CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Detection Engine Status Queries

Browse Source 
A few for testing
This commit is contained in:
Corey Ogburn
2024-10-08 14:52:49 -06:00
parent ba699b8d06
commit cbb4d6846f
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
salt/soc/defaults.yaml
View File

@@ -1447,6 +1447,13 @@ soc:
casesEnabled: true
detectionsEnabled: true
inactiveTools: ['toolUnused']
detectionEngineStatusQueries:
- suricata:
IntegrityFailure: 'tags:so-soc AND soc.fields.error: "integrity check failed; discrepancies found" AND soc.fields.detectionEngine:"suricata"'
- elastalert:
IntegrityFailure: 'tags:so-soc AND soc.fields.error: "integrity check failed; discrepancies found" AND soc.fields.detectionEngine:"elastalert"'
- strelka:
IntegrityFailure: 'tags:so-soc AND soc.fields.error: "integrity check failed; discrepancies found" AND soc.fields.detectionEngine:"strelka"'
tools:
- name: toolKibana
description: toolKibanaHelp