CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Updating config for Detection(s)

Browse Source
This commit is contained in:
Corey Ogburn
2024-02-02 11:49:58 -07:00
parent fe196b5661
commit 8f81c9eb68
1 changed files with 51 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
salt/soc/defaults.yaml
View File

@@ -64,7 +64,7 @@ soc:
icon: fa-external-link-alt icon: fa-external-link-alt
target: _blank target: _blank
links: links:
- 'https://{:sublime.url}/messages/{:sublime.message_group_id}' - 'https://{:sublime.url}/messages/{:sublime.message_group_id}'
eventFields: eventFields:
default: default:
- soc_timestamp - soc_timestamp
@@ -1756,3 +1756,53 @@ soc:
- amber+strict - amber+strict
- red - red
customEnabled: false customEnabled: false
detections:
viewEnabled: true
createLink: /detection/create
eventFetchLimit: 500
eventItemsPerPage: 50
groupFetchLimit: 50
mostRecentlyUsedLimit: 5
safeStringMaxLength: 100
queryBaseFilter: '_index:"*:so-detection" AND so_kind:detection'
eventFields:
default:
- so_detection.title
- so_detection.isEnabled
- so_detection.engine
- "@timestamp"
queries:
- name: "All Detections"
query: "_id:*"
- name: "Local Rules"
query: "so_detection.isCommunity:false"
- name: "Enabled"
query: "so_detection.isEnabled:true"
- name: "Disabled"
query: "so_detection.isEnabled:false"
- name: "Suricata"
query: "so_detection.engine:suricata"
- name: "ElastAlert"
query: "so_detection.engine:elastalert"
- name: "Strelka"
query: "so_detection.engine:strelka"
detection:
presets:
severity:
customEnabled: false
labels:
- unknown
- informational
- low
- medium
- high
- critical
engine:
customEnabled: false
labels:
- suricata
- elastalert
- strelka
severityTranslations:
minor: low
major: high