CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-23 08:31:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8778 from Security-Onion-Solutions/2.4/elastic-fleet

Browse Source 
Hunt Query - Elastic Agent Live Osquery Logs
This commit is contained in:
Josh Brower
2022-09-20 08:29:47 -04:00
committed by GitHub
parent da8d09713f 120fdef173
commit 0815b607e6
1 changed files with 0 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/soc/defaults.yaml
View File

@@ -797,9 +797,6 @@ soc:
- name: NTLM
description: NTLM grouped by computer name
query: 'event.dataset:ntlm | groupby ntlm.server.dns.name'
- name: Osquery Live Queries
description: Osquery Live Query results grouped by computer name
query: 'event.dataset:live_query | groupby host.hostname'
- name: PE
description: PE files list
query: 'event.dataset:pe | groupby file.machine file.os file.subsystem'
@@ -1457,9 +1454,6 @@ soc:
- name: NTLM
description: NTLM logs
query: 'event.dataset:ntlm | groupby ntlm.server.dns.name | groupby ntlm.server.nb.name | groupby ntlm.server.tree.name | groupby ntlm.success | groupby source.ip | groupby destination.ip | groupby destination.port'
- name: Osquery Live Queries
description: Osquery Live Query results
query: 'event.dataset:live_query | groupby host.hostname'
- name: PE
description: PE files list
query: 'event.dataset:pe | groupby file.machine | groupby file.os | groupby file.subsystem | groupby file.section_names | groupby file.is_exe | groupby file.is_64bit'