From 69dd35c30a49587f08261c40f2b56458a7dbc96b Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Mon, 4 Nov 2024 14:31:53 -0700
Subject: [PATCH] Add Option for Ignoring Ranges of SIDs in Suricata Integrity
 Check

---
 salt/soc/defaults.yaml | 2 ++
 salt/soc/soc_soc.yaml  | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 6a9a1bfc6..068a9c9b7 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1435,6 +1435,8 @@ soc:
           rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint
           stateFilePath: /opt/sensoroni/fingerprints/suricataengine.state
           integrityCheckFrequencySeconds: 1200
+          ignoredSidRanges:
+            - '1100000-1199999'
       client:
         enableReverseLookup: false
         docsUrl: /docs/
diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index 14296dade..fd3295daf 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -390,6 +390,11 @@ soc:
             advanced: True
             forcedType: "[]{}"
             helpLink: suricata.html
+          ignoredSidRanges:
+            description: 'List of Suricata SID ranges to ignore during the Integrity Check. This is useful for ignoring specific rules not governed by the UI.'
+            global: True
+            advanced: True
+            forcedType: "[]string"
       client:
         enableReverseLookup:
           description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI.