Merge pull request #15127 from Security-Onion-Solutions/jertel/wip

csv delimiter and query name
2025-12-06 09:12:45 +01:00 · 2025-10-09 15:48:37 -04:00
parent 1c5a72ee85 8f75bfb0a4
commit ca935e4272
3 changed files with 34 additions and 1 deletions
--- a/salt/sensoroni/defaults.yaml
+++ b/salt/sensoroni/defaults.yaml
@@ -5,6 +5,12 @@ sensoroni:
      enabled: False
      timeout_ms: 900000
      parallel_limit: 5
+    export:
+      timeoutMs: 1200000
+      cacheRefreshIntervalMs: 10000
+      exportMetricLimit: 10000
+      exportEventLimit: 10000
+      csvSeparator: ','
    node_checkin_interval_ms: 10000
    sensoronikey:
    soc_host:
--- a/salt/sensoroni/files/sensoroni.json
+++ b/salt/sensoroni/files/sensoroni.json
@@ -21,7 +21,13 @@
      },
 {%- endif %}
      "importer": {},
-      "export": {},
+      "export": {
+        "timeoutMs": {{ SENSORONIMERGED.config.export.timeout_ms }},
+        "cacheRefreshIntervalMs": {{ SENSORONIMERGED.config.export.cache_refresh_interval_ms }},
+        "exportMetricLimit": {{ SENSORONIMERGED.config.export.export_metric_limit }},
+        "exportEventLimit": {{ SENSORONIMERGED.config.export.export_event_limit }},
+        "csvSeparator": "{{ SENSORONIMERGED.config.export.csv_separator }}"
+      },
      "statickeyauth": {
        "apiKey": "{{ GLOBALS.sensoroni_key }}"
 {%  if GLOBALS.is_sensor %}
--- a/salt/sensoroni/soc_sensoroni.yaml
+++ b/salt/sensoroni/soc_sensoroni.yaml
@@ -17,6 +17,27 @@ sensoroni:
        description: Parallel limit for the analyzer.
        advanced: True
        helpLink: cases.html
+    export:
+      timeout_ms:
+        description: Timeout period for the exporter to finish export-related tasks.
+        advanced: True
+        helpLink: reports.html
+      cache_refresh_interval_ms:
+        description: Refresh interval for cache updates. Longer intervals result in less compute usage but risks stale data included in reports.
+        advanced: True
+        helpLink: reports.html
+      export_metric_limit:
+        description: Maximum number of metric values to include in each metric aggregation group.
+        advanced: True
+        helpLink: reports.html
+      export_event_limit:
+        description: Maximum number of events to include per event list.
+        advanced: True
+        helpLink: reports.html
+      csv_separator:
+        description: Separator character to use for CSV exports.
+        advanced: False
+        helpLink: reports.html
    node_checkin_interval_ms:
      description: Interval in ms to checkin to the soc_host.
      advanced: True