Update SOC Config with State File Paths

Each detection engine is getting a state file to help manage the timer over restarts. By default, the files will go in soc's config folder inside a fingerprints folder.
2025-12-06 01:02:46 +01:00 · 2024-04-03 13:12:18 -06:00
parent 3e05c04aa1
commit 0f50a265cf
1 changed files with 3 additions and 0 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1247,6 +1247,7 @@ soc:
          elastAlertRulesFolder: /opt/sensoroni/elastalert
          reposFolder: /opt/sensoroni/sigma/repos
          rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
+          stateFilePath: /opt/so/conf/soc/fingerprints/elastalertengine.state
          rulesRepos:
          - repo: https://github.com/Security-Onion-Solutions/securityonion-resources
            license: Elastic-2.0
@@ -1307,6 +1308,7 @@ soc:
          - repo: https://github.com/Security-Onion-Solutions/securityonion-yara
            license: DRL
          yaraRulesFolder: /opt/sensoroni/yara/rules
+          stateFilePath: /opt/so/conf/soc/fingerprints/strelkaengine.state
        suricataengine:
          allowRegex: ''
          autoUpdateEnabled: true
@@ -1314,6 +1316,7 @@ soc:
          communityRulesFile: /nsm/rules/suricata/emerging-all.rules
          denyRegex: ''
          rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint
+          stateFilePath: /opt/so/conf/soc/fingerprints/suricataengine.state
      client:
        enableReverseLookup: false
        docsUrl: /docs/