add new pcap annotations

salt/sensoroni/defaults.yaml

@@ -1,58 +1,60 @@
-sensoroni:
-  enabled: False
-  config:
-    analyze:
-      enabled: False
-      timeout_ms: 900000
-      parallel_limit: 5
-    node_checkin_interval_ms: 10000
-    sensoronikey:
-    soc_host:
-  analyzers:
-      echotrail:
-        base_url: https://api.echotrail.io/insights/
-        api_key:
-      elasticsearch:
-        base_url: 
-        auth_user: 
-        auth_pwd: 
-        num_results: 10
-        api_key: 
-        index: _all
-        time_delta_minutes: 14400
-        timestamp_field_name: '@timestamp'
-        map: {}
-        cert_path:
-      emailrep:
-        base_url: https://emailrep.io/
-        api_key:
-      greynoise:
-        base_url: https://api.greynoise.io/
-        api_key:
-        api_version: community
-      localfile:
-        file_path: []
-      otx:
-        base_url: https://otx.alienvault.com/api/v1/
-        api_key:
-      pulsedive:
-        base_url: https://pulsedive.com/api/
-        api_key:
-      spamhaus:
-        lookup_host: zen.spamhaus.org
-        nameservers: []
-      sublime_platform:
-        base_url: https://api.platform.sublimesecurity.com
-        api_key:
-        live_flow: False
-        mailbox_email_address:
-        message_source_id:
-      urlscan:
-        base_url: https://urlscan.io/api/v1/
-        api_key:
-        enabled: False
-        visibility: public
-        timeout: 180
-      virustotal:
-        base_url: https://www.virustotal.com/api/v3/search?query=
-        api_key:
+sensoroni:
+  enabled: False
+  config:
+    analyze:
+      enabled: False
+      timeout_ms: 900000
+      parallel_limit: 5
+    node_checkin_interval_ms: 10000
+    sensoronikey:
+    soc_host:
+    suripcap:
+      pcapMaxCount: 999999
+  analyzers:
+      echotrail:
+        base_url: https://api.echotrail.io/insights/
+        api_key:
+      elasticsearch:
+        base_url: 
+        auth_user: 
+        auth_pwd: 
+        num_results: 10
+        api_key: 
+        index: _all
+        time_delta_minutes: 14400
+        timestamp_field_name: '@timestamp'
+        map: {}
+        cert_path:
+      emailrep:
+        base_url: https://emailrep.io/
+        api_key:
+      greynoise:
+        base_url: https://api.greynoise.io/
+        api_key:
+        api_version: community
+      localfile:
+        file_path: []
+      otx:
+        base_url: https://otx.alienvault.com/api/v1/
+        api_key:
+      pulsedive:
+        base_url: https://pulsedive.com/api/
+        api_key:
+      spamhaus:
+        lookup_host: zen.spamhaus.org
+        nameservers: []
+      sublime_platform:
+        base_url: https://api.platform.sublimesecurity.com
+        api_key:
+        live_flow: False
+        mailbox_email_address:
+        message_source_id:
+      urlscan:
+        base_url: https://urlscan.io/api/v1/
+        api_key:
+        enabled: False
+        visibility: public
+        timeout: 180
+      virustotal:
+        base_url: https://www.virustotal.com/api/v3/search?query=
+        api_key:

salt/sensoroni/files/sensoroni.json

@@ -39,7 +39,8 @@
       "suriquery": {
         "executablePath": "/opt/sensoroni/scripts/suriquery.sh",
         "pcapInputPath": "/nsm/suripcap",
-        "pcapOutputPath": "/nsm/pcapout"
+        "pcapOutputPath": "/nsm/pcapout",
+        "pcapMaxCount": {{ SENSORONIMERGED.config.suripcap.pcapMaxCount }}
       }
 {%    endif %}
 {%- else %}

salt/sensoroni/soc_sensoroni.yaml

@@ -37,6 +37,11 @@ sensoroni:
       helpLink: grid.html
       global: True
       advanced: True
+    suripcap:
+      pcapMaxCount:
+        description: The maximum number of PCAP packets to extract from eligible PCAP files, for PCAP jobs. If there are issues fetching excessively large packet streams consider lowering this value to reduce the number of collected packets returned to the user interface.
+        helpLink: sensoroni.html
+        advanced: True
   analyzers:
     echotrail:
       api_key: