CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-23 02:38:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/3/dev' into soupmod

Browse Source
This commit is contained in:
Josh Patterson
2026-06-22 09:41:16 -04:00
parent 0a69833669 63a2e20698
commit c950ac7370
23 changed files with 1043 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/soc/defaults.yaml
+1
View File
@@ -1464,6 +1464,7 @@ soc:
sigmaRulePackages:
- core
- emerging_threats_addon
useEsql: false
elastic:
hostUrl:
remoteHostUrls: []
salt/soc/soc_soc.yaml
+5
View File
@@ -383,6 +383,11 @@ soc:
global: True
advanced: False
helpLink: sigma
useEsql:
description: "(Pre-release) Use Elasticsearch Piped Query Language (ES|QL) instead of EQL (Elastic Query Language) for Elasticsearch queries. The Sigma converter will output ES|QL instead of EQL, allowing support for correlations."
global: True
advanced: True
forcedType: bool
elastic:
index:
description: Comma-separated list of indices or index patterns (wildcard "*" supported) that SOC will search for records.