CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

suricata defaults and annotation

Browse Source
This commit is contained in:
Josh Patterson
2025-11-10 16:40:11 -05:00
parent 1876c4d9df
commit 245ceb2d49
2 changed files with 40 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
salt/suricata/defaults.yaml
View File

@@ -97,6 +97,11 @@ suricata:
- 4789 - 4789
TEREDO_PORTS: TEREDO_PORTS:
- 3544 - 3544
SIP_PORTS:
- 5060
- 5061
GENEVE_PORTS:
- 6081
default-log-dir: /var/log/suricata/ default-log-dir: /var/log/suricata/
stats: stats:
enabled: "yes" enabled: "yes"
@@ -195,6 +200,9 @@ suricata:
enabled: "yes" enabled: "yes"
detection-ports: detection-ports:
dp: 443 dp: 443
ja3-fingerprints: auto
ja4-fingerprints: auto
encryption-handling: track-only
dcerpc: dcerpc:
enabled: "yes" enabled: "yes"
ftp: ftp:
@@ -244,19 +252,21 @@ suricata:
libhtp: libhtp:
default-config: default-config:
personality: IDS personality: IDS
request-body-limit: 100kb request-body-limit: 100 KiB
response-body-limit: 100kb response-body-limit: 100 KiB
request-body-minimal-inspect-size: 32kb request-body-minimal-inspect-size: 32 KiB
request-body-inspect-window: 4kb request-body-inspect-window: 4 KiB
response-body-minimal-inspect-size: 40kb response-body-minimal-inspect-size: 40 KiB
response-body-inspect-window: 16kb response-body-inspect-window: 16 KiB
response-body-decompress-layer-limit: 2 response-body-decompress-layer-limit: 2
http-body-inline: auto http-body-inline: auto
swf-decompression: swf-decompression:
enabled: "yes" enabled: "no"
type: both type: both
compress-depth: 0 compress-depth: 100 KiB
decompress-depth: 0 decompress-depth: 100 KiB
randomize-inspection-sizes: "yes"
randomize-inspection-range: 10
double-decode-path: "no" double-decode-path: "no"
double-decode-query: "no" double-decode-query: "no"
server-config: server-config:
@@ -390,8 +400,12 @@ suricata:
vxlan: vxlan:
enabled: true enabled: true
ports: $VXLAN_PORTS ports: $VXLAN_PORTS
erspan: geneve:
enabled: true enabled: true
ports: $GENEVE_PORTS
max-layers: 16
recursion-level:
use-for-tracking: true
detect: detect:
profile: medium profile: medium
custom-values: custom-values:
@@ -411,7 +425,12 @@ suricata:
spm-algo: auto spm-algo: auto
luajit: luajit:
states: 128 states: 128
security:
lua:
allow-rules: false
max-bytes: 500000
max-instructions: 500000
allow-restricted-functions: false
profiling: profiling:
rules: rules:
enabled: "yes" enabled: "yes"
@@ -452,6 +471,3 @@ suricata:
classification-file: /etc/suricata/classification.config classification-file: /etc/suricata/classification.config
reference-config-file: /etc/suricata/reference.config reference-config-file: /etc/suricata/reference.config
threshold-file: /etc/suricata/threshold.conf threshold-file: /etc/suricata/threshold.conf
# ENABLE for

11
salt/suricata/soc_suricata.yaml
View File

@@ -190,6 +190,8 @@ suricata:
FTP_PORTS: *suriportgroup FTP_PORTS: *suriportgroup
VXLAN_PORTS: *suriportgroup VXLAN_PORTS: *suriportgroup
TEREDO_PORTS: *suriportgroup TEREDO_PORTS: *suriportgroup
SIP_PORTS: *suriportgroup
GENEVE_PORTS: *suriportgroup
outputs: outputs:
eve-log: eve-log:
types: types:
@@ -209,7 +211,7 @@ suricata:
helpLink: suricata.html helpLink: suricata.html
pcap-log: pcap-log:
enabled: enabled:
description: This value is ignored by SO. pcapengine in globals takes precidence. description: This value is ignored by SO. pcapengine in globals takes precedence.
readonly: True readonly: True
helpLink: suricata.html helpLink: suricata.html
advanced: True advanced: True
@@ -297,3 +299,10 @@ suricata:
ports: ports:
description: Ports to listen for. This should be a variable. description: Ports to listen for. This should be a variable.
helpLink: suricata.html helpLink: suricata.html
geneve:
enabled:
description: Enable VXLAN capabilities.
helpLink: suricata.html
ports:
description: Ports to listen for. This should be a variable.
helpLink: suricata.html