CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6720 from Security-Onion-Solutions/kilo

Browse Source 
Add case template to eval install types; also improve clarity of case queries
This commit is contained in:
Jason Ertel
2021-12-29 11:41:06 -05:00
committed by GitHub
parent a2f1f52450 1d885a5419
commit 74dbc4bf67
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pillar/elasticsearch/eval.sls
View File

@@ -1,6 +1,7 @@
elasticsearch: elasticsearch:
templates: templates:
- so/so-beats-template.json.jinja - so/so-beats-template.json.jinja
- so/so-case-template.json.jinja
- so/so-common-template.json.jinja - so/so-common-template.json.jinja
- so/so-firewall-template.json.jinja - so/so-firewall-template.json.jinja
- so/so-flow-template.json.jinja - so/so-flow-template.json.jinja

4
salt/soc/files/soc/cases.queries.json
View File

@@ -1,5 +1,5 @@
[ [
{ "name": "Open Cases", "query": "!case.status:Closed AND !case.category:Template" }, { "name": "Open Cases", "query": "NOT case.status:Closed AND NOT case.category:Template" },
{ "name": "Closed Cases", "query": "case.status:Closed AND !case.category:Template" }, { "name": "Closed Cases", "query": "case.status:Closed AND NOT case.category:Template" },
{ "name": "Templates", "query": "case.category:Template" } { "name": "Templates", "query": "case.category:Template" }
] ]