handle airgap when detections not enabled

Security-Onion-Solutions · Mar 14, 2024 · 927fe90 · 927fe90
1 parent cc1356c
commit 927fe90
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/salt/soc/merged.map.jinja b/salt/soc/merged.map.jinja
@@ -35,16 +35,16 @@
 {%   do SOCMERGED.config.server.modules.pop('elastalertengine') %}
 {%   do SOCMERGED.config.server.modules.pop('strelkaengine') %}
 {%   do SOCMERGED.config.server.modules.pop('suricataengine') %}
+{% elif pillar.global.airgap %}
+  {# if system is Airgap, don't autoupdate Yara & Sigma rules #}
+  {%   do SOCMERGED.config.server.modules.elastalertengine.update({'autoUpdateEnabled': false}) %}
+  {%   do SOCMERGED.config.server.modules.strelkaengine.update({'autoUpdateEnabled': false}) %}
 {% endif %}
 
-{% if pillar.manager.playbook == 0 %}
-{%   do SOCMERGED.config.server.client.inactiveTools.append('toolPlaybook') %}
 {% endif %}
 
-{# if system is Airgap, don't autoupdate Yara & Sigma rules #}
-{% if pillar.global.airgap %}
-  {%   do SOCMERGED.config.server.modules.elastalertengine.update({'autoUpdateEnabled': false}) %}
-  {%   do SOCMERGED.config.server.modules.strelkaengine.update({'autoUpdateEnabled': false}) %}
+{% if pillar.manager.playbook == 0 %}
+{%   do SOCMERGED.config.server.client.inactiveTools.append('toolPlaybook') %}
 {% endif %}
 
 {% set standard_actions = SOCMERGED.config.pop('actions') %}