Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alerting dashboard update #119

Merged
merged 4 commits into from
Dec 18, 2023
Merged

Alerting dashboard update #119

merged 4 commits into from
Dec 18, 2023

Conversation

ddiabe
Copy link
Collaborator

@ddiabe ddiabe commented Dec 18, 2023

#

🗣 Description

Testing purposes

  • Enable win event logs
  • Enable pre-built elastic rules
  • on the client computer or domain controller go to event viewer and click on windows logs.
  • after clicking on windows logs click on security and on the left panel, click clear logs
  • Click refresh.
  • Go back to dashboard and make sure you select the correct time (usually just select today).
  • An alert will be created on the dashboard showing/ the cleared security logs that was done on either the client computer or domain computer.

How to test for windows cleared security logs on either domain controller or client computer.

  • on the security panel at the left-hand side of the alerting dashboard, click the alert option.
  • Later click on manage rule. From manage rule search and enable "cleared windows security logs".
  • After clear windows security log has been enabled, go back to the domain controller or client computer and clear the security logs from the event viewer.
  • The clearing of the security logs will be captured by the alerting dashboard.

@ddiabe ddiabe self-assigned this Dec 18, 2023
rgbrow1949
rgbrow1949 approved these changes Dec 18, 2023
View reviewed changes
Copy link
Contributor

@rgbrow1949 rgbrow1949 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Worked as intended. Approved.

mitchelbaker-cisa
mitchelbaker-cisa approved these changes Dec 18, 2023
View reviewed changes
Copy link
Collaborator

@mitchelbaker-cisa mitchelbaker-cisa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@ddiabe ddiabe merged commit 2edfea8 into release-1.3.0 Dec 18, 2023
3 checks passed
@ddiabe ddiabe deleted the alerting_dashboard_update branch December 18, 2023 21:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rgbrow1949 rgbrow1949 rgbrow1949 approved these changes

@mitchelbaker-cisa mitchelbaker-cisa mitchelbaker-cisa approved these changes

@llwaterhouse llwaterhouse Awaiting requested review from llwaterhouse

Assignees

@ddiabe ddiabe

Labels
None yet
Projects
LME-Development
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ddiabe @rgbrow1949 @mitchelbaker-cisa