CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update soc_idstools.yaml

Browse Source
This commit is contained in:
bryant-treacle
2023-04-27 15:32:37 -04:00
committed by GitHub
parent 12120e94c8
commit a8b8a1d0b7
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
salt/idstools/soc_idstools.yaml
View File

@@ -1,11 +1,12 @@
idstools:
config:
oinkcode:
description: Enter your registration code for paid rulesets.
description: Enter your registration/oink code for paid NIDS rulesets.
title: registraion code
global: True
helpLink: rules.html
ruleset:
description: Define the ruleset you want to run. Options are ETOPEN or ETPRO.
description: Defines the ruleset you want to run. Options are ETOPEN or ETPRO.
global: True
regex: ETPRO\b|ETOPEN\b
helpLink: rules.html
@@ -15,26 +16,28 @@ idstools:
helpLink: rules.html
sids:
disabled:
description: List of SIDS that you want to disable.
description: Contains the list of NIDS rules manually disabled across the grid. To disable a rule, add its signature ID (SID) to the Current Grid Value box, one entry per line. To disable multiple rules, you can use regular expressions.
global: True
multiline: True
forcedType: "[]string"
regex: \d*|re:.*
helpLink: managing-alerts.html
enabled:
description: List of SIDS that are disabled by the rule source that you want to enable.
description: Contains the list of NIDS rules manually enabled across the grid. To enable a rule, add its signature ID (SID) to the Current Grid Value box, one entry per line. To enable multiple rules, you can use regular expressions.
global: True
multiline: True
forcedType: "[]string"
regex: \d*|re:.*
helpLink: managing-alerts.html
modify:
description: List of SIDS that you want to modify.
description: Contains the list of NIDS rules that were modified from their default values. Entries must adhere to the following format - SID "REGEX_SEARCH_TERM" "REGEX_REPLACE_TERM"
global: True
multiline: True
forcedType: "[]string"
helpLink: managing-alerts.html
rules:
local__rules:
description: This is where custom Suricata rules are entered.
description: Contains the list of custom NIDS rules applied to the grid. To add custom NIDS rules to the grid, enter one rule per line in the Current Grid Value box.
file: True
global: True
advanced: True