mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
140 lines
7.0 KiB
YAML
140 lines
7.0 KiB
YAML
elastalert:
|
|
enabled:
|
|
description: You can enable or disable Elastalert.
|
|
helpLink: elastalert.html
|
|
alerter_parameters:
|
|
title: Custom Configuration Parameters
|
|
description: Optional configuration parameters made available as defaults for all rules and alerters. Use YAML format for these parameters, and reference the ElastAlert 2 documentation, located at https://elastalert2.readthedocs.io, for available configuration parameters. Requires a valid Security Onion license key.
|
|
global: True
|
|
multiline: True
|
|
syntax: yaml
|
|
helpLink: elastalert.html
|
|
forcedType: string
|
|
jira_api_key:
|
|
title: Jira API Key
|
|
description: Optional configuration parameter for Jira API Key, used instead of the Jira username and password. Requires a valid Security Onion license key.
|
|
global: True
|
|
sensitive: True
|
|
helpLink: elastalert.html
|
|
forcedType: string
|
|
jira_pass:
|
|
title: Jira Password
|
|
description: Optional configuration parameter for Jira password. Requires a valid Security Onion license key.
|
|
global: True
|
|
sensitive: True
|
|
helpLink: elastalert.html
|
|
forcedType: string
|
|
jira_user:
|
|
title: Jira Username
|
|
description: Optional configuration parameter for Jira username. Requires a valid Security Onion license key.
|
|
global: True
|
|
helpLink: elastalert.html
|
|
forcedType: string
|
|
smtp_pass:
|
|
title: SMTP Password
|
|
description: Optional configuration parameter for SMTP password, required for authenticating email servers. Requires a valid Security Onion license key.
|
|
global: True
|
|
sensitive: True
|
|
helpLink: elastalert.html
|
|
forcedType: string
|
|
smtp_user:
|
|
title: SMTP Username
|
|
description: Optional configuration parameter for SMTP username, required for authenticating email servers. Requires a valid Security Onion license key.
|
|
global: True
|
|
helpLink: elastalert.html
|
|
forcedType: string
|
|
files:
|
|
custom:
|
|
alertmanager_ca__crt:
|
|
description: Optional custom Certificate Authority for connecting to an AlertManager server. To utilize this custom file, the alertmanager_ca_certs key must be set to /opt/elastalert/custom/alertmanager_ca.crt in the Alerter Parameters setting. Requires a valid Security Onion license key.
|
|
global: True
|
|
file: True
|
|
helpLink: elastalert.html
|
|
gelf_ca__crt:
|
|
description: Optional custom Certificate Authority for connecting to a Graylog server. To utilize this custom file, the graylog_ca_certs key must be set to /opt/elastalert/custom/graylog_ca.crt in the Alerter Parameters setting. Requires a valid Security Onion license key.
|
|
global: True
|
|
file: True
|
|
helpLink: elastalert.html
|
|
http_post_ca__crt:
|
|
description: Optional custom Certificate Authority for connecting to a generic HTTP server, via the legacy HTTP POST alerter. To utilize this custom file, the http_post_ca_certs key must be set to /opt/elastalert/custom/http_post2_ca.crt in the Alerter Parameters setting. Requires a valid Security Onion license key.
|
|
global: True
|
|
file: True
|
|
helpLink: elastalert.html
|
|
http_post2_ca__crt:
|
|
description: Optional custom Certificate Authority for connecting to a generic HTTP server, via the newer HTTP POST 2 alerter. To utilize this custom file, the http_post2_ca_certs key must be set to /opt/elastalert/custom/http_post2_ca.crt in the Alerter Parameters setting. Requires a valid Security Onion license key.
|
|
global: True
|
|
file: True
|
|
helpLink: elastalert.html
|
|
ms_teams_ca__crt:
|
|
description: Optional custom Certificate Authority for connecting to Microsoft Teams server. To utilize this custom file, the ms_teams_ca_certs key must be set to /opt/elastalert/custom/ms_teams_ca.crt in the Alerter Parameters setting. Requires a valid Security Onion license key.
|
|
global: True
|
|
file: True
|
|
helpLink: elastalert.html
|
|
pagerduty_ca__crt:
|
|
description: Optional custom Certificate Authority for connecting to PagerDuty server. To utilize this custom file, the pagerduty_ca_certs key must be set to /opt/elastalert/custom/pagerduty_ca.crt in the Alerter Parameters setting. Requires a valid Security Onion license key.
|
|
global: True
|
|
file: True
|
|
helpLink: elastalert.html
|
|
rocket_chat_ca__crt:
|
|
description: Optional custom Certificate Authority for connecting to PagerDuty server. To utilize this custom file, the rocket_chart_ca_certs key must be set to /opt/elastalert/custom/rocket_chat_ca.crt in the Alerter Parameters setting. Requires a valid Security Onion license key.
|
|
global: True
|
|
file: True
|
|
helpLink: elastalert.html
|
|
smtp__crt:
|
|
description: Optional custom certificate for connecting to an SMTP server. To utilize this custom file, the smtp_cert_file key must be set to /opt/elastalert/custom/smtp.crt in the Alerter Parameters setting. Requires a valid Security Onion license key.
|
|
global: True
|
|
file: True
|
|
helpLink: elastalert.html
|
|
smtp__key:
|
|
description: Optional custom certificate key for connecting to an SMTP server. To utilize this custom file, the smtp_key_file key must be set to /opt/elastalert/custom/smtp.key in the Alerter Parameters setting. Requires a valid Security Onion license key.
|
|
global: True
|
|
file: True
|
|
helpLink: elastalert.html
|
|
slack_ca__crt:
|
|
description: Optional custom Certificate Authority for connecting to Slack. To utilize this custom file, the slack_ca_certs key must be set to /opt/elastalert/custom/slack_ca.crt in the Alerter Parameters setting. Requires a valid Security Onion license key.
|
|
global: True
|
|
file: True
|
|
helpLink: elastalert.html
|
|
config:
|
|
disable_rules_on_error:
|
|
description: Disable rules on failure.
|
|
global: True
|
|
helpLink: elastalert.html
|
|
run_every:
|
|
minutes:
|
|
description: Amount of time in minutes between searches.
|
|
global: True
|
|
helpLink: elastalert.html
|
|
buffer_time:
|
|
minutes:
|
|
description: Amount of time in minutes to look through.
|
|
global: True
|
|
helpLink: elastalert.html
|
|
old_query_limit:
|
|
minutes:
|
|
description: Amount of time in minutes between queries to start at the most recently run query.
|
|
global: True
|
|
helpLink: elastalert.html
|
|
es_conn_timeout:
|
|
description: Timeout in seconds for connecting to and reading from Elasticsearch.
|
|
global: True
|
|
helpLink: elastalert.html
|
|
max_query_size:
|
|
description: The maximum number of documents that will be returned from Elasticsearch in a single query.
|
|
global: True
|
|
helpLink: elastalert.html
|
|
alert_time_limit:
|
|
days:
|
|
description: The retry window for failed alerts.
|
|
global: True
|
|
helpLink: elastalert.html
|
|
index_settings:
|
|
shards:
|
|
description: The number of shards for elastalert indices.
|
|
global: True
|
|
helpLink: elastalert.html
|
|
replicas:
|
|
description: The number of replicas for elastalert indices.
|
|
global: True
|
|
helpLink: elastalert.html
|