Merge pull request #14986 from Security-Onion-Solutions/cogburn/internal-reverse

Move EnableReverseLookup

salt/soc/defaults.yaml

@@ -1359,6 +1359,7 @@ soc:
       importUploadDir: /nsm/soc/uploads
       forceUserOtp: false
       customReportsPath: /opt/sensoroni/templates/reports/custom
+      enableReverseLookup: false
       modules:
         cases: soc
         filedatastore:
@@ -1566,7 +1567,6 @@ soc:
           outputPath: /opt/sensoroni/navigator
           lookbackDays: 3
       client:
-        enableReverseLookup: false
         docsUrl: /docs/
         cheatsheetUrl: /docs/cheatsheet.pdf
         releaseNotesUrl: /docs/release-notes.html

salt/soc/soc_soc.yaml

@@ -180,6 +180,10 @@ soc:
           label: Subgrid Enabled
           forcedType: bool
           default: false
+      enableReverseLookup:
+        description: "Set to true to enable reverse DNS lookups for IP addresses in the SOC UI. To add your own local lookups, create a CSV file at /nsm/custom-mappings/ip-descriptions.csv on your Manager and populate the file with IP addresses and descriptions as follows: IP, Description. Elasticsearch will then ingest the CSV during the next high state."
+        global: True
+        helpLink: soc-customization.html#reverse-dns
       modules:
         elastalertengine:
           aiRepoUrl:
@@ -577,9 +581,6 @@ soc:
                 label: Folder
             airgap: *pbRepos
       client:
-        enableReverseLookup:
-          description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI.
-          global: True
         apiTimeoutMs:
           description: Duration (in milliseconds) to wait for a response from the SOC server API before giving up and showing an error on the SOC UI.
           global: True