CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Removed Allow/Deny Regexes, Added Enable/Disable Regex

Browse Source 
Update config and annotations for new regex support for suricata.
This commit is contained in:
Corey Ogburn
2024-07-19 12:45:24 -06:00
parent 022df966c7
commit 45b2413175
2 changed files with 3 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/soc/defaults.yaml
View File

@@ -1311,7 +1311,6 @@ soc:
kratos: kratos:
hostUrl: hostUrl:
elastalertengine: elastalertengine:
allowRegex: ''
autoUpdateEnabled: true autoUpdateEnabled: true
autoEnabledSigmaRules: autoEnabledSigmaRules:
default: default:
@@ -1327,7 +1326,6 @@ soc:
communityRulesImportFrequencySeconds: 86400 communityRulesImportFrequencySeconds: 86400
communityRulesImportErrorSeconds: 300 communityRulesImportErrorSeconds: 300
failAfterConsecutiveErrorCount: 10 failAfterConsecutiveErrorCount: 10
denyRegex: ''
elastAlertRulesFolder: /opt/sensoroni/elastalert elastAlertRulesFolder: /opt/sensoroni/elastalert
reposFolder: /opt/sensoroni/sigma/repos reposFolder: /opt/sensoroni/sigma/repos
rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
@@ -1392,7 +1390,6 @@ soc:
userFiles: userFiles:
- rbac/users_roles - rbac/users_roles
strelkaengine: strelkaengine:
allowRegex: ''
autoEnabledYaraRules: autoEnabledYaraRules:
- securityonion-yara - securityonion-yara
autoUpdateEnabled: true autoUpdateEnabled: true
@@ -1400,7 +1397,6 @@ soc:
communityRulesImportErrorSeconds: 300 communityRulesImportErrorSeconds: 300
failAfterConsecutiveErrorCount: 10 failAfterConsecutiveErrorCount: 10
compileYaraPythonScriptPath: /opt/sensoroni/yara/compile_yara.py compileYaraPythonScriptPath: /opt/sensoroni/yara/compile_yara.py
denyRegex: ''
reposFolder: /opt/sensoroni/yara/repos reposFolder: /opt/sensoroni/yara/repos
rulesRepos: rulesRepos:
default: default:
@@ -1415,14 +1411,14 @@ soc:
stateFilePath: /opt/sensoroni/fingerprints/strelkaengine.state stateFilePath: /opt/sensoroni/fingerprints/strelkaengine.state
integrityCheckFrequencySeconds: 1200 integrityCheckFrequencySeconds: 1200
suricataengine: suricataengine:
allowRegex: ''
autoUpdateEnabled: true autoUpdateEnabled: true
communityRulesImportFrequencySeconds: 86400 communityRulesImportFrequencySeconds: 86400
communityRulesImportErrorSeconds: 300 communityRulesImportErrorSeconds: 300
customRulesets: customRulesets:
disableRegex: []
enableRegex: []
failAfterConsecutiveErrorCount: 10 failAfterConsecutiveErrorCount: 10
communityRulesFile: /nsm/rules/suricata/emerging-all.rules communityRulesFile: /nsm/rules/suricata/emerging-all.rules
denyRegex: ''
rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint
stateFilePath: /opt/sensoroni/fingerprints/suricataengine.state stateFilePath: /opt/sensoroni/fingerprints/suricataengine.state
integrityCheckFrequencySeconds: 1200 integrityCheckFrequencySeconds: 1200

2
salt/soc/soc_soc.yaml
View File

@@ -222,7 +222,7 @@ soc:
global: True global: True
forcedType: "[]string" forcedType: "[]string"
enableRegex: enableRegex:
description: A list of regular expressions used to automatically enable rules that match any of them. Each regular expression is tested against the rule's content. description: A list of regular expressions used to automatically enable rules that match any of them. Each regular expression is tested against the rule's content. Takes priority over disableRegex matches.
global: True global: True
forcedType: "[]string" forcedType: "[]string"
integrityCheckFrequencySeconds: integrityCheckFrequencySeconds: