Merge pull request #12732 from Security-Onion-Solutions/2.4/detections-defaults

Feature - auto-enabled Sigma rules
2025-12-06 09:12:45 +01:00 · 2024-04-03 09:01:09 -04:00
parent 23a6c4adb6 a8f25150f6
commit fbdcc53fe0
1 changed files with 4 additions and 0 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1236,6 +1236,10 @@ soc:
        elastalertengine:
          allowRegex: ''
          autoUpdateEnabled: true
+          autoEnabledSigmaRules:
+            - core+critical
+            - securityonion-resources+critical
+            - securityonion-resources+high
          communityRulesImportFrequencySeconds: 86400
          denyRegex: ''
          elastAlertRulesFolder: /opt/sensoroni/elastalert