CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14183 from Security-Onion-Solutions/cogburn/escalate-limit

Browse Source 
New Limit on Bulk Creating Related Events
This commit is contained in:
coreyogburn
2025-02-04 15:24:53 -07:00
committed by GitHub
parent 7a0309cdf4 23ebe966e0
commit fbb9bf14e9
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/soc/defaults.yaml
View File

@@ -2147,6 +2147,7 @@ soc:
eventFetchLimit: 500 eventFetchLimit: 500
relativeTimeValue: 24 relativeTimeValue: 24
relativeTimeUnit: 30 relativeTimeUnit: 30
maxBulkEscalateEvents: 100
mostRecentlyUsedLimit: 5 mostRecentlyUsedLimit: 5
ackEnabled: true ackEnabled: true
escalateEnabled: true escalateEnabled: true

6
salt/soc/soc_soc.yaml
View File

@@ -496,7 +496,11 @@ soc:
global: True global: True
advanced: True advanced: True
forcedType: "[]{}" forcedType: "[]{}"
alerts: *appSettings alerts:
<<: *appSettings
maxBulkEscalateEvents:
description: Maximum number of events to escalate in a single bulk escalation. Large values may run into other limits.
global: True
cases: *appSettings cases: *appSettings
dashboards: *appSettings dashboards: *appSettings
detections: detections: