CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix some soc defaults

Browse Source
This commit is contained in:
m0duspwnens
2022-09-19 15:51:29 -04:00
parent b5fb7596b0
commit 30afc88322
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/soc/defaults.yaml
View File

@@ -649,7 +649,7 @@ soc:
queryBaseFilter: queryBaseFilter:
queryToggleFilters: queryToggleFilters:
- name: caseExcludeToggle - name: caseExcludeToggle
filter: NOT _index:\"*:so-case*\" filter: 'NOT _index:"*:so-case*"'
enabled: true enabled: true
queries: queries:
- name: Default Query - name: Default Query
@@ -1365,7 +1365,7 @@ soc:
- source.ip - source.ip
queryBaseFilter: queryBaseFilter:
queryToggleFilters: queryToggleFilters:
- name: caseExcludeToggle, - name: caseExcludeToggle
filter: 'NOT _index:"*:so-case*"' filter: 'NOT _index:"*:so-case*"'
enabled: true enabled: true
queries: queries:
@@ -1591,7 +1591,7 @@ soc:
- so_case.severity - so_case.severity
- so_case.assigneeId - so_case.assigneeId
- so_case.createTime - so_case.createTime
queryBaseFilter: '_index:\"*:so-case\" AND so_kind:case' queryBaseFilter: '_index:"*:so-case" AND so_kind:case'
queryToggleFilters: [] queryToggleFilters: []
queries: queries:
- name: Open Cases - name: Open Cases