Skip to content

Commit

Permalink
increase limit in the basic scanning alert
Browse files Browse the repository at this point in the history
  • Loading branch information
@mahirchavda
mahirchavda authored Jul 17, 2023
1 parent a840d2d commit c2609f6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion cyences_app_for_splunk/default/savedsearches.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1372,7 +1372,7 @@ request.ui_dispatch_view = search
search = index=* ( (tag=network tag=communicate) OR sourcetype=pan*traffic OR sourcetype=opsec OR sourcetype=cisco:asa) `cs_scanning_basic_scanning_raw_filter` \
| stats dc(dest_port) as num_dest_port dc(dest_ip) as num_dest_ip by sourcetype, src_ip \
| where num_dest_port > 100 OR num_dest_ip > 1500 \
| eval cyences_severity = case(num_dest_port>1000 or num_dest_ip>10000, "critical", num_dest_port>500 or num_dest_ip>3000, "high", true(), "medium") \
| eval cyences_severity = case(num_dest_port>10000 or num_dest_ip>100000, "critical", num_dest_port>5000 or num_dest_ip>30000, "high", true(), "medium") \
| `cs_scanning_basic_scanning_filter`
action.cyences_notable_event_action = 1
action.cyences_notable_event_action.param.filter_macro_name = cs_scanning_basic_scanning_filter
Expand Down

0 comments on commit c2609f6

Please sign in to comment.