From c71af9127bdcb617a13dbc2a0d2718e6d3b24fbe Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 1 May 2024 11:47:38 -0400
Subject: [PATCH 1/2] mark detections settings as read-only via the UI

---
 salt/idstools/soc_idstools.yaml | 12 ++++++++----
 salt/suricata/soc_suricata.yaml |  3 ++-
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/salt/idstools/soc_idstools.yaml b/salt/idstools/soc_idstools.yaml
index 0a2bf0cbf..f4389f8ba 100644
--- a/salt/idstools/soc_idstools.yaml
+++ b/salt/idstools/soc_idstools.yaml
@@ -19,33 +19,37 @@ idstools:
       helpLink: rules.html
   sids:
     disabled:
-      description: Contains the list of NIDS rules manually disabled across the grid. To disable a rule, add its Signature ID (SID) to the Current Grid Value box, one entry per line. To disable multiple rules, you can use regular expressions.
+      description: Contains the list of NIDS rules (or regex patterns) disabled across the grid. This setting is readonly; Use the Detections screen to disable rules.
       global: True
       multiline: True
       forcedType: "[]string"
       regex: \d*|re:.*
       helpLink: managing-alerts.html
+      readonlyUi: True
     enabled:
-      description: Contains the list of NIDS rules manually enabled across the grid. To enable a rule, add its Signature ID (SID) to the Current Grid Value box, one entry per line. To enable multiple rules, you can use regular expressions.
+      description: Contains the list of NIDS rules (or regex patterns) enabled across the grid. This setting is readonly; Use the Detections screen to enable rules.
       global: True
       multiline: True
       forcedType: "[]string"
       regex: \d*|re:.*
       helpLink: managing-alerts.html
+      readonlyUi: True
     modify:
-      description: Contains the list of NIDS rules that were modified from their default values. Entries must adhere to the following format - SID "REGEX_SEARCH_TERM" "REGEX_REPLACE_TERM"
+      description: Contains the list of NIDS rules (SID "REGEX_SEARCH_TERM" "REGEX_REPLACE_TERM"). This setting is readonly; Use the Detections screen to modify rules.
       global: True
       multiline: True
       forcedType: "[]string"
       helpLink: managing-alerts.html
+      readonlyUi: True
   rules:
     local__rules:
-      description: Contains the list of custom NIDS rules applied to the grid. To add custom NIDS rules to the grid, enter one rule per line in the Current Grid Value box.
+      description: Contains the list of custom NIDS rules applied to the grid. This setting is readonly; Use the Detections screen to adjust rules.
       file: True
       global: True
       advanced: True
       title: Local Rules
       helpLink: local-rules.html
+      readonlyUi: True
     filters__rules:
       description: If you are using Suricata for metadata, then you can set custom filters for that metadata here.
       file: True
diff --git a/salt/suricata/soc_suricata.yaml b/salt/suricata/soc_suricata.yaml
index 78c28f9e4..f7c3b2920 100644
--- a/salt/suricata/soc_suricata.yaml
+++ b/salt/suricata/soc_suricata.yaml
@@ -4,13 +4,14 @@ suricata:
     helpLink: suricata.html
   thresholding:
     sids__yaml:
-      description: Threshold SIDS List
+      description: Threshold SIDS List. This setting is readonly; Use the Detections screen to modify rules.
       syntax: yaml
       file: True
       global: True
       multiline: True
       title: SIDS
       helpLink: suricata.html
+      readonlyUi: True
   classification:
     classification__config:
       description: Classifications config file.

From 252d9a53203fa7be1a12edb21c6ab1d81dce4e72 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 1 May 2024 12:51:04 -0400
Subject: [PATCH 2/2] make rule settings advanced

---
 salt/idstools/soc_idstools.yaml | 3 +++
 salt/suricata/soc_suricata.yaml | 1 +
 2 files changed, 4 insertions(+)

diff --git a/salt/idstools/soc_idstools.yaml b/salt/idstools/soc_idstools.yaml
index f4389f8ba..ce8b56569 100644
--- a/salt/idstools/soc_idstools.yaml
+++ b/salt/idstools/soc_idstools.yaml
@@ -26,6 +26,7 @@ idstools:
       regex: \d*|re:.*
       helpLink: managing-alerts.html
       readonlyUi: True
+      advanced: true
     enabled:
       description: Contains the list of NIDS rules (or regex patterns) enabled across the grid. This setting is readonly; Use the Detections screen to enable rules.
       global: True
@@ -34,6 +35,7 @@ idstools:
       regex: \d*|re:.*
       helpLink: managing-alerts.html
       readonlyUi: True
+      advanced: true
     modify:
       description: Contains the list of NIDS rules (SID "REGEX_SEARCH_TERM" "REGEX_REPLACE_TERM"). This setting is readonly; Use the Detections screen to modify rules.
       global: True
@@ -41,6 +43,7 @@ idstools:
       forcedType: "[]string"
       helpLink: managing-alerts.html
       readonlyUi: True
+      advanced: true
   rules:
     local__rules:
       description: Contains the list of custom NIDS rules applied to the grid. This setting is readonly; Use the Detections screen to adjust rules.
diff --git a/salt/suricata/soc_suricata.yaml b/salt/suricata/soc_suricata.yaml
index f7c3b2920..75ad1e476 100644
--- a/salt/suricata/soc_suricata.yaml
+++ b/salt/suricata/soc_suricata.yaml
@@ -12,6 +12,7 @@ suricata:
       title: SIDS
       helpLink: suricata.html
       readonlyUi: True
+      advanced: true
   classification:
     classification__config:
       description: Classifications config file.