Add SOC Config for Detections

2025-12-06 09:12:45 +01:00 · 2024-02-01 12:22:50 -05:00
parent 49b5788ac1
commit fe196b5661
1 changed files with 14 additions and 0 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1002,6 +1002,11 @@ soc:
          jobDir: jobs
        kratos:
          hostUrl:
+        elastalertengine:
+          communityRulesImportFrequencySeconds: 180
+          elastAlertRulesFolder: /opt/so/rules/elastalert
+          rulesFingerprintFile: /opt/so/conf/soc/sigma.fingerprint
+          sigmaRulePackages: all
        elastic:
          hostUrl:
          remoteHostUrls: []
@@ -1043,6 +1048,15 @@ soc:
            - rbac/custom_roles
          userFiles:
            - rbac/users_roles
+        strelkaengine:
+          compileYaraPythonScriptPath: /opt/so/conf/strelka/compile_yara.py
+          reposFolder: /nsm/rules/strelka/repos
+          rulesRepos:
+          - https://github.com/Security-Onion-Solutions/securityonion-yara
+          yaraRulesFolder: /opt/so/conf/strelka/rules
+        suricataengine:
+          communityRulesFile: /nsm/rules/suricata/emerging-all.rules
+          rulesFingerprintFile: /opt/so/conf/soc/emerging-all.fingerprint
      client:
        enableReverseLookup: false
        docsUrl: /docs/