CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor ignore list and only ignore for signature-base for now

Browse Source
This commit is contained in:
weslambert
2021-09-15 11:32:29 -04:00
committed by GitHub
parent 4d41d3aee1
commit 39e5ded58d
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
salt/strelka/init.sls
View File

@@ -21,6 +21,8 @@
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') %} {% set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') %}
{% set ENGINE = salt['pillar.get']('global:mdengine', '') %} {% set ENGINE = salt['pillar.get']('global:mdengine', '') %}
{% import_yaml 'strelka/defaults.yaml' as strelka_config with context %}
{% set IGNORELIST = salt['pillar.get']('strelka:ignore', strelka_config.strelka.ignore, merge=True, merge_nested_lists=True) %}
# Strelka config # Strelka config
strelkaconfdir: strelkaconfdir:
@@ -54,6 +56,17 @@ strelkarules:
- source: salt://strelka/rules - source: salt://strelka/rules
- user: 939 - user: 939
- group: 939 - group: 939
- clean: True
- exclude_pat:
{% for IGNOREDRULE in IGNORELIST %}
- {{ IGNOREDRULE }}
{% endfor %}
{% for IGNOREDRULE in IGNORELIST %}
remove_rule_{{ IGNOREDRULE }}:
file.absent:
- name: /opt/so/conf/strelka/rules/signature-base/{{ IGNOREDRULE }}
{% endfor %}
{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %} {% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %}
strelkarepos: strelkarepos: