CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12882 from Security-Onion-Solutions/cogburn/community-repos

Browse Source 
Mark Repos as Community
This commit is contained in:
coreyogburn
2024-04-30 09:12:25 -06:00
committed by GitHub
parent e9944796c8 ddf662bdb4
commit ea4750d8ad
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
salt/soc/defaults.yaml
View File

@@ -580,7 +580,7 @@ soc:
- file.source
- file.mime_type
- log.id.fuid
- event.dataset
- event.dataset
':suricata:':
- soc_timestamp
- source.ip
@@ -1270,6 +1270,7 @@ soc:
- repo: https://github.com/Security-Onion-Solutions/securityonion-resources
license: Elastic-2.0
folder: sigma/stable
community: true
sigmaRulePackages:
- core
- emerging_threats_addon
@@ -1327,6 +1328,7 @@ soc:
rulesRepos:
- repo: https://github.com/Security-Onion-Solutions/securityonion-yara
license: DRL
community: true
yaraRulesFolder: /opt/sensoroni/yara/rules
stateFilePath: /opt/sensoroni/fingerprints/strelkaengine.state
suricataengine:
@@ -1917,7 +1919,7 @@ soc:
query: 'event.dataset:soc.detections | groupby soc.detection_type soc.error_type | groupby soc.error_analysis | groupby soc.rule.name | groupby soc.error_message'
job:
alerts:
advanced: false
@@ -1955,7 +1957,7 @@ soc:
- event_data.destination.host
- event_data.destination.port
- event_data.process.executable
- event_data.process.pid
- event_data.process.pid
':sigma:':
- soc_timestamp
- rule.name
@@ -1967,7 +1969,7 @@ soc:
- event_data.destination.host
- event_data.destination.port
- event_data.process.executable
- event_data.process.pid
- event_data.process.pid
':strelka:':
- soc_timestamp
- file.name