CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,787 Commits 40 Branches 125 Tags
2.4/dev
Commit Graph

165 Commits

Author SHA1 Message Date
Mike Reeves 63bb44886e Add JA4D option to config.zeek.ja4 2025-12-01 10:00:42 -05:00
reyesj2 136a829509 detect-sqli deprecated in favor of detect-sql-injection 2025-11-14 16:51:00 -06:00
Josh Patterson 18c0f197b2 suricata bpf 2025-11-10 13:28:19 -05:00
Mike Reeves c16bf50493 Update files 2025-10-07 14:20:25 -04:00
Mike Reeves 6b8e2e2643 Add Filters 2025-10-01 19:58:07 -04:00
reyesj2 a19b99268d don't create unused zeek home directory 2025-08-12 15:44:50 -05:00
Doug Burks 2a166af524 UPGRADE: Zeek Ethercat plugin #14783 2025-07-22 16:10:44 -04:00
Mike Reeves eabca5df18 Update defaults.yaml 2025-07-21 11:01:33 -04:00
Mike Reeves 5dac3ff2a6 Update enabled.sls 2025-07-21 10:58:25 -04:00
Mike Reeves 93024738d3 Update config.sls 2025-07-21 10:57:45 -04:00
Mike Reeves 05a368681a Create config.zeek.ja4 2025-07-21 10:53:54 -04:00
Josh Brower b55cb257b6 Add parsing for Playbook 2025-05-19 13:25:27 -04:00
reyesj2 af6245f19d add zeek file_extraction forcedType for instances where a single line is speciifed 2025-03-17 14:30:17 -05:00
Jorge Reyes 14cb41ea87 Merge pull request #14001 from Security-Onion-Solutions/reyesj2/zeekvpn 
add openvpn & ipsec support to Zeek
 2024-12-06 12:06:02 -06:00
reyesj2 1de20e9d43 fix zeek file extract 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-12-06 09:55:56 -06:00
reyesj2 754d28e95d add openvpn & ipsec support to Zeek 2024-12-05 09:52:55 -06:00
reyesj2 1113c3924f zeek http2 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-14 09:09:23 -06:00
reyesj2 ba7a6dbbf0 Remove tuning/defaults "Remove in v7.1 The policy/tuning/defaults package is deprecated. The options set here are now the defaults for Zeek in general." 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-12 18:37:46 -06:00
Jason Ertel 0566f46d5b Clarify enabled settings 2024-09-16 10:41:01 -04:00
Jason Ertel 217bb388a0 Clarify enabled settings 2024-09-16 10:05:17 -04:00
Jason Ertel 66563a4da0 zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:31:11 -04:00
Jason Ertel d0e140cf7b zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:30:52 -04:00
Jason Ertel 87c6d0a820 zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:29:36 -04:00
Jason Ertel 84db82852c annotation updates for custom settings 2024-04-30 15:14:56 -04:00
Mike Reeves d57f773072 Fix regex to allow ipv6 in bpfs 2024-03-27 09:36:42 -04:00
m0duspwnens dfe707ab64 fix issue/11610 2023-10-24 17:26:39 -04:00
reyesj2 dd28dc6ddd Add back plugin-tds/ plugin-profinet. Using patched versions for Zeek 6 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2023-10-18 15:30:32 -04:00
reyesj2 ed693a7ae6 Remove commented lines in defaults.yaml to avoid UI issues. 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2023-10-16 15:48:51 -04:00
reyesj2 e5c936e8cf Replace external zeek-community-id with builtin community-id. Disable plugin-tds + plugin-profinet. Not updated for Zeek 6.x 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2023-10-16 15:18:26 -04:00
Mike Reeves 2427344dca Update defaults.yaml 2023-09-27 15:58:58 -04:00
Mike Reeves f094b1162d Update defaults.yaml 2023-09-27 15:48:05 -04:00
Doug Burks 09e005127e Update soc_zeek.yaml 2023-06-02 07:41:55 -04:00
Wes 2bb77251b0 Move Elastic Fleet logging exclusions to the Fleet pillar 2023-05-31 13:38:58 +00:00
weslambert 36791665f3 Merge pull request #10462 from Security-Onion-Solutions/feature/elastic_agent_zeek_logging 
Dynamic integration configuration and Zeek log exclusions for Elastic Agent
 2023-05-30 19:27:13 -04:00
Wes e5117a343d Change description 2023-05-30 17:10:17 +00:00
Wes e910f04beb Add default description and Zeek log exclusions for Elastic Fleet 2023-05-30 03:10:52 +00:00
Mike Reeves 8ce0d76287 Zeek Annotations 2023-05-25 12:12:18 -04:00
Mike Reeves 3be3df00d1 Zeek Annotations 2023-05-25 12:10:15 -04:00
Mike Reeves bf4ac0c2dd Allow additional docker parameters 2023-05-18 17:08:39 -04:00
Mike Reeves 5315c51197 Allow additional docker parameters 2023-05-18 16:52:38 -04:00
Mike Reeves 0fd9fb9294 Allow additional docker parameters 2023-05-18 15:19:09 -04:00
m0duspwnens 63cea88c1d enable/disable influxdb in ui 2023-05-11 12:43:06 -04:00
m0duspwnens 9049f9cf03 enabled/disable elastalert via web ui 2023-05-08 15:56:26 -04:00
m0duspwnens d5c7eec4ef enabled false by default, enabled via pillar in so-minion 2023-05-08 13:43:53 -04:00
m0duspwnens 5d50dbb69e enabled/disable zeek 2023-05-08 10:12:32 -04:00
m0duspwnens 743bbfea35 add zeek.enabled to zeek annotation file 2023-05-05 17:09:01 -04:00
m0duspwnens e8a5a5bffb import GLOBALS 2023-05-05 16:44:46 -04:00
m0duspwnens a97fa9675b enable/disable zeek in ui 2023-05-05 16:33:59 -04:00
Mike Reeves cbd1c05929 Sbin Changes 2023-05-04 10:36:03 -04:00
Mike Reeves d5c4a2887e Fix annotations and defaults for logstash 2023-05-03 13:37:06 -04:00