-
|
Hi Team, Can someone confirm the location of suricata.yml file for reference purpose in SO? I wanted to modify it and wondering how do I do it then? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
The suricata.yaml file is located at /opt/so/conf/suricata/suricata.yaml But that is not where you will edit the yaml. Link to the docs reference: https://docs.securityonion.net/en/2.3/suricata.html?highlight=suricata.yaml#configuration Configuration For example, suppose you want to change Suricata’s EXTERNAL_NET setting from the default of any to !$HOME_NET. You could add the following to the global pillar file (/opt/so/saltstack/local/pillar/global.sls) or minion pillar file (/opt/so/saltstack/local/pillar/minions/$SENSORNAME_$ROLE.sls) on the manager: |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the help and really appreciated for the detailed explanation. |
Beta Was this translation helpful? Give feedback.
-
|
pulled directly from the securityonion docs :). |
Beta Was this translation helpful? Give feedback.
The suricata.yaml file is located at /opt/so/conf/suricata/suricata.yaml
But that is not where you will edit the yaml.
You need to edit the file in the global.sls or minions depending on exactly what you are trying to change.
Link to the docs reference: https://docs.securityonion.net/en/2.3/suricata.html?highlight=suricata.yaml#configuration
Configuration
You can configure Suricata’s suricata.yaml using Salt. The defaults for this have been defined in https://github.com/Security-Onion-Solutions/securityonion/blob/master/salt/suricata/defaults.yaml. Under suricata:config, the pillar structure follows the same YAML structure of the suricata.yaml file.
For example, suppose you want to change…