Add helpLinks to everything

salt/bpf/soc_bpf.yaml

@@ -1,7 +1,10 @@
 bpf:
   pcap:
     description: List of BPF filters to apply to PCAP.
+    helpLink: bpf.html
   suricata:
     description: List of BPF filters to apply to Suricata.
+    helpLink: bpf.html
   zeek:
     description: List of BPF filters to apply to Zeek.
+    helpLink: bpf.html

salt/elastalert/soc_elastalert.yaml

@@ -3,32 +3,41 @@ elastalert:
     disable_rules_on_error:
       description: Disable rules on failure.
       global: True
+      helpLink: elastalert.html
     run_every:
       minutes:
         description: Amount of time in minutes between searches.
         global: True
+        helpLink: elastalert.html
     buffer_time:
       minutes:
         description: Amount of time in minutes to look through.
         global: True
+        helpLink: elastalert.html
     old_query_limit:
       minutes:
         description: Amount of time in minutes between queries to start at the most recently run query.
         global: True
+        helpLink: elastalert.html
     es_conn_timeout:
       description: Timeout in seconds for connecting to and reading from Elasticsearch.
       global: True
+      helpLink: elastalert.html
     max_query_size:
       description: The maximum number of documents that will be downloaded from Elasticsearch in a single query.
       global: True
+      helpLink: elastalert.html
     alert_time_limit:
       days:
         description: The retry window for failed alerts.
         global: True
+        helpLink: elastalert.html
     index_settings:
       shards:
         description: The amount of shards to use for elastalert.
         global: True
+        helpLink: elastalert.html
       replicas:
         description: The amount of replicas for the Elastalert index.
         global: True
+        helpLink: elastalert.html

salt/elasticsearch/soc_elasticsearch.yaml

@@ -5,43 +5,54 @@ elasticsearch:
         description: The name of the Security Onion Elasticsearch cluster, for identification purposes.
         readonly: True
         global: True
+        helpLink: elasticsearch.html
       routing:
         allocation:
           disk:
             threshold_enabled: 
               description: Specifies whether the Elasticsearch node will monitor the available disk space for low disk space conditions and take action to protect the cluster.
+              helpLink: elasticsearch.html
             watermark:
               low: 
                 description: The lower percentage of used disk space representing a healthy node.
+                helpLink: elasticsearch.html
               high: 
                 description: The higher percentage of used disk space representing an unhealthy node.
+                helpLink: elasticsearch.html
               flood_stage: 
                 description: The max percentage of used disk space that will cause the node to take protective actions, such as blocking incoming events.
+                helpLink: elasticsearch.html
 
     script:
       max_compilations_rate: 
         description: Max rate of script compilations permitted in the Elasticsearch cluster. Larger values will consume more resources.
         global: True
+        helpLink: elasticsearch.html
     indices:
       query:
         bool:
           max_clause_count: 
             description: Max number of boolean clauses per query.
             global: True
+            helpLink: elasticsearch.html
   index_settings: 
     so-aws: &indexSettings
       warm: 
         description: Age (in days) of this index before it will move to warm storage, if warm nodes are present. Once moved, events on this index can take longer to fetch.
         global: True
+        helpLink: elasticsearch.html
       close: 
         description: Age (in days) of this index before it will be closed. Once closed, events on this index cannot be retrieved without first re-opening the index.
         global: True
+        helpLink: elasticsearch.html
       delete: 
         description: Age (in days) of this index before it will be deleted. Once deleted, events are permanently unrecoverable.
         global: True
+        helpLink: elasticsearch.html
       index_sorting: 
         description: Sorts the index by event time, at the cost of additional processing resource consumption.
         global: True
+        helpLink: elasticsearch.html
       index_template:
         template:
           settings:
@@ -51,15 +62,19 @@ elasticsearch:
                   limit:
                     description: Max number of fields that can exist on a single index. Larger values will consume more resources.
                     global: True
+                    helpLink: elasticsearch.html
               refresh_interval: 
                   description: Seconds between index refreshes. Shorter intervals can cause query performance to suffer since this is a synchronous and resource-intensive operation.
                   global: True
+                  helpLink: elasticsearch.html
               number_of_shards: 
                   description: Number of shards required for this index. Using multiple shards increases fault tolerance, but also increases storage and network costs.
                   global: True
+                  helpLink: elasticsearch.html
               number_of_replicas: 
                   description: Number of replicas required for this index. Multiple replicas protects against data loss, while also increasing storage costs.
                   global: True
+                  helpLink: elasticsearch.html
     so-azure: *indexSettings
     so-barracuda: *indexSettings
     so-beats: *indexSettings

