FEATURE: Add Events table columns for stun logs

Security-Onion-Solutions / securityonion

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

https://securityonion.net

3.24k stars 501 forks source link

FEATURE: Add Events table columns for stun logs #12940

Closed dougburks closed 6 months ago

dougburks commented 6 months ago

      '::stun':
        - soc_timestamp
        - event.dataset
        - source.ip
        - source.port
        - destination.ip
        - destination.port
        - stun.class
        - stun.method
        - stun.attribute.types
        - log.id.uid

Also, update dashboard:

tags:stun* | groupby source.ip | groupby -sankey source.ip destination.ip | groupby destination.ip | groupby destination.port | groupby destination.geo.country_name | groupby stun.class | groupby -sankey stun.class stun.method | groupby stun.method | groupby stun.attribute.types

dougburks commented 6 months ago

Tested and verified: