Skip to content

Commit

Permalink
remove modules if detections disabled
Browse files Browse the repository at this point in the history
  • Loading branch information
m0duspwnens committed Mar 13, 2024
1 parent 6034831 commit 1a82919
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
2 changes: 1 addition & 1 deletion salt/soc/defaults.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1081,7 +1081,7 @@ soc:
allowRegex: ''
autoUpdateEnabled: false
communityRulesImportFrequencySeconds: 86400
denyRegex: '.*'
denyRegex: ''
elastAlertRulesFolder: /opt/sensoroni/elastalert
rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
sigmaRulePackages:
Expand Down
7 changes: 7 additions & 0 deletions salt/soc/merged.map.jinja
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,13 @@
{# since cases is not a valid soc config item and only used for the map files, remove it from being placed in the config #}
{% do SOCMERGED.config.server.modules.pop('cases') %}

{# remove these modules if detections is disabled #}
{% if not SOCMERGED.config.server.client.detectionsEnabled %}
{% do SOCMERGED.config.server.modules.pop('elastalertengine') %}
{% do SOCMERGED.config.server.modules.pop('strelkaengine') %}
{% do SOCMERGED.config.server.modules.pop('suricataengine') %}
{% endif %}

{% if pillar.manager.playbook == 0 %}
{% do SOCMERGED.config.server.client.inactiveTools.append('toolPlaybook') %}
{% endif %}
Expand Down

0 comments on commit 1a82919

Please sign in to comment.