CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '2.4/dev' into issue/13021

Browse Source
This commit is contained in:
Josh Patterson
2024-05-16 16:39:17 -04:00
committed by GitHub
parent cc6cb346e7 44d3468f65
commit 572b8d08d9
5 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/common/tools/sbin/so-log-check
View File

@@ -202,6 +202,7 @@ if [[ $EXCLUDE_KNOWN_ERRORS == 'Y' ]]; then
EXCLUDED_ERRORS="$EXCLUDED_ERRORS|parsing_exception" # Elastalert EQL parsing issue. Temp. EXCLUDED_ERRORS="$EXCLUDED_ERRORS|parsing_exception" # Elastalert EQL parsing issue. Temp.
EXCLUDED_ERRORS="$EXCLUDED_ERRORS|context deadline exceeded" EXCLUDED_ERRORS="$EXCLUDED_ERRORS|context deadline exceeded"
EXCLUDED_ERRORS="$EXCLUDED_ERRORS|Error running query:" # Specific issues with detection rules EXCLUDED_ERRORS="$EXCLUDED_ERRORS|Error running query:" # Specific issues with detection rules
EXCLUDED_ERRORS="$EXCLUDED_ERRORS|detect-parse" # Suricata encountering a malformed rule
fi fi
RESULT=0 RESULT=0

2
salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers
View File

@@ -72,5 +72,5 @@ do
printf "\n### $GOOS/$GOARCH Installer Generated...\n" printf "\n### $GOOS/$GOARCH Installer Generated...\n"
done done
printf "\n### Cleaning up temp files in /nsm/elastic-agent-workspace" printf "\n### Cleaning up temp files in /nsm/elastic-agent-workspace\n"
rm -rf /nsm/elastic-agent-workspace rm -rf /nsm/elastic-agent-workspace

3
salt/manager/tools/sbin/soup
View File

@@ -438,7 +438,7 @@ post_to_2.4.60() {
} }
post_to_2.4.70() { post_to_2.4.70() {
echo "Removing idh.services from any existing IDH node pillar files" printf "\nRemoving idh.services from any existing IDH node pillar files\n"
for file in /opt/so/saltstack/local/pillar/minions/*.sls; do for file in /opt/so/saltstack/local/pillar/minions/*.sls; do
if [[ $file =~ "_idh.sls" && ! $file =~ "/opt/so/saltstack/local/pillar/minions/adv_" ]]; then if [[ $file =~ "_idh.sls" && ! $file =~ "/opt/so/saltstack/local/pillar/minions/adv_" ]]; then
echo "Removing idh.services from: $file" echo "Removing idh.services from: $file"
@@ -663,6 +663,7 @@ suricata_idstools_migration() {
#Tell SOC to migrate #Tell SOC to migrate
mkdir -p /opt/so/conf/soc/migrations mkdir -p /opt/so/conf/soc/migrations
echo "0" > /opt/so/conf/soc/migrations/suricata-migration-2.4.70 echo "0" > /opt/so/conf/soc/migrations/suricata-migration-2.4.70
chown -R socore:socore /opt/so/conf/soc/migrations
} }
playbook_migration() { playbook_migration() {

4
salt/soc/defaults.yaml
View File

@@ -2182,9 +2182,9 @@ soc:
manualSync: manualSync:
customEnabled: false customEnabled: false
labels: labels:
- Suricata
- Strelka
- ElastAlert - ElastAlert
- Strelka
- Suricata
eventFields: eventFields:
default: default:
- so_detection.title - so_detection.title

2
salt/suricata/soc_suricata.yaml
View File

@@ -12,7 +12,7 @@ suricata:
title: SIDS title: SIDS
helpLink: suricata.html helpLink: suricata.html
readonlyUi: True readonlyUi: True
advanced: true advanced: True
classification: classification:
classification__config: classification__config:
description: Classifications config file. description: Classifications config file.