CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Modify PCAP quick action to work off of network community ID; Add new Correlate quick action

Browse Source
This commit is contained in:
Jason Ertel
2020-12-01 17:37:44 -05:00
parent 81b86bf7f2
commit b7bc8db3b2
2 changed files with 54 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
salt/soc/files/soc/alerts.actions.json
View File

@@ -1,6 +1,29 @@
[
{ "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "link": "/#/hunt?q=\"{value}\" | groupby event.module event.dataset", "target": "" },
{ "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "links": ["/joblookup?esid={:soc_id}", "/joblookup?ncid={:network.community_id}"], "target": "" },
{ "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "link": "https://www.google.com/search?q={value}", "target": "_blank" },
{ "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "link": "https://www.virustotal.com/gui/search/{value}", "target": "_blank" }
{ "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "target": "",
"links": [
"/#/hunt?q=\"{value}\" | groupby event.module event.dataset"
]},
{ "name": "actionCorrelate", "description": "actionCorrelateHelp", "icon": "fab fa-searchengin", "target": "",
"links": [
"/#/hunt?q=\"{:log.id.fuid}\" OR \"{:log.id.uid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset",
"/#/hunt?q=\"{:log.id.fuid}\" OR \"{:log.id.uid}\" | groupby event.module event.dataset",
"/#/hunt?q=\"{:log.id.fuid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset",
"/#/hunt?q=\"{:log.id.uid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset",
"/#/hunt?q=\"{:log.id.fuid}\" | groupby event.module event.dataset",
"/#/hunt?q=\"{:log.id.uid}\" | groupby event.module event.dataset",
"/#/hunt?q=\"{:network.community_id}\" | groupby event.module event.dataset"
]},
{ "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "target": "",
"links": [
"/joblookup?esid={:soc_id}",
"/joblookup?ncid={:network.community_id}"
]},
{ "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "target": "_blank",
"links": [
"https://www.google.com/search?q={value}"
]},
{ "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "target": "_blank",
"links": [
"https://www.virustotal.com/gui/search/{value}"
]}
]

31
salt/soc/files/soc/hunt.actions.json
View File

@@ -1,6 +1,29 @@
[
{ "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "link": "/#/hunt?q=\"{value}\" | groupby event.module event.dataset", "target": "" },
{ "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "links": ["/joblookup?esid={:soc_id}", "/joblookup?ncid={:network.community_id}"], "target": "" },
{ "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "link": "https://www.google.com/search?q={value}", "target": "_blank" },
{ "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "link": "https://www.virustotal.com/gui/search/{value}", "target": "_blank" }
{ "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "target": "",
"links": [
"/#/hunt?q=\"{value}\" | groupby event.module event.dataset"
]},
{ "name": "actionCorrelate", "description": "actionCorrelateHelp", "icon": "fab fa-searchengin", "target": "",
"links": [
"/#/hunt?q=\"{:log.id.fuid}\" OR \"{:log.id.uid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset",
"/#/hunt?q=\"{:log.id.fuid}\" OR \"{:log.id.uid}\" | groupby event.module event.dataset",
"/#/hunt?q=\"{:log.id.fuid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset",
"/#/hunt?q=\"{:log.id.uid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset",
"/#/hunt?q=\"{:log.id.fuid}\" | groupby event.module event.dataset",
"/#/hunt?q=\"{:log.id.uid}\" | groupby event.module event.dataset",
"/#/hunt?q=\"{:network.community_id}\" | groupby event.module event.dataset"
]},
{ "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "target": "",
"links": [
"/joblookup?esid={:soc_id}",
"/joblookup?ncid={:network.community_id}"
]},
{ "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "target": "_blank",
"links": [
"https://www.google.com/search?q={value}"
]},
{ "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "target": "_blank",
"links": [
"https://www.virustotal.com/gui/search/{value}"
]}
]