dsiem
dsiem copied to clipboard
defenxor
Security event correlation engine for ELK stack
Cannot use network CIDR ranges in the directive rule. "from": "192.168.2.0/24, 10.10.0.0/24", "to": "!192.168.2.0/24, !10.10.0.0/24", Error getting: {"level":"WARN","ts":"2021-11-23T10:13:57.116Z","msg":"Skipping directive ID 3020 'DNS Test' due to error: !192.168.2.0/24 is not a...
Hi and Thanks in Advance, Can we match custom data fields from previous levels as below? "custom_data1":":1" Also, can we match other custom data fields in previous levels like below?...
Hello, Can we create the rule not within the Plugin_Sid values? (example !SRC_IP or !Custom_Data1) Our goal is to generate an alarm if a user connecting with vpn does not...
When writing a rule, how can we cross-use the SRC_IP and DST_IP information in a parent rule on a new line? (SRC_IP and DST_IP replacement)
Hi Mate, I just want to know whether DSIEM can be used with Security Onion which is a ELK based network sensor. If yes, then please tell how. Please tell...
Hello, I am having an issue starting the demo script (run.sh) to setup the filebeat-es index template: `** ensuring filebeat-es index template is correctly installed .. curl: (22) The requested...
Hi DSIEM Team, While I was trying to test and implement your solution, I figured out the index `siem_alarms` created based on the triggered Suricata rules while carrying out the...
Hi DSIEM people, Not really an issue per-se, but I'm struggling to understand how you actually implement Intel Feeds for DSIEM. From what I can gather, you are using Wise...
TLDR: How can I reload directives while dsiem is running? I am using dsiem for a user-facing product. The setup includes a bunch of containers managed with docker compose. Directives...
