Merge pull request #14986 from Security-Onion-Solutions/cogburn/internal-reverse

Move EnableReverseLookup
2025-12-06 01:02:46 +01:00 · 2025-09-02 15:25:19 -06:00
parent a2b6968cef df0b484b45
commit c7cdb0b466
2 changed files with 5 additions and 4 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1359,6 +1359,7 @@ soc:
      importUploadDir: /nsm/soc/uploads
      forceUserOtp: false
      customReportsPath: /opt/sensoroni/templates/reports/custom
+      enableReverseLookup: false
      modules:
        cases: soc
        filedatastore:
@@ -1566,7 +1567,6 @@ soc:
          outputPath: /opt/sensoroni/navigator
          lookbackDays: 3
      client:
-        enableReverseLookup: false
        docsUrl: /docs/
        cheatsheetUrl: /docs/cheatsheet.pdf
        releaseNotesUrl: /docs/release-notes.html
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -180,6 +180,10 @@ soc:
          label: Subgrid Enabled
          forcedType: bool
          default: false
+      enableReverseLookup:
+        description: "Set to true to enable reverse DNS lookups for IP addresses in the SOC UI. To add your own local lookups, create a CSV file at /nsm/custom-mappings/ip-descriptions.csv on your Manager and populate the file with IP addresses and descriptions as follows: IP, Description. Elasticsearch will then ingest the CSV during the next high state."
+        global: True
+        helpLink: soc-customization.html#reverse-dns
      modules:
        elastalertengine:
          aiRepoUrl:
@@ -577,9 +581,6 @@ soc:
                label: Folder
            airgap: *pbRepos
      client:
-        enableReverseLookup:
-          description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI.
-          global: True
        apiTimeoutMs:
          description: Duration (in milliseconds) to wait for a response from the SOC server API before giving up and showing an error on the SOC UI.
          global: True