You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello
we have securityonion2.4 and elasticsearch8.10
We're trying to implement an EQL rule for port scanning detection of a specific destination Ip
we're using unique and count pipe but we get an error message (pipe unique and count are not supported)
Thanks
Guidelines
I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.50
Installation Method
Security Onion ISO image
Description
other (please provide detail below)
Installation Type
Distributed
Location
on-prem with Internet access
Hardware Specs
Meets minimum requirements
CPU
4
RAM
16
Storage for /
200
Storage for /nsm
200
Network Traffic Collection
tap
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
Hello
we have securityonion2.4 and elasticsearch8.10
We're trying to implement an EQL rule for port scanning detection of a specific destination Ip
we're using unique and count pipe but we get an error message (pipe unique and count are not supported)
Thanks
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions