From cca4bec43fa0a8109cf293f0360191b5db825761 Mon Sep 17 00:00:00 2001 From: Corey Ogburn Date: Thu, 15 Jan 2026 12:42:24 -0700 Subject: [PATCH 1/6] Adapter Field --- salt/soc/defaults.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index 6f9fc0226..86c003ca6 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -2659,6 +2659,7 @@ soc: contextLimitLarge: 1000000 lowBalanceColorAlert: 500000 enabled: true + adapter: bedrock - id: qwen-235b displayName: QWEN 235B ($) origin: China @@ -2666,3 +2667,4 @@ soc: contextLimitLarge: 256000 lowBalanceColorAlert: 500000 enabled: true + adapter: bedrock From 42060a9112f77172b9e66c9534cc83131f381e6b Mon Sep 17 00:00:00 2001 From: Corey Ogburn Date: Thu, 29 Jan 2026 15:54:03 -0700 Subject: [PATCH 2/6] Organized, Annotated Settling on the final shape of the new config values. --- salt/soc/defaults.yaml | 10 ++++++++-- salt/soc/soc_soc.yaml | 27 ++++++++++++++++++++------- 2 files changed, 28 insertions(+), 9 deletions(-) diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index 86c003ca6..2fb21f89e 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -1494,10 +1494,16 @@ soc: branch: main folder: securityonion-normalized assistant: - apiUrl: https://onionai.securityonion.net - healthTimeoutSeconds: 3 systemPromptAddendum: "" systemPromptAddendumMaxLength: 50000 + adapters: + securityonion_ai_cloud: + apiUrl: https://onionai.securityonion.net + healthTimeoutSeconds: 5 + gemini: + apiKey: "" + serviceAccountJSON: "" + serviceAccountLocation: "" salt: queueDir: /opt/sensoroni/queue timeoutMs: 45000 diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml index a9b09b813..8fbcf05f8 100644 --- a/salt/soc/soc_soc.yaml +++ b/salt/soc/soc_soc.yaml @@ -650,13 +650,6 @@ soc: label: Folder airgap: *pbRepos assistant: - apiUrl: - description: The URL of the AI gateway. - global: True - healthTimeoutSeconds: - description: Timeout in seconds for the Onion AI health check. - global: True - advanced: True systemPromptAddendum: description: Additional context to provide to the AI assistant about this SOC deployment. This can include information about your environment, policies, or any other relevant details that can help the AI provide more accurate and tailored assistance. Long prompts may be shortened. global: True @@ -666,6 +659,26 @@ soc: description: Maximum length of the system prompt addendum. Longer prompts will be truncated. global: True advanced: True + adapters: + securityonion_ai_cloud: + apiUrl: + description: The URL of the AI gateway. + global: True + healthTimeoutSeconds: + description: Timeout in seconds for the Onion AI health check. + global: True + advanced: True + gemini: + apiKey: + description: A Google API key generated in Google AI Studio or the Google Cloud Console. + global: True + serviceAccountJSON: + description: The JSON file contents holding the credentials for a Google Service Account. Uses Vertex AI. + global: True + multiline: True + serviceAccountLocation: + description: The location of your project in Google Cloud. Example: us-central1 + global: True client: assistant: enabled: From 6d5ac5a16bf619533e41e72b810799945b922f4d Mon Sep 17 00:00:00 2001 From: Corey Ogburn Date: Mon, 2 Feb 2026 13:14:13 -0700 Subject: [PATCH 3/6] Describe Priorities If apiKey, serviceAccountJSON, and serviceAccountLocation are all provided, the service account will override the apiKey. --- salt/soc/soc_soc.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml index 8fbcf05f8..025520ade 100644 --- a/salt/soc/soc_soc.yaml +++ b/salt/soc/soc_soc.yaml @@ -670,14 +670,14 @@ soc: advanced: True gemini: apiKey: - description: A Google API key generated in Google AI Studio or the Google Cloud Console. + description: A Google API key generated in Google AI Studio or the Google Cloud Console. Ignored if a service account and location are provided. global: True serviceAccountJSON: - description: The JSON file contents holding the credentials for a Google Service Account. Uses Vertex AI. + description: The JSON file contents holding the credentials for a Google Service Account. Uses Vertex AI. Overrides apiKey if a service account and location are provided. global: True multiline: True serviceAccountLocation: - description: The location of your project in Google Cloud. Example: us-central1 + description: The location of your project in Google Cloud. Overrides apiKey if a service account and location are provided. Example: us-central1 global: True client: assistant: From 6b98c5a10daa9498af3f7e205aaf20c60899c4d2 Mon Sep 17 00:00:00 2001 From: Corey Ogburn Date: Mon, 2 Feb 2026 13:54:44 -0700 Subject: [PATCH 4/6] Fix Adapter Names The bedrock adapter was renamed to securityonion_ai_cloud. The available models needed updating to match. --- salt/soc/defaults.