CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-28 23:47:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

update helpLink references for new documentation

Browse Source
This commit is contained in:
Doug Burks
2026-03-18 09:46:45 -04:00
parent 346dc446de
commit 930985b770
28 changed files with 722 additions and 722 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/strelka/soc_strelka.yaml
+85 -85
View File
@@ -2,73 +2,73 @@ strelka:
backend:
enabled:
description: Enables or disables the Strelka file analysis process.
helpLink: strelka.html
helpLink: strelka
config:
backend:
logging_cfg:
description: Path to the Python logging configuration.
readonly: True
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
limits:
max_files:
description: Number of files the backend will process before shutting down.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
time_to_live:
description: Amount of time (in seconds) that the backend will run before shutting down (0 to disable).
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
max_depth:
description: Maximum depth that extracted files will be processed by the backend.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
distribution:
description: Amount of time (in seconds) that a single file can be distributed to all scanners.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
scanner:
description: Amount of time (in seconds) that a scanner can spend scanning a file (can be overridden per scanner).
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
coordinator:
addr:
description: Network address of the coordinator.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
db:
description: Redis database of the coordinator.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
tasting:
mime_db:
description: Location of the MIME database used to taste files.
readonly: True
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
yara_rules:
description: Location of the directory of YARA files that contains rules used to taste files.
readonly: True
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
scanners:
'ScanBase64PE': &scannerOptions
description: Configuration options for this scanner.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
forcedType: "[]{}"
syntax: json
@@ -139,7 +139,7 @@ strelka:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
formatters:
simple:
@@ -147,13 +147,13 @@ strelka:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
datefmt:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
handlers:
console:
@@ -161,32 +161,32 @@ strelka:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
formatter:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
stream:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
root:
level:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
handlers:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
loggers:
OpenSSL:
@@ -194,425 +194,425 @@ strelka:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
bs4:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
bz2:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
chardet:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
docx:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
elftools:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
email:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
entropy:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
esprima:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
gzip:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
hashlib:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
json:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
libarchive:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
lxml:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
lzma:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
macholibre:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
olefile:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
oletools:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
pdfminer:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
pefile:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
pgpdump:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
pygments:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
pylzma:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
rarfile:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
requests:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
rpmfile:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
ssdeep:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
tarfile:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
tnefparse:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
yara:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
zipfile:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
zlib:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
passwords:
description: Passwords that will be stored in the password_file used in scanner options.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
multiline: True
filestream:
enabled:
description: You can enable or disable Strelka filestream.
helpLink: strelka.html
helpLink: strelka
config:
conn:
server:
description: Network address of the frontend server.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
cert:
description: Local path to the frontend SSL server certificate.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
timeout:
dial:
description: Amount of time to wait for the client to dial the server.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
file:
description: Amount of time to wait for an individual file to complete a scan.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
throughput:
concurrency:
description: Number of concurrent requests to make.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
chunk:
description: Size of file chunks that will be sent to the frontend server.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
delay:
description: Artificial sleep between the submission of each chunk.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
files:
patterns:
description: List of glob patterns that determine which files will be sent for scanning.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
delete:
description: Boolean that determines if files should be deleted after being sent for scanning.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
gatekeeper:
description: Boolean that determines if events should be pulled from the temporary event cache.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
processed:
description: Directory where files will be moved after being submitted for scanning.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
response:
report:
description: Frequency at which the frontend reports the number of files processed.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
delta:
description: Time value that determines how much time must pass since a file was last modified before it is sent for scanning.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
staging:
description: Directory where files are staged before being sent to the cluster.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
frontend:
enabled:
description: You can enable or disable Strelka frontend.
helpLink: strelka.html
helpLink: strelka
config:
server:
description: Network address of the frontend server.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
coordinator:
addr:
description: Network address of the coordinator.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
db:
description: Redis database of the coordinator.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
gatekeeper:
addr:
description: Network address of the gatekeeper.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
db:
description: Redis database of the gatekeeper.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
ttl:
description: Time-to-live for events added to the gatekeeper.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
response:
log:
description: Location where worker scan results are logged to.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
manager:
enabled:
description: You can enable or disable Strelka manager.
helpLink: strelka.html
helpLink: strelka
config:
coordinator:
addr:
description: Network address of the coordinator.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
db:
description: Redis database of the coordinator.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
coordinator:
enabled:
description: You can enable or disable Strelka coordinator.
helpLink: strelka.html
helpLink: strelka
gatekeeper:
enabled:
description: You can enable or disable Strelka gatekeeper.
helpLink: strelka.html
helpLink: strelka
rules:
enabled:
description: Boolean that determines if yara rules sync from the Salt manager to the backend nodes.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: False
filecheck:
historypath:
description: The path for previously scanned files.
readonly: True
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
strelkapath:
description: The path for unprocessed files.
readonly: True
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True
logfile:
description: The path for the filecheck log.
readonly: False
global: False
helpLink: strelka.html
helpLink: strelka
advanced: True