From c2c5aea2443416186d9966cb2164de10d7fcd67d Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Thu, 19 Mar 2026 12:35:38 -0400 Subject: [PATCH] ensure bool sliders for each state:enabled annotation --- salt/elastalert/soc_elastalert.yaml | 1 + .../soc_elastic-fleet-package-registry.yaml | 1 + salt/elasticagent/soc_elasticagent.yaml | 1 + salt/elasticfleet/soc_elasticfleet.yaml | 1 + salt/elasticsearch/soc_elasticsearch.yaml | 1 + salt/hydra/soc_hydra.yaml | 3 ++- salt/idh/soc_idh.yaml | 3 ++- salt/influxdb/soc_influxdb.yaml | 1 + salt/kafka/soc_kafka.yaml | 1 + salt/kibana/soc_kibana.yaml | 3 ++- salt/kratos/soc_kratos.yaml | 1 + salt/logstash/soc_logstash.yaml | 3 ++- salt/nginx/soc_nginx.yaml | 3 ++- salt/redis/soc_redis.yaml | 3 ++- salt/registry/soc_registry.yaml | 1 + salt/sensoroni/soc_sensoroni.yaml | 1 + salt/soc/soc_soc.yaml | 1 + salt/suricata/soc_suricata.yaml | 3 ++- salt/telegraf/soc_telegraf.yaml | 3 ++- salt/zeek/soc_zeek.yaml | 1 + 20 files changed, 28 insertions(+), 8 deletions(-) diff --git a/salt/elastalert/soc_elastalert.yaml b/salt/elastalert/soc_elastalert.yaml index bf85fed80..44868ab7b 100644 --- a/salt/elastalert/soc_elastalert.yaml +++ b/salt/elastalert/soc_elastalert.yaml @@ -1,6 +1,7 @@ elastalert: enabled: description: Enables or disables the ElastAlert 2 process. This process is critical for ensuring alerts arrive in SOC, and for outbound notification delivery. + forcedType: bool helpLink: elastalert alerter_parameters: title: Custom Configuration Parameters diff --git a/salt/elastic-fleet-package-registry/soc_elastic-fleet-package-registry.yaml b/salt/elastic-fleet-package-registry/soc_elastic-fleet-package-registry.yaml index 3d8a2112b..fff1a51c0 100644 --- a/salt/elastic-fleet-package-registry/soc_elastic-fleet-package-registry.yaml +++ b/salt/elastic-fleet-package-registry/soc_elastic-fleet-package-registry.yaml @@ -1,4 +1,5 @@ elastic_fleet_package_registry: enabled: description: Enables or disables the Fleet package registry process. This process must remain enabled to allow Elastic Agent packages to be updated. + forcedType: bool advanced: True diff --git a/salt/elasticagent/soc_elasticagent.yaml b/salt/elasticagent/soc_elasticagent.yaml index a24ac1985..c78d46c6c 100644 --- a/salt/elasticagent/soc_elasticagent.yaml +++ b/salt/elasticagent/soc_elasticagent.yaml @@ -1,4 +1,5 @@ elasticagent: enabled: description: Enables or disables the Elastic Agent process. This process must remain enabled to allow collection of node events. + forcedType: bool advanced: True diff --git a/salt/elasticfleet/soc_elasticfleet.yaml b/salt/elasticfleet/soc_elasticfleet.yaml index a212f669f..e2c40cca5 100644 --- a/salt/elasticfleet/soc_elasticfleet.yaml +++ b/salt/elasticfleet/soc_elasticfleet.yaml @@ -1,6 +1,7 @@ elasticfleet: enabled: description: Enables or disables the Elastic Fleet process. This process is critical for managing Elastic Agents. + forcedType: bool advanced: True helpLink: elastic-fleet enable_manager_output: diff --git a/salt/elasticsearch/soc_elasticsearch.yaml b/salt/elasticsearch/soc_elasticsearch.yaml index 87de0e086..0d5eff4d6 100644 --- a/salt/elasticsearch/soc_elasticsearch.yaml +++ b/salt/elasticsearch/soc_elasticsearch.yaml @@ -1,6 +1,7 @@ elasticsearch: enabled: description: Enables or disables the Elasticsearch process. This process provides the log event storage system. WARNING - Disabling this process is unsupported. + forcedType: bool advanced: True helpLink: elasticsearch version: diff --git a/salt/hydra/soc_hydra.yaml b/salt/hydra/soc_hydra.yaml index 5242d0cc7..37613246b 100644 --- a/salt/hydra/soc_hydra.yaml +++ b/salt/hydra/soc_hydra.yaml @@ -1,6 +1,7 @@ hydra: enabled: - description: Enables or disables the API