CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-29 04:13:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
17518b90cae33202c0948817b35e6b31c387939e
securityonion/salt/elastalert/soc_elastalert.yaml
Jason Ertel 1c4d36760a add support for custom alerters
2024-05-17 14:49:39 -04:00

55 lines
2.1 KiB
YAML
Raw Blame History

elastalert:
enabled:
description: You can enable or disable Elastalert.
helpLink: elastalert.html
alerter_parameters:
title: Alerter Parameters
description: Custom configuration parameters for additional, optional alerters that can be enabled for all Sigma rules. Filter for 'Additional Alerters' in this Configuration screen to find the setting that allows these alerters to be enabled within the SOC ElastAlert module. Use YAML format for these parameters, and reference the ElastAlert 2 documentation, located at https://elastalert2.readthedocs.io, for available alerters and their required configuration parameters.
global: True
multiline: True
syntax: yaml
helpLink: elastalert.html
forcedType: string
config:
disable_rules_on_error:
description: Disable rules on failure.
global: True
helpLink: elastalert.html
run_every:
minutes:
description: Amount of time in minutes between searches.
global: True
helpLink: elastalert.html
buffer_time:
minutes:
description: Amount of time in minutes to look through.
global: True
helpLink: elastalert.html
old_query_limit:
minutes:
description: Amount of time in minutes between queries to start at the most recently run query.
global: True
helpLink: elastalert.html
es_conn_timeout:
description: Timeout in seconds for connecting to and reading from Elasticsearch.
global: True
helpLink: elastalert.html
max_query_size:
description: The maximum number of documents that will be returned from Elasticsearch in a single query.
global: True
helpLink: elastalert.html
alert_time_limit:
days:
description: The retry window for failed alerts.
global: True
helpLink: elastalert.html
index_settings:
shards:
description: The number of shards for elastalert indices.
global: True
helpLink: elastalert.html
replicas:
description: The number of replicas for elastalert indices.
global: True
helpLink: elastalert.html
Reference in New Issue View Git Blame Copy Permalink