updated rule generation + left comment in for testing. (2/?)

This commit is contained in:
thomashaw
2022-02-23 15:07:07 +00:00
parent 2feb7611c2
commit 475149da1a

View File

@@ -79,7 +79,7 @@ class Rules
" query_string:\n" +
# on box as:
# query: "user.name: 'crackme' AND event.module: 'auditd' AND event.outcome: 'success' AND event.category: 'authentication'"
' query: \"user.name: \"' + goal['account_name'] +'\' AND event.module: auditd AND event.category: authentication AND event.outcome: success\"' + "\n" +
' query: "user.name: \'' + goal['account_name'] +'\' AND event.module: \'auditd\' AND event.category: \'authentication\' AND event.outcome: \'success"' + "\n" +
"alert:\n" +
" - \"elastalert.modules.alerter.exec.ExecAlerter\"\n" +
"command: [\"/usr/bin/ruby\", \"/opt/alert_actioner/alert_router.rb\"]\n" +