From ca588d2e789b10f13855a2551b1f6d61e3f9f619 Mon Sep 17 00:00:00 2001
From: Josh Patterson <josh.patterson@securityonionsolutions.com>
Date: Thu, 19 Mar 2026 17:19:42 -0400
Subject: [PATCH] new elastalert options advanced

---
 salt/elastalert/soc_elastalert.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/salt/elastalert/soc_elastalert.yaml b/salt/elastalert/soc_elastalert.yaml
index f11d03ba6..123ead697 100644
--- a/salt/elastalert/soc_elastalert.yaml
+++ b/salt/elastalert/soc_elastalert.yaml
@@ -100,6 +100,7 @@ elastalert:
     scan_subdirectories:
       description: Recursively scan subdirectories for rules.
       forcedType: bool
+      advanced: True
       global: True
       helpLink: elastalert
     disable_rules_on_error:
@@ -133,11 +134,13 @@ elastalert:
     use_ssl:
       description: Use SSL to connect to Elasticsearch.
       forcedType: bool
+      advanced: True
       global: True
       helpLink: elastalert
     verify_certs:
       description: Verify TLS certificates when connecting to Elasticsearch.
       forcedType: bool
+      advanced: True
       global: True
       helpLink: elastalert
     alert_time_limit:
@@ -158,11 +161,13 @@ elastalert:
       incremental:
         description: When incremental is false (the default), the logging configuration is applied in full, replacing any existing logging setup. When true, only the level attributes of existing loggers and handlers are updated, leaving the rest of the logging configuration unchanged.
         forcedType: bool
+        advanced: True
         global: True
         helpLink: elastalert
       disable_existing_loggers:
         description: Disable existing loggers.
         forcedType: bool
+        advanced: True
         global: True
         helpLink: elastalert
       loggers:
@@ -170,5 +175,6 @@ elastalert:
           propagate:
             description: Propagate log messages to parent loggers.
             forcedType: bool
+            advanced: True
             global: True
             helpLink: elastalert