CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

'Escalated' filter toggle will auto-enable 'acknowledged' filter toggle

Browse Source
This commit is contained in:
Jason Ertel
2020-10-01 16:23:47 -04:00
parent e836f96c65
commit 8e15ed56d6
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/soc/files/soc/soc.json
View File

@@ -177,7 +177,7 @@
"queryBaseFilter": "event.dataset:alert",
"queryToggleFilters": [
{ "name": "acknowledged", "filter": "event.acknowledged:true", "enabled": false, "exclusive": true },
{ "name": "escalated", "filter": "event.escalated:true", "enabled": false, "exclusive": true }
{ "name": "escalated", "filter": "event.escalated:true", "enabled": false, "exclusive": true, "enablesToggles":["acknowledged"] }
],
"queries": [
{ "name": "Group By Name, Module", "query": "* | groupby rule.name rule.uuid event.module event.severity_label" },