mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-08 18:22:47 +01:00
Add Playbook
This commit is contained in:
weslambert
GitHub
@@ -1586,6 +1586,15 @@ soc:
|
|||||||
- rule.uuid
|
- rule.uuid
|
||||||
- rule.category
|
- rule.category
|
||||||
- rule.rev
|
- rule.rev
|
||||||
|
':playbook:':
|
||||||
|
- soc_timestamp
|
||||||
|
- rule.name
|
||||||
|
- event.severity_label
|
||||||
|
- event_data.event.module
|
||||||
|
- event_data.event.category
|
||||||
|
- event_data.process.executable
|
||||||
|
- event_data.process.pid
|
||||||
|
- event_data.winlog.computer_name
|
||||||
queryBaseFilter: tags:alert
|
queryBaseFilter: tags:alert
|
||||||
queryToggleFilters:
|
queryToggleFilters:
|
||||||
- name: acknowledged
|
- name: acknowledged
|
||||||
|
|||||||
Reference in New Issue
Block a user