CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 10:42:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make sure we are searching all clusters when running rules

Browse Source
This commit is contained in:
Wes Lambert
2020-07-24 22:04:30 +00:00
parent 6c9c60b8dd
commit 3ac9f1800b
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/elastalert/files/rules/so/suricata_thehive.yaml
View File

@@ -9,7 +9,7 @@ es_host: {{es}}
es_port: 9200 es_port: 9200
name: Suricata-Alert name: Suricata-Alert
type: frequency type: frequency
index: "so-ids-*" index: "*:so-ids-*"
num_events: 1 num_events: 1
timeframe: timeframe:
minutes: 10 minutes: 10

2
salt/elastalert/files/rules/so/wazuh_thehive.yaml
View File

@@ -9,7 +9,7 @@ es_host: {{es}}
es_port: 9200 es_port: 9200
name: Wazuh-Alert name: Wazuh-Alert
type: frequency type: frequency
index: "so-ossec-*" index: "*:so-ossec-*"
num_events: 1 num_events: 1
timeframe: timeframe:
minutes: 10 minutes: 10