Merge branch '2.4/dev' into jertel/eaconfig

2025-12-08 18:22:47 +01:00 · 2024-05-20 18:59:35 -04:00
parent 6b2219b7f2 64144b4759
commit 31fdf15ce1
5 changed files with 149 additions and 6 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1305,6 +1305,7 @@ soc:
          reposFolder: /opt/sensoroni/sigma/repos
          rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
          stateFilePath: /opt/sensoroni/fingerprints/elastalertengine.state
+          integrityCheckFrequencySeconds: 600
          rulesRepos:
            default:
              - repo: https://github.com/Security-Onion-Solutions/securityonion-resources
@@ -1383,6 +1384,7 @@ soc:
                community: true
          yaraRulesFolder: /opt/sensoroni/yara/rules
          stateFilePath: /opt/sensoroni/fingerprints/strelkaengine.state
+          integrityCheckFrequencySeconds: 600
        suricataengine:
          allowRegex: ''
          autoUpdateEnabled: true
@@ -1393,6 +1395,7 @@ soc:
          denyRegex: ''
          rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint
          stateFilePath: /opt/sensoroni/fingerprints/suricataengine.state
+          integrityCheckFrequencySeconds: 600
      client:
        enableReverseLookup: false
        docsUrl: /docs/
--- a/salt/soc/enabled.sls
+++ b/salt/soc/enabled.sls
@@ -46,6 +46,7 @@ so-soc:
      - /opt/so/saltstack:/opt/so/saltstack:rw
      - /opt/so/conf/soc/migrations:/opt/so/conf/soc/migrations:rw
      - /nsm/backup/detections-migration:/nsm/backup/detections-migration:ro
+      - /opt/so/state:/opt/so/state:rw
    - extra_hosts:
    {% for node in DOCKER_EXTRA_HOSTS %}
    {%   for hostname, ip in node.items() %}
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -113,6 +113,10 @@ soc:
            global: True
            advanced: True
            helpLink: sigma.html
+          integrityCheckFrequencySeconds:
+            description: 'How often the ElastAlert integrity checker runs (in seconds). This verifies the integrity of deployed rules.'
+            global: True
+            advanced: True
          rulesRepos:
            default: &eerulesRepos
              description: "Custom Git repos to pull Sigma rules from. 'license' field is required, 'folder' is optional. 'community' disables some management options for the imported rules - they can't be deleted or edited, just tuned, duplicated and Enabled | Disabled."
@@ -211,6 +215,10 @@ soc:
            global: True
            advanced: True
            helpLink: yara.html
+          integrityCheckFrequencySeconds:
+            description: 'How often the Strelka integrity checker runs (in seconds). This verifies the integrity of deployed rules.'
+            global: True
+            advanced: True
          rulesRepos:
            default: &serulesRepos
              description: "Custom Git repos to pull YARA rules from. 'license' field is required, 'folder' is optional. 'community' disables some management options for the imported rules - they can't be deleted or edited, just tuned, duplicated and Enabled | Disabled."
@@ -235,6 +243,10 @@ soc:
            global: True
            advanced: True
            helpLink: suricata.html
+          integrityCheckFrequencySeconds:
+            description: 'How often the Suricata integrity checker runs (in seconds). This verifies the integrity of deployed rules.'
+            global: True
+            advanced: True
      client:
        enableReverseLookup:
          description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI.