From 67a608ea565d3fca9563aa64ae87ea6671adb14f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 24 May 2023 12:22:42 -0400 Subject: [PATCH] adjust suricata defaults --- salt/suricata/defaults.yaml | 48 +++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 26 deletions(-) diff --git a/salt/suricata/defaults.yaml b/salt/suricata/defaults.yaml index f154b5beb..8be41b999 100644 --- a/salt/suricata/defaults.yaml +++ b/salt/suricata/defaults.yaml @@ -2,28 +2,24 @@ suricata: enabled: False config: threading: - set-cpu-affinity: 'no' - detect-thread-ratio: 1.0 - cpu-affinity: - - management-cpu-set: - cpu: [] - - receive-cpu-set: - cpu: [] - - worker-cpu-set: - cpu: [] - mode: exclusive - threads: 1 - prio: - default: high + set-cpu-affinity: "no" + cpu-affinity: + - management-cpu-set: + cpu: [] + - worker-cpu-set: + cpu: [] + mode: exclusive + prio: + default: high af-packet: - interface: bond0 - cluster-id: 59 - cluster-type: cluster_flow - defrag: true - use-mmap: true - threads: 1 - tpacket-v3: true - ring-size: 5000 + interface: bond0 + cluster-id: 59 + cluster-type: cluster_flow + defrag: "yes" + use-mmap: "yes" + threads: 1 + tpacket-v3: "yes" + ring-size: 5000 vars: address-groups: HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]" @@ -69,11 +65,6 @@ suricata: pcap-file: false community-id: true community-id-seed: 0 - xff: - enabled: "no" - mode: extra-data - deployment: reverse - header: X-Forwarded-For types: - alert: payload: "no" @@ -87,6 +78,11 @@ suricata: metadata: true raw: true tagged-packets: "no" + xff: + enabled: "no" + mode: extra-data + deployment: reverse + header: X-Forwarded-For unified2-alert: enabled: "no" http-log: