You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have created a alert correlation dashboard for SO 2.4.
The purpose of this dashboard is to view all alert logs on timelines over a longer period of time so that a correlation between the events becomes visible more quickly.
The following warning logs are displayed:
Zeek wierd
Zeek Notice
Suricata alert
Playbook alert
Endpoind alert
Kibana alert
The kibana alert logs come from the elastic security module, where I have activated all windows and AV rules for which an elastic license is not required. I did this because you also get a full visual process tree for your alerts in kibana. This makes it easier and faster to determine whether a process has been started legally.
You can import the dashboard code as an ndjson file into kibana on the folowing location:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hello all,
I have created a alert correlation dashboard for SO 2.4.
The purpose of this dashboard is to view all alert logs on timelines over a longer period of time so that a correlation between the events becomes visible more quickly.
The following warning logs are displayed:
The kibana alert logs come from the elastic security module, where I have activated all windows and AV rules for which an elastic license is not required. I did this because you also get a full visual process tree for your alerts in kibana. This makes it easier and faster to determine whether a process has been started legally.
You can import the dashboard code as an ndjson file into kibana on the folowing location:
Management > Kibana > Saved Objects
The dashboard is named Custum-Hunt
Corelation-dashboard.zip
Regards
Bart
Beta Was this translation helpful? Give feedback.
All reactions