Incident Response Introduction to Detection Engineering: Ep.5 – Custom Alerting

Question

Task 3 -&nbsp;Note: It may take a couple of minutes for the token to appear in the index.I'm struggling with the python that it's been taking too long to create a custom_alert_index to autimatically complete it. it's in Task 3 and I need the good code for the task to be completed and the token as well.&nbsp;

hussain935 · Answer

In cell two, there are several placeholders that you will need to modify, they are:

LOOK_BACK_MINUTES: set this to 240
INSERT_JSON_QUERY: queries you use to find instances of lateral movement
VARIABLE1/2: used for extracting information from your query results
WAIT_TIME_SECONDS: how long the program should sleep before checking for new events

Once you have detected all lateral movement occurrences, this task will be completed, and a token will be written to the custom_alert_index.

Forum Discussion

Incident Response Introduction to Detection Engineering: Ep.5 – Custom Alerting

1 Reply

Featured Places

Help

Related Content

Introduction to Detection Engineering: Ep.5 – Custom Alerting

Introduction to Detection Engineering: Ep.5 – Custom Alerting

Introduction to Detection Engineering: Ep.3 – Parent Processes - Kibana says no

Incident Response Introduction to Detection Engineering: Ep.5 – Custom Alerting

Reverse Engineering

Recent Discussions

Incident Response Introduction to Detection Engineering: Ep.5 – Custom Alerting

Incident Response Introduction to Detection Engineering: Ep.5 – Custom Alerting

Templates do not add systems

Snort Rules Ep.10 Q7

Cross_site Scripting DOM-based XSS vulnerability