CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

soc

Browse Source
This commit is contained in:
Mike Reeves
2025-02-26 14:14:25 -05:00
parent 0c2797ecdc
commit 25217c3262
1 changed files with 41 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
salt/soc/soc_soc.yaml
View File

@@ -60,7 +60,7 @@ soc:
- warn - warn
- error - error
actions: actions:
description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records. The action must be defined in JSON object format, and contain a "name" key and "links" key. The links is a list of URLs, where the most suitable URL in the list will be the selected URL when the user clicks the action. description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records.
global: True global: True
syntax: json syntax: json
forcedType: "[]{}" forcedType: "[]{}"
@@ -265,6 +265,14 @@ soc:
global: True global: True
advanced: True advanced: True
forcedType: "[]{}" forcedType: "[]{}"
syntax: json
uiElements:
- field: community
label: Community
- field: license
label: License
- field: repo
label: Repo
helpLink: sigma.html helpLink: sigma.html
airgap: *eerulesRepos airgap: *eerulesRepos
sigmaRulePackages: sigmaRulePackages:
@@ -381,6 +389,15 @@ soc:
advanced: True advanced: True
forcedType: "[]{}" forcedType: "[]{}"
helpLink: yara.html helpLink: yara.html
syntax: json
uiElements:
- field: community
label: Community
- field: license
label: License
- field: repo
label: Repo
helpLink: sigma.html
airgap: *serulesRepos airgap: *serulesRepos
suricataengine: suricataengine:
aiRepoUrl: aiRepoUrl:
@@ -473,10 +490,18 @@ soc:
description: List of external tools to remove from the SOC UI. description: List of external tools to remove from the SOC UI.
global: True global: True
tools: tools:
description: List of available external tools visible in the SOC UI. Each tool is defined in JSON object notation, and must include the "name" key and "link" key, where the link is the tool's URL. description: List of available external tools visible in the SOC UI.
global: True global: True
advanced: True advanced: True
forcedType: "[]{}" forcedType: "[]{}"
syntax: json
uiElements:
- field: description
label: Description
- field: icon
label: Icon
- field: link
label: Link
hunt: &appSettings hunt: &appSettings
groupItemsPerPage: groupItemsPerPage:
description: Default number of aggregations to show per page. Larger values consume more vertical area in the SOC UI. description: Default number of aggregations to show per page. Larger values consume more vertical area in the SOC UI.
@@ -503,11 +528,25 @@ soc:
description: List of default queries to show in the query list. Each query is represented in JSON object notation, and must include the "name" key and "query" key. description: List of default queries to show in the query list. Each query is represented in JSON object notation, and must include the "name" key and "query" key.
global: True global: True
forcedType: "[]{}" forcedType: "[]{}"
syntax: json
uiElements:
- field: name
label: Name
- field: query
label: Query
queryToggleFilters: queryToggleFilters:
description: Customize togglable query filters that apply to all queries. Exclusive toggles will invert the filter if toggled off rather than omitting the filter from the query. description: Customize togglable query filters that apply to all queries. Exclusive toggles will invert the filter if toggled off rather than omitting the filter from the query.
global: True global: True
advanced: True advanced: True
forcedType: "[]{}" forcedType: "[]{}"
syntax: json
uiElements:
- field: enabled
label: Enabled
- field: filter
label: Filter
- field: name
label: Name
alerts: alerts:
<<: *appSettings <<: *appSettings
maxBulkEscalateEvents: maxBulkEscalateEvents: