diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index b9cd3148d..2fac7dbb6 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -1312,6 +1312,9 @@ soc: kratos: hostUrl: elastalertengine: + aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources + aiRepoPath: /opt/sensoroni/repos + showAiSummaries: true autoUpdateEnabled: true autoEnabledSigmaRules: default: @@ -1391,6 +1394,9 @@ soc: userFiles: - rbac/users_roles strelkaengine: + aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources + aiRepoPath: /opt/sensoroni/repos + showAiSummaries: true autoEnabledYaraRules: - securityonion-yara autoUpdateEnabled: true @@ -1412,6 +1418,9 @@ soc: stateFilePath: /opt/sensoroni/fingerprints/strelkaengine.state integrityCheckFrequencySeconds: 1200 suricataengine: + aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources + aiRepoPath: /opt/sensoroni/repos + showAiSummaries: true autoUpdateEnabled: true communityRulesImportFrequencySeconds: 86400 communityRulesImportErrorSeconds: 300 diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml index da0f5de99..9ab329438 100644 --- a/salt/soc/soc_soc.yaml +++ b/salt/soc/soc_soc.yaml @@ -87,6 +87,17 @@ soc: global: True modules: elastalertengine: + aiRepoUrl: + description: URL to the AI repository. This is used to pull in AI models for use in ElastAlert rules. + global: True + advanced: True + aiRepoPath: + description: Path to the AI repository. This is used to pull in AI models for use in ElastAlert rules. + global: True + advanced: True + showAiSummaries: + description: Show AI summaries for ElastAlert rules. + global: True additionalAlerters: title: Additional Alerters description: Specify additional alerters to enable for all Sigma rules, one alerter name per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. Note that the configuration parameters for these alerters must be provided in the ElastAlert configuration section. Filter for 'Alerter' to find this related setting. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key. @@ -193,6 +204,17 @@ soc: advanced: True forcedType: int strelkaengine: + aiRepoUrl: + description: URL to the AI repository. This is used to pull in AI models for use in ElastAlert rules. + global: True + advanced: True + aiRepoPath: + description: Path to the AI repository. This is used to pull in AI models for use in ElastAlert rules. + global: True + advanced: True + showAiSummaries: + description: Show AI summaries for ElastAlert rules. + global: True autoEnabledYaraRules: description: 'YARA rules to automatically enable on initial import. Format is $Ruleset - for example, for the default shipped ruleset: securityonion-yara' global: True @@ -216,6 +238,17 @@ soc: helpLink: yara.html airgap: *serulesRepos suricataengine: + aiRepoUrl: + description: URL to the AI repository. This is used to pull in AI models for use in Suricata rules. + global: True + advanced: True + aiRepoPath: + description: Path to the AI repository. This is used to pull in AI models for use in Suricata rules. + global: True + advanced: True + showAiSummaries: + description: Show AI summaries for Suricata rules. + global: True communityRulesImportFrequencySeconds: description: 'How often to check for new Suricata rules (in seconds).' global: True