add to defaults and tweaks

salt/idstools/config.sls

@@ -45,7 +45,6 @@ suricatacustomdirsurl:
     - name: /nsm/rules/detect-suricata/custom_urls
     - user: 939
     - group: 939
-    - makedirs: True
 
 {% else %}
 

salt/soc/defaults.yaml

@@ -1399,6 +1399,7 @@ soc:
           autoUpdateEnabled: true
           communityRulesImportFrequencySeconds: 86400
           communityRulesImportErrorSeconds: 300
+          customRulesets: ''
           failAfterConsecutiveErrorCount: 10
           communityRulesFile: /nsm/rules/suricata/emerging-all.rules
           denyRegex: ''

salt/soc/soc_soc.yaml

@@ -248,7 +248,7 @@ soc:
             global: True
             advanced: True
           customRulesets:
-            description: 'Custom URLs or local files to sync Suricata rules from. Format is: {"community":true,"license":"GPLv2","ruleset":"snort-community","url":"https://www.snort.org/downloads/community/snort3-community-rules.tar.gz"}. All fields are required. Replace the url parameter with "file" and the path for local rules, which must be put under: /nsm/rules/detect-suricata/custom_file. "community" disables some management options for the imported rules - they can''t be deleted or edited, just tuned, duplicated, and Enabled | Disabled. The new settings will be applied within 15 minutes. At that point, you will need to wait for the scheduled rule update to take place (by default, every 24 hours), or you can force the update by navigating to Detections --> Options dropdown menu --> Suricata --> Full Update.'
+            description: 'URLs and/or Local File configurations for Suricata custom rulesets. Refer to the linked documentation for important specification and file placement information'
             global: True
             multiline: True
             advanced: True