CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Detection Default queries

Browse Source
This commit is contained in:
Josh Brower
2024-02-12 19:39:55 -05:00
parent 5102269440
commit ea80469c2d
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
salt/soc/defaults.yaml
View File

@@ -1770,21 +1770,23 @@ soc:
- so_detection.title - so_detection.title
- so_detection.isEnabled - so_detection.isEnabled
- so_detection.language - so_detection.language
- "@timestamp" - so_detection.severity
queries: queries:
- name: "All Detections" - name: "All Detections"
query: "_id:*" query: "_id:*"
- name: "Local Rules" - name: "Custom Detections"
query: "so_detection.isCommunity:false" query: "so_detection.isCommunity:false"
- name: "Enabled" - name: "All Detections - Enabled"
query: "so_detection.isEnabled:true" query: "so_detection.isEnabled:true"
- name: "Disabled" - name: "All Detections - Disabled"
query: "so_detection.isEnabled:false" query: "so_detection.isEnabled:false"
- name: "Suricata" - name: "Detection Type - Suricata (NIDS)"
query: "so_detection.language:suricata" query: "so_detection.language:suricata"
- name: "Sigma" - name: "Detection Type - Sigma - All"
query: "so_detection.language:sigma" query: "so_detection.language:sigma"
- name: "Yara" - name: "Detection Type - Sigma - Windows"
query: 'so_detection.language:sigma AND so_detection.content: "*product: windows*"'
- name: "Detection Type - Yara (Strelka)"
query: "so_detection.language:yara" query: "so_detection.language:yara"
detection: detection:
presets: presets: