You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello
I have a working HELK setup with Sigma.
I need to run all the SIGMA (stored in their HELK folder) at once on historical logs and then build dashboards etc on them.
I already tried sending those historical logs to HELK passing them via Winlogbeat etc and ElastAlert triggers correctly: unfortunately the timestamp of the ElastAlert-generated event is equal to SIGMA rule match time and does not equals original event timestamp.
Original event timestamp is written by ElastAlert in the field "match_body.event_original_time".
Is there any other way to do achieve the goal of setting this up?
The text was updated successfully, but these errors were encountered:
Hello
I have a working HELK setup with Sigma.
I need to run all the SIGMA (stored in their HELK folder) at once on historical logs and then build dashboards etc on them.
I already tried sending those historical logs to HELK passing them via Winlogbeat etc and ElastAlert triggers correctly: unfortunately the timestamp of the ElastAlert-generated event is equal to SIGMA rule match time and does not equals original event timestamp.
Original event timestamp is written by ElastAlert in the field "match_body.event_original_time".
Is there any other way to do achieve the goal of setting this up?
The text was updated successfully, but these errors were encountered: