CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-03-31 01:43:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15690 from Security-Onion-Solutions/delta

Browse Source 
ensure bool sliders soc
This commit is contained in:
Josh Patterson
2026-03-27 15:19:30 -04:00
committed by GitHub
parent ea30749512 922c008b11
commit cfa530ba9c
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
salt/soc/soc_soc.yaml
View File

@@ -8,6 +8,7 @@ soc:
description: When this setting is enabled and the grid is not in airgap mode, SOC will provide feature usage data to the Security Onion development team via Google Analytics. This data helps Security Onion developers determine which product features are being used and can also provide insight into improving the user interface. When changing this setting, wait for the grid to fully synchronize and then perform a hard browser refresh on SOC, to force the browser cache to update and reflect the new setting.
global: True
helpLink: telemetry
forcedType: bool
files:
soc:
banner__md:
@@ -139,6 +140,7 @@ soc:
title: Require TOTP
description: Require all users to enable Time-based One Time Passwords (MFA) upon login to SOC.
global: True
forcedType: bool
customReportsPath:
title: Custom Reports Path
description: Path to custom markdown templates for PDF report generation. All markdown files in this directory will be available as custom reports in the SOC Reports interface.
@@ -185,6 +187,7 @@ soc:
description: "Set to true to enable reverse DNS lookups for IP addresses in the SOC UI. To add your own local lookups, create a CSV file at /nsm/custom-mappings/ip-descriptions.csv on your Manager and populate the file with IP addresses and descriptions as follows: IP, Description. Elasticsearch will then ingest the CSV during the next high state."
global: True
helpLink: security-onion-console-customization#reverse-dns
forcedType: bool
modules:
elastalertengine:
aiRepoUrl:
@@ -202,6 +205,7 @@ soc:
showAiSummaries:
description: Show AI summaries for ElastAlert rules.
global: True
forcedType: bool
additionalAlerters:
title: "Notifications: Sev 0/Default Alerters"
description: "Specify default alerters to enable for outbound notifications. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -338,6 +342,7 @@ soc:
description: 'Automatically update Sigma rules on a regular basis. This will update the rules based on the configured frequency.'
global: True
advanced: True
forcedType: bool
communityRulesImportFrequencySeconds:
description: 'How often to check for new Sigma rules (in seconds). This applies to both Community Rule Packages and any configured Git repos.'
global: True
@@ -395,6 +400,7 @@ soc:
description: Set to true if the SOC case management module, natively integrated with Elasticsearch, should be enabled.
global: True
advanced: True
forcedType: bool
extractCommonObservables:
description: List of indexed fields to automatically extract into a case observable, when attaching related events to a case.
global: True
@@ -421,6 +427,7 @@ soc:
lookupTunnelParent:
description: When true, if a pivoted event appears to be encapsulated, such as in a VXLAN packet, then SOC will pivot to the VXLAN packet stream. When false, SOC will attempt to pivot to the encapsulated packet stream itself, but at the risk that it may be unable to locate it in the stored PCAP data.
global: True
forcedType: bool
maxScrollSize:
description: The maximum number of documents to request in a single Elasticsearch scroll request.
bulkIndexWorkerCount:
@@ -477,10 +484,12 @@ soc:
showAiSummaries:
description: Show AI summaries for Strelka rules.
global: True
forcedType: bool
autoUpdateEnabled:
description: 'Automatically update YARA rules on a regular basis. This will update the rules based on the configured frequency.'
global: True
advanced: True
forcedType: bool
autoEnabledYaraRules:
description: 'YARA rules to automatically enable on initial import. Format is $Ruleset - for example, for the default shipped ruleset: securityonion-yara'
global: True
@@ -536,10 +545,12 @@ soc:
showAiSummaries:
description: Show AI summaries for Suricata rules.
global: True
forcedType: bool
autoUpdateEnabled:
description: 'Automatically update Suricata rules on a regular basis. This will update the rules based on the configured frequency.'
global: True
advanced: True
forcedType: bool
communityRulesImportFrequencySeconds:
description: 'How often to check for new Suricata rules (in seconds).'
global: True
@@ -709,6 +720,7 @@ soc:
enabled:
description: Set to true to enable the Onion AI assistant in SOC.
global: True
forcedType: bool
investigationPrompt:
description: Prompt given to Onion AI when beginning an investigation.
global: True
@@ -789,9 +801,11 @@ soc:
casesEnabled:
description: Set to true to enable case management in SOC.
global: True
forcedType: bool
detectionsEnabled:
description: Set to true to enable the Detections module in SOC.
global: True
forcedType: bool
inactiveTools:
description: List of external tools to remove from the SOC UI.
global: True
@@ -867,6 +881,7 @@ soc:
showUnreviewedAiSummaries:
description: Show AI summaries in detections even if they have not yet been reviewed by a human.
global: True
forcedType: bool
templateDetections:
suricata:
description: The template used when creating a new Suricata detection. [publicId] will be replaced with an unused Public Id.
@@ -904,6 +919,7 @@ soc:
customEnabled:
description: Set to true to allow users add their own artifact types directly in the SOC UI.
global: True
forcedType: bool
category:
labels:
description: List of available case categories.
@@ -911,6 +927,7 @@ soc:
customEnabled:
description: Set to true to allow users add their own categories directly in the SOC UI.
global: True
forcedType: bool
pap:
labels:
description: List of available PAP (Permissible Actions Protocol) values.
@@ -918,6 +935,7 @@ soc:
customEnabled:
description: Set to true to allow users add their own PAP values directly in the SOC UI.
global: True
forcedType: bool
severity:
labels:
description: List of available case severities.
@@ -925,6 +943,7 @@ soc:
customEnabled:
description: Set to true to allow users add their own severities directly in the SOC UI.
global: True
forcedType: bool
status:
labels:
description: List of available case statuses. Note that some default statuses have special characteristics and related functionality built into SOC.
@@ -932,6 +951,7 @@ soc:
customEnabled:
description: Set to true to allow users add their own case statuses directly in the SOC UI.
global: True
forcedType: bool
tags:
labels:
description: List of available tags.
@@ -939,6 +959,7 @@ soc:
customEnabled:
description: Set to true to allow users add their own tags directly in the SOC UI.
global: True
forcedType: bool
tlp:
labels:
description: List of available TLP (Traffic Light Protocol) values.
@@ -946,3 +967,4 @@ soc:
customEnabled:
description: Set to true to allow users add their own TLP values directly in the SOC UI.
global: True
forcedType: bool