Default ruleset; Descriptions

2025-12-06 17:22:49 +01:00 · 2024-02-16 11:55:10 -05:00
parent e4dcb4a8dd
commit ffb3cc87b7
3 changed files with 3 additions and 2 deletions
--- a/salt/idstools/soc_idstools.yaml
+++ b/salt/idstools/soc_idstools.yaml
@@ -8,7 +8,7 @@ idstools:
      global: True
      helpLink: rules.html
    ruleset:
-      description: Defines the ruleset you want to run. Options are ETOPEN or ETPRO.  -- WARNING -- Changing the ruleset will remove all existing Suricata rules of the previous ruleset and their associated overrides.'
+      description: 'Defines the ruleset you want to run. Options are ETOPEN or ETPRO. WARNING! Changing the ruleset will remove all existing Suricata rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
      global: True
      regex:  ETPRO\b|ETOPEN\b
      helpLink: rules.html
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1014,6 +1014,7 @@ soc:
          rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
          sigmaRulePackages:
            - core
+            - emerging_threats_addon
        elastic:
          hostUrl:
          remoteHostUrls: []
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -72,7 +72,7 @@ soc:
      modules:
        elastalertengine:
          sigmaRulePackages:
-            description: 'Defines the Sigma Community Ruleset you want to run: core | core+ | core++ | all.  -- WARNING -- Changing the ruleset will remove all existing Sigma rules of the previous ruleset and their associated overrides.'
+            description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). WARNING! Changing the ruleset will remove all existing Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
            global: True
            advanced: False
        elastic: