CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update Hunt query for firewall #1499

Browse Source
This commit is contained in:
Doug Burks
2020-10-10 07:17:49 -04:00
committed by GitHub
parent 9aa4112de1
commit 8cfabf101c
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/soc/files/soc/hunt.queries.json
View File

@@ -61,5 +61,5 @@
{ "name": "x509", "description": "x.509 grouped by key length and name", "query": "event.dataset:x509 | groupby x509.certificate.key.length x509.san_dns"},
{ "name": "x509", "description": "x.509 grouped by name and issuer", "query": "event.dataset:x509 | groupby x509.san_dns x509.certificate.issuer"},
{ "name": "x509", "description": "x.509 grouped by name and subject", "query": "event.dataset:x509 | groupby x509.san_dns x509.certificate.subject"},
{ "name": "Firewall", "description": "Firewall events grouped by action", "query": "event_type:firewall | groupby action"}
{ "name": "Firewall", "description": "Firewall events grouped by action", "query": "event.dataset:firewall | groupby rule.action"}
]