salt/firewall/soc_firewall.yaml

@@ -5,54 +5,64 @@ firewall:
       file: True
       global: True
       title: Analyst Workstation
+      helpLink: firewall.html#host-groups
     analyst: 
       description: List of IP Addresses or CIDR blocks to allow analyst connections.
       file: True
       global: True
       title: Analyst
+      helpLink: firewall.html#host-groups
     standalone: 
       description: List of IP Addresses or CIDR blocks to allow standalone connections.
       file: True
       global: True
       title: Standalone
       advanced: True
+      helpLink: firewall.html#host-groups
     eval: 
       description: List of IP Addresses or CIDR blocks to allow eval connections.
       file: True
       global: True
       title: Eval
       advanced: True
+      helpLink: firewall.html#host-groups
     idh: 
       description: List of IP Addresses or CIDR blocks to allow idh connections.
       file: True
       global: True
       title: IDHNode
+      helpLink: firewall.html#host-groups
     manager: 
       description: List of IP Addresses or CIDR blocks to allow manager connections.
       file: True
       global: True
       title: Manager
       advanced: True
+      helpLink: firewall.html#host-groups
     heavynodes: 
       description: List of IP Addresses or CIDR blocks to allow heavynode connections.
       file: True
       global: True
       title: HeavyNode
+      helpLink: firewall.html#host-groups
     searchnodes: 
       description: List of IP Addresses or CIDR blocks to allow searchnode connections.
       file: True
       global: True
       title: SearchNode
+      helpLink: firewall.html#host-groups
     sensors:
       description: List of IP Addresses or CIDR blocks to allow Sensor connections.
       file: True
       global: True
       title: Sensor
+      helpLink: firewall.html#host-groups
     receivers: 
       description: List of IP Addresses or CIDR blocks to allow receiver connections.
       file: True
       global: True
       title: Receiver
+      helpLink: firewall.html#host-groups
   portgroups:
     portgroups__yaml:
       description: Port Groups
@@ -61,6 +71,7 @@ firewall:
       advanced: True
       title: Port Groups
       syntax: yaml
+      helpLink: firewall.html#function
   ports:
     ports__yaml:
       description: Ports in YAML.
@@ -68,4 +79,5 @@ firewall:
       global: True
       advanced: True
       title: Ports
-      syntax: yaml
+      syntax: yaml
+      helpLink: firewall.html#port-groups

salt/grafana/soc_grafana.yaml

@@ -4,35 +4,46 @@ grafana:
       enabled:
         description: Enable the sending of emails from Grafana.
         global: True
+        helpLink: grafana.html
       host: 
         description: Hostname of the SMTP server.
         global: True
+        helpLink: grafana.html
       user: 
         description: User used to authenticate SMTP.
         global: True
+        helpLink: grafana.html
       password: 
         description: Password used to authenticate SMTP.
         global: True
         sensitive: True
+        helpLink: grafana.html
       cert_file: 
         description: Location of cert file for SMTP.
         global: True
+        helpLink: grafana.html
       key_file: 
         description: Location of key file for SMTP.
         global: True
+        helpLink: grafana.html
       skip_verify: 
         description: Verify SSL certificates.
         global: True
+        helpLink: grafana.html
       from_address: 
         description: The email address you would like in the from field.
         global: True
+        helpLink: grafana.html
       from_name: 
         description: The name displayed for the from email address.
         global: True
+        helpLink: grafana.html
       ehlo_identity: 
         description: Used with servers with SMTP service extensions.
         global: True
+        helpLink: grafana.html
     enterprise:
       license_path: 
         description: Path to enterprise license key.
         global: True
+        helpLink: grafana.html

