Add Option for Ignoring Ranges of SIDs in Suricata Integrity Check

2025-12-06 01:02:46 +01:00 · 2024-11-04 14:31:53 -07:00
parent d37a8d51fa
commit 69dd35c30a
2 changed files with 7 additions and 0 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1435,6 +1435,8 @@ soc:
          rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint
          stateFilePath: /opt/sensoroni/fingerprints/suricataengine.state
          integrityCheckFrequencySeconds: 1200
+          ignoredSidRanges:
+            - '1100000-1199999'
      client:
        enableReverseLookup: false
        docsUrl: /docs/
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -390,6 +390,11 @@ soc:
            advanced: True
            forcedType: "[]{}"
            helpLink: suricata.html
+          ignoredSidRanges:
+            description: 'List of Suricata SID ranges to ignore during the Integrity Check. This is useful for ignoring specific rules not governed by the UI.'
+            global: True
+            advanced: True
+            forcedType: "[]string"
      client:
        enableReverseLookup:
          description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI.