CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Replace external zeek-community-id with builtin community-id. Disable plugin-tds + plugin-profinet. Not updated for Zeek 6.x

Browse Source 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
This commit is contained in:
reyesj2
2023-10-16 15:18:26 -04:00
parent 2f0e673ec3
commit e5c936e8cf
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
salt/zeek/defaults.yaml
View File

@@ -49,12 +49,13 @@ zeek:
- frameworks/files/hash-all-files - frameworks/files/hash-all-files
- frameworks/files/detect-MHR - frameworks/files/detect-MHR
- policy/frameworks/notice/extend-email/hostnames - policy/frameworks/notice/extend-email/hostnames
- policy/frameworks/notice/community-id
- policy/protocols/conn/community-id-logging
- ja3 - ja3
- hassh - hassh
- intel - intel
- cve-2020-0601 - cve-2020-0601
- securityonion/bpfconf - securityonion/bpfconf
- securityonion/communityid
- securityonion/file-extraction - securityonion/file-extraction
- oui-logging - oui-logging
- icsnpp-modbus - icsnpp-modbus
@@ -65,8 +66,8 @@ zeek:
- icsnpp-opcua-binary - icsnpp-opcua-binary
- icsnpp-bsap - icsnpp-bsap
- icsnpp-s7comm - icsnpp-s7comm
- zeek-plugin-tds # - zeek-plugin-tds
- zeek-plugin-profinet # - zeek-plugin-profinet
- zeek-spicy-wireguard - zeek-spicy-wireguard
- zeek-spicy-stun - zeek-spicy-stun
load-sigs: load-sigs:
@@ -75,7 +76,7 @@ zeek:
- LogAscii::use_json = T; - LogAscii::use_json = T;
- CaptureLoss::watch_interval = 5 mins; - CaptureLoss::watch_interval = 5 mins;
networks: networks:
HOME_NET: HOME_NET:
- 192.168.0.0/16 - 192.168.0.0/16
- 10.0.0.0/8 - 10.0.0.0/8
- 172.16.0.0/12 - 172.16.0.0/12
@@ -120,4 +121,4 @@ zeek:
- stats - stats
- stderr - stderr
- stdout - stdout