UTMStack
Rules not visible in Threat Management #865
-
|
If you go to the Threat Mangement > view rules. No rules will show. Is this by design or am i missing something? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Hi @Pelican9091, there isn't a view rules submenu under Threat Management, maybe you mean Threat Management -> Alerts or Threat Management -> Tagging rules or other submenu available under Threat Management. Best regards |
Beta Was this translation helpful? Give feedback.
-
|
Ok thanks, is there a way to check if (custom) rules are working, because i'm getting 0 alerts. And is there a way to integrate custom integrations like sysmon and suricata? |
Beta Was this translation helpful? Give feedback.
-
|
To check the rules, first you need to access to the web application, enable some integrations, then go to -> Log explorer menu and see if the logs are coming. Also you can access to your instance and see the logs of the You can send generic logs via syslog or json to our platform, then you can create your own rules, but actually we don't have dedicated integrations for sysmon or suricata in v 10.x.x Best regards |
Beta Was this translation helpful? Give feedback.
To check the rules, first you need to access to the web application, enable some integrations, then go to -> Log explorer menu and see if the logs are coming. Also you can access to your instance and see the logs of the
using 'docker ps and docker logs containerId' commands, if there aren't errors, everything is fine. Finally, the custom rules must match with the values coming from the logs. Check our documentation to see how rules works -> https://docs.utmstack.com/Correlation%20Rules/README.html
You can send generic logs via syslog or json to our platform, then you can create your own rules, but actually we don't have dedicated integrations for sysmon or suricata in v 10.x.x
Best regards