mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-02-20 14:05:26 +01:00
Merge pull request #15492 from Security-Onion-Solutions/mwright/investigate-refactor
Assistant: Investigated Query Toggle Filter
This commit is contained in:
@@ -2380,6 +2380,10 @@ soc:
|
||||
exclusive: true
|
||||
enablesToggles:
|
||||
- acknowledged
|
||||
- name: investigated
|
||||
filter: event.investigated:true
|
||||
enabled: false
|
||||
exclusive: false
|
||||
queries:
|
||||
- name: 'Group By Name, Module'
|
||||
query: '* | groupby rule.name event.module* event.severity_label rule.uuid'
|
||||
|
||||
Reference in New Issue
Block a user