From e1ea3c20315ffd07b816480009aad29cc779efd6 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Sep 2022 16:22:54 -0400 Subject: [PATCH] soc for zeek --- salt/zeek/soc_zeek.yaml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/salt/zeek/soc_zeek.yaml b/salt/zeek/soc_zeek.yaml index a48ec20dc..7da21aa41 100644 --- a/salt/zeek/soc_zeek.yaml +++ b/salt/zeek/soc_zeek.yaml @@ -3,16 +3,23 @@ zeek: enabled: description: This is a list of zeek logs that will be shipped through the pipeline. If you remove a log from this list it will still persist on the sensor. config: + local: + '@load': + description: List of Zeek policies to load + '@load-sigs': + description: List of Zeek signatures to load node: lb_procs: description: This is the amount of CPUs to use for Zeek. This setting is ignored if you are using pins. node: True - zeek_pins_enabled: - description: + pins_enabled: + description: Enabled CPU pinning node: True - zeek_pins: - description: List of CPUs you want to + advanced: True + pins: + description: List of CPUs you want to pin to node: True + advanced: True zeekctl: CompressLogs: description: Enable compression of zeek logs. If you are seeing packet loss at the top of the hour in zeek or pcap you might need to set this to 0. This will use more disk space but save IO and CPU. @@ -24,10 +31,6 @@ zeek: file: True global: True advanced: True - file_extraction: - description: This is a list of mime types Zeek will extract from the network streams. - load: - description: List of Zeek policies to load - load-sigs: - description: List of Zeek signatures to load + file_extraction: + description: This is a list of mime types Zeek will extract from the network streams. \ No newline at end of file