FIX: Analysts should be able to modify and disable Suricata rules

Security-Onion-Solutions / securityonion

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

https://securityonion.net

3.32k stars 514 forks source link

FIX: Analysts should be able to modify and disable Suricata rules #13668

Closed jertel closed 2 months ago

jertel commented 2 months ago

Currently (2.4.100) analysts can modify YARA and Sigma rules, but when attempting to modify a Suricata rule a 401 error is returned.

jertel commented 2 months ago

Fix pushed, awaiting verification.

jertel commented 2 months ago

Verified a new analyst user was able to login, disable a Suricata community rule, clone it, edit the cloned rule, enable the cloned rule, create a suppression override, delete the rule, and then enable the community rule again.