How to enable Slack messages for Critical Sigma alerts? License? #13099
Replies: 1 comment 4 replies
-
|
Please see: #13105 Previous versions of 2.4 only supported SMTP notifications. |
Beta Was this translation helpful? Give feedback.
-
|
I don't understand how this is an answer to my question. |
Beta Was this translation helpful? Give feedback.
-
|
You can email [email protected] to get info about how to purchase pro. |
Beta Was this translation helpful? Give feedback.
-
|
That email bounced back as non-existent. |
Beta Was this translation helpful? Give feedback.
-
|
The alias hasn't propagated to the securityonion.com domain yet. Please try [email protected]. Thanks! |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I've recently set up an SO server specifically intended to gather Elastic Agent data from remote employee Windows laptops. I updated it to v2.4.70 and it's Alerting correctly when I run test Malware. I would like to additionally have it send a Slack message when it sees any enabled 'Sigma' alert that is deemed 'Critical' severity. I've been reading through the docs found at
https://docs.securityonion.net/en/latest/notifications.html#slack
https://docs.securityonion.net/en/latest/sigma.html#sigma
Per the instructions I added my slack_webhook_url in 'Administration> Configuration> elastalert> Alerter Parameters' and then went to the new Detections section and ran 'Full Update' on ElastAlert. I saw the note in the 'Alerting Parameters' section stating that it 'Requires a valid Security Onion license key'.
I've looked on the SO website and I'm not seeing anywhere to purchase a license. Where/how do I purchase and apply it, and am I correct in assuming that it unlocks a currently hidden 'Edit' capability? And also, will I have to manually edit all 87 'Enabled>Sigma>Critical' rules and define each one to notify via Slack?
Beta Was this translation helpful? Give feedback.
All reactions