CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10652 from Security-Onion-Solutions/cogburn/10122

Browse Source 
FIX: Exclude System logs from Hunt/Dashboard Queries.
This commit is contained in:
coreyogburn
2023-06-23 13:48:17 -06:00
committed by GitHub
parent d247c9d704 fb27e7c479
commit 106aaa9c3e
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/soc/defaults.yaml
View File

@@ -1117,6 +1117,9 @@ soc:
- name: caseExcludeToggle - name: caseExcludeToggle
filter: 'NOT _index:"*:so-case*"' filter: 'NOT _index:"*:so-case*"'
enabled: true enabled: true
- name: socExcludeToggle
filter: 'NOT event.module:"soc"'
enabled: true
queries: queries:
- name: Default Query - name: Default Query
description: Show all events grouped by the observer host description: Show all events grouped by the observer host
@@ -1384,6 +1387,9 @@ soc:
- name: caseExcludeToggle - name: caseExcludeToggle
filter: 'NOT _index:"*:so-case*"' filter: 'NOT _index:"*:so-case*"'
enabled: true enabled: true
- name: socExcludeToggle
filter: 'NOT event.module:"soc"'
enabled: true
queries: queries:
- name: Overview - name: Overview
description: Overview of all events description: Overview of all events