Add additional entries for actions

2025-12-06 09:12:45 +01:00 · 2025-02-27 11:11:56 -05:00
parent 3ba82bd5a4
commit d950e4ebb3
1 changed files with 7 additions and 3 deletions
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -60,7 +60,7 @@ soc:
      - warn
      - error
    actions:
-      description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records. 
+      description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records. JavaScript Function or Links must be specified. 
      global: True
      syntax: json
      forcedType: "[]{}"
@@ -75,9 +75,13 @@ soc:
      - field: links
        label: Links
        multiline: True
-        required: True
+      - field: jsCall
+        label: JavaScript Function
      - field: target
-        label: Target (_blank, _self, mynewtab)        
+        label: Target (_blank, _self, mynewtab)
+      - field: categories
+        label: Categories
+        multiline: True        
    eventFields:
      default: &eventFields
        description: Event fields mappings are defined by the format ":event.module:event.dataset". For example, to customize which fields show for 'syslog' events originating from 'zeek', find the eventField item in the left panel that looks like ':zeek:syslog'. The 'default' entry is used for all events that do not match an existing mapping defined in the list to the left.