test regexes for detections

setup/so-functions

@@ -1257,6 +1257,13 @@ soc_pillar() {
 		"  config:"\
 		"    server:"\
 		"      srvKey: '$SOCSRVKEY'"\
+		"      modules:"\
+		"        elastalertengine:"\
+		"          allowRegex: '$ELASTALERT_ALLOW_REGEX'"\
+		"        strelkaengine:"\
+		"          allowRegex: '$STRELKA_ALLOW_REGEX'"\
+		"        suricataengine:"\
+		"          allowRegex: '$SURICATA_ALLOW_REGEX'"\
 		"" > "$soc_pillar_file"
 
 	if [[ $telemetry -ne 0 ]]; then

setup/so-setup

@@ -245,6 +245,9 @@ if [ -n "$test_profile" ]; then
 	WEBUSER=onionuser@somewhere.invalid
 	WEBPASSWD1=0n10nus3r
 	WEBPASSWD2=0n10nus3r
+	STRELKA_ALLOW_REGEX="EquationGroup_Toolset_Apr17__ELV_.*"
+	ELASTALERT_ALLOW_REGEX="Security Onion"
+	SURICATA_ALLOW_REGEX="200033\\d"
 
 	update_sudoers_for_testing
 fi