Comments (11)
Hello Joshua,
When will this be available?
from thehive_sla_monitor.
from thehive_sla_monitor.
This has been implemented - see MAX_ALERT_DETECTION_AGE
in README under js_issue14
branch.
from thehive_sla_monitor.
Hi @devatnull, can you confirm if this solves your request? Thanks
from thehive_sla_monitor.
Max timer on normal alerts work, but the max_timer doesn't work on high risk word search. It will parse every alert when doing a high risk search.
SLA_SETTINGS = {
'THEHIVE_LEVEL3': {'ENABLED': True,
'LOW_SEVERITY': {'TIMER': 1800, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'MEDIUM_SEVERITY': {'TIMER': 2700, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'HIGH_SEVERITY': {'TIMER': 60, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'HIGH_RISK': {'NOTIFICATION_METHOD': ['TWILIO_SMS']}},
'THEHIVE_LEVEL2': {'ENABLED': False,
'LOW_SEVERITY': {'TIMER': 1800, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'MEDIUM_SEVERITY': {'TIMER': 2700, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'HIGH_SEVERITY': {'TIMER': 3600, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'HIGH_RISK': {'NOTIFICATION_METHOD': ['TWILIO_SMS']}},
'THEHIVE_LEVEL1': {'ENABLED': False,
'LOW_SEVERITY': {'TIMER': 1800, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'MEDIUM_SEVERITY': {'TIMER': 2700, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'HIGH_SEVERITY': {'TIMER': 3600, 'NOTIFICATION_METHOD': ['TWILIO_SMS']},
'HIGH_RISK': {'NOTIFICATION_METHOD': ['TWILIO_SMS']}}
}
SYSTEM_SETTINGS = {
'HIGH_RISK_WORDS': ['SUBAT','Root FS'],
'HIGH_RISK_WORDS_SEVERITY_LEVEL': 2,
'LOOP_TIME': 140,
'MAX_ALERT_DETECTION_ENABLED': True,
'MAX_ALERT_DETECTION_AGE': 120,
'HIVE_SERVER_IP': '192.168.122.30',
'HIVE_SERVER_PORT': 9000,
'HIVE_FQDN': 'http://192.168.122.30',
'HIVE_API_KEY': '***********************************',
'LOG_FILE_LOCATION': 'debug.log'
}
FLASK_SETTINGS = {
'ENABLE_WEBSERVER': True,
'FLASK_WEBSERVER_IP': 'localhost',
'FLASK_WEBSERVER_PORT': 3002
}
TWILIO_SETTINGS = {
'TWILIO_ENABLED': True,
'TWILIO_SENDER': '*****************',
'TWILIO_RTCP': ['*************'],
'ACCOUNT_SID': '*******************************',
'AUTH_TOKEN': '************************',
'TWIMLET_URL': ''
}
SLACK_SETTINGS = {
'SLACK_ENABLED': False,
'SLACK_APP_TOKEN': '',
'SLACK_CHANNEL': '',
'SLACK_WEBHOOK_URL': ''
}
My configuration is below
from thehive_sla_monitor.
from thehive_sla_monitor.
TY, the problem is with the high risk words not using {'TIMER': 60}
from thehive_sla_monitor.
Hi @devatnull, I've fixed this for you. Please test when you can and let me know if it works?
from thehive_sla_monitor.
Hello,
High risk alerts work fine. But there is a problem with parsing severity 3 alerts, my config on above still the same, I can't seem to query on severity 3 for timer:60. On the logs:
2021-02-17 18:23:47,942 [INFO] [*] TheHive Alert: Title: Wazuh Alert - Medium (00065cdb5d2416cdf8f2f5fb5db98220). Created at 2021-02-11 03:52:30.
2021-02-17 18:23:47,942 [INFO] 00065cdb5d2416cdf8f2f5fb5db98220 has a severity level of 2 which has not been enabled via configuration.py.
"Level of 2" is on every line no level 3 and no alert.
from thehive_sla_monitor.
from thehive_sla_monitor.
I see your ENABLED
in your config.py is set to False
-> 'THEHIVE_LEVEL2': {'ENABLED': False,
You need to set it to True
if you want to enable detection on level 2. Double-check the documentation (README.MD) on how it works - perhaps I need to make it better if it's too confusing or poorly written?
from thehive_sla_monitor.
Related Issues (10)
- slackclient module is deprecated HOT 19
- General problems HOT 15
- Create spec tests
- Add last 5 digits of ID on truncated SMS alerts for tracking HOT 1
- Feature | Sending SMS to multiple numbers HOT 7
- Enhancement | Sending messages in half HOT 4
- Enhancement | Sending sms based on what message contains HOT 7
- Send sms only on one severity HOT 8
- Giving the choice to the user HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from thehive_sla_monitor.