From d99b865527850733320779c8cfd36036a5e31c97 Mon Sep 17 00:00:00 2001
From: Josh Brower <josh@defensivedepth.com>
Date: Thu, 7 Nov 2019 13:27:38 -0500
Subject: [PATCH] Do not disable a rule when an uncaught exception is thrown

---
 salt/elastalert/files/elastalert_config.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/salt/elastalert/files/elastalert_config.yaml b/salt/elastalert/files/elastalert_config.yaml
index 6a918093b..735ccb190 100644
--- a/salt/elastalert/files/elastalert_config.yaml
+++ b/salt/elastalert/files/elastalert_config.yaml
@@ -8,6 +8,11 @@ rules_folder: /etc/elastalert/rules/
 # the rules directory - true or false
 scan_subdirectories: true
 
+# Do not disable a rule when an uncaught exception is thrown -
+# This setting should be tweaked once the following issue has been fixed
+# https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/98
+disable_rules_on_error: false
+
 # How often ElastAlert will query Elasticsearch
 # The unit can be anything from weeks to seconds
 run_every: