Removed Allow/Deny Regexes, Added Enable/Disable Regex

Update config and annotations for new regex support for suricata.
Security-Onion-Solutions · Jul 19, 2024 · 45b2413 · 45b2413
1 parent 022df96
commit 45b2413
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 7 deletions.
diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
@@ -1311,7 +1311,6 @@ soc:
         kratos:
           hostUrl:
         elastalertengine:
-          allowRegex: ''
           autoUpdateEnabled: true
           autoEnabledSigmaRules:
             default:
@@ -1327,7 +1326,6 @@ soc:
           communityRulesImportFrequencySeconds: 86400
           communityRulesImportErrorSeconds: 300
           failAfterConsecutiveErrorCount: 10
-          denyRegex: ''
           elastAlertRulesFolder: /opt/sensoroni/elastalert
           reposFolder: /opt/sensoroni/sigma/repos
           rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
@@ -1392,15 +1390,13 @@ soc:
           userFiles:
             - rbac/users_roles
         strelkaengine:
-          allowRegex: ''
           autoEnabledYaraRules:
             - securityonion-yara
           autoUpdateEnabled: true
           communityRulesImportFrequencySeconds: 86400
           communityRulesImportErrorSeconds: 300
           failAfterConsecutiveErrorCount: 10
           compileYaraPythonScriptPath: /opt/sensoroni/yara/compile_yara.py
-          denyRegex: ''
           reposFolder: /opt/sensoroni/yara/repos
           rulesRepos:
             default:
@@ -1415,14 +1411,14 @@ soc:
           stateFilePath: /opt/sensoroni/fingerprints/strelkaengine.state
           integrityCheckFrequencySeconds: 1200
         suricataengine:
-          allowRegex: ''
           autoUpdateEnabled: true
           communityRulesImportFrequencySeconds: 86400
           communityRulesImportErrorSeconds: 300
           customRulesets:
+          disableRegex: []
+          enableRegex: []
           failAfterConsecutiveErrorCount: 10
           communityRulesFile: /nsm/rules/suricata/emerging-all.rules
-          denyRegex: ''
           rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint
           stateFilePath: /opt/sensoroni/fingerprints/suricataengine.state
           integrityCheckFrequencySeconds: 1200

diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
@@ -222,7 +222,7 @@ soc:
             global: True
             forcedType: "[]string"
           enableRegex:
-            description: A list of regular expressions used to automatically enable rules that match any of them. Each regular expression is tested against the rule's content.
+            description: A list of regular expressions used to automatically enable rules that match any of them. Each regular expression is tested against the rule's content. Takes priority over disableRegex matches.
             global: True
             forcedType: "[]string"
           integrityCheckFrequencySeconds: