From 378c99ae8844d78bf6691aa2179cc898e2de17d4 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Fri, 2 Feb 2024 18:25:54 -0500 Subject: [PATCH] Fix bindings --- salt/soc/defaults.yaml | 8 ++++---- salt/soc/enabled.sls | 3 +++ 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index 7f6686431..6811529bf 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -1004,8 +1004,8 @@ soc: hostUrl: elastalertengine: communityRulesImportFrequencySeconds: 180 - elastAlertRulesFolder: /opt/so/rules/elastalert - rulesFingerprintFile: /opt/so/conf/soc/sigma.fingerprint + elastAlertRulesFolder: /opt/sensoroni/elastalert + rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint sigmaRulePackages: all elastic: hostUrl: @@ -1053,10 +1053,10 @@ soc: reposFolder: /nsm/rules/strelka/repos rulesRepos: - https://github.com/Security-Onion-Solutions/securityonion-yara - yaraRulesFolder: /opt/so/conf/strelka/rules + yaraRulesFolder: /opt/sensoroni/yara suricataengine: communityRulesFile: /nsm/rules/suricata/emerging-all.rules - rulesFingerprintFile: /opt/so/conf/soc/emerging-all.fingerprint + rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint client: enableReverseLookup: false docsUrl: /docs/ diff --git a/salt/soc/enabled.sls b/salt/soc/enabled.sls index 0eae0e80e..11f73e761 100644 --- a/salt/soc/enabled.sls +++ b/salt/soc/enabled.sls @@ -23,6 +23,9 @@ so-soc: - ipv4_address: {{ DOCKER.containers['so-soc'].ip }} - binds: - /nsm/rules:/nsm/rules:rw #Need to tighten this up? + - /opt/so/rules/yara:/opt/sensoroni/yara:rw + - /opt/so/rules/elastalert/rules:/opt/sensoroni/elastalert:rw + - /opt/so/conf/soc/fingerprints:/opt/sensoroni/fingerprints:rw - /nsm/soc/jobs:/opt/sensoroni/jobs:rw - /nsm/soc/uploads:/nsm/soc/uploads:rw - /opt/so/log/soc/:/opt/sensoroni/logs/:rw