CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

More AI Summaries Config/Annotations

Browse Source 
Added aiRepoBranch to all 3 detection engines.

Added showUnreviewedAiSummaries to client parameters.

Added annotations.
This commit is contained in:
Corey Ogburn
2024-08-08 10:46:41 -06:00
parent fc89604982
commit ccd7d86302
2 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/soc/defaults.yaml
View File

@@ -1313,6 +1313,7 @@ soc:
hostUrl: hostUrl:
elastalertengine: elastalertengine:
aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources
aiRepoBranch: generated-summaries
aiRepoPath: /opt/sensoroni/repos aiRepoPath: /opt/sensoroni/repos
showAiSummaries: true showAiSummaries: true
autoUpdateEnabled: true autoUpdateEnabled: true
@@ -1395,6 +1396,7 @@ soc:
- rbac/users_roles - rbac/users_roles
strelkaengine: strelkaengine:
aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources
aiRepoBranch: generated-summaries
aiRepoPath: /opt/sensoroni/repos aiRepoPath: /opt/sensoroni/repos
showAiSummaries: true showAiSummaries: true
autoEnabledYaraRules: autoEnabledYaraRules:
@@ -1419,6 +1421,7 @@ soc:
integrityCheckFrequencySeconds: 1200 integrityCheckFrequencySeconds: 1200
suricataengine: suricataengine:
aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources
aiRepoBranch: generated-summaries
aiRepoPath: /opt/sensoroni/repos aiRepoPath: /opt/sensoroni/repos
showAiSummaries: true showAiSummaries: true
autoUpdateEnabled: true autoUpdateEnabled: true
@@ -2261,6 +2264,7 @@ soc:
query: "_exists_:so_detection.overrides | groupby so_detection.language | groupby so_detection.ruleset so_detection.isEnabled" query: "_exists_:so_detection.overrides | groupby so_detection.language | groupby so_detection.ruleset so_detection.isEnabled"
description: Show Detections that have Overrides description: Show Detections that have Overrides
detection: detection:
showUnreviewedAiSummaries: false
presets: presets:
severity: severity:
customEnabled: false customEnabled: false

15
salt/soc/soc_soc.yaml
View File

@@ -91,6 +91,10 @@ soc:
description: URL to the AI repository. This is used to pull in AI models for use in ElastAlert rules. description: URL to the AI repository. This is used to pull in AI models for use in ElastAlert rules.
global: True global: True
advanced: True advanced: True
aiRepoBranch:
description: The branch to pull from the AI repository. Leaving this blank will pull the default branch.
global: True
advanced: True
aiRepoPath: aiRepoPath:
description: Path to the AI repository. This is used to pull in AI models for use in ElastAlert rules. description: Path to the AI repository. This is used to pull in AI models for use in ElastAlert rules.
global: True global: True
@@ -208,6 +212,10 @@ soc:
description: URL to the AI repository. This is used to pull in AI models for use in ElastAlert rules. description: URL to the AI repository. This is used to pull in AI models for use in ElastAlert rules.
global: True global: True
advanced: True advanced: True
aiRepoBranch:
description: The branch to pull from the AI repository. Leaving this blank will pull the default branch.
global: True
advanced: True
aiRepoPath: aiRepoPath:
description: Path to the AI repository. This is used to pull in AI models for use in ElastAlert rules. description: Path to the AI repository. This is used to pull in AI models for use in ElastAlert rules.
global: True global: True
@@ -242,6 +250,10 @@ soc:
description: URL to the AI repository. This is used to pull in AI models for use in Suricata rules. description: URL to the AI repository. This is used to pull in AI models for use in Suricata rules.
global: True global: True
advanced: True advanced: True
aiRepoBranch:
description: The branch to pull from the AI repository. Leaving this blank will pull the default branch.
global: True
advanced: True
aiRepoPath: aiRepoPath:
description: Path to the AI repository. This is used to pull in AI models for use in Suricata rules. description: Path to the AI repository. This is used to pull in AI models for use in Suricata rules.
global: True global: True
@@ -345,6 +357,9 @@ soc:
dashboards: *appSettings dashboards: *appSettings
detections: *appSettings detections: *appSettings
detection: detection:
showUnreviewedAiSummaries:
description: Show AI summaries in detections even if they have not yet been reviewed by a human.
global: True
templateDetections: templateDetections:
suricata: suricata:
description: The template used when creating a new Suricata detection. [publicId] will be replaced with an unused Public Id. description: The template used when creating a new Suricata detection. [publicId] will be replaced with an unused Public Id.