CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13107 from Security-Onion-Solutions/cogburn/detection-templates

Browse Source 
Added TemplateDetections To Detection ClientParams
This commit is contained in:
coreyogburn
2024-05-30 16:26:17 -06:00
committed by GitHub
parent fb8929ea37 85c269e697
commit 37a928b065
2 changed files with 45 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
salt/soc/defaults.yaml
View File

@@ -2253,3 +2253,36 @@ soc:
severityTranslations: severityTranslations:
minor: low minor: low
major: high major: high
templateDetections:
suricata: |
alert tcp any any <> any any (msg:""; sid:[publicId];)
strelka: |
rule {
meta:
description = "";
strings:
$x = \"string\";
condition:
all of them;
}
elastalert: |
title:
id: [publicId]
status:
description:
references:
-
author:
date:
tags:
-
logsource:
product:
category:
detection:
selection:
condition: selection
falsepositives:
-
level:

11
salt/soc/soc_soc.yaml
View File

@@ -319,6 +319,17 @@ soc:
cases: *appSettings cases: *appSettings
dashboards: *appSettings dashboards: *appSettings
detections: *appSettings detections: *appSettings
detection:
templateDetections:
suricata:
description: The template used when creating a new Suricata detection. [publicId] will be replaced with an unused Public Id.
multiline: True
strelka:
description: The template used when creating a new Strelka detection.
multiline: True
elastalert:
description: The template used when creating a new ElastAlert detection. [publicId] will be replaced with an unused Public Id.
multiline: True
grid: grid:
maxUploadSize: maxUploadSize:
description: The maximum number of bytes for an uploaded PCAP import file. description: The maximum number of bytes for an uploaded PCAP import file.