CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 01:02:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14639 from Security-Onion-Solutions/cogburn/ruleset-name

Browse Source 
Add RulesetName to Rule Repos
This commit is contained in:
coreyogburn
2025-05-19 15:40:02 -06:00
committed by GitHub
parent 2948577b0e 39f74fe547
commit f751c82e1c
2 changed files with 43 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/soc/defaults.yaml
View File

@@ -1415,17 +1415,21 @@ soc:
license: Elastic-2.0
folder: sigma/stable
community: true
rulesetName: securityonion-resources
- repo: file:///nsm/rules/custom-local-repos/local-sigma
license: Elastic-2.0
community: false
rulesetName: local-sigma
airgap:
- repo: file:///nsm/rules/detect-sigma/repos/securityonion-resources
license: Elastic-2.0
folder: sigma/stable
community: true
rulesetName: securityonion-resources
- repo: file:///nsm/rules/custom-local-repos/local-sigma
license: Elastic-2.0
community: false
rulesetName: local-sigma
sigmaRulePackages:
- core
- emerging_threats_addon
@@ -1500,16 +1504,20 @@ soc:
- repo: https://github.com/Security-Onion-Solutions/securityonion-yara
license: DRL
community: true
rulesetName: securityonion-yara
- repo: file:///nsm/rules/custom-local-repos/local-yara
license: Elastic-2.0
community: false
rulesetName: local-yara
airgap:
- repo: file:///nsm/rules/detect-yara/repos/securityonion-yara
license: DRL
community: true
rulesetName: securityonion-yara
- repo: file:///nsm/rules/custom-local-repos/local-yara
license: Elastic-2.0
community: false
rulesetName: local-yara
yaraRulesFolder: /opt/sensoroni/yara/rules
stateFilePath: /opt/sensoroni/fingerprints/strelkaengine.state
integrityCheckFrequencySeconds: 1200

36
salt/soc/soc_soc.yaml
View File

@@ -344,6 +344,23 @@ soc:
advanced: True
forcedType: "[]{}"
helpLink: sigma.html
syntax: json
uiElements:
- field: rulesetName
label: Ruleset Name
- field: repo
label: Repo URL
required: True
- field: branch
label: Branch
- field: license
label: License
required: True
- field: folder
label: Folder
- field: community
label: Community
forcedType: bool
airgap: *eerulesRepos
sigmaRulePackages:
description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). Once you have changed the ruleset here, the new settings will be applied within 15 minutes. At that point, you will need to wait for the scheduled rule update to take place (by default, every 24 hours), or you can force the update by nagivating to Detections --> Options dropdown menu --> Elastalert --> Full Update. WARNING! Changing the ruleset will remove all existing non-overlapping Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
@@ -459,6 +476,23 @@ soc:
advanced: True
forcedType: "[]{}"
helpLink: yara.html
syntax: json
uiElements:
- field: rulesetName
label: Ruleset Name
- field: repo
label: Repo URL
required: True
- field: branch
label: Branch
- field: license
label: License
required: True
- field: folder
label: Folder
- field: community
label: Community
forcedType: bool
airgap: *serulesRepos
suricataengine:
aiRepoUrl:
@@ -592,7 +626,7 @@ soc:
label: Query
required: True
- field: showSubtitle
label: Show Query in Dropdown.
label: Show Query in Dropdown.
forcedType: bool
queryToggleFilters:
description: Customize togglable query filters that apply to all queries. Exclusive toggles will invert the filter if toggled off rather than omitting the filter from the query.