Closed sukhwindersingh-qasource closed 6 months ago
Pinging @elastic/security-solution (Team: SecuritySolution)
Pinging @elastic/security-defend-workflows (Team:Defend Workflows)
Reviewed and assigned to @dasansol92
@tomsonpl could you help on these queries? Thanks!
@sukhwindersingh-qasource hey, I haven't specified any strict query... but some tips that can help you are:
logs-sentinel*
? and skip the observer.serial_number? nslookup amazon.com
on the virtual machine with s1 agent. that will create the malware Hope this helps, feel free to reach out to me, we can try doing it together 👍
Hi @tomsonpl,
Thank you for your assistance. As we discussed on Slack, changes were made to the SentinelOne Cloud Funnel. The bucket name was updated to - name: sentinel_one
. Following these changes, we are now able to test the analyzer for SentinelOne alerts.
Below are the observations :
https://github.com/elastic/kibana/assets/108654988/ddca536c-f115-46bb-99c4-f4a48d9a5d94
Hence we are closing this ticket. Thanks !
Describe the bug: [Question]How to generate Data to test Analyzer for Sentinelone alert.
Build Details:
Preconditions
Steps to Reproduce
Screen-Cast
https://github.com/elastic/kibana/assets/108654988/0d12ad20-de4c-4eca-9fe0-237da3cf7c85
Query