New Default Hunt Query
#12669
Replies: 1 comment
-
|
Good news, you can make whatever you like the default Hunt query. Go to Administration --> Configuration and then modify the setting in soc --> config --> server --> client --> hunt --> queries. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Im new to this, but for me the query:
* | groupby event.module* | groupby -sankey event.module* event.dataset | groupby event.dataset | groupby source.ip source.port destination.ip destination.port | groupby network.protocol | groupby source_geo.organization_name source.geo.country_name | groupby destination_geo.organization_name destination.geo.country_name | groupby rule.name rule.category event.severity_label | groupby dns.query.name | groupby file.mime_type | groupby http.virtual_host http.uri | groupby notice.note notice.message notice.sub_message | groupby ssl.server_name | groupby source.ip host.hostname user.name event.action event.type process.executable process.pidShould be the default Hunt Qery , it even comes from the System somewhere.
Thanks for the great work!
Beta Was this translation helpful? Give feedback.
All reactions