CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
f6a9a764de7226fdfb91519efd01818117dd49a5
securityonion/salt/soctopus/files/templates/generic.template
Josh Brower 766f4dd661 Add Elastic Defend Integration
2023-05-22 16:02:08 -04:00

25 lines
640 B
Plaintext
Raw Blame History

alert:
- "modules.so.playbook-es.PlaybookESAlerter"
elasticsearch_host: "{{ GLOBALS.url_base }}:9200"
play_title: ""
play_id: ""
event.module: "playbook"
event.dataset: "alert"
event.severity:
rule.category:
play_url: "https://{{ GLOBALS.url_base }}/playbook/issues/6000"
kibana_pivot: "https://{{ GLOBALS.url_base }}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))"
soc_pivot: "https://{{ GLOBALS.url_base }}/#/hunt"
sigma_level: ""
index: '.ds-logs-*'
name: EQL
priority: 3
realert:
minutes: 0
type: any
filter:
- query:
query_string:
Reference in New Issue View Git Blame Copy Permalink