CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12577 from Security-Onion-Solutions/jppsocerino

Browse Source 
remove modules if detections disabled
This commit is contained in:
Josh Patterson
2024-03-13 10:30:00 -04:00
committed by GitHub
parent dc3eace718 1a829190ac
commit 292ab0e378
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/soc/defaults.yaml
View File

@@ -1081,7 +1081,7 @@ soc:
allowRegex: ''
autoUpdateEnabled: false
communityRulesImportFrequencySeconds: 86400
denyRegex: '.*'
denyRegex: ''
elastAlertRulesFolder: /opt/sensoroni/elastalert
rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
sigmaRulePackages:

7
salt/soc/merged.map.jinja
View File

@@ -30,6 +30,13 @@
{# since cases is not a valid soc config item and only used for the map files, remove it from being placed in the config #}
{% do SOCMERGED.config.server.modules.pop('cases') %}
{# remove these modules if detections is disabled #}
{% if not SOCMERGED.config.server.client.detectionsEnabled %}
{% do SOCMERGED.config.server.modules.pop('elastalertengine') %}
{% do SOCMERGED.config.server.modules.pop('strelkaengine') %}
{% do SOCMERGED.config.server.modules.pop('suricataengine') %}
{% endif %}
{% if pillar.manager.playbook == 0 %}
{% do SOCMERGED.config.server.client.inactiveTools.append('toolPlaybook') %}
{% endif %}