Skip to content

Search

Jump to bottom
S03D4-164 edited this page Apr 30, 2020 · 1 revision

Search for events by specifying conditions.

  • Find Now: Search according to the specified conditions.
  • Save as Detection Rule: Save the search conditions as a rule to use in Alert.
  • Import: Import search conditions from IoC file.

The maximum number of records displayed is 10,000.

Click Table to move to List of Process that occurred 1 hour before and after.

Click Graph to move to Event Correlation that occurred 1 hour before and afte1r.

Click Image to move to Parent and Child Process.

Manual

  1. Install
    1. Elasticsearch Server Setup
    2. Kibana Server Setup
    3. StixIoc Server Setup
    4. Client Setup
  2. Setup with Docker
  3. Client Setup
  4. How to Use
    1. Start SysmonSearch
    2. Access Kibana

Appendix. Install the React version

マニュアル(日本語)

  1. インストール
    1. Elasticsearchサーバセットアップ
    2. Kibanaサーバセットアップ
    3. StixIocサーバセットアップ
    4. クライアントのセットアップ
  2. Dockerでの構築
  3. クライアントのセットアップ
  4. 使用方法
    1. SysmonSearchの起動
    2. Kibanaへアクセス

Appendix. Reactバージョンのインストール

Clone this wiki locally