CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9470 from Security-Onion-Solutions/kilo

Browse Source 
Kilo
This commit is contained in:
Mike Reeves
2022-12-23 10:37:22 -05:00
committed by GitHub
parent 1b946ced7f 136867c96a
commit 058b4013aa
2 changed files with 114 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/common/tools/sbin/so-soc-restart
View File

@@ -9,5 +9,6 @@
. /usr/sbin/so-common . /usr/sbin/so-common
rm -f /opt/so/conf/soc/salt/pipe
pkill salt-relay.sh pkill salt-relay.sh
/usr/sbin/so-restart soc $1 /usr/sbin/so-restart soc $1

225
salt/soc/soc_soc.yaml
View File

@@ -45,6 +45,7 @@ soc:
default: default:
description: The list of fields to show as columns in the Hunt/Dashboards event table, when no other specific mapping applies. Mappings are defined by the format ":event.module:event.dataset". description: The list of fields to show as columns in the Hunt/Dashboards event table, when no other specific mapping applies. Mappings are defined by the format ":event.module:event.dataset".
global: True global: True
advanced: True
server: server:
maxPacketCount: maxPacketCount:
description: Maximum number of packets to show in the PCAP viewer. Larger values can cause more resource utilization on both the SOC server and the browser. description: Maximum number of packets to show in the PCAP viewer. Larger values can cause more resource utilization on both the SOC server and the browser.
@@ -97,119 +98,119 @@ soc:
description: Duration (in milliseconds) that must elapse after a grid node fails to check-in before the node will be marked offline (fault). description: Duration (in milliseconds) that must elapse after a grid node fails to check-in before the node will be marked offline (fault).
global: True global: True
advanced: True advanced: True
client: client:
apiTimeoutMs: apiTimeoutMs:
description: Duration (in milliseconds) to wait for a response from the SOC server API before giving up and showing an error on the SOC UI. description: Duration (in milliseconds) to wait for a response from the SOC server API before giving up and showing an error on the SOC UI.
global: True
advanced: True
webSocketTimeoutMs:
description: Duration (in milliseconds) to wait for a response from the SOC server websocket before giving up and reconnecting.
global: True
advanced: True
tipTimeoutMs:
description: Duration (in milliseconds) to show the popup tips, which typically indicate a successful operation.
global: True
cacheExpirationMs:
description: Duration (in milliseconds) of cached data within the browser, including users and settings.
global: True
advanced: True
casesEnabled:
description: Set to true to enable case management in SOC.
global: True
inactiveTools:
description: List of external tools to remove from the SOC UI.
global: True
tools:
description: List of available external tools visible in the SOC UI. Each tool is defined in JSON object notation, and must include the "name" key and "link" key, where the link is the tool's URL.
global: True
advanced: True
hunt: &appSettings
groupItemsPerPage:
description: Default number of aggregations to show per page. Larger values consume more vertical area in the SOC UI.
global: True
groupFetchLimit:
description: Default maximum number of aggregations to retrieve per search. Larger values consume more bandwidth and server resources.
global: True
eventItemsPerPage:
description: Default number of items to show per page. Larger values consume more vertical area in the SOC UI.
global: True
eventFetchLimit:
description: Default maximum number of items to retrieve per search. Larger values consume more bandwidth and server resources.
global: True
relativeTimeValue:
description: The duration of time to look backwards when searching for items. Used in combination with the relativeTimeUnit setting.
global: True
relativeTimeUnit:
description: The unit of time for the relativeTimeValue setting. Possible values are 10 (seconds), 20 (minutes), 30 (hours), 40 (days), 50 (weeks), and 60 (months).
global: True
mostRecentlyUsedLimit:
description: Number of items to show in the most recently used queries list. Larger values cause default queries to be located further down the list.
global: True
queries:
description: List of default queries to show in the query list. Each query is represented in JSON object notation, and must include the "name" key and "query" key.
global: True
alerts: *appSettings
cases: *appSettings
dashboards: *appSettings
case:
analyzerNodeId:
description: The node ID on which analyzers will be executed.
global: True global: True
advanced: True advanced: True
mostRecentlyUsedLimit: webSocketTimeoutMs:
description: Number of items to show in the most recently used queries list. Larger values cause default queries to be located further down the list. description: Duration (in milliseconds) to wait for a response from the SOC server websocket before giving up and reconnecting.
global: True
renderAbbreviatedCount:
description: When the number of case related items exceeds this number, the middle section of the results will be hidden from view, avoiding unnecessary scrolling.
global: True global: True
advanced: True advanced: True
presets: tipTimeoutMs:
artifactType: description: Duration (in milliseconds) to show the popup tips, which typically indicate a successful operation.
labels: global: True
description: List of available artifact types. Some of these default types have special characteristics and related functionality, built into SOC. cacheExpirationMs:
