Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX: Improve File dashboard #12914

Closed
dougburks opened this issue May 2, 2024 · 1 comment
Closed

FIX: Improve File dashboard #12914

dougburks opened this issue May 2, 2024 · 1 comment
Assignees
@dougburks
Milestone
2.4.70

Comments

@dougburks
Copy link
Contributor

dougburks commented May 2, 2024
edited
Loading

We should avoid long fields in sankey diagrams.

change File dashboard from:

event.category: file AND _exists_:process.executable | groupby host.name | groupby -sankey host.name process.executable | groupby process.executable | groupby event.dataset event.action event.type | groupby file.name

to File and Process Mappings:

event.category: file AND _exists_:process.name AND _exists_:process.executable | groupby host.name | groupby -sankey host.name process.name | groupby process.name | groupby process.executable | groupby event.dataset event.action event.type | groupby file.name
@dougburks dougburks self-assigned this May 2, 2024
@dougburks dougburks added this to the 2.4.70 milestone May 2, 2024
dougburks added a commit that referenced this issue May 2, 2024
@dougburks
FIX: Improve File dashboard #12914
1be3e62
dougburks added a commit that referenced this issue May 2, 2024
@dougburks
FIX: Improve File dashboard #12914
0822a46
dougburks added a commit that referenced this issue May 2, 2024
@dougburks
Merge pull request #12915 from Security-Onion-Solutions/dougburks-pat…
240ffc0 
…ch-1

FIX: Improve File dashboard #12914
@dougburks
Copy link
Contributor Author

Tested and verified:
image

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dougburks dougburks

Labels
None yet
Projects
None yet
Milestone
2.4.70
Development

No branches or pull requests
1 participant
@dougburks