authentication system, used for service account authentication. Enabling this feature requires a valid Security Onion license key. Defaults to False. + description: Enables or disables the API authentication system, used for service account authentication. Enabling this feature requires a valid Security Onion license key. Defaults to False. + forcedType: bool helpLink: connect-api global: True config: diff --git a/salt/idh/soc_idh.yaml b/salt/idh/soc_idh.yaml index 0ee103eb6..f23393974 100644 --- a/salt/idh/soc_idh.yaml +++ b/salt/idh/soc_idh.yaml @@ -1,6 +1,7 @@ idh: enabled: - description: Enables or disables the Intrusion Detection Honeypot (IDH) process. + description: Enables or disables the Intrusion Detection Honeypot (IDH) process. + forcedType: bool helpLink: idh opencanary: config: diff --git a/salt/influxdb/soc_influxdb.yaml b/salt/influxdb/soc_influxdb.yaml index 875e03d4a..9aaa91a84 100644 --- a/salt/influxdb/soc_influxdb.yaml +++ b/salt/influxdb/soc_influxdb.yaml @@ -1,6 +1,7 @@ influxdb: enabled: description: Enables the grid metrics collection storage system. Security Onion grid health monitoring requires this process to remain enabled. WARNING - Disabling the process is unsupported, and will cause unexpected results. + forcedType: bool helpLink: influxdb config: assets-path: diff --git a/salt/kafka/soc_kafka.yaml b/salt/kafka/soc_kafka.yaml index 93a2b871e..b8d0c7c32 100644 --- a/salt/kafka/soc_kafka.yaml +++ b/salt/kafka/soc_kafka.yaml @@ -1,6 +1,7 @@ kafka: enabled: description: Set to True to enable Kafka. To avoid grid problems, do not enable Kafka until the related configuration is in place. Requires a valid Security Onion license key. + forcedType: bool helpLink: kafka cluster_id: description: The ID of the Kafka cluster. diff --git a/salt/kibana/soc_kibana.yaml b/salt/kibana/soc_kibana.yaml index ae488d2ec..517ffe833 100644 --- a/salt/kibana/soc_kibana.yaml +++ b/salt/kibana/soc_kibana.yaml @@ -1,6 +1,7 @@ kibana: - enabled: + enabled: description: Enables or disables the Kibana front-end interface to Elasticsearch. Due to Kibana being used for loading certain configuration details in Elasticsearch, this process should remain enabled. WARNING - Disabling the process is unsupported, and will cause unexpected results. + forcedType: bool helpLink: kibana config: elasticsearch: diff --git a/salt/kratos/soc_kratos.yaml b/salt/kratos/soc_kratos.yaml index 13f50ac2b..d64ac6d47 100644 --- a/salt/kratos/soc_kratos.yaml +++ b/salt/kratos/soc_kratos.yaml @@ -1,6 +1,7 @@ kratos: enabled: description: Enables or disables the Kratos authentication system. WARNING - Disabling this process will cause the grid to malfunction. Re-enabling this setting will require manual effort via SSH. + forcedType: bool advanced: True helpLink: kratos diff --git a/salt/logstash/soc_logstash.yaml b/salt/logstash/soc_logstash.yaml index 71255928b..5a5816a9e 100644 --- a/salt/logstash/soc_logstash.yaml +++ b/salt/logstash/soc_logstash.yaml @@ -1,6 +1,7 @@ logstash: - enabled: + enabled: description: Enables or disables the Logstash log event forwarding process. On most grid installations, when this process is disabled log events are unable to be ingested into the SOC backend. + forcedType: bool helpLink: logstash assigned_pipelines: roles: diff --git a/salt/nginx/soc_nginx.yaml b/salt/nginx/soc_nginx.yaml index 3e5395d8f..c901c4ad9 100644 --- a/salt/nginx/soc_nginx.yaml +++ b/salt/nginx/soc_nginx.yaml @@ -1,6 +1,7 @@ nginx: - enabled: + enabled: description: Enables or disables the Nginx web server and reverse proxy. WARNING - Disabling this process will prevent access to SOC and other important web interfaces and APIs. Re-enabling the process is a manual effort. Do not change this