salt/idstools/soc_idstools.yaml

@@ -3,22 +3,28 @@ idstools:
     oinkcode:
       description: Enter your registration code for paid rulesets.
       global: True
+      helpLink: managing-alerts.html
     ruleset:
       description: Define the ruleset you want to run. Options are ETOPEN or ETPRO.
       global: True
+      helpLink: managing-alerts.html
     urls:
       description: This is a list of additional rule download locations.
       global: True
+      helpLink: managing-alerts.html
   sids:
     disabled:
       description: List of disables SIDS.
       global: True
+      helpLink: managing-alerts.html
     enabled:
       description: List of SIDS that are disabled by the rule source that you want to enable.
       global: True
+      helpLink: managing-alerts.html
     modify:
       description: List of SIDS that are modified.
       global: True
+      helpLink: managing-alerts.html
   rules:
     local__rules:
       description: This is where custom Suricata rules are entered.
@@ -26,15 +32,18 @@ idstools:
       global: True
       advanced: True
       title: Local Rules
+      helpLink: managing-alerts.html
     filters__rules:
       description: You can set custom filters for Suricata when using it for meta data creation.
       file: True
       global: True
       advanced: True
       title: Filter Rules
+      helpLink: managing-alerts.html
     extraction__rules:
       description: This is a list of mime types for file extraction when Suricata is used for meta data creation.
       file: True
       global: True
       advanced: True
-      title: Extraction Rules
+      title: Extraction Rules
+      helpLink: managing-alerts.html

salt/influxdb/soc_influxdb.yaml

@@ -3,14 +3,24 @@ influxdb:
     so_short_term:
       duration:
         description: Amount of time to keep short term data.
+        global: True
+        helpLink: grafana.html#data
       shard_duration:
         description: Time range 
+        global: True
+        helpLink: grafana.html#data
     so_long_term:
       duration:
         description: Amount of time to keep long term downsampled data.
+        global: True
+        helpLink: grafana.html#data
       shard_duration:
         description: Amount of the time range covered by the shard group.
+        global: True
+        helpLink: grafana.html#data
   downsample:
     so_long_term:
       resolution:
-        description: Amount of time to turn into a single data point. 
+        description: Amount of time to turn into a single data point.
+        global: True
+        helpLink: grafana.html#data 

salt/kibana/soc_kibana.yaml

@@ -3,3 +3,5 @@ kibana:
     elasticsearch:
       requestTimeout:
         description: Request timeout length.
+        global: True
+        helpLink: kibana.html

salt/nginx/soc_nginx.yaml

@@ -5,15 +5,18 @@ nginx:
       global: True
       advanced: True
       title: Replace Default Cert
+      helpLink: nginx.html
     ssl__key:
       description: Paste your .key file here
       file: True
       title: SSL Key File
       advanced: True
       global: True
+      helpLink: nginx.html
     ssl__crt:
       description: Paste your .crt file here
       file: True
       title: SSL Cert File
       advanced: True
-      global: True
+      global: True
+      helpLink: nginx.html

salt/ntp/soc_ntp.yaml

@@ -3,3 +3,4 @@ ntp:
     servers:
       description: NTP Server List
       title: NTP Servers
+      helpLink: ntp.html

