CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX: Annotations for BPF and Suricata PCAP #12626

Browse Source
This commit is contained in:
Doug Burks
2024-03-20 15:57:32 -04:00
committed by GitHub
parent 876690a9f6
commit d2fb067110
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
salt/suricata/soc_suricata.yaml
View File

@@ -21,12 +21,12 @@ suricata:
helpLink: suricata.html helpLink: suricata.html
pcap: pcap:
filesize: filesize:
description: Max file size for individual PCAP files written by Suricata. Increasing this number could improve write performance at the expense of pcap retrieval times. description: Maximum file size for individual PCAP files written by Suricata. Increasing this number could improve write performance at the expense of pcap retrieval time.
advanced: True advanced: True
helplink: suricata.html helpLink: suricata.html
maxsize: maxsize:
description: Size in GB for total usage size of PCAP on disk. description: Maximum disk usage in GB for all PCAP written by Suricata.
helplink: suricata.html helpLink: suricata.html
compression: compression:
description: Enable compression of Suricata PCAP. description: Enable compression of Suricata PCAP.
advanced: True advanced: True
@@ -36,7 +36,7 @@ suricata:
advanced: True advanced: True
helpLink: suricata.html helpLink: suricata.html
lz4-level: lz4-level:
description: lz4 compression level of PCAP. 0 for no compression 16 for max compression. description: lz4 compression level of PCAP. 0 for no compression. 16 for maximum compression.
advanced: True advanced: True
helpLink: suricata.html helpLink: suricata.html
filename: filename:
@@ -50,13 +50,13 @@ suricata:
readonly: True readonly: True
helpLink: suricata.html helpLink: suricata.html
use-stream-depth: use-stream-depth:
description: Set to "no" to ignore the stream depth and capture the entire flow. Set this to "yes" to truncate the flow based on the stream depth. description: Set to "no" to ignore the stream depth and capture the entire flow. Set to "yes" to truncate the flow based on the stream depth.
advanced: True advanced: True
regex: ^(yes|no)$ regex: ^(yes|no)$
regexFailureMessage: You must enter either yes or no. regexFailureMessage: You must enter either yes or no.
helpLink: suricata.html helpLink: suricata.html
conditional: conditional:
description: Set to "all" to capture PCAP for all flows. Set to "alerts" to capture PCAP just for alerts or set to "tag" to capture PCAP for just tagged rules. description: Set to "all" to record PCAP for all flows. Set to "alerts" to record PCAP just for alerts. Set to "tag" to record PCAP for just tagged rules.
regex: ^(all|alerts|tag)$ regex: ^(all|alerts|tag)$
regexFailureMessage: You must enter either all, alert or tag. regexFailureMessage: You must enter either all, alert or tag.
helpLink: suricata.html helpLink: suricata.html