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index 2fb21f89e..18627ec6b 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -2665,7 +2665,7 @@ soc: contextLimitLarge: 1000000 lowBalanceColorAlert: 500000 enabled: true - adapter: bedrock + adapter: securityonion_ai_cloud - id: qwen-235b displayName: QWEN 235B ($) origin: China @@ -2673,4 +2673,4 @@ soc: contextLimitLarge: 256000 lowBalanceColorAlert: 500000 enabled: true - adapter: bedrock + adapter: securityonion_ai_cloud From eea14b493c03d7c81ba43532e9f4df015fd53868 Mon Sep 17 00:00:00 2001 From: Corey Ogburn Date: Tue, 3 Feb 2026 12:24:10 -0700 Subject: [PATCH 5/6] Assistant Config Tweaks --- salt/soc/defaults.yaml | 11 +++++---- salt/soc/soc_soc.yaml | 52 +++++++++++++++++++++++++++--------------- 2 files changed, 40 insertions(+), 23 deletions(-) diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index 18627ec6b..0102dbd5e 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -1497,13 +1497,16 @@ soc: systemPromptAddendum: "" systemPromptAddendumMaxLength: 50000 adapters: - securityonion_ai_cloud: + - name: SOAI + protocol: securityonion_ai_cloud apiUrl: https://onionai.securityonion.net healthTimeoutSeconds: 5 - gemini: + - name: Gemini + protocol: gemini apiKey: "" serviceAccountJSON: "" serviceAccountLocation: "" + healthTimeoutSeconds: 5 salt: queueDir: /opt/sensoroni/queue timeoutMs: 45000 @@ -2665,7 +2668,7 @@ soc: contextLimitLarge: 1000000 lowBalanceColorAlert: 500000 enabled: true - adapter: securityonion_ai_cloud + adapter: SOAI - id: qwen-235b displayName: QWEN 235B ($) origin: China @@ -2673,4 +2676,4 @@ soc: contextLimitLarge: 256000 lowBalanceColorAlert: 500000 enabled: true - adapter: securityonion_ai_cloud + adapter: SOAI diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml index 025520ade..95a536f7d 100644 --- a/salt/soc/soc_soc.yaml +++ b/salt/soc/soc_soc.yaml @@ -660,25 +660,39 @@ soc: global: True advanced: True adapters: - securityonion_ai_cloud: - apiUrl: - description: The URL of the AI gateway. - global: True - healthTimeoutSeconds: - description: Timeout in seconds for the Onion AI health check. - global: True - advanced: True - gemini: - apiKey: - description: A Google API key generated in Google AI Studio or the Google Cloud Console. Ignored if a service account and location are provided. - global: True - serviceAccountJSON: - description: The JSON file contents holding the credentials for a Google Service Account. Uses Vertex AI. Overrides apiKey if a service account and location are provided. - global: True - multiline: True - serviceAccountLocation: - description: The location of your project in Google Cloud. Overrides apiKey if a service account and location are provided. Example: us-central1 - global: True + description: Configuration for AI adapters used by the Onion AI assistant. + global: True + advanced: True + forcedType: "[]{}" + syntax: json + uiElements: + - field: name + label: Adapter Name + regex: "^(?!.*@).+$" + regexFailureMessage: Adapter name cannot contain the '@' character + required: True + - field: protocol + label: Protocol + required: True + options: + - securityonion_ai_cloud + - gemini + - field: apiUrl + label: API URL + required: False + - field: apiKey + label: API Key + required: False + - field: serviceAccountJSON + label: Service Account JSON + required: False + multiline: True + - field: serviceAccountLocation + label: Service Account Location + required: False + - field: healthTimeoutSeconds + label: Health Timeout Seconds + required: False client: assistant: enabled: From 6ff4901067ceb60702132343719609fe79e3cdc1 Mon Sep 17 00:00:00 2001 From: Corey Ogburn Date: Tue, 3 Feb 2026 13:54:21 -0700 Subject: [PATCH 6/6] Regex on Model Name This matches the regex we apply to the adapter name as we join these 2 using an @ to get things done. --- salt/soc/soc_soc.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml index 95a536f7d..2086492ad 100644 --- a/salt/soc/soc_soc.yaml +++ b/salt/soc/soc_soc.yaml @@ -731,6 +731,8 @@ soc: - field: id label: Model ID required: True + regex: "^(?!.*@).+$" + regexFailureMessage: Model ID cannot contain the '@' character - field: displayName label: Display Name required: True