CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

'Escalated' filter toggle will auto-enable 'acknowledged' filter toggle

Browse Source
This commit is contained in:
Jason Ertel
2020-10-01 16:23:47 -04:00
parent e836f96c65
commit 8e15ed56d6
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/soc/files/soc/soc.json
View File

@@ -177,7 +177,7 @@
"queryBaseFilter": "event.dataset:alert", "queryBaseFilter": "event.dataset:alert",
"queryToggleFilters": [ "queryToggleFilters": [
{ "name": "acknowledged", "filter": "event.acknowledged:true", "enabled": false, "exclusive": true }, { "name": "acknowledged", "filter": "event.acknowledged:true", "enabled": false, "exclusive": true },
{ "name": "escalated", "filter": "event.escalated:true", "enabled": false, "exclusive": true } { "name": "escalated", "filter": "event.escalated:true", "enabled": false, "exclusive": true, "enablesToggles":["acknowledged"] }
], ],
"queries": [ "queries": [
{ "name": "Group By Name, Module", "query": "* | groupby rule.name rule.uuid event.module event.severity_label" }, { "name": "Group By Name, Module", "query": "* | groupby rule.name rule.uuid event.module event.severity_label" },