mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-15 21:52:47 +01:00
58 lines
1.7 KiB
YAML
58 lines
1.7 KiB
YAML
suricata:
|
|
config:
|
|
outputs:
|
|
- eve-log:
|
|
types:
|
|
- anomaly:
|
|
enabled: "no"
|
|
types:
|
|
decode: "no"
|
|
stream: "no"
|
|
applayer: "yes"
|
|
packethdr: "no"
|
|
- http:
|
|
extended: "yes"
|
|
#custom: [Accept-Encoding, Accept-Language, Authorization]
|
|
# dump-all-headers: none
|
|
- dns:
|
|
version: 2
|
|
enabled: "yes"
|
|
#requests: "no"
|
|
#responses: "no"
|
|
#formats: [detailed, grouped]
|
|
#types: [a, aaaa, cname, mx, ns, ptr, txt]
|
|
- tls:
|
|
extended: "yes"
|
|
#session-resumption: "no"
|
|
#custom: [subject, issuer, session_resumed, serial, fingerprint, sni, version, not_before, not_after, certificate, chain, ja3, ja3s]
|
|
- files:
|
|
force-magic: "no"
|
|
#force-hash: [md5]
|
|
#- drop:
|
|
# alerts: "yes"
|
|
# flows: all
|
|
- smtp:
|
|
extended: "yes"
|
|
#custom: [received, x-mailer, x-originating-ip, relays, reply-to, bcc]
|
|
#md5: [body, subject]
|
|
- dnp3
|
|
- ftp
|
|
- rdp
|
|
- nfs
|
|
- smb
|
|
- tftp
|
|
- ikev2
|
|
- krb5
|
|
- snmp
|
|
- sip
|
|
- dhcp:
|
|
enabled: "yes"
|
|
# extended: "no"
|
|
- ssh
|
|
#- stats:
|
|
# totals: "yes"
|
|
# threads: "no"
|
|
# deltas: "no"
|
|
- flow
|
|
#- netflow
|
|
#- metadata |