CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-16 07:08:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

es|ql defaults

Browse Source
This commit is contained in:
Jason Ertel
2026-06-15 12:33:08 -04:00
parent ea73216f4e
commit ae1ddf3817
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/soc/defaults.yaml
+1
View File
@@ -1464,6 +1464,7 @@ soc:
sigmaRulePackages: sigmaRulePackages:
- core - core
- emerging_threats_addon - emerging_threats_addon
useEsql: false
elastic: elastic:
hostUrl: hostUrl:
remoteHostUrls: [] remoteHostUrls: []
salt/soc/soc_soc.yaml
+5
View File
@@ -383,6 +383,11 @@ soc:
global: True global: True
advanced: False advanced: False
helpLink: sigma helpLink: sigma
useEsql:
description: "(Pre-release) Use Elasticsearch Piped Query Language (ES|QL) instead of EQL (Elastic Query Language) for Elasticsearch queries. The Sigma converter will output ES|QL instead of EQL, allowing support for correlations."
global: True
advanced: True
forcedType: bool
elastic: elastic:
index: index:
description: Comma-separated list of indices or index patterns (wildcard "*" supported) that SOC will search for records. description: Comma-separated list of indices or index patterns (wildcard "*" supported) that SOC will search for records.