trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Multiple bugfixes, add dashboard

Browse Source
This commit is contained in:
Chris Long
2020-03-27 14:53:04 -07:00
parent 242e1a7cf3
commit 34d8a39c43
9 changed files with 312 additions and 192 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Vagrant/resources/splunk_server/props.conf
View File

@@ -12,3 +12,11 @@ TIME_PREFIX = Start time:\s
category = Custom
pulldown_type = true
TRUNCATE = 0
[osquery:json]
TRANSFORMS-osquery_host = osquery_hostidentifier_as_host
TRANSFORMS-null = setnull
TIME_PREFIX = \"unixTime\"\:
MAX_TIMESTAMP_LOOKAHEAD = 500
TIME_FORMAT = %s
TRUNCATE = 0