CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-03 06:43:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d36f2f642f8a4f2f110f97d4adbc00a80726d71a
securityonion/salt/suricata/soc_suricata.yaml
Mike Reeves 2bd9dd80e2 Move In Day
2022-09-07 09:06:25 -04:00

123 lines
4.3 KiB
YAML
Raw Blame History

suricata:
config:
vars:
address-groups:
HOME_NET:
description: List of hosts or netowrks.
EXTERNAL_NET:
description: List of hosts or netowrks.
HTTP_SERVERS:
description: List of hosts or netowrks.
SMTP_SERVERS:
description: List of hosts or netowrks.
SQL_SERVERS:
description: List of hosts or netowrks.
DNS_SERVERS:
description: List of hosts or netowrks.
TELNET_SERVERS:
description: List of hosts or netowrks.
AIM_SERVERS:
description: List of hosts or netowrks.
DC_SERVERS:
description: List of hosts or netowrks.
DNP3_SERVER:
description: List of hosts or netowrks.
DNP3_CLIENT:
description: List of hosts or netowrks.
MODBUS_CLIENT:
description: List of hosts or netowrks.
MODBUS_SERVER:
description: List of hosts or netowrks.
ENIP_CLIENT:
description: List of hosts or netowrks.
ENIP_SERVER:
description: List of hosts or netowrks.
port-groups:
HTTP_PORTS:
description: List of HTTP ports to look for HTTP traffic on.
SHELLCODE_PORTS:
description: List of SHELLCODE ports to look for SHELLCODE traffic on.
ORACLE_PORTS:
description: List of ORACLE ports to look for ORACLE traffic on.
SSH_PORTS:
description: List of SSH ports to look for SSH traffic on.
DNP3_PORTS:
description: List of DNP3 ports to look for DNP3 traffic on.
MODBUS_PORTS:
description: List of MODBUS ports to look for MODBUS traffic on.
FILE_DATA_PORTS:
description: List of FILE_DATA ports to look for FILE_DATA traffic on.
FTP_PORTS:
description: List of FTP ports to look for FTP traffic on.
VXLAN_PORTS:
description: List of VXLAN ports to look for VXLAN traffic on.
TEREDO_PORTS:
description: List of TEREDO ports to look for TEREDO traffic on.
outputs:
eve-log:
xff:
enabled:
description: Enable X-Forward-For support.
mode:
description: Operation mode. This should always be extra-data if you use PCAP.
deployment:
description: forward would use the first IP address and reverse would use the last.
header:
description: Header name where the actual IP address will be reported.
asn1-max-frames:
description: Maximum nuber of asn1 frames to decode.
max-pending-packets:
description: Number of packets preallocated per thread.
default-packet-size:
description: Preallocated size for each packet.
pcre:
match-limit:
description: Match limit for PCRE.
match-limit-recursion:
description: Recursion limit for PCRE.
defrag:
memcap:
description: Max memory to use for defrag. You should only change this if you know what you are doing.
hash-size:
description: Hash size
trackers:
description: Number of defragmented flows to follow.
max-frags:
description: Max number of fragments to keep
prealloc:
description: Preallocate memory.
timeout:
description: Timeout value.
flow:
memcap:
description: Reserverd memory for flows.
hash-size:
description: Determines the size of the hash used to identify flows inside the engine.
prealloc:
description: Number of preallocated flows.
stream:
memcap:
description: Can be specified in kb,mb,gb.
checksum-validation:
description: Validate checksum of packets.
reassembly:
memcap:
description: Can be specified in kb,mb,gb.
host:
hash-size:
description: Hash size in bytes.
prealloc:
description: How many streams to preallocate.
memcap:
description: Memory settings for host.
decoder:
teredo:
enabled:
description: Enable TEREDO capabilities
ports:
description: Ports to listen for. This should be a variable.
vxlan:
enabled:
description: Enable VXLAN capabilities.
ports:
description: Ports to listen for. This should be a variable.
Reference in New Issue View Git Blame Copy Permalink