CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/2.4/dev' into 2.4/kibanauser

Browse Source
This commit is contained in:
defensivedepth
2023-10-25 11:33:38 -04:00
parent 3ad480453a d562445686
commit 1e710a22ce
5 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/elasticsearch/files/ingest/suricata.common
View File

@@ -2,6 +2,7 @@
"description" : "suricata.common", "description" : "suricata.common",
"processors" : [ "processors" : [
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.pkt_src", "target_field": "network.packet_source","ignore_failure": true } },
{ "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_failure": true } }, { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_failure": true } },
{ "rename": { "field": "message2.flow_id", "target_field": "log.id.uid", "ignore_failure": true } }, { "rename": { "field": "message2.flow_id", "target_field": "log.id.uid", "ignore_failure": true } },
{ "rename": { "field": "message2.src_ip", "target_field": "source.ip", "ignore_failure": true } }, { "rename": { "field": "message2.src_ip", "target_field": "source.ip", "ignore_failure": true } },

2
salt/pcap/config.sls
View File

@@ -41,7 +41,7 @@ pcap_sbin:
- file_mode: 755 - file_mode: 755
{% if PCAPBPF %} {% if PCAPBPF %}
{% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', GLOBALS.sensor.interface + ' ' + PCAPBPF|join(" "),cwd='/root') %} {% set BPF_CALC = salt['cmd.script']('salt://common/tools/sbin/so-bpf-compile', GLOBALS.sensor.interface + ' ' + PCAPBPF|join(" "),cwd='/root') %}
{% if BPF_CALC['stderr'] == "" %} {% if BPF_CALC['stderr'] == "" %}
{% set BPF_COMPILED = ",\\\"--filter=" + BPF_CALC['stdout'] + "\\\"" %} {% set BPF_COMPILED = ",\\\"--filter=" + BPF_CALC['stdout'] + "\\\"" %}
{% else %} {% else %}

2
salt/suricata/config.sls
View File

@@ -129,7 +129,7 @@ surithresholding:
# BPF compilation and configuration # BPF compilation and configuration
{% if SURICATABPF %} {% if SURICATABPF %}
{% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', GLOBALS.sensor.interface + ' ' + SURICATABPF|join(" "),cwd='/root') %} {% set BPF_CALC = salt['cmd.script']('salt://common/tools/sbin/so-bpf-compile', GLOBALS.sensor.interface + ' ' + SURICATABPF|join(" "),cwd='/root') %}
{% if BPF_CALC['stderr'] == "" %} {% if BPF_CALC['stderr'] == "" %}
{% set BPF_STATUS = 1 %} {% set BPF_STATUS = 1 %}
{% else %} {% else %}

2
salt/suricata/defaults.yaml
View File

@@ -280,7 +280,7 @@ suricata:
mqtt: mqtt:
enabled: 'no' enabled: 'no'
http2: http2:
enabled: 'no' enabled: 'yes'
asn1-max-frames: 256 asn1-max-frames: 256
run-as: run-as:
user: suricata user: suricata

2
salt/zeek/config.sls
View File

@@ -152,7 +152,7 @@ plcronscript:
# BPF compilation and configuration # BPF compilation and configuration
{% if ZEEKBPF %} {% if ZEEKBPF %}
{% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', GLOBALS.sensor.interface + ' ' + ZEEKBPF|join(" "),cwd='/root') %} {% set BPF_CALC = salt['cmd.script']('salt://common/tools/sbin/so-bpf-compile', GLOBALS.sensor.interface + ' ' + ZEEKBPF|join(" "),cwd='/root') %}
{% if BPF_CALC['stderr'] == "" %} {% if BPF_CALC['stderr'] == "" %}
{% set BPF_STATUS = 1 %} {% set BPF_STATUS = 1 %}
{% else %} {% else %}