mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
Merge pull request #12577 from Security-Onion-Solutions/jppsocerino
remove modules if detections disabled
This commit is contained in:
Josh Patterson
GitHub
@@ -1081,7 +1081,7 @@ soc:
|
|||||||
allowRegex: ''
|
allowRegex: ''
|
||||||
autoUpdateEnabled: false
|
autoUpdateEnabled: false
|
||||||
communityRulesImportFrequencySeconds: 86400
|
communityRulesImportFrequencySeconds: 86400
|
||||||
denyRegex: '.*'
|
denyRegex: ''
|
||||||
elastAlertRulesFolder: /opt/sensoroni/elastalert
|
elastAlertRulesFolder: /opt/sensoroni/elastalert
|
||||||
rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
|
rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
|
||||||
sigmaRulePackages:
|
sigmaRulePackages:
|
||||||
|
|||||||
@@ -30,6 +30,13 @@
|
|||||||
{# since cases is not a valid soc config item and only used for the map files, remove it from being placed in the config #}
|
{# since cases is not a valid soc config item and only used for the map files, remove it from being placed in the config #}
|
||||||
{% do SOCMERGED.config.server.modules.pop('cases') %}
|
{% do SOCMERGED.config.server.modules.pop('cases') %}
|
||||||
|
|
||||||
|
{# remove these modules if detections is disabled #}
|
||||||
|
{% if not SOCMERGED.config.server.client.detectionsEnabled %}
|
||||||
|
{% do SOCMERGED.config.server.modules.pop('elastalertengine') %}
|
||||||
|
{% do SOCMERGED.config.server.modules.pop('strelkaengine') %}
|
||||||
|
{% do SOCMERGED.config.server.modules.pop('suricataengine') %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if pillar.manager.playbook == 0 %}
|
{% if pillar.manager.playbook == 0 %}
|
||||||
{% do SOCMERGED.config.server.client.inactiveTools.append('toolPlaybook') %}
|
{% do SOCMERGED.config.server.client.inactiveTools.append('toolPlaybook') %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|||||||
Reference in New Issue
Block a user