CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

detections annotations

Browse Source
This commit is contained in:
Jason Ertel
2024-03-06 11:03:52 -05:00
parent 0f12297f50
commit 167aff24f6
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/soc/defaults.yaml
View File

@@ -1147,6 +1147,7 @@ soc:
tipTimeoutMs: 6000 tipTimeoutMs: 6000
cacheExpirationMs: 300000 cacheExpirationMs: 300000
casesEnabled: true casesEnabled: true
detectionsEnabled: false
inactiveTools: ['toolUnused'] inactiveTools: ['toolUnused']
tools: tools:
- name: toolKibana - name: toolKibana

9
salt/soc/soc_soc.yaml
View File

@@ -79,11 +79,11 @@ soc:
modules: modules:
elastalertengine: elastalertengine:
sigmaRulePackages: sigmaRulePackages:
description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). WARNING! Changing the ruleset will remove all existing Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.' description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). WARNING! Changing the ruleset will remove all existing Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone. (future use, not yet complete)'
global: True global: True
advanced: False advanced: False
autoUpdateEnabled: autoUpdateEnabled:
description: 'Set to true to enable automatic Internet-connected updates of the Sigma Community Ruleset. If this is an Airgap system, this setting will be overridden and set to false.' description: 'Set to true to enable automatic Internet-connected updates of the Sigma Community Ruleset. If this is an Airgap system, this setting will be overridden and set to false. (future use, not yet complete)'
global: True global: True
advanced: True advanced: True
elastic: elastic:
@@ -149,7 +149,7 @@ soc:
advanced: True advanced: True
strelkaengine: strelkaengine:
autoUpdateEnabled: autoUpdateEnabled:
description: 'Set to true to enable automatic Internet-connected updates of the Yara rulesets. If this is an Airgap system, this setting will be overridden and set to false.' description: 'Set to true to enable automatic Internet-connected updates of the Yara rulesets. If this is an Airgap system, this setting will be overridden and set to false. (future use, not yet complete)'
global: True global: True
advanced: True advanced: True
client: client:
@@ -174,6 +174,9 @@ soc:
casesEnabled: casesEnabled:
description: Set to true to enable case management in SOC. description: Set to true to enable case management in SOC.
global: True global: True
detectionsEnabled:
description: Set to true to enable the Detections module in SOC. (future use, not yet complete)
global: True
inactiveTools: inactiveTools:
description: List of external tools to remove from the SOC UI. description: List of external tools to remove from the SOC UI.
global: True global: True