Merge pull request #14296 from Security-Onion-Solutions/jertel/wip

annotation/config updates

salt/hydra/soc_hydra.yaml

@@ -2,6 +2,7 @@ hydra:
   enabled:
     description: Enables or disables the API authentication system, used for service account authentication. Enabling this feature requires a valid Security Onion license key. Defaults to False. 
     helpLink: connect.html
+    global: True
   config:
     ttl:
       access_token:

salt/sensoroni/files/sensoroni.json

@@ -8,6 +8,7 @@
     "role": "{{ GLOBALS.role }}",
     "description": {{ SENSORONIMERGED.config.node_description | tojson }},
     "address": "{{ GLOBALS.node_ip }}",
+    "mgmtNic": "{{ GLOBALS.main_interface }}",
     "model": "{{ GLOBALS.so_model }}",
     "pollIntervalMs": {{ SENSORONIMERGED.config.node_checkin_interval_ms }},
     "serverUrl": "https://{{ GLOBALS.url_base }}/sensoroniagents",

salt/soc/soc_soc.yaml

@@ -54,7 +54,11 @@ soc:
       title: Log Level
       description: The SOC log level, useful for enabling debug logging for advanced troubleshooting. Allowed values are debug, info, warn, error. The SOC log is available at /opt/so/log/soc/sensoroni-server.log.
       global: True
-      regex: ^(info|debug|warn|error)$
+      options:
+      - info
+      - debug
+      - warn
+      - error
     actions:
       description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records. The action must be defined in JSON object format, and contain a "name" key and "links" key. The links is a list of URLs, where the most suitable URL in the list will be the selected URL when the user clicks the action.
       global: True