CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8773 from Security-Onion-Solutions/fix/soc2.4

Browse Source 
fix some soc defaults
This commit is contained in:
Josh Patterson
2022-09-19 15:54:25 -04:00
committed by GitHub
parent 4c2ac9dd93 30afc88322
commit 0367365225
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/soc/defaults.yaml
View File

@@ -659,7 +659,7 @@ soc:
queryBaseFilter: queryBaseFilter:
queryToggleFilters: queryToggleFilters:
- name: caseExcludeToggle - name: caseExcludeToggle
filter: NOT _index:\"*:so-case*\" filter: 'NOT _index:"*:so-case*"'
enabled: true enabled: true
queries: queries:
- name: Default Query - name: Default Query
@@ -1375,7 +1375,7 @@ soc:
- source.ip - source.ip
queryBaseFilter: queryBaseFilter:
queryToggleFilters: queryToggleFilters:
- name: caseExcludeToggle, - name: caseExcludeToggle
filter: 'NOT _index:"*:so-case*"' filter: 'NOT _index:"*:so-case*"'
enabled: true enabled: true
queries: queries:
@@ -1601,7 +1601,7 @@ soc:
- so_case.severity - so_case.severity
- so_case.assigneeId - so_case.assigneeId
- so_case.createTime - so_case.createTime
queryBaseFilter: '_index:\"*:so-case\" AND so_kind:case' queryBaseFilter: '_index:"*:so-case" AND so_kind:case'
queryToggleFilters: [] queryToggleFilters: []
queries: queries:
- name: Open Cases - name: Open Cases