CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-03-24 21:42:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,939 Commits 42 Branches 123 Tags
3/dev
Commit Graph

184 Commits

Author SHA1 Message Date
Mike Reeves
d4ac352b5a Enable clean option for Zeek configuration 2026-03-24 09:54:49 -04:00
Josh Patterson
3b269e8b82 Merge remote-tracking branch 'origin/3/dev' into delta 2026-03-19 15:14:06 -04:00
Mike Reeves
d3938b61d2 ja4plus nest enabled under ja4plus key for defaults 2026-03-19 12:39:37 -04:00
Josh Patterson
c2c5aea244 ensure bool sliders for each state:enabled annotation 2026-03-19 12:35:38 -04:00
Mike Reeves
83b7fecbbc ja4plus cleanup 2026-03-19 11:12:24 -04:00
Mike Reeves
d227cf71c8 ja4plus cleanup 2026-03-19 11:01:40 -04:00
Josh Patterson
74ad2990a7 Merge remote-tracking branch 'origin/3/dev' into delta 2026-03-18 13:05:02 -04:00
Josh Patterson
e19e83bebb allow user defined ulimits 2026-03-18 10:38:15 -04:00
Doug Burks
930985b770 update helpLink references for new documentation 2026-03-18 09:46:45 -04:00
Josh Patterson
2349750e13 DOCKER to DOCKERMERGED 2026-03-17 16:19:02 -04:00
Josh Patterson
00986dc2fd Merge remote-tracking branch 'origin/delta' into customulimit 2026-03-17 16:04:09 -04:00
Mike Reeves
2d97dfc8a1 Add customizable ulimit settings for all Docker containers 
Add ulimits as a configurable advanced setting for every container,
allowing customization through the web UI. Move hardcoded ulimits
from elasticsearch and zeek into defaults.yaml and fix elasticsearch
ulimits that were incorrectly nested under the environment key.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-17 15:10:42 -04:00
Josh Patterson
4dc377c99f DOCKER to DOCKERMERGED 2026-03-17 15:06:06 -04:00
Mike Reeves
4bb61d999d Merge pull request #15628 from Security-Onion-Solutions/zeekload 
Add salt states for custom Zeek package loading
 2026-03-17 13:40:14 -04:00
Mike Reeves
e0e0e3e97b Exclude README from zkg sync 2026-03-17 13:36:56 -04:00
Mike Reeves
6b039b3f94 Consolidate zkg directory creation into file.recurse with makedirs 2026-03-17 13:36:03 -04:00
Mike Reeves
e6ee7dac7c Add salt states for custom Zeek package loading 
Create /opt/so/conf/zeek/zkg directory and sync custom packages
from the manager via file.recurse. Bind mount the directory into
the so-zeek container so the entrypoint can install packages on
startup.
 2026-03-17 13:22:59 -04:00
Mike Reeves
b452e70419 Keep JA4S_raw and JA4H_raw hardcoded to disabled 2026-03-17 09:37:37 -04:00
Mike Reeves
6809497730 Add SOC UI toggle for JA4+ fingerprinting in Zeek 
JA4 (BSD licensed) remains always enabled, but JA4+ variants (JA4S,
JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X) require a FoxIO license
and are now toggleable via the SOC UI. The toggle includes a license
agreement warning and defaults to disabled.
 2026-03-17 09:35:31 -04:00
Mike Reeves
63bb44886e Add JA4D option to config.zeek.ja4 2025-12-01 10:00:42 -05:00
reyesj2
136a829509 detect-sqli deprecated in favor of detect-sql-injection 2025-11-14 16:51:00 -06:00
Josh Patterson
18c0f197b2 suricata bpf 2025-11-10 13:28:19 -05:00
Mike Reeves
c16bf50493 Update files 2025-10-07 14:20:25 -04:00
Mike Reeves
6b8e2e2643 Add Filters 2025-10-01 19:58:07 -04:00
reyesj2
a19b99268d don't create unused zeek home directory 2025-08-12 15:44:50 -05:00
Doug Burks
2a166af524 UPGRADE: Zeek Ethercat plugin #14783 2025-07-22 16:10:44 -04:00
Mike Reeves
eabca5df18 Update defaults.yaml 2025-07-21 11:01:33 -04:00
Mike Reeves
5dac3ff2a6 Update enabled.sls 2025-07-21 10:58:25 -04:00
Mike Reeves
93024738d3 Update config.sls 2025-07-21 10:57:45 -04:00
Mike Reeves
05a368681a Create config.zeek.ja4 2025-07-21 10:53:54 -04:00
Josh Brower
b55cb257b6 Add parsing for Playbook 2025-05-19 13:25:27 -04:00
reyesj2
af6245f19d add zeek file_extraction forcedType for instances where a single line is speciifed 2025-03-17 14:30:17 -05:00
Jorge Reyes
14cb41ea87 Merge pull request #14001 from Security-Onion-Solutions/reyesj2/zeekvpn 
add openvpn & ipsec support to Zeek
 2024-12-06 12:06:02 -06:00
reyesj2
1de20e9d43 fix zeek file extract 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-12-06 09:55:56 -06:00
reyesj2
754d28e95d add openvpn & ipsec support to Zeek 2024-12-05 09:52:55 -06:00
reyesj2
1113c3924f zeek http2 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-14 09:09:23 -06:00
reyesj2
ba7a6dbbf0 Remove tuning/defaults "Remove in v7.1 The policy/tuning/defaults package is deprecated. The options set here are now the defaults for Zeek in general." 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-11-12 18:37:46 -06:00
Jason Ertel
0566f46d5b Clarify enabled settings 2024-09-16 10:41:01 -04:00
Jason Ertel
217bb388a0 Clarify enabled settings 2024-09-16 10:05:17 -04:00
Jason Ertel
66563a4da0 zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:31:11 -04:00
Jason Ertel
d0e140cf7b zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:30:52 -04:00
Jason Ertel
87c6d0a820 zeek networks will only ever have one HOME_NETWORKS setting 2024-05-01 09:29:36 -04:00
Jason Ertel
84db82852c annotation updates for custom settings 2024-04-30 15:14:56 -04:00
Mike Reeves
d57f773072 Fix regex to allow ipv6 in bpfs 2024-03-27 09:36:42 -04:00
m0duspwnens
dfe707ab64 fix issue/11610 2023-10-24 17:26:39 -04:00
reyesj2
dd28dc6ddd Add back plugin-tds/ plugin-profinet. Using patched versions for Zeek 6 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2023-10-18 15:30:32 -04:00
reyesj2
ed693a7ae6 Remove commented lines in defaults.yaml to avoid UI issues. 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2023-10-16 15:48:51 -04:00
reyesj2
e5c936e8cf Replace external zeek-community-id with builtin community-id. Disable plugin-tds + plugin-profinet. Not updated for Zeek 6.x 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2023-10-16 15:18:26 -04:00
Mike Reeves
2427344dca Update defaults.yaml 2023-09-27 15:58:58 -04:00
Mike Reeves
f094b1162d Update defaults.yaml 2023-09-27 15:48:05 -04:00