Comments (11)
devatnull
commented on June 2, 2024
Hello Joshua,
When will this be available?
from thehive_sla_monitor.
JoshuaSmeda
commented on June 2, 2024
Should be available by tonight - will work on it.
…On Mon, Feb 8, 2021 at 12:32 PM devatnull ***@***.***> wrote:
Hello Joshua,
When will this be available?
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#14 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJRBWDUHLOUPWMM2UEP2ZWLS564T7ANCNFSM4XBTEIZA>
.
from thehive_sla_monitor.
JoshuaSmeda
commented on June 2, 2024
This has been implemented - see MAX_ALERT_DETECTION_AGE in README under js_issue14 branch.
from thehive_sla_monitor.
JoshuaSmeda
commented on June 2, 2024
Hi @devatnull, can you confirm if this solves your request? Thanks
from thehive_sla_monitor.
devatnull
commented on June 2, 2024
Max timer on normal alerts work, but the max_timer doesn't work on high risk word search. It will parse every alert when doing a high risk search.
SLA_SETTINGS = {
'THEHIVE_LEVEL3': {'ENABLED': True,
'LOW_SEVERITY': {'TIMER': 1800, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'MEDIUM_SEVERITY': {'TIMER': 2700, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'HIGH_SEVERITY': {'TIMER': 60, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'HIGH_RISK': {'NOTIFICATION_METHOD': ['TWILIO_SMS']}},
'THEHIVE_LEVEL2': {'ENABLED': False,
'LOW_SEVERITY': {'TIMER': 1800, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'MEDIUM_SEVERITY': {'TIMER': 2700, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'HIGH_SEVERITY': {'TIMER': 3600, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'HIGH_RISK': {'NOTIFICATION_METHOD': ['TWILIO_SMS']}},
'THEHIVE_LEVEL1': {'ENABLED': False,
'LOW_SEVERITY': {'TIMER': 1800, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'MEDIUM_SEVERITY': {'TIMER': 2700, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'HIGH_SEVERITY': {'TIMER': 3600, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'HIGH_RISK': {'NOTIFICATION_METHOD': ['TWILIO_SMS']}}
}
SYSTEM_SETTINGS = {
'HIGH_RISK_WORDS': ['SUBAT','Root FS'],
'HIGH_RISK_WORDS_SEVERITY_LEVEL': 2,
'LOOP_TIME': 140,
'MAX_ALERT_DETECTION_ENABLED': True,
'MAX_ALERT_DETECTION_AGE': 120,
'HIVE_SERVER_IP': '192.168.122.30',
'HIVE_SERVER_PORT': 9000,
'HIVE_FQDN': 'http://192.168.122.30',
'HIVE_API_KEY': '***********************************',
'LOG_FILE_LOCATION': 'debug.log'
}
FLASK_SETTINGS = {
'ENABLE_WEBSERVER': True,
'FLASK_WEBSERVER_IP': 'localhost',
'FLASK_WEBSERVER_PORT': 3002
}
TWILIO_SETTINGS = {
'TWILIO_ENABLED': True,
'TWILIO_SENDER': '*****************',
'TWILIO_RTCP': ['*************'],
'ACCOUNT_SID': '*******************************',
'AUTH_TOKEN': '************************',
'TWIMLET_URL': ''
}
SLACK_SETTINGS = {
'SLACK_ENABLED': False,
'SLACK_APP_TOKEN': '',
'SLACK_CHANNEL': '',
'SLACK_WEBHOOK_URL': ''
}
My configuration is below
from thehive_sla_monitor.
JoshuaSmeda
commented on June 2, 2024
Okay thanks, I'll add support to ignore high risk as well.
…On Mon, 15 Feb 2021, 19:32 Joshua Smeda, ***@***.***> wrote:
Is your alert being passed, perhaps a high risk alert?
On Mon, 15 Feb 2021, 18:45 devatnull, ***@***.***> wrote:
> Max timer on normal alerts work, but the max_timer doesn't work on high
> risk word search. It will parse every alert when doing a high risk
search.
