CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Zeek Annotations

Browse Source
This commit is contained in:
Mike Reeves
2023-05-25 12:10:15 -04:00
parent 10f9d0f4bd
commit 3be3df00d1
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
salt/zeek/defaults.yaml
View File

@@ -76,7 +76,10 @@ zeek:
- LogAscii::use_json = T; - LogAscii::use_json = T;
- CaptureLoss::watch_interval = 5 mins; - CaptureLoss::watch_interval = 5 mins;
networks: networks:
HOME_NET: 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12 HOME_NET:
- 192.168.0.0/16
- 10.0.0.0/8
- 172.16.0.0/12
file_extraction: file_extraction:
- application/x-dosexec: exe - application/x-dosexec: exe
- application/pdf: pdf - application/pdf: pdf

2
salt/zeek/files/networks.cfg.jinja
View File

@@ -1,5 +1,5 @@
{%- if NETWORKS.HOME_NET %} {%- if NETWORKS.HOME_NET %}
{%- for HN in NETWORKS.HOME_NET.split(',') %} {%- for HN in NETWORKS.HOME_NET %}
{{ HN }} {{ HN }}
{%- endfor %} {%- endfor %}
{%- endif %} {%- endif %}