CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-02-21 06:25:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

add investigated query toggle filter

Browse Source
This commit is contained in:
Matthew Wright
2026-02-17 13:17:12 -05:00
parent 8538e5572e
commit 3d1a2c12ec
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/soc/defaults.yaml
View File

@@ -2380,6 +2380,10 @@ soc:
exclusive: true exclusive: true
enablesToggles: enablesToggles:
- acknowledged - acknowledged
- name: investigated
filter: event.investigated:true
enabled: false
exclusive: false
queries: queries:
- name: 'Group By Name, Module' - name: 'Group By Name, Module'
query: '* | groupby rule.name event.module* event.severity_label rule.uuid' query: '* | groupby rule.name event.module* event.severity_label rule.uuid'