Hi
is there any way by which I can see which rules are generating most of alerts.
like top 10 rules .
Thanks,
Hi
is there any way by which I can see which rules are generating most of alerts.
like top 10 rules .
Thanks,
Something like jq '(select .event_type=="alert") | .signature_id' eve.json | sort | uniq -c | sort -n | head -10
?