Merge pull request #13001 from Security-Onion-Solutions/2.4/socdefaults

2.4/socdefaults
Security-Onion-Solutions · May 13, 2024 · 2419066 · 2419066
2 parents 927fe91 + e430de8
commit 2419066
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/salt/idstools/soc_idstools.yaml b/salt/idstools/soc_idstools.yaml
@@ -9,7 +9,7 @@ idstools:
       forcedType: string
       helpLink: rules.html
     ruleset:
-      description: 'Defines the ruleset you want to run. Options are ETOPEN or ETPRO. Once you have changed the ruleset here, you will need to wait for the rule update to take place (every 8 hours), or you can force the update by nagivating to Detections -->  Options dropdown menu --> Suricata --> Full Update. WARNING! Changing the ruleset will remove all existing Suricata rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
+      description: 'Defines the ruleset you want to run. Options are ETOPEN or ETPRO. Once you have changed the ruleset here, you will need to wait for the rule update to take place (every 24 hours), or you can force the update by nagivating to Detections -->  Options dropdown menu --> Suricata --> Full Update. WARNING! Changing the ruleset will remove all existing non-overlapping Suricata rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
       global: True
       regex:  ETPRO\b|ETOPEN\b
       helpLink: rules.html

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
@@ -1284,7 +1284,7 @@ soc:
             so-import:
               - securityonion-resources+critical
               - securityonion-resources+high
-          communityRulesImportFrequencySeconds: 28800
+          communityRulesImportFrequencySeconds: 86400
           communityRulesImportErrorSeconds: 300
           failAfterConsecutiveErrorCount: 10
           denyRegex: ''
@@ -1353,7 +1353,7 @@ soc:
           autoEnabledYaraRules:
             - securityonion-yara
           autoUpdateEnabled: true
-          communityRulesImportFrequencySeconds: 28800
+          communityRulesImportFrequencySeconds: 86400
           communityRulesImportErrorSeconds: 300
           failAfterConsecutiveErrorCount: 10
           compileYaraPythonScriptPath: /opt/sensoroni/yara/compile_yara.py
@@ -1373,7 +1373,7 @@ soc:
         suricataengine:
           allowRegex: ''
           autoUpdateEnabled: true
-          communityRulesImportFrequencySeconds: 28800
+          communityRulesImportFrequencySeconds: 86400
           communityRulesImportErrorSeconds: 300
           failAfterConsecutiveErrorCount: 10
           communityRulesFile: /nsm/rules/suricata/emerging-all.rules

diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
@@ -39,7 +39,7 @@ soc:
         helpLink: soc-customization.html
       sigma_final_pipeline__yaml:
         title: Final Sigma Pipeline
-        description: Final Processing Pipeline for Sigma Rules (future use, not yet complete)
+        description: Final Processing Pipeline for Sigma Rules.
         syntax: yaml
         file: True
         global: True
@@ -115,7 +115,7 @@ soc:
               helpLink: sigma.html
             airgap: *eerulesRepos
           sigmaRulePackages:
-            description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). Once you have changed the ruleset here, you will need to wait for the rule update to take place (every 8 hours), or you can force the update by nagivating to Detections -->  Options dropdown menu --> Elastalert --> Full Update. WARNING! Changing the ruleset will remove all existing Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
+            description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). Once you have changed the ruleset here, you will need to wait for the scheduled rule update to take place (by default, every 24 hours), or you can force the update by nagivating to Detections -->  Options dropdown menu --> Elastalert --> Full Update. WARNING! Changing the ruleset will remove all existing non-overlapping Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
             global: True
             advanced: False
             helpLink: sigma.html
@@ -255,7 +255,7 @@ soc:
           description: Set to true to enable case management in SOC.
           global: True
         detectionsEnabled:
-          description: Set to true to enable the Detections module in SOC. (future use, not yet complete)
+          description: Set to true to enable the Detections module in SOC.
           global: True
         inactiveTools:
           description: List of external tools to remove from the SOC UI.