CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add Option for Ignoring Ranges of SIDs in Suricata Integrity Check

Browse Source
This commit is contained in:
Corey Ogburn
2024-11-04 14:31:53 -07:00
parent d37a8d51fa
commit 69dd35c30a
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/soc/defaults.yaml
View File

@@ -1435,6 +1435,8 @@ soc:
rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint
stateFilePath: /opt/sensoroni/fingerprints/suricataengine.state stateFilePath: /opt/sensoroni/fingerprints/suricataengine.state
integrityCheckFrequencySeconds: 1200 integrityCheckFrequencySeconds: 1200
ignoredSidRanges:
- '1100000-1199999'
client: client:
enableReverseLookup: false enableReverseLookup: false
docsUrl: /docs/ docsUrl: /docs/

5
salt/soc/soc_soc.yaml
View File

@@ -390,6 +390,11 @@ soc:
advanced: True advanced: True
forcedType: "[]{}" forcedType: "[]{}"
helpLink: suricata.html helpLink: suricata.html
ignoredSidRanges:
description: 'List of Suricata SID ranges to ignore during the Integrity Check. This is useful for ignoring specific rules not governed by the UI.'
global: True
advanced: True
forcedType: "[]string"
client: client:
enableReverseLookup: enableReverseLookup:
description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI. description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI.