CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-03-17 18:25:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,846 Commits 32 Branches 123 Tags
3/dev
Commit Graph

17846 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Patterson
d2d2f0cb5f Merge pull request #15627 from Security-Onion-Solutions/delta 
old code cleanup. add ja4 toggle in soc.
 2026-03-17 13:24:59 -04:00
Josh Patterson
7bf63b822d replace placeholder files with .gitkeep to keep empty directories 2026-03-17 11:40:49 -04:00
Josh Patterson
1a7d72c630 ensure empty directory tracked by git 2026-03-17 11:11:02 -04:00
Josh Patterson
4224713cc6 Merge pull request #15624 from Security-Onion-Solutions/moreja 
Add SOC UI toggle for JA4+ fingerprinting
 2026-03-17 09:44:04 -04:00
Mike Reeves
b452e70419 Keep JA4S_raw and JA4H_raw hardcoded to disabled 2026-03-17 09:37:37 -04:00
Mike Reeves
6809497730 Add SOC UI toggle for JA4+ fingerprinting in Zeek 
JA4 (BSD licensed) remains always enabled, but JA4+ variants (JA4S,
JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X) require a FoxIO license
and are now toggleable via the SOC UI. The toggle includes a license
agreement warning and defaults to disabled.
 2026-03-17 09:35:31 -04:00
Jason Ertel
70597a77ab Merge pull request #15623 from Security-Onion-Solutions/jertel/wip 
fix hydra health check
 2026-03-17 07:53:00 -04:00
Jason Ertel
f5faf86cb3 fix hydra health check 2026-03-17 07:50:40 -04:00
Mike Reeves
be4e253620 Merge pull request #15621 from Security-Onion-Solutions/analyzer-cp314-wheels 
Rebuild analyzer source-packages wheels for Python 3.14
 2026-03-16 19:07:27 -04:00
Mike Reeves
ebc1152376 Rebuild all analyzer source-packages for Python 3.14 
Full rebuild of all analyzer source-packages via pip download targeting
cp314/manylinux_2_17_x86_64 to match the so-soc Dockerfile base image
(python:3.14.3-slim).

Replaces cp313 wheels with cp314 for pyyaml and charset_normalizer,
and picks up certifi 2026.2.25 (from 2026.1.4).
 2026-03-16 18:58:24 -04:00
Mike Reeves
625bfb3ba7 Rebuild analyzer source-packages wheels for Python 3.14 
The so-soc Dockerfile base image moved to python:3.14.3-slim but
analyzer source-packages still contained cp313 wheels for pyyaml and
charset_normalizer, causing pip install failures at container startup.

Replace all cp313 wheels with cp314 builds (pyyaml 6.0.3,
charset_normalizer 3.4.6) across all 14 analyzers and update the
CI python-test workflow to match.
 2026-03-16 18:58:23 -04:00
Jason Ertel
c11b83c712 Merge pull request #15622 from Security-Onion-Solutions/jertel/wip 
fix health check for new hydra version
 2026-03-16 18:45:34 -04:00
Jason Ertel
a3b471c1d1 fix health check for new hydra version 2026-03-16 18:43:36 -04:00
Mike Reeves
64bb0dfb5b Merge pull request #15610 from Security-Onion-Solutions/moresoup 
Add -r flag to so-yaml get and migrate pcap pillar to suricata
 2026-03-16 17:36:32 -04:00
Mike Reeves
ddb26a9f42 Add test for raw dict output in so-yaml get to reach 100% coverage 
Covers the dict/list branch in raw mode (line 358) that was missing
test coverage.
 2026-03-16 17:19:14 -04:00
Josh Patterson
744d8fdd5e Merge pull request #15620 from Security-Onion-Solutions/mreeves/remove-non-oracle9-salt 
Remove non-Oracle Linux 9 support from salt states
 2026-03-16 17:10:24 -04:00
Josh Patterson
6feb06e623 cleanup preflight 2026-03-16 17:02:36 -04:00
Mike Reeves
afc14ec29d Remove non-Oracle Linux 9 support from salt states 
Simplifies salt states, map files, and modules to only support
Oracle Linux 9, removing all Debian/Ubuntu/CentOS/Rocky/AlmaLinux/RHEL
conditional branches.
 2026-03-16 16:58:39 -04:00
Josh Patterson
59134c65d0 Merge pull request #15619 from Security-Onion-Solutions/mreeves/remove-non-oracle9-support 
Remove support for non-Oracle Linux 9 operating systems
 2026-03-16 16:55:59 -04:00
Josh Patterson
614537998a remove curator.disabled from top 2026-03-16 16:44:11 -04:00
Mike Reeves
d2cee468a0 Remove support for non-Oracle Linux 9 operating systems 
Security Onion now exclusively supports Oracle Linux 9. This removes
detection, setup, and update logic for Ubuntu, Debian, CentOS, Rocky,
AlmaLinux, and RHEL.
 2026-03-16 16:44:07 -04:00
Josh Patterson
94f454c311 cleanup file.absent 2026-03-16 15:57:15 -04:00
Josh Patterson
17881c9a36 cleanup highlander 2026-03-16 15:56:16 -04:00
Josh Patterson
5b2def6fdd Merge pull request #15618 from Security-Onion-Solutions/delta 
forcedType bool
 2026-03-16 12:50:06 -04:00
Josh Patterson
9b6d29212d forcedType bool 2026-03-16 12:46:25 -04:00
Josh Patterson
c1bff03b1c Merge pull request #15615 from Security-Onion-Solutions/delta 
initialize pcap-log
 2026-03-14 20:33:28 -04:00
Josh Patterson
b00f113658 initialize pcap-log 2026-03-14 19:45:50 -04:00
Jason Ertel
7dcd923ebf Merge pull request #15612 from Security-Onion-Solutions/jertel/wip 
API errors will no longer redirect
 2026-03-13 17:04:51 -04:00
Jason Ertel
1fcd8a7c1a API errors will no longer redirect 2026-03-13 16:53:38 -04:00
Mike Reeves
4a89f7f26b Add -r flag to so-yaml get for raw output without YAML formatting 
Preserve default get behavior with yaml.safe_dump output for backwards
compatibility. Add -r flag for clean scalar output used by soup pcap
migration.
 2026-03-13 16:24:41 -04:00
Mike Reeves
a9196348ab Merge pull request #15609 from Security-Onion-Solutions/moresoup 
Moresoup
 2026-03-13 16:16:35 -04:00
Mike Reeves
12dec366e0 Fix so-yaml get to output booleans in YAML format and add bool test 2026-03-13 15:58:47 -04:00
Mike Reeves
1713f6af76 Fix so-yaml tests to match scalar output without document end marker 2026-03-13 15:53:53 -04:00
Mike Reeves
7f4adb70bd Fix so-yaml get to print scalar values without YAML document end marker 2026-03-13 15:34:04 -04:00
Mike Reeves
e2483e4be0 Fix so-yaml addKey crash when intermediate key has None value 2026-03-13 15:22:29 -04:00
Mike Reeves
322c0b8d56 Move pcap.enabled under suricata.pcap.enabled in so-minion 2026-03-13 15:14:19 -04:00
Mike Reeves
81c1d8362d Fix pcap migration to strip yaml document end marker from so-yaml output 2026-03-13 15:09:37 -04:00
Mike Reeves
d1156ee3fd Merge pull request #15608 from Security-Onion-Solutions/moresoup 
Improve soup version checks and migrate pcap to suricata
 2026-03-13 14:59:57 -04:00
Mike Reeves
18f971954b Improve soup version checks and migrate pcap pillar to suricata 
Consolidate version checks to use regex patterns for 2.4.21X and 3.x
versions. Add migrate_pcap_to_suricata to move pcap.enabled to
suricata.pcap.enabled in minion and pcap pillar files during upgrade.
 2026-03-13 14:54:23 -04:00
Josh Patterson
e55ac7062c Merge pull request #15574 from Security-Onion-Solutions/delta 
pcap cleanup state. enable/disable pcap for suricata in soc
 2026-03-13 14:54:06 -04:00
Josh Patterson
c178eada22 Merge pull request #15595 from Security-Onion-Solutions/TOoSmOotH-patch-5 
Update version check to include 2.4.211
 2026-03-13 14:32:59 -04:00
Doug Burks
92213e302f Merge pull request #15603 from Security-Onion-Solutions/dougburks-patch-1 
Remove version 3.0.0 from 2.4 discussion template
 2026-03-13 10:53:24 -04:00
Doug Burks
72193b0249 Remove version 3.0.0 from 2.4 discussion template 2026-03-13 10:51:25 -04:00
Mike Reeves
066d7106b0 Merge pull request #15599 from Security-Onion-Solutions/TOoSmOotH-patch-6 
Add version 2.4.211 to discussion template
 2026-03-13 10:49:12 -04:00
Doug Burks
589de8e361 Update discussion template by removing unsupported options 
Removed unsupported network installation options for Red Hat, Ubuntu, and Debian.
 2026-03-13 10:48:15 -04:00
Doug Burks
914cd8b611 Add discussion template for Security Onion 3.0 2026-03-12 13:52:41 -04:00
Doug Burks
845290595e Delete .github/DISCUSSION_TEMPLATE/3.0.yml 2026-03-12 13:52:14 -04:00
Doug Burks
544b60d111 Add discussion template for version 3.0 2026-03-12 13:51:27 -04:00
Mike Reeves
aa0787b0ff Add version 2.4.211 to discussion template 2026-03-12 13:11:43 -04:00
Mike Reeves
89f144df75 Remove upgrade instructions for 2.4 branch 
Removed outdated instructions for upgrading to the latest 2.4 branch.
 2026-03-11 16:05:06 -04:00