mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Merge pull request #13078 from Security-Onion-Solutions/2.4/socdefaultsdet
Add instructions for sigma and yara repos
This commit is contained in:
Josh Brower
GitHub
@@ -119,14 +119,14 @@ soc:
|
|||||||
advanced: True
|
advanced: True
|
||||||
rulesRepos:
|
rulesRepos:
|
||||||
default: &eerulesRepos
|
default: &eerulesRepos
|
||||||
description: "Custom Git repos to pull Sigma rules from. 'license' field is required, 'folder' is optional. 'community' disables some management options for the imported rules - they can't be deleted or edited, just tuned, duplicated and Enabled | Disabled."
|
description: "Custom Git repositories to pull Sigma rules from. 'license' field is required, 'folder' is optional. 'community' disables some management options for the imported rules - they can't be deleted or edited, just tuned, duplicated and Enabled | Disabled. The new settings will be applied within 15 minutes. At that point, you will need to wait for the scheduled rule update to take place (by default, every 24 hours), or you can force the update by nagivating to Detections --> Options dropdown menu --> Elastalert --> Full Update."
|
||||||
global: True
|
global: True
|
||||||
advanced: True
|
advanced: True
|
||||||
forcedType: "[]{}"
|
forcedType: "[]{}"
|
||||||
helpLink: sigma.html
|
helpLink: sigma.html
|
||||||
airgap: *eerulesRepos
|
airgap: *eerulesRepos
|
||||||
sigmaRulePackages:
|
sigmaRulePackages:
|
||||||
description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). Once you have changed the ruleset here, you will need to wait for the scheduled rule update to take place (by default, every 24 hours), or you can force the update by nagivating to Detections --> Options dropdown menu --> Elastalert --> Full Update. WARNING! Changing the ruleset will remove all existing non-overlapping Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
|
description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). Once you have changed the ruleset here, the new settings will be applied within 15 minutes. At that point, you will need to wait for the scheduled rule update to take place (by default, every 24 hours), or you can force the update by nagivating to Detections --> Options dropdown menu --> Elastalert --> Full Update. WARNING! Changing the ruleset will remove all existing non-overlapping Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
|
||||||
global: True
|
global: True
|
||||||
advanced: False
|
advanced: False
|
||||||
helpLink: sigma.html
|
helpLink: sigma.html
|
||||||
@@ -221,7 +221,7 @@ soc:
|
|||||||
advanced: True
|
advanced: True
|
||||||
rulesRepos:
|
rulesRepos:
|
||||||
default: &serulesRepos
|
default: &serulesRepos
|
||||||
description: "Custom Git repos to pull YARA rules from. 'license' field is required, 'folder' is optional. 'community' disables some management options for the imported rules - they can't be deleted or edited, just tuned, duplicated and Enabled | Disabled."
|
description: "Custom Git repositories to pull YARA rules from. 'license' field is required, 'folder' is optional. 'community' disables some management options for the imported rules - they can't be deleted or edited, just tuned, duplicated and Enabled | Disabled. The new settings will be applied within 15 minutes. At that point, you will need to wait for the scheduled rule update to take place (by default, every 24 hours), or you can force the update by nagivating to Detections --> Options dropdown menu --> Strelka --> Full Update."
|
||||||
global: True
|
global: True
|
||||||
advanced: True
|
advanced: True
|
||||||
forcedType: "[]{}"
|
forcedType: "[]{}"
|
||||||
|
|||||||
Reference in New Issue
Block a user