Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FEATURE: Add Events table columns for event.module sigma #12743

Closed
dougburks opened this issue Apr 3, 2024 · 1 comment
Closed

FEATURE: Add Events table columns for event.module sigma #12743

dougburks opened this issue Apr 3, 2024 · 1 comment
Assignees
@dougburks
Milestone
2.4.70

Comments

@dougburks
Copy link
Contributor

dougburks commented Apr 3, 2024
edited
Loading

As a defender, when I'm working in Alerts/Dashboards/Hunt, I need Events table columns for event.module sigma:

  ':sigma:':
    - soc_timestamp
    - rule.name
    - event.severity_label
    - event_data.event.dataset
    - event_data.source.ip
    - event_data.source.port
    - event_data.destination.host
    - event_data.destination.port
    - event_data.process.executable
    - event_data.process.pid
@dougburks dougburks self-assigned this Apr 3, 2024
@dougburks dougburks added this to the 2.4.70 milestone Apr 3, 2024
dougburks added a commit that referenced this issue Apr 4, 2024
@dougburks
FEATURE: Add Events table columns for event.module sigma #12743
5ec3b83
dougburks added a commit that referenced this issue Apr 4, 2024
@dougburks
Merge pull request #12751 from Security-Onion-Solutions/dougburks-pat…
7b4e207 
…ch-1

FEATURE: Add Events table columns for event.module sigma #12743
@dougburks
Copy link
Contributor Author

Tested and verified.

Alerts:

image

Dashboards:

image

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 5, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dougburks dougburks

Labels
None yet
Projects
None yet
Milestone
2.4.70
Development

No branches or pull requests
1 participant
@dougburks