mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-20 07:53:06 +01:00
remove old DNP3 and Wazuh dashboards from defaults.yaml
This commit is contained in:
Doug Burks
GitHub
@@ -2345,9 +2345,6 @@ soc:
|
||||
- name: NIDS Alerts
|
||||
description: NIDS alerts
|
||||
query: 'event.category: network AND event.dataset: alert | groupby rule.category | groupby rule.gid | groupby rule.uuid | groupby rule.name | groupby source.ip | groupby destination.ip | groupby destination.port'
|
||||
- name: Wazuh/OSSEC
|
||||
description: Wazuh/OSSEC HIDS alerts and logs
|
||||
query: 'event.module:ossec | groupby rule.category | groupby rule.uuid | groupby rule.name | groupby agent.id | groupby agent.name | groupby log.full'
|
||||
- name: Sysmon Overview
|
||||
description: Overview of all Sysmon data types
|
||||
query: 'event.module:sysmon | groupby -sankey event.dataset winlog.computer_name | groupby -sankey winlog.computer_name user.name | groupby winlog.computer_name | groupby event.dataset | groupby user.name | groupby dns.query.name | groupby process.executable | groupby winlog.event_data.TargetObject | groupby file.target | groupby source.ip | groupby destination.ip | groupby destination.port'
|
||||
@@ -2381,9 +2378,6 @@ soc:
|
||||
- name: DHCP
|
||||
description: Dynamic Host Configuration Protocol leases
|
||||
query: 'event.dataset:dhcp | groupby host.hostname | groupby host.domain | groupby dhcp.message_types | groupby client.address | groupby server.address'
|
||||
- name: DNP3
|
||||
description: DNP3 logs
|
||||
query: 'event.dataset:dnp3 | groupby dnp3.fc_request | groupby dnp3.fc_reply | groupby dnp3.iin | groupby source.ip | groupby destination.ip | groupby destination.port'
|
||||
- name: DNS
|
||||
description: Domain Name System queries
|
||||
query: 'event.dataset:dns | groupby dns.query.name | groupby dns.highest_registered_domain | groupby dns.parent_domain | groupby dns.answers.name | groupby dns.query.type_name | groupby dns.response.code_name | groupby source.ip | groupby destination.ip | groupby destination.port'
|
||||
|
||||
Reference in New Issue
Block a user