CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

roll back SOC changes

Browse Source
This commit is contained in:
Mike Reeves
2025-02-27 11:28:06 -05:00
parent 1d3bae4a7a
commit e930d1dec6
1 changed files with 3 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
salt/soc/soc_soc.yaml
View File

@@ -60,29 +60,16 @@ soc:
- warn - warn
- error - error
actions: actions:
description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records. JavaScript Function or Links must be specified. description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records. The action must be defined in JSON object format, and contain a "name" key and "links" key. The links is a list of URLs, where the most suitable URL in the list will be the selected URL when the user clicks the action.
global: True global: True
syntax: json
forcedType: "[]{}" forcedType: "[]{}"
uiElements: uiElements:
- field: name
label: Name
required: True
- field: description - field: description
label: Description label: Description
- field: icon - field: icon
label: Icon label: Icon
- field: links - field: links
label: Links label: Links
multiline: True
- field: jsCall
label: JavaScript Function
- field: target
label: Target (_blank, _self, mynewtab)
- field: categories
label: Categories
multiline: True
forcedType: "[]string"
eventFields: eventFields:
default: &eventFields default: &eventFields
description: Event fields mappings are defined by the format ":event.module:event.dataset". For example, to customize which fields show for 'syslog' events originating from 'zeek', find the eventField item in the left panel that looks like ':zeek:syslog'. The 'default' entry is used for all events that do not match an existing mapping defined in the list to the left. description: Event fields mappings are defined by the format ":event.module:event.dataset". For example, to customize which fields show for 'syslog' events originating from 'zeek', find the eventField item in the left panel that looks like ':zeek:syslog'. The 'default' entry is used for all events that do not match an existing mapping defined in the list to the left.
@@ -277,14 +264,6 @@ soc:
global: True global: True
advanced: True advanced: True
forcedType: "[]{}" forcedType: "[]{}"
syntax: json
uiElements:
- field: community
label: Community
- field: license
label: License
- field: repo
label: Repo
helpLink: sigma.html helpLink: sigma.html
airgap: *eerulesRepos airgap: *eerulesRepos
sigmaRulePackages: sigmaRulePackages:
@@ -401,15 +380,6 @@ soc:
advanced: True advanced: True
forcedType: "[]{}" forcedType: "[]{}"
helpLink: yara.html helpLink: yara.html
syntax: json
uiElements:
- field: community
label: Community
- field: license
label: License
- field: repo
label: Repo
helpLink: sigma.html
airgap: *serulesRepos airgap: *serulesRepos
suricataengine: suricataengine:
aiRepoUrl: aiRepoUrl:
@@ -502,18 +472,10 @@ soc:
description: List of external tools to remove from the SOC UI. description: List of external tools to remove from the SOC UI.
global: True global: True
tools: tools:
description: List of available external tools visible in the SOC UI. description: List of available external tools visible in the SOC UI. Each tool is defined in JSON object notation, and must include the "name" key and "link" key, where the link is the tool's URL.
global: True global: True
advanced: True advanced: True
forcedType: "[]{}" forcedType: "[]{}"
syntax: json
uiElements:
- field: description
label: Description
- field: icon
label: Icon
- field: link
label: Link
hunt: &appSettings hunt: &appSettings
groupItemsPerPage: groupItemsPerPage:
description: Default number of aggregations to show per page. Larger values consume more vertical area in the SOC UI. description: Default number of aggregations to show per page. Larger values consume more vertical area in the SOC UI.
@@ -537,28 +499,14 @@ soc:
description: Number of items to show in the most recently used queries list. Larger values cause default queries to be located further down the list. description: Number of items to show in the most recently used queries list. Larger values cause default queries to be located further down the list.
global: True global: True
queries: queries:
description: List of default queries to show in the query list. All entries must include the "name" key and "query" key. description: List of default queries to show in the query list. Each query is represented in JSON object notation, and must include the "name" key and "query" key.
global: True global: True
forcedType: "[]{}" forcedType: "[]{}"
syntax: json
uiElements:
- field: name
label: Name
- field: query
label: Query
queryToggleFilters: queryToggleFilters:
description: Customize togglable query filters that apply to all queries. Exclusive toggles will invert the filter if toggled off rather than omitting the filter from the query. description: Customize togglable query filters that apply to all queries. Exclusive toggles will invert the filter if toggled off rather than omitting the filter from the query.
global: True global: True
advanced: True advanced: True
forcedType: "[]{}" forcedType: "[]{}"
syntax: json
uiElements:
- field: enabled
label: Enabled
- field: filter
label: Filter
- field: name
label: Name
alerts: alerts:
<<: *appSettings <<: *appSettings
maxBulkEscalateEvents: maxBulkEscalateEvents: