Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX: SOC Hunt HTTP EXE query #11784

Closed
dougburks opened this issue Nov 14, 2023 · 1 comment
Closed

FIX: SOC Hunt HTTP EXE query #11784

dougburks opened this issue Nov 14, 2023 · 1 comment
Assignees
@dougburks
Milestone
2.4.40

Comments

@dougburks
Copy link
Contributor

The current SOC Hunt query for HTTP with exe downloads does not return any results:

tags:http AND (file.resp_mime_types:dosexec OR file.resp_mime_types:executable) | groupby http.virtual_host

Change it to:

tags:http AND file.resp_mime_types:*exec* | groupby http.virtual_host
@dougburks dougburks added this to the 2.4.40 milestone Nov 14, 2023
@dougburks dougburks self-assigned this Nov 14, 2023
dougburks added a commit that referenced this issue Nov 14, 2023
@dougburks
Merge pull request #11785 from Security-Onion-Solutions/dougburks-pat…
96b456c 
…ch-1

FIX: SOC Hunt HTTP EXE query #11784
@dougburks
Copy link
Contributor Author

Tested and verified:
image

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dougburks dougburks

Labels
None yet
Projects
None yet
Milestone
2.4.40
Development

No branches or pull requests
1 participant
@dougburks