annotation updates for custom settings

2026-04-24 13:42:05 +02:00 · 2024-04-30 15:14:56 -04:00
parent 89cb8b79fd
commit 84db82852c
4 changed files with 42 additions and 74 deletions
@@ -148,84 +148,40 @@ suricata:
            helpLink: suricata.html
    vars:
      address-groups:
-        HOME_NET:
-          description: List of hosts or networks.
+        HOME_NET: &suriaddressgroup
+          description: Assign a list of hosts, or networks, using CIDR notation, to this Suricata variable. The variable can then be re-used within Suricata rules. This allows for a single adjustment to the variable that will then affect all rules referencing the variable.
          regex: ^(((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\/([0-9]|[1-2][0-9]|3[0-2]))?$|^((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?))|:))|(([0-9A-Fa-f]{1,4}:){5}((:[0-9A-Fa-f]{1,4}){1,2}|:((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)|:))|(([0-9A-Fa-f]{1,4}:){4}((:[0-9A-Fa-f]{1,4}){1,3}|:((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)|:))|(([0-9A-Fa-f]{1,4}:){3}((:[0-9A-Fa-f]{1,4}){1,4}|:((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)|:))|(([0-9A-Fa-f]{1,4}:){2}((:[0-9A-Fa-f]{1,4}){1,5}|:((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)|:))|(([0-9A-Fa-f]{1,4}:){1}((:[0-9A-Fa-f]{1,4}){1,6}|:((25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)\.){3}(25[0-5]|(2[0-4]|1[0-9])[0-9]|0?[0-9][0-9]?)|:))|(:((:[0-9A-Fa-f]{1,4}){1,7}|:)))(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$
          regexFailureMessage: You must enter a valid IP address or CIDR.
          helpLink: suricata.html
-        EXTERNAL_NET: 
-          description: List of hosts or networks.
-          helpLink: suricata.html
-        HTTP_SERVERS: 
-          description: List of hosts or networks.
-          helpLink: suricata.html
-        SMTP_SERVERS: 
-          description: List of hosts or networks.
-          helpLink: suricata.html
-        SQL_SERVERS: 
-          description: List of hosts or networks.
-          helpLink: suricata.html
-        DNS_SERVERS: 
-          description: List of hosts or networks.
-          helpLink: suricata.html
-        TELNET_SERVERS:
-          description: List of hosts or networks.
-          helpLink: suricata.html
-        AIM_SERVERS: 
-          description: List of hosts or networks.
-          helpLink: suricata.html
-        DC_SERVERS:
-          description: List of hosts or networks.
-          helpLink: suricata.html
-        DNP3_SERVER:
-          description: List of hosts or networks.
-          helpLink: suricata.html
-        DNP3_CLIENT: 
-          description: List of hosts or networks.
-          helpLink: suricata.html
-        MODBUS_CLIENT: 
-          description: List of hosts or networks.
-          helpLink: suricata.html
-        MODBUS_SERVER:
-          description: List of hosts or networks.
-          helpLink: suricata.html
-        ENIP_CLIENT:
-          description: List of hosts or networks.
-          helpLink: suricata.html
-        ENIP_SERVER:
-          description: List of hosts or networks. 
-          helpLink: suricata.html
+          duplicates: True
+        EXTERNAL_NET: *suriaddressgroup
+        HTTP_SERVERS: *suriaddressgroup
+        SMTP_SERVERS: *suriaddressgroup
+        SQL_SERVERS: *suriaddressgroup
+        DNS_SERVERS: *suriaddressgroup
+        TELNET_SERVERS: *suriaddressgroup
+        AIM_SERVERS: *suriaddressgroup
+        DC_SERVERS: *suriaddressgroup
+        DNP3_SERVER: *suriaddressgroup
+        DNP3_CLIENT: *suriaddressgroup
+        MODBUS_CLIENT: *suriaddressgroup
+        MODBUS_SERVER: *suriaddressgroup
+        ENIP_CLIENT: *suriaddressgroup
+        ENIP_SERVER: *suriaddressgroup
      port-groups:
-        HTTP_PORTS:
-          description: List of ports to look for HTTP traffic on.
-          helpLink: suricata.html
-        SHELLCODE_PORTS:
-          description: List of ports to look for SHELLCODE traffic on.
-          helpLink: suricata.html
-        ORACLE_PORTS: 
-          description: List of ports to look for ORACLE traffic on.
-          helpLink: suricata.html
-        SSH_PORTS:
-          description: List of ports to look for SSH traffic on.
-          helpLink: suricata.html
-        DNP3_PORTS:
-          description: List of ports to look for DNP3 traffic on.
-          helpLink: suricata.html
-        MODBUS_PORTS:
-          description: List of ports to look for MODBUS traffic on.
-          helpLink: suricata.html
-        FILE_DATA_PORTS: 
-          description: List of ports to look for FILE_DATA traffic on.
-          helpLink: suricata.html
-        FTP_PORTS:
-          description: List of ports to look for FTP traffic on.
-          helpLink: suricata.html
-        VXLAN_PORTS:
-          description: List of ports to look for VXLAN traffic on.
-          helpLink: suricata.html
-        TEREDO_PORTS:
-          description: List of ports to look for TEREDO traffic on.
+        HTTP_PORTS: &suriportgroup
+          description: Assign a list of network port numbers to this Suricata variable. The variable can then be re-used within Suricata rules. This allows for a single adjustment to the variable that will then affect all rules referencing the variable.
          helpLink: suricata.html
+          duplicates: True
+        SHELLCODE_PORTS: *suriportgroup
+        ORACLE_PORTS: *suriportgroup
+        SSH_PORTS: *suriportgroup
+        DNP3_PORTS: *suriportgroup
+        MODBUS_PORTS: *suriportgroup
+        FILE_DATA_PORTS: *suriportgroup
+        FTP_PORTS: *suriportgroup
+        VXLAN_PORTS: *suriportgroup
+        TEREDO_PORTS: *suriportgroup
    outputs:
      eve-log:
        types: