From 2181cddf496cd50c0add0a10d88abf488fe53dc0 Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Tue, 2 Sep 2025 14:09:55 -0600
Subject: [PATCH 1/2] Move EnableReverseLookup

Move EnableReverseLookup and it's annotation from ClientParams to ServerConfig.
---
 salt/soc/defaults.yaml | 2 +-
 salt/soc/soc_soc.yaml  | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 8ce5d882a..7bb2c1f03 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1359,6 +1359,7 @@ soc:
       importUploadDir: /nsm/soc/uploads
       forceUserOtp: false
       customReportsPath: /opt/sensoroni/templates/reports/custom
+      enableReverseLookup: false
       modules:
         cases: soc
         filedatastore:
@@ -1566,7 +1567,6 @@ soc:
           outputPath: /opt/sensoroni/navigator
           lookbackDays: 3
       client:
-        enableReverseLookup: false
         docsUrl: /docs/
         cheatsheetUrl: /docs/cheatsheet.pdf
         releaseNotesUrl: /docs/release-notes.html
diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index b2f509114..f08bfd52b 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -180,6 +180,9 @@ soc:
           label: Subgrid Enabled
           forcedType: bool
           default: false
+      enableReverseLookup:
+        description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI.
+        global: True
       modules:
         elastalertengine:
           aiRepoUrl:
@@ -577,9 +580,6 @@ soc:
                 label: Folder
             airgap: *pbRepos
       client:
-        enableReverseLookup:
-          description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI.
-          global: True
         apiTimeoutMs:
           description: Duration (in milliseconds) to wait for a response from the SOC server API before giving up and showing an error on the SOC UI.
           global: True

From df0b484b452fdc2408742ade0cc7f9dfebba9c40 Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Tue, 2 Sep 2025 15:07:13 -0600
Subject: [PATCH 2/2] More Descriptive Description

Include instructions for how to add local lookups and a help link.
---
 salt/soc/soc_soc.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index f08bfd52b..2d0eb3792 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -181,8 +181,9 @@ soc:
           forcedType: bool
           default: false
       enableReverseLookup:
-        description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI.
+        description: "Set to true to enable reverse DNS lookups for IP addresses in the SOC UI. To add your own local lookups, create a CSV file at /nsm/custom-mappings/ip-descriptions.csv on your Manager and populate the file with IP addresses and descriptions as follows: IP, Description. Elasticsearch will then ingest the CSV during the next high state."
         global: True
+        helpLink: soc-customization.html#reverse-dns
       modules:
         elastalertengine:
           aiRepoUrl: