CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11785 from Security-Onion-Solutions/dougburks-patch-1

Browse Source 
FIX: SOC Hunt HTTP EXE query #11784
This commit is contained in:
Doug Burks
2023-11-14 10:03:46 -05:00
committed by GitHub
parent 4fa6b265a0 4666b993e5
commit 96b456cd76
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/soc/defaults.yaml
View File

@@ -1240,7 +1240,7 @@ soc:
showSubtitle: true
- name: HTTP
description: HTTP with exe downloads
query: 'tags:http AND (file.resp_mime_types:dosexec OR file.resp_mime_types:executable) | groupby http.virtual_host'
query: 'tags:http AND file.resp_mime_types:*exec* | groupby http.virtual_host'
showSubtitle: true
- name: Intel
description: Intel framework hits grouped by indicator