Josh Patterson
dfdb1fbaeb
The active-push tunables (enabled, highstate_interval_hours, debounce_seconds,
drain_interval, batch, batch_wait) described how Salt auto-applies changes, not
general grid config, so relocate them from the global namespace to a new
salt.auto_apply settings module.
- Add salt/salt/{defaults.yaml,auto_apply.map.jinja,soc_salt.yaml,adv_salt.yaml}.
auto_apply.map.jinja is a dedicated, side-effect-free merge map (the existing
salt/salt/map.jinja dereferences pillar.host.mainint at import time).
- Remove the push blocks from salt/global/{defaults,soc_global}.yaml.
- Register salt.soc_salt/salt.adv_salt in pillar/top.sls; seed the local pillar
stubs for fresh installs (make_some_dirs) and upgrades (ensure_salt_local_pillar
in soup, wired into up_to_3.2.0).
- Repoint all consumers: GLOBALMERGED.push.* -> AUTOAPPLY.* (schedule, salt
master, manager beacons, beacons_pushstate, orch.push_batch) and
pillar.get('global:push...') -> 'salt:auto_apply...' (push reactors,
so-push-drainer).
- Add a salt: fleetwide-highstate entry to pillar_push_map.yaml so edits keep
applying immediately, matching the prior global-namespace behavior.
Security Onion
Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes a comprehensive suite of tools designed to work together to provide visibility into your network and host activity.
✨ Features
Security Onion includes everything you need to monitor your network and host systems:
- Security Onion Console (SOC): A unified web interface for analyzing security events and managing your grid.
- Elastic Stack: Powerful search backed by Elasticsearch.
- Intrusion Detection: Network-based IDS with Suricata and host-based monitoring with Elastic Fleet.
- Network Metadata: Detailed network metadata generated by Zeek or Suricata.
- Full Packet Capture: Retain and analyze raw network traffic with Suricata PCAP.
⭐ Security Onion Pro
For organizations and enterprises requiring advanced capabilities, Security Onion Pro offers additional features designed for scale and efficiency:
- Onion AI: Leverage powerful AI-driven insights to accelerate your analysis and investigations.
- Enterprise Features: Enhanced tools and integrations tailored for enterprise-grade security operations.
For more information, visit the Security Onion Pro page.
☁️ Cloud Deployment
Security Onion is available and ready to deploy in the AWS, Azure, and Google Cloud (GCP) marketplaces.
🚀 Getting Started
| Goal | Resource |
|---|---|
| Download | Security Onion ISO |
| Requirements | Hardware Guide |
| Install | Installation Instructions |
| What's New | Release Notes |
📖 Documentation & Support
For more detailed information, please visit our Documentation.
- FAQ: Frequently Asked Questions
- Community: Discussions & Support
- Training: Official Training
🤝 Contributing
We welcome contributions! Please see our CONTRIBUTING.md for guidelines on how to get involved.
🛡️ License
Security Onion is licensed under the terms of the license found in the LICENSE file.
Built with 🧅 by Security Onion Solutions.