Alert - JPCERTCC/SysmonSearch GitHub Wiki

Events detected as defined by the detection rules are displayed.

Detection rules can be created by "Save as Detection Rule" in Search.

Events are detected by collection_alert_data.py configured in crontab upon installation.

When collection_alert_data.py is executed, events that match the detection rules will be saved in the alert index.