From 3d04d3703036cf883d6a8839e8a91e98316a5c41 Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Fri, 22 Mar 2024 10:31:09 -0600
Subject: [PATCH 1/2] Update ElastAlert Config with Default Repos

---
 salt/soc/defaults.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index bab229aeb..a7ee65f57 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1186,6 +1186,9 @@ soc:
           denyRegex: ''
           elastAlertRulesFolder: /opt/sensoroni/elastalert
           rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
+          rulesRepos:
+          - repo: https://github.com/Security-Onion-Solutions/securityonion-resources
+            license: DRL
           sigmaRulePackages:
             - core
             - emerging_threats_addon

From 237946e916ee6bfc9f9967f9244ea0651c8dd755 Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Fri, 22 Mar 2024 13:51:59 -0600
Subject: [PATCH 2/2] Specify Folder in Rule Repo

---
 salt/soc/defaults.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index a7ee65f57..4b3d23afe 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1189,6 +1189,7 @@ soc:
           rulesRepos:
           - repo: https://github.com/Security-Onion-Solutions/securityonion-resources
             license: DRL
+            folder: sigma/stable
           sigmaRulePackages:
             - core
             - emerging_threats_addon