digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-21 11:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

updated rule generation + left comment in for testing. (2/?)

Browse Source
This commit is contained in:
thomashaw
2022-02-23 15:07:07 +00:00
parent 2feb7611c2
commit 475149da1a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/helpers/rules.rb
View File

@@ -79,7 +79,7 @@ class Rules
" query_string:\n" +
# on box as:
# query: "user.name: 'crackme' AND event.module: 'auditd' AND event.outcome: 'success' AND event.category: 'authentication'"
' query: \"user.name: \"' + goal['account_name'] +'\' AND event.module: auditd AND event.category: authentication AND event.outcome: success\"' + "\n" +
' query: "user.name: \'' + goal['account_name'] +'\' AND event.module: \'auditd\' AND event.category: \'authentication\' AND event.outcome: \'success"' + "\n" +
"alert:\n" +
" - \"elastalert.modules.alerter.exec.ExecAlerter\"\n" +
"command: [\"/usr/bin/ruby\", \"/opt/alert_actioner/alert_router.rb\"]\n" +