global: True description: Duration (in milliseconds) of cached data within the browser, including users and settings.
customEnabled: global: True
description: Set to true to allow users add their own artifact types directly in the SOC UI. advanced: True
global: True casesEnabled:
category: description: Set to true to enable case management in SOC.
labels: global: True
description: List of available case categories. inactiveTools:
global: True description: List of external tools to remove from the SOC UI.
customEnabled: global: True
description: Set to true to allow users add their own categories directly in the SOC UI. tools:
global: True description: List of available external tools visible in the SOC UI. Each tool is defined in JSON object notation, and must include the "name" key and "link" key, where the link is the tool's URL.
pap: global: True
labels: advanced: True
description: List of available PAP (Permissible Actions Protocol) values. hunt: &appSettings
global: True groupItemsPerPage:
customEnabled: description: Default number of aggregations to show per page. Larger values consume more vertical area in the SOC UI.
description: Set to true to allow users add their own PAP values directly in the SOC UI. global: True
global: True groupFetchLimit:
severity: description: Default maximum number of aggregations to retrieve per search. Larger values consume more bandwidth and server resources.
labels: global: True
description: List of available case severities. eventItemsPerPage:
global: True description: Default number of items to show per page. Larger values consume more vertical area in the SOC UI.
customEnabled: global: True
description: Set to true to allow users add their own severities directly in the SOC UI. eventFetchLimit:
global: True description: Default maximum number of items to retrieve per search. Larger values consume more bandwidth and server resources.
status: global: True
labels: relativeTimeValue:
description: List of available case statuses. Some statuses have specifial characteristics and related functionality built into SOC. description: The duration of time to look backwards when searching for items. Used in combination with the relativeTimeUnit setting.
global: True global: True
customEnabled: relativeTimeUnit:
description: Set to true to allow users add their own case statuses directly in the SOC UI. description: The unit of time for the relativeTimeValue setting. Possible values are 10 (seconds), 20 (minutes), 30 (hours), 40 (days), 50 (weeks), and 60 (months).
global: True global: True
tags: mostRecentlyUsedLimit:
labels: description: Number of items to show in the most recently used queries list. Larger values cause default queries to be located further down the list.
description: List of available tags. global: True
global: True queries:
customEnabled: description: List of default queries to show in the query list. Each query is represented in JSON object notation, and must include the "name" key and "query" key.
description: Set to true to allow users add their own tags directly in the SOC UI. global: True
global: True alerts: *appSettings
tlp: cases: *appSettings
labels: dashboards: *appSettings
description: List of available TLP (Traffic Light Protocol) values. case:
global: True analyzerNodeId:
customEnabled: description: The node ID on which analyzers will be executed.
description: Set to true to allow users add their own TLP values directly in the SOC UI. global: True
global: True advanced: True
mostRecentlyUsedLimit:
description: Number of items to show in the most recently used queries list. Larger values cause default queries to be located further down the list.
global: True
renderAbbreviatedCount:
description: When the number of case related items exceeds this number, the middle section of the results will be hidden from view, avoiding unnecessary scrolling.
global: True
advanced: True
presets:
artifactType:
labels:
description: List of available artifact types. Some of these default types have special characteristics and related functionality, built into SOC.
global: True
customEnabled:
description: Set to true to allow users add their own artifact types directly in the SOC UI.
global: True
category:
labels:
description: List of available case categories.
global: True
customEnabled:
description: Set to true to allow users add their own categories directly in the SOC UI.
global: True
pap:
labels:
description: List of available PAP (Permissible Actions Protocol) values.
global: True
customEnabled:
description: Set to true to allow users add their own PAP values directly in the SOC UI.
global: True
severity:
labels:
description: List of available case severities.
global: True
customEnabled:
description: Set to true to allow users add their own severities directly in the SOC UI.
global: True
status:
labels:
description: List of available case statuses. Some statuses have specifial characteristics and related functionality built into SOC.
global: True
customEnabled:
description: Set to true to allow users add their own case statuses directly in the SOC UI.
global: True
tags:
labels:
description: List of available tags.
global: True
customEnabled:
description: Set to true to allow users add their own tags directly in the SOC UI.
global: True
tlp:
labels:
description: List of available TLP (Traffic Light Protocol) values.
global: True
customEnabled:
description: Set to true to allow users add their own TLP values directly in the SOC UI.
global: True