Merge pull request #14091 from Security-Onion-Solutions/2.4/nav-airgap

Refactor Navigator Airgap

salt/nginx/config.sls

@@ -49,24 +49,6 @@ navigatorconfig:
     - makedirs: True
     - template: jinja
 
-navigatorpreattack:
-  file.managed:
-    - name: /opt/so/conf/navigator/layers/pre-attack.json
-    - source: salt://nginx/files/pre-attack.json
-    - user: 939
-    - group: 939
-    - makedirs: True
-    - replace: False
-
-navigatorenterpriseattack:
-  file.managed:
-    - name: /opt/so/conf/navigator/layers/enterprise-attack.json
-    - source: salt://nginx/files/enterprise-attack.json
-    - user: 939
-    - group: 939
-    - makedirs: True
-    - replace: False
-
 nginx_sbin:
   file.recurse:
     - name: /usr/sbin

salt/nginx/files/navigator_config.json

@@ -1,21 +1,24 @@
 {%- set URL_BASE = salt['pillar.get']('global:url_base', '') %}
 
 {
-    "collection_index_url": "https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master/index.json",
+    "collection_index_url": "",
 
-    "versions": [
+"versions": {
+    "enabled": true,
+    "entries": [
         {
-            "name": "ATT&CK v16",
+            "name": "MITRE ATT&CK",
             "version": "16",
             "domains": [
-                {   
+                {
                     "name": "Enterprise",
                     "identifier": "enterprise-attack",
-                    "data": ["assets/so/enterprise-attack.json"]
+                    "data": ["assets/mitre/enterprise-attack.json"]
                 }
             ]
         }
-    ],
+    ]
+},
 
     "custom_context_menu_items": [ 
         {"label": "View related Detections","url": "  https://{{URL_BASE}}/#/detections?q=*{{ "{{technique_attackID}}" }}*+|+groupby+so_detection.language+|+groupby+so_detection.ruleset+so_detection.isEnabled+|+groupby+%22so_detection.category%22&z=America/New_York&el=500&gl=50&rt=0&rtu=hours"},