CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

add default ruleset

Browse Source
This commit is contained in:
DefensiveDepth
2025-11-18 11:57:30 -05:00
parent 1b55642c86
commit 148ef7ef21
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/soc/defaults.yaml
View File

@@ -1586,6 +1586,14 @@ soc:
insecureSkipVerify: false insecureSkipVerify: false
readOnly: true readOnly: true
deleteUnreferenced: true deleteUnreferenced: true
- name: ABUSECH-SSLBL
deleteUnreferenced: true
description: 'Abuse.ch SSL Blacklist'
enabled: false
license: CC0-1.0
readOnly: true
sourcePath: https://sslbl.abuse.ch/blacklist/sslblacklist_tls_cert.tar.gz
sourceType: url
- name: local-rules - name: local-rules
id: local-rules id: local-rules
description: "Local custom rules from files (*.rules) in a directory on the filesystem" description: "Local custom rules from files (*.rules) in a directory on the filesystem"

2
salt/suricata/config.sls
View File

@@ -159,7 +159,7 @@ surithresholding:
- source: salt://suricata/files/threshold.conf - source: salt://suricata/files/threshold.conf
- user: 940 - user: 940
- group: 940 - group: 940
- contents: 'This file is managed by Security Onion. Do not modify by hand.' - onlyif: salt://suricata/files/threshold.conf
suriclassifications: suriclassifications:
file.managed: file.managed: