CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update osquery.template

Browse Source
This commit is contained in:
Josh Brower
2019-11-13 13:49:34 -05:00
committed by GitHub
parent 3fc43fa2da
commit 7259a5346b
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
salt/soctopus/files/templates/osquery.template
View File

@@ -11,6 +11,12 @@ hive_proxies:
http: '' http: ''
https: '' https: ''
hive_observable_data_mapping:
- ip: '{match[osquery][EndpointIP1]}'
- ip: '{match[osquery][EndpointIP2]}'
- other: '{match[osquery][hostIdentifier]}'
- other: '{match[osquery][hostname]}'
hive_alert_config: hive_alert_config:
title: '{rule[name]} -- {match[osquery][hostname]} -- {match[osquery][name]}' title: '{rule[name]} -- {match[osquery][hostname]} -- {match[osquery][name]}'
type: 'osquery' type: 'osquery'
@@ -23,9 +29,4 @@ hive_alert_config:
follow: True follow: True
caseTemplate: '5000' caseTemplate: '5000'
hive_observable_data_mapping:
- ip: '{match[osquery][EndpointIP1]}'
- ip: '{match[osquery][EndpointIP2]}'
- other: '{match[osquery][hostIdentifier]}'
- other: '{match[osquery][hostname]}'