CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

add x509 issuer and subject groupby queries

Browse Source
This commit is contained in:
Doug Burks
2020-06-01 07:48:50 -04:00
committed by GitHub
parent 46dc5f42e9
commit f559621f00
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/soc/files/soc/soc.json
View File

@@ -140,6 +140,8 @@
{ "name": "Tunnels", "description": "Tunnels grouped by action", "query": "event.module:zeek AND event.dataset:tunnels | groupby event.action"}, { "name": "Tunnels", "description": "Tunnels grouped by action", "query": "event.module:zeek AND event.dataset:tunnels | groupby event.action"},
{ "name": "Weird", "description": "Zeek weird log grouped by name", "query": "event.module:zeek AND event.dataset:weird | groupby weird.name"}, { "name": "Weird", "description": "Zeek weird log grouped by name", "query": "event.module:zeek AND event.dataset:weird | groupby weird.name"},
{ "name": "x509", "description": "x.509 grouped by key length", "query": "event.module:zeek AND event.dataset:x509 | groupby x509.certificate.key.length"}, { "name": "x509", "description": "x.509 grouped by key length", "query": "event.module:zeek AND event.dataset:x509 | groupby x509.certificate.key.length"},
{ "name": "x509", "description": "x.509 grouped by issuer", "query": "event.module:zeek AND event.dataset:x509 | groupby x509.certificate.issuer"},
{ "name": "x509", "description": "x.509 grouped by subject", "query": "event.module:zeek AND event.dataset:x509 | groupby x509.certificate.subject"},
{ "name": "Firewall", "description": "Firewall events grouped by action", "query": "event_type:firewall | groupby action"} { "name": "Firewall", "description": "Firewall events grouped by action", "query": "event_type:firewall | groupby action"}
] ]
} }