CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add helpLinks to everything

Browse Source
This commit is contained in:
Mike Reeves
2022-09-20 15:43:34 -04:00
parent 097c05b114
commit 85339d7cb1
13 changed files with 150 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
salt/bpf/soc_bpf.yaml
View File

@@ -1,7 +1,10 @@
bpf:
pcap:
description: List of BPF filters to apply to PCAP.
helpLink: bpf.html
suricata:
description: List of BPF filters to apply to Suricata.
helpLink: bpf.html
zeek:
description: List of BPF filters to apply to Zeek.
helpLink: bpf.html

9
salt/elastalert/soc_elastalert.yaml
View File

@@ -3,32 +3,41 @@ elastalert:
disable_rules_on_error:
description: Disable rules on failure.
global: True
helpLink: elastalert.html
run_every:
minutes:
description: Amount of time in minutes between searches.
global: True
helpLink: elastalert.html
buffer_time:
minutes:
description: Amount of time in minutes to look through.
global: True
helpLink: elastalert.html
old_query_limit:
minutes:
description: Amount of time in minutes between queries to start at the most recently run query.
global: True
helpLink: elastalert.html
es_conn_timeout:
description: Timeout in seconds for connecting to and reading from Elasticsearch.
global: True
helpLink: elastalert.html
max_query_size:
description: The maximum number of documents that will be downloaded from Elasticsearch in a single query.
global: True
helpLink: elastalert.html
alert_time_limit:
days:
description: The retry window for failed alerts.
global: True
helpLink: elastalert.html
index_settings:
shards:
description: The amount of shards to use for elastalert.
global: True
helpLink: elastalert.html
replicas:
description: The amount of replicas for the Elastalert index.
global: True
helpLink: elastalert.html

15
salt/elasticsearch/soc_elasticsearch.yaml
View File

@@ -5,43 +5,54 @@ elasticsearch:
description: The name of the Security Onion Elasticsearch cluster, for identification purposes.
readonly: True
global: True
helpLink: elasticsearch.html
routing:
allocation:
disk:
threshold_enabled:
description: Specifies whether the Elasticsearch node will monitor the available disk space for low disk space conditions and take action to protect the cluster.
helpLink: elasticsearch.html
watermark:
low:
description: The lower percentage of used disk space representing a healthy node.
helpLink: elasticsearch.html
high:
description: The higher percentage of used disk space representing an unhealthy node.
helpLink: elasticsearch.html
flood_stage:
description: The max percentage of used disk space that will cause the node to take protective actions, such as blocking incoming events.
helpLink: elasticsearch.html
script:
max_compilations_rate:
description: Max rate of script compilations permitted in the Elasticsearch cluster. Larger values will consume more resources.
global: True
helpLink: elasticsearch.html
indices:
query:
bool:
max_clause_count:
description: Max number of boolean clauses per query.
global: True
helpLink: elasticsearch.html
index_settings:
so-aws: &indexSettings
warm:
description: Age (in days) of this index before it will move to warm storage, if warm nodes are present. Once moved, events on this index can take longer to fetch.
global: True
helpLink: elasticsearch.html
close:
description: Age (in days) of this index before it will be closed. Once closed, events on this index cannot be retrieved without first re-opening the index.
global: True
helpLink: elasticsearch.html
delete:
description: Age (in days) of this index before it will be deleted. Once deleted, events are permanently unrecoverable.
global: True
helpLink: elasticsearch.html
index_sorting:
description: Sorts the index by event time, at the cost of additional processing resource consumption.
global: True
helpLink: elasticsearch.html
index_template:
template:
settings:
@@ -51,15 +62,19 @@ elasticsearch:
limit:
description: Max number of fields that can exist on a single index. Larger values will consume more resources.
global: True
helpLink: elasticsearch.html
refresh_interval:
description: Seconds between index refreshes. Shorter intervals can cause query performance to suffer since this is a synchronous and resource-intensive operation.
global: True
helpLink: elasticsearch.html
number_of_shards:
description: Number of shards required for this index. Using multiple shards increases fault tolerance, but also increases storage and network costs.
global: True
helpLink: elasticsearch.html
number_of_replicas:
description: Number of replicas required for this index. Multiple replicas protects against data loss, while also increasing storage costs.
global: True
helpLink: elasticsearch.html
so-azure: *indexSettings
so-barracuda: *indexSettings
so-beats: *indexSettings

