From c92aedfff3e04539f49e2399aef2e99729ede65a Mon Sep 17 00:00:00 2001
From: Josh Patterson <josh.patterson@securityonionsolutions.com>
Date: Thu, 19 Mar 2026 13:06:32 -0400
Subject: [PATCH] ensure bool sliders for elastalert config options

---
 salt/elastalert/soc_elastalert.yaml | 34 +++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/salt/elastalert/soc_elastalert.yaml b/salt/elastalert/soc_elastalert.yaml
index 44868ab7b..f11d03ba6 100644
--- a/salt/elastalert/soc_elastalert.yaml
+++ b/salt/elastalert/soc_elastalert.yaml
@@ -97,8 +97,14 @@ elastalert:
         file: True
         helpLink: elastalert
   config:
+    scan_subdirectories:
+      description: Recursively scan subdirectories for rules.
+      forcedType: bool
+      global: True
+      helpLink: elastalert
     disable_rules_on_error:
       description: Disable rules on failure.
+      forcedType: bool
       global: True
       helpLink: elastalert
     run_every:
@@ -124,6 +130,16 @@ elastalert:
       description: The maximum number of documents that will be returned from Elasticsearch in a single query.
       global: True
       helpLink: elastalert
+    use_ssl:
+      description: Use SSL to connect to Elasticsearch.
+      forcedType: bool
+      global: True
+      helpLink: elastalert
+    verify_certs:
+      description: Verify TLS certificates when connecting to Elasticsearch.
+      forcedType: bool
+      global: True
+      helpLink: elastalert
     alert_time_limit:
       days:
         description: The retry window for failed alerts.
@@ -138,3 +154,21 @@ elastalert:
         description: The number of replicas for elastalert indices.
         global: True
         helpLink: elastalert
+    logging:
+      incremental:
+        description: When incremental is false (the default), the logging configuration is applied in full, replacing any existing logging setup. When true, only the level attributes of existing loggers and handlers are updated, leaving the rest of the logging configuration unchanged.
+        forcedType: bool
+        global: True
+        helpLink: elastalert
+      disable_existing_loggers:
+        description: Disable existing loggers.
+        forcedType: bool
+        global: True
+        helpLink: elastalert
+      loggers:
+        '':
+          propagate:
+            description: Propagate log messages to parent loggers.
+            forcedType: bool
+            global: True
+            helpLink: elastalert