From 48f1e24bf52650fbf8f015228e9bb4a6a93fdc2e Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 22 Aug 2024 09:04:43 -0400 Subject: [PATCH] notification updates --- salt/soc/soc_soc.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml index d82c32459..ff7f8efd0 100644 --- a/salt/soc/soc_soc.yaml +++ b/salt/soc/soc_soc.yaml @@ -104,7 +104,7 @@ soc: global: True additionalAlerters: title: "Notifications: Sev 0/Default Alerters" - description: "Specify default alerters to enable for outbound notifications. These alerters will be used unless overriden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key." + description: "Specify default alerters to enable for outbound notifications. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key." global: True helpLink: notifications.html forcedType: "[]string" @@ -119,7 +119,7 @@ soc: forcedType: string additionalSev1Alerters: title: "Notifications: Sev 1/Informational Alerters" - description: "Specify specific alerters to use when alerting at the info severity level or higher. These alerters will be used unless overriden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key." + description: "Specify specific alerters to use when alerting at the info severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key." global: True helpLink: notifications.html forcedType: "[]string" @@ -134,7 +134,7 @@ soc: forcedType: string additionalSev2Alerters: title: "Notifications: Sev 2/Low Alerters" - description: "Specify specific alerters to use when alerting at the low severity level or higher. These alerters will be used unless overriden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key." + description: "Specify specific alerters to use when alerting at the low severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key." global: True helpLink: notifications.html forcedType: "[]string" @@ -149,7 +149,7 @@ soc: forcedType: string additionalSev3Alerters: title: "Notifications: Sev 3/Medium Alerters" - description: "Specify specific alerters to use when alerting at the medium severity level or higher. These alerters will be used unless overriden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key." + description: "Specify specific alerters to use when alerting at the medium severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key." global: True helpLink: notifications.html forcedType: "[]string" @@ -164,7 +164,7 @@ soc: forcedType: string additionalSev4Alerters: title: "Notifications: Sev 4/High Alerters" - description: "Specify specific alerters to use when alerting at the high severity level or critical severity level. These alerters will be used unless overriden by critical severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key." + description: "Specify specific alerters to use when alerting at the high severity level or critical severity level. These alerters will be used unless overridden by critical severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key." global: True helpLink: notifications.html forcedType: "[]string"