12
salt/firewall/soc_firewall.yaml
View File

@@ -5,54 +5,64 @@ firewall:
file: True
global: True
title: Analyst Workstation
helpLink: firewall.html#host-groups
analyst:
description: List of IP Addresses or CIDR blocks to allow analyst connections.
file: True
global: True
title: Analyst
helpLink: firewall.html#host-groups
standalone:
description: List of IP Addresses or CIDR blocks to allow standalone connections.
file: True
global: True
title: Standalone
advanced: True
helpLink: firewall.html#host-groups
eval:
description: List of IP Addresses or CIDR blocks to allow eval connections.
file: True
global: True
title: Eval
advanced: True
helpLink: firewall.html#host-groups
idh:
description: List of IP Addresses or CIDR blocks to allow idh connections.
file: True
global: True
title: IDHNode
helpLink: firewall.html#host-groups
manager:
description: List of IP Addresses or CIDR blocks to allow manager connections.
file: True
global: True
title: Manager
advanced: True
helpLink: firewall.html#host-groups
heavynodes:
description: List of IP Addresses or CIDR blocks to allow heavynode connections.
file: True
global: True
title: HeavyNode
helpLink: firewall.html#host-groups
searchnodes:
description: List of IP Addresses or CIDR blocks to allow searchnode connections.
file: True
global: True
title: SearchNode
helpLink: firewall.html#host-groups
sensors:
description: List of IP Addresses or CIDR blocks to allow Sensor connections.
file: True
global: True
title: Sensor
helpLink: firewall.html#host-groups
receivers:
description: List of IP Addresses or CIDR blocks to allow receiver connections.
file: True
global: True
title: Receiver
helpLink: firewall.html#host-groups
portgroups:
portgroups__yaml:
description: Port Groups
@@ -61,6 +71,7 @@ firewall:
advanced: True
title: Port Groups
syntax: yaml
helpLink: firewall.html#function
ports:
ports__yaml:
description: Ports in YAML.
@@ -69,3 +80,4 @@ firewall:
advanced: True
title: Ports
syntax: yaml
helpLink: firewall.html#port-groups

11
salt/grafana/soc_grafana.yaml
View File

@@ -4,35 +4,46 @@ grafana:
enabled:
description: Enable the sending of emails from Grafana.
global: True
helpLink: grafana.html
host:
description: Hostname of the SMTP server.
global: True
helpLink: grafana.html
user:
description: User used to authenticate SMTP.
global: True
helpLink: grafana.html
password:
description: Password used to authenticate SMTP.
global: True
sensitive: True
helpLink: grafana.html
cert_file:
description: Location of cert file for SMTP.
global: True
helpLink: grafana.html
key_file:
description: Location of key file for SMTP.
global: True
helpLink: grafana.html
skip_verify:
description: Verify SSL certificates.
global: True
helpLink: grafana.html
from_address:
description: The email address you would like in the from field.
global: True
helpLink: grafana.html
from_name:
description: The name displayed for the from email address.
global: True
helpLink: grafana.html
ehlo_identity:
description: Used with servers with SMTP service extensions.
global: True
helpLink: grafana.html
enterprise:
license_path:
description: Path to enterprise license key.
global: True
helpLink: grafana.html

9
salt/idstools/soc_idstools.yaml
View File

@@ -3,22 +3,28 @@ idstools:
oinkcode:
description: Enter your registration code for paid rulesets.
global: True
helpLink: managing-alerts.html
ruleset:
description: Define the ruleset you want to run. Options are ETOPEN or ETPRO.
global: True
helpLink: managing-alerts.html
urls:
description: This is a list of additional rule download locations.
global: True
helpLink: managing-alerts.html
sids:
disabled:
description: List of disables SIDS.
global: True
helpLink: managing-alerts.html
enabled:
description: List of SIDS that are disabled by the rule source that you want to enable.
global: True
helpLink: managing-alerts.html
modify:
description: List of SIDS that are modified.
global: True
helpLink: managing-alerts.html
rules:
local__rules:
description: This is where custom Suricata rules are entered.
@@ -26,15 +32,18 @@ idstools:
global: True
advanced: True
title: Local Rules
helpLink: managing-alerts.html
filters__rules:
description: You can set custom filters for Suricata when using it for meta data creation.
file: True
global: True
advanced: True
title: Filter Rules
helpLink: managing-alerts.html
extraction__rules:
description: This is a list of mime types for file extraction when Suricata is used for meta data creation.
file: True
global: True
advanced: True
title: Extraction Rules
helpLink: managing-alerts.html

