dsiem icon indicating copy to clipboard operation
dsiem copied to clipboard

Published 20 hours ago verified publisher icon defenxor

How to set directives

Open ever123ove opened this issue 2 years ago • 3 comments

HI,I have encountered some problems in operation, I want to modify the rule value of directives.json, but I don't know how to ensure that he can successfully read the modified result.

ever123ove avatar Jan 18 '23 07:01 ever123ove

There is a validate switch to help you with that. Run it like this:

./dsiem validate

mmta avatar Jan 27 '23 20:01 mmta

Thank you very much for your reply. Another question, is there a way to filter specific IP alarms through policies like Alienvault?

ever123ove avatar Jan 30 '23 09:01 ever123ove

Hi, once an alarm is created they should be managed (including filtered) directly through Elasticsearch/Opensearch or Kibana/Opensearch dashboard. It is better to tune your correlation rules so that alarm isn't created in the first place though.

mmta avatar Feb 07 '23 11:02 mmta