Ship Defender logs

2026-04-24 05:31:54 +02:00 · 2024-04-08 14:01:38 -04:00
parent acf29a6c9c
commit 376efab40c
5 changed files with 51 additions and 0 deletions
--- a/salt/soc/files/soc/sigma_so_pipeline.yaml
+++ b/salt/soc/files/soc/sigma_so_pipeline.yaml
@@ -79,3 +79,12 @@ transformations:
      - type: logsource
        product: windows
        category: driver_load
+    - id: linux_security_add-fields
+      type: add_condition
+      conditions:
+        event.module: 'system'
+        event.dataset: 'system.auth'
+      rule_conditions:
+      - type: logsource
+        product: linux
+        service: auth