Custom queries for mitre (flow alerts)

ntop · Aug 6, 2024 · 2367402 · 2367402
1 parent 575f955
commit 2367402
Show file tree

Hide file tree

Showing 3 changed files with 108 additions and 0 deletions.
diff --git a/scripts/historical/alerts/flow/mitre_id.json b/scripts/historical/alerts/flow/mitre_id.json
@@ -0,0 +1,36 @@
+{
+	"name" : "Mitre Attacks",
+	"i18n_name" : "",
+	"select" : {
+		"items" : [
+			{
+				"name" : "mitre_id"
+			},
+			{
+				"name" : "count",
+				"func" : "COUNT",
+				"param" : "*",
+				"value_type" : "number"
+			}
+		]
+	},
+	"filters" : {
+		"items" : [
+		]
+	},
+	"groupby" : {
+		"items" : [
+			{
+				"name" : "mitre_id"
+			}
+		]
+	},
+	"sortby" : {
+		"items" : [
+			{
+				"name" : "count",
+				"order" : "DESC"
+			}
+		]
+	}
+}
diff --git a/scripts/historical/alerts/flow/mitre_tactic.json b/scripts/historical/alerts/flow/mitre_tactic.json
@@ -0,0 +1,36 @@
+{
+	"name" : "Mitre Tactics",
+	"i18n_name" : "",
+	"select" : {
+		"items" : [
+			{
+				"name" : "mitre_tactic"
+			},
+			{
+				"name" : "count",
+				"func" : "COUNT",
+				"param" : "*",
+				"value_type" : "number"
+			}
+		]
+	},
+	"filters" : {
+		"items" : [
+		]
+	},
+	"groupby" : {
+		"items" : [
+			{
+				"name" : "mitre_tactic"
+			}
+		]
+	},
+	"sortby" : {
+		"items" : [
+			{
+				"name" : "count",
+				"order" : "DESC"
+			}
+		]
+	}
+}
diff --git a/scripts/historical/alerts/flow/mitre_technique.json b/scripts/historical/alerts/flow/mitre_technique.json
@@ -0,0 +1,36 @@
+{
+	"name" : "Mitre Techniques",
+	"i18n_name" : "",
+	"select" : {
+		"items" : [
+			{
+				"name" : "mitre_technique"
+			},
+			{
+				"name" : "count",
+				"func" : "COUNT",
+				"param" : "*",
+				"value_type" : "number"
+			}
+		]
+	},
+	"filters" : {
+		"items" : [
+		]
+	},
+	"groupby" : {
+		"items" : [
+			{
+				"name" : "mitre_technique"
+			}
+		]
+	},
+	"sortby" : {
+		"items" : [
+			{
+				"name" : "count",
+				"order" : "DESC"
+			}
+		]
+	}
+}