salt/pcap/soc_pcap.yaml

@@ -1,24 +1,35 @@
 pcap:
   enabled: 
     description: Enable or Disable Stenographer on all sensors or a single sensor
+    helpLink: pcap.html
   config:
     maxdirectoryfiles:
       description: The maximum number of packet/index files to create before deleting old files. The default is about 8 days regardless of free space. 
+      helpLink: pcap.html
     diskfreepercentage:
       description: The disk space percent to always keep free for pcap
+      helpLink: pcap.html
     blocks:
       description: The number of 1MB packet blocks used by AF_PACKET to store packets in memory, per thread. You shouldn't need to change this. 
       advanced: True
+      helpLink: pcap.html
     preallocate_file_mb:
       description: File size to pre-allocate for individual pcap files. You shouldn't need to change this. 
       advanced: True
+      helpLink: pcap.html
     aiops:
       description: The max number of async writes to allow at once.
       advanced: True
+      helpLink: pcap.html
     pin_to_cpu:
       description: Enable CPU pinning for PCAP.
+      advanced: True
+      helpLink: pcap.html
     cpus_to_pin_to:
       description: CPU to pin PCAP to. Currently only a single CPU is supported
+      advanced: True
+      helpLink: pcap.html
     disks:
       description: List of disks to use for PCAP. This is currently not used.
       advanced: True
+      helpLink: pcap.html

salt/soc/soc_soc.yaml

@@ -7,21 +7,25 @@ soc:
         file: True
         global: True
         syntax: md
+        helpLink: soc.html
       motd__md:
         title: Overview Page
         description: Customize the overview page with specific markdown-formatted content. Images can be used but must be hosted from another host that is accessible by the users' browser.
         file: True
         global: True
         syntax: md
+        helpLink: soc.html
       custom__js:
         title: Custom Javascript
         description: Customize SOC UI behavior with custom Javascript code. Custom Javascript not provided by Security Onion Solutions is unsupported, and should be removed prior to requesting support and prior to performing upgrades.
         file: True
         global: True
         advanced: True
+        helpLink: soc.html
       custom_roles:
         title: Custom Roles
         description: Customize role and permission mappings. Changes to this setting requires a complete understanding of the SOC RBAC system.
         file: True
         global: True
-        advanced: True
+        advanced: True
+        helpLink: soc.html

