CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13025 from Security-Onion-Solutions/jertel/suridp

Browse Source 
exclude detect-parse errors
This commit is contained in:
Jason Ertel
2024-05-15 19:21:30 -04:00
committed by GitHub
parent 52f27c00ce 4771810361
commit aa32eb9c0e
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/common/tools/sbin/so-log-check
View File

@@ -202,6 +202,7 @@ if [[ $EXCLUDE_KNOWN_ERRORS == 'Y' ]]; then
EXCLUDED_ERRORS="$EXCLUDED_ERRORS|parsing_exception" # Elastalert EQL parsing issue. Temp. EXCLUDED_ERRORS="$EXCLUDED_ERRORS|parsing_exception" # Elastalert EQL parsing issue. Temp.
EXCLUDED_ERRORS="$EXCLUDED_ERRORS|context deadline exceeded" EXCLUDED_ERRORS="$EXCLUDED_ERRORS|context deadline exceeded"
EXCLUDED_ERRORS="$EXCLUDED_ERRORS|Error running query:" # Specific issues with detection rules EXCLUDED_ERRORS="$EXCLUDED_ERRORS|Error running query:" # Specific issues with detection rules
EXCLUDED_ERRORS="$EXCLUDED_ERRORS|detect-parse" # Suricata encountering a malformed rule
fi fi
RESULT=0 RESULT=0

2
salt/suricata/soc_suricata.yaml
View File

@@ -12,7 +12,7 @@ suricata:
title: SIDS title: SIDS
helpLink: suricata.html helpLink: suricata.html
readonlyUi: True readonlyUi: True
advanced: true advanced: True
classification: classification:
classification__config: classification__config:
description: Classifications config file. description: Classifications config file.