diff --git a/salt/elastalert/soc_elastalert.yaml b/salt/elastalert/soc_elastalert.yaml index 905fd3884..764ec87fc 100644 --- a/salt/elastalert/soc_elastalert.yaml +++ b/salt/elastalert/soc_elastalert.yaml @@ -1,6 +1,6 @@ elastalert: enabled: - description: You can enable or disable Elastalert. + description: Enables or disables the ElastAlert 2 process. This process is critical for ensuring alerts arrive in SOC, and for outbound notification delivery. helpLink: elastalert.html alerter_parameters: title: Custom Configuration Parameters diff --git a/salt/elastic-fleet-package-registry/soc_elastic-fleet-package-registry.yaml b/salt/elastic-fleet-package-registry/soc_elastic-fleet-package-registry.yaml index 70886c447..3d8a2112b 100644 --- a/salt/elastic-fleet-package-registry/soc_elastic-fleet-package-registry.yaml +++ b/salt/elastic-fleet-package-registry/soc_elastic-fleet-package-registry.yaml @@ -1,4 +1,4 @@ elastic_fleet_package_registry: enabled: - description: You can enable or disable Elastic Fleet Package Registry. + description: Enables or disables the Fleet package registry process. This process must remain enabled to allow Elastic Agent packages to be updated. advanced: True diff --git a/salt/elasticfleet/soc_elasticfleet.yaml b/salt/elasticfleet/soc_elasticfleet.yaml index 7ed97e6ec..26efce941 100644 --- a/salt/elasticfleet/soc_elasticfleet.yaml +++ b/salt/elasticfleet/soc_elasticfleet.yaml @@ -1,6 +1,6 @@ elasticfleet: enabled: - description: You can enable or disable Elastic Fleet. + description: Enables or disables the Elastic Fleet process. This process is critical for managing Elastic Agents. advanced: True helpLink: elastic-fleet.html enable_manager_output: diff --git a/salt/elasticsearch/soc_elasticsearch.yaml b/salt/elasticsearch/soc_elasticsearch.yaml index b489bfe78..8c28d256a 100644 --- a/salt/elasticsearch/soc_elasticsearch.yaml +++ b/salt/elasticsearch/soc_elasticsearch.yaml @@ -1,6 +1,7 @@ elasticsearch: enabled: - description: You can enable or disable Elasticsearch. + description: Enables or disables the Elasticsearch process. This process provides the log event storage system. WARNING: Disabling this process is unsupported. + advanced: True helpLink: elasticsearch.html version: description: "This specifies the version of the following containers: so-elastic-fleet-package-registry, so-elastic-agent, so-elastic-fleet, so-kibana, so-logstash and so-elasticsearch. Modifying this value in the Elasticsearch defaults.yaml will result in catastrophic grid failure." diff --git a/salt/idh/soc_idh.yaml b/salt/idh/soc_idh.yaml index d3baaaab5..0d8ccb393 100644 --- a/salt/idh/soc_idh.yaml +++ b/salt/idh/soc_idh.yaml @@ -1,6 +1,6 @@ idh: enabled: - description: You can enable or disable IDH. + description: Enables or disables the Intrusion Detection Honeypot (IDH) process. helpLink: idh.html opencanary: config: diff --git a/salt/idstools/soc_idstools.yaml b/salt/idstools/soc_idstools.yaml index 993abfd51..4f7a53e91 100644 --- a/salt/idstools/soc_idstools.yaml +++ b/salt/idstools/soc_idstools.yaml @@ -1,6 +1,6 @@ idstools: enabled: - description: You can enable or disable IDSTools. + description: Enables or disables the IDStools process which is used by the Detection system. config: oinkcode: description: Enter your registration code or oinkcode for paid NIDS rulesets. diff --git a/salt/influxdb/soc_influxdb.yaml b/salt/influxdb/soc_influxdb.yaml index 42566a0a8..6234d17ac 100644 --- a/salt/influxdb/soc_influxdb.yaml +++ b/salt/influxdb/soc_influxdb.yaml @@ -1,6 +1,6 @@ influxdb: enabled: - description: You can enable or disable InfluxDB. + description: Enables the grid metrics collection storage system. Security Onion grid health monitoring requires this process to remain enabled. WARNING: Disabling the process is unsupported, and will cause unexpected results. helpLink: influxdb.html config: assets-path: diff --git a/salt/kibana/soc_kibana.yaml b/salt/kibana/soc_kibana.yaml index c95512b58..8ac0e8e47 100644 --- a/salt/kibana/soc_kibana.yaml +++ b/salt/kibana/soc_kibana.yaml @@ -1,6 +1,6 @@ kibana: enabled: - description: