Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor

salt/soc/defaults.yaml

@@ -1358,6 +1358,8 @@ soc:
       htmlDir: html
       importUploadDir: /nsm/soc/uploads
       forceUserOtp: false
+      customReportsPath: /opt/sensoroni/templates/reports/custom
+      enableReverseLookup: false
       modules:
         cases: soc
         filedatastore:
@@ -1489,6 +1491,8 @@ soc:
               - repo: file:///nsm/airgap-resources/playbooks/securityonion-resources-playbooks
                 branch: main
                 folder: securityonion-normalized
+        assistant:
+          apiUrl: https://onionai.securityonion.net
         salt:
           queueDir: /opt/sensoroni/queue
           timeoutMs: 45000
@@ -1625,7 +1629,6 @@ soc:
           outputPath: /opt/sensoroni/navigator
           lookbackDays: 3
       client:
-        enableReverseLookup: false
         docsUrl: /docs/
         cheatsheetUrl: /docs/cheatsheet.pdf
         releaseNotesUrl: /docs/release-notes.html
@@ -1636,6 +1639,7 @@ soc:
         casesEnabled: true
         detectionsEnabled: true
         inactiveTools: ['toolUnused']
+        exportNodeId:
         tools:
           - name: toolKibana
             description: toolKibanaHelp
@@ -2599,3 +2603,12 @@ soc:
                           - ' -priv'
                   condition: all of selection_*
               level: 'high'  # info | low | medium | high | critical
+        assistant:
+          enabled: false
+          investigationPrompt: Investigate Alert ID {socid}
+          contextLimitSmall: 200000
+          contextLimitLarge: 1000000
+          thresholdColorRatioLow: 0.5
+          thresholdColorRatioMed: 0.75
+          thresholdColorRatioMax: 1
+          lowBalanceColorAlert: 500000