diff --git a/README.md b/README.md index 698247e1a..3ab976bb5 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Security Onion 2.4 Beta 4 +## Security Onion 2.4 Release Candidate 1 (RC1) -Security Onion 2.4 Beta 4 is here! +Security Onion 2.4 Release Candidate 1 (RC1) is here! ## Screenshots diff --git a/salt/elasticsearch/files/ingest/.fleet_final_pipeline-1 b/salt/elasticsearch/files/ingest/.fleet_final_pipeline-1 index 743e4181a..0c317ae48 100644 --- a/salt/elasticsearch/files/ingest/.fleet_final_pipeline-1 +++ b/salt/elasticsearch/files/ingest/.fleet_final_pipeline-1 @@ -74,6 +74,10 @@ { "set": { "if": "ctx.module_temp != null", "override": true, "field": "event.module", "value": "{{module_temp.0}}" } }, { "gsub": { "if": "ctx.event?.dataset != null && ctx.event.dataset.contains('.')", "field": "event.dataset", "pattern": "^[^.]*.", "replacement": "", "target_field": "dataset_tag_temp" } }, { "append": { "if": "ctx.dataset_tag_temp != null", "field": "tags", "value": "{{dataset_tag_temp}}" } }, + { "set": { "if": "ctx.network?.direction == 'egress'", "override": true, "field": "network.initiated", "value": "true" } }, + { "set": { "if": "ctx.network?.direction == 'ingress'", "override": true, "field": "network.initiated", "value": "false" } }, + { "set": { "if": "ctx.network?.type == 'ipv4'", "override": true, "field": "destination.ipv6", "value": "false" } }, + { "set": { "if": "ctx.network?.type == 'ipv6'", "override": true, "field": "destination.ipv6", "value": "true" } }, { "remove": { "field": [ "message2", "type", "fields", "category", "module", "dataset", "event.dataset_temp", "dataset_tag_temp", "module_temp" ], "ignore_missing": true, "ignore_failure": true } } ], "on_failure": [ diff --git a/salt/nginx/config.sls b/salt/nginx/config.sls index 50ccfae16..5b6cae9e8 100644 --- a/salt/nginx/config.sls +++ b/salt/nginx/config.sls @@ -42,7 +42,7 @@ nginxtmp: navigatorconfig: file.managed: - - name: /opt/so/conf/navigator/navigator_config.json + - name: /opt/so/conf/navigator/config.json - source: salt://nginx/files/navigator_config.json - user: 939 - group: 939 @@ -51,7 +51,7 @@ navigatorconfig: navigatordefaultlayer: file.managed: - - name: /opt/so/conf/navigator/nav_layer_playbook.json + - name: /opt/so/conf/navigator/layers/nav_layer_playbook.json - source: salt://nginx/files/nav_layer_playbook.json - user: 939 - group: 939 @@ -61,7 +61,7 @@ navigatordefaultlayer: navigatorpreattack: file.managed: - - name: /opt/so/conf/navigator/pre-attack.json + - name: /opt/so/conf/navigator/layers/pre-attack.json - source: salt://nginx/files/pre-attack.json - user: 939 - group: 939 @@ -70,7 +70,7 @@ navigatorpreattack: navigatorenterpriseattack: file.managed: - - name: /opt/so/conf/navigator/enterprise-attack.json + - name: /opt/so/conf/navigator/layers/enterprise-attack.json - source: salt://nginx/files/enterprise-attack.json - user: 939 - group: 939 diff --git a/salt/nginx/enabled.sls b/salt/nginx/enabled.sls index fb56674b2..dda475655 100644 --- a/salt/nginx/enabled.sls +++ b/salt/nginx/enabled.sls @@ -114,10 +114,8 @@ so-nginx: - /etc/pki/managerssl.crt:/etc/pki/nginx/server.crt:ro - /etc/pki/managerssl.key:/etc/pki/nginx/server.key:ro # ATT&CK Navigator binds - - /opt/so/conf/navigator/navigator_config.json:/opt/socore/html/navigator/assets/config.json:ro - - /opt/so/conf/navigator/nav_layer_playbook.json:/opt/socore/html/navigator/assets/playbook.json:ro - - /opt/so/conf/navigator/enterprise-attack.json:/opt/socore/html/navigator/assets/enterprise-attack.json:ro - - /opt/so/conf/navigator/pre-attack.json:/opt/socore/html/navigator/assets/pre-attack.json:ro + - /opt/so/conf/navigator/layers/:/opt/socore/html/navigator/assets/so:ro + - /opt/so/conf/navigator/config.json:/opt/socore/html/navigator/assets/config.json:ro - /nsm/repo:/opt/socore/html/repo:ro - /nsm/rules:/nsm/rules:ro {% endif %} diff --git a/salt/nginx/files/nav_layer_playbook.json b/salt/nginx/files/nav_layer_playbook.json index 69db796e8..68247c65e 100644 --- a/salt/nginx/files/nav_layer_playbook.json +++ b/salt/nginx/files/nav_layer_playbook.json @@ -1,27 +1,52 @@ { - "name": "Playbook", - "version": "3.0", - "domain": "mitre-enterprise", - "description": "Current Coverage of Playbook", + "name": "Playbook Coverage", + "versions": { + "attack": "11", + "navigator": "4.8.4", + "layer": "4.3" + }, + "domain": "enterprise-attack", + "description": "", "filters": { - "stages": ["act"], "platforms": [ - "windows", - "linux", - "mac" + "Linux", + "macOS", + "Windows", + "Azure AD", + "Office 365", + "SaaS", + "IaaS", + "Google Workspace", + "PRE", + "Network", + "Containers" ] }, "sorting": 