CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-24 09:53:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9416 from Security-Onion-Solutions/jertel/lic

Browse Source 
license key format change and eventFields dedup
This commit is contained in:
Jason Ertel
2022-12-16 15:58:08 -05:00
committed by GitHub
parent 4384b83b65 fa7488effb
commit 1b42965a6d
3 changed files with 950 additions and 1887 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2826
salt/soc/defaults.yaml
View File

File diff suppressed because it is too large Load Diff

4
salt/soc/merged.map.jinja
View File

@@ -50,3 +50,7 @@
{% do SOCMERGED.server.client.update({'job': {'actions': standard_actions}}) %}
{% do SOCMERGED.server.client.alerts.update({'actions': standard_actions}) %}
{% do SOCMERGED.server.client.cases.update({'actions': standard_actions}) %}
{% set standard_eventFields = SOCMERGED.pop('eventFields') %}
{% do SOCMERGED.server.client.hunt.update({'eventFields': standard_eventFields}) %}
{% do SOCMERGED.server.client.dashboards.update({'eventFields': standard_eventFields}) %}

7
salt/soc/soc_soc.yaml
View File

@@ -1,10 +1,8 @@
soc:
licenseKey:
title: License Key
description: Optional Security Onion license key, in JSON format, to unlock enterprise features.
description: Optional Security Onion license key to unlock enterprise features.
global: True
syntax: json
multiline: True
logLevel:
title: Log Level
description: The SOC log level, useful for enabling debug logging for advanced troubleshooting. Allowed values are debug, info, warn, error. The SOC log is available at /opt/so/log/soc/sensoroni-server.log.
@@ -43,6 +41,9 @@ soc:
actions:
description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records. The action must be defined in JSON object format, and contain a "name" key and "links" key. The links is a list of URLs, where the most suitable URL in the list will be the selected URL when the user clicks the action.
global: True
eventFields:
description: A map of event metadata groupings to field lists. The field list specifies all the columns to show when displaying individual events (not groups). The event metadata grouping uses the format ":event.module:event.dataset".
global: True
server:
maxPacketCount:
description: Maximum number of packets to show in the PCAP viewer. Larger values can cause more resource utilization on both the SOC server and the browser.