Update soc_suricata.yaml

Security-Onion-Solutions · Mar 11, 2024 · 72acb11 · 72acb11
1 parent 47ab1f5
commit 72acb11
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/salt/suricata/soc_suricata.yaml b/salt/suricata/soc_suricata.yaml
@@ -59,8 +59,8 @@ suricata:
       regexFailureMessage: You must enter either yes or no.
       helpLink: suricata.html
     conditional: 
-      description: Set to "all" to capture PCAP for all flows. Set to "alert" to capture PCAP just for alerts or set to "tag" to capture PCAP for just tagged rules.
-      regex: ^(all|alert|tag)$
+      description: Set to "all" to capture PCAP for all flows. Set to "alerts" to capture PCAP just for alerts or set to "tag" to capture PCAP for just tagged rules.
+      regex: ^(all|alerts|tag)$
       regexFailureMessage: You must enter either all, alert or tag.
       helpLink: suricata.html
     dir: