Forum Discussion
Incident Response Introduction to Detection Engineering: Ep.5 – Custom Alerting
Task 3 - Note: It may take a couple of minutes for the token to appear in the index. I'm struggling with the python that it's been taking too long to create a custom_alert_index to autimatically c...
In cell two, there are several placeholders that you will need to modify, they are:
- LOOK_BACK_MINUTES: set this to 240
- INSERT_JSON_QUERY: queries you use to find instances of lateral movement
- VARIABLE1/2: used for extracting information from your query results
- WAIT_TIME_SECONDS: how long the program should sleep before checking for new events
Once you have detected all lateral movement occurrences, this task will be completed, and a token will be written to the custom_alert_index.
