Merge pull request #12431 from Security-Onion-Solutions/feature/brower-detections

Add Detection AutoUpdate config
2025-12-06 09:12:45 +01:00 · 2024-02-26 08:43:33 -05:00
parent 77cb5748f6 a6bb7216f9
commit 66b815d4b2
2 changed files with 11 additions and 0 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1009,6 +1009,7 @@ soc:
        kratos:
          hostUrl:
        elastalertengine:
+          autoUpdateEnabled: false
          communityRulesImportFrequencySeconds: 180
          elastAlertRulesFolder: /opt/sensoroni/elastalert
          rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
@@ -1057,6 +1058,7 @@ soc:
          userFiles:
            - rbac/users_roles
        strelkaengine:
+          autoUpdateEnabled: false
          compileYaraPythonScriptPath: /opt/so/conf/strelka/compile_yara.py
          reposFolder: /opt/sensoroni/yara/repos
          rulesRepos:
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -75,6 +75,10 @@ soc:
            description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). WARNING! Changing the ruleset will remove all existing Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
            global: True
            advanced: False
+          autoUpdateEnabled:
+            description: 'Set to true to enable automatic updates of the Sigma Community Ruleset.'
+            global: True
+            advanced: True
        elastic:
          index:
            description: Comma-separated list of indices or index patterns (wildcard "*" supported) that SOC will search for records.
@@ -133,6 +137,11 @@ soc:
            description: Duration (in milliseconds) to wait for a response from the Salt API when executing common grid management tasks before giving up and showing an error on the SOC UI.
            global: True
            advanced: True
+        strelkaengine:
+          autoUpdateEnabled:
+            description: 'Set to true to enable automatic updates of the Yara ruleset.'
+            global: True
+            advanced: True
      client:
        enableReverseLookup:
          description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI.