CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-03 23:03:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

initial quick OCD pass

Browse Source
This commit is contained in:
doug
2022-09-23 16:29:55 -04:00
parent e3f4a58989
commit fee5a7bea9
11 changed files with 96 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
salt/zeek/soc_zeek.yaml
View File

@@ -1,36 +1,44 @@
zeek:
logging:
enabled:
description: This is a list of zeek logs that will be shipped through the pipeline. If you remove a log from this list it will still persist on the sensor.
description: This is a list of Zeek logs that will be shipped through the pipeline. If you remove a log from this list, it will still persist on the sensor.
helpLink: zeek.html
config:
local:
'@load':
description: List of Zeek policies to load
helpLink: zeek.html
'@load-sigs':
description: List of Zeek signatures to load
helpLink: zeek.html
node:
lb_procs:
description: This is the amount of CPUs to use for Zeek. This setting is ignored if you are using pins.
description: This is the number of CPUs to use for Zeek. This setting is ignored if you are using pins.
helpLink: zeek.html
node: True
pins_enabled:
description: Enabled CPU pinning
description: Enabling this setting allows you to pin Zeek to specific CPUs.
helpLink: zeek.html
node: True
advanced: True
pins:
description: List of CPUs you want to pin to
description: This is a list of CPUs you want to pin Zeek to.
helpLink: zeek.html
node: True
advanced: True
zeekctl:
CompressLogs:
description: Enable compression of zeek logs. If you are seeing packet loss at the top of the hour in zeek or pcap you might need to set this to 0. This will use more disk space but save IO and CPU.
description: This setting enables compression of Zeek logs. If you are seeing packet loss at the top of the hour in Zeek or PCAP you might need to disable this by seting it to 0. This will use more disk space but save IO and CPU.
helpLink: zeek.html
policy:
custom:
filters:
conn:
description: Conn Filter for Zeek. This is an advanced setting and will take further action to enable.
helpLink: zeek.html
file: True
global: True
advanced: True
file_extraction:
description: This is a list of mime types Zeek will extract from the network streams.
description: This is a list of MIME types that Zeek will extract from the network streams.
helpLink: zeek.html