CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-03-24 05:22:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,933 Commits 39 Branches 123 Tags
3/dev
Commit Graph

556 Commits

Author SHA1 Message Date
Josh Patterson
c2c5aea244 ensure bool sliders for each state:enabled annotation 2026-03-19 12:35:38 -04:00
Josh Patterson
74ad2990a7 Merge remote-tracking branch 'origin/3/dev' into delta 2026-03-18 13:05:02 -04:00
Josh Patterson
e19e83bebb allow user defined ulimits 2026-03-18 10:38:15 -04:00
Doug Burks
930985b770 update helpLink references for new documentation 2026-03-18 09:46:45 -04:00
Josh Patterson
2349750e13 DOCKER to DOCKERMERGED 2026-03-17 16:19:02 -04:00
Josh Patterson
00986dc2fd Merge remote-tracking branch 'origin/delta' into customulimit 2026-03-17 16:04:09 -04:00
Mike Reeves
2d97dfc8a1 Add customizable ulimit settings for all Docker containers 
Add ulimits as a configurable advanced setting for every container,
allowing customization through the web UI. Move hardcoded ulimits
from elasticsearch and zeek into defaults.yaml and fix elasticsearch
ulimits that were incorrectly nested under the environment key.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-17 15:10:42 -04:00
Josh Patterson
4dc377c99f DOCKER to DOCKERMERGED 2026-03-17 15:06:06 -04:00
Josh Patterson
94f454c311 cleanup file.absent 2026-03-16 15:57:15 -04:00
Josh Patterson
d381248e30 fix include 2026-01-20 16:27:37 -05:00
Josh Patterson
1234cbd04b allow logstash.ssl on so-eval 2026-01-20 09:30:32 -05:00
Josh Patterson
00fbc1c259 add back individual signing policies 2026-01-12 09:25:15 -05:00
Josh Patterson
3bc552ef38 Merge remote-tracking branch 'origin/2.4/dev' into bravo 2026-01-08 17:15:48 -05:00
reyesj2
7977a020ac elasticsearch 9.0.8 2025-12-16 16:03:47 -06:00
reyesj2
d518f75468 update deprecated config items 2025-12-11 20:07:06 -06:00
Josh Patterson
b9ff1704b0 the great ssl refactor 2025-12-11 17:30:06 -05:00
reyesj2
8773ebc3dc logstash wrappers for troubleshooting 2025-10-14 13:34:33 -05:00
Josh Patterson
4afc986f48 firewall and logstash pipeline for managerhype 2025-09-05 13:14:47 -04:00
Josh Patterson
ed80c4e13b Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-04-23 15:42:04 -04:00
reyesj2
30c4acb828 group 2025-04-21 16:38:16 -05:00
reyesj2
4ec185a9c7 make logstash and kratos homedirs 2025-04-21 16:26:20 -05:00
Jason Ertel
f5a8e917a4 researching install failures 2025-04-21 14:32:33 -04:00
Josh Patterson
07ef3d632c Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-04-15 08:08:12 -04:00
reyesj2
c0f9c344bb set logstash log rollover when log size exceeds 1G 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-04-14 08:13:27 -05:00
Josh Patterson
44a5b3b1e5 MANAGERHYPE setup is now complete! 2025-03-12 21:05:04 -04:00
reyesj2
dd17ee7665 fix defining custom logstash pipelines when kafka is enabled 2025-02-06 22:19:24 -06:00
defensivedepth
4c5099d429 Initial support for local lookup 2024-10-29 10:27:54 -04:00
m0duspwnens
5fb660bc9a remove kernel bool option, just use list 2024-10-17 09:29:03 -04:00
Jason Ertel
217bb388a0 Clarify enabled settings 2024-09-16 10:05:17 -04:00
m0duspwnens
8702d95434 only elasticsearch image uses es version 2024-09-09 16:38:38 -04:00
m0duspwnens
5a1d61a042 ref es version 2024-09-05 08:45:44 -04:00
m0duspwnens
cd9c9a25d3 reference elastic versions from defaults 2024-08-21 11:25:56 -04:00
reyesj2
7ea8d5efd0 Remove redis input pipeline from searchnodes when global pipeline is Kafka 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-12 14:44:10 -04:00
reyesj2
4182ff66a0 rearrange kafka pillar, declutters SOC ui 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-11 16:37:16 -04:00
reyesj2
d5faf535c3 Only interact with logstash configuration when Kafka pipeline is enabled otherwise leave it default 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-10 11:36:44 -04:00
reyesj2
8e1edd1d91 split Kafka ssl from ssl/init. Certs won't be generated until Kafka is enabled. Also runs some clean up for old Kafka certs 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-10 11:32:43 -04:00
reyesj2
d791b23838 Generate new Kafka truststore 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-10 11:29:09 -04:00
m0duspwnens
50f0c43212 merge dev 2024-06-26 12:33:32 -04:00
reyesj2
c332cd777c remove import/heavynode artifact caused by kafka cert not existing but being bound in docker. (empty dir created) 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-24 08:50:37 -04:00
m0duspwnens
469ca44016 fix maps 2024-06-20 16:53:12 -04:00
m0duspwnens
81fcd68e9b create and use redis:nodes and elasticsearch:nodes pillars 2024-06-20 16:42:11 -04:00
m0duspwnens
55f8303dc2 remove manager and search pipelines from heavynode 2024-06-17 10:06:43 -04:00
reyesj2
0b1175b46c kafka logstash input plugin handle empty brokers list 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-14 23:03:36 -04:00
reyesj2
8080e05444 on fresh install kafka nodes pillar may not have populated. Avoiding this by only generating kafka input pipeline when kafka nodes pillar is not empty 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-14 14:17:26 -04:00
reyesj2
f372b0907b Use kafka:password for kafka certs 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-12 15:41:10 -04:00
reyesj2
e8106befe9 Append '-securityonion' to all Security Onion related Kafka topics. Adjust logstash to ingest all topics ending in '-securityonion' to avoid having to manually list topic names 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-12 12:05:16 -04:00
reyesj2
b1beb617b3 Logstash should be disabled when Kafka is enabled except when a minion override exists OR node is a standalone 
- Standalone subscribes to Kafka topics via logstash for ingest

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-22 13:38:09 -04:00
reyesj2
2ad87bf1fe merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-08 16:30:45 -04:00
reyesj2
eca2a4a9c8 Logstash consumer threads should match topic partition count 
- Default is set to 3. If there are too many consumer threads it may lead to idle logstash worker threads and could require decreasing this value to saturate workers

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-08 16:17:09 -04:00
m0duspwnens
dcc1f656ee predownload logstash and elastic for new searchnode and heavynode 2024-05-07 10:13:51 -04:00