Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

detections annotations #12514

Merged
merged 2 commits into from
Mar 6, 2024
Merged

detections annotations #12514

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
167aff2
detections annotations
jertel Mar 6, 2024
1cbac11
detections annotations
jertel Mar 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions salt/soc/defaults.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1147,6 +1147,7 @@ soc:
tipTimeoutMs: 6000
cacheExpirationMs: 300000
casesEnabled: true
detectionsEnabled: false
inactiveTools: ['toolUnused']
tools:
- name: toolKibana
Expand Down
11 changes: 7 additions & 4 deletions salt/soc/soc_soc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ soc:
helpLink: soc-customization.html
sigma_final_pipeline__yaml:
title: Final Sigma Pipeline
description: Final Processing Pipeline for Sigma Rules
description: Final Processing Pipeline for Sigma Rules (future use, not yet complete)
syntax: yaml
file: True
global: True
Expand Down Expand Up @@ -79,11 +79,11 @@ soc:
modules:
elastalertengine:
sigmaRulePackages:
description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). WARNING! Changing the ruleset will remove all existing Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). WARNING! Changing the ruleset will remove all existing Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone. (future use, not yet complete)'
global: True
advanced: False
autoUpdateEnabled:
description: 'Set to true to enable automatic Internet-connected updates of the Sigma Community Ruleset. If this is an Airgap system, this setting will be overridden and set to false.'
description: 'Set to true to enable automatic Internet-connected updates of the Sigma Community Ruleset. If this is an Airgap system, this setting will be overridden and set to false. (future use, not yet complete)'
global: True
advanced: True
elastic:
Expand Down Expand Up @@ -149,7 +149,7 @@ soc:
advanced: True
strelkaengine:
autoUpdateEnabled:
description: 'Set to true to enable automatic Internet-connected updates of the Yara rulesets. If this is an Airgap system, this setting will be overridden and set to false.'
description: 'Set to true to enable automatic Internet-connected updates of the Yara rulesets. If this is an Airgap system, this setting will be overridden and set to false. (future use, not yet complete)'
global: True
advanced: True
client:
Expand All @@ -174,6 +174,9 @@ soc:
casesEnabled:
description: Set to true to enable case management in SOC.
global: True
detectionsEnabled:
description: Set to true to enable the Detections module in SOC. (future use, not yet complete)
global: True
inactiveTools:
description: List of external tools to remove from the SOC UI.
global: True
Expand Down
Loading