From c4c38f58cb145e2be9723c382cd8bf611eb2741e Mon Sep 17 00:00:00 2001
From: DefensiveDepth <Josh@defensivedepth.com>
Date: Mon, 13 May 2024 13:13:57 -0400
Subject: [PATCH 1/2] Update descriptions

---
 salt/idstools/soc_idstools.yaml | 2 +-
 salt/soc/soc_soc.yaml           | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/salt/idstools/soc_idstools.yaml b/salt/idstools/soc_idstools.yaml
index 698a7a1fc..993abfd51 100644
--- a/salt/idstools/soc_idstools.yaml
+++ b/salt/idstools/soc_idstools.yaml
@@ -9,7 +9,7 @@ idstools:
       forcedType: string
       helpLink: rules.html
     ruleset:
-      description: 'Defines the ruleset you want to run. Options are ETOPEN or ETPRO. Once you have changed the ruleset here, you will need to wait for the rule update to take place (every 8 hours), or you can force the update by nagivating to Detections -->  Options dropdown menu --> Suricata --> Full Update. WARNING! Changing the ruleset will remove all existing Suricata rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
+      description: 'Defines the ruleset you want to run. Options are ETOPEN or ETPRO. Once you have changed the ruleset here, you will need to wait for the rule update to take place (every 24 hours), or you can force the update by nagivating to Detections -->  Options dropdown menu --> Suricata --> Full Update. WARNING! Changing the ruleset will remove all existing non-overlapping Suricata rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
       global: True
       regex:  ETPRO\b|ETOPEN\b
       helpLink: rules.html
diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index c908521fa..fa8d80bc8 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -39,7 +39,7 @@ soc:
         helpLink: soc-customization.html
       sigma_final_pipeline__yaml:
         title: Final Sigma Pipeline
-        description: Final Processing Pipeline for Sigma Rules (future use, not yet complete)
+        description: Final Processing Pipeline for Sigma Rules.
         syntax: yaml
         file: True
         global: True
@@ -115,7 +115,7 @@ soc:
               helpLink: sigma.html
             airgap: *eerulesRepos
           sigmaRulePackages:
-            description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). Once you have changed the ruleset here, you will need to wait for the rule update to take place (every 8 hours), or you can force the update by nagivating to Detections -->  Options dropdown menu --> Elastalert --> Full Update. WARNING! Changing the ruleset will remove all existing Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
+            description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). Once you have changed the ruleset here, you will need to wait for the scheduled rule update to take place (by default, every 24 hours), or you can force the update by nagivating to Detections -->  Options dropdown menu --> Elastalert --> Full Update. WARNING! Changing the ruleset will remove all existing non-overlapping Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
             global: True
             advanced: False
             helpLink: sigma.html
@@ -255,7 +255,7 @@ soc:
           description: Set to true to enable case management in SOC.
           global: True
         detectionsEnabled:
-          description: Set to true to enable the Detections module in SOC. (future use, not yet complete)
+          description: Set to true to enable the Detections module in SOC.
           global: True
         inactiveTools:
           description: List of external tools to remove from the SOC UI.

From e430de88d377d6fee6bc551cdc68e9f7b458ff56 Mon Sep 17 00:00:00 2001
From: DefensiveDepth <Josh@defensivedepth.com>
Date: Mon, 13 May 2024 13:15:06 -0400
Subject: [PATCH 2/2] Change rule updates to 24h

---
 salt/soc/defaults.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 8ef0047be..7b33adaa4 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1284,7 +1284,7 @@ soc:
             so-import:
               - securityonion-resources+critical
               - securityonion-resources+high
-          communityRulesImportFrequencySeconds: 28800
+          communityRulesImportFrequencySeconds: 86400
           communityRulesImportErrorSeconds: 300
           failAfterConsecutiveErrorCount: 10
           denyRegex: ''
@@ -1353,7 +1353,7 @@ soc:
           autoEnabledYaraRules:
             - securityonion-yara
           autoUpdateEnabled: true
-          communityRulesImportFrequencySeconds: 28800
+          communityRulesImportFrequencySeconds: 86400
           communityRulesImportErrorSeconds: 300
           failAfterConsecutiveErrorCount: 10
           compileYaraPythonScriptPath: /opt/sensoroni/yara/compile_yara.py
@@ -1373,7 +1373,7 @@ soc:
         suricataengine:
           allowRegex: ''
           autoUpdateEnabled: true
-          communityRulesImportFrequencySeconds: 28800
+          communityRulesImportFrequencySeconds: 86400
           communityRulesImportErrorSeconds: 300
           failAfterConsecutiveErrorCount: 10
           communityRulesFile: /nsm/rules/suricata/emerging-all.rules