salt/suricata/soc_suricata.yaml

@@ -5,125 +5,179 @@ suricata:
       file: True
       syntax: yaml
       title: SIDS
+      helpLink: suricata.html
   config:
     vars:
       address-groups:
         HOME_NET:
           description: List of hosts or netowrks.
+          helpLink: suricata.html
         EXTERNAL_NET: 
           description: List of hosts or netowrks.
+          helpLink: suricata.html
         HTTP_SERVERS: 
           description: List of hosts or netowrks.
+          helpLink: suricata.html
         SMTP_SERVERS: 
           description: List of hosts or netowrks.
+          helpLink: suricata.html
         SQL_SERVERS: 
           description: List of hosts or netowrks.
+          helpLink: suricata.html
         DNS_SERVERS: 
           description: List of hosts or netowrks.
+          helpLink: suricata.html
         TELNET_SERVERS:
           description: List of hosts or netowrks.
+          helpLink: suricata.html
         AIM_SERVERS: 
           description: List of hosts or netowrks.
+          helpLink: suricata.html
         DC_SERVERS:
           description: List of hosts or netowrks.
+          helpLink: suricata.html
         DNP3_SERVER:
           description: List of hosts or netowrks.
+          helpLink: suricata.html
         DNP3_CLIENT: 
           description: List of hosts or netowrks.
+          helpLink: suricata.html
         MODBUS_CLIENT: 
           description: List of hosts or netowrks.
+          helpLink: suricata.html
         MODBUS_SERVER:
           description: List of hosts or netowrks.
+          helpLink: suricata.html
         ENIP_CLIENT:
           description: List of hosts or netowrks.
+          helpLink: suricata.html
         ENIP_SERVER:
           description: List of hosts or netowrks. 
+          helpLink: suricata.html
       port-groups:
         HTTP_PORTS:
           description: List of HTTP ports to look for HTTP traffic on.
+          helpLink: suricata.html
         SHELLCODE_PORTS:
           description: List of SHELLCODE ports to look for SHELLCODE traffic on.
+          helpLink: suricata.html
         ORACLE_PORTS: 
           description: List of ORACLE ports to look for ORACLE traffic on.
+          helpLink: suricata.html
         SSH_PORTS:
           description: List of SSH ports to look for SSH traffic on.
+          helpLink: suricata.html
         DNP3_PORTS:
           description: List of DNP3 ports to look for DNP3 traffic on.
+          helpLink: suricata.html
         MODBUS_PORTS:
           description: List of MODBUS ports to look for MODBUS traffic on.
+          helpLink: suricata.html
         FILE_DATA_PORTS: 
           description: List of FILE_DATA ports to look for FILE_DATA traffic on.
+          helpLink: suricata.html
         FTP_PORTS:
           description: List of FTP ports to look for FTP traffic on.
+          helpLink: suricata.html
         VXLAN_PORTS:
           description: List of VXLAN ports to look for VXLAN traffic on.
+          helpLink: suricata.html
         TEREDO_PORTS:
           description: List of TEREDO ports to look for TEREDO traffic on.
+          helpLink: suricata.html
     outputs:
       eve-log:
         xff:
           enabled:
             description: Enable X-Forward-For support. 
+            helpLink: suricata.html
           mode: 
             description: Operation mode. This should always be extra-data if you use PCAP.
+            helpLink: suricata.html
           deployment: 
             description: forward would use the first IP address and reverse would use the last.
+            helpLink: suricata.html
           header: 
             description: Header name where the actual IP address will be reported.
+            helpLink: suricata.html
     asn1-max-frames:
       description: Maximum nuber of asn1 frames to decode.
+      helpLink: suricata.html
     max-pending-packets:
       description: Number of packets preallocated per thread.
+      helpLink: suricata.html
     default-packet-size:
       description: Preallocated size for each packet.
+      helpLink: suricata.html
     pcre:
       match-limit:
         description: Match limit for PCRE.
+        helpLink: suricata.html
       match-limit-recursion:
         description: Recursion limit for PCRE.
+        helpLink: suricata.html
     defrag:
       memcap: 
         description: Max memory to use for defrag. You should only change this if you know what you are doing.
+        helpLink: suricata.html
       hash-size: 
         description: Hash size
+        helpLink: suricata.html
       trackers: 
         description: Number of defragmented flows to follow.
+        helpLink: suricata.html
       max-frags: 
         description: Max number of fragments to keep
+        helpLink: suricata.html
       prealloc: 
         description: Preallocate memory.
+        helpLink: suricata.html
       timeout:    
         description: Timeout value.
+        helpLink: suricata.html
     flow:
       memcap: 
         description: Reserverd memory for flows.
+        helpLink: suricata.html
       hash-size: 
         description: Determines the size of the hash used to identify flows inside the engine.
+        helpLink: suricata.html
       prealloc: 
         description: Number of preallocated flows.
+        helpLink: suricata.html
     stream:
       memcap: 
         description: Can be specified in kb,mb,gb.
+        helpLink: suricata.html
       checksum-validation:
         description: Validate checksum of packets.
+        helpLink: suricata.html
       reassembly:
         memcap:
           description: Can be specified in kb,mb,gb.
+          helpLink: suricata.html
     host:
       hash-size:
         description: Hash size in bytes.
+        helpLink: suricata.html
       prealloc:
         description: How many streams to preallocate.
+        helpLink: suricata.html
       memcap:
         description: Memory settings for host.
+        helpLink: suricata.html
     decoder:
       teredo:
         enabled:
           description: Enable TEREDO capabilities
+          helpLink: suricata.html
         ports:
           description: Ports to listen for. This should be a variable.
+          helpLink: suricata.html
       vxlan:
         enabled:
           description: Enable VXLAN capabilities.
+          helpLink: suricata.html
         ports: 
-          description: Ports to listen for. This should be a variable.    
+          description: Ports to listen for. This should be a variable.    
+          helpLink: suricata.html