0, - "viewMode": 0, + "layout": { + "layout": "side", + "aggregateFunction": "average", + "showID": false, + "showName": true, + "showAggregateScores": false, + "countUnscored": false + }, "hideDisabled": false, "techniques": [], "gradient": { - "colors": ["#ff6666", "#ffe766", "#8ec843"], + "colors": [ + "#ff6666ff", + "#ffe766ff", + "#8ec843ff" + ], "minValue": 0, "maxValue": 100 }, + "legendItems": [], "metadata": [], + "links": [], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", - "selectTechniquesAcrossTactics": true -} + "selectTechniquesAcrossTactics": true, + "selectSubtechniquesWithParent": false +} \ No newline at end of file diff --git a/salt/nginx/files/navigator_config.json b/salt/nginx/files/navigator_config.json index 3fd87139b..2f4672b48 100644 --- a/salt/nginx/files/navigator_config.json +++ b/salt/nginx/files/navigator_config.json @@ -1,58 +1,62 @@ {%- set URL_BASE = salt['pillar.get']('global:url_base', '') %} { - "enterprise_attack_url": "assets/enterprise-attack.json", - "pre_attack_url": "assets/pre-attack.json", - "mobile_data_url": "assets/mobile-attack.json", - "taxii_server": { - "enabled": false, - "url": "https://cti-taxii.mitre.org/", - "collections": { - "enterprise_attack": "95ecc380-afe9-11e4-9b6c-751b66dd541e", - "pre_attack": "062767bd-02d2-4b72-84ba-56caef0f8658", - "mobile_attack": "2f669986-b40b-4423-b720-4396ca6a462b" + "versions": [ + { + "name": "ATT&CK v11", + "version": "11", + "domains": [ + { + "name": "Enterprise", + "identifier": "enterprise-attack", + "data": ["assets/so/enterprise-attack.json"] + } + ] } + ], + + "custom_context_menu_items": [ {"label": "view related plays","url": " https://{{URL_BASE}}/playbook/projects/detection-playbooks/issues?utf8=%E2%9C%93&set_filter=1&sort=id%3Adesc&f%5B%5D=cf_15&op%5Bcf_15%5D=%3D&f%5B%5D=&c%5B%5D=status&c%5B%5D=cf_10&c%5B%5D=cf_13&c%5B%5D=cf_18&c%5B%5D=cf_19&c%5B%5D=cf_1&c%5B%5D=updated_on&v%5Bcf_15%5D%5B%5D=~Technique_ID~"}], + + "default_layers": { + "enabled": true, + "urls": ["assets/so/nav_layer_playbook.json"] }, - "domain": "mitre-enterprise", - - "custom_context_menu_items": [ {"label": "view related plays","url": " https://{{URL_BASE}}/playbook/projects/detection-playbooks/issues?utf8=%E2%9C%93&set_filter=1&sort=id%3Adesc&f%5B%5D=cf_15&op%5Bcf_15%5D=%3D&f%5B%5D=&c%5B%5D=status&c%5B%5D=cf_10&c%5B%5D=cf_13&c%5B%5D=cf_18&c%5B%5D=cf_19&c%5B%5D=cf_1&c%5B%5D=updated_on&v%5Bcf_15%5D%5B%5D=~Technique_ID~"}], - -"default_layers": { - "enabled": true, - "urls": [ - "assets/playbook.json" - ] - }, - "comment_color": "yellow", - + "link_color": "blue", + "banner": "", "features": [ + {"name": "leave_site_dialog", "enabled": true, "description": "Disable to remove the dialog prompt when leaving site."}, {"name": "tabs", "enabled": true, "description": "Disable to remove the ability to open new tabs."}, {"name": "selecting_techniques", "enabled": true, "description": "Disable to remove the ability to select techniques."}, {"name": "header", "enabled": true, "description": "Disable to remove the header containing 'MITRE ATT&CK Navigator' and the link to the help page. The help page can still be accessed from the new tab menu."}, + {"name": "subtechniques", "enabled": true, "description": "Disable to remove all sub-technique features from the interface."}, {"name": "selection_controls", "enabled": true, "description": "Disable to to disable all subfeatures", "subfeatures": [ {"name": "search", "enabled": true, "description": "Disable to remove the technique search panel from the interface."}, {"name": "multiselect", "enabled": true, "description": "Disable to remove the multiselect panel from interface."}, {"name": "deselect_all", "enabled": true, "description": "Disable to remove the deselect all button from the interface."} ]}, - {"name": "layer_controls", "enabled": true, "description": "Disable to to disable all subfeatures", "subfeatures": [ - {"name": "layer_info", "enabled": true, "description": "Disable to remove the layer info (name, description and metadata) panel from the interface. Note that the layer can still be renamed in the tab."}, + {"name": "layer_controls", "enabled": true, "description": "Disable to disable all subfeatures", "subfeatures": [ + {"name": "layer_info", "enabled": true, "description": "Disable to remove the layer info (name, description and layer metadata) panel from the interface. Note that the layer can still be renamed in the tab."}, {"name": "download_layer", "enabled": true, "description": "Disable to remove the button to download the layer."}, - {"name": "export_render", "enabled": true, "description": "Disable to the remove the button to render the current layer."