CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 02:32:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d35ffef503b0933f56c65b47c25349b32caed24f
securityonion/salt/sensoroni/soc_sensoroni.yaml
Jason Ertel 217bb388a0 Clarify enabled settings
2024-09-16 10:05:17 -04:00

309 lines
9.1 KiB
YAML
Raw Blame History

sensoroni:
enabled:
description: Enable or disable the per-node SOC agent process. This process is used for performing node-related jobs and reporting node metrics back to SOC. Disabling this process is unsupported and will result in an improperly functioning grid.
advanced: True
helpLink: grid.html
config:
analyze:
enabled:
description: Enable or disable the analyzer.
advanced: True
helpLink: cases.html
timeout_ms:
description: Timeout period for the analyzer.
advanced: True
helpLink: cases.html
parallel_limit:
description: Parallel limit for the analyzer.
advanced: True
helpLink: cases.html
node_checkin_interval_ms:
description: Interval in ms to checkin to the soc_host.
advanced: True
helpLink: grid.html
node_description:
description: Description of the specific node.
helpLink: grid.html
node: True
forcedType: string
sensoronikey:
description: Shared key for sensoroni authentication.
helpLink: grid.html
global: True
sensitive: True
advanced: True
soc_host:
description: Host for sensoroni agents to connect to.
helpLink: grid.html
global: True
advanced: True
suripcap:
pcapMaxCount:
description: The maximum number of PCAP packets to extract from eligible PCAP files, for PCAP jobs. If there are issues fetching excessively large packet streams consider lowering this value to reduce the number of collected packets returned to the user interface.
helpLink: sensoroni.html
advanced: True
analyzers:
echotrail:
api_key:
description: API key for the Echotrail analyzer.
helpLink: sensoroni.html
global: False
sensitive: True
advanced: False
forcedType: string
base_url:
description: Base URL for the Echotrail analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
elasticsearch:
api_key:
description: API key for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Connection URL for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
auth_user:
description: Username for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
auth_pwd:
description: User password for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: True
advanced: False
forcedType: string
num_results:
description: Number of documents to return for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: string
index:
description: Search index for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
time_delta_minutes:
description: Time (in minutes) to search back for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: int
timestamp_field_name:
description: Specified name for a documents' timestamp field for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: string
map:
description: Map between observable types and search field for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
cert_path:
description: Path to a TLS certificate for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
emailrep:
api_key:
description: API key for the EmailRep analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the EmailRep analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
greynoise:
api_key:
description: API key for the GreyNoise analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
api_version:
description: API version for the GreyNoise analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
base_url:
description: Base URL for the GreyNoise analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
localfile:
file_path:
description: File path for the LocalFile analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: "[]string"
otx:
api_key:
description: API key for the OTX analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the OTX analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
pulsedive:
api_key:
description: API key for the Pulsedive analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the Pulsedive analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
spamhaus:
lookup_host:
description: Host to use for lookups.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
nameservers:
description: Nameservers used for queries.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedTypes: "[]string"
sublime_platform:
api_key:
description: API key for the Sublime Platform analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the Sublime Platform analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
live_flow:
description: Determines if live flow analysis is used.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: bool
mailbox_email_address:
description: Source mailbox address used for live flow analysis.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
message_source_id:
description: ID of the message source used for live flow analysis.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
urlscan:
api_key:
description: API key for the Urlscan analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the Urlscan analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
enabled:
description: Analyzer enabled
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: bool
timeout:
description: Timeout for the Urlscan analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: int
visibility:
description: Type of visibility.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
virustotal:
api_key:
description: API key for the VirusTotal analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the VirusTotal analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
Reference in New Issue View Git Blame Copy Permalink