10
salt/influxdb/soc_influxdb.yaml
View File

@@ -3,14 +3,24 @@ influxdb:
so_short_term:
duration:
description: Amount of time to keep short term data.
global: True
helpLink: grafana.html#data
shard_duration:
description: Time range
global: True
helpLink: grafana.html#data
so_long_term:
duration:
description: Amount of time to keep long term downsampled data.
global: True
helpLink: grafana.html#data
shard_duration:
description: Amount of the time range covered by the shard group.
global: True
helpLink: grafana.html#data
downsample:
so_long_term:
resolution:
description: Amount of time to turn into a single data point.
global: True
helpLink: grafana.html#data

2
salt/kibana/soc_kibana.yaml
View File

@@ -3,3 +3,5 @@ kibana:
elasticsearch:
requestTimeout:
description: Request timeout length.
global: True
helpLink: kibana.html

3
salt/nginx/soc_nginx.yaml
View File

@@ -5,15 +5,18 @@ nginx:
global: True
advanced: True
title: Replace Default Cert
helpLink: nginx.html
ssl__key:
description: Paste your .key file here
file: True
title: SSL Key File
advanced: True
global: True
helpLink: nginx.html
ssl__crt:
description: Paste your .crt file here
file: True
title: SSL Cert File
advanced: True
global: True
helpLink: nginx.html

1
salt/ntp/soc_ntp.yaml
View File

@@ -3,3 +3,4 @@ ntp:
servers:
description: NTP Server List
title: NTP Servers
helpLink: ntp.html

11
salt/pcap/soc_pcap.yaml
View File

@@ -1,24 +1,35 @@
pcap:
enabled:
description: Enable or Disable Stenographer on all sensors or a single sensor
helpLink: pcap.html
config:
maxdirectoryfiles:
description: The maximum number of packet/index files to create before deleting old files. The default is about 8 days regardless of free space.
helpLink: pcap.html
diskfreepercentage:
description: The disk space percent to always keep free for pcap
helpLink: pcap.html
blocks:
description: The number of 1MB packet blocks used by AF_PACKET to store packets in memory, per thread. You shouldn't need to change this.
advanced: True
helpLink: pcap.html
preallocate_file_mb:
description: File size to pre-allocate for individual pcap files. You shouldn't need to change this.
advanced: True
helpLink: pcap.html
aiops:
description: The max number of async writes to allow at once.
advanced: True
helpLink: pcap.html
pin_to_cpu:
description: Enable CPU pinning for PCAP.
advanced: True
helpLink: pcap.html
cpus_to_pin_to:
description: CPU to pin PCAP to. Currently only a single CPU is supported
advanced: True
helpLink: pcap.html
disks:
description: List of disks to use for PCAP. This is currently not used.
advanced: True
helpLink: pcap.html

4
salt/soc/soc_soc.yaml
View File

@@ -7,21 +7,25 @@ soc:
file: True
global: True
syntax: md
helpLink: soc.html
motd__md:
title: Overview Page
description: Customize the overview page with specific markdown-formatted content. Images can be used but must be hosted from another host that is accessible by the users' browser.
file: True
global: True
syntax: md
helpLink: soc.html
custom__js:
title: Custom Javascript
description: Customize SOC UI behavior with custom Javascript code. Custom Javascript not provided by Security Onion Solutions is unsupported, and should be removed prior to requesting support and prior to performing upgrades.
file: True
global: True
advanced: True
helpLink: soc.html
custom_roles:
title: Custom Roles
description: Customize role and permission mappings. Changes to this setting requires a complete understanding of the SOC RBAC system.
file: True
global: True
advanced: True
helpLink: soc.html

54
salt/suricata/soc_suricata.yaml
View File

@@ -5,125 +5,179 @@ suricata:
file: True
syntax: yaml
title: SIDS
helpLink: suricata.html
config:
vars:
address-groups:
HOME_NET:
description: List of hosts or netowrks.
helpLink: suricata.html
EXTERNAL_NET:
description: List of hosts or netowrks.
helpLink: suricata.html
HTTP_SERVERS:
description: List of hosts or netowrks.
helpLink: suricata.html
SMTP_SERVERS:
description: List of hosts or netowrks.
helpLink: suricata.html
SQL_SERVERS:
description: List of hosts or netowrks.
helpLink: suricata.html
DNS_SERVERS:
description: List of hosts or netowrks.
helpLink: suricata.html
TELNET_SERVERS:
description: List of hosts or netowrks.
helpLink: suricata.html
AIM_SERVERS:
description: List of hosts or netowrks.
helpLink: suricata.html
DC_SERVERS:
description: List of hosts or netowrks.
helpLink: suricata.html
DNP3_SERVER:
description: List of hosts or netowrks.
helpLink: suricata.html
DNP3_CLIENT:
description: List of hosts or netowrks.
helpLink: suricata.html
MODBUS_CLIENT:
description: List of hosts or netowrks.
helpLink: suricata.html
MODBUS_SERVER:
description: List of hosts or netowrks.
helpLink: suricata.html
ENIP_CLIENT:
description: List of hosts or netowrks.
helpLink: suricata.html
ENIP_SERVER:
description: List of hosts or netowrks.
helpLink: suricata.html
port-groups:
HTTP_PORTS:
description: List of HTTP ports to look for HTTP traffic on.
helpLink: suricata.html
SHELLCODE_PORTS:
description: List of SHELLCODE ports to look for SHELLCODE traffic on.
helpLink: suricata.html
ORACLE_PORTS:
description: List of ORACLE ports to look for ORACLE traffic on.
helpLink: suricata.html
SSH_PORTS:
description: List of SSH ports to look for SSH traffic on.
helpLink: suricata.html
DNP3_PORTS:
description: List of DNP3 ports to look for DNP3 traffic on.
helpLink: suricata.html
MODBUS_PORTS:
description: List of MODBUS ports to look for MODBUS traffic on.
helpLink: suricata.html
FILE_DATA_PORTS:
description: List of FILE_DATA ports to look for FILE_DATA traffic on.
helpLink: suricata.html
FTP_PORTS:
description: List of FTP ports to look for FTP traffic on.
helpLink: suricata.html
VXLAN_PORTS:
description: List of VXLAN ports to look for VXLAN traffic on.
helpLink: suricata.html
TEREDO_PORTS:
description: List of TEREDO ports to look for TEREDO traffic on.
helpLink: suricata.html
outputs:
eve-log:
xff:
enabled:
description: Enable X-Forward-For support.
helpLink: suricata.html
mode:
description: Operation mode. This should always be extra-data if you use PCAP.
helpLink: suricata.html
deployment:
description: forward would use the first IP address and reverse would use the last.
helpLink: suricata.html
header:
description: Header name where the actual IP address will be reported.
helpLink: suricata.html
asn1-max-frames:
description: Maximum nuber of asn1 frames to decode.
helpLink: suricata.html
max-pending-packets:
description: Number of packets preallocated per thread.
helpLink: suricata.html
default-packet-size:
description: Preallocated size for each packet.
helpLink: suricata.html
pcre:
match-limit:
description: Match limit for PCRE.
helpLink: suricata.html
match-limit-recursion:
description: Recursion limit for PCRE.
helpLink: suricata.html
defrag:
memcap:
description: Max memory to use for defrag. You should only change this if you know what you are doing.
helpLink: suricata.html
hash-size:
description: Hash size
helpLink: suricata.html
trackers:
description: Number of defragmented flows to follow.
helpLink: suricata.html
max-frags:
description: Max number of fragments to keep
helpLink: suricata.html
prealloc:
description: Preallocate memory.
helpLink: suricata.html
timeout:
description: Timeout value.
helpLink: suricata.html
flow:
memcap:
description: Reserverd memory for flows.
helpLink: suricata.html
hash-size:
description: Determines the size of the hash used to identify flows inside the engine.
helpLink: suricata.html
prealloc:
description: Number of preallocated flows.
helpLink: suricata.html
stream:
memcap:
description: Can be specified in kb,mb,gb.
helpLink: suricata.html
checksum-validation:
description: Validate checksum of packets.
helpLink: suricata.html
reassembly:
memcap:
description: Can be specified in kb,mb,gb.
helpLink: suricata.html
host:
hash-size:
description: Hash size in bytes.
helpLink: suricata.html
prealloc:
description: How many streams to preallocate.
helpLink: suricata.html
memcap:
description: Memory settings for host.
helpLink: suricata.html
decoder:
teredo:
enabled:
description: Enable TEREDO capabilities
helpLink: suricata.html
ports:
description: Ports to listen for. This should be a variable.
helpLink: suricata.html
vxlan:
enabled:
description: Enable VXLAN capabilities.
helpLink: suricata.html
ports:
description: Ports to listen for. This should be a variable.
helpLink: suricata.html