Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

alerting_dashboard update. #111

Closed
wants to merge 28 commits into from
Closed

alerting_dashboard update. #111

wants to merge 28 commits into from

Conversation

ddiabe
Copy link
Collaborator

@ddiabe ddiabe commented Dec 15, 2023
edited
Loading

🗣 Description

Testing purposes

  • Enable win event logs
  • Enable pre-built elastic rules
  • on the client computer or domain controller go to event viewer and click on windows logs.
  • after clicking on windows logs click on security and on the left panel, click clear logs
  • Click refresh.
  • Go back to dashboard and make sure you select the correct time (usually just select today).
  • An alert will be created on the dashboard showing/ the cleared security logs that was done on either the client computer or domain computer.

How to test for windows cleared security logs on either domain controller or client computer.

  • on the security panel at the left-hand side of the alerting dashboard, click the alert option.
  • Later click on manage rule. From manage rule search and enable "cleared windows security logs".
  • After clear windows security log has been enabled, go back to the domain controller or client computer and clear the security logs from the event viewer.
  • The clearing of the security logs will be captured by the alerting dashboard.

Diabe and others added 25 commits November 17, 2023 10:48
adding alert dashboard
fecf8b0
@mreeve-snl
Merge branch 'release-1.1.0' into divine
3a373aa
@ddiabe
Create Alerting_dashboard.ndjson
62f57fe
@ddiabe
Rename Alerting_dasboard.ndjson to Alerting_dashboard.ndjson
e70be99
@ddiabe
Rename Alerting_dashboard.ndjson to alert_dashboard.ndjson
ff2ceb6
changes to dashboard name
8103d67
@ddiabe
Merge branch 'release-1.1.0' into divine
c352081
@ddiabe
Merge branch 'release-1.1.0' into divine
22c0488
Update ELK to 8.11.1
cbc24fe
Pull images before starting cluster
94cf337
Pull images before deploylme
135fbd3
Upgrade versions in the live docker compose upon upgrade
c4f5ee7
Pull new images before deploying new stack
e4e34e3
Globalize version variable
3af98e9
@mreeve-snl
Adding the following:
afd7e67 
 - get_latest_version function
 - pulling version from this function
 - old password reading text update to reduce confusion
 - print statements in upgrade from 1.0 -> 1.2
 - sleep so it doesn't fail if docker does a slow removal
Update the version in dashboard_update.sh
b632a7e
@mitchelbaker-cisa
:Merge branch 'release-1.3.0' of github.com:cisagov/LME into release-…
b5570ba 
…1.3.0
add alerting dashboard
fc3b2f3
updated alerting dashboard
04fbace
@ddiabe
Merge branch 'release-1.3.0' into divine
6923b2c
@mitchelbaker-cisa
Merge branch 'divine' of github.com:cisagov/LME into divine
886ace2
@mitchelbaker-cisa
remove repeated object body from merge conflict message
ed6254e
@ddiabe
Merge branch 'release-1.3.0' into divine
1e423fa
updating alerting and healthcheck dashboard
89e88a9
@ddiabe
Merge branch 'release-1.3.0' into alerting_dashboard
0c5fcf6
@mitchelbaker-cisa
Copy link
Collaborator

I'm getting an "Unexpected end of JSON input" error when running ./dashboard_update.sh. Not a major issue, just looks like the json formatting got messed up. @ddiabe could you export your alerting_dashboard.ndjson and send it to me?

@ddiabe ddiabe closed this Dec 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cbaxley cbaxley cbaxley approved these changes

@llwaterhouse llwaterhouse Awaiting requested review from llwaterhouse

@rgbrow1949 rgbrow1949 Awaiting requested review from rgbrow1949

@mitchelbaker-cisa mitchelbaker-cisa Awaiting requested review from mitchelbaker-cisa

@rishagg01 rishagg01 Awaiting requested review from rishagg01

Assignees
No one assigned
Labels
None yet
Projects
LME-Development
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ddiabe @mitchelbaker-cisa @cbaxley @mreeve-snl