From 7f07a94a988684e860cc205eb05221d5360d51e9 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Sat, 10 Dec 2022 14:14:24 -0500 Subject: [PATCH] remove old DNP3 and Wazuh dashboards from defaults.yaml --- salt/soc/defaults.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index 7541c6763..71443423f 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -2345,9 +2345,6 @@ soc: - name: NIDS Alerts description: NIDS alerts query: 'event.category: network AND event.dataset: alert | groupby rule.category | groupby rule.gid | groupby rule.uuid | groupby rule.name | groupby source.ip | groupby destination.ip | groupby destination.port' - - name: Wazuh/OSSEC - description: Wazuh/OSSEC HIDS alerts and logs - query: 'event.module:ossec | groupby rule.category | groupby rule.uuid | groupby rule.name | groupby agent.id | groupby agent.name | groupby log.full' - name: Sysmon Overview description: Overview of all Sysmon data types query: 'event.module:sysmon | groupby -sankey event.dataset winlog.computer_name | groupby -sankey winlog.computer_name user.name | groupby winlog.computer_name | groupby event.dataset | groupby user.name | groupby dns.query.name | groupby process.executable | groupby winlog.event_data.TargetObject | groupby file.target | groupby source.ip | groupby destination.ip | groupby destination.port' @@ -2381,9 +2378,6 @@ soc: - name: DHCP description: Dynamic Host Configuration Protocol leases query: 'event.dataset:dhcp | groupby host.hostname | groupby host.domain | groupby dhcp.message_types | groupby client.address | groupby server.address' - - name: DNP3 - description: DNP3 logs - query: 'event.dataset:dnp3 | groupby dnp3.fc_request | groupby dnp3.fc_reply | groupby dnp3.iin | groupby source.ip | groupby destination.ip | groupby destination.port' - name: DNS description: Domain Name System queries query: 'event.dataset:dns | groupby dns.query.name | groupby dns.highest_registered_domain | groupby dns.parent_domain | groupby dns.answers.name | groupby dns.query.type_name | groupby dns.response.code_name | groupby source.ip | groupby destination.ip | groupby destination.port'