mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
73 lines
2.1 KiB
YAML
73 lines
2.1 KiB
YAML
suricata:
|
|
config:
|
|
outputs:
|
|
- file-store:
|
|
version: 2
|
|
enabled: "yes"
|
|
dir: /nsm/extracted
|
|
#write-fileinfo: "yes"
|
|
#force-filestore: "yes"
|
|
stream-depth: 0
|
|
#max-open-files: 1000
|
|
#force-hash: [sha1, md5]
|
|
xff:
|
|
enabled: "no"
|
|
mode: extra-data
|
|
deployment: reverse
|
|
header: X-Forwarded-For
|
|
- eve-log:
|
|
types:
|
|
- anomaly:
|
|
enabled: "no"
|
|
types:
|
|
decode: "no"
|
|
stream: "no"
|
|
applayer: "yes"
|
|
packethdr: "no"
|
|
- http:
|
|
extended: "yes"
|
|
#custom: [Accept-Encoding, Accept-Language, Authorization]
|
|
# dump-all-headers: none
|
|
- dns:
|
|
version: 2
|
|
enabled: "yes"
|
|
#requests: "no"
|
|
#responses: "no"
|
|
formats: [grouped]
|
|
#types: [a, aaaa, cname, mx, ns, ptr, txt]
|
|
- tls:
|
|
extended: "yes"
|
|
#session-resumption: "no"
|
|
#custom: [subject, issuer, session_resumed, serial, fingerprint, sni, version, not_before, not_after, certificate, chain, ja3, ja3s]
|
|
- files:
|
|
force-magic: "yes"
|
|
force-hash: [md5,sha1]
|
|
#- drop:
|
|
# alerts: "yes"
|
|
# flows: all
|
|
- smtp:
|
|
extended: "yes"
|
|
#custom: [received, x-mailer, x-originating-ip, relays, reply-to, bcc]
|
|
#md5: [body, subject]
|
|
- dnp3
|
|
- ftp
|
|
- rdp
|
|
- nfs
|
|
- smb
|
|
- tftp
|
|
- ikev2
|
|
- krb5
|
|
- snmp
|
|
- sip
|
|
- dhcp:
|
|
enabled: "yes"
|
|
extended: "yes"
|
|
- ssh
|
|
#- stats:
|
|
# totals: "yes"
|
|
# threads: "no"
|
|
# deltas: "no"
|
|
- flow
|
|
#- netflow
|
|
#- metadata
|