CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-01 18:31:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

ensure bool sliders suricata

Browse Source
This commit is contained in:
Josh Patterson
2026-03-19 15:02:45 -04:00
parent 7af6efda1e
commit 14d254e81b
1 changed files with 80 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
salt/suricata/soc_suricata.yaml
View File

@@ -199,8 +199,39 @@ suricata:
GENEVE_PORTS: *suriportgroup
outputs:
eve-log:
pcap-file:
description: Log the PCAP filename that a packet was read from when processing pcap files.
forcedType: bool
advanced: True
helpLink: suricata
community-id:
description: Enable Community ID flow hashing for consistent event correlation across tools.
forcedType: bool
helpLink: suricata
types:
alert:
metadata:
app-layer:
description: Include app-layer metadata in alert events.
forcedType: bool
advanced: True
helpLink: suricata
flow:
description: Include flow metadata in alert events.
forcedType: bool
advanced: True
helpLink: suricata
rule:
metadata:
description: Include rule metadata in alert events.
forcedType: bool
advanced: True
helpLink: suricata
raw:
description: Include raw rule text in alert events.
forcedType: bool
advanced: True
helpLink: suricata
xff:
enabled:
description: Enable X-Forward-For support.
@@ -287,6 +318,7 @@ suricata:
teredo:
enabled:
description: Enable TEREDO capabilities
forcedType: bool
helpLink: suricata
ports:
description: Ports to listen for. This should be a variable.
@@ -294,14 +326,58 @@ suricata:
vxlan:
enabled:
description: Enable VXLAN capabilities.
forcedType: bool
helpLink: suricata
ports:
description: Ports to listen for. This should be a variable.
ports:
description: Ports to listen for. This should be a variable.
helpLink: suricata
geneve:
enabled:
description: Enable VXLAN capabilities.
forcedType: bool
helpLink: suricata
ports:
description: Ports to listen for. This should be a variable.
ports:
description: Ports to listen for. This should be a variable.
helpLink: suricata
recursion-level:
use-for-tracking:
description: Controls whether the decoder recursion level is used for flow tracking.
forcedType: bool
advanced: True
helpLink: suricata
vlan:
use-for-tracking:
description: Enable VLAN tracking for flow identification. When enabled, VLAN tags are used to differentiate flows.
forcedType: bool
advanced: True
helpLink: suricata
detect:
profiling:
grouping:
dump-to-disk:
description: Dump detection engine grouping information to disk for analysis.
forcedType: bool
advanced: True
helpLink: suricata
include-rules:
description: Include individual rule details in grouping profiling output.
forcedType: bool
advanced: True
helpLink: suricata
include-mpm-stats:
description: Include multi-pattern matcher statistics in grouping profiling output.
forcedType: bool
advanced: True
helpLink: suricata
security:
lua:
allow-rules:
description: Allow Lua rules in the Suricata ruleset. Enabling Lua rules may introduce security risks.
forcedType: bool
advanced: True
helpLink: suricata
allow-restricted-functions:
description: Allow restricted Lua functions such as file I/O. Enabling this may introduce security risks.
forcedType: bool
advanced: True
helpLink: suricata