annotation updates

Security-Onion-Solutions · Aug 27, 2024 · 6043da4 · 6043da4
1 parent eabb894
commit 6043da4
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
@@ -192,6 +192,21 @@ soc:
             syntax: yaml
             helpLink: notifications.html
             forcedType: string
+          customAlerters:
+            description: "Specify custom notification alerters to use when the Sigma rule contains the following tag: so.alerters.customAlerters. This setting can be duplicated to create new custom alerter configurations. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
+            global: True
+            helpLink: notifications.html
+            forcedType: "[]string"
+            duplicates: True
+            multiline: True
+          customAlertersParams:
+            description: "Optional configuration parameters for custom notification alerters, used when the Sigma rule contains the following tag: so.params.customAlertersParams. This setting can be duplicated to create new custom alerter configurations. Use YAML format for these parameters, and reference the ElastAlert 2 documentation, located at https://elastalert2.readthedocs.io, for available alerters and their required configuration parameters. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
+            global: True
+            multiline: True
+            syntax: yaml
+            helpLink: notifications.html
+            duplicates: True
+            forcedType: string
           autoEnabledSigmaRules:
             default: &autoEnabledSigmaRules
               description: 'Sigma rules to automatically enable on initial import. Format is $Ruleset+$Level - for example, for the core community ruleset and critical level rules: core+critical. These will be applied based on role if defined and default if not.'