add support for custom alerters

2026-02-22 06:55:27 +01:00 · 2024-05-17 14:49:39 -04:00
parent aa0163349b
commit 1c4d36760a
4 changed files with 21 additions and 0 deletions
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -83,6 +83,13 @@ soc:
        advanced: True
      modules:
        elastalertengine:
+          additionalAlerters:
+            title: Additional Alerters
+            description: Specify additional alerters to enable for all Sigma rules, one alerter name per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. Note that the configuration parameters for these alerters must be provided in the ElastAlert configuration section. Filter for 'Alerter Parameters' to find this related setting.
+            global: True
+            helpLink: sigma.html
+            forcedType: "[]string"
+            multiline: True
          allowRegex:
            description: 'Regex used to filter imported Sigma rules. Deny regex takes precedence over the Allow regex setting.'
            global: True