}, - {"name": "export_excel", "enabled": true, "description": "Disable to the remove the button to export the current layer to MS Excel (.xlsx) format."}, - {"name": "filters", "enabled": true, "description": "Disable to the remove the filters panel from interface."}, - {"name": "sorting", "enabled": true, "description": "Disable to the remove the sorting button from the interface."}, - {"name": "color_setup", "enabled": true, "description": "Disable to the remove the color setup panel from interface, containing customization controls for scoring gradient and tactic row color."}, - {"name": "toggle_hide_disabled", "enabled": true, "description": "Disable to the remove the hide disabled techniques button from the interface."}, - {"name": "toggle_view_mode", "enabled": true, "description": "Disable to the remove the toggle view mode button from interface."}, - {"name": "legend", "enabled": true, "description": "Disable to the remove the legend panel from the interface."} + {"name": "export_render", "enabled": true, "description": "Disable to remove the button to render the current layer."}, + {"name": "export_excel", "enabled": true, "description": "Disable to remove the button to export the current layer to MS Excel (.xlsx) format."}, + {"name": "filters", "enabled": true, "description": "Disable to remove the filters panel from interface."}, + {"name": "sorting", "enabled": true, "description": "Disable to remove the sorting button from the interface."}, + {"name": "color_setup", "enabled": true, "description": "Disable to remove the color setup panel from interface, containing customization controls for scoring gradient and tactic row color."}, + {"name": "toggle_hide_disabled", "enabled": true, "description": "Disable to remove the hide disabled techniques button from the interface."}, + {"name": "layout_controls", "enabled": true, "description": "Disable to remove the ability to change the current matrix layout."}, + {"name": "legend", "enabled": true, "description": "Disable to remove the legend panel from the interface."} ]}, - {"name": "technique_controls", "enabled": true, "description": "Disable to to disable all subfeatures", "subfeatures": [ - {"name": "disable_techniques", "enabled": true, "description": "Disable to the remove the ability to disable techniques."}, - {"name": "manual_color", "enabled": true, "description": "Disable to the remove the ability to assign manual colors to techniques."}, - {"name": "scoring", "enabled": true, "description": "Disable to the remove the ability to score techniques."}, - {"name": "comments", "enabled": true, "description": "Disable to the remove the ability to add comments to techniques."}, + {"name": "technique_controls", "enabled": true, "description": "Disable to disable all subfeatures", "subfeatures": [ + {"name": "disable_techniques", "enabled": true, "description": "Disable to remove the ability to disable techniques."}, + {"name": "manual_color", "enabled": true, "description": "Disable to remove the ability to assign manual colors to techniques."}, + {"name": "scoring", "enabled": true, "description": "Disable to remove the ability to score techniques."}, + {"name": "comments", "enabled": true, "description": "Disable to remove the ability to add comments to techniques."}, + {"name": "comment_underline", "enabled": true, "description": "Disable to remove the comment underline effect on techniques."}, + {"name": "links", "enabled": true, "description": "Disable to remove the ability to assign hyperlinks to techniques."}, + {"name": "link_underline", "enabled": true, "description": "Disable to remove the hyperlink underline effect on techniques."}, + {"name": "metadata", "enabled": true, "description": "Disable to remove the ability to add metadata to techniques."}, {"name": "clear_annotations", "enabled": true, "description": "Disable to remove the button to clear all annotations on the selected techniques."} ]} ] diff --git a/salt/soctopus/enabled.sls b/salt/soctopus/enabled.sls index 2184de581..0474998cb 100644 --- a/salt/soctopus/enabled.sls +++ b/salt/soctopus/enabled.sls @@ -24,7 +24,7 @@ so-soctopus: - /opt/so/conf/soctopus/SOCtopus.conf:/SOCtopus/SOCtopus.conf:ro - /opt/so/log/soctopus/:/var/log/SOCtopus/:rw - /opt/so/rules/elastalert/playbook:/etc/playbook-rules:rw - - /opt/so/conf/navigator/nav_layer_playbook.json:/etc/playbook/nav_layer_playbook.json:rw + - /opt/so/conf/navigator/layers/:/etc/playbook/:rw - /opt/so/conf/soctopus/sigma-import/:/SOCtopus/sigma-import/:rw {% if GLOBALS.airgap %} - /nsm/repo/rules/sigma:/soctopus/sigma