diff --git a/salt/soc/files/soc/alerts.actions.json b/salt/soc/files/soc/alerts.actions.json index e453a84b7..46c4ea68d 100644 --- a/salt/soc/files/soc/alerts.actions.json +++ b/salt/soc/files/soc/alerts.actions.json @@ -1,6 +1,29 @@ [ - { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "link": "/#/hunt?q=\"{value}\" | groupby event.module event.dataset", "target": "" }, - { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "links": ["/joblookup?esid={:soc_id}", "/joblookup?ncid={:network.community_id}"], "target": "" }, - { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "link": "https://www.google.com/search?q={value}", "target": "_blank" }, - { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "link": "https://www.virustotal.com/gui/search/{value}", "target": "_blank" } + { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "target": "", + "links": [ + "/#/hunt?q=\"{value}\" | groupby event.module event.dataset" + ]}, + { "name": "actionCorrelate", "description": "actionCorrelateHelp", "icon": "fab fa-searchengin", "target": "", + "links": [ + "/#/hunt?q=\"{:log.id.fuid}\" OR \"{:log.id.uid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.fuid}\" OR \"{:log.id.uid}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.fuid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.uid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.fuid}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.uid}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:network.community_id}\" | groupby event.module event.dataset" + ]}, + { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "target": "", + "links": [ + "/joblookup?esid={:soc_id}", + "/joblookup?ncid={:network.community_id}" + ]}, + { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "target": "_blank", + "links": [ + "https://www.google.com/search?q={value}" + ]}, + { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "target": "_blank", + "links": [ + "https://www.virustotal.com/gui/search/{value}" + ]} ] \ No newline at end of file diff --git a/salt/soc/files/soc/hunt.actions.json b/salt/soc/files/soc/hunt.actions.json index e453a84b7..46c4ea68d 100644 --- a/salt/soc/files/soc/hunt.actions.json +++ b/salt/soc/files/soc/hunt.actions.json @@ -1,6 +1,29 @@ [ - { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "link": "/#/hunt?q=\"{value}\" | groupby event.module event.dataset", "target": "" }, - { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "links": ["/joblookup?esid={:soc_id}", "/joblookup?ncid={:network.community_id}"], "target": "" }, - { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "link": "https://www.google.com/search?q={value}", "target": "_blank" }, - { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "link": "https://www.virustotal.com/gui/search/{value}", "target": "_blank" } + { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "target": "", + "links": [ + "/#/hunt?q=\"{value}\" | groupby event.module event.dataset" + ]}, + { "name": "actionCorrelate", "description": "actionCorrelateHelp", "icon": "fab fa-searchengin", "target": "", + "links": [ + "/#/hunt?q=\"{:log.id.fuid}\" OR \"{:log.id.uid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.fuid}\" OR \"{:log.id.uid}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.fuid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.uid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.fuid}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.uid}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:network.community_id}\" | groupby event.module event.dataset" + ]}, + { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "target": "", + "links": [ + "/joblookup?esid={:soc_id}", + "/joblookup?ncid={:network.community_id}" + ]}, + { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "target": "_blank", + "links": [ + "https://www.google.com/search?q={value}" + ]}, + { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "target": "_blank", + "links": [ + "https://www.virustotal.com/gui/search/{value}" + ]} ] \ No newline at end of file