CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

remove old Wazuh Hunt queries in defaults.yaml

Browse Source
This commit is contained in:
Doug Burks
2022-12-10 14:21:58 -05:00
committed by GitHub
parent cd664b2d39
commit cf7d8076e9
1 changed files with 0 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
salt/soc/defaults.yaml
View File

@@ -1137,22 +1137,6 @@ soc:
description: Show all Osquery Live Query results
query: 'event.dataset: osquery_manager.result | groupby action_data.id action_data.query | groupby host.hostname'
showSubtitle: true
- name: Wazuh/OSSEC Alerts
description: Show all Wazuh alerts at Level 5 or higher grouped by category
query: 'event.module:ossec AND event.dataset:alert AND rule.level:>4 | groupby rule.category rule.name'
showSubtitle: true
- name: Wazuh/OSSEC Alerts
description: Show all Wazuh alerts at Level 4 or lower grouped by category
query: 'event.module:ossec AND event.dataset:alert AND rule.level:<5 | groupby rule.category rule.name'
showSubtitle: true
- name: Wazuh/OSSEC Users and Commands
description: Show all Wazuh alerts grouped by username and command line
query: 'event.module:ossec AND event.dataset:alert | groupby user.escalated.keyword process.command_line'
showSubtitle: true
- name: Wazuh/OSSEC Processes
description: Show all Wazuh alerts grouped by process name
query: 'event.module:ossec AND event.dataset:alert | groupby process.name'
showSubtitle: true
- name: Sysmon Events
description: Show all Sysmon logs grouped by event type
query: 'event.module:sysmon | groupby event.dataset'