CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update soc_zeek.yaml

Browse Source
This commit is contained in:
bryant-treacle
2023-04-27 16:21:41 -04:00
committed by GitHub
parent a8b8a1d0b7
commit 57d90a62f7
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
salt/zeek/soc_zeek.yaml
View File

@@ -6,30 +6,36 @@ zeek:
config:
local:
load:
description: List of Zeek policies to load
description: Contains a list of policies and scripts loaded by Zeek. Values in the Current Grid Value dialog box apply to every instance of Zeek. Values in a dialog box for a specific node will only apply to that node.
forcedType: "[]string"
helpLink: zeek.html
load-sigs:
description: List of Zeek signatures to load
description: Contains a list of signatures loaded by Zeek. Values placed in the Current Grid Value dialog box apply to every instance of Zeek. Values placed in a dialog box for a specific node will only apply to that node.
forcedType: "[]string"
helpLink: zeek.html
redef:
description: List of Zeek variables to redefine
description: List of Zeek variables to redefine. Values placed in the Current Grid Value dialog box apply to every instance of Zeek. Values placed in a dialog box for a specific node will only apply to that node.
forcedType: "[]string"
advanced: True
helpLink: zeek.html
node:
lb_procs:
description: This is the number of CPUs to use for Zeek. This setting is ignored if you are using pins.
description: Contains the number of CPU cores or workers used by Zeek. This setting should only be applied to individual nodes and will be ignored if CPU affinity is enabled.
title: workers
helpLink: zeek.html
node: True
pins_enabled:
description: Enabling this setting allows you to pin Zeek to specific CPUs.
title: cpu affinity enabled
forcedType: bool
helpLink: zeek.html
node: True
advanced: True
pins:
description: This is a list of CPUs you want to pin Zeek to.
description: Contains a list of specific CPU cores pinned to Zeek workers. To set the CPU affinity, enter the processor ID number in the dialog box for the desired node. To retrieve the processor ID numbers, run the command "cat /proc/cpuinfo | grep processor" on the desired node. Please note that this setting should only be applied to individual nodes.
title: cpu affinity
multiline: True
forcedType: "[]string"
helpLink: zeek.html
node: True
advanced: True
@@ -47,5 +53,5 @@ zeek:
global: True
advanced: True
file_extraction:
description: This is a list of MIME types that Zeek will extract from the network streams.
description: Contains a list of file or MIME types Zeek will extract from the network streams. Values must adhere to the following format - {"MIME_TYPE":"FILE_EXTENTION"}
helpLink: zeek.html