We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hub 自定义规则 Console 前端部分字段不显示 告警名称 告警类型 级别 字段不显示 如下图:
规则如图:
告警数据:
{63 items "SMITH_ALERT_DATA":{2 items "HIT_DATA":[3 items 0: "sqlmap argv:[INCL]:sqlmap" 1: "sqlmap exe:[INCL]:python" 2: "sqlmap argv:[REGEX]:sqlmap" ] "RULE_INFO":{15 items "Action":[1 item 0:{3 items "Extra":{}0 items "Name":"PushMsgToLeader" "Persistent":false } ] "AffectedTarget":"service" "Author":"test" "Desc":"test cmd" "DesignateNode":NULL "FreqCountField":"" "FreqCountType":"count" "FreqHitReset":false "FreqRange":0 "HarmLevel":"high" "KillChainID":"" "RuleID":"sqlmap" "RuleName":"sqlmap_rule" "RuleType":"Detection" "Threshold":"" } } "SMITH_INPUT":"hids" "SMITH_KEY":"2199024709913" "SMITH_TIMESTAM":1685515861102369300 "__alarm_status":0 "__checked":true "__checker":"172.17.0.3:6701" "__handler_user":"" "__hit_wl":false "__insert_time":1685515861 "__update_time":1685515861 "_id":"6476ee55624a936e7f11cf00" "agent_id":"3b05287b-4013-5c85-9528-1dfc07bb135f" "alarm_id":"chreslcfj3feh5p70k40" "alert_type_as":"execution" "argv":"python3 sqlmap.py -u http://testphp.vulnweb.com/artists.php?artist=1" "attack_id_list":"T1059" "comm":"python3" "data_type":"59" "dip":"192.168.12.123" "dport":"64348" "enhanced":"" "ex_ipv4_list":"" "ex_ipv6_list":"" "exe":"/usr/bin/python3.8" "exe_hash":"cd4aac6dde7d30eb" "hostname":"Pentester" "in_ipv4_list":"10.18.10.85,172.21.0.1,172.19.0.1,172.20.0.1,172.22.0.1" "in_ipv6_list":"" "ld_preload":"-1" "nodename":"Pentester" "pgid":"3393514" "pgid_argv":"python3 sqlmap.py -u http://testphp.vulnweb.com/artists.php?artist=1" "pid":"3393514" "pid_tree":"3393514.python3<3367239.bash<3367124.sshd<795.sshd<1.systemd" "pns":"4026531836" "pod_name":"-3" "ppid":"3367239" "ppid_argv":"-bash" "product":"elkeid-agent" "psm_name":"" "psm_path":"" "res":"0" "root_pns":"4026531836" "run_path":"/opt/opensource/sqlmap" "sa_family":"2" "sessionid":"11154" "sid":"3367239" "sip":"10.18.10.85" "socket_argv":"sshd: root@pts/1" "socket_pid":"3367124" "sport":"22" "ssh":"192.168.12.123 64348 10.18.10.85 22" "stdin":"/dev/pts/1" "stdout":"/dev/pts/1" "tags":"" "tgid":"3393514" "time":"1685515860" "time_pkg":"1685515860" "tty":"pts1" "uid":"0" "username":"root" "version":"1.7.0.24" }
The text was updated successfully, but these errors were encountered:
同样问题,请问如何解决的
Sorry, something went wrong.
No branches or pull requests
Hub 自定义规则 Console 前端部分字段不显示
告警名称 告警类型 级别 字段不显示
如下图:
规则如图:
告警数据:
{63 items
"SMITH_ALERT_DATA":{2 items
"HIT_DATA":[3 items
0:
"sqlmap argv:[INCL]:sqlmap"
1:
"sqlmap exe:[INCL]:python"
2:
"sqlmap argv:[REGEX]:sqlmap"
]
"RULE_INFO":{15 items
"Action":[1 item
0:{3 items
"Extra":{}0 items
"Name":"PushMsgToLeader"
"Persistent":false
}
]
"AffectedTarget":"service"
"Author":"test"
"Desc":"test cmd"
"DesignateNode":NULL
"FreqCountField":""
"FreqCountType":"count"
"FreqHitReset":false
"FreqRange":0
"HarmLevel":"high"
"KillChainID":""
"RuleID":"sqlmap"
"RuleName":"sqlmap_rule"
"RuleType":"Detection"
"Threshold":""
}
}
"SMITH_INPUT":"hids"
"SMITH_KEY":"2199024709913"
"SMITH_TIMESTAM":1685515861102369300
"__alarm_status":0
"__checked":true
"__checker":"172.17.0.3:6701"
"__handler_user":""
"__hit_wl":false
"__insert_time":1685515861
"__update_time":1685515861
"_id":"6476ee55624a936e7f11cf00"
"agent_id":"3b05287b-4013-5c85-9528-1dfc07bb135f"
"alarm_id":"chreslcfj3feh5p70k40"
"alert_type_as":"execution"
"argv":"python3 sqlmap.py -u http://testphp.vulnweb.com/artists.php?artist=1"
"attack_id_list":"T1059"
"comm":"python3"
"data_type":"59"
"dip":"192.168.12.123"
"dport":"64348"
"enhanced":""
"ex_ipv4_list":""
"ex_ipv6_list":""
"exe":"/usr/bin/python3.8"
"exe_hash":"cd4aac6dde7d30eb"
"hostname":"Pentester"
"in_ipv4_list":"10.18.10.85,172.21.0.1,172.19.0.1,172.20.0.1,172.22.0.1"
"in_ipv6_list":""
"ld_preload":"-1"
"nodename":"Pentester"
"pgid":"3393514"
"pgid_argv":"python3 sqlmap.py -u http://testphp.vulnweb.com/artists.php?artist=1"
"pid":"3393514"
"pid_tree":"3393514.python3<3367239.bash<3367124.sshd<795.sshd<1.systemd"
"pns":"4026531836"
"pod_name":"-3"
"ppid":"3367239"
"ppid_argv":"-bash"
"product":"elkeid-agent"
"psm_name":""
"psm_path":""
"res":"0"
"root_pns":"4026531836"
"run_path":"/opt/opensource/sqlmap"
"sa_family":"2"
"sessionid":"11154"
"sid":"3367239"
"sip":"10.18.10.85"
"socket_argv":"sshd: root@pts/1"
"socket_pid":"3367124"
"sport":"22"
"ssh":"192.168.12.123 64348 10.18.10.85 22"
"stdin":"/dev/pts/1"
"stdout":"/dev/pts/1"
"tags":""
"tgid":"3393514"
"time":"1685515860"
"time_pkg":"1685515860"
"tty":"pts1"
"uid":"0"
"username":"root"
"version":"1.7.0.24"
}
The text was updated successfully, but these errors were encountered: