CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14604 from Security-Onion-Solutions/dougburks-patch-1

Browse Source 
Update defaults.yaml to replace remaining instances of identity_id with user.name
This commit is contained in:
Doug Burks
2025-05-08 09:14:03 -04:00
committed by GitHub
parent e661c73583 a8cb18bb2e
commit 82f9043a14
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/soc/defaults.yaml
View File

@@ -116,14 +116,14 @@ soc:
- soc_timestamp - soc_timestamp
- event.dataset - event.dataset
- http_request.headers.x-real-ip - http_request.headers.x-real-ip
- identity_id - user.name
- http_request.headers.user-agent - http_request.headers.user-agent
- msg - msg
':hydra:': ':hydra:':
- soc_timestamp - soc_timestamp
- event.dataset - event.dataset
- http_request.headers.x-real-ip - http_request.headers.x-real-ip
- identity_id - user.name
- http_request.headers.user-agent - http_request.headers.user-agent
- msg - msg
'::conn': '::conn':
@@ -1605,7 +1605,7 @@ soc:
showSubtitle: true showSubtitle: true
- name: SOC - Auth - name: SOC - Auth
description: Users authenticated to SOC grouped by IP address and identity description: Users authenticated to SOC grouped by IP address and identity
query: 'event.dataset:kratos.audit AND msg:*authenticated* | groupby http_request.headers.x-real-ip identity_id' query: 'event.dataset:kratos.audit AND msg:*authenticated* | groupby http_request.headers.x-real-ip user.name'
showSubtitle: true showSubtitle: true
- name: SOC - App - name: SOC - App
description: Logs generated by the Security Onion Console (SOC) server and modules description: Logs generated by the Security Onion Console (SOC) server and modules