mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Update defaults.yaml
This commit is contained in:
bryant-treacle
GitHub
@@ -570,14 +570,13 @@ soc:
|
|||||||
- destination.geo.country_iso_code
|
- destination.geo.country_iso_code
|
||||||
- user.name
|
- user.name
|
||||||
- source.ip
|
- source.ip
|
||||||
':windows.sysmon_operational:':
|
'::sysmon_operational':
|
||||||
- soc_timestamp
|
- soc_timestamp
|
||||||
- event.action
|
- event.action
|
||||||
- process.executable
|
- winlog.computer_name
|
||||||
- user.name
|
- user.name
|
||||||
- file.target
|
- process.executable
|
||||||
- dns.question.name
|
- process.pid
|
||||||
- winlog.event_data.TargetObject
|
|
||||||
'::network_connection':
|
'::network_connection':
|
||||||
- soc_timestamp
|
- soc_timestamp
|
||||||
- source.ip
|
- source.ip
|
||||||
|
|||||||
Reference in New Issue
Block a user