Skip to content

corelight/Elasticsearch_rules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
Elastic SIEM Rules
Elastic SIEM Rules
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Elasticsearch_rules

ElasticSearch Detection version of SOC prime watcher rules with some new Corelight rules

Please note some of these rules should be tuned to your environment.

To load in Elastic, download the ndjson and expand Security and go to alerts. Click on Managed Alerts and click import rules and upload the file to Elastic. This will create two new tags one Zeek - These rules will work on OS Zeek and Corelight, and the other Corelight will only work with Corelight Data.

About

Elastic version of SOC prime watcher rules

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

28 stars

Watchers

8 watching

Forks

6 forks
Report repository

Releases 1

public Latest
Jul 12, 2023

Packages

No packages published

Contributors 3

  •  
  •  
  •