CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add RulesetName to Rule Repos

Browse Source 
Fill in `rulesetName` in the rules repos of the ElastAlert and Strelka engines. These will act as an example to anybody adding their repos to these lists. The field is not required, but helps avoid collisions when managing repos as the value is used for the folder name. When not present, the final folder of the repo url is used as the rulesetName and as the folder name on disk.

Note that rulesetNames including a `/` will create extra folders in the path but the rulesetName will contain the slash, i.e. `rulesetName="joesecurity/sigma-rules"` will create the nested structure of `reposFolder/joesecurity/sigma-rules" containing the contents of the repo. All rules imported from this repo will have the ruleset of `joesecurity/sigma-rules`.
This commit is contained in:
Corey Ogburn
2025-05-19 14:19:56 -06:00
parent 2948577b0e
commit 11fb33fdeb
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/soc/defaults.yaml
View File

@@ -1415,17 +1415,21 @@ soc:
license: Elastic-2.0 license: Elastic-2.0
folder: sigma/stable folder: sigma/stable
community: true community: true
rulesetName: securityonion-resources
- repo: file:///nsm/rules/custom-local-repos/local-sigma - repo: file:///nsm/rules/custom-local-repos/local-sigma
license: Elastic-2.0 license: Elastic-2.0
community: false community: false
rulesetName: local-sigma
airgap: airgap:
- repo: file:///nsm/rules/detect-sigma/repos/securityonion-resources - repo: file:///nsm/rules/detect-sigma/repos/securityonion-resources
license: Elastic-2.0 license: Elastic-2.0
folder: sigma/stable folder: sigma/stable
community: true community: true
rulesetName: securityonion-resources
- repo: file:///nsm/rules/custom-local-repos/local-sigma - repo: file:///nsm/rules/custom-local-repos/local-sigma
license: Elastic-2.0 license: Elastic-2.0
community: false community: false
rulesetName: local-sigma
sigmaRulePackages: sigmaRulePackages:
- core - core
- emerging_threats_addon - emerging_threats_addon
@@ -1500,16 +1504,20 @@ soc:
- repo: https://github.com/Security-Onion-Solutions/securityonion-yara - repo: https://github.com/Security-Onion-Solutions/securityonion-yara
license: DRL license: DRL
community: true community: true
rulesetName: securityonion-yara
- repo: file:///nsm/rules/custom-local-repos/local-yara - repo: file:///nsm/rules/custom-local-repos/local-yara
license: Elastic-2.0 license: Elastic-2.0
community: false community: false
rulesetName: local-yara
airgap: airgap:
- repo: file:///nsm/rules/detect-yara/repos/securityonion-yara - repo: file:///nsm/rules/detect-yara/repos/securityonion-yara
license: DRL license: DRL
community: true community: true
rulesetName: securityonion-yara
- repo: file:///nsm/rules/custom-local-repos/local-yara - repo: file:///nsm/rules/custom-local-repos/local-yara
license: Elastic-2.0 license: Elastic-2.0
community: false community: false
rulesetName: local-yara
yaraRulesFolder: /opt/sensoroni/yara/rules yaraRulesFolder: /opt/sensoroni/yara/rules
stateFilePath: /opt/sensoroni/fingerprints/strelkaengine.state stateFilePath: /opt/sensoroni/fingerprints/strelkaengine.state
integrityCheckFrequencySeconds: 1200 integrityCheckFrequencySeconds: 1200