CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
87477ae4f66903d0fcf08a744bd74365b0b2af47
securityonion/salt/zeek/defaults.yaml

129 lines
4.2 KiB
YAML
Raw Blame History

zeek:
enabled: False
config:
node:
lb_procs: 0
pins_enabled: False
pins: []
buffer: 128*1024*1024
zeekctl:
MailTo: root@localhost
MailConnectionSummary: 0
MinDiskSpace: 5
MailHostUpDown: 0
LogRotationInterval: 3600
LogExpireInterval: 0
StatsLogEnable: 1
StatsLogExpireInterval: 0
StatusCmdShowAll: 0
CrashExpireInterval: 0
SitePolicyScripts: local.zeek
LogDir: /nsm/zeek/logs
SpoolDir: /nsm/zeek/spool
CfgDir: /opt/zeek/etc
CompressLogs: 1
ZeekPort: 27760
FileExtractDir: ""
local:
load:
- misc/loaded-scripts
- misc/capture-loss
- frameworks/software/vulnerable
- frameworks/software/version-changes
- protocols/ftp/software
- protocols/smtp/software
- protocols/ssh/software
- protocols/http/software
- protocols/dns/detect-external-names
- protocols/ftp/detect
- protocols/conn/known-hosts
- protocols/conn/known-services
- protocols/conn/vlan-logging
- protocols/ssl/known-certs
- protocols/ssl/validate-certs
- protocols/ssl/log-hostcerts-only
- protocols/ssh/geo-data
- protocols/ssh/detect-bruteforcing
- protocols/ssh/interesting-hostnames
- protocols/http/detect-sql-injection
- frameworks/files/hash-all-files
- frameworks/files/detect-MHR
- policy/frameworks/notice/extend-email/hostnames
- policy/frameworks/notice/community-id
- policy/protocols/conn/community-id-logging
- ja3
- ja4
- hassh
- intel
- cve-2020-0601
- securityonion/bpfconf
- securityonion/file-extraction
- securityonion/community-id-extended
- oui-logging
- icsnpp-modbus
- icsnpp-dnp3
- icsnpp-bacnet
- icsnpp-ethercat
- icsnpp-enip
- icsnpp-opcua-binary
- icsnpp-bsap
- icsnpp-s7comm
- zeek-plugin-tds
- zeek-plugin-profinet
- zeek-spicy-wireguard
- zeek-spicy-stun
- http2
- zeek-spicy-ipsec
- zeek-spicy-openvpn
load-sigs:
- frameworks/signatures/detect-windows-shells
redef:
- LogAscii::use_json = T;
- CaptureLoss::watch_interval = 5 mins;
networks:
HOME_NET:
- 192.168.0.0/16
- 10.0.0.0/8
- 172.16.0.0/12
file_extraction:
- application/x-dosexec: exe
- application/pdf: pdf
- application/msword: doc
- application/vnd.ms-powerpoint: doc
- application/rtf: doc
- application/vnd.ms-word.document.macroenabled.12: doc
- application/vnd.ms-word.template.macroenabled.12: doc
- application/vnd.ms-powerpoint.template.macroenabled.12: doc
- application/vnd.ms-excel: doc
- application/vnd.ms-excel.addin.macroenabled.12: doc
- application/vnd.ms-excel.sheet.binary.macroenabled.12: doc
- application/vnd.ms-excel.template.macroenabled.12: doc
- application/vnd.ms-excel.sheet.macroenabled.12: doc
- application/vnd.openxmlformats-officedocument.presentationml.presentation: doc
- application/vnd.openxmlformats-officedocument.presentationml.slide: doc
- application/vnd.openxmlformats-officedocument.presentationml.slideshow: doc
- application/vnd.openxmlformats-officedocument.presentationml.template: doc
- application/vnd.openxmlformats-officedocument.spreadsheetml.sheet: doc
- application/vnd.openxmlformats-officedocument.spreadsheetml.template: doc
- application/vnd.openxmlformats-officedocument.wordprocessingml.document: doc
- application/vnd.openxmlformats-officedocument.wordprocessingml.template: doc
- application/vnd.ms-powerpoint.addin.macroenabled.12: doc
- application/vnd.ms-powerpoint.slide.macroenabled.12: doc
- application/vnd.ms-powerpoint.presentation.macroenabled.12: doc
- application/vnd.ms-powerpoint.slideshow.macroenabled.12: doc
- application/vnd.openxmlformats-officedocument: doc
logging:
excluded:
- broker
- capture_loss
- known_hosts
- known_services
- loaded_scripts
- ntp
- packet_filter
- reporter
- stats
- stderr
- stdout
Reference in New Issue View Git Blame Copy Permalink