CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Simplify elastalert rules

Browse Source
This commit is contained in:
Josh Brower
2020-08-06 14:30:44 -04:00
parent 4936da9b5d
commit 4f9ef89098
2 changed files with 4 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/elastalert/files/rules/so/suricata_thehive.yaml
View File

@@ -8,14 +8,10 @@
es_host: {{es}} es_host: {{es}}
es_port: 9200 es_port: 9200
name: Suricata-Alert name: Suricata-Alert
type: frequency type: any
index: "*:so-ids-*" index: "*:so-ids-*"
num_events: 1
timeframe:
minutes: 10
buffer_time: buffer_time:
minutes: 10 minutes: 5
allow_buffer_time_overlap: true
query_key: ["rule.uuid","source.ip","destination.ip"] query_key: ["rule.uuid","source.ip","destination.ip"]
realert: realert:
days: 1 days: 1

8
salt/elastalert/files/rules/so/wazuh_thehive.yaml
View File

@@ -8,14 +8,10 @@
es_host: {{es}} es_host: {{es}}
es_port: 9200 es_port: 9200
name: Wazuh-Alert name: Wazuh-Alert
type: frequency type: any
index: "*:so-ossec-*" index: "*:so-ossec-*"
num_events: 1
timeframe:
minutes: 10
buffer_time: buffer_time:
minutes: 10 minutes: 5
allow_buffer_time_overlap: true
realert: realert:
days: 1 days: 1
filter: filter: