You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
64 lines
1.6 KiB
64 lines
1.6 KiB
[sandfly_search]
|
|
definition = index="*" sourcetype="sandfly:alarms"
|
|
iseval = 0
|
|
|
|
[sandfly_search_alarms]
|
|
definition = index="*" sourcetype="sandfly:alarms"
|
|
iseval = 0
|
|
|
|
[sandfly_search_all]
|
|
definition = index="*" sourcetype="sandfly:*"
|
|
iseval = 0
|
|
|
|
[sandfly_search_sshkeys]
|
|
definition = index="*" sourcetype="sandfly:ssh:keys"
|
|
iseval = 0
|
|
|
|
[sandfly_search_sandflies]
|
|
definition = index="*" sourcetype="sandfly:sandflies"
|
|
iseval = 0
|
|
|
|
[sandfly_search_ssh_hunter]
|
|
definition = index="*" sourcetype="sandfly:ssh:keys"
|
|
iseval = 0
|
|
|
|
[sandfly_search_hosts]
|
|
definition = index="*" sourcetype="sandfly:hosts"
|
|
iseval = 0
|
|
|
|
[sandfly_search_hosts_details]
|
|
definition = index="*" sourcetype="sandfly:hosts" event_type="host_details"
|
|
iseval = 0
|
|
|
|
[sandfly_search_hosts_summary]
|
|
definition = index="*" sourcetype="sandfly:hosts" event_type="host_summary"
|
|
iseval = 0
|
|
|
|
[sandfly_search_audit]
|
|
definition = index="*" sourcetype="sandfly:logs:audit"
|
|
iseval = 0
|
|
|
|
[sandfly_search_errors]
|
|
definition = index="*" sourcetype="sandfly:logs:error"
|
|
iseval = 0
|
|
|
|
[sandfly_search_errors_detailed]
|
|
definition = index="*" sourcetype="sandfly:logs:error" log_mode="detailed"
|
|
iseval = 0
|
|
|
|
[sandfly_search_errors_summary]
|
|
definition = index="*" sourcetype="sandfly:logs:error" log_mode="summary"
|
|
iseval = 0
|
|
|
|
[sandfly_search_whitelist]
|
|
definition = index="*" sourcetype="sandfly:whitelist"
|
|
iseval = 0
|
|
|
|
[sandfly_search_drift]
|
|
definition = index="*" sourcetype="sandfly:alarms" "data.status"=alert drift_result=true
|
|
iseval = 0
|
|
|
|
[sandfly_search_results_whitelisted]
|
|
definition = index="*" sourcetype="sandfly:alarms" "data.status"=pass whitelisted=true
|
|
iseval = 0
|