CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-24 09:53:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
fcfd74ec1ef7fdeeae920e1594bccf7fc55e6b44
securityonion/salt/sensoroni/soc_sensoroni.yaml
Jason Ertel 8f75bfb0a4 csv delimiter
2025-10-09 13:02:02 -04:00

445 lines
15 KiB
YAML
Raw Blame History

sensoroni:
enabled:
description: Enable or disable the per-node SOC agent process. This process is used for performing node-related jobs and reporting node metrics back to SOC. Disabling this process is unsupported and will result in an improperly functioning grid.
advanced: True
helpLink: grid.html
config:
analyze:
enabled:
description: Enable or disable the analyzer.
advanced: True
helpLink: cases.html
timeout_ms:
description: Timeout period for the analyzer.
advanced: True
helpLink: cases.html
parallel_limit:
description: Parallel limit for the analyzer.
advanced: True
helpLink: cases.html
export:
timeout_ms:
description: Timeout period for the exporter to finish export-related tasks.
advanced: True
helpLink: reports.html
cache_refresh_interval_ms:
description: Refresh interval for cache updates. Longer intervals result in less compute usage but risks stale data included in reports.
advanced: True
helpLink: reports.html
export_metric_limit:
description: Maximum number of metric values to include in each metric aggregation group.
advanced: True
helpLink: reports.html
export_event_limit:
description: Maximum number of events to include per event list.
advanced: True
helpLink: reports.html
csv_separator:
description: Separator character to use for CSV exports.
advanced: False
helpLink: reports.html
node_checkin_interval_ms:
description: Interval in ms to checkin to the soc_host.
advanced: True
helpLink: grid.html
node_description:
description: Description of the specific node.
helpLink: grid.html
node: True
forcedType: string
sensoronikey:
description: Shared key for sensoroni authentication.
helpLink: grid.html
global: True
sensitive: True
advanced: True
soc_host:
description: Host for sensoroni agents to connect to.
helpLink: grid.html
global: True
advanced: True
suripcap:
pcapMaxCount:
description: The maximum number of PCAP packets to extract from eligible PCAP files, for PCAP jobs. If there are issues fetching excessively large packet streams consider lowering this value to reduce the number of collected packets returned to the user interface.
helpLink: sensoroni.html
advanced: True
analyzers:
echotrail:
api_key:
description: API key for the Echotrail analyzer.
helpLink: sensoroni.html
global: False
sensitive: True
advanced: False
forcedType: string
base_url:
description: Base URL for the Echotrail analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
elasticsearch:
api_key:
description: API key for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Connection URL for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
auth_user:
description: Username for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
auth_pwd:
description: User password for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: True
advanced: False
forcedType: string
num_results:
description: Number of documents to return for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: string
index:
description: Search index for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
time_delta_minutes:
description: Time (in minutes) to search back for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: int
timestamp_field_name:
description: Specified name for a documents' timestamp field for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: True
forcedType: string
map:
description: Map between observable types and search field for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
cert_path:
description: Path to a TLS certificate for the Elasticsearch analyzer.
helpLink: sensoroni.html
global: False
sensitive: False
advanced: False
forcedType: string
emailrep:
api_key:
description: API key for the EmailRep analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the EmailRep analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
greynoise:
api_key:
description: API key for the GreyNoise analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
api_version:
description: API version for the GreyNoise analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
base_url:
description: Base URL for the GreyNoise analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
localfile:
file_path:
description: File path for the LocalFile analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: "[]string"
malwarebazaar:
api_key:
description: API key for the malwarebazaar analyzer.
helpLink: sensoroni.html
global: False
sensitive: True
advanced: False
forcedType: string
otx:
api_key:
description: API key for the OTX analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the OTX analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
pulsedive:
api_key:
description: API key for the Pulsedive analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the Pulsedive analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
spamhaus:
lookup_host:
description: Host to use for lookups.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
nameservers:
description: Nameservers used for queries.
