From 020eb47026d57136a2d12d80dfa2e32629e48008 Mon Sep 17 00:00:00 2001 From: DefensiveDepth Date: Tue, 19 Mar 2024 13:53:37 -0400 Subject: [PATCH 1/3] Change Detections defaults --- salt/soc/defaults.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index de372a98fd..6c8234b9ab 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -1080,7 +1080,7 @@ soc: elastalertengine: allowRegex: '' autoUpdateEnabled: false - communityRulesImportFrequencySeconds: 86400 + communityRulesImportFrequencySeconds: 180 denyRegex: '' elastAlertRulesFolder: /opt/sensoroni/elastalert rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint @@ -1132,8 +1132,9 @@ soc: strelkaengine: allowRegex: '' autoUpdateEnabled: false + communityRulesImportFrequencySeconds: 180 compileYaraPythonScriptPath: /opt/so/conf/strelka/compile_yara.py - denyRegex: '.*' + denyRegex: '' reposFolder: /opt/sensoroni/yara/repos rulesRepos: - repo: https://github.com/Security-Onion-Solutions/securityonion-yara @@ -1141,8 +1142,10 @@ soc: yaraRulesFolder: /opt/sensoroni/yara/rules suricataengine: allowRegex: '' + autoUpdateEnabled: false + communityRulesImportFrequencySeconds: 180 communityRulesFile: /nsm/rules/suricata/emerging-all.rules - denyRegex: '.*' + denyRegex: '' rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint client: enableReverseLookup: false From d84af803a66c99449c4900fa243768d586c4753f Mon Sep 17 00:00:00 2001 From: DefensiveDepth Date: Wed, 20 Mar 2024 08:48:31 -0400 Subject: [PATCH 2/3] Enable Autoupdates --- salt/soc/defaults.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index 6c8234b9ab..8defda0dd8 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -1079,7 +1079,7 @@ soc: hostUrl: elastalertengine: allowRegex: '' - autoUpdateEnabled: false + autoUpdateEnabled: true communityRulesImportFrequencySeconds: 180 denyRegex: '' elastAlertRulesFolder: /opt/sensoroni/elastalert @@ -1131,7 +1131,7 @@ soc: - rbac/users_roles strelkaengine: allowRegex: '' - autoUpdateEnabled: false + autoUpdateEnabled: true communityRulesImportFrequencySeconds: 180 compileYaraPythonScriptPath: /opt/so/conf/strelka/compile_yara.py denyRegex: '' @@ -1142,7 +1142,7 @@ soc: yaraRulesFolder: /opt/sensoroni/yara/rules suricataengine: allowRegex: '' - autoUpdateEnabled: false + autoUpdateEnabled: true communityRulesImportFrequencySeconds: 180 communityRulesFile: /nsm/rules/suricata/emerging-all.rules denyRegex: '' From 4a33234c34f50d73c45b4fd23946e33948d53a5e Mon Sep 17 00:00:00 2001 From: DefensiveDepth Date: Thu, 21 Mar 2024 07:26:19 -0400 Subject: [PATCH 3/3] Default update to 24 hours --- salt/soc/defaults.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index 8defda0dd8..8b78f2e917 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -1080,7 +1080,7 @@ soc: elastalertengine: allowRegex: '' autoUpdateEnabled: true - communityRulesImportFrequencySeconds: 180 + communityRulesImportFrequencySeconds: 86400 denyRegex: '' elastAlertRulesFolder: /opt/sensoroni/elastalert rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint @@ -1132,7 +1132,7 @@ soc: strelkaengine: allowRegex: '' autoUpdateEnabled: true - communityRulesImportFrequencySeconds: 180 + communityRulesImportFrequencySeconds: 86400 compileYaraPythonScriptPath: /opt/so/conf/strelka/compile_yara.py denyRegex: '' reposFolder: /opt/sensoroni/yara/repos @@ -1143,7 +1143,7 @@ soc: suricataengine: allowRegex: '' autoUpdateEnabled: true - communityRulesImportFrequencySeconds: 180 + communityRulesImportFrequencySeconds: 86400 communityRulesFile: /nsm/rules/suricata/emerging-all.rules denyRegex: '' rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint