CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor

Browse Source
This commit is contained in:
DefensiveDepth
2025-09-17 10:42:43 -04:00
parent a77157391c 562b7e54cb
commit ded520c2c1
253 changed files with 183225 additions and 162248 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/soc/defaults.map.jinja
+1
View File
@@ -35,5 +35,6 @@
{% do SOCDEFAULTS.soc.config.server.modules.statickeyauth.update({'anonymousCidr': DOCKER.range, 'apiKey': pillar.sensoroni.config.sensoronikey}) %}
{% do SOCDEFAULTS.soc.config.server.client.case.update({'analyzerNodeId': GLOBALS.hostname}) %}
{% do SOCDEFAULTS.soc.config.server.client.update({'exportNodeId': GLOBALS.hostname}) %}
{% set SOCDEFAULTS = SOCDEFAULTS.soc %}
salt/soc/defaults.yaml
+14 -1
View File
@@ -1358,6 +1358,8 @@ soc:
htmlDir: html
importUploadDir: /nsm/soc/uploads
forceUserOtp: false
customReportsPath: /opt/sensoroni/templates/reports/custom
enableReverseLookup: false
modules:
cases: soc
filedatastore:
@@ -1489,6 +1491,8 @@ soc:
- repo: file:///nsm/airgap-resources/playbooks/securityonion-resources-playbooks
branch: main
folder: securityonion-normalized
assistant:
apiUrl: https://onionai.securityonion.net
salt:
queueDir: /opt/sensoroni/queue
timeoutMs: 45000
@@ -1625,7 +1629,6 @@ soc:
outputPath: /opt/sensoroni/navigator
lookbackDays: 3
client:
enableReverseLookup: false
docsUrl: /docs/
cheatsheetUrl: /docs/cheatsheet.pdf
releaseNotesUrl: /docs/release-notes.html
@@ -1636,6 +1639,7 @@ soc:
casesEnabled: true
detectionsEnabled: true
inactiveTools: ['toolUnused']
exportNodeId:
tools:
- name: toolKibana
description: toolKibanaHelp
@@ -2599,3 +2603,12 @@ soc:
- ' -priv'
condition: all of selection_*
level: 'high' # info | low | medium | high | critical
assistant:
enabled: false
investigationPrompt: Investigate Alert ID {socid}
contextLimitSmall: 200000
contextLimitLarge: 1000000
thresholdColorRatioLow: 0.5
thresholdColorRatioMed: 0.75
thresholdColorRatioMax: 1
lowBalanceColorAlert: 500000
salt/soc/enabled.sls
+1
View File
@@ -48,6 +48,7 @@ so-soc:
- /opt/so/conf/soc/custom_roles:/opt/sensoroni/rbac/custom_roles:ro
- /opt/so/conf/soc/soc_users_roles:/opt/sensoroni/rbac/users_roles:rw
- /opt/so/conf/soc/soc_clients_roles:/opt/sensoroni/rbac/clients_roles:rw
- /opt/so/conf/sensoroni/templates:/opt/sensoroni/templates:ro
- /opt/so/conf/soc/queue:/opt/sensoroni/queue:rw
- /opt/so/saltstack:/opt/so/saltstack:rw
- /opt/so/conf/soc/migrations:/opt/so/conf/soc/migrations:rw
salt/soc/soc_soc.yaml
+50 -3
View File
@@ -138,6 +138,11 @@ soc:
title: Require TOTP
description: Require all users to enable Time-based One Time Passwords (MFA) upon login to SOC.
global: True
customReportsPath:
title: Custom Reports Path
description: Path to custom markdown templates for PDF report generation. All markdown files in this directory will be available as custom reports in the SOC Reports interface.
global: True
advanced: True
subgrids:
title: Subordinate Grids
description: |
@@ -175,6 +180,10 @@ soc:
label: Subgrid Enabled
forcedType: bool
default: false
enableReverseLookup:
description: "Set to true to enable reverse DNS lookups for IP addresses in the SOC UI. To add your own local lookups, create a CSV file at /nsm/custom-mappings/ip-descriptions.csv on your Manager and populate the file with IP addresses and descriptions as follows: IP, Description. Elasticsearch will then ingest the CSV during the next high state."
global: True
helpLink: soc-customization.html#reverse-dns
modules:
elastalertengine:
aiRepoUrl:
@@ -607,6 +616,8 @@ soc:
forcedType: "[]{}"
syntax: json
uiElements:
- field: rulesetName
label: Playbook Source Name
- field: repo
label: Repo URL
required: True
@@ -615,10 +626,42 @@ soc:
- field: folder
label: Folder
airgap: *pbRepos
assistant:
apiUrl:
description: The URL of the AI gateway.
advanced: True
global: True
client:
enableReverseLookup:
description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI.
global: True
assistant:
enabled:
description: Set to true to enable the Onion AI assistant in SOC.
global: True
investigationPrompt:
description: Prompt given to Onion AI when beginning an investigation.
global: True
contextLimitSmall:
description: Smaller context limit for Onion AI.
global: True
advanced: True
contextLimitLarge:
description: Larger context limit for Onion AI.
global: True
advanced: True
thresholdColorRatioLow:
description: Lower visual context color change threshold.
global: True
advanced: True
thresholdColorRatioMed:
description: Middle visual context color change threshold.
global: True
advanced: True
thresholdColorRatioMax:
description: Max visual context color change threshold.
global: True
advanced: True
lowBalanceColorAlert:
description: Onion AI credit amount at which balance turns red.
advanced: True
apiTimeoutMs:
description: Duration (in milliseconds) to wait for a response from the SOC server API before giving up and showing an error on the SOC UI.
global: True
@@ -652,6 +695,10 @@ soc:
global: True
advanced: True
forcedType: "[]{}"
exportNodeId:
description: The node ID on which export jobs will be executed.
global: True
advanced: True
hunt: &appSettings
groupItemsPerPage:
description: Default number of aggregations to show per page. Larger values consume more vertical area in the SOC UI.