mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Merge pull request #13107 from Security-Onion-Solutions/cogburn/detection-templates
Added TemplateDetections To Detection ClientParams
This commit is contained in:
coreyogburn
GitHub
@@ -2253,3 +2253,36 @@ soc:
|
|||||||
severityTranslations:
|
severityTranslations:
|
||||||
minor: low
|
minor: low
|
||||||
major: high
|
major: high
|
||||||
|
templateDetections:
|
||||||
|
suricata: |
|
||||||
|
alert tcp any any <> any any (msg:""; sid:[publicId];)
|
||||||
|
strelka: |
|
||||||
|
rule {
|
||||||
|
meta:
|
||||||
|
description = "";
|
||||||
|
strings:
|
||||||
|
$x = \"string\";
|
||||||
|
condition:
|
||||||
|
all of them;
|
||||||
|
}
|
||||||
|
elastalert: |
|
||||||
|
title:
|
||||||
|
id: [publicId]
|
||||||
|
status:
|
||||||
|
description:
|
||||||
|
references:
|
||||||
|
-
|
||||||
|
author:
|
||||||
|
date:
|
||||||
|
tags:
|
||||||
|
-
|
||||||
|
logsource:
|
||||||
|
product:
|
||||||
|
category:
|
||||||
|
detection:
|
||||||
|
selection:
|
||||||
|
condition: selection
|
||||||
|
falsepositives:
|
||||||
|
-
|
||||||
|
level:
|
||||||
|
|
||||||
|
|||||||
@@ -119,7 +119,7 @@ soc:
|
|||||||
advanced: True
|
advanced: True
|
||||||
rulesRepos:
|
rulesRepos:
|
||||||
default: &eerulesRepos
|
default: &eerulesRepos
|
||||||
description: "Custom Git repositories to pull Sigma rules from. 'license' field is required, 'folder' is optional. 'community' disables some management options for the imported rules - they can't be deleted or edited, just tuned, duplicated and Enabled | Disabled. The new settings will be applied within 15 minutes. At that point, you will need to wait for the scheduled rule update to take place (by default, every 24 hours), or you can force the update by nagivating to Detections --> Options dropdown menu --> Elastalert --> Full Update."
|
description: "Custom Git repositories to pull Sigma rules from. 'license' field is required, 'folder' is optional. 'community' disables some management options for the imported rules - they can't be deleted or edited, just tuned, duplicated and Enabled | Disabled. The new settings will be applied within 15 minutes. At that point, you will need to wait for the scheduled rule update to take place (by default, every 24 hours), or you can force the update by nagivating to Detections --> Options dropdown menu --> Elastalert --> Full Update."
|
||||||
global: True
|
global: True
|
||||||
advanced: True
|
advanced: True
|
||||||
forcedType: "[]{}"
|
forcedType: "[]{}"
|
||||||
@@ -319,6 +319,17 @@ soc:
|
|||||||
cases: *appSettings
|
cases: *appSettings
|
||||||
dashboards: *appSettings
|
dashboards: *appSettings
|
||||||
detections: *appSettings
|
detections: *appSettings
|
||||||
|
detection:
|
||||||
|
templateDetections:
|
||||||
|
suricata:
|
||||||
|
description: The template used when creating a new Suricata detection. [publicId] will be replaced with an unused Public Id.
|
||||||
|
multiline: True
|
||||||
|
strelka:
|
||||||
|
description: The template used when creating a new Strelka detection.
|
||||||
|
multiline: True
|
||||||
|
elastalert:
|
||||||
|
description: The template used when creating a new ElastAlert detection. [publicId] will be replaced with an unused Public Id.
|
||||||
|
multiline: True
|
||||||
grid:
|
grid:
|
||||||
maxUploadSize:
|
maxUploadSize:
|
||||||
description: The maximum number of bytes for an uploaded PCAP import file.
|
description: The maximum number of bytes for an uploaded PCAP import file.
|
||||||
|
|||||||
Reference in New Issue
Block a user