From a6bb7216f9aaead1b51887cee531e8b74e6272c2 Mon Sep 17 00:00:00 2001
From: Josh Brower <Josh@DefensiveDepth.com>
Date: Mon, 26 Feb 2024 08:18:42 -0500
Subject: [PATCH] Add Detection AutoUpdate config

---
 salt/soc/defaults.yaml | 2 ++
 salt/soc/soc_soc.yaml  | 9 +++++++++
 2 files changed, 11 insertions(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 2c15fe996..5267955b9 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1009,6 +1009,7 @@ soc:
         kratos:
           hostUrl:
         elastalertengine:
+          autoUpdateEnabled: false
           communityRulesImportFrequencySeconds: 180
           elastAlertRulesFolder: /opt/sensoroni/elastalert
           rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
@@ -1057,6 +1058,7 @@ soc:
           userFiles:
             - rbac/users_roles
         strelkaengine:
+          autoUpdateEnabled: false
           compileYaraPythonScriptPath: /opt/so/conf/strelka/compile_yara.py
           reposFolder: /opt/sensoroni/yara/repos
           rulesRepos:
diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index fdfb09733..74ae1051b 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -75,6 +75,10 @@ soc:
             description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). WARNING! Changing the ruleset will remove all existing Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
             global: True
             advanced: False
+          autoUpdateEnabled:
+            description: 'Set to true to enable automatic updates of the Sigma Community Ruleset.'
+            global: True
+            advanced: True
         elastic:
           index:
             description: Comma-separated list of indices or index patterns (wildcard "*" supported) that SOC will search for records.
@@ -133,6 +137,11 @@ soc:
             description: Duration (in milliseconds) to wait for a response from the Salt API when executing common grid management tasks before giving up and showing an error on the SOC UI.
             global: True
             advanced: True
+        strelkaengine:
+          autoUpdateEnabled:
+            description: 'Set to true to enable automatic updates of the Yara ruleset.'
+            global: True
+            advanced: True
       client:
         enableReverseLookup:
           description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI.