mark specific settings as allowed to include Jinja

2025-12-06 09:12:45 +01:00 · 2024-09-11 09:28:17 -04:00
parent cabba5e70d
commit 8b8737221d
1 changed files with 7 additions and 0 deletions
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -117,6 +117,7 @@ soc:
            syntax: yaml
            helpLink: notifications.html
            forcedType: string
+            jinjaEscaped: True
          additionalSev1Alerters:
            title: "Notifications: Sev 1/Informational Alerters"
            description: "Specify specific alerters to use when alerting at the info severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -132,6 +133,7 @@ soc:
            syntax: yaml
            helpLink: notifications.html
            forcedType: string
+            jinjaEscaped: True
          additionalSev2Alerters:
            title: "Notifications: Sev 2/Low Alerters"
            description: "Specify specific alerters to use when alerting at the low severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -147,6 +149,7 @@ soc:
            syntax: yaml
            helpLink: notifications.html
            forcedType: string
+            jinjaEscaped: True
          additionalSev3Alerters:
            title: "Notifications: Sev 3/Medium Alerters"
            description: "Specify specific alerters to use when alerting at the medium severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -162,6 +165,7 @@ soc:
            syntax: yaml
            helpLink: notifications.html
            forcedType: string
+            jinjaEscaped: True
          additionalSev4Alerters:
            title: "Notifications: Sev 4/High Alerters"
            description: "Specify specific alerters to use when alerting at the high severity level or critical severity level. These alerters will be used unless overridden by critical severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -177,6 +181,7 @@ soc:
            syntax: yaml
            helpLink: notifications.html
            forcedType: string
+            jinjaEscaped: True
          additionalSev5Alerters:
            title: "Notifications: Sev 5/Critical Alerters"
            description: "Specify specific alerters to use when alerting at the critical severity level. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -192,6 +197,7 @@ soc:
            syntax: yaml
            helpLink: notifications.html
            forcedType: string
+            jinjaEscaped: True
          additionalUserDefinedNotifications:
            customAlerters:
              description: "Specify custom notification alerters to use when the Sigma rule contains the following tag: so.alerters.customAlerters. This setting can be duplicated to create new custom alerter configurations. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -208,6 +214,7 @@ soc:
              helpLink: notifications.html
              duplicates: True
              forcedType: string
+              jinjaEscaped: True
          autoEnabledSigmaRules:
            default: &autoEnabledSigmaRules
              description: 'Sigma rules to automatically enable on initial import. Format is $Ruleset+$Level - for example, for the core community ruleset and critical level rules: core+critical. These will be applied based on role if defined and default if not.'