mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Merge branch '2.4/dev' of github.com:Security-Onion-Solutions/securityonion into metrics
This commit is contained in:
Mike Reeves
@@ -561,7 +561,7 @@ soc:
|
|||||||
- process.executable
|
- process.executable
|
||||||
- user.name
|
- user.name
|
||||||
- event.dataset
|
- event.dataset
|
||||||
':strelka:file':
|
':strelka:':
|
||||||
- soc_timestamp
|
- soc_timestamp
|
||||||
- file.name
|
- file.name
|
||||||
- file.size
|
- file.size
|
||||||
@@ -570,6 +570,15 @@ soc:
|
|||||||
- file.mime_type
|
- file.mime_type
|
||||||
- log.id.fuid
|
- log.id.fuid
|
||||||
- event.dataset
|
- event.dataset
|
||||||
|
':strelka:file':
|
||||||
|
- soc_timestamp
|
||||||
|
- file.name
|
||||||
|
- file.size
|
||||||
|
- hash.md5
|
||||||
|
- file.source
|
||||||
|
- file.mime_type
|
||||||
|
- log.id.fuid
|
||||||
|
- event.dataset
|
||||||
':suricata:':
|
':suricata:':
|
||||||
- soc_timestamp
|
- soc_timestamp
|
||||||
- source.ip
|
- source.ip
|
||||||
@@ -1200,6 +1209,17 @@ soc:
|
|||||||
- soc_timestamp
|
- soc_timestamp
|
||||||
- event.dataset
|
- event.dataset
|
||||||
- message
|
- message
|
||||||
|
':playbook:':
|
||||||
|
- soc_timestamp
|
||||||
|
- rule.name
|
||||||
|
- event.severity_label
|
||||||
|
- event_data.event.dataset
|
||||||
|
- event_data.source.ip
|
||||||
|
- event_data.source.port
|
||||||
|
- event_data.destination.host
|
||||||
|
- event_data.destination.port
|
||||||
|
- event_data.process.executable
|
||||||
|
- event_data.process.pid
|
||||||
server:
|
server:
|
||||||
bindAddress: 0.0.0.0:9822
|
bindAddress: 0.0.0.0:9822
|
||||||
baseUrl: /
|
baseUrl: /
|
||||||
@@ -1876,11 +1896,22 @@ soc:
|
|||||||
- soc_timestamp
|
- soc_timestamp
|
||||||
- rule.name
|
- rule.name
|
||||||
- event.severity_label
|
- event.severity_label
|
||||||
- event_data.event.module
|
- event_data.event.dataset
|
||||||
- event_data.event.category
|
- event_data.source.ip
|
||||||
|
- event_data.source.port
|
||||||
|
- event_data.destination.host
|
||||||
|
- event_data.destination.port
|
||||||
- event_data.process.executable
|
- event_data.process.executable
|
||||||
- event_data.process.pid
|
- event_data.process.pid
|
||||||
- event_data.winlog.computer_name
|
':strelka:':
|
||||||
|
- soc_timestamp
|
||||||
|
- file.name
|
||||||
|
- file.size
|
||||||
|
- hash.md5
|
||||||
|
- file.source
|
||||||
|
- file.mime_type
|
||||||
|
- log.id.fuid
|
||||||
|
- event.dataset
|
||||||
queryBaseFilter: tags:alert
|
queryBaseFilter: tags:alert
|
||||||
queryToggleFilters:
|
queryToggleFilters:
|
||||||
- name: acknowledged
|
- name: acknowledged
|
||||||
@@ -2033,6 +2064,7 @@ soc:
|
|||||||
- so_detection.severity
|
- so_detection.severity
|
||||||
- so_detection.language
|
- so_detection.language
|
||||||
- so_detection.ruleset
|
- so_detection.ruleset
|
||||||
|
- soc_timestamp
|
||||||
queries:
|
queries:
|
||||||
- name: "All Detections"
|
- name: "All Detections"
|
||||||
query: "_id:*"
|
query: "_id:*"
|
||||||
@@ -2050,6 +2082,8 @@ soc:
|
|||||||
query: 'so_detection.language:sigma AND so_detection.content: "*product: windows*"'
|
query: 'so_detection.language:sigma AND so_detection.content: "*product: windows*"'
|
||||||
- name: "Detection Type - Yara (Strelka)"
|
- name: "Detection Type - Yara (Strelka)"
|
||||||
query: "so_detection.language:yara"
|
query: "so_detection.language:yara"
|
||||||
|
- name: "Security Onion - Grid Detections"
|
||||||
|
query: "so_detection.ruleset:securityonion-resources"
|
||||||
detection:
|
detection:
|
||||||
presets:
|
presets:
|
||||||
severity:
|
severity:
|
||||||
|
|||||||
Reference in New Issue
Block a user