CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 22:17:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add helpLinks to everything

Browse Source
This commit is contained in:
Mike Reeves
2022-09-20 15:43:34 -04:00
parent 097c05b114
commit 85339d7cb1
13 changed files with 150 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/suricata/soc_suricata.yaml
+55 -1
View File
@@ -5,125 +5,179 @@ suricata:
file: True
syntax: yaml
title: SIDS
helpLink: suricata.html
config:
vars:
address-groups:
HOME_NET:
description: List of hosts or netowrks.
helpLink: suricata.html
EXTERNAL_NET:
description: List of hosts or netowrks.
helpLink: suricata.html
HTTP_SERVERS:
description: List of hosts or netowrks.
helpLink: suricata.html
SMTP_SERVERS:
description: List of hosts or netowrks.
helpLink: suricata.html
SQL_SERVERS:
description: List of hosts or netowrks.
helpLink: suricata.html
DNS_SERVERS:
description: List of hosts or netowrks.
helpLink: suricata.html
TELNET_SERVERS:
description: List of hosts or netowrks.
helpLink: suricata.html
AIM_SERVERS:
description: List of hosts or netowrks.
helpLink: suricata.html
DC_SERVERS:
description: List of hosts or netowrks.
helpLink: suricata.html
DNP3_SERVER:
description: List of hosts or netowrks.
helpLink: suricata.html
DNP3_CLIENT:
description: List of hosts or netowrks.
helpLink: suricata.html
MODBUS_CLIENT:
description: List of hosts or netowrks.
helpLink: suricata.html
MODBUS_SERVER:
description: List of hosts or netowrks.
helpLink: suricata.html
ENIP_CLIENT:
description: List of hosts or netowrks.
helpLink: suricata.html
ENIP_SERVER:
description: List of hosts or netowrks.
helpLink: suricata.html
port-groups:
HTTP_PORTS:
description: List of HTTP ports to look for HTTP traffic on.
helpLink: suricata.html
SHELLCODE_PORTS:
description: List of SHELLCODE ports to look for SHELLCODE traffic on.
helpLink: suricata.html
ORACLE_PORTS:
description: List of ORACLE ports to look for ORACLE traffic on.
helpLink: suricata.html
SSH_PORTS:
description: List of SSH ports to look for SSH traffic on.
helpLink: suricata.html
DNP3_PORTS:
description: List of DNP3 ports to look for DNP3 traffic on.
helpLink: suricata.html
MODBUS_PORTS:
description: List of MODBUS ports to look for MODBUS traffic on.
helpLink: suricata.html
FILE_DATA_PORTS:
description: List of FILE_DATA ports to look for FILE_DATA traffic on.
helpLink: suricata.html
FTP_PORTS:
description: List of FTP ports to look for FTP traffic on.
helpLink: suricata.html
VXLAN_PORTS:
description: List of VXLAN ports to look for VXLAN traffic on.
helpLink: suricata.html
TEREDO_PORTS:
description: List of TEREDO ports to look for TEREDO traffic on.
helpLink: suricata.html
outputs:
eve-log:
xff:
enabled:
description: Enable X-Forward-For support.
helpLink: suricata.html
mode:
description: Operation mode. This should always be extra-data if you use PCAP.
helpLink: suricata.html
deployment:
description: forward would use the first IP address and reverse would use the last.
helpLink: suricata.html
header:
description: Header name where the actual IP address will be reported.
helpLink: suricata.html
asn1-max-frames:
description: Maximum nuber of asn1 frames to decode.
helpLink: suricata.html
max-pending-packets:
description: Number of packets preallocated per thread.
helpLink: suricata.html
default-packet-size:
description: Preallocated size for each packet.
helpLink: suricata.html
pcre:
match-limit:
description: Match limit for PCRE.
helpLink: suricata.html
match-limit-recursion:
description: Recursion limit for PCRE.
helpLink: suricata.html
defrag:
memcap:
description: Max memory to use for defrag. You should only change this if you know what you are doing.
helpLink: suricata.html
hash-size:
description: Hash size
helpLink: suricata.html
trackers:
description: Number of defragmented flows to follow.
helpLink: suricata.html
max-frags:
description: Max number of fragments to keep
helpLink: suricata.html
prealloc:
description: Preallocate memory.
helpLink: suricata.html
timeout:
description: Timeout value.
helpLink: suricata.html
flow:
memcap:
description: Reserverd memory for flows.
helpLink: suricata.html
hash-size:
description: Determines the size of the hash used to identify flows inside the engine.
helpLink: suricata.html
prealloc:
description: Number of preallocated flows.
helpLink: suricata.html
stream:
memcap:
description: Can be specified in kb,mb,gb.
helpLink: suricata.html
checksum-validation:
description: Validate checksum of packets.
helpLink: suricata.html
reassembly:
memcap:
description: Can be specified in kb,mb,gb.
helpLink: suricata.html
host:
hash-size:
description: Hash size in bytes.
helpLink: suricata.html
prealloc:
description: How many streams to preallocate.
helpLink: suricata.html
memcap:
description: Memory settings for host.
helpLink: suricata.html
decoder:
teredo:
enabled:
description: Enable TEREDO capabilities
helpLink: suricata.html
ports:
description: Ports to listen for. This should be a variable.
helpLink: suricata.html
vxlan:
enabled:
description: Enable VXLAN capabilities.
helpLink: suricata.html
ports:
description: Ports to listen for. This should be a variable.
description: Ports to listen for. This should be a variable.
helpLink: suricata.html