mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-07-02 15:18:15 +02:00
Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 868b217549 |
@@ -1771,13 +1771,13 @@ soc:
|
||||
enabled: true
|
||||
queries:
|
||||
- name: Default Query
|
||||
description: Show all events grouped by the observer host
|
||||
query: '* | groupby observer.name'
|
||||
showSubtitle: true
|
||||
- name: Log Type
|
||||
description: Show all events grouped by module and dataset
|
||||
query: '* | groupby event.module* event.dataset'
|
||||
showSubtitle: true
|
||||
- name: Observer
|
||||
description: Show all events grouped by the observer host
|
||||
query: '* | groupby observer.name'
|
||||
showSubtitle: true
|
||||
- name: SOC - Auth
|
||||
description: Users authenticated to SOC grouped by IP address and identity
|
||||
query: 'event.dataset:kratos.audit AND msg:*authenticated* | groupby http.request.headers.x-real-ip user.name'
|
||||
|
||||
Reference in New Issue
Block a user