helpLink: cases.html
global: False
sensitive: False
multiline: True
advanced: True
forcedTypes: "[]string"
sublime_platform:
api_key:
description: API key for the Sublime Platform analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the Sublime Platform analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
live_flow:
description: Determines if live flow analysis is used.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: bool
mailbox_email_address:
description: Source mailbox address used for live flow analysis.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
message_source_id:
description: ID of the message source used for live flow analysis.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
threatfox:
api_key:
description: API key for the threatfox analyzer.
helpLink: sensoroni.html
global: False
sensitive: True
advanced: False
forcedType: string
urlscan:
api_key:
description: API key for the Urlscan analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the Urlscan analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
enabled:
description: Analyzer enabled
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: bool
timeout:
description: Timeout for the Urlscan analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: int
visibility:
description: Type of visibility.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
urlhaus:
api_key:
description: API key for the urlhaus analyzer.
helpLink: sensoroni.html
global: False
sensitive: True
advanced: False
forcedType: string
virustotal:
api_key:
description: API key for the VirusTotal analyzer.
helpLink: cases.html
global: False
sensitive: True
advanced: True
forcedType: string
base_url:
description: Base URL for the VirusTotal analyzer.
helpLink: cases.html
global: False
sensitive: False
advanced: True
forcedType: string
files:
templates:
reports:
standard:
case_report__md:
title: Case report Template
description: The template used when generating a case report. Supports markdown format.
file: True
global: True
syntax: md
helpLink: reports.html
productivity_report__md:
title: Productivity Report Template
description: The template used when generating a comprehensive productivity report. Supports markdown format.
file: True
global: True
syntax: md
helpLink: reports.html
custom:
generic_report1__md:
title: Custom Report 1
description: A custom, user-defined report. Supports markdown format. The report title inside the file, typically near the top, will be shown in the SOC reporting UI.
file: True
global: True
syntax: md
helpLink: reports.html
generic_report2__md:
title: Custom Report 2
description: A custom, user-defined report. Supports markdown format. The report title inside the file, typically near the top, will be shown in the SOC reporting UI.
file: True
global: True
syntax: md
helpLink: reports.html
generic_report3__md:
title: Custom Report 3
description: A custom, user-defined report. Supports markdown format. The report title inside the file, typically near the top, will be shown in the SOC reporting UI.
file: True
global: True
syntax: md
helpLink: reports.html
generic_report4__md:
title: Custom Report 4
description: A custom, user-defined report. Supports markdown format. The report title inside the file, typically near the top, will be shown in the SOC reporting UI.
file: True
global: True
syntax: md
helpLink: reports.html
generic_report5__md:
title: Custom Report 5
description: A custom, user-defined report. Supports markdown format. The report title inside the file, typically near the top, will be shown in the SOC reporting UI.
file: True
global: True
syntax: md
helpLink: reports.html
generic_report6__md:
title: Custom Report 6
description: A custom, user-defined report. Supports markdown format. The report title inside the file, typically near the top, will be shown in the SOC reporting UI.
file: True
global: True
syntax: md
helpLink: reports.html
generic_report7__md:
title: Custom Report 7
description: A custom, user-defined report. Supports markdown format. The report title inside the file, typically near the top, will be shown in the SOC reporting UI.
file: True
global: True
syntax: md
helpLink: reports.html
generic_report8__md:
title: Custom Report 8
description: A custom, user-defined report. Supports markdown format. The report title inside the file, typically near the top, will be shown in the SOC reporting UI.
file: True
global: True
syntax: md
helpLink: reports.html
generic_report9__md:
title: Custom Report 9
description: A custom, user-defined report. Supports markdown format. The report title inside the file, typically near the top, will be shown in the SOC reporting UI.
file: True
global: True
syntax: md
helpLink: reports.html
addl_generic_report__md:
title: Additional Custom Report
description: A duplicatable custom, user-defined report. Supports markdown format. The report title inside the file, typically near the top, will be shown in the SOC reporting UI. This is an unsupported feature due to the inability to edit duplicated reports via the SOC app.
advanced: True
file: True
global: True
syntax: md
duplicates: True
helpLink: reports.html
Reference in New Issue View Git Blame Copy Permalink