Global Pillar File

[baileyphil]

Version

2.4.111

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Standalone

Location

on-prem with Internet access

Hardware Specs

Exceeds minimum requirements

CPU

8

RAM

64

Storage for /

250GB

Storage for /nsm

7TB

Network Traffic Collection

tap

Network Traffic Speeds

1Gbps to 10Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

Hi Everybody, i think i am missing something but for the life of me i cant seem to figure this out, so im hoping this is a very quick fix and answer from you guys.

Im just looking at tuning some NIDS rules, and im following a you tube video on the offical Security Onion channel called "Tuning NIDS Rules in Security Onion"

No its telling me to edit the Global.sls file in /opt/so/saltstack/local/pillar/ but at this location there is no global.sls file, if i go into the global folder in that location i can see a soc_global.sls but i think this is different.

Am i missing something or has this changed since this video was released?

Any help would be really appreciated.

Many Thanks

P

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[reyesj2]

It looks like you're looking at an older video. The latest video walks you through using the Detections interface for your rule tuning.
https://www.youtube.com/watch?v=DelAmqtU2hg. Much simpler and no modifying pillar files!

[baileyphil]

Many Thanks 👍