add missing, fix user-role

arkime · Dec 19, 2024 · 38f72f1 · 38f72f1
1 parent c68f84b
commit 38f72f1
Show file tree

Hide file tree

Showing 5 changed files with 81 additions and 4 deletions.
diff --git a/_data/shared/user-role-mappings.yml b/_data/shared/user-role-mappings.yml
@@ -2,7 +2,7 @@ name: user-role-mappings
 before: |
   <p>
     Starting with 5.4.1 it is now possible to dynamically update the roles associated with a user when using header or oidc authMode.
-    This is done by adding a <code>[user-role-mappings]</code> section to the <code>configuration</code> file.
+    This is done by adding a <code>[user-role-mappings]</code> section to the configuration file.
     When using the user-role-mappings section, all roles you are using must be defined, one per line, and any role no longer enabled for the user will be removed.
     The rules are evaluated on login, and the user's roles are updated accordingly.
   </p>
@@ -13,7 +13,7 @@ before: |
   </p>
   <p>
     Each line is of the format <code>rolename=javascript expression</code>.
-    The javascript expression can use two variable, <code>this</code> which allows you to reference any user fields and <code>vals</code> which allows you to access any of the request headers for header auth or the oidc info for oidc auth.
+    The javascript expression can use two variable, <code>this</code> which allows you to reference any Arkime DB user fields and <code>vals</code> which allows you to access any of the request headers for header auth or the oidc info for oidc auth.
   </p>
   <p>
     Depending on what IAM system you are using, you may need to enable the sending of userinfo to Arkime.
@@ -33,7 +33,7 @@ after: |
   # custom role based on header value
   role-special=vals.roles.includes('special')
   # If you need to debug what is in this or vals you can use console.log
-  # role-test=console.log(this, vals),true
+  # wiseUser=console.log(this, vals),true
   </code></pre>
 
 settings:

diff --git a/_data/wise/databricks.yml b/_data/wise/databricks.yml
@@ -49,7 +49,6 @@ after: |
   <pre>
     [databricks:users]
     type = ip
-    format = json
     host = abc-123456-789.cloud.databricks.com
     path = /sql/1.0/warehouses/abcxyz125789
     token = THESUPERSECRETTOKEN

diff --git a/_data/wise/elasticsearchfile.yml b/_data/wise/elasticsearchfile.yml
@@ -0,0 +1,32 @@
+name: File
+before: |
+  <p>
+    Like the url source, use a single elasticsearch document as the file. The document can be periodically reloaded.
+    <br>
+    Create a <code>[elasticsearchfile:UNIQUENAME]</code> section to configure
+  </p>
+
+settings:
+  - key: url
+    value: REQUIRED
+    text: The OpenSearch/Elasticsearch url Format is http[s]://[user:password@]host:port/<index>/_doc/<document>
+
+  - key: tags
+    value: REQUIRED
+    text: Comma separated list of tags to set for matches
+
+  - key: type
+    value: REQUIRED
+    text: The type of data in the file, such as ip,domain,md5,ja3,email, or something defined in `[wise-types]`
+
+  - key: keyPath
+    value: REQUIRED
+    text: The column to use from the returned data to use as the key
+
+  - key: arrayPath
+    value: EMPTY
+    text: The path of where to find the array, if the json result isn't an array
+
+  - key: reload
+    value: EMPTY
+    text: How often in minutes to refresh the file, or -1 (default) to never refresh it
diff --git a/_data/wise/redisfile.yml b/_data/wise/redisfile.yml
@@ -0,0 +1,44 @@
+name: File
+before: |
+  <p>
+    Like the url source, use a single elasticsearch document as the file. The document can be periodically reloaded.
+    <br>
+    Create a <code>[elasticsearchfile:UNIQUENAME]</code> section to configure
+  </p>
+
+settings:
+  - key: redisURL
+    value: REQUIRED
+    text: 'The Redis URL to connect to - Format is redis://[:password@]host:port/db-number, redis-sentinel://[[sentinelPassword]:[password]@]host[:port]/redis-name/db-number, or redis-cluster://[:password@]host:port/db-number'
+
+  - key: key
+    value: REQUIRED
+    text: The document key in redis to fetch
+
+  - key: tags
+    value: REQUIRED
+    text: Comma separated list of tags to set for matches
+
+  - key: type
+    value: REQUIRED
+    text: The type of data in the file, such as ip,domain,md5,ja3,email, or something defined in `[wise-types]`
+
+  - key: format
+    value: csv
+    text: csv,[tagger](taggerformat),json,jsonl - The format of data
+
+  - key: column
+    value: 0
+    text: For csv formatted files, which column is the data
+
+  - key: keyPath
+    value: REQUIRED
+    text: The column to use from the returned data to use as the key
+
+  - key: arrayPath
+    value: EMPTY
+    text: The path of where to find the array, if the json result isn't an array
+
+  - key: reload
+    value: EMPTY
+    text: How often in minutes to refresh the file, or -1 (default) to never refresh it
diff --git a/settings.html b/settings.html
@@ -87,8 +87,10 @@
   - splunk
   - databricks
   - elasticsearch
+  - elasticsearchfile
   - file
   - redis
+  - redisfile
   - reversedns
   - url
   - value-actions