Alarm manual - Githubissues

outflanknl / RedELK

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

BSD 3-Clause "New" or "Revised" License

2.35k stars 371 forks source link

Alarm manual #274

Closed MarcOverIP closed 1 year ago

MarcOverIP commented 2 years ago

PR for issue #138

One bug left: I want the fields host.name, user.name and host.ip are included in the returned alarm data. But these fields aren't filled with data, even when the actual event does have these fields.

MarcOverIP commented 2 years ago

note: possibly this bug comes from the fact that it also queries ES docs that have not yet been enriched. So include the search query in the module to include tag: enriched_*