mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
Merge pull request #14639 from Security-Onion-Solutions/cogburn/ruleset-name
Add RulesetName to Rule Repos
This commit is contained in:
coreyogburn
GitHub
@@ -1415,17 +1415,21 @@ soc:
|
|||||||
license: Elastic-2.0
|
license: Elastic-2.0
|
||||||
folder: sigma/stable
|
folder: sigma/stable
|
||||||
community: true
|
community: true
|
||||||
|
rulesetName: securityonion-resources
|
||||||
- repo: file:///nsm/rules/custom-local-repos/local-sigma
|
- repo: file:///nsm/rules/custom-local-repos/local-sigma
|
||||||
license: Elastic-2.0
|
license: Elastic-2.0
|
||||||
community: false
|
community: false
|
||||||
|
rulesetName: local-sigma
|
||||||
airgap:
|
airgap:
|
||||||
- repo: file:///nsm/rules/detect-sigma/repos/securityonion-resources
|
- repo: file:///nsm/rules/detect-sigma/repos/securityonion-resources
|
||||||
license: Elastic-2.0
|
license: Elastic-2.0
|
||||||
folder: sigma/stable
|
folder: sigma/stable
|
||||||
community: true
|
community: true
|
||||||
|
rulesetName: securityonion-resources
|
||||||
- repo: file:///nsm/rules/custom-local-repos/local-sigma
|
- repo: file:///nsm/rules/custom-local-repos/local-sigma
|
||||||
license: Elastic-2.0
|
license: Elastic-2.0
|
||||||
community: false
|
community: false
|
||||||
|
rulesetName: local-sigma
|
||||||
sigmaRulePackages:
|
sigmaRulePackages:
|
||||||
- core
|
- core
|
||||||
- emerging_threats_addon
|
- emerging_threats_addon
|
||||||
@@ -1500,16 +1504,20 @@ soc:
|
|||||||
- repo: https://github.com/Security-Onion-Solutions/securityonion-yara
|
- repo: https://github.com/Security-Onion-Solutions/securityonion-yara
|
||||||
license: DRL
|
license: DRL
|
||||||
community: true
|
community: true
|
||||||
|
rulesetName: securityonion-yara
|
||||||
- repo: file:///nsm/rules/custom-local-repos/local-yara
|
- repo: file:///nsm/rules/custom-local-repos/local-yara
|
||||||
license: Elastic-2.0
|
license: Elastic-2.0
|
||||||
community: false
|
community: false
|
||||||
|
rulesetName: local-yara
|
||||||
airgap:
|
airgap:
|
||||||
- repo: file:///nsm/rules/detect-yara/repos/securityonion-yara
|
- repo: file:///nsm/rules/detect-yara/repos/securityonion-yara
|
||||||
license: DRL
|
license: DRL
|
||||||
community: true
|
community: true
|
||||||
|
rulesetName: securityonion-yara
|
||||||
- repo: file:///nsm/rules/custom-local-repos/local-yara
|
- repo: file:///nsm/rules/custom-local-repos/local-yara
|
||||||
license: Elastic-2.0
|
license: Elastic-2.0
|
||||||
community: false
|
community: false
|
||||||
|
rulesetName: local-yara
|
||||||
yaraRulesFolder: /opt/sensoroni/yara/rules
|
yaraRulesFolder: /opt/sensoroni/yara/rules
|
||||||
stateFilePath: /opt/sensoroni/fingerprints/strelkaengine.state
|
stateFilePath: /opt/sensoroni/fingerprints/strelkaengine.state
|
||||||
integrityCheckFrequencySeconds: 1200
|
integrityCheckFrequencySeconds: 1200
|
||||||
|
|||||||
@@ -344,6 +344,23 @@ soc:
|
|||||||
advanced: True
|
advanced: True
|
||||||
forcedType: "[]{}"
|
forcedType: "[]{}"
|
||||||
helpLink: sigma.html
|
helpLink: sigma.html
|
||||||
|
syntax: json
|
||||||
|
uiElements:
|
||||||
|
- field: rulesetName
|
||||||
|
label: Ruleset Name
|
||||||
|
- field: repo
|
||||||
|
label: Repo URL
|
||||||
|
required: True
|
||||||
|
- field: branch
|
||||||
|
label: Branch
|
||||||
|
- field: license
|
||||||
|
label: License
|
||||||
|
required: True
|
||||||
|
- field: folder
|
||||||
|
label: Folder
|
||||||
|
- field: community
|
||||||
|
label: Community
|
||||||
|
forcedType: bool
|
||||||
airgap: *eerulesRepos
|
airgap: *eerulesRepos
|
||||||
sigmaRulePackages:
|
sigmaRulePackages:
|
||||||
description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). Once you have changed the ruleset here, the new settings will be applied within 15 minutes. At that point, you will need to wait for the scheduled rule update to take place (by default, every 24 hours), or you can force the update by nagivating to Detections --> Options dropdown menu --> Elastalert --> Full Update. WARNING! Changing the ruleset will remove all existing non-overlapping Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
|
description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). Once you have changed the ruleset here, the new settings will be applied within 15 minutes. At that point, you will need to wait for the scheduled rule update to take place (by default, every 24 hours), or you can force the update by nagivating to Detections --> Options dropdown menu --> Elastalert --> Full Update. WARNING! Changing the ruleset will remove all existing non-overlapping Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
|
||||||
@@ -459,6 +476,23 @@ soc:
|
|||||||
advanced: True
|
advanced: True
|
||||||
forcedType: "[]{}"
|
forcedType: "[]{}"
|
||||||
helpLink: yara.html
|
helpLink: yara.html
|
||||||
|
syntax: json
|
||||||
|
uiElements:
|
||||||
|
- field: rulesetName
|
||||||
|
label: Ruleset Name
|
||||||
|
- field: repo
|
||||||
|
label: Repo URL
|
||||||
|
required: True
|
||||||
|
- field: branch
|
||||||
|
label: Branch
|
||||||
|
- field: license
|
||||||
|
label: License
|
||||||
|
required: True
|
||||||
|
- field: folder
|
||||||
|
label: Folder
|
||||||
|
- field: community
|
||||||
|
label: Community
|
||||||
|
forcedType: bool
|
||||||
airgap: *serulesRepos
|
airgap: *serulesRepos
|
||||||
suricataengine:
|
suricataengine:
|
||||||
aiRepoUrl:
|
aiRepoUrl:
|
||||||
|
|||||||
Reference in New Issue
Block a user