securityonion/salt/strelka/filecheck/map.jinja

{% from 'vars/globals.map.jinja' import GLOBALS %}
{% import_yaml 'strelka/filecheck/defaults.yaml' as FILECHECKDEFAULTS %}

{% if GLOBALS.md_engine == "SURICATA" %}
{%   set extract_path = '/nsm/suricata/extracted' %}
{%   set filecheck_runas = 'suricata' %}
{% else %}
{%   set extract_path = '/nsm/zeek/extracted/complete' %}
{%   set filecheck_runas = 'socore' %}
{% endif %}

{% do FILECHECKDEFAULTS.filecheck.update({'extract_path': extract_path}) %}