CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

actions

Browse Source
This commit is contained in:
Mike Reeves
2025-02-26 13:34:32 -05:00
parent ee1af39c55
commit 6fec217068
4 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/elastic-fleet-package-registry/soc_elastic-fleet-package-registry.yaml
View File

@@ -1,4 +1,5 @@
elastic_fleet_package_registry: elastic_fleet_package_registry:
enabled: enabled:
forcedType: bool
description: Enables or disables the Fleet package registry process. This process must remain enabled to allow Elastic Agent packages to be updated. description: Enables or disables the Fleet package registry process. This process must remain enabled to allow Elastic Agent packages to be updated.
advanced: True advanced: True

1
salt/elasticagent/soc_elasticagent.yaml
View File

@@ -1,4 +1,5 @@
elasticagent: elasticagent:
enabled: enabled:
forcedType: bool
description: Enables or disables the Elastic Agent process. This process must remain enabled to allow collection of node events. description: Enables or disables the Elastic Agent process. This process must remain enabled to allow collection of node events.
advanced: True advanced: True

1
salt/elasticfleet/soc_elasticfleet.yaml
View File

@@ -3,6 +3,7 @@ elasticfleet:
description: Enables or disables the Elastic Fleet process. This process is critical for managing Elastic Agents. description: Enables or disables the Elastic Fleet process. This process is critical for managing Elastic Agents.
advanced: True advanced: True
helpLink: elastic-fleet.html helpLink: elastic-fleet.html
forcedType: bool
enable_manager_output: enable_manager_output:
description: Setting this option to False should only be considered if there is at least one receiver node in the grid. If True, Elastic Agent will send events to the manager and receivers. If False, events will only be send to the receivers. description: Setting this option to False should only be considered if there is at least one receiver node in the grid. If True, Elastic Agent will send events to the manager and receivers. If False, events will only be send to the receivers.
advanced: True advanced: True

7
salt/soc/soc_soc.yaml
View File

@@ -63,6 +63,13 @@ soc:
description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records. The action must be defined in JSON object format, and contain a "name" key and "links" key. The links is a list of URLs, where the most suitable URL in the list will be the selected URL when the user clicks the action. description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records. The action must be defined in JSON object format, and contain a "name" key and "links" key. The links is a list of URLs, where the most suitable URL in the list will be the selected URL when the user clicks the action.
global: True global: True
forcedType: "[]{}" forcedType: "[]{}"
uiElements:
- field: description
label: Description
- field: icon
label: Icon
- field: links
label: Links
eventFields: eventFields:
default: &eventFields default: &eventFields
description: Event fields mappings are defined by the format ":event.module:event.dataset". For example, to customize which fields show for 'syslog' events originating from 'zeek', find the eventField item in the left panel that looks like ':zeek:syslog'. The 'default' entry is used for all events that do not match an existing mapping defined in the list to the left. description: Event fields mappings are defined by the format ":event.module:event.dataset". For example, to customize which fields show for 'syslog' events originating from 'zeek', find the eventField item in the left panel that looks like ':zeek:syslog'. The 'default' entry is used for all events that do not match an existing mapping defined in the list to the left.