Merge pull request #12627 from Security-Onion-Solutions/dougburks-pat…

…ch-1 FIX: Annotations for BPF and Suricata PCAP #12626
Security-Onion-Solutions · Mar 20, 2024 · 655d3e3 · 655d3e3
2 parents 4c2f275 + f3b9213
commit 655d3e3
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/salt/bpf/soc_bpf.yaml b/salt/bpf/soc_bpf.yaml
@@ -1,6 +1,6 @@
 bpf:
   pcap:
-    description: List of BPF filters to apply to PCAP.
+    description: List of BPF filters to apply to Stenographer.
     multiline: True
     forcedType: "[]string"
     helpLink: bpf.html

diff --git a/salt/suricata/soc_suricata.yaml b/salt/suricata/soc_suricata.yaml
@@ -21,26 +21,26 @@ suricata:
       helpLink: suricata.html
   pcap:
     filesize: 
-      description: Max file size for individual PCAP files written by Suricata. Increasing this number could improve write performance at the expense of pcap retrieval times.
+      description: Maximum file size for individual PCAP files written by Suricata. Increasing this number could improve write performance at the expense of pcap retrieval time.
       advanced: True
-      helplink: suricata.html 
+      helpLink: suricata.html 
     maxsize:
-      description: Size in GB for total usage size of PCAP on disk. 
-      helplink: suricata.html
+      description: Maximum size in GB for total disk usage of all PCAP files written by Suricata.
+      helpLink: suricata.html
     compression: 
-      description: Enable compression of Suricata PCAP.
+      description: Enable compression of Suricata PCAP files.
       advanced: True
       helpLink: suricata.html
     lz4-checksum: 
       description: Enable PCAP lz4 checksum.
       advanced: True
       helpLink: suricata.html
     lz4-level: 
-      description: lz4 compression level of PCAP. 0 for no compression 16 for max compression.
+      description: lz4 compression level of PCAP files. Set to 0 for no compression. Set to 16 for maximum compression.
       advanced: True
       helpLink: suricata.html
     filename:
-      description: Filename output for Suricata PCAP.
+      description: Filename output for Suricata PCAP files.
       advanced: True
       readonly: True
       helpLink: suricata.html
@@ -50,13 +50,13 @@ suricata:
       readonly: True
       helpLink: suricata.html
     use-stream-depth: 
-      description: Set to "no" to ignore the stream depth and capture the entire flow. Set this to "yes" to truncate the flow based on the stream depth. 
+      description: Set to "no" to ignore the stream depth and capture the entire flow. Set to "yes" to truncate the flow based on the stream depth.
       advanced: True
       regex: ^(yes|no)$
       regexFailureMessage: You must enter either yes or no.
       helpLink: suricata.html
     conditional: 
-      description: Set to "all" to capture PCAP for all flows. Set to "alerts" to capture PCAP just for alerts or set to "tag" to capture PCAP for just tagged rules.
+      description: Set to "all" to record PCAP for all flows. Set to "alerts" to only record PCAP for Suricata alerts. Set to "tag" to only record PCAP for tagged rules.
       regex: ^(all|alerts|tag)$
       regexFailureMessage: You must enter either all, alert or tag.
       helpLink: suricata.html