CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

mark specific settings as allowed to include Jinja

Browse Source
This commit is contained in:
Jason Ertel
2024-09-11 09:28:17 -04:00
parent cabba5e70d
commit 8b8737221d
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
salt/soc/soc_soc.yaml
View File

@@ -117,6 +117,7 @@ soc:
syntax: yaml syntax: yaml
helpLink: notifications.html helpLink: notifications.html
forcedType: string forcedType: string
jinjaEscaped: True
additionalSev1Alerters: additionalSev1Alerters:
title: "Notifications: Sev 1/Informational Alerters" title: "Notifications: Sev 1/Informational Alerters"
description: "Specify specific alerters to use when alerting at the info severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key." description: "Specify specific alerters to use when alerting at the info severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -132,6 +133,7 @@ soc:
syntax: yaml syntax: yaml
helpLink: notifications.html helpLink: notifications.html
forcedType: string forcedType: string
jinjaEscaped: True
additionalSev2Alerters: additionalSev2Alerters:
title: "Notifications: Sev 2/Low Alerters" title: "Notifications: Sev 2/Low Alerters"
description: "Specify specific alerters to use when alerting at the low severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key." description: "Specify specific alerters to use when alerting at the low severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -147,6 +149,7 @@ soc:
syntax: yaml syntax: yaml
helpLink: notifications.html helpLink: notifications.html
forcedType: string forcedType: string
jinjaEscaped: True
additionalSev3Alerters: additionalSev3Alerters:
title: "Notifications: Sev 3/Medium Alerters" title: "Notifications: Sev 3/Medium Alerters"
description: "Specify specific alerters to use when alerting at the medium severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key." description: "Specify specific alerters to use when alerting at the medium severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -162,6 +165,7 @@ soc:
syntax: yaml syntax: yaml
helpLink: notifications.html helpLink: notifications.html
forcedType: string forcedType: string
jinjaEscaped: True
additionalSev4Alerters: additionalSev4Alerters:
title: "Notifications: Sev 4/High Alerters" title: "Notifications: Sev 4/High Alerters"
description: "Specify specific alerters to use when alerting at the high severity level or critical severity level. These alerters will be used unless overridden by critical severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key." description: "Specify specific alerters to use when alerting at the high severity level or critical severity level. These alerters will be used unless overridden by critical severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -177,6 +181,7 @@ soc:
syntax: yaml syntax: yaml
helpLink: notifications.html helpLink: notifications.html
forcedType: string forcedType: string
jinjaEscaped: True
additionalSev5Alerters: additionalSev5Alerters:
title: "Notifications: Sev 5/Critical Alerters" title: "Notifications: Sev 5/Critical Alerters"
description: "Specify specific alerters to use when alerting at the critical severity level. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key." description: "Specify specific alerters to use when alerting at the critical severity level. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -192,6 +197,7 @@ soc:
syntax: yaml syntax: yaml
helpLink: notifications.html helpLink: notifications.html
forcedType: string forcedType: string
jinjaEscaped: True
additionalUserDefinedNotifications: additionalUserDefinedNotifications:
customAlerters: customAlerters:
description: "Specify custom notification alerters to use when the Sigma rule contains the following tag: so.alerters.customAlerters. This setting can be duplicated to create new custom alerter configurations. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key." description: "Specify custom notification alerters to use when the Sigma rule contains the following tag: so.alerters.customAlerters. This setting can be duplicated to create new custom alerter configurations. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -208,6 +214,7 @@ soc:
helpLink: notifications.html helpLink: notifications.html
duplicates: True duplicates: True
forcedType: string forcedType: string
jinjaEscaped: True
autoEnabledSigmaRules: autoEnabledSigmaRules:
default: &autoEnabledSigmaRules default: &autoEnabledSigmaRules
description: 'Sigma rules to automatically enable on initial import. Format is $Ruleset+$Level - for example, for the core community ruleset and critical level rules: core+critical. These will be applied based on role if defined and default if not.' description: 'Sigma rules to automatically enable on initial import. Format is $Ruleset+$Level - for example, for the core community ruleset and critical level rules: core+critical. These will be applied based on role if defined and default if not.'