More AI Summaries Config/Annotations

Added aiRepoBranch to all 3 detection engines. Added showUnreviewedAiSummaries to client parameters. Added annotations.
2025-12-07 01:32:47 +01:00 · 2024-08-08 10:46:41 -06:00
parent fc89604982
commit ccd7d86302
2 changed files with 19 additions and 0 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1313,6 +1313,7 @@ soc:
          hostUrl:
        elastalertengine:
          aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources
+          aiRepoBranch: generated-summaries
          aiRepoPath: /opt/sensoroni/repos
          showAiSummaries: true
          autoUpdateEnabled: true
@@ -1395,6 +1396,7 @@ soc:
            - rbac/users_roles
        strelkaengine:
          aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources
+          aiRepoBranch: generated-summaries
          aiRepoPath: /opt/sensoroni/repos
          showAiSummaries: true
          autoEnabledYaraRules:
@@ -1419,6 +1421,7 @@ soc:
          integrityCheckFrequencySeconds: 1200
        suricataengine:
          aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources
+          aiRepoBranch: generated-summaries
          aiRepoPath: /opt/sensoroni/repos
          showAiSummaries: true
          autoUpdateEnabled: true
@@ -2261,6 +2264,7 @@ soc:
              query: "_exists_:so_detection.overrides | groupby so_detection.language | groupby so_detection.ruleset so_detection.isEnabled"
              description: Show Detections that have Overrides
        detection:
+          showUnreviewedAiSummaries: false
          presets:
            severity:
                customEnabled: false
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -91,6 +91,10 @@ soc:
            description: URL to the AI repository. This is used to pull in AI models for use in ElastAlert rules.
            global: True
            advanced: True
+          aiRepoBranch:
+            description: The branch to pull from the AI repository. Leaving this blank will pull the default branch.
+            global: True
+            advanced: True
          aiRepoPath:
            description: Path to the AI repository. This is used to pull in AI models for use in ElastAlert rules.
            global: True
@@ -208,6 +212,10 @@ soc:
            description: URL to the AI repository. This is used to pull in AI models for use in ElastAlert rules.
            global: True
            advanced: True
+          aiRepoBranch:
+            description: The branch to pull from the AI repository. Leaving this blank will pull the default branch.
+            global: True
+            advanced: True
          aiRepoPath:
            description: Path to the AI repository. This is used to pull in AI models for use in ElastAlert rules.
            global: True
@@ -242,6 +250,10 @@ soc:
            description: URL to the AI repository. This is used to pull in AI models for use in Suricata rules.
            global: True
            advanced: True
+          aiRepoBranch:
+            description: The branch to pull from the AI repository. Leaving this blank will pull the default branch.
+            global: True
+            advanced: True
          aiRepoPath:
            description: Path to the AI repository. This is used to pull in AI models for use in Suricata rules.
            global: True
@@ -345,6 +357,9 @@ soc:
        dashboards: *appSettings
        detections: *appSettings
        detection:
+          showUnreviewedAiSummaries:
+            description: Show AI summaries in detections even if they have not yet been reviewed by a human.
+            global: True
          templateDetections:
            suricata:
              description: The template used when creating a new Suricata detection. [publicId] will be replaced with an unused Public Id.