From 61a183b7fc567ebdce5f9252a6af87d0330fda19 Mon Sep 17 00:00:00 2001
From: DefensiveDepth <Josh@defensivedepth.com>
Date: Mon, 11 Mar 2024 15:55:39 -0400
Subject: [PATCH] Add regex defaults

---
 salt/soc/defaults.yaml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 7be2db772..197aee070 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1078,8 +1078,10 @@ soc:
         kratos:
           hostUrl:
         elastalertengine:
+          allowRegex: ''
           autoUpdateEnabled: false
-          communityRulesImportFrequencySeconds: 180
+          communityRulesImportFrequencySeconds: 86400
+          denyRegex: '.*'
           elastAlertRulesFolder: /opt/sensoroni/elastalert
           rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
           sigmaRulePackages:
@@ -1128,15 +1130,19 @@ soc:
           userFiles:
             - rbac/users_roles
         strelkaengine:
+          allowRegex: ''
           autoUpdateEnabled: false
           compileYaraPythonScriptPath: /opt/so/conf/strelka/compile_yara.py
+          denyRegex: '.*'
           reposFolder: /opt/sensoroni/yara/repos
           rulesRepos:
           - repo: https://github.com/Security-Onion-Solutions/securityonion-yara
             license: DRL
           yaraRulesFolder: /opt/sensoroni/yara/rules
         suricataengine:
+          allowRegex: ''
           communityRulesFile: /nsm/rules/suricata/emerging-all.rules
+          denyRegex: '.*'
           rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint
       client:
         enableReverseLookup: false