...ashboard and for that I need to have all sorts of signature values from different data models (Vulnerabilities, Malware, Intrusion_Detection) in just one column to plot that chart.
Please tell me h...
We are using ES with a datamodel that has the base constraint:
(`cim_Malware_indexes`) tag=malware tag=attack
This drives correlation searches like: Endpoint - Recurring Malware I...
...orrelation rule is "Host With A Recurring Malware Infection ($signature$ On $dest$)" and I use: `notable`
| search event_hash=$event_hash$
| eval comments="$rule_title$"
| snowincidentalert what e...
...ew to writing data model based queries. Thanks for all the help! (`cim_Malware_indexes`) tag=malware tag=attack | eval grouping_signature=if(isnotnull(file_name),signature . ":" . file_name,signature...