Merge pull request #13904 from Security-Onion-Solutions/cogburn/ignored-sids

Cogburn/ignored sids
2025-12-06 17:22:49 +01:00 · 2024-11-05 12:30:08 -07:00
parent d37a8d51fa 52a144c052
commit 07b867df76
2 changed files with 8 additions and 0 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1435,6 +1435,8 @@ soc:
          rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint
          stateFilePath: /opt/sensoroni/fingerprints/suricataengine.state
          integrityCheckFrequencySeconds: 1200
+          ignoredSidRanges:
+            - '1100000-1101000'
      client:
        enableReverseLookup: false
        docsUrl: /docs/
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -390,6 +390,12 @@ soc:
            advanced: True
            forcedType: "[]{}"
            helpLink: suricata.html
+          ignoredSidRanges:
+            description: 'List of Suricata SID ranges to ignore during the Integrity Check. This is useful for ignoring specific rules not governed by the UI. Each line should contain 1 range in the format "1100000-1200000". The ranges are treated as inclusive.'
+            global: True
+            advanced: True
+            forcedType: "[]string"
+            helpLink: detections.html#rule-engine-status
      client:
        enableReverseLookup:
          description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI.