From 9dafa062f8b600f6eaf90411d34b137d50715159 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Tue, 25 Feb 2025 17:00:41 -0500
Subject: [PATCH] annotation/config updates

---
 salt/hydra/soc_hydra.yaml           | 1 +
 salt/sensoroni/files/sensoroni.json | 1 +
 salt/soc/soc_soc.yaml               | 6 +++++-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/salt/hydra/soc_hydra.yaml b/salt/hydra/soc_hydra.yaml
index 1e33f00ea..40e07ab1b 100644
--- a/salt/hydra/soc_hydra.yaml
+++ b/salt/hydra/soc_hydra.yaml
@@ -2,6 +2,7 @@ hydra:
   enabled:
     description: Enables or disables the API authentication system, used for service account authentication. Enabling this feature requires a valid Security Onion license key. Defaults to False. 
     helpLink: connect.html
+    global: True
   config:
     ttl:
       access_token:
diff --git a/salt/sensoroni/files/sensoroni.json b/salt/sensoroni/files/sensoroni.json
index 547e52ada..917498ba1 100644
--- a/salt/sensoroni/files/sensoroni.json
+++ b/salt/sensoroni/files/sensoroni.json
@@ -8,6 +8,7 @@
     "role": "{{ GLOBALS.role }}",
     "description": {{ SENSORONIMERGED.config.node_description | tojson }},
     "address": "{{ GLOBALS.node_ip }}",
+    "mgmtNic": "{{ GLOBALS.main_interface }}",
     "model": "{{ GLOBALS.so_model }}",
     "pollIntervalMs": {{ SENSORONIMERGED.config.node_checkin_interval_ms }},
     "serverUrl": "https://{{ GLOBALS.url_base }}/sensoroniagents",
diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index 8d6bab06b..d7fcd9644 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -54,7 +54,11 @@ soc:
       title: Log Level
       description: The SOC log level, useful for enabling debug logging for advanced troubleshooting. Allowed values are debug, info, warn, error. The SOC log is available at /opt/so/log/soc/sensoroni-server.log.
       global: True
-      regex: ^(info|debug|warn|error)$
+      options:
+      - info
+      - debug
+      - warn
+      - error
     actions:
       description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records. The action must be defined in JSON object format, and contain a "name" key and "links" key. The links is a list of URLs, where the most suitable URL in the list will be the selected URL when the user clicks the action.
       global: True