CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

add more endpoint.events.x fields to soc_soc.yaml

Browse Source
This commit is contained in:
Doug Burks
2024-02-23 15:38:53 -05:00
committed by GitHub
parent 7da0ccf5a6
commit b7ef1e8af1
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/soc/soc_soc.yaml
View File

@@ -59,7 +59,13 @@ soc:
description: Event fields mappings are defined by the format ":event.module:event.dataset". For example, to customize which fields show for 'syslog' events originating from 'zeek', find the eventField item in the left panel that looks like ':zeek:syslog'. The 'default' entry is used for all events that do not match an existing mapping defined in the list to the left. description: Event fields mappings are defined by the format ":event.module:event.dataset". For example, to customize which fields show for 'syslog' events originating from 'zeek', find the eventField item in the left panel that looks like ':zeek:syslog'. The 'default' entry is used for all events that do not match an existing mapping defined in the list to the left.
global: True global: True
advanced: True advanced: True
':endpoint:endpoint_x_events_x_api': *eventFields
':endpoint:endpoint_x_events_x_file': *eventFields
':endpoint:endpoint_x_events_x_library': *eventFields
':endpoint:endpoint_x_events_x_network': *eventFields
':endpoint:endpoint_x_events_x_process': *eventFields ':endpoint:endpoint_x_events_x_process': *eventFields
':endpoint:endpoint_x_events_x_registry': *eventFields
':endpoint:endpoint_x_events_x_security': *eventFields
server: server:
srvKey: srvKey:
description: Unique key for protecting the integrity of user submitted data via the web browser. description: Unique key for protecting the integrity of user submitted data via the web browser.