Skip to content

Commit 2c7701f

Browse files
bios62bios62
committed
after 1. review V2
1 parent 8c32fc3 commit 2c7701f

File tree

1 file changed

+10
-10
lines changed
  • security/ciso-office/shared-assets/security-alarms

1 file changed

+10
-10
lines changed

security/ciso-office/shared-assets/security-alarms/README.md

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -73,30 +73,30 @@ allow dynamic-group myloganalytics-detection-group to read compartments in tenan
7373

7474
Once we have the IAM pre-requisites in place, we can start by defining our custom metrics query.
7575

76-
NAvigate to ```Observability & Management->Logging analytics->Dashboards``` and select Network Dashboard.
76+
Navigate to ```Observability & Management->Logging analytics->Dashboards``` and select Network Dashboard.
7777

7878
![network_dashboard](images/network_dashboard.png)
79-
Network Dashboard from Securty Fundamentals Dashboard
79+
<small>Network Dashboard from Securty Fundamentals Dashboard</small>
8080

8181
Expand Egress traffic widget and you will see the Log Explorer
8282

8383
![drilldown](images/drilldown.png)
84-
Piture of log explorer
84+
<small>Piture of log explorer</small>
8585

8686
Run the modfied query:
8787
```
8888
'Log Source' = 'OCI VCN Flow Unified Schema Logs' | where 'Destination IP' = 'Public IP' | eval vol = 'Content Size Out' / 1024 | timestats span = 10minute sum(vol) as 'Volume (KB)
8989
```
9090
![runquery](images/runquery.png)
91-
Picture of exection of modified query
91+
<small>Picture of exection of modified query</small>
9292

9393
![savequery1](images/savequery1.png)
94-
Picture of save query as
94+
<small>Picture of save query as</small>
9595

9696
Pull the list of saved queries
9797

9898
![savedsearches](images/savedsearches.png)
99-
Picture of modified query
99+
<small>Picture of modified query</small>
100100

101101

102102
# Create detection rule
@@ -105,7 +105,7 @@ Having created the custom query, we now need to create the detection rule.
105105
Navigate to ```analytics->dashboard->saved query```, and pull up the saved query.
106106

107107
![addmetric1](images/addmetric1.png)
108-
Picture of saved query screen
108+
<small>Picture of saved query screen</small>
109109

110110
Create the Detection rule. In the detection rule creation screen, select the folowing:
111111
- "Scheduled Detection Rule" is the method for running the log analytic query
@@ -116,15 +116,15 @@ Create the Detection rule. In the detection rule creation screen, select the fol
116116
- "Minimum interval" is 5 minutes, normally a good choice for security alarms.
117117

118118
![addmetric2](images/addmetric2.png)
119-
Picture of first rule creation step
119+
<small>Picture of first rule creation step</small>
120120

121121
![addmetric3](images/addmetric3.png)
122-
Picture of 2. step
122+
<small>Picture of 2. step</small>
123123

124124
When the detection rule is created verify the detection rule
125125

126126
![detectionrule](images/detectionrule.png)
127-
Picture of rule validation
127+
<small>Picture of rule validation</small>
128128

129129
# Topic Creation
130130

0 commit comments

Comments
 (0)