detections annotations

Security-Onion-Solutions · Mar 6, 2024 · 167aff2 · 167aff2
1 parent 0f12297
commit 167aff2
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
@@ -1147,6 +1147,7 @@ soc:
         tipTimeoutMs: 6000
         cacheExpirationMs: 300000
         casesEnabled: true
+        detectionsEnabled: false
         inactiveTools: ['toolUnused']
         tools:
           - name: toolKibana

diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
@@ -79,11 +79,11 @@ soc:
       modules:
         elastalertengine:
           sigmaRulePackages:
-            description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). WARNING! Changing the ruleset will remove all existing Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone.'
+            description: 'Defines the Sigma Community Ruleset you want to run. One of these (core | core+ | core++ | all ) as well as an optional Add-on (emerging_threats_addon). WARNING! Changing the ruleset will remove all existing Sigma rules of the previous ruleset and their associated overrides. This removal cannot be undone. (future use, not yet complete)'
             global: True
             advanced: False
           autoUpdateEnabled:
-            description: 'Set to true to enable automatic Internet-connected updates of the Sigma Community Ruleset. If this is an Airgap system, this setting will be overridden and set to false.'
+            description: 'Set to true to enable automatic Internet-connected updates of the Sigma Community Ruleset. If this is an Airgap system, this setting will be overridden and set to false. (future use, not yet complete)'
             global: True
             advanced: True
         elastic:
@@ -149,7 +149,7 @@ soc:
             advanced: True
         strelkaengine:
           autoUpdateEnabled:
-            description: 'Set to true to enable automatic Internet-connected updates of the Yara rulesets. If this is an Airgap system, this setting will be overridden and set to false.'
+            description: 'Set to true to enable automatic Internet-connected updates of the Yara rulesets. If this is an Airgap system, this setting will be overridden and set to false. (future use, not yet complete)'
             global: True
             advanced: True
       client:
@@ -174,6 +174,9 @@ soc:
         casesEnabled:
           description: Set to true to enable case management in SOC.
           global: True
+        detectionsEnabled:
+          description: Set to true to enable the Detections module in SOC. (future use, not yet complete)
+          global: True
         inactiveTools:
           description: List of external tools to remove from the SOC UI.
           global: True