Logo

Table of Contents

  • About
  • Introduction
  • License
  • First Time Users
  • Getting Started
  • Security Onion Console (SOC)
  • Security Onion Desktop
  • Network Visibility
  • Additional Network Visibility
  • Host Visibility
  • Third Party Integrations
  • Rules
    • NIDS
    • Sigma
    • YARA
  • Logs
  • Updating
  • Accounts
  • Services
  • Customizing for Your Environment
  • Tricks and Tips
  • Utilities
  • Help
  • Security Onion Pro
  • Security
  • Telemetry
  • Release Notes
  • Appendix
  • Cheat Sheet
Security Onion Documentation
  • Rules
  • View page source

Rules

Security Onion supports three main types of rules: NIDS, Sigma, and YARA. You can manage all three types via Detections.

  • NIDS
    • Managing Existing NIDS Rules
    • Enabling and Disabling with Regex
    • Tuning Overrides
    • Adding New NIDS Rules
    • Update Frequency
    • Allow External Access to NIDS Rules
    • Configuring Rulesets
    • Common Ruleset Configurations
    • ETPRO in Airgap Environments
    • Flowbit Dependency Handling
    • Sync Block
  • Sigma
    • Managing Existing Sigma Rules
    • Adding New Sigma Rules
    • Sigma Configuration
  • YARA
    • Managing Existing YARA Rules
    • Adding New YARA Rules
    • YARA Rules Options
Previous Next

© Copyright 2026.

Built with Sphinx using a theme provided by Read the Docs.