From d950e4ebb3136abfb5af3785741dcbc71c1ee0f8 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 27 Feb 2025 11:11:56 -0500 Subject: [PATCH] Add additional entries for actions --- salt/soc/soc_soc.yaml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml index d061dd65e..73ed72f2a 100644 --- a/salt/soc/soc_soc.yaml +++ b/salt/soc/soc_soc.yaml @@ -60,7 +60,7 @@ soc: - warn - error actions: - description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records. + description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records. JavaScript Function or Links must be specified. global: True syntax: json forcedType: "[]{}" @@ -75,9 +75,13 @@ soc: - field: links label: Links multiline: True - required: True + - field: jsCall + label: JavaScript Function - field: target - label: Target (_blank, _self, mynewtab) + label: Target (_blank, _self, mynewtab) + - field: categories + label: Categories + multiline: True eventFields: default: &eventFields description: Event fields mappings are defined by the format ":event.module:event.dataset". For example, to customize which fields show for 'syslog' events originating from 'zeek', find the eventField item in the left panel that looks like ':zeek:syslog'. The 'default' entry is used for all events that do not match an existing mapping defined in the list to the left.