You can enable or disable Kibana. + description: Enables or disables the Kibana front-end interface to Elasticsearch. Due to Kibana being used for loading certain configuration details in Elasticsearch, this process should remain enabled. WARNING: Disabling the process is unsupported, and will cause unexpected results. helpLink: kibana.html config: elasticsearch: diff --git a/salt/kratos/soc_kratos.yaml b/salt/kratos/soc_kratos.yaml index 6285bf1ad..6e354e574 100644 --- a/salt/kratos/soc_kratos.yaml +++ b/salt/kratos/soc_kratos.yaml @@ -1,6 +1,6 @@ kratos: enabled: - description: You can enable or disable Kratos. + description: Enables or disables the Kratos authentication system. WARNING: Disabling this process will cause the grid to malfunction. Re-enabling this setting will require manual effort via SSH. advanced: True helpLink: kratos.html diff --git a/salt/logstash/soc_logstash.yaml b/salt/logstash/soc_logstash.yaml index cc81d3103..b617abfdd 100644 --- a/salt/logstash/soc_logstash.yaml +++ b/salt/logstash/soc_logstash.yaml @@ -1,6 +1,6 @@ logstash: enabled: - description: You can enable or disable Logstash. + description: Enables or disables the Logstash log event forwarding process. On most grid installations, when this process is disabled log events are unable to be ingested into the SOC backend. helpLink: logstash.html assigned_pipelines: roles: diff --git a/salt/manager/soc_manager.yaml b/salt/manager/soc_manager.yaml index 076725691..cf78658de 100644 --- a/salt/manager/soc_manager.yaml +++ b/salt/manager/soc_manager.yaml @@ -1,7 +1,7 @@ manager: reposync: enabled: - description: This is the daily task of syncing the Security Onion OS packages. It is recommended that you leave this enabled. + description: This is the daily task of syncing the Security Onion OS packages. It is recommended that this setting remain enabled to ensure important updates are applied to the grid on an automated, scheduled basis. global: True helpLink: soup.html hour: diff --git a/salt/nginx/soc_nginx.yaml b/salt/nginx/soc_nginx.yaml index 56bbd888f..4dcf5b3b9 100644 --- a/salt/nginx/soc_nginx.yaml +++ b/salt/nginx/soc_nginx.yaml @@ -1,6 +1,6 @@ nginx: enabled: - description: You can enable or disable Nginx. + description: Enables or disables the Nginx web server and reverse proxy. WARNING: Disabling this process will prevent access to SOC and other important web interfaces and APIs. Re-enabling the process is a manual effort. Do not change this setting without instruction from Security Onion support. advanced: True helpLink: nginx.html external_suricata: diff --git a/salt/patch/soc_patch.yaml b/salt/patch/soc_patch.yaml index ba9b5a4b3..26cfc695e 100644 --- a/salt/patch/soc_patch.yaml +++ b/salt/patch/soc_patch.yaml @@ -1,7 +1,7 @@ patch: os: enabled: - description: Enable OS updates. + description: Enable OS updates. WARNING: Disabling this setting will prevent important operating system updates from being applied on a scheduled basis. helpLink: soup.html schedule_to_run: description: Currently running schedule for updates. diff --git a/salt/pcap/soc_pcap.yaml b/salt/pcap/soc_pcap.yaml index 65fb99d86..c9136512f 100644 --- a/salt/pcap/soc_pcap.yaml +++ b/salt/pcap/soc_pcap.yaml @@ -1,6 +1,6 @@ pcap: enabled: - description: You can enable or disable Stenographer on all sensors or a single sensor. + description: Enables or disables the Stenographer packet recording process. This process may already be disabled if Suricata is being used as the packet capture process. helpLink: stenographer.html config: maxdirectoryfiles: diff --git a/salt/redis/soc_redis.yaml b/salt/redis/soc_redis.yaml index 45c63ffd3..621cc0fbb 100644 --- a/salt/redis/soc_redis.yaml +++ b/salt/redis/soc_redis.yaml @@ -1,6 +1,6 @@ redis: enabled: - description: You can enable or disable Redis. + description: Enables the log event in-memory buffering process. This process might already be disabled on some installation types. Disabling this process on distributed-capable grids can result in loss of log events. helpLink: redis.html config: bind: diff --git a/salt/registry/soc_registry.yaml