Merge pull request #13053 from Security-Onion-Solutions/2.4/alertsefa…

…ults Add rule.uuid to default groupbys
Security-Onion-Solutions · May 21, 2024 · 8b011b8 · 8b011b8
2 parents 556fdfd + f9e9b82
commit 8b011b8
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
@@ -2056,17 +2056,17 @@ soc:
                 - acknowledged
           queries:
             - name: 'Group By Name, Module'
-              query: '* | groupby rule.name event.module* event.severity_label'
+              query: '* | groupby rule.name event.module* event.severity_label rule.uuid'
             - name: 'Group By Sensor, Source IP/Port, Destination IP/Port, Name'
-              query: '* | groupby observer.name source.ip source.port destination.ip destination.port rule.name network.community_id event.severity_label'
+              query: '* | groupby observer.name source.ip source.port destination.ip destination.port rule.name network.community_id event.severity_label rule.uuid'
             - name: 'Group By Source IP, Name'
-              query: '* | groupby source.ip rule.name event.severity_label'
+              query: '* | groupby source.ip rule.name event.severity_label rule.uuid'
             - name: 'Group By Source Port, Name'
-              query: '* | groupby source.port rule.name event.severity_label'
+              query: '* | groupby source.port rule.name event.severity_label rule.uuid'
             - name: 'Group By Destination IP, Name'
-              query: '* | groupby destination.ip rule.name event.severity_label'
+              query: '* | groupby destination.ip rule.name event.severity_label rule.uuid'
             - name: 'Group By Destination Port, Name'
-              query: '* | groupby destination.port rule.name event.severity_label'
+              query: '* | groupby destination.port rule.name event.severity_label rule.uuid'
             - name: Ungroup
               query: '*'
         grid: