart
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-idh-start
+++ b/salt/common/tools/sbin/so-idh-start
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-idh-stop
+++ b/salt/common/tools/sbin/so-idh-stop
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-idstools-restart
+++ b/salt/common/tools/sbin/so-idstools-restart
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-idstools-start
+++ b/salt/common/tools/sbin/so-idstools-start
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-idstools-stop
+++ b/salt/common/tools/sbin/so-idstools-stop
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-image-common
+++ b/salt/common/tools/sbin/so-image-common
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-image-pull
+++ b/salt/common/tools/sbin/so-image-pull
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-import-evtx
+++ b/salt/common/tools/sbin/so-import-evtx
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,10 +18,10 @@
 {%- set MANAGER = salt['grains.get']('master') %}
 {%- set VERSION = salt['pillar.get']('global:soversion') %}
 {%- set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
-{%- set MANAGERIP = salt['pillar.get']('global:managerip') -%}
+{%- set MANAGERIP = salt['pillar.get']('global:managerip') %}
 {%- set URLBASE = salt['pillar.get']('global:url_base') %}
-{% set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
-{% set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}

 INDEX_DATE=$(date +'%Y.%m.%d')
 RUNID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1)
@@ -166,11 +166,11 @@ cat << EOF
 Import complete!

 You can use the following hyperlink to view data in the time range of your import.  You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser:
-https://{{ URLBASE }}/#/hunt?q=import.id:${RUNID}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC
+https://{{ URLBASE }}/#/dashboards?q=import.id:${RUNID}%20%7C%20groupby%20-sankey%20event.dataset%20event.category%2a%20%7C%20groupby%20-pie%20event.category%20%7C%20groupby%20-bar%20event.module%20%7C%20groupby%20event.dataset%20%7C%20groupby%20event.module%20%7C%20groupby%20event.category%20%7C%20groupby%20observer.name%20%7C%20groupby%20source.ip%20%7C%20groupby%20destination.ip%20%7C%20groupby%20destination.port&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC

 or you can manually set your Time Range to be (in UTC):
 From: $START_OLDEST_FORMATTED    To: $END_NEWEST

-Please note that it may take 30 seconds or more for events to appear in Hunt.
+Please note that it may take 30 seconds or more for events to appear in Security Onion Console.
 EOF
 fi
--- a/salt/common/tools/sbin/so-import-pcap
+++ b/salt/common/tools/sbin/so-import-pcap
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,7 +18,7 @@
 {%- set MANAGER = salt['grains.get']('master') %}
 {%- set VERSION = salt['pillar.get']('global:soversion') %}
 {%- set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
-{%- set MANAGERIP = salt['pillar.get']('global:managerip') -%}
+{%- set MANAGERIP = salt['pillar.get']('global:managerip') %}
 {%- set URLBASE = salt['pillar.get']('global:url_base') %}

 . /usr/sbin/so-common
@@ -214,11 +214,11 @@ cat << EOF
 Import complete!

 You can use the following hyperlink to view data in the time range of your import.  You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser:
-https://{{ URLBASE }}/#/hunt?q=import.id:${HASH}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC
+https://{{ URLBASE }}/#/dashboards?q=import.id:${HASH}%20%7C%20groupby%20-sankey%20event.dataset%20event.category%2a%20%7C%20groupby%20-pie%20event.category%20%7C%20groupby%20-bar%20event.module%20%7C%20groupby%20event.dataset%20%7C%20groupby%20event.module%20%7C%20groupby%20event.category%20%7C%20groupby%20observer.name%20%7C%20groupby%20source.ip%20%7C%20groupby%20destination.ip%20%7C%20groupby%20destination.port&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC

 or you can manually set your Time Range to be (in UTC):
 From: $START_OLDEST    To: $END_NEWEST

-Please note that it may take 30 seconds or more for events to appear in Hunt.
+Please note that it may take 30 seconds or more for events to appear in Security Onion Console.
 EOF
 fi
--- a/salt/common/tools/sbin/so-index-list
+++ b/salt/common/tools/sbin/so-index-list
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-influxdb-clean
+++ b/salt/common/tools/sbin/so-influxdb-clean
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-influxdb-downsample
+++ b/salt/common/tools/sbin/so-influxdb-downsample
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-influxdb-drop-autogen
+++ b/salt/common/tools/sbin/so-influxdb-drop-autogen
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-influxdb-restart
+++ b/salt/common/tools/sbin/so-influxdb-restart
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-influxdb-start
+++ b/salt/common/tools/sbin/so-influxdb-start
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-influxdb-stop
+++ b/salt/common/tools/sbin/so-influxdb-stop
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-kibana-config-export
+++ b/salt/common/tools/sbin/so-kibana-config-export
@@ -1,11 +1,6 @@
 #!/bin/bash
 #
-# {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager', False) -%}
-# {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node', False) -%}
-# {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', '') %}
-# {%- set MANAGER = salt['pillar.get']('global:url_base', '') %}
-#
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -19,6 +14,10 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+{%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager', False) %}
+{%- set FLEET_NODE = salt['pillar.get']('global:fleet_node', False) %}
+{%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', '') %}
+{%- set MANAGER = salt['pillar.get']('global:url_base', '') %}

 KIBANA_HOST={{ MANAGER }}
 KSO_PORT=5601
--- a/salt/common/tools/sbin/so-kibana-restart
+++ b/salt/common/tools/sbin/so-kibana-restart
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-kibana-savedobjects-defaults
+++ b/salt/common/tools/sbin/so-kibana-savedobjects-defaults
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-kibana-start
+++ b/salt/common/tools/sbin/so-kibana-start
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-kibana-stop
+++ b/salt/common/tools/sbin/so-kibana-stop
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-learn
+++ b/salt/common/tools/sbin/so-learn
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-logstash-events
+++ b/salt/common/tools/sbin/so-logstash-events
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-logstash-get-parsed
+++ b/salt/common/tools/sbin/so-logstash-get-parsed
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-logstash-get-unparsed
+++ b/salt/common/tools/sbin/so-logstash-get-unparsed
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-logstash-pipeline-stats
+++ b/salt/common/tools/sbin/so-logstash-pipeline-stats
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-logstash-restart
+++ b/salt/common/tools/sbin/so-logstash-restart
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-logstash-start
+++ b/salt/common/tools/sbin/so-logstash-start
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-logstash-stop
+++ b/salt/common/tools/sbin/so-logstash-stop
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-mysql-restart
+++ b/salt/common/tools/sbin/so-mysql-restart
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-mysql-start
+++ b/salt/common/tools/sbin/so-mysql-start
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-mysql-stop
+++ b/salt/common/tools/sbin/so-mysql-stop
@@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2023 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .3.140
 .3.300