manager:
  reposync:
    enabled:
      description: This is the daily task of syncing the Security Onion OS packages. It is recommended that this setting remain enabled to ensure important updates are applied to the grid on an automated, scheduled basis.
      forcedType: bool
      global: True
      helpLink: soup
    hour:
      description: The hour of the day in which the repo sync takes place.
      global: True
      helpLink: soup
    minute:
      description: The minute within the hour to run the repo sync.
      global: True
      helpLink: soup
  elastalert:
    description: Enable elastalert 1=enabled 0=disabled.
    global: True
    helpLink: elastalert
  no_proxy:
    description: String of hosts to ignore the proxy settings for.
    global: True
    helpLink: proxy
  proxy:
    description: Proxy server to use for updates.
    global: True
    helpLink: proxy
  additionalCA:
    description: Additional CA certificates to trust in PEM format.
    global: True
    advanced: True
    multiline: True
    forcedType: string
    helpLink: proxy
  insecureSkipVerify:
    description: Disable TLS verification for outgoing requests. This will make your installation less secure to MITM attacks. Recommended only for debugging purposes.
    advanced: True
    forcedType: bool
    global: True
    helpLink: proxy
  agent_monitoring:
    enabled:
      description: Enable monitoring elastic agents for health issues. Can be used to trigger an alert when a 'critical' agent hasn't checked in with fleet for longer than the configured offline threshold.
      global: True
      helpLink: elastic-fleet
      forcedType: bool
    config:
      critical_agents:
        description: List of 'critical' agents to log when they haven't checked in longer than the maximum allowed time. If there are no 'critical' agents specified all offline agents will be logged once they reach the offline threshold.
        global: True
        multiline: True
        helpLink: elastic-fleet
        forcedType: "[]string"
      custom_kquery:
        description: For more granular control over what agents to monitor for offline|degraded status add a kquery here. It is recommended to create & test within Elastic Fleet first to ensure your agents are targeted correctly using the query. eg 'status:offline AND tags:INFRA'
        global: True
        helpLink: elastic-fleet
        forcedType: string
        advanced: True
      offline_threshold:
        description: The maximum allowed time in hours a 'critical' agent has been offline before being logged.
        global: True
        helpLink: elastic-fleet
        forcedType: int
      realert_threshold:
        description: The time to pass before another alert for an offline agent exceeding the offline_threshold is generated.
        global: True
        helpLink: elastic-fleet
        forcedType: int
      page_size:
        description: The amount of agents that can be processed per API request to fleet.
        global: True
        helpLink: elastic-fleet
        forcedType: int
        advanced: True
      run_interval:
        description: The time in minutes between checking fleet agent statuses.
        global: True
        advanced: True
        helpLink: elastic-fleet
        forcedType: int
  managed_integrations:
    description: List of integrations to add into SOC config UI. Enter the full or partial integration name. Eg. 1password, 1pass
    forcedType: "[]string"
    multiline: True
    global: True
    advanced: True
    helpLink: elasticsearch