Removed Allow/Deny Regexes, Added Enable/Disable Regex

Update config and annotations for new regex support for suricata.
2025-12-06 09:12:45 +01:00 · 2024-07-19 12:45:24 -06:00
parent 022df966c7
commit 45b2413175
2 changed files with 3 additions and 7 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1311,7 +1311,6 @@ soc:
        kratos:
          hostUrl:
        elastalertengine:
-          allowRegex: ''
          autoUpdateEnabled: true
          autoEnabledSigmaRules:
            default:
@@ -1327,7 +1326,6 @@ soc:
          communityRulesImportFrequencySeconds: 86400
          communityRulesImportErrorSeconds: 300
          failAfterConsecutiveErrorCount: 10
-          denyRegex: ''
          elastAlertRulesFolder: /opt/sensoroni/elastalert
          reposFolder: /opt/sensoroni/sigma/repos
          rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
@@ -1392,7 +1390,6 @@ soc:
          userFiles:
            - rbac/users_roles
        strelkaengine:
-          allowRegex: ''
          autoEnabledYaraRules:
            - securityonion-yara
          autoUpdateEnabled: true
@@ -1400,7 +1397,6 @@ soc:
          communityRulesImportErrorSeconds: 300
          failAfterConsecutiveErrorCount: 10
          compileYaraPythonScriptPath: /opt/sensoroni/yara/compile_yara.py
-          denyRegex: ''
          reposFolder: /opt/sensoroni/yara/repos
          rulesRepos:
            default:
@@ -1415,14 +1411,14 @@ soc:
          stateFilePath: /opt/sensoroni/fingerprints/strelkaengine.state
          integrityCheckFrequencySeconds: 1200
        suricataengine:
-          allowRegex: ''
          autoUpdateEnabled: true
          communityRulesImportFrequencySeconds: 86400
          communityRulesImportErrorSeconds: 300
          customRulesets:
+          disableRegex: []
+          enableRegex: []
          failAfterConsecutiveErrorCount: 10
          communityRulesFile: /nsm/rules/suricata/emerging-all.rules
-          denyRegex: ''
          rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint
          stateFilePath: /opt/sensoroni/fingerprints/suricataengine.state
          integrityCheckFrequencySeconds: 1200
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -222,7 +222,7 @@ soc:
            global: True
            forcedType: "[]string"
          enableRegex:
-            description: A list of regular expressions used to automatically enable rules that match any of them. Each regular expression is tested against the rule's content.
+            description: A list of regular expressions used to automatically enable rules that match any of them. Each regular expression is tested against the rule's content. Takes priority over disableRegex matches.
            global: True
            forcedType: "[]string"
          integrityCheckFrequencySeconds: