Hide Kratos indices in Hunt [import install] #9091
-
|
Is there a good way to automatically hide the kratos events from showing up in Hunt/Kibana. I am using a import only install and the first step I take each time is to filter out all of the kratos events. Seems like there should be a way to set it so those are filtered automatically (The kratos events were not showing up in earlier versions of the import install). I did try to find out how to do it with no luck. If someone can point me to a doc that explains it it would great :) |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
When importing data using so-import-pcap or so-import-evtx, both of these utilities provide a hyperlink that will show you just the data from the import and nothing from Kratos or anything else: |
Beta Was this translation helpful? Give feedback.
-
|
Ah ok, Thanks Doug |
Beta Was this translation helpful? Give feedback.
When importing data using so-import-pcap or so-import-evtx, both of these utilities provide a hyperlink that will show you just the data from the import and nothing from Kratos or anything else:
https://docs.securityonion.net/en/2.3/so-import-pcap.html
https://docs.securityonion.net/en/2.3/so-import-evtx.html