CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve Software dashboard

Browse Source
This commit is contained in:
Doug Burks
2022-12-21 15:25:19 -05:00
committed by GitHub
parent 991a6ec43c
commit 76a73ea35c
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/soc/files/soc/dashboards.queries.json
View File

@@ -38,7 +38,7 @@
{ "name": "SMB_Mapping", "description": "SMB (Server Message Block) mapping network metadata", "query": "event.dataset:smb_mapping | groupby smb.share_type | groupby smb.path | groupby smb.service | groupby -sankey source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"}, { "name": "SMB_Mapping", "description": "SMB (Server Message Block) mapping network metadata", "query": "event.dataset:smb_mapping | groupby smb.share_type | groupby smb.path | groupby smb.service | groupby -sankey source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},
{ "name": "SMTP", "description": "SMTP (Simple Mail Transfer Protocol) network metadata", "query": "event.dataset:smtp | groupby smtp.from | groupby smtp.recipient_to | groupby -sankey source.ip destination.ip | groupby smtp.subject | groupby source.ip | groupby destination.ip | groupby destination.port | groupby destination_geo.organization_name"}, { "name": "SMTP", "description": "SMTP (Simple Mail Transfer Protocol) network metadata", "query": "event.dataset:smtp | groupby smtp.from | groupby smtp.recipient_to | groupby -sankey source.ip destination.ip | groupby smtp.subject | groupby source.ip | groupby destination.ip | groupby destination.port | groupby destination_geo.organization_name"},
{ "name": "SNMP", "description": "SNMP (Simple Network Management Protocol) network metadata", "query": "event.dataset:snmp | groupby snmp.community | groupby snmp.version | groupby -sankey source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"}, { "name": "SNMP", "description": "SNMP (Simple Network Management Protocol) network metadata", "query": "event.dataset:snmp | groupby snmp.community | groupby snmp.version | groupby -sankey source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},
{ "name": "Software", "description": "Software seen by Zeek via network traffic", "query": "event.dataset:software | groupby software.type | groupby software.name | groupby source.ip"}, { "name": "Software", "description": "Software seen by Zeek via network traffic", "query": "event.dataset:software | groupby -sankey software.type source.ip | groupby software.type | groupby software.name | groupby source.ip"},
{ "name": "SSH", "description": "SSH (Secure Shell) connections seen by Zeek", "query": "event.dataset:ssh | groupby ssh.client | groupby ssh.server | groupby -sankey source.ip destination.ip | groupby ssh.direction | groupby ssh.version | groupby ssh.hassh_version | groupby source.ip | groupby destination.ip | groupby destination.port | groupby destination_geo.organization_name"}, { "name": "SSH", "description": "SSH (Secure Shell) connections seen by Zeek", "query": "event.dataset:ssh | groupby ssh.client | groupby ssh.server | groupby -sankey source.ip destination.ip | groupby ssh.direction | groupby ssh.version | groupby ssh.hassh_version | groupby source.ip | groupby destination.ip | groupby destination.port | groupby destination_geo.organization_name"},
{ "name": "SSL", "description": "SSL/TLS network metadata", "query": "event.dataset:ssl | groupby ssl.version | groupby ssl.validation_status | groupby -sankey source.ip ssl.server_name | groupby ssl.server_name | groupby source.ip | groupby destination.ip | groupby destination.port | groupby destination_geo.organization_name | groupby ssl.certificate.issuer | groupby ssl.certificate.subject"}, { "name": "SSL", "description": "SSL/TLS network metadata", "query": "event.dataset:ssl | groupby ssl.version | groupby ssl.validation_status | groupby -sankey source.ip ssl.server_name | groupby ssl.server_name | groupby source.ip | groupby destination.ip | groupby destination.port | groupby destination_geo.organization_name | groupby ssl.certificate.issuer | groupby ssl.certificate.subject"},
{ "name": "STUN", "description": "STUN (Session Traversal Utilities for NAT) network metadata", "query": "event.dataset:stun* | groupby -sankey source.ip destination.ip | groupby destination.geo.country_name | groupby source.ip | groupby destination.ip | groupby destination.port | groupby event.dataset"}, { "name": "STUN", "description": "STUN (Session Traversal Utilities for NAT) network metadata", "query": "event.dataset:stun* | groupby -sankey source.ip destination.ip | groupby destination.geo.country_name | groupby source.ip | groupby destination.ip | groupby destination.port | groupby event.dataset"},