CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-19 15:33:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

remove modules if detections disabled

Browse Source
This commit is contained in:
m0duspwnens
2024-03-13 09:46:44 -04:00
parent 603483148d
commit 1a829190ac
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/soc/defaults.yaml
View File

@@ -1081,7 +1081,7 @@ soc:
allowRegex: ''
autoUpdateEnabled: false
communityRulesImportFrequencySeconds: 86400
denyRegex: '.*'
denyRegex: ''
elastAlertRulesFolder: /opt/sensoroni/elastalert
rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
sigmaRulePackages:

7
salt/soc/merged.map.jinja
View File

@@ -30,6 +30,13 @@
{# since cases is not a valid soc config item and only used for the map files, remove it from being placed in the config #}
{% do SOCMERGED.config.server.modules.pop('cases') %}
{# remove these modules if detections is disabled #}
{% if not SOCMERGED.config.server.client.detectionsEnabled %}
{% do SOCMERGED.config.server.modules.pop('elastalertengine') %}
{% do SOCMERGED.config.server.modules.pop('strelkaengine') %}
{% do SOCMERGED.config.server.modules.pop('suricataengine') %}
{% endif %}
{% if pillar.manager.playbook == 0 %}
{% do SOCMERGED.config.server.client.inactiveTools.append('toolPlaybook') %}
{% endif %}