CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

More json for soc

Browse Source
This commit is contained in:
Mike Reeves
2020-10-01 17:04:15 -04:00
parent 63be0734c9
commit 5730c85988
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/soc/files/soc/hunt.eventfields.default.yaml
View File

@@ -1,6 +1,6 @@
soc: soc:
hunt: hunt:
eventfields: { eventfields:
"default": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "log.id.uid", "network.community_id", "event.dataset" ], "default": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "log.id.uid", "network.community_id", "event.dataset" ],
"::conn": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "network.transport", "network.protocol", "log.id.uid", "network.community_id" ], "::conn": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "network.transport", "network.protocol", "log.id.uid", "network.community_id" ],
"::dce_rpc": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "dce_rpc.endpoint", "dce_rpc.named_pipe", "dce_rpc.operation", "log.id.uid" ], "::dce_rpc": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "dce_rpc.endpoint", "dce_rpc.named_pipe", "dce_rpc.operation", "log.id.uid" ],
@@ -42,4 +42,4 @@ soc:
":strelka:file": ["soc_timestamp", "scan.exiftool.OriginalFileName", "file.size", "hash.md5", "scan.exiftool.CompanyName", "scan.exiftool.Description", "scan.exiftool.Directory", "scan.exiftool.FileType", "scan.exiftool.FileOS", "log.id.fuid" ], ":strelka:file": ["soc_timestamp", "scan.exiftool.OriginalFileName", "file.size", "hash.md5", "scan.exiftool.CompanyName", "scan.exiftool.Description", "scan.exiftool.Directory", "scan.exiftool.FileType", "scan.exiftool.FileOS", "log.id.fuid" ],
":suricata:": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "rule.name", "rule.category", "event.severity_label", "log.id.uid", "network.community_id" ], ":suricata:": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "rule.name", "rule.category", "event.severity_label", "log.id.uid", "network.community_id" ],
":sysmon:": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "source.hostname", "event.dataset", "process.executable", "user.name" ], ":sysmon:": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "source.hostname", "event.dataset", "process.executable", "user.name" ],
":windows_eventlog:": ["soc_timestamp", "user.name" ] } ":windows_eventlog:": ["soc_timestamp", "user.name" ]

2
salt/soc/files/soc/soc.json
View File

@@ -46,7 +46,7 @@
"relativeTimeValue": 24, "relativeTimeValue": 24,
"relativeTimeUnit": 30, "relativeTimeUnit": 30,
"mostRecentlyUsedLimit": 5, "mostRecentlyUsedLimit": 5,
"eventFields": {{ hunt_eventfields.soc.hunt.eventfields | json }} , "eventFields": { {{ hunt_eventfields.soc.hunt.eventfields | json }} },
"queryBaseFilter": "", "queryBaseFilter": "",
"queryToggleFilters": [], "queryToggleFilters": [],
"queries": {{ hunt_queries.soc.hunt.queries | json }} , "queries": {{ hunt_queries.soc.hunt.queries | json }} ,