mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-28 03:43:31 +01:00
18 lines
615 B
Plaintext
18 lines
615 B
Plaintext
{% set modify_sids = salt['pillar.get']('idstools:sids:modify', {}) -%}
|
|
# idstools-rulecat - modify.conf
|
|
|
|
# Format: <sid> "<from>" "<to>"
|
|
|
|
# Example changing the seconds for rule 2019401 to 3600.
|
|
#2019401 "seconds \d+" "seconds 3600"
|
|
|
|
# Change all trojan-activity rules to drop. Its better to setup a
|
|
# drop.conf for this, but this does show the use of back references.
|
|
#re:classtype:trojan-activity "(alert)(.*)" "drop\\2"
|
|
|
|
# For compatibility, most Oinkmaster modifysid lines should work as
|
|
# well.
|
|
#modifysid * "^drop(.*)noalert(.*)" | "alert${1}noalert${2}"
|
|
{%- for sid in modify_sids %}
|
|
{{ sid }}
|
|
{%- endfor %} |