idstools:
  enabled:
    description: You can enable or disable IDSTools.
  config:
    oinkcode:
      description: Enter your registration code or oinkcode for paid NIDS rulesets.
      title: Registration Code
      global: True
      helpLink: rules.html
    ruleset:
      description: Defines the ruleset you want to run. Options are ETOPEN or ETPRO.
      global: True
      regex:  ETPRO\b|ETOPEN\b
      helpLink: rules.html
    urls:
      description: This is a list of additional rule download locations.
      global: True
      helpLink: rules.html
  sids:
    disabled:
      description: Contains the list of NIDS rules manually disabled across the grid. To disable a rule, add its Signature ID (SID) to the Current Grid Value box, one entry per line. To disable multiple rules, you can use regular expressions.
      global: True
      multiline: True
      forcedType: "[]string"
      regex: \d*|re:.*
      helpLink: managing-alerts.html
    enabled:
      description: Contains the list of NIDS rules manually enabled across the grid. To enable a rule, add its Signature ID (SID) to the Current Grid Value box, one entry per line. To enable multiple rules, you can use regular expressions.
      global: True
      multiline: True
      forcedType: "[]string"
      regex: \d*|re:.*
      helpLink: managing-alerts.html
    modify:
      description: Contains the list of NIDS rules that were modified from their default values. Entries must adhere to the following format - SID "REGEX_SEARCH_TERM" "REGEX_REPLACE_TERM"
      global: True
      multiline: True
      forcedType: "[]string"
      helpLink: managing-alerts.html
  rules:
    local__rules:
      description: Contains the list of custom NIDS rules applied to the grid. To add custom NIDS rules to the grid, enter one rule per line in the Current Grid Value box.
      file: True
      global: True
      advanced: True
      title: Local Rules
      helpLink: local-rules.html
    filters__rules:
      description: If you are using Suricata for metadata, then you can set custom filters for that metadata here.
      file: True
      global: True
      advanced: True
      title: Filter Rules
      helpLink: suricata.html
    extraction__rules:
      description: If you are using Suricata for metadata, then you can set a list of MIME types for file extraction here.
      file: True
      global: True
      advanced: True
      title: Extraction Rules
      helpLink: suricata.html