tenant-2.yaml - Suricata - Open Information Security Foundation

Bug #4797 » tenant-2.yaml

Jeff Lucovsky, 10/30/2021 03:14 PM

    
    %YAML 1.1

    ---

    # Suricata configuration file. In addition to the comments describing all

    # options in this file, full documentation can be found at:

    # https://suricata.readthedocs.io/en/latest/configuration/suricata-yaml.html

    ##

    ## Step 1: Inform Suricata about your network

    ##

    vars:

      # more specific is better for alert accuracy and performance

      address-groups:

        HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"

        #HOME_NET: "[192.168.0.0/16]"

        #HOME_NET: "[10.0.0.0/8]"

        #HOME_NET: "[172.16.0.0/12]"

        #HOME_NET: "any"

        EXTERNAL_NET: "!$HOME_NET"

        #EXTERNAL_NET: "any"

        HTTP_SERVERS: "$HOME_NET"

        SMTP_SERVERS: "$HOME_NET"

        SQL_SERVERS: "$HOME_NET"

        DNS_SERVERS: "$HOME_NET"

        TELNET_SERVERS: "$HOME_NET"

        AIM_SERVERS: "$EXTERNAL_NET"

        DC_SERVERS: "$HOME_NET"

        DNP3_SERVER: "$HOME_NET"

        DNP3_CLIENT: "$HOME_NET"

        MODBUS_CLIENT: "$HOME_NET"

        MODBUS_SERVER: "$HOME_NET"

        ENIP_CLIENT: "$HOME_NET"

        ENIP_SERVER: "$HOME_NET"

      port-groups:

        HTTP_PORTS: "80"

        SHELLCODE_PORTS: "!80"

        ORACLE_PORTS: 1521

        SSH_PORTS: 22

        DNP3_PORTS: 20000

        MODBUS_PORTS: 502

        FILE_DATA_PORTS: "[$HTTP_PORTS,110,143]"

        FTP_PORTS: 21

        GENEVE_PORTS: 6081

        VXLAN_PORTS: 4789

        TEREDO_PORTS: 3544

    default-rule-path: /usr/local/etc/suricata/rules

    rule-files:

      - suricata.rules

    classification-file: /home/jlucovsky/src/jal/suricata/etc/classification-2.config

    reference-config-file: ./etc/suricata/reference.config

(2-2/3)

Project

General

Profile

Suricata

Bug #4797 » tenant-2.yaml