From fe196b56619ee240a81508a111e2e13427e3f382 Mon Sep 17 00:00:00 2001
From: Josh Brower <josh@defensivedepth.com>
Date: Thu, 1 Feb 2024 12:22:50 -0500
Subject: [PATCH] Add SOC Config for Detections

---
 salt/soc/defaults.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index c1b9470c8..fdbdfd6b2 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1002,6 +1002,11 @@ soc:
           jobDir: jobs
         kratos:
           hostUrl:
+        elastalertengine:
+          communityRulesImportFrequencySeconds: 180
+          elastAlertRulesFolder: /opt/so/rules/elastalert
+          rulesFingerprintFile: /opt/so/conf/soc/sigma.fingerprint
+          sigmaRulePackages: all
         elastic:
           hostUrl:
           remoteHostUrls: []
@@ -1043,6 +1048,15 @@ soc:
             - rbac/custom_roles
           userFiles:
             - rbac/users_roles
+        strelkaengine:
+          compileYaraPythonScriptPath: /opt/so/conf/strelka/compile_yara.py
+          reposFolder: /nsm/rules/strelka/repos
+          rulesRepos:
+          - https://github.com/Security-Onion-Solutions/securityonion-yara
+          yaraRulesFolder: /opt/so/conf/strelka/rules
+        suricataengine:
+          communityRulesFile: /nsm/rules/suricata/emerging-all.rules
+          rulesFingerprintFile: /opt/so/conf/soc/emerging-all.fingerprint
       client:
         enableReverseLookup: false
         docsUrl: /docs/