Merge pull request #10638 from Security-Onion-Solutions/cogburn/import-fix

Change upload path
2025-12-08 10:12:53 +01:00 · 2023-06-22 13:04:22 -04:00
parent 6b97d07a89 6769386c86
commit cae9e6230f
2 changed files with 9 additions and 9 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -580,18 +580,18 @@ soc:
        - event.dataset
        - process.executable
        - user.name
-      '::process_terminated': 
+      '::process_terminated':
        - soc_timestamp
        - process.executable
        - process.pid
        - winlog.computer_name
-      '::file_create': 
+      '::file_create':
        - soc_timestamp
        - file.target
        - process.executable
        - process.pid
        - winlog.computer_name
-      '::registry_value_set': 
+      '::registry_value_set':
        - soc_timestamp
        - winlog.event_data.TargetObject
        - process.executable
@@ -1000,13 +1000,13 @@ soc:
        -  destination.port
        -  tds.header_type
        -  log.id.uid
-        -  event.dataset    
+        -  event.dataset
    server:
      bindAddress: 0.0.0.0:9822
      baseUrl: /
      maxPacketCount: 5000
      htmlDir: html
-      importUploadDir: /opt/sensoroni/uploads
+      importUploadDir: /nsm/soc/uploads
      airgapEnabled: false
      modules:
        cases: soc
@@ -1034,7 +1034,7 @@ soc:
          asyncThreshold: 10
        influxdb:
          hostUrl:
-          token: 
+          token:
          org: Security Onion
          bucket: telegraf/so_short_term
          verifyCert: false
@@ -1409,7 +1409,7 @@ soc:
            - name: Host Registry Changes
              description: Windows Registry changes
              query: 'event.category: registry | groupby -sankey event.action host.name | groupby event.dataset event.action | groupby host.name | groupby process.executable | groupby registry.path | groupby process.executable registry.path'
-            - name: Host DNS & Process Mappings 
+            - name: Host DNS & Process Mappings
              description: DNS queries mapped to originating processes
              query: 'event.category: network AND _exists_:process.executable  AND (_exists_:dns.question.name OR _exists_:dns.answers.data)  | groupby -sankey host.name dns.question.name | groupby event.dataset event.type | groupby host.name | groupby process.executable | groupby dns.question.name | groupby dns.answers.data'
            - name: Host Process Activity
@@ -1686,7 +1686,7 @@ soc:
            - name: Templates
              query: 'so_case.category:template'
        case:
-          analyzerNodeId: 
+          analyzerNodeId:
          mostRecentlyUsedLimit: 5
          renderAbbreviatedCount: 30
          presets:
--- a/salt/soc/enabled.sls
+++ b/salt/soc/enabled.sls
@@ -23,7 +23,7 @@ so-soc:
        - ipv4_address: {{ DOCKER.containers['so-soc'].ip }}
    - binds:
      - /nsm/soc/jobs:/opt/sensoroni/jobs:rw
-      - /nsm/soc/uploads:/opt/sensoroni/uploads:rw
+      - /nsm/soc/uploads:/nsm/soc/uploads:rw
      - /opt/so/log/soc/:/opt/sensoroni/logs/:rw
      - /opt/so/conf/soc/soc.json:/opt/sensoroni/sensoroni.json:ro
      - /opt/so/conf/soc/motd.md:/opt/sensoroni/html/motd.md:ro