mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Improve Software dashboard
This commit is contained in:
Doug Burks
GitHub
@@ -1482,7 +1482,7 @@ soc:
|
|||||||
query: 'event.dataset:snmp | groupby snmp.community | groupby snmp.version | groupby -sankey source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port'
|
query: 'event.dataset:snmp | groupby snmp.community | groupby snmp.version | groupby -sankey source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port'
|
||||||
- name: Software
|
- name: Software
|
||||||
description: Software seen by Zeek via network traffic
|
description: Software seen by Zeek via network traffic
|
||||||
query: 'event.dataset:software | groupby software.type | groupby software.name | groupby source.ip'
|
query: 'event.dataset:software | groupby -sankey software.type source.ip | groupby software.type | groupby software.name | groupby source.ip'
|
||||||
- name: SSH
|
- name: SSH
|
||||||
description: SSH (Secure Shell) connections seen by Zeek
|
description: SSH (Secure Shell) connections seen by Zeek
|
||||||
query: 'event.dataset:ssh | groupby ssh.client | groupby ssh.server | groupby -sankey source.ip destination.ip | groupby ssh.direction | groupby ssh.version | groupby ssh.hassh_version | groupby source.ip | groupby destination.ip | groupby destination.port | groupby destination_geo.organization_name'
|
query: 'event.dataset:ssh | groupby ssh.client | groupby ssh.server | groupby -sankey source.ip destination.ip | groupby ssh.direction | groupby ssh.version | groupby ssh.hassh_version | groupby source.ip | groupby destination.ip | groupby destination.port | groupby destination_geo.organization_name'
|
||||||
|
|||||||
Reference in New Issue
Block a user