From 47e43e53d93afc9bb619f464686098ffa0060aef Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Tue, 13 Dec 2022 12:43:10 -0500 Subject: [PATCH 1/4] FIX: so-import utilities should hyperlink to dashboards #9373 --- salt/common/tools/sbin/so-import-evtx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-import-evtx b/salt/common/tools/sbin/so-import-evtx index 4737a2419..a196c1193 100755 --- a/salt/common/tools/sbin/so-import-evtx +++ b/salt/common/tools/sbin/so-import-evtx @@ -166,11 +166,11 @@ cat << EOF Import complete! You can use the following hyperlink to view data in the time range of your import. You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser: -https://{{ URLBASE }}/#/hunt?q=import.id:${RUNID}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC +https://{{ URLBASE }}/#/dashboards?q=import.id:${RUNID}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC or you can manually set your Time Range to be (in UTC): From: $START_OLDEST_FORMATTED To: $END_NEWEST -Please note that it may take 30 seconds or more for events to appear in Hunt. +Please note that it may take 30 seconds or more for events to appear in Security Onion Console. EOF fi From 6c057d0b0abf017a1e875f145d4632df312e2df1 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Tue, 13 Dec 2022 12:43:54 -0500 Subject: [PATCH 2/4] FIX: so-import utilities should hyperlink to dashboards #9373 --- salt/common/tools/sbin/so-import-pcap | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-import-pcap b/salt/common/tools/sbin/so-import-pcap index 04a177e0b..f7fe237fc 100755 --- a/salt/common/tools/sbin/so-import-pcap +++ b/salt/common/tools/sbin/so-import-pcap @@ -214,11 +214,11 @@ cat << EOF Import complete! You can use the following hyperlink to view data in the time range of your import. You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser: -https://{{ URLBASE }}/#/hunt?q=import.id:${HASH}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC +https://{{ URLBASE }}/#/dashboards?q=import.id:${HASH}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC or you can manually set your Time Range to be (in UTC): From: $START_OLDEST To: $END_NEWEST -Please note that it may take 30 seconds or more for events to appear in Hunt. +Please note that it may take 30 seconds or more for events to appear in Security Onion Console. EOF fi From bb346d531d204ab8e484be888e077cef76712cb4 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Tue, 13 Dec 2022 13:22:53 -0500 Subject: [PATCH 3/4] FIX: so-import utilities should hyperlink to dashboards #9373 --- salt/common/tools/sbin/so-import-evtx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-import-evtx b/salt/common/tools/sbin/so-import-evtx index a196c1193..3e32d03d8 100755 --- a/salt/common/tools/sbin/so-import-evtx +++ b/salt/common/tools/sbin/so-import-evtx @@ -166,7 +166,7 @@ cat << EOF Import complete! You can use the following hyperlink to view data in the time range of your import. You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser: -https://{{ URLBASE }}/#/dashboards?q=import.id:${RUNID}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC +https://{{ URLBASE }}/#/dashboards?q=import.id:${RUNID}%20%7C%20groupby%20-sankey%20event.dataset%20event.category%2a%20%7C%20groupby%20-pie%20event.category%20%7C%20groupby%20-bar%20event.module%20%7C%20groupby%20event.dataset%20%7C%20groupby%20event.module%20%7C%20groupby%20event.category%20%7C%20groupby%20observer.name%20%7C%20groupby%20source.ip%20%7C%20groupby%20destination.ip%20%7C%20groupby%20destination.port&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC or you can manually set your Time Range to be (in UTC): From: $START_OLDEST_FORMATTED To: $END_NEWEST From aa08803f03303de029cc7ac5229949a3dbfd96a3 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Tue, 13 Dec 2022 13:23:27 -0500 Subject: [PATCH 4/4] FIX: so-import utilities should hyperlink to dashboards #9373 --- salt/common/tools/sbin/so-import-pcap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-import-pcap b/salt/common/tools/sbin/so-import-pcap index f7fe237fc..e9a0f5a19 100755 --- a/salt/common/tools/sbin/so-import-pcap +++ b/salt/common/tools/sbin/so-import-pcap @@ -214,7 +214,7 @@ cat << EOF Import complete! You can use the following hyperlink to view data in the time range of your import. You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser: -https://{{ URLBASE }}/#/dashboards?q=import.id:${HASH}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC +https://{{ URLBASE }}/#/dashboards?q=import.id:${HASH}%20%7C%20groupby%20-sankey%20event.dataset%20event.category%2a%20%7C%20groupby%20-pie%20event.category%20%7C%20groupby%20-bar%20event.module%20%7C%20groupby%20event.dataset%20%7C%20groupby%20event.module%20%7C%20groupby%20event.category%20%7C%20groupby%20observer.name%20%7C%20groupby%20source.ip%20%7C%20groupby%20destination.ip%20%7C%20groupby%20destination.port&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC or you can manually set your Time Range to be (in UTC): From: $START_OLDEST To: $END_NEWEST