Replies: 4 comments
-
At this time there is no such way to do this. The idea of defining user actions that result in a script being run is interesting. Would just have to resolve where that script should be run to get the desired action. Long term I imagine some rule editing capabilities. But for now, I'm sorry to say EveBox can't do this. But you do have me thinking about it a little harder. |
Beta Was this translation helpful? Give feedback.
-
Hi. Thank you for reply. I mean predefined script on evebox run users home dir. It is not custamizable from UI script of course, it is not secure. Just button on UI which just runing predefined script.sh and send to it alert parameters, as example attacker IP. |
Beta Was this translation helpful? Give feedback.
-
It is sad, I try to find method to block atacker from simple UI. |
Beta Was this translation helpful? Give feedback.
-
Yeah, I hear you. I'm kind of a brainstorming with myself user defined server side actions. So that would be a user define script that is passed enough information to do something useful, even if that means the user scripts uses ssh, ansible, etc. to execute something on a remote host. |
Beta Was this translation helpful? Give feedback.
-
Hi! I try to find simple UI for my personal server and evebox look good. But I need possibility to block some IP from web UI when I see alert and block it by changing suricata rule from alert to reject or by adding to some ipset for iptables. Of course it will be better to possibility just execute some customizable script with parameters from alert. It is possible from evebox?
Beta Was this translation helpful? Give feedback.
All reactions