CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14991 from Security-Onion-Solutions/cogburn/wip-module

Browse Source 
Cogburn/wip module
This commit is contained in:
coreyogburn
2025-09-09 10:32:06 -06:00
committed by GitHub
parent 624ec3c93e aa43177d8c
commit 2f68cd7483
8 changed files with 305 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
salt/elasticsearch/defaults.yaml
View File

@@ -284,6 +284,86 @@ elasticsearch:
hot: hot:
actions: {} actions: {}
min_age: 0ms min_age: 0ms
so-assistant-chat:
index_sorting: false
index_template:
composed_of:
- assistant-chat-mappings
- assistant-chat-settings
data_stream:
allow_custom_routing: false
hidden: false
ignore_missing_component_templates: []
index_patterns:
- so-assistant-chat-*
priority: 501
template:
mappings:
date_detection: false
dynamic_templates:
- strings_as_keyword:
mapping:
ignore_above: 1024
type: keyword
match_mapping_type: string
settings:
index:
lifecycle:
name: so-assistant-chat-logs
mapping:
total_fields:
limit: 1500
number_of_replicas: 0
number_of_shards: 1
refresh_interval: 1s
sort:
field: '@timestamp'
order: desc
policy:
phases:
hot:
actions: {}
min_age: 0ms
so-assistant-session:
index_sorting: false
index_template:
composed_of:
- assistant-session-mappings
- assistant-session-settings
data_stream:
allow_custom_routing: false
hidden: false
ignore_missing_component_templates: []
index_patterns:
- so-assistant-session-*
priority: 501
template:
mappings:
date_detection: false
dynamic_templates:
- strings_as_keyword:
mapping:
ignore_above: 1024
type: keyword
match_mapping_type: string
settings:
index:
lifecycle:
name: so-assistant-session-logs
mapping:
total_fields:
limit: 1500
number_of_replicas: 0
number_of_shards: 1
refresh_interval: 1s
sort:
field: '@timestamp'
order: desc
policy:
phases:
hot:
actions: {}
min_age: 0ms
so-endgame: so-endgame:
index_sorting: false index_sorting: false
index_template: index_template:

104
salt/elasticsearch/templates/component/so/assistant-chat-mappings.json Normal file
View File

@@ -0,0 +1,104 @@
{
"template": {
"mappings": {
"properties": {
"@timestamp": {
"type": "date"
},
"so_kind": {
"ignore_above": 1024,
"type": "keyword"
},
"so_operation": {
"ignore_above": 1024,
"type": "keyword"
},
"so_chat": {
"properties": {
"role": {
"ignore_above": 1024,
"type": "keyword"
},
"content": {
"type": "object",
"enabled": false
},
"sessionId": {
"ignore_above": 1024,
"type": "keyword"
},
"createTime": {
"type": "date"
},
"deletedAt": {
"type": "date"
},
"tags": {
"ignore_above": 1024,
"type": "keyword"
},
"tool_use_id": {
"ignore_above": 1024,
"type": "keyword"
},
"userId": {
"ignore_above": 1024,
"type": "keyword"
},
"message": {
"properties": {
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"role": {
"ignore_above": 1024,
"type": "keyword"
},
"model": {
"ignore_above": 1024,
"type": "keyword"
},
"contentStr": {
"type": "text"
},
"contentBlocks": {
"type": "nested",
"enabled": false
},
"stopReason": {
"ignore_above": 1024,
"type": "keyword"
},
"stopSequence": {
"ignore_above": 1024,
"type": "keyword"
},
"usage": {
"properties": {
"input_tokens": {
"type": "long"
},
"output_tokens": {
"type": "long"
},
"credits": {
"type": "long"
}
}
}
}
}
}
}
}
}
},
"_meta": {
"ecs_version": "1.12.2"
}
}

7
salt/elasticsearch/templates/component/so/assistant-chat-settings.json Normal file
View File

