Remove Claude Sonnet 4 model configuration

Removed configuration for Claude Sonnet 4 model.

salt/manager/tools/sbin/soup

@@ -1113,7 +1113,7 @@ suricata_idstools_removal_pre() {
 install -d -o 939 -g 939 -m 755 /opt/so/conf/soc/fingerprints
 install -o 939 -g 939 -m 644 /dev/null /opt/so/conf/soc/fingerprints/suricataengine.syncBlock
 cat > /opt/so/conf/soc/fingerprints/suricataengine.syncBlock << EOF
-Suricata ruleset sync is blocked until this file is removed. **CRITICAL** Make sure that you have manually added any custom Suricata rulesets via SOC config before removing this file - review the documentation for more details: https://docs.securityonion.net/en/2.4/nids.html#sync-block
+Suricata ruleset sync is blocked until this file is removed. Make sure that you have manually added any custom Suricata rulesets via SOC config - review the documentation for more details: securityonion.net/docs
 EOF
 
 # Remove possible symlink & create salt local rules dir
@@ -1131,7 +1131,6 @@ if [[ -f /opt/so/conf/soc/so-detections-backup.py ]]; then
     # Verify backup by comparing counts
     echo "Verifying detection overrides backup..."
     es_override_count=$(/sbin/so-elasticsearch-query 'so-detection/_count' \
-       --retry 5 --retry-delay 10 --retry-all-errors \
        -d '{"query": {"bool": {"must": [{"exists": {"field": "so_detection.overrides"}}]}}}' | jq -r '.count') || {
         echo "  Error: Failed to query Elasticsearch for override count"
         exit 1

salt/soc/defaults.yaml

@@ -2652,12 +2652,6 @@ soc:
           thresholdColorRatioMed: 0.75
           thresholdColorRatioMax: 1
           availableModels:
-            - id: sonnet-4
-              displayName: Claude Sonnet 4
-              contextLimitSmall: 200000
-              contextLimitLarge: 1000000
-              lowBalanceColorAlert: 500000
-              enabled: true
             - id: sonnet-4.5
               displayName: Claude Sonnet 4.5
               contextLimitSmall: 200000

salt/soc/soc_soc.yaml

@@ -608,18 +608,6 @@ soc:
                 label: Delete Unreferenced (Deletes rules that are no longer referenced by ruleset source)
                 forcedType: bool
                 required: False
-              - field: proxyURL
-                label: HTTP/HTTPS proxy URL for downloading the ruleset.
-                required: False
-              - field: proxyUsername
-                label: Proxy authentication username.
-                required: False
-              - field: proxyPassword
-                label: Proxy authentication password.
-                required: False
-              - field: proxyCACert
-                label: Path to CA certificate file for MITM proxy verification.
-                required: False
             airgap: *serulesetSources
         navigator:
           intervalMinutes:

salt/suricata/cron/so-suricata-rulestats

@@ -17,23 +17,14 @@ query() {
 
 STATS=$(query "ruleset-stats")
 RELOAD=$(query "ruleset-reload-time")
-[ -z "$RELOAD" ] && RELOAD='{}'
 
-# Outputs valid JSON on success, empty on failure
-OUTPUT=$(jq -n \
-    --argjson stats "$STATS" \
-    --argjson reload "$RELOAD" \
-    'if $stats.return == "OK" and ($stats.message[0].rules_loaded | type) == "number" and ($stats.message[0].rules_failed | type) == "number" then
-        {
-            rules_loaded: $stats.message[0].rules_loaded,
-            rules_failed: $stats.message[0].rules_failed,
-            last_reload: ($reload.message[0].last_reload // ""),
-            return: "OK"
-        }
-    else empty end' 2>/dev/null)
+if echo "$STATS" | jq -e '.return == "OK"' > /dev/null 2>&1; then
+    LOADED=$(echo "$STATS" | jq -r '.message[0].rules_loaded')
+    FAILED=$(echo "$STATS" | jq -r '.message[0].rules_failed')
+    LAST_RELOAD=$(echo "$RELOAD" | jq -r '.message[0].last_reload')
 
-if [ -n "$OUTPUT" ]; then
-    echo "$OUTPUT" > "$OUTFILE"
+    jq -n --argjson loaded "$LOADED" --argjson failed "$FAILED" --arg reload "$LAST_RELOAD" \
+        '{rules_loaded: $loaded, rules_failed: $failed, last_reload: $reload, return: "OK"}' > "$OUTFILE"
 else
     echo '{"return":"FAIL"}' > "$OUTFILE"
 fi

salt/telegraf/scripts/surirules.sh

@@ -18,15 +18,11 @@ if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
     if [ -f "$STATSFILE" ] && [ $(($(date +%s) - $(stat -c %Y "$STATSFILE"))) -lt 90 ] && jq -e '.return == "OK" and .rules_loaded != null and .rules_failed != null' "$STATSFILE" > /dev/null 2>&1; then
         LOADED=$(jq -r '.rules_loaded' "$STATSFILE")
         FAILED=$(jq -r '.rules_failed' "$STATSFILE")
-        RELOAD_TIME=$(jq -r 'if .last_reload then .last_reload else "" end' "$STATSFILE")
+        RELOAD_TIME=$(jq -r '.last_reload // ""' "$STATSFILE")
 
-        if [ -n "$RELOAD_TIME" ]; then
-            echo "surirules loaded=${LOADED}i,failed=${FAILED}i,reload_time=\"${RELOAD_TIME}\",status=\"ok\""
-        else
-            echo "surirules loaded=${LOADED}i,failed=${FAILED}i,status=\"ok\""
-        fi
+        echo "surirules loaded=${LOADED}i,failed=${FAILED}i,reload_time=\"${RELOAD_TIME}\",status=\"ok\""
     else
-        echo "surirules loaded=0i,failed=0i,status=\"unknown\""
+        echo "surirules loaded=0i,failed=0i,reload_time=\"\",status=\"unknown\""
     fi
 
 fi