Created
June 17, 2019 04:39
-
-
Save FrankHassanabad/c68d73e465c234a3e87591729a885e81 to your computer and use it in GitHub Desktop.
Links for ML jobs examples
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Generic links from ML back to SIEM Application | |
| # | |
| # Several tests runs with each and adding/removing | |
| # them to see which ones were effective | |
| # | |
| Network Overview Links | |
| --- | |
| # Network Overview By User Name (KQL Query: user.name $user.name$) | |
| siem#/network?_g=()&kqlQuery=(filterQuery:(expression:'user.name%20:%20%22$user.name$%22',kind:kuery),queryLocation:network.page,type:page)&timerange=(global:(linkTo:!(timeline),timerange:(from:'$earliest$',kind:absolute,to:'$latest$')),timeline:(linkTo:!(global),timerange:(from:'$earliest$',kind:absolute,to:'$latest$'))) | |
| # Network Overview By Process Name (KQL Query: process.name: $process.name$) | |
| siem#/network?_g=()&kqlQuery=(filterQuery:(expression:'process.name%20:%20%22$process.name$%22',kind:kuery),queryLocation:network.page,type:page)&timerange=(global:(linkTo:!(timeline),timerange:(from:'$earliest$',kind:absolute,to:'$latest$')),timeline:(linkTo:!(global),timerange:(from:'$earliest$',kind:absolute,to:'$latest$'))) | |
| Network Detail Links | |
| --- | |
| # Network Details (No KQL) | |
| siem#/network/ip/$destination.ip$?_g=()&kqlQuery=(filterQuery:!n,queryLocation:network.details,type:details)&timerange=(global:(linkTo:!(timeline),timerange:(from:'$earliest$',kind:absolute,to:'$latest$')),timeline:(linkTo:!(global),timerange:(from:'$earliest$',kind:absolute,to:'$latest$'))) | |
| # Network Details By Destination Port (KQL Query: destination.port: $destination.port$) | |
| siem#/network/ip/$destination.ip$?_g=()&kqlQuery=(filterQuery:(expression:'destination.port%20:%20%22$destination.port$%22',kind:kuery),queryLocation:network.details,type:details)&timerange=(global:(linkTo:!(timeline),timerange:(from:'$earliest$',kind:absolute,to:'$latest$')),timeline:(linkTo:!(global),timerange:(from:'$earliest$',kind:absolute,to:'$latest$'))) | |
| # Network Details By Process Name (KQL Query: process.name: $process.name$) | |
| siem#/network/ip/$destination.ip$?_g=()&kqlQuery=(filterQuery:(expression:'process.name%20:%20%22$process.name$%22',kind:kuery),queryLocation:network.details,type:details)&timerange=(global:(linkTo:!(timeline),timerange:(from:'$earliest$',kind:absolute,to:'$latest$')),timeline:(linkTo:!(global),timerange:(from:'$earliest$',kind:absolute,to:'$latest$'))) | |
| # Network Details By Host Name (KQL Query: host.name: $host.hostname$) | |
| siem#/network/ip/$destination.ip$?_g=()&kqlQuery=(filterQuery:(expression:'host.name%20:%20%22$host.hostname$%22',kind:kuery),queryLocation:network.details,type:details)&timerange=(global:(linkTo:!(timeline),timerange:(from:'$earliest$',kind:absolute,to:'$latest$')),timeline:(linkTo:!(global),timerange:(from:'$earliest$',kind:absolute,to:'$latest$'))) | |
| # Network Details By User Name (KQL Query user.name $user.name$) | |
| siem#/network/ip/$destination.ip$?_g=()&kqlQuery=(filterQuery:(expression:'user.name%20:%20%22$user.name$%22',kind:kuery),queryLocation:network.details,type:details)&timerange=(global:(linkTo:!(timeline),timerange:(from:'$earliest$',kind:absolute,to:'$latest$')),timeline:(linkTo:!(global),timerange:(from:'$earliest$',kind:absolute,to:'$latest$'))) | |
| # Network Details (KQL Query: destination.port: $destination.port$ and host.name: $host.hostname$) | |
| siem#/network/ip/$destination.ip$?_g=()&kqlQuery=(filterQuery:(expression:'destination.port%20:%20%22$destination.port$%22%20and%20host.name%20:%20%22$host.hostname$%22',kind:kuery),queryLocation:network.details,type:details)&timerange=(global:(linkTo:!(timeline),timerange:(from:'$earliest$',kind:absolute,to:'$latest$')),timeline:(linkTo:!(global),timerange:(from:'$earliest$',kind:absolute,to:'$latest$'))) | |
| # Network Details (KQL Query destination.port: $destination.port$ and host.name $host.hostname$ and user.name $user.name$) | |
| siem#/network/ip/$destination.ip$?_g=()&kqlQuery=(filterQuery:(expression:'destination.port%20:%20%22$destination.port$%22%20and%20host.name%20:%20%22$host.hostname$%22%20and%20user.name%20:%20%22$user.name$%22',kind:kuery),queryLocation:network.details,type:details)&timerange=(global:(linkTo:!(timeline),timerange:(from:'$earliest$',kind:absolute,to:'$latest$')),timeline:(linkTo:!(global),timerange:(from:'$earliest$',kind:absolute,to:'$latest$'))) | |
| # Network Details (KQL Query destination.port: $destination.port$ and host.name $host.hostname$ and user.name: $user.name$ and process.name: $process.name$) | |
| siem#/network/ip/$destination.ip$?_g=()&kqlQuery=(filterQuery:(expression:'destination.port%20:%20%22$destination.port$%22%20and%20host.name%20:%20%22$host.hostname$%22%20and%20user.name%20:%20%22$user.name$%22%20and%20process.name%20:%20%22$process.name$%22',kind:kuery),queryLocation:network.details,type:details)&timerange=(global:(linkTo:!(timeline),timerange:(from:'$earliest$',kind:absolute,to:'$latest$')),timeline:(linkTo:!(global),timerange:(from:'$earliest$',kind:absolute,to:'$latest$'))) | |
| Hosts Overview Links | |
| --- | |
| # Hosts Overview By User Name (KQL Query: user.name $user.name$) | |
| siem#/hosts?_g=()&kqlQuery=(filterQuery:(expression:'user.name%20:%20%22$user.name$%22',kind:kuery),queryLocation:hosts.page,type:page)&timerange=(global:(linkTo:!(timeline),timerange:(from:'$earliest$',kind:absolute,to:'$latest$')),timeline:(linkTo:!(global),timerange:(from:'$earliest$',kind:absolute,to:'$latest$'))) | |
| # Hosts Overview By Process Name (KQL Query: process.name: $process.name$) | |
| siem#/hosts?_g=()&kqlQuery=(filterQuery:(expression:'process.name%20:%20%22$process.name$%22',kind:kuery),queryLocation:hosts.page,type:page)&timerange=(global:(linkTo:!(timeline),timerange:(from:'$earliest$',kind:absolute,to:'$latest$')),timeline:(linkTo:!(global),timerange:(from:'$earliest$',kind:absolute,to:'$latest$'))) | |
| Host Details Links | |
| --- | |
| # Host Details By Process Name (KQL Query: process.name: $process.name$) | |
| siem#/hosts/$host.hostname$?_g=()&kqlQuery=(filterQuery:(expression:'process.name%20:%20%22$process.name$%22',kind:kuery),queryLocation:hosts.details,type:details)&timerange=(global:(linkTo:!(timeline),timerange:(from:'$earliest$',kind:absolute,to:'$latest$')),timeline:(linkTo:!(global),timerange:(from:'$earliest$',kind:absolute,to:'$latest$'))) | |
| # Host Details By User Name (KQL Query: user.name $user.name$) | |
| siem#/hosts/$host.hostname$?_g=()&kqlQuery=(filterQuery:(expression:'user.name%20:%20%22$user.name$%22',kind:kuery),queryLocation:hosts.details,type:details)&timerange=(global:(linkTo:!(timeline),timerange:(from:'$earliest$',kind:absolute,to:'$latest$')),timeline:(linkTo:!(global),timerange:(from:'$earliest$',kind:absolute,to:'$latest$'))) | |
| # Host Details (KQL Query: process.name: $process.name$ and user.name $user.name$) | |
| siem#/hosts/$host.hostname$?_g=()&kqlQuery=(filterQuery:(expression:'process.name%20:%20%22$process.name$%22%20and%20user.name%20:%20%22$user.name$%22',kind:kuery),queryLocation:hosts.details,type:details)&timerange=(global:(linkTo:!(timeline),timerange:(from:'$earliest$',kind:absolute,to:'$latest$')),timeline:(linkTo:!(global),timerange:(from:'$earliest$',kind:absolute,to:'$latest$'))) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment