From 6043da4424150cfd500548961ef14e5768cdff73 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Tue, 27 Aug 2024 13:04:43 -0400
Subject: [PATCH] annotation updates

---
 salt/soc/soc_soc.yaml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index ff7f8efd09..b4134baa7d 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -192,6 +192,21 @@ soc:
             syntax: yaml
             helpLink: notifications.html
             forcedType: string
+          customAlerters:
+            description: "Specify custom notification alerters to use when the Sigma rule contains the following tag: so.alerters.customAlerters. This setting can be duplicated to create new custom alerter configurations. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
+            global: True
+            helpLink: notifications.html
+            forcedType: "[]string"
+            duplicates: True
+            multiline: True
+          customAlertersParams:
+            description: "Optional configuration parameters for custom notification alerters, used when the Sigma rule contains the following tag: so.params.customAlertersParams. This setting can be duplicated to create new custom alerter configurations. Use YAML format for these parameters, and reference the ElastAlert 2 documentation, located at https://elastalert2.readthedocs.io, for available alerters and their required configuration parameters. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
+            global: True
+            multiline: True
+            syntax: yaml
+            helpLink: notifications.html
+            duplicates: True
+            forcedType: string
           autoEnabledSigmaRules:
             default: &autoEnabledSigmaRules
               description: 'Sigma rules to automatically enable on initial import. Format is $Ruleset+$Level - for example, for the core community ruleset and critical level rules: core+critical. These will be applied based on role if defined and default if not.'