mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Merge pull request #13107 from Security-Onion-Solutions/cogburn/detection-templates
Added TemplateDetections To Detection ClientParams
This commit is contained in:
coreyogburn
GitHub
@@ -2253,3 +2253,36 @@ soc:
|
||||
severityTranslations:
|
||||
minor: low
|
||||
major: high
|
||||
templateDetections:
|
||||
suricata: |
|
||||
alert tcp any any <> any any (msg:""; sid:[publicId];)
|
||||
strelka: |
|
||||
rule {
|
||||
meta:
|
||||
description = "";
|
||||
strings:
|
||||
$x = \"string\";
|
||||
condition:
|
||||
all of them;
|
||||
}
|
||||
elastalert: |
|
||||
title:
|
||||
id: [publicId]
|
||||
status:
|
||||
description:
|
||||
references:
|
||||
-
|
||||
author:
|
||||
date:
|
||||
tags:
|
||||
-
|
||||
logsource:
|
||||
product:
|
||||
category:
|
||||
detection:
|
||||
selection:
|
||||
condition: selection
|
||||
falsepositives:
|
||||
-
|
||||
level:
|
||||
|
||||
|
||||
@@ -319,6 +319,17 @@ soc:
|
||||
cases: *appSettings
|
||||
dashboards: *appSettings
|
||||
detections: *appSettings
|
||||
detection:
|
||||
templateDetections:
|
||||
suricata:
|
||||
description: The template used when creating a new Suricata detection. [publicId] will be replaced with an unused Public Id.
|
||||
multiline: True
|
||||
strelka:
|
||||
description: The template used when creating a new Strelka detection.
|
||||
multiline: True
|
||||
elastalert:
|
||||
description: The template used when creating a new ElastAlert detection. [publicId] will be replaced with an unused Public Id.
|
||||
multiline: True
|
||||
grid:
|
||||
maxUploadSize:
|
||||
description: The maximum number of bytes for an uploaded PCAP import file.
|
||||
|
||||
Reference in New Issue
Block a user