CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

consolidate eventFields from hunt and dashbaords into a single setting

Browse Source
This commit is contained in:
Jason Ertel
2022-12-15 14:22:23 -05:00
parent 6a73410be9
commit f84ceca03e
3 changed files with 949 additions and 1884 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1166
salt/soc/defaults.yaml
View File

File diff suppressed because it is too large Load Diff

4
salt/soc/merged.map.jinja
View File

@@ -50,3 +50,7 @@
{% do SOCMERGED.server.client.update({'job': {'actions': standard_actions}}) %} {% do SOCMERGED.server.client.update({'job': {'actions': standard_actions}}) %}
{% do SOCMERGED.server.client.alerts.update({'actions': standard_actions}) %} {% do SOCMERGED.server.client.alerts.update({'actions': standard_actions}) %}
{% do SOCMERGED.server.client.cases.update({'actions': standard_actions}) %} {% do SOCMERGED.server.client.cases.update({'actions': standard_actions}) %}
{% set standard_eventFields = SOCMERGED.pop('eventFields') %}
{% do SOCMERGED.server.client.hunt.update({'eventFields': standard_eventFields}) %}
{% do SOCMERGED.server.client.dashboards.update({'eventFields': standard_eventFields}) %}

3
salt/soc/soc_soc.yaml
View File

@@ -43,6 +43,9 @@ soc:
actions: actions:
description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records. The action must be defined in JSON object format, and contain a "name" key and "links" key. The links is a list of URLs, where the most suitable URL in the list will be the selected URL when the user clicks the action. description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records. The action must be defined in JSON object format, and contain a "name" key and "links" key. The links is a list of URLs, where the most suitable URL in the list will be the selected URL when the user clicks the action.
global: True global: True
eventFields:
description: A map of event metadata groupings to field lists. The field list specifies all the columns to show when displaying individual events (not groups). The event metadata grouping uses the format ":event.module:event.dataset".
global: True
server: server:
maxPacketCount: maxPacketCount:
description: Maximum number of packets to show in the PCAP viewer. Larger values can cause more resource utilization on both the SOC server and the browser. description: Maximum number of packets to show in the PCAP viewer. Larger values can cause more resource utilization on both the SOC server and the browser.