CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-02-27 09:25:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15531 from Security-Onion-Solutions/idstools-cleanup

Browse Source 
Cleanup idstools
This commit is contained in:
Josh Brower
2026-02-26 10:21:18 -05:00
committed by GitHub
parent 6b82712474 55e984df4c
commit dfed3681df
3 changed files with 4 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/manager/tools/sbin/soup
View File

@@ -1004,6 +1004,8 @@ up_to_2.4.210() {
# This state is used to deal with the breaking change introduced in 3006.17 - https://docs.saltproject.io/en/3006/topics/releases/3006.17.html
# This is the only way the state is called so we can use concurrent=True
salt-call state.apply salt.master.add_minimum_auth_version --file-root=$UPDATE_DIR/salt --local concurrent=True
# Remove so-rule-update script left behind by the idstools removal in 2.4.200
rm -f /usr/sbin/so-rule-update
INSTALLEDVERSION=2.4.210
}

3
salt/soc/soc_soc.yaml
View File

@@ -557,10 +557,11 @@ soc:
global: True
advanced: True
customRulesets:
description: 'URLs and/or Local File configurations for Suricata custom rulesets. Refer to the linked documentation for important specification and file placement information'
description: 'This setting is no longer used. Use Ruleset Sources setting instead.'
global: True
advanced: True
forcedType: "[]{}"
readonly: True
helpLink: suricata.html
ignoredSidRanges:
description: 'List of Suricata SID ranges to ignore during the Integrity Check. This is useful for ignoring specific rules not governed by the UI. Each line should contain 1 range in the format "1100000-1200000". The ranges are treated as inclusive.'

8
setup/so-setup
View File

@@ -799,14 +799,6 @@ if ! [[ -f $install_opt_file ]]; then
logCmd "salt-call state.apply influxdb -l info"
logCmd "salt-call state.highstate -l info"
logCmd "salt-call schedule.disable -linfo --local"
if [[ ! $is_airgap ]]; then
title "Downloading IDS Rules"
logCmd "so-rule-update"
if [[ $monints || $is_import ]]; then
title "Applying the Suricata state to load the new rules"
logCmd "salt-call state.apply suricata -l info"
fi
fi
if [[ $is_airgap ]]; then
title "Syncing AI-Generated Detection Summaries"
airgap_detection_summaries