CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

update helpLink references for new documentation

Browse Source
This commit is contained in:
Doug Burks
2026-03-18 09:46:45 -04:00
parent 346dc446de
commit 930985b770
28 changed files with 722 additions and 722 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/soc/soc_soc.yaml
+37 -37
View File
@@ -6,7 +6,7 @@ soc:
title: SOC Telemetry
description: When this setting is enabled and the grid is not in airgap mode, SOC will provide feature usage data to the Security Onion development team via Google Analytics. This data helps Security Onion developers determine which product features are being used and can also provide insight into improving the user interface. When changing this setting, wait for the grid to fully synchronize and then perform a hard browser refresh on SOC, to force the browser cache to update and reflect the new setting.
global: True
helpLink: telemetry.html
helpLink: telemetry
files:
soc:
banner__md:
@@ -15,28 +15,28 @@ soc:
file: True
global: True
syntax: md
helpLink: soc-customization.html
helpLink: security-onion-console-customization
motd__md:
title: Overview Page
description: Customize the overview page with specific markdown-formatted content. Images can be used but must be hosted from another host that is accessible by the user's browser.
file: True
global: True
syntax: md
helpLink: soc-customization.html
helpLink: security-onion-console-customization
custom__js:
title: Custom Javascript
description: Customize SOC UI behavior with custom Javascript code. Custom Javascript not provided by Security Onion Solutions is unsupported, and should be removed prior to requesting support and prior to performing upgrades.
file: True
global: True
advanced: True
helpLink: soc-customization.html
helpLink: security-onion-console-customization
custom_roles:
title: Custom Roles
description: Customize role and permission mappings. Changing this setting requires a complete understanding of the SOC RBAC system.
file: True
global: True
advanced: True
helpLink: soc-customization.html
helpLink: security-onion-console-customization
sigma_final_pipeline__yaml:
title: Final Sigma Pipeline
description: Final Processing Pipeline for Sigma Rules.
@@ -44,7 +44,7 @@ soc:
file: True
global: True
advanced: True
helpLink: soc-customization.html
helpLink: security-onion-console-customization
config:
licenseKey:
title: License Key
@@ -183,7 +183,7 @@ soc:
enableReverseLookup:
description: "Set to true to enable reverse DNS lookups for IP addresses in the SOC UI. To add your own local lookups, create a CSV file at /nsm/custom-mappings/ip-descriptions.csv on your Manager and populate the file with IP addresses and descriptions as follows: IP, Description. Elasticsearch will then ingest the CSV during the next high state."
global: True
helpLink: soc-customization.html#reverse-dns
helpLink: security-onion-console-customization#reverse-dns
modules:
elastalertengine:
aiRepoUrl:
@@ -205,7 +205,7 @@ soc:
title: "Notifications: Sev 0/Default Alerters"
description: "Specify default alerters to enable for outbound notifications. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
global: True
helpLink: notifications.html
helpLink: notifications
forcedType: "[]string"
multiline: True
additionalSev0AlertersParams:
@@ -214,14 +214,14 @@ soc:
global: True
multiline: True
syntax: yaml
helpLink: notifications.html
helpLink: notifications
forcedType: string
jinjaEscaped: True
additionalSev1Alerters:
title: "Notifications: Sev 1/Informational Alerters"
description: "Specify specific alerters to use when alerting at the info severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
global: True
helpLink: notifications.html
helpLink: notifications
forcedType: "[]string"
multiline: True
additionalSev1AlertersParams:
@@ -230,14 +230,14 @@ soc:
global: True
multiline: True
syntax: yaml
helpLink: notifications.html
helpLink: notifications
forcedType: string
jinjaEscaped: True
additionalSev2Alerters:
title: "Notifications: Sev 2/Low Alerters"
description: "Specify specific alerters to use when alerting at the low severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
global: True
helpLink: notifications.html
helpLink: notifications
forcedType: "[]string"
multiline: True
additionalSev2AlertersParams:
@@ -246,14 +246,14 @@ soc:
global: True
multiline: True
syntax: yaml
helpLink: notifications.html
helpLink: notifications
forcedType: string
jinjaEscaped: True
additionalSev3Alerters:
title: "Notifications: Sev 3/Medium Alerters"
description: "Specify specific alerters to use when alerting at the medium severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
global: True
helpLink: notifications.html
helpLink: notifications
forcedType: "[]string"
multiline: True
additionalSev3AlertersParams:
@@ -262,14 +262,14 @@ soc:
global: True
multiline: True
syntax: yaml
helpLink: notifications.html
helpLink: notifications
forcedType: string
jinjaEscaped: True
additionalSev4Alerters:
title: "Notifications: Sev 4/High Alerters"
description: "Specify specific alerters to use when alerting at the high severity level or critical severity level. These alerters will be used unless overridden by critical severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
global: True
helpLink: notifications.html
helpLink: notifications
forcedType: "[]string"
multiline: True
additionalSev4AlertersParams:
@@ -278,14 +278,14 @@ soc:
global: True
multiline: True
syntax: yaml
helpLink: notifications.html
helpLink: notifications
forcedType: string
jinjaEscaped: True
additionalSev5Alerters:
title: "Notifications: Sev 5/Critical Alerters"
description: "Specify specific alerters to use when alerting at the critical severity level. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
global: True
helpLink: notifications.html
helpLink: notifications
forcedType: "[]string"
multiline: True
additionalSev5AlertersParams:
@@ -294,14 +294,14 @@ soc:
global: True
multiline: True
syntax: yaml
helpLink: notifications.html
helpLink: notifications
forcedType: string
jinjaEscaped: True
additionalUserDefinedNotifications:
customAlerters:
description: "Specify custom notification alerters to use when the Sigma rule contains the following tag: so.alerters.customAlerters. This setting can be duplicated to create new custom alerter configurations. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
global: True
helpLink: notifications.html
helpLink: notifications
forcedType: "[]string"
duplicates: True
multiline: True
@@ -310,7 +310,7 @@ soc:
global: True
multiline: True
syntax: yaml
helpLink: notifications.html
helpLink: notifications
duplicates: True
forcedType: string
jinjaEscaped: True
@@ -318,7 +318,7 @@ soc:
default: &enabledSigmaRules
description: 'Sigma rules to automatically enable on initial import. The format is a YAML list, with the ability to filter for ruleset, level, product, category and service. Refer to the documentation for further details. These will be applied based on role if defined and default if not.'
