From 72acb11925bd85afcbd1fc59f167ff96520fb253 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Mon, 11 Mar 2024 19:04:51 -0400
Subject: [PATCH] Update soc_suricata.yaml

---
 salt/suricata/soc_suricata.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/suricata/soc_suricata.yaml b/salt/suricata/soc_suricata.yaml
index da7586e97b..c61c041235 100644
--- a/salt/suricata/soc_suricata.yaml
+++ b/salt/suricata/soc_suricata.yaml
@@ -59,8 +59,8 @@ suricata:
       regexFailureMessage: You must enter either yes or no.
       helpLink: suricata.html
     conditional: 
-      description: Set to "all" to capture PCAP for all flows. Set to "alert" to capture PCAP just for alerts or set to "tag" to capture PCAP for just tagged rules.
-      regex: ^(all|alert|tag)$
+      description: Set to "all" to capture PCAP for all flows. Set to "alerts" to capture PCAP just for alerts or set to "tag" to capture PCAP for just tagged rules.
+      regex: ^(all|alerts|tag)$
       regexFailureMessage: You must enter either all, alert or tag.
       helpLink: suricata.html
     dir: