diff --git a/salt/global/soc_global.yaml b/salt/global/soc_global.yaml index 33abbf690..c15f3eb98 100644 --- a/salt/global/soc_global.yaml +++ b/salt/global/soc_global.yaml @@ -11,18 +11,14 @@ global: regexFailureMessage: You must enter a valid IP address or CIDR. mdengine: description: Which engine to use for meta data generation. Options are ZEEK and SURICATA. - regex: ^(ZEEK|SURICATA)$ options: - ZEEK - SURICATA - regexFailureMessage: You must enter either ZEEK or SURICATA. global: True pcapengine: description: Which engine to use for generating pcap. Currently only SURICATA is supported. - regex: ^(SURICATA)$ options: - SURICATA - regexFailureMessage: You must enter either SURICATA. global: True ids: description: Which IDS engine to use. Currently only Suricata is supported. @@ -42,11 +38,9 @@ global: advanced: True pipeline: description: Sets which pipeline technology for events to use. The use of Kafka requires a Security Onion Pro license. - regex: ^(REDIS|KAFKA)$ options: - REDIS - KAFKA - regexFailureMessage: You must enter either REDIS or KAFKA. global: True advanced: True repo_host: diff --git a/salt/influxdb/soc_influxdb.yaml b/salt/influxdb/soc_influxdb.yaml index 3dbf0875b..2b6bffe49 100644 --- a/salt/influxdb/soc_influxdb.yaml +++ b/salt/influxdb/soc_influxdb.yaml @@ -85,7 +85,10 @@ influxdb: description: The log level to use for outputting log statements. Allowed values are debug, info, or error. global: True advanced: false - regex: ^(info|debug|error)$ + options: + - info + - debug + - error helpLink: influxdb metrics-disabled: description: If true, the HTTP endpoint that exposes internal InfluxDB metrics will be inaccessible. @@ -140,7 +143,9 @@ influxdb: description: Determines the type of storage used for secrets. Allowed values are bolt or vault. global: True advanced: True - regex: ^(bolt|vault)$ + options: + - bolt + - vault helpLink: influxdb session-length: description: Number of minutes that a user login session can remain authenticated. @@ -260,7 +265,9 @@ influxdb: description: The type of data store to use for HTTP resources. Allowed values are disk or memory. Memory should not be used for production Security Onion installations. global: True advanced: True - regex: ^(disk|memory)$ + options: + - disk + - memory helpLink: influxdb tls-cert: description: The container path to the certificate to use for TLS encryption of the HTTP requests and responses. diff --git a/salt/kafka/soc_kafka.yaml b/salt/kafka/soc_kafka.yaml index b8d0c7c32..85469b8a4 100644 --- a/salt/kafka/soc_kafka.yaml +++ b/salt/kafka/soc_kafka.yaml @@ -128,10 +128,13 @@ kafka: title: ssl.keystore.password sensitive: True helpLink: kafka - ssl_x_keystore_x_type: + ssl_x_keystore_x_type: description: The key store file format. title: ssl.keystore.type - regex: ^(JKS|PKCS12|PEM)$ + options: + - JKS + - PKCS12 + - PEM helpLink: kafka ssl_x_truststore_x_location: description: The trust store file location within the Docker container. @@ -160,7 +163,11 @@ kafka: security_x_protocol: description: 'Broker communication protocol. Options are: SASL_SSL, PLAINTEXT, SSL, SASL_PLAINTEXT' title: security.protocol - regex: ^(SASL_SSL|PLAINTEXT|SSL|SASL_PLAINTEXT) + options: + - SASL_SSL + - PLAINTEXT + - SSL + - SASL_PLAINTEXT helpLink: kafka ssl_x_keystore_x_location: description: The key store file location within the Docker container. @@ -174,7 +181,10 @@ kafka: ssl_x_keystore_x_type: description: The key store file format. title: ssl.keystore.type - regex: ^(JKS|PKCS12|PEM)$ + options: + - JKS + - PKCS12 + - PEM helpLink: kafka ssl_x_truststore_x_location: description: The trust store file location within the Docker container. diff --git a/salt/kratos/soc_kratos.yaml b/salt/kratos/soc_kratos.yaml index 1cd2728c8..07359bcab 100644 --- a/salt/kratos/soc_kratos.yaml +++ b/salt/kratos/soc_kratos.yaml @@ -21,8 +21,12 @@ kratos: description: "Specify the provider type. Required. Valid values are: auth0, generic, github, google, microsoft" global: True forcedType: string - regex: "auth0|generic|github|google|microsoft" - regexFailureMessage: "Valid values are: auth0, generic, github, google, microsoft" + options: + - auth0 + - generic + - github + - google + - microsoft helpLink: oidc client_id: description: Specify the client ID, also referenced as the application ID. Required. @@ -43,8 +47,9 @@ kratos: description: The source of the subject identifier. Typically 'userinfo'. Only used when provider is 'microsoft'. global: True forcedType: string - regex: me|userinfo - regexFailureMessage: "Valid values are: me, userinfo" + options: + - me + - userinfo helpLink: oidc auth_url: description: Provider's auth URL. Required when provider is 'generic'. diff --git a/salt/suricata/soc_suricata.yaml b/salt/suricata/soc_suricata.yaml index c85b876a9..ce6b7d008 100644 --- a/salt/suricata/soc_suricata.yaml +++ b/salt/suricata/soc_suricata.yaml @@ -64,8 +64,10 @@ suricata: helpLink: suricata conditional: description: Set to "all" to record PCAP for all flows. Set to "alerts" to only record PCAP for Suricata alerts. Set to "tag" to only record PCAP for tagged rules. - regex: ^(all|alerts|tag)$ - regexFailureMessage: You must enter either all, alert or tag. + options: + - all + - alerts + - tag helpLink: suricata dir: description: Parent directory to store PCAP. @@ -83,7 +85,9 @@ suricata: advanced: True cluster-type: advanced: True - regex: ^(cluster_flow|cluster_qm)$ + options: + - cluster_flow + - cluster_qm defrag: description: Enable defragmentation of IP packets before processing. forcedType: bool