b/salt/registry/soc_registry.yaml index 7fc3a161f..b1d51c827 100644 --- a/salt/registry/soc_registry.yaml +++ b/salt/registry/soc_registry.yaml @@ -1,4 +1,4 @@ registry: enabled: - description: You can enable or disable the registry. + description: Enables or disables the Docker registry on the manager node. WARNING: If this process is disabled the grid will malfunction and a manual effort may be needed to re-enable the setting. advanced: True diff --git a/salt/sensoroni/soc_sensoroni.yaml b/salt/sensoroni/soc_sensoroni.yaml index 7b8495dc5..71a2c779b 100644 --- a/salt/sensoroni/soc_sensoroni.yaml +++ b/salt/sensoroni/soc_sensoroni.yaml @@ -1,6 +1,6 @@ sensoroni: enabled: - description: Enable or disable Sensoroni. + description: Enable or disable the per-node SOC agent process. This process is used for performing node-related jobs and reporting node metrics back to SOC. Disabling this process is unsupported and will result in an improperly functioning grid. advanced: True helpLink: grid.html config: diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml index 760001120..2f0464779 100644 --- a/salt/soc/soc_soc.yaml +++ b/salt/soc/soc_soc.yaml @@ -1,6 +1,6 @@ soc: enabled: - description: You can enable or disable SOC. + description: Enables or disables SOC. WARNING: Disabling this setting is unsupported and will cause the grid to malfunction. Re-enabling this setting is a manual effort via SSH. advanced: True telemetryEnabled: title: SOC Telemetry diff --git a/salt/stig/soc_stig.yaml b/salt/stig/soc_stig.yaml index 597aab809..81794c5de 100644 --- a/salt/stig/soc_stig.yaml +++ b/salt/stig/soc_stig.yaml @@ -1,6 +1,6 @@ stig: enabled: - description: You can enable or disable the application of STIGS using oscap. Note that the actions performed by OSCAP are not automatically reversible. Requires a valid Security Onion license key. + description: Enables or disables the application of STIGS using oscap. Note that the actions performed by OSCAP are not automatically reversible. Requires a valid Security Onion license key. forcedType: bool advanced: True run_interval: diff --git a/salt/strelka/soc_strelka.yaml b/salt/strelka/soc_strelka.yaml index 947215bd5..1dc4fa455 100644 --- a/salt/strelka/soc_strelka.yaml +++ b/salt/strelka/soc_strelka.yaml @@ -1,7 +1,7 @@ strelka: backend: enabled: - description: You can enable or disable Strelka backend. + description: Enables or disables the Strelka file analysis process. helpLink: strelka.html config: backend: diff --git a/salt/suricata/soc_suricata.yaml b/salt/suricata/soc_suricata.yaml index f865468e1..8b5ce7b11 100644 --- a/salt/suricata/soc_suricata.yaml +++ b/salt/suricata/soc_suricata.yaml @@ -1,6 +1,6 @@ suricata: enabled: - description: You can enable or disable Suricata. + description: Enables or disables the Suricata process. This process is used for triggering alerts and optionally for protocol metadata collection and full packet capture. helpLink: suricata.html thresholding: sids__yaml: diff --git a/salt/telegraf/soc_telegraf.yaml b/salt/telegraf/soc_telegraf.yaml index e6e7ea9a2..9a7090fe6 100644 --- a/salt/telegraf/soc_telegraf.yaml +++ b/salt/telegraf/soc_telegraf.yaml @@ -1,6 +1,7 @@ telegraf: enabled: - description: You can enable or disable Telegraf. + description: Enables the grid metrics collection process. WARNING: Security Onion grid health monitoring requires this process to remain enabled. Disabling it will cause unexpected and unsupported results. + advanced: True helpLink: influxdb.html config: interval: diff --git a/salt/zeek/soc_zeek.yaml b/salt/zeek/soc_zeek.yaml index 1594eed58..f5f718114 100644 --- a/salt/zeek/soc_zeek.yaml +++ b/salt/zeek/soc_zeek.yaml @@ -1,6 +1,6 @@ zeek: enabled: - description: You can enable or disable ZEEK on all sensors or a single sensor. + description: Controls whether the Zeek (network packet inspection) process runs. Disabling this process could result in loss of network protocol metadata. If Suricata was selected as the protocol metadata engine during setup then this will already be disabled. helpLink: zeek.html config: local: