Event #{{ event.id }}
{% if event.severity %}
{% if event.severity == 'critical' %}
{% elif event.severity == 'high' %}
{% elif event.severity == 'medium' %}
{% else %}{% endif %}
{{ event.severity|upper }}
{% endif %}
{% if event.time_created is string %}
{{ event.time_created }}
{% else %}
{{ event.time_created.strftime('%Y-%m-%d %H:%M:%S') }}
{% endif %}
{% if event.log_type == 'sysmon' %}
{% elif event.log_type == 'security' %}
{% elif event.log_type == 'application' %}
{% elif event.log_type == 'system' %}
{% else %}{% endif %}
{{ event.log_type|upper }}
{% if event.process %}
{% endif %}
{% if event.process_id or event.event_id or event.domain or event.service %}
{% if event.event_id %}
Event ID
{{ event.event_id }}
{% endif %}
{% if event.process_id %}
Process ID
{{ event.process_id }}
{% endif %}
{% if event.domain %}
Domain
{{ event.domain }}
{% endif %}
{% if event.service %}
Service
{{ event.service }}
{% endif %}
{% endif %}
Detection Rules
{{ event.matched_rules|length }} match{{ 'es' if event.matched_rules|length != 1 else '' }}
{% for rule in event.matched_rules %}
{{ rule.title }}
{{ rule.level|upper if rule.level else 'INFO' }}
ID: {{ rule.id }}
{% if rule.description %}
{{ rule.description }}
{% endif %}
{% if rule.tags %}
{% for tag in rule.tags[:5] %}
{{ tag }}
{% endfor %}
{% if rule.tags|length > 5 %}
+{{ rule.tags|length - 5 }} more
{% endif %}
{% endif %}
{% endfor %}
Event Details
{{ event.details }}
{% if event.process_path %}
Process Path
{{ event.process_path }}
{% endif %}
{% endfor %}
{% else %}
No Flagged Events Found
No security events have triggered the detection rules. This could mean your system is secure,
or you may need to adjust your Sigma rules configuration.
Check Sigma Rules
Review Log Sources
{% endif %}
{% if has_more or page > 1 %}