CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Tweak structure

Browse Source
This commit is contained in:
defensivedepth
2024-11-19 11:54:15 -05:00
parent 56d6857cd6
commit 3fcf197bc1
1 changed files with 36 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
salt/soc/defaults.yaml
View File

@@ -1328,47 +1328,44 @@ soc:
autoUpdateEnabled: true autoUpdateEnabled: true
autoEnabledSigmaRules: autoEnabledSigmaRules:
default: |- default: |-
Enabled_On_Import: # SOS - resources ruleset
# SOS - resources ruleset - ruleset: ["securityonion-resources"]
- ruleset: ["securityonion-resources"] level: ["critical", "high"]
level: ["critical", "high"] product: ["*"]
product: ["*"] category: ["*"]
category: ["*"] service: ["*"]
service: ["*"] # SigmaHQ - Core ruleset - Logsource: System events supported by Elastic Agent
# SigmaHQ - Core ruleset - Logsource: System events supported by Elastic Agent - ruleset: ["core"]
- ruleset: ["core"] level: ["critical"]
level: ["critical"] product: ["*"]
product: ["*"] category: ["process_creation", "file_event", "registry_event", "network_connection", "dns_query"]
category: ["process_creation", "file_event", "registry_event", "network_connection", "dns_query"] service: ["*"]
service: ["*"] # SigmaHQ - Core ruleset - Logsource: Windows eventlogs
# SigmaHQ - Core ruleset - Logsource: Windows eventlogs - ruleset: ["core"]
- ruleset: ["core"] level: ["critical"]
level: ["critical"] product: ["windows"]
product: ["windows"] category: ["*"]
category: ["*"] service: ["security", "system", "dns-client", "application"]
service: ["security", "system", "dns-client", "application"] # SigmaHQ - Core ruleset - Logsource: misc
# SigmaHQ - Core ruleset - Logsource: misc - ruleset: ["core"]
- ruleset: ["core"] level: ["critical"]
level: ["critical"] product: ["*"]
product: ["*"] category: ["antivirus"]
category: ["antivirus"] service: ["*"]
service: ["*"]
so-eval: |- so-eval: |-
Enabled_On_Import: # SOS - resources ruleset
# SOS - resources ruleset - ruleset: ["securityonion-resources"]
- ruleset: ["securityonion-resources"] level: ["critical", "high"]
level: ["critical", "high"] product: ["*"]
product: ["*"] category: ["*"]
category: ["*"] service: ["*"]
service: ["*"]
so-import: |- so-import: |-
Enabled_On_Import: # SOS - resources ruleset
# SOS - resources ruleset - ruleset: ["securityonion-resources"]
- ruleset: ["securityonion-resources"] level: ["critical", "high"]
level: ["critical", "high"] product: ["*"]
product: ["*"] category: ["*"]
category: ["*"] service: ["*"]
service: ["*"]
communityRulesImportFrequencySeconds: 86400 communityRulesImportFrequencySeconds: 86400
communityRulesImportErrorSeconds: 300 communityRulesImportErrorSeconds: 300
failAfterConsecutiveErrorCount: 10 failAfterConsecutiveErrorCount: 10