setting without instruction from Security Onion support. + forcedType: bool advanced: True helpLink: nginx external_suricata: diff --git a/salt/redis/soc_redis.yaml b/salt/redis/soc_redis.yaml index e19cb88c6..bce058bc3 100644 --- a/salt/redis/soc_redis.yaml +++ b/salt/redis/soc_redis.yaml @@ -1,6 +1,7 @@ redis: - enabled: + enabled: description: Enables the log event in-memory buffering process. This process might already be disabled on some installation types. Disabling this process on distributed-capable grids can result in loss of log events. + forcedType: bool helpLink: redis config: bind: diff --git a/salt/registry/soc_registry.yaml b/salt/registry/soc_registry.yaml index 7d6cefe8c..7a936b343 100644 --- a/salt/registry/soc_registry.yaml +++ b/salt/registry/soc_registry.yaml @@ -1,4 +1,5 @@ registry: enabled: description: Enables or disables the Docker registry on the manager node. WARNING - If this process is disabled the grid will malfunction and a manual effort may be needed to re-enable the setting. + forcedType: bool advanced: True diff --git a/salt/sensoroni/soc_sensoroni.yaml b/salt/sensoroni/soc_sensoroni.yaml index 5f306335b..f7f6d441b 100644 --- a/salt/sensoroni/soc_sensoroni.yaml +++ b/salt/sensoroni/soc_sensoroni.yaml @@ -1,6 +1,7 @@ sensoroni: enabled: description: Enable or disable the per-node SOC agent process. This process is used for performing node-related jobs and reporting node metrics back to SOC. Disabling this process is unsupported and will result in an improperly functioning grid. + forcedType: bool advanced: True helpLink: grid config: diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml index b99ef4363..8fcfaa3d1 100644 --- a/salt/soc/soc_soc.yaml +++ b/salt/soc/soc_soc.yaml @@ -1,6 +1,7 @@ soc: enabled: description: Enables or disables SOC. WARNING - Disabling this setting is unsupported and will cause the grid to malfunction. Re-enabling this setting is a manual effort via SSH. + forcedType: bool advanced: True telemetryEnabled: title: SOC Telemetry diff --git a/salt/suricata/soc_suricata.yaml b/salt/suricata/soc_suricata.yaml index d754e2ede..60dbea356 100644 --- a/salt/suricata/soc_suricata.yaml +++ b/salt/suricata/soc_suricata.yaml @@ -1,6 +1,7 @@ suricata: - enabled: + enabled: description: Enables or disables the Suricata process. This process is used for triggering alerts and optionally for protocol metadata collection and full packet capture. + forcedType: bool helpLink: suricata thresholding: sids__yaml: diff --git a/salt/telegraf/soc_telegraf.yaml b/salt/telegraf/soc_telegraf.yaml index 19151f535..cb6a8c333 100644 --- a/salt/telegraf/soc_telegraf.yaml +++ b/salt/telegraf/soc_telegraf.yaml @@ -1,6 +1,7 @@ telegraf: - enabled: + enabled: description: Enables the grid metrics collection process. WARNING - Security Onion grid health monitoring requires this process to remain enabled. Disabling it will cause unexpected and unsupported results. + forcedType: bool advanced: True helpLink: influxdb config: diff --git a/salt/zeek/soc_zeek.yaml b/salt/zeek/soc_zeek.yaml index 787185469..332702687 100644 --- a/salt/zeek/soc_zeek.yaml +++ b/salt/zeek/soc_zeek.yaml @@ -1,6 +1,7 @@ zeek: enabled: description: Controls whether the Zeek (network packet inspection) process runs. Disabling this process could result in loss of network protocol metadata. If Suricata was selected as the protocol metadata engine during setup then this will already be disabled. + forcedType: bool helpLink: zeek ja4plus_enabled: description: "Enables JA4+ fingerprinting (JA4S, JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X). By enabling this, you agree to the terms of the JA4+ license (https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE-JA4)."