From 46d69a0fe33690dcc421e2b37e66069f19db7b36 Mon Sep 17 00:00:00 2001
From: Josh Brower <josh@defensivedepth.com>
Date: Thu, 21 Nov 2024 09:17:21 -0500
Subject: [PATCH] Update for new setting

---
 sigma.rst | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/sigma.rst b/sigma.rst
index cdf1a782..a7cef41e 100644
--- a/sigma.rst
+++ b/sigma.rst
@@ -99,7 +99,7 @@ Enable Sigma Rules on Import
 
 ::
 
-        soc > config > server > modules > elastalertengine > autoEnabledSigmaRules > default [adv]
+        soc > config > server > modules > elastalertengine > enabledSigmaRules > default
 
 
 This configuration options allows you to specify which rules are automatically enabled upon initial import. The format for this filter is a YAML list that supports flexible filtering criteria based on a number of fields in a Sigma rule. A rule is enabled only if it matches all specified filters - if there is more than one filter for a field, then it has to match at least one.
@@ -118,7 +118,7 @@ Each item in the YAML list represents a set of filters, using the following fiel
 
     product
         Type: List of strings  
-        Description: Specifies the product(s) to filter by (e.g., "windows", "*" for all products).
+        Description: Specifies the product(s) to filter by (e.g., "windows", "*" for any products).
 
     category
         Type: List of strings  
@@ -132,7 +132,6 @@ For example:
 
 ::
 
-    Enabled_On_Import:
       # Enable all critical and high rules from the "securityonion-resources" ruleset
       - ruleset: ["securityonion-resources"]
         level: ["critical", "high"]