CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix some soc defaults

Browse Source
This commit is contained in:
m0duspwnens
2022-09-19 15:51:29 -04:00
parent b5fb7596b0
commit 30afc88322
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/soc/defaults.yaml
View File

@@ -649,7 +649,7 @@ soc:
queryBaseFilter:
queryToggleFilters:
- name: caseExcludeToggle
filter: NOT _index:\"*:so-case*\"
filter: 'NOT _index:"*:so-case*"'
enabled: true
queries:
- name: Default Query
@@ -1365,7 +1365,7 @@ soc:
- source.ip
queryBaseFilter:
queryToggleFilters:
- name: caseExcludeToggle,
- name: caseExcludeToggle
filter: 'NOT _index:"*:so-case*"'
enabled: true
queries:
@@ -1591,7 +1591,7 @@ soc:
- so_case.severity
- so_case.assigneeId
- so_case.createTime
queryBaseFilter: '_index:\"*:so-case\" AND so_kind:case'
queryBaseFilter: '_index:"*:so-case" AND so_kind:case'
queryToggleFilters: []
queries:
- name: Open Cases