Merge pull request #12904 from Security-Onion-Solutions/jertel/wf

mark detections settings as read-only via the UI
2025-12-06 17:22:49 +01:00 · 2024-05-01 09:54:03 -07:00
parent e6f45161c1 252d9a5320
commit 05c69925c9
2 changed files with 14 additions and 5 deletions
--- a/salt/idstools/soc_idstools.yaml
+++ b/salt/idstools/soc_idstools.yaml
@@ -19,33 +19,40 @@ idstools:
      helpLink: rules.html
  sids:
    disabled:
-      description: Contains the list of NIDS rules manually disabled across the grid. To disable a rule, add its Signature ID (SID) to the Current Grid Value box, one entry per line. To disable multiple rules, you can use regular expressions.
+      description: Contains the list of NIDS rules (or regex patterns) disabled across the grid. This setting is readonly; Use the Detections screen to disable rules.
      global: True
      multiline: True
      forcedType: "[]string"
      regex: \d*|re:.*
      helpLink: managing-alerts.html
+      readonlyUi: True
+      advanced: true
    enabled:
-      description: Contains the list of NIDS rules manually enabled across the grid. To enable a rule, add its Signature ID (SID) to the Current Grid Value box, one entry per line. To enable multiple rules, you can use regular expressions.
+      description: Contains the list of NIDS rules (or regex patterns) enabled across the grid. This setting is readonly; Use the Detections screen to enable rules.
      global: True
      multiline: True
      forcedType: "[]string"
      regex: \d*|re:.*
      helpLink: managing-alerts.html
+      readonlyUi: True
+      advanced: true
    modify:
-      description: Contains the list of NIDS rules that were modified from their default values. Entries must adhere to the following format - SID "REGEX_SEARCH_TERM" "REGEX_REPLACE_TERM"
+      description: Contains the list of NIDS rules (SID "REGEX_SEARCH_TERM" "REGEX_REPLACE_TERM"). This setting is readonly; Use the Detections screen to modify rules.
      global: True
      multiline: True
      forcedType: "[]string"
      helpLink: managing-alerts.html
+      readonlyUi: True
+      advanced: true
  rules:
    local__rules:
-      description: Contains the list of custom NIDS rules applied to the grid. To add custom NIDS rules to the grid, enter one rule per line in the Current Grid Value box.
+      description: Contains the list of custom NIDS rules applied to the grid. This setting is readonly; Use the Detections screen to adjust rules.
      file: True
      global: True
      advanced: True
      title: Local Rules
      helpLink: local-rules.html
+      readonlyUi: True
    filters__rules:
      description: If you are using Suricata for metadata, then you can set custom filters for that metadata here.
      file: True
--- a/salt/suricata/soc_suricata.yaml
+++ b/salt/suricata/soc_suricata.yaml
@@ -4,13 +4,15 @@ suricata:
    helpLink: suricata.html
  thresholding:
    sids__yaml:
-      description: Threshold SIDS List
+      description: Threshold SIDS List. This setting is readonly; Use the Detections screen to modify rules.
      syntax: yaml
      file: True
      global: True
      multiline: True
      title: SIDS
      helpLink: suricata.html
+      readonlyUi: True
+      advanced: true
  classification:
    classification__config:
      description: Classifications config file.