CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Modify Suricata defaults

Browse Source
This commit is contained in:
Mike Reeves
2022-09-13 11:29:31 -04:00
parent 74d991da45
commit a32ff6f403
1 changed files with 86 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

187
salt/suricata/defaults.yaml
View File

@@ -33,98 +33,97 @@ suricata:
enabled: "yes" enabled: "yes"
interval: 30 interval: 30
outputs: outputs:
- fast: fast:
enabled: "no"
filename: fast.log
append: "yes"
eve-log:
enabled: "yes"
filetype: regular
filename: /nsm/eve-%Y-%m-%d-%H:%M.json
rotate-interval: hour
pcap-file: false
community-id: true
community-id-seed: 0
xff:
enabled: "no" enabled: "no"
filename: fast.log mode: extra-data
append: "yes" deployment: reverse
- eve-log: header: X-Forwarded-For
enabled: "yes" types:
filetype: regular - alert:
filename: /nsm/eve-%Y-%m-%d-%H:%M.json payload: "no"
rotate-interval: hour payload-buffer-size: 4kb
pcap-file: false payload-printable: "yes"
community-id: true packet: "yes"
community-id-seed: 0 metadata:
xff: app-layer: false
enabled: "no" flow: false
mode: extra-data rule:
deployment: reverse metadata: true
header: X-Forwarded-For raw: true
types: tagged-packets: "no"
- alert: unified2-alert:
payload: "no" enabled: "no"
payload-buffer-size: 4kb http-log:
payload-printable: "yes" enabled: "no"
packet: "yes" filename: http.log
metadata: append: "yes"
app-layer: false tls-log:
flow: false enabled: "no"
rule: filename: tls.log
metadata: true append: "yes"
raw: true tls-store:
tagged-packets: "no" enabled: "no"
- unified2-alert: pcap-log:
enabled: "no" enabled: "no"
- http-log: filename: log.pcap
enabled: "no" limit: 1000mb
filename: http.log max-files: 2000
append: "yes" compression: none
- tls-log:
enabled: "no"
filename: tls.log
append: "yes"
- tls-store:
enabled: "no"
- pcap-log:
enabled: "no"
filename: log.pcap
limit: 1000mb
max-files: 2000
compression: none
mode: normal mode: normal
use-stream-depth: "no" use-stream-depth: "no"
honor-pass-rules: "no" honor-pass-rules: "no"
- alert-debug: alert-debug:
enabled: "no"
filename: alert-debug.log
append: "yes"
alert-prelude:
enabled: "no"
profile: suricata
log-packet-content: "no"
log-packet-header: "yes"
stats:
enabled: "yes"
filename: stats.log
append: "yes"
totals: "yes"
threads: "no"
null-values: "yes"
syslog:
enabled: "no"
facility: local5
drop:
enabled: "no"
file-store:
version: 2
enabled: "no"
xff:
enabled: "no" enabled: "no"
filename: alert-debug.log mode: extra-data
append: "yes" deployment: reverse
- alert-prelude: header: X-Forwarded-For
enabled: "no" tcp-data:
profile: suricata enabled: "no"
log-packet-content: "no" type: file
log-packet-header: "yes" filename: tcp-data.log
- stats: http-body-data:
enabled: "yes"
filename: stats.log
append: "yes"
totals: "yes"
threads: "no"
null-values: "yes"
- syslog:
enabled: "no"
facility: local5
- drop:
enabled: "no"
- file-store:
version: 2
enabled: "no"
xff:
enabled: "no"
mode: extra-data
deployment: reverse
header: X-Forwarded-For
- tcp-data:
enabled: "no"
type: file
filename: tcp-data.log
- http-body-data:
enabled: "no" enabled: "no"
type: file type: file
filename: http-data.log filename: http-data.log
- lua: lua:
enabled: "no" enabled: "no"
scripts: scripts:
logging: logging:
default-log-level: notice default-log-level: notice
outputs: outputs:
@@ -397,25 +396,11 @@ suricata:
locks: locks:
enabled: "no" enabled: "no"
filename: lock_stats.log filename: lock_stats.log
append: "yes" append: "yes"
pcap-log: pcap-log:
enabled: "no" enabled: "no"
filename: pcaplog_stats.log filename: pcaplog_stats.log
append: "yes" append: "yes"
nfq:
nflog:
- group: 2
buffer-size: 18432
- group: default
qthreshold: 1
qtimeout: 100
max-size: 20000
capture:
netmap:
- interface: eth2
- interface: default
ipfw:
default-rule-path: /etc/suricata/rules default-rule-path: /etc/suricata/rules
rule-files: rule-files:
- all.rules - all.rules