From 120e61e45cce0bd6796f819d4b96b5bbb2b7e9a3 Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Tue, 26 Aug 2025 16:06:14 -0600
Subject: [PATCH] ClientParams

Removed investigation prompt from module settings and moved to client settings, added enabledInSoc.
---
 salt/soc/defaults.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index f89d9e99f..d847d1d1b 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1493,7 +1493,6 @@ soc:
                 folder: securityonion-normalized
         assistant:
           apiUrl: https://onionai-dev.securityonion.net
-          investigationPrompt:
         salt:
           queueDir: /opt/sensoroni/queue
           timeoutMs: 45000
@@ -2544,3 +2543,6 @@ soc:
                           - ' -priv'
                   condition: all of selection_*
               level: 'high'  # info | low | medium | high | critical
+        assistant:
+          enabledInSoc: false
+          investigationPrompt: Investigate Alert ID {socid}
\ No newline at end of file