Merge pull request #11218 from Security-Onion-Solutions/feature/soc_administration_analyzers

Analyzer SOC Administration
2025-12-06 09:12:45 +01:00 · 2023-08-30 16:54:02 -04:00
parent f2d1b9ac95 41300af944
commit ac38f32e32
2 changed files with 170 additions and 0 deletions
--- a/salt/sensoroni/defaults.yaml
+++ b/salt/sensoroni/defaults.yaml
@@ -8,3 +8,31 @@ sensoroni:
    node_checkin_interval_ms: 10000
    sensoronikey:
    soc_host:
  analyzers:
      emailrep:
        base_url: https://emailrep.io/
        api_key:
      greynoise:
        base_url: https://api.greynoise.io/
        api_key:
        api_version: community
      localfile:
        file_path: []
      otx:
        base_url: https://otx.alienvault.com/api/v1/
        api_key:
      pulsedive:
        base_url: https://pulsedive.com/api/ 
        api_key:
      spamhaus:
        lookup_host: zen.spamhaus.org
        nameservers: []
      urlscan:
        base_url: https://urlscan.io/api/v1/
        api_key:
        enabled: False
        visibility: public
        timeout: 180
      virustotal:
        base_url: https://www.virustotal.com/api/v3/search?query=
        api_key:
--- a/salt/sensoroni/soc_sensoroni.yaml
+++ b/salt/sensoroni/soc_sensoroni.yaml
@@ -37,3 +37,145 @@ sensoroni:
      helpLink: sensoroni.html
      global: True
      advanced: True
  analyzers:
    emailrep:
      api_key:
        description: API key for the EmailRep analyzer.
        helpLink: sensoroni.html
        global: False
        sensitive: True
        advanced: True
        forcedType: string
      base_url:
        description: Base URL for the EmailRep analyzer.
        helpLink: sensoroni.html
        global: False
        sensitive: False
        advanced: True
        forcedType: string
    greynoise:
      api_key:
        description: API key for the GreyNoise analyzer.
        helpLink: sensoroni.html
        global: False
        sensitive: True
        advanced: True
        forcedType: string
      api_version:
        description: API version for the GreyNoise analyzer.
        helpLink: sensoroni.html
        global: False
        sensitive: False
        advanced: True
        forcedType: string
      base_url:
        description: Base URL for the GreyNoise analyzer.
        helpLink: sensoroni.html
        global: False
        sensitive: False
        advanced: True
        forcedType: string
    localfile:
      file_path:
        description: File path for the LocalFile analyzer.
        helpLink: sensoroni.html
        global: False
        sensitive: False
        advanced: True
        forcedType: "[]string"
    otx:
      api_key:
        description: API key for the OTX analyzer.
        helpLink: sensoroni.html
        global: False
        sensitive: True
        advanced: True
        forcedType: string
      base_url:
        description: Base URL for the OTX analyzer.
        helpLink: sensoroni.html
        global: False
        sensitive: False
        advanced: True
        forcedType: string
    pulsedive:
      api_key:
        description: API key for the Pulsedive analyzer.
        helpLink: sensoroni.html
        global: False
        sensitive: True
        advanced: True
        forcedType: string
      base_url:
        description: Base URL for the Pulsedive analyzer.
        helpLink: sensoroni.html
        global: False
        sensitive: False
        advanced: True
        forcedType: string
    spamhaus:
      lookup_host:
        description: Host to use for lookups.
        helpLink: sensoroni.html
        global: False
        sensitive: False
        advanced: True
        forcedType: string
      nameservers:
        description: Nameservers used for queries.
        helpLink: sensoroni.html
        global: False
        sensitive: False
        advanced: True
        forcedTypes: "[]string"
    urlscan:
      api_key:
        description: API key for the Urlscan analyzer.
        helpLink: sensoroni.html
        global: False
        sensitive: True
        advanced: True
        forcedType: string
      base_url:
        description: Base URL for the Urlscan analyzer.
        helpLink: sensoroni.html
        global: False
        sensitive: False
        advanced: True
        forcedType: string
      enabled:
        description: Analyzer enabled
        helpLink: sensoroni.html
        global: False
        sensitive: False
        advanced: True
        forcedType: bool
      timeout:
        description: Timeout for the Urlscan analyzer.
        helpLink: sensoroni.html
        global: False
        sensitive: False
        advanced: True
        forcedType: int
      visibility:
        description: Type of visibility.
        helpLink: sensoroni.html
        global: False
        sensitive: False
        advanced: True
        forcedType: string
    virustotal:
      api_key:
        description: API key for the VirusTotal analyzer.
        helpLink: sensoroni.html
        global: False
        sensitive: True
        advanced: True
        forcedType: string
      base_url:
        description: Base URL for the VirusTotal analyzer.
        helpLink: sensoroni.html
        global: False
        sensitive: False
        advanced: True
        forcedType: string