Popular Plays #10793
-
|
Hi everybody, I'm relatively new to security onion and have two very basic questions. What are some plays that you use from the detection playbook? What are some popular plays that SOCs like implementing? Please let me know if this has already been answered in a previous discussion. Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
The plays you would run in your environment will differ from the plays another person / org would run in their environment. We include a handful of detections from https://github.com/SigmaHQ/sigma that can be enabled / disabled at your discretion. Here are some great free resources for you learn a bit more about playbook |
Beta Was this translation helpful? Give feedback.
-
|
Thank you so much! |
Beta Was this translation helpful? Give feedback.
The plays you would run in your environment will differ from the plays another person / org would run in their environment. We include a handful of detections from https://github.com/SigmaHQ/sigma that can be enabled / disabled at your discretion.
Here are some great free resources for you learn a bit more about playbook
https://www.youtube.com/watch?v=IS2SOlDedPc
https://docs.securityonion.net/en/2.3/playbook.html?highlight=playbook