CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-03 23:03:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add docs for ruleset change

Browse Source
This commit is contained in:
DefensiveDepth
2024-04-12 13:30:20 -04:00
parent 49ccd86c39
commit f5e42e73af
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/soc/defaults.yaml
View File

@@ -1253,7 +1253,7 @@ soc:
- core+critical
- securityonion-resources+critical
- securityonion-resources+high
communityRulesImportFrequencySeconds: 86400
communityRulesImportFrequencySeconds: 28800
denyRegex: ''
elastAlertRulesFolder: /opt/sensoroni/elastalert
reposFolder: /opt/sensoroni/sigma/repos
@@ -1311,7 +1311,7 @@ soc:
strelkaengine:
allowRegex: ''
autoUpdateEnabled: true
communityRulesImportFrequencySeconds: 86400
communityRulesImportFrequencySeconds: 28800
compileYaraPythonScriptPath: /opt/so/conf/strelka/compile_yara.py
denyRegex: ''
reposFolder: /opt/sensoroni/yara/repos
@@ -1323,7 +1323,7 @@ soc:
suricataengine:
allowRegex: ''
autoUpdateEnabled: true
communityRulesImportFrequencySeconds: 86400
communityRulesImportFrequencySeconds: 28800
communityRulesFile: /nsm/rules/suricata/emerging-all.rules
denyRegex: ''
rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint

2
salt/soc/soc_soc.yaml
View File

@@ -110,7 +110,7 @@ soc:
forcedType: "[]{}"
helpLink: sigma.html
sigmaRulePackages:
description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). WARNING! Changing the ruleset will remove all existing Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). Once you have changed the ruleset here, you will need to wait for the rule update to take place (every 8 hours), or you can force the update by nagivating to Detections --> Options dropdown menu --> Elastalert --> Full Update. WARNING! Changing the ruleset will remove all existing Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
global: True
advanced: False
helpLink: sigma.html