CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-19 07:23:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't require advanced options for required values

Browse Source
This commit is contained in:
Wes
2023-12-19 15:14:33 +00:00
parent 614589153b
commit 4a23832267
1 changed files with 303 additions and 303 deletions
Download Patch File Download Diff File Expand all files Collapse all files

606
salt/sensoroni/soc_sensoroni.yaml
View File

@@ -1,303 +1,303 @@
sensoroni:
enabled:
description: Enable or disable Sensoroni.
advanced: True
helpLink: grid.html
config:
analyze:
enabled:
description: Enable or disable the analyzer.
advanced: True
helpLink: cases.html
timeout_ms:
description: Timeout period for the analyzer.
advanced: True
helpLink: cases.html
parallel_limit:
description: Parallel limit for the analyzer.
advanced: True
helpLink: cases.html
node_checkin_interval_ms:
description: Interval in ms to checkin to the soc_host.
advanced: True
helpLink: grid.html
node_description:
description: Description of the specific node.
helpLink: grid.html
node: True
forcedType: string
sensoronikey:
description: Shared key for sensoroni authentication.
helpLink: grid.html
global: True
sensitive: True
advanced: True
soc_host:
description: Host for sensoroni agents to connect to.
helpLink: grid.html
global: True
advanced: True
analyzers:
echotrail:
api_key:
description: API key for the Echotrail analyzer.
helpLink: sensoroni.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the Echotrail analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: string
elasticsearch:
api_key:
description: API key for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Connection URL for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: string
auth_user:
description: Username for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: string
auth_pwd:
description: User password for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: True
advanced: True
forcedType: string
num_results:
description: Number of documents to return for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: string
index:
description: Search index for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: string
time_delta_minutes:
description: Time (in minutes) to search back for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: int
timestamp_field_name:
description: Specified name for a documents' timestamp field for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: string
map:
description: Map between observable types and search field for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: string
cert_path:
description: Path to a TLS certificate for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: string
emailrep:
api_key:
description: API key for the EmailRep analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the EmailRep analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
greynoise:
api_key:
description: API key for the GreyNoise analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
api_version:
description: API version for the GreyNoise analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
base_url:
description: Base URL for the GreyNoise analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
localfile:
file_path:
description: File path for the LocalFile analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: "[]string"
otx:
api_key:
description: API key for the OTX analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the OTX analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
pulsedive:
api_key:
description: API key for the Pulsedive analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the Pulsedive analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
spamhaus:
lookup_host:
description: Host to use for lookups.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
nameservers:
description: Nameservers used for queries.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedTypes: "[]string"
sublime_platform:
api_key:
description: API key for the Sublime Platform analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the Sublime Platform analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
live_flow:
description: Determines if live flow analysis is used.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: bool
mailbox_email_address:
description: Source mailbox address used for live flow analysis.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
message_source_id:
description: ID of the message source used for live flow analysis.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
urlscan:
api_key:
description: API key for the Urlscan analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the Urlscan analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
enabled:
description: Analyzer enabled
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: bool
timeout:
description: Timeout for the Urlscan analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: int
visibility:
description: Type of visibility.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
virustotal:
api_key:
description: API key for the VirusTotal analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the VirusTotal analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
sensoroni:
enabled:
description: Enable or disable Sensoroni.
advanced: True
helpLink: grid.html
config:
analyze:
enabled:
description: Enable or disable the analyzer.
advanced: True
helpLink: cases.html
timeout_ms:
description: Timeout period for the analyzer.
advanced: True
helpLink: cases.html
parallel_limit:
description: Parallel limit for the analyzer.
advanced: True
helpLink: cases.html
node_checkin_interval_ms:
description: Interval in ms to checkin to the soc_host.
advanced: True
helpLink: grid.html
node_description:
description: Description of the specific node.
helpLink: grid.html
node: True
forcedType: string
sensoronikey:
description: Shared key for sensoroni authentication.
helpLink: grid.html
global: True
sensitive: True
advanced: True
soc_host:
description: Host for sensoroni agents to connect to.
helpLink: grid.html
global: True
advanced: True
analyzers:
echotrail:
api_key:
description: API key for the Echotrail analyzer.
helpLink: sensoroni.html
global: False
sensitive: True
advanced: False
forcedType: string
base_url:
description: Base URL for the Echotrail analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
elasticsearch:
api_key:
description: API key for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Connection URL for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
auth_user:
description: Username for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
auth_pwd:
description: User password for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: True
advanced: False
forcedType: string
num_results:
description: Number of documents to return for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: string
index:
description: Search index for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
time_delta_minutes:
description: Time (in minutes) to search back for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: int
timestamp_field_name:
description: Specified name for a documents' timestamp field for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: string
map:
description: Map between observable types and search field for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
cert_path:
description: Path to a TLS certificate for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
emailrep:
api_key:
description: API key for the EmailRep analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the EmailRep analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
greynoise:
api_key:
description: API key for the GreyNoise analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
api_version:
description: API version for the GreyNoise analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
base_url:
description: Base URL for the GreyNoise analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
localfile:
file_path:
description: File path for the LocalFile analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: "[]string"
otx:
api_key:
description: API key for the OTX analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the OTX analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
pulsedive:
api_key:
description: API key for the Pulsedive analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the Pulsedive analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
spamhaus:
lookup_host:
description: Host to use for lookups.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
nameservers:
description: Nameservers used for queries.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedTypes: "[]string"
sublime_platform:
api_key:
description: API key for the Sublime Platform analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the Sublime Platform analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
live_flow:
description: Determines if live flow analysis is used.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: bool
mailbox_email_address:
description: Source mailbox address used for live flow analysis.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
message_source_id:
description: ID of the message source used for live flow analysis.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
urlscan:
api_key:
description: API key for the Urlscan analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the Urlscan analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
enabled:
description: Analyzer enabled
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: bool
timeout:
description: Timeout for the Urlscan analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: int
visibility:
description: Type of visibility.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
virustotal:
api_key:
description: API key for the VirusTotal analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the VirusTotal analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string