>
> SLA_SETTINGS = {
> 'THEHIVE_LEVEL3': {'ENABLED': True,
> 'LOW_SEVERITY': {'TIMER': 1800, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
> 'MEDIUM_SEVERITY': {'TIMER': 2700, 'NOTIFICATION_METHOD':
['TWILIO_SMS']},
> 'HIGH_SEVERITY': {'TIMER': 60, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
> 'HIGH_RISK': {'NOTIFICATION_METHOD': ['TWILIO_SMS']}},
>
> 'THEHIVE_LEVEL2': {'ENABLED': False,
> 'LOW_SEVERITY': {'TIMER': 1800, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
> 'MEDIUM_SEVERITY': {'TIMER': 2700, 'NOTIFICATION_METHOD':
['TWILIO_SMS']},
> 'HIGH_SEVERITY': {'TIMER': 3600, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
> 'HIGH_RISK': {'NOTIFICATION_METHOD': ['TWILIO_SMS']}},
>
> 'THEHIVE_LEVEL1': {'ENABLED': False,
> 'LOW_SEVERITY': {'TIMER': 1800, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
> 'MEDIUM_SEVERITY': {'TIMER': 2700, 'NOTIFICATION_METHOD':
['TWILIO_SMS']},
> 'HIGH_SEVERITY': {'TIMER': 3600, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
> 'HIGH_RISK': {'NOTIFICATION_METHOD': ['TWILIO_SMS']}}
> }
>
> SYSTEM_SETTINGS = {
> 'HIGH_RISK_WORDS': ['SUBAT','Root FS'],
> 'HIGH_RISK_WORDS_SEVERITY_LEVEL': 2,
> 'LOOP_TIME': 140,
> 'MAX_ALERT_DETECTION_ENABLED': True,
> 'MAX_ALERT_DETECTION_AGE': 120,
> 'HIVE_SERVER_IP': '192.168.122.30',
> 'HIVE_SERVER_PORT': 9000,
> 'HIVE_FQDN': 'http://192.168.122.30',
> 'HIVE_API_KEY': '***********************************',
> 'LOG_FILE_LOCATION': 'debug.log'
> }
>
> FLASK_SETTINGS = {
> 'ENABLE_WEBSERVER': True,
> 'FLASK_WEBSERVER_IP': 'localhost',
> 'FLASK_WEBSERVER_PORT': 3002
> }
>
> TWILIO_SETTINGS = {
> 'TWILIO_ENABLED': True,
> 'TWILIO_SENDER': '*****************',
> 'TWILIO_RTCP': ['*************'],
> 'ACCOUNT_SID': '*******************************',
> 'AUTH_TOKEN': '************************',
> 'TWIMLET_URL': ''
> }
>
> SLACK_SETTINGS = {
> 'SLACK_ENABLED': False,
> 'SLACK_APP_TOKEN': '',
> 'SLACK_CHANNEL': '',
> 'SLACK_WEBHOOK_URL': ''
> }
>
> My configuration is below
>
> —
> You are receiving this because you were assigned.
> Reply to this email directly, view it on GitHub
> <
#14 (comment)
>,
> or unsubscribe
> <
https://github.com/notifications/unsubscribe-auth/AJRBWDTXOU27SSKC45VHOX3S7FFSRANCNFSM4XBTEIZA
>
> .
>
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#14 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJRBWDWVQQWGSTN2XWFG323S7FLBDANCNFSM4XBTEIZA>
.
from thehive_sla_monitor.
devatnull
commented on June 2, 2024
TY, the problem is with the high risk words not using {'TIMER': 60}
from thehive_sla_monitor.
JoshuaSmeda
commented on June 2, 2024
Hi @devatnull, I've fixed this for you. Please test when you can and let me know if it works?
from thehive_sla_monitor.
devatnull
commented on June 2, 2024
Hello,
High risk alerts work fine. But there is a problem with parsing severity 3 alerts, my config on above still the same, I can't seem to query on severity 3 for timer:60. On the logs:
2021-02-17 18:23:47,942 [INFO] [*] TheHive Alert: Title: Wazuh Alert - Medium (00065cdb5d2416cdf8f2f5fb5db98220). Created at 2021-02-11 03:52:30.
2021-02-17 18:23:47,942 [INFO] 00065cdb5d2416cdf8f2f5fb5db98220 has a severity level of 2 which has not been enabled via configuration.py.
"Level of 2" is on every line no level 3 and no alert.
from thehive_sla_monitor.
JoshuaSmeda
commented on June 2, 2024
High risk words don't use that timer. Severity 1/2/3 alerts use that. High
risk words work on its own each time the program re-runs as set in the loop
timer.
I'm not exactly sure what you're asking but check if you must perhaps
adjust high_risk_words_severity level in the configuration.py to look at
severity 3 instead of 2.
…On Wed, 17 Feb 2021, 17:23 devatnull, ***@***.***> wrote:
Hello,
High risk alerts work fine. But there is a problem with parsing severity 3
alerts, my config on above still the same, I can't seem to query on
severity 3 for timer:60.
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#14 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJRBWDWX34AJFESM4XY4RQTS7PNOVANCNFSM4XBTEIZA>
.
from thehive_sla_monitor.
JoshuaSmeda
commented on June 2, 2024
I see your ENABLED in your config.py is set to False -> 'THEHIVE_LEVEL2': {'ENABLED': False,
You need to set it to True if you want to enable detection on level 2. Double-check the documentation (README.MD) on how it works - perhaps I need to make it better if it's too confusing or poorly written?
from thehive_sla_monitor.
Related Issues (10)
- slackclient module is deprecated HOT 19
- General problems HOT 15
- Create spec tests
- Add last 5 digits of ID on truncated SMS alerts for tracking HOT 1
- Feature | Sending SMS to multiple numbers HOT 7
- Enhancement | Sending messages in half HOT 4
- Enhancement | Sending sms based on what message contains HOT 7
- Send sms only on one severity HOT 8
- Giving the choice to the user HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from thehive_sla_monitor.