From ccd7d863022e8e71b3cc2d05739de4eefea55b86 Mon Sep 17 00:00:00 2001 From: Corey Ogburn Date: Thu, 8 Aug 2024 10:46:41 -0600 Subject: [PATCH] More AI Summaries Config/Annotations Added aiRepoBranch to all 3 detection engines. Added showUnreviewedAiSummaries to client parameters. Added annotations. --- salt/soc/defaults.yaml | 4 ++++ salt/soc/soc_soc.yaml | 15 +++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index 2fac7dbb6..67add3456 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -1313,6 +1313,7 @@ soc: hostUrl: elastalertengine: aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources + aiRepoBranch: generated-summaries aiRepoPath: /opt/sensoroni/repos showAiSummaries: true autoUpdateEnabled: true @@ -1395,6 +1396,7 @@ soc: - rbac/users_roles strelkaengine: aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources + aiRepoBranch: generated-summaries aiRepoPath: /opt/sensoroni/repos showAiSummaries: true autoEnabledYaraRules: @@ -1419,6 +1421,7 @@ soc: integrityCheckFrequencySeconds: 1200 suricataengine: aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources + aiRepoBranch: generated-summaries aiRepoPath: /opt/sensoroni/repos showAiSummaries: true autoUpdateEnabled: true @@ -2261,6 +2264,7 @@ soc: query: "_exists_:so_detection.overrides | groupby so_detection.language | groupby so_detection.ruleset so_detection.isEnabled" description: Show Detections that have Overrides detection: + showUnreviewedAiSummaries: false presets: severity: customEnabled: false diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml index 9ab329438..719ac7b7c 100644 --- a/salt/soc/soc_soc.yaml +++ b/salt/soc/soc_soc.yaml @@ -91,6 +91,10 @@ soc: description: URL to the AI repository. This is used to pull in AI models for use in ElastAlert rules. global: True advanced: True + aiRepoBranch: + description: The branch to pull from the AI repository. Leaving this blank will pull the default branch. + global: True + advanced: True aiRepoPath: description: Path to the AI repository. This is used to pull in AI models for use in ElastAlert rules. global: True @@ -208,6 +212,10 @@ soc: description: URL to the AI repository. This is used to pull in AI models for use in ElastAlert rules. global: True advanced: True + aiRepoBranch: + description: The branch to pull from the AI repository. Leaving this blank will pull the default branch. + global: True + advanced: True aiRepoPath: description: Path to the AI repository. This is used to pull in AI models for use in ElastAlert rules. global: True @@ -242,6 +250,10 @@ soc: description: URL to the AI repository. This is used to pull in AI models for use in Suricata rules. global: True advanced: True + aiRepoBranch: + description: The branch to pull from the AI repository. Leaving this blank will pull the default branch. + global: True + advanced: True aiRepoPath: description: Path to the AI repository. This is used to pull in AI models for use in Suricata rules. global: True @@ -345,6 +357,9 @@ soc: dashboards: *appSettings detections: *appSettings detection: + showUnreviewedAiSummaries: + description: Show AI summaries in detections even if they have not yet been reviewed by a human. + global: True templateDetections: suricata: description: The template used when creating a new Suricata detection. [publicId] will be replaced with an unused Public Id.