CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move to Client/Detections

Browse Source 
Added a basic annotation.
This commit is contained in:
Corey Ogburn
2024-10-09 08:40:54 -06:00
parent 04ebe4efea
commit c77b0afd8e
2 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
salt/soc/defaults.yaml
View File

@@ -1447,13 +1447,6 @@ soc:
casesEnabled: true casesEnabled: true
detectionsEnabled: true detectionsEnabled: true
inactiveTools: ['toolUnused'] inactiveTools: ['toolUnused']
detectionEngineStatusQueries:
suricata:
IntegrityFailure: 'tags:so-soc AND soc.fields.error: "integrity check failed; discrepancies found" AND soc.fields.detectionEngine:"suricata"'
elastalert:
IntegrityFailure: 'tags:so-soc AND soc.fields.error: "integrity check failed; discrepancies found" AND soc.fields.detectionEngine:"elastalert"'
strelka:
IntegrityFailure: 'tags:so-soc AND soc.fields.error: "integrity check failed; discrepancies found" AND soc.fields.detectionEngine:"strelka"'
tools: tools:
- name: toolKibana - name: toolKibana
description: toolKibanaHelp description: toolKibanaHelp
@@ -2270,6 +2263,13 @@ soc:
- name: "Detections with Overrides" - name: "Detections with Overrides"
query: "_exists_:so_detection.overrides | groupby so_detection.language | groupby so_detection.ruleset so_detection.isEnabled" query: "_exists_:so_detection.overrides | groupby so_detection.language | groupby so_detection.ruleset so_detection.isEnabled"
description: Show Detections that have Overrides description: Show Detections that have Overrides
detectionEngineStatusQueries:
suricata:
IntegrityFailure: 'tags:so-soc AND soc.fields.error: "integrity check failed; discrepancies found" AND soc.fields.detectionEngine:"suricata"'
elastalert:
IntegrityFailure: 'tags:so-soc AND soc.fields.error: "integrity check failed; discrepancies found" AND soc.fields.detectionEngine:"elastalert"'
strelka:
IntegrityFailure: 'tags:so-soc AND soc.fields.error: "integrity check failed; discrepancies found" AND soc.fields.detectionEngine:"strelka"'
detection: detection:
showUnreviewedAiSummaries: false showUnreviewedAiSummaries: false
presets: presets:

7
salt/soc/soc_soc.yaml
View File

@@ -461,7 +461,12 @@ soc:
alerts: *appSettings alerts: *appSettings
cases: *appSettings cases: *appSettings
dashboards: *appSettings dashboards: *appSettings
detections: *appSettings detections:
<<: *appSettings
detectionEngineStatusQueries:
description: Queries mapped to the detection engine status.
global: True
forcedType: "{}"
detection: detection:
showUnreviewedAiSummaries: showUnreviewedAiSummaries:
description: Show AI summaries in detections even if they have not yet been reviewed by a human. description: Show AI summaries in detections even if they have not yet been reviewed by a human.