Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add missing annotations to avoid soc crash #11023

Merged
merged 2 commits into from
Aug 11, 2023
Merged

add missing annotations to avoid soc crash #11023

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a5e6036
add missing annotations to avoid soc crash
jertel Aug 11, 2023
1fb3a59
add missing annotations to avoid soc crash
jertel Aug 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion salt/soc/soc_soc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,10 @@ soc:
actions:
description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records. The action must be defined in JSON object format, and contain a "name" key and "links" key. The links is a list of URLs, where the most suitable URL in the list will be the selected URL when the user clicks the action.
global: True
forcedType: "[]{}"
eventFields:
default:
description: The list of fields to show as columns in the Hunt/Dashboards event table, when no other specific mapping applies. Mappings are defined by the format ":event.module:event.dataset".
description: Event fields mappings are defined by the format ":event.module:event.dataset". For example, to customize which fields show for 'syslog' events originating from 'zeek', find the eventField item in the left panel that looks like ':zeek:syslog'. This 'default' entry is used for all events that do not match an existing mapping defined in the list to the left.
global: True
advanced: True
server:
Expand Down Expand Up @@ -139,6 +140,7 @@ soc:
description: List of available external tools visible in the SOC UI. Each tool is defined in JSON object notation, and must include the "name" key and "link" key, where the link is the tool's URL.
global: True
advanced: True
forcedType: "[]{}"
hunt: &appSettings
groupItemsPerPage:
description: Default number of aggregations to show per page. Larger values consume more vertical area in the SOC UI.
Expand All @@ -164,6 +166,12 @@ soc:
queries:
description: List of default queries to show in the query list. Each query is represented in JSON object notation, and must include the "name" key and "query" key.
global: True
forcedType: "[]{}"
queryToggleFilters:
description: Customize togglable query filters that apply to all queries. Exclusive toggles will invert the filter if toggled off rather than omitting the filter from the query.
global: True
advanced: True
forcedType: "[]{}"
alerts: *appSettings
cases: *appSettings
dashboards: *appSettings
Expand Down