@@ -0,0 +1,7 @@
{
"template": {},
"version": 1,
"_meta": {
"description": "default settings for common Security Onion Assistant indices"
}
}

44
salt/elasticsearch/templates/component/so/assistant-session-mappings.json Normal file
View File

@@ -0,0 +1,44 @@
{
"template": {
"mappings": {
"properties": {
"@timestamp": {
"type": "date"
},
"so_kind": {
"ignore_above": 1024,
"type": "keyword"
},
"so_session": {
"properties": {
"title": {
"ignore_above": 1024,
"type": "keyword"
},
"sessionId": {
"ignore_above": 1024,
"type": "keyword"
},
"createTime": {
"type": "date"
},
"deleteTime": {
"type": "date"
},
"tags": {
"ignore_above": 1024,
"type": "keyword"
},
"userId": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
}
},
"_meta": {
"ecs_version": "1.12.2"
}
}

7
salt/elasticsearch/templates/component/so/assistant-session-settings.json Normal file
View File

@@ -0,0 +1,7 @@
{
"template": {},
"version": 1,
"_meta": {
"description": "default settings for common Security Onion Assistant indices"
}
}

4
salt/nginx/etc/nginx.conf
View File

@@ -209,6 +209,10 @@ http {
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade"; proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_cache off;
proxy_request_buffering off;
} }
location ~ ^/auth/.*?(login|oidc/callback) { location ~ ^/auth/.*?(login|oidc/callback) {

11
salt/soc/defaults.yaml
View File

@@ -1491,6 +1491,8 @@ soc:
- repo: file:///nsm/airgap-resources/playbooks/securityonion-resources-playbooks - repo: file:///nsm/airgap-resources/playbooks/securityonion-resources-playbooks
branch: main branch: main
folder: securityonion-normalized folder: securityonion-normalized
assistant:
apiUrl: https://onionai.securityonion.net
salt: salt:
queueDir: /opt/sensoroni/queue queueDir: /opt/sensoroni/queue
timeoutMs: 45000 timeoutMs: 45000
@@ -2541,3 +2543,12 @@ soc:
- ' -priv' - ' -priv'
condition: all of selection_* condition: all of selection_*
level: 'high' # info | low | medium | high | critical level: 'high' # info | low | medium | high | critical
assistant:
enabled: false
investigationPrompt: Investigate Alert ID {socid}
contextLimitSmall: 200000
contextLimitLarge: 1000000
thresholdColorRatioLow: 0.5
thresholdColorRatioMed: 0.75
thresholdColorRatioMax: 1
lowBalanceColorAlert: 500000

35
salt/soc/soc_soc.yaml
View File

@@ -580,7 +580,42 @@ soc:
- field: folder - field: folder
label: Folder label: Folder
airgap: *pbRepos airgap: *pbRepos
assistant:
apiUrl:
description: The URL of the AI gateway.
advanced: True
global: True
client: client:
assistant:
enabled:
description: Set to true to enable the Onion AI assistant in SOC.
global: True
investigationPrompt:
description: Prompt given to Onion AI when beginning an investigation.
global: True
contextLimitSmall:
description: Smaller context limit for Onion AI.
global: True
advanced: True
contextLimitLarge:
description: Larger context limit for Onion AI.
global: True
advanced: True
thresholdColorRatioLow:
description: Lower visual context color change threshold.
global: True
advanced: True
thresholdColorRatioMed:
description: Middle visual context color change threshold.
global: True
advanced: True
thresholdColorRatioMax:
description: Max visual context color change threshold.
global: True
advanced: True
lowBalanceColorAlert:
description: Onion AI credit amount at which balance turns red.
advanced: True
apiTimeoutMs: apiTimeoutMs:
description: Duration (in milliseconds) to wait for a response from the SOC server API before giving up and showing an error on the SOC UI. description: Duration (in milliseconds) to wait for a response from the SOC server API before giving up and showing an error on the SOC UI.
global: True global: True