Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
Then i run the command
sudo salt sensorname_standalone state.apply idstools
To which i receive the following error message:
Data failed to compile:
Pillar failed to render with the following messages:
Rendering SLS 'minions.p-sn-so-01_standalone' failed. Please see master log for details.
If i remove my edits from /opt/so/saltstack/local/pillar/minions/sensorname_standalone.sls and run
sudo salt sensorname_standalone state.apply idstools
It will succeed without problems.
My initial thought was a foreign character or formatting issues within the file, but it looks fine.
Any ideas to as to what could be the problem?
EDIT
I found the logfile finally which points me in the right direction:
salt.exceptions.SaltRenderError: could not find expected ':'
Hello.
SO Version: 2.3.2 SO deployment type: Standalone Editor: Vim
Objective Disable noisy suricata rules while learning Security Onion.
What have I done I have based myself om the official documentation: https://docs.securityonion.net/en/latest/managing-alerts.html#identifying-rule-categories
From the documentation I'm supposed to edit the following file:
/opt/so/saltstack/local/pillar/minions/sensorname_standalone.sls
Then edit the idstools part of the configuration file:
Which after my edits now looks like this:
Then i run the command
sudo salt sensorname_standalone state.apply idstools
To which i receive the following error message:
If i remove my edits from /opt/so/saltstack/local/pillar/minions/sensorname_standalone.sls and run sudo salt sensorname_standalone state.apply idstools It will succeed without problems.
My initial thought was a foreign character or formatting issues within the file, but it looks fine. Any ideas to as to what could be the problem?
EDIT I found the logfile finally which points me in the right direction:
salt.exceptions.SaltRenderError: could not find expected ':'