global: True
helpLink: sigma.html
helpLink: sigma
multiline: True
syntax: yaml
forcedType: string
@@ -330,7 +330,7 @@ soc:
description: 'DEPRECATED: Will be removed in a future release - use enabledSigmaRules instead.'
global: True
advanced: True
helpLink: sigma.html
helpLink: sigma
so-eval: *autoEnabledSigmaRules
so-import: *autoEnabledSigmaRules
autoUpdateEnabled:
@@ -341,7 +341,7 @@ soc:
description: 'How often to check for new Sigma rules (in seconds). This applies to both Community Rule Packages and any configured Git repos.'
global: True
advanced: True
helpLink: sigma.html
helpLink: sigma
integrityCheckFrequencySeconds:
description: 'How often the ElastAlert integrity checker runs (in seconds). This verifies the integrity of deployed rules.'
global: True
@@ -352,7 +352,7 @@ soc:
global: True
advanced: True
forcedType: "[]{}"
helpLink: sigma.html
helpLink: sigma
syntax: json
uiElements:
- field: rulesetName
@@ -375,7 +375,7 @@ soc:
description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). Once you have changed the ruleset here, the new settings will be applied within 15 minutes. At that point, you will need to wait for the scheduled rule update to take place (by default, every 24 hours), or you can force the update by nagivating to Detections --> Options dropdown menu --> Elastalert --> Full Update. WARNING! Changing the ruleset will remove all existing non-overlapping Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
global: True
advanced: False
helpLink: sigma.html
helpLink: sigma
elastic:
index:
description: Comma-separated list of indices or index patterns (wildcard "*" supported) that SOC will search for records.
@@ -484,12 +484,12 @@ soc:
description: 'YARA rules to automatically enable on initial import. Format is $Ruleset - for example, for the default shipped ruleset: securityonion-yara'
global: True
advanced: True
helpLink: sigma.html
helpLink: sigma
communityRulesImportFrequencySeconds:
description: 'How often to check for new YARA rules (in seconds). This applies to both Community Rules and any configured Git repos.'
global: True
advanced: True
helpLink: yara.html
helpLink: yara
integrityCheckFrequencySeconds:
description: 'How often the Strelka integrity checker runs (in seconds). This verifies the integrity of deployed rules.'
global: True
@@ -500,7 +500,7 @@ soc:
global: True
advanced: True
forcedType: "[]{}"
helpLink: yara.html
helpLink: yara
syntax: json
uiElements:
- field: rulesetName
@@ -543,7 +543,7 @@ soc:
description: 'How often to check for new Suricata rules (in seconds).'
global: True
advanced: True
helpLink: suricata.html
helpLink: suricata
disableRegex:
description: A list of regular expressions used to automatically disable rules that match any of them. Each regular expression is tested against the rule's content.
global: True
@@ -562,20 +562,20 @@ soc:
advanced: True
forcedType: "[]{}"
readonly: True
helpLink: suricata.html
helpLink: suricata
ignoredSidRanges:
description: 'List of Suricata SID ranges to ignore during the Integrity Check. This is useful for ignoring specific rules not governed by the UI. Each line should contain 1 range in the format "1100000-1200000". The ranges are treated as inclusive.'
global: True
advanced: True
forcedType: "[]string"
helpLink: detections.html#rule-engine-status
helpLink: detections#rule-engine-status
rulesetSources:
default: &serulesetSources
description: "Ruleset sources for Suricata rules. Supports URL downloads and local directories. Refer to the linked documentation for details on how to configure this setting."
global: True
advanced: False
forcedType: "[]{}"
helpLink: suricata.html
helpLink: suricata
syntax: json
uiElements:
- field: name
@@ -631,11 +631,11 @@ soc:
intervalMinutes:
description: How often to generate the Navigator Layers. (minutes)
global: True
helpLink: attack-navigator.html
helpLink: attack-navigator
lookbackDays:
description: How far back to search for ATT&CK-tagged alerts. (days)
global: True
helpLink: attack-navigator.html
helpLink: attack-navigator
playbook:
playbookRepos:
default: &pbRepos
@@ -670,7 +670,7 @@ soc:
global: True
advanced: True
forcedType: "[]{}"
helpLink: assistant.html
helpLink: onion-ai
syntax: json
uiElements:
- field: name
@@ -735,7 +735,7 @@ soc:
global: True
advanced: True
forcedType: "[]{}"
helpLink: assistant.html
helpLink: onion-ai
syntax: json
uiElements:
- field: id