CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Jinjafy case params

Browse Source
This commit is contained in:
Jason Ertel
2021-12-08 17:41:48 -05:00
parent b73eb76c94
commit a9b7b9ee92
8 changed files with 87 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
salt/soc/files/soc/cases.eventfields.json Normal file
View File

@@ -0,0 +1,3 @@
{
"default": ["soc_timestamp", "case.title", "case.status", "case.severity", "case.createTime"]
}

5
salt/soc/files/soc/cases.queries.json Normal file
View File

@@ -0,0 +1,5 @@
[
{ "name": "New Cases", "query": "!case.status:closed" },
{ "name": "Closed Cases", "query": "case.status:closed" },
{ "name": "Templates", "query": "case.category:template" }
]

7
salt/soc/files/soc/presets.category.json Normal file
View File

@@ -0,0 +1,7 @@
{
"labels": [
"General",
"Template"
],
"customEnabled": true
}

9
salt/soc/files/soc/presets.pap.json Normal file
View File

@@ -0,0 +1,9 @@
{
"labels": [
"White",
"Green",
"Amber",
"Red"
],
"customEnabled": false
}

9
salt/soc/files/soc/presets.severity.json Normal file
View File

@@ -0,0 +1,9 @@
{
"labels": [
"Low",
"Medium",
"High",
"Critical"
],
"customEnabled": false
}

8
salt/soc/files/soc/presets.tag.json Normal file
View File

@@ -0,0 +1,8 @@
{
"labels": [
"false-positive",
"confirmed",
"pending"
],
"customEnabled": true
}

9
salt/soc/files/soc/presets.tlp.json Normal file
View File

@@ -0,0 +1,9 @@
{
"labels": [
"White",
"Green",
"Amber",
"Red"
],
"customEnabled": false
}

35
salt/soc/files/soc/soc.json
View File

@@ -18,6 +18,11 @@
{%- import_json "soc/files/soc/hunt.eventfields.json" as hunt_eventfields %} {%- import_json "soc/files/soc/hunt.eventfields.json" as hunt_eventfields %}
{%- import_json "soc/files/soc/menu.actions.json" as menu_actions %} {%- import_json "soc/files/soc/menu.actions.json" as menu_actions %}
{%- import_json "soc/files/soc/tools.json" as tools %} {%- import_json "soc/files/soc/tools.json" as tools %}
{%- import_json "soc/files/soc/presets.category.json" as presets_category %}
{%- import_json "soc/files/soc/presets.pap.json" as presets_pap %}
{%- import_json "soc/files/soc/presets.severity.json" as presets_severity %}
{%- import_json "soc/files/soc/presets.tag.json" as presets_tag %}
{%- import_json "soc/files/soc/presets.tlp.json" as presets_tlp %}
{%- set DNET = salt['pillar.get']('global:dockernet', '172.17.0.0') %} {%- set DNET = salt['pillar.get']('global:dockernet', '172.17.0.0') %}
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} {%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %} {%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
@@ -183,6 +188,36 @@
], ],
"queries": {{ alerts_queries | json }}, "queries": {{ alerts_queries | json }},
"actions": {{ menu_actions | json }} "actions": {{ menu_actions | json }}
},
"cases": {
"advanced": false,
"groupItemsPerPage": 50,
"groupFetchLimit": 100,
"eventItemsPerPage": 50,
"eventFetchLimit": 500,
"relativeTimeValue": 12,
"relativeTimeUnit": 60,
"mostRecentlyUsedLimit": 5,
"ackEnabled": false,
"escalateEnabled": false,
"escalateRelatedEventsEnabled": false,
"viewEnabled": true,
"eventFields": {{ cases_eventfields | json }},
"queryBaseFilter": "_index:so-case AND kind:case",
"queryToggleFilters": [
],
"queries": {{ cases_queries | json }},
"actions": {{ menu_actions | json }}
},
"case": {
"mostRecentlyUsedLimit": 5,
"presets": {
"category": {{ presets_category | json }},
"pap": {{ presets_pap | json }},
"severity": {{ presets_severity | json }},
"tag": {{ presets_tag | json }},
"tlp": {{ presets_tlp | json }}
}
} }
} }
} }