CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13001 from Security-Onion-Solutions/2.4/socdefaults

Browse Source 
2.4/socdefaults
This commit is contained in:
Josh Brower
2024-05-13 13:39:31 -04:00
committed by GitHub
parent 927fe91f25 e430de88d3
commit 2419066dc8
3 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/idstools/soc_idstools.yaml
View File

@@ -9,7 +9,7 @@ idstools:
forcedType: string forcedType: string
helpLink: rules.html helpLink: rules.html
ruleset: ruleset:
description: 'Defines the ruleset you want to run. Options are ETOPEN or ETPRO. Once you have changed the ruleset here, you will need to wait for the rule update to take place (every 8 hours), or you can force the update by nagivating to Detections --> Options dropdown menu --> Suricata --> Full Update. WARNING! Changing the ruleset will remove all existing Suricata rules of the previous ruleset and their associated overrides. This removal cannot be undone.' description: 'Defines the ruleset you want to run. Options are ETOPEN or ETPRO. Once you have changed the ruleset here, you will need to wait for the rule update to take place (every 24 hours), or you can force the update by nagivating to Detections --> Options dropdown menu --> Suricata --> Full Update. WARNING! Changing the ruleset will remove all existing non-overlapping Suricata rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
global: True global: True
regex: ETPRO\b|ETOPEN\b regex: ETPRO\b|ETOPEN\b
helpLink: rules.html helpLink: rules.html

6
salt/soc/defaults.yaml
View File

@@ -1284,7 +1284,7 @@ soc:
so-import: so-import:
- securityonion-resources+critical - securityonion-resources+critical
- securityonion-resources+high - securityonion-resources+high
communityRulesImportFrequencySeconds: 28800 communityRulesImportFrequencySeconds: 86400
communityRulesImportErrorSeconds: 300 communityRulesImportErrorSeconds: 300
failAfterConsecutiveErrorCount: 10 failAfterConsecutiveErrorCount: 10
denyRegex: '' denyRegex: ''
@@ -1353,7 +1353,7 @@ soc:
autoEnabledYaraRules: autoEnabledYaraRules:
- securityonion-yara - securityonion-yara
autoUpdateEnabled: true autoUpdateEnabled: true
communityRulesImportFrequencySeconds: 28800 communityRulesImportFrequencySeconds: 86400
communityRulesImportErrorSeconds: 300 communityRulesImportErrorSeconds: 300
failAfterConsecutiveErrorCount: 10 failAfterConsecutiveErrorCount: 10
compileYaraPythonScriptPath: /opt/sensoroni/yara/compile_yara.py compileYaraPythonScriptPath: /opt/sensoroni/yara/compile_yara.py
@@ -1373,7 +1373,7 @@ soc:
suricataengine: suricataengine:
allowRegex: '' allowRegex: ''
autoUpdateEnabled: true autoUpdateEnabled: true
communityRulesImportFrequencySeconds: 28800 communityRulesImportFrequencySeconds: 86400
communityRulesImportErrorSeconds: 300 communityRulesImportErrorSeconds: 300
failAfterConsecutiveErrorCount: 10 failAfterConsecutiveErrorCount: 10
communityRulesFile: /nsm/rules/suricata/emerging-all.rules communityRulesFile: /nsm/rules/suricata/emerging-all.rules

6
salt/soc/soc_soc.yaml
View File

@@ -39,7 +39,7 @@ soc:
helpLink: soc-customization.html helpLink: soc-customization.html
sigma_final_pipeline__yaml: sigma_final_pipeline__yaml:
title: Final Sigma Pipeline title: Final Sigma Pipeline
description: Final Processing Pipeline for Sigma Rules (future use, not yet complete) description: Final Processing Pipeline for Sigma Rules.
syntax: yaml syntax: yaml
file: True file: True
global: True global: True
@@ -115,7 +115,7 @@ soc:
helpLink: sigma.html helpLink: sigma.html
airgap: *eerulesRepos airgap: *eerulesRepos
sigmaRulePackages: sigmaRulePackages:
description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). Once you have changed the ruleset here, you will need to wait for the rule update to take place (every 8 hours), or you can force the update by nagivating to Detections --> Options dropdown menu --> Elastalert --> Full Update. WARNING! Changing the ruleset will remove all existing Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.' description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). Once you have changed the ruleset here, you will need to wait for the scheduled rule update to take place (by default, every 24 hours), or you can force the update by nagivating to Detections --> Options dropdown menu --> Elastalert --> Full Update. WARNING! Changing the ruleset will remove all existing non-overlapping Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
global: True global: True
advanced: False advanced: False
helpLink: sigma.html helpLink: sigma.html
@@ -255,7 +255,7 @@ soc:
description: Set to true to enable case management in SOC. description: Set to true to enable case management in SOC.
global: True global: True
detectionsEnabled: detectionsEnabled:
description: Set to true to enable the Detections module in SOC. (future use, not yet complete) description: Set to true to enable the Detections module in SOC.
global: True global: True
inactiveTools: inactiveTools:
description: List of external tools to remove from the SOC UI. description: List of external tools to remove from the SOC UI.