securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-02 10:51:51 +02:00

Author	SHA1	Message	Date
Mike Reeves	d3938b61d2	ja4plus nest enabled under ja4plus key for defaults	2026-03-19 12:39:37 -04:00
Mike Reeves	d227cf71c8	ja4plus cleanup	2026-03-19 11:01:40 -04:00
Mike Reeves	6809497730	Add SOC UI toggle for JA4+ fingerprinting in Zeek JA4 (BSD licensed) remains always enabled, but JA4+ variants (JA4S, JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X) require a FoxIO license and are now toggleable via the SOC UI. The toggle includes a license agreement warning and defaults to disabled.	2026-03-17 09:35:31 -04:00
reyesj2	136a829509	detect-sqli deprecated in favor of detect-sql-injection	2025-11-14 16:51:00 -06:00
Doug Burks	2a166af524	UPGRADE: Zeek Ethercat plugin #14783	2025-07-22 16:10:44 -04:00
Mike Reeves	eabca5df18	Update defaults.yaml	2025-07-21 11:01:33 -04:00
Josh Brower	b55cb257b6	Add parsing for Playbook	2025-05-19 13:25:27 -04:00
Jorge Reyes	14cb41ea87	Merge pull request #14001 from Security-Onion-Solutions/reyesj2/zeekvpn add openvpn & ipsec support to Zeek	2024-12-06 12:06:02 -06:00
reyesj2	1de20e9d43	fix zeek file extract Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>	2024-12-06 09:55:56 -06:00
reyesj2	754d28e95d	add openvpn & ipsec support to Zeek	2024-12-05 09:52:55 -06:00
reyesj2	1113c3924f	zeek http2 Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>	2024-11-14 09:09:23 -06:00
reyesj2	ba7a6dbbf0	Remove tuning/defaults "Remove in v7.1 The policy/tuning/defaults package is deprecated. The options set here are now the defaults for Zeek in general." Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>	2024-11-12 18:37:46 -06:00
reyesj2	dd28dc6ddd	Add back plugin-tds/ plugin-profinet. Using patched versions for Zeek 6 Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>	2023-10-18 15:30:32 -04:00
reyesj2	ed693a7ae6	Remove commented lines in defaults.yaml to avoid UI issues. Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>	2023-10-16 15:48:51 -04:00
reyesj2	e5c936e8cf	Replace external zeek-community-id with builtin community-id. Disable plugin-tds + plugin-profinet. Not updated for Zeek 6.x Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>	2023-10-16 15:18:26 -04:00
Mike Reeves	2427344dca	Update defaults.yaml	2023-09-27 15:58:58 -04:00
Mike Reeves	f094b1162d	Update defaults.yaml	2023-09-27 15:48:05 -04:00
weslambert	36791665f3	Merge pull request #10462 from Security-Onion-Solutions/feature/elastic_agent_zeek_logging Dynamic integration configuration and Zeek log exclusions for Elastic Agent	2023-05-30 19:27:13 -04:00
Wes	e910f04beb	Add default description and Zeek log exclusions for Elastic Fleet	2023-05-30 03:10:52 +00:00
Mike Reeves	3be3df00d1	Zeek Annotations	2023-05-25 12:10:15 -04:00
m0duspwnens	d5c7eec4ef	enabled false by default, enabled via pillar in so-minion	2023-05-08 13:43:53 -04:00
m0duspwnens	a97fa9675b	enable/disable zeek in ui	2023-05-05 16:33:59 -04:00
m0duspwnens	b0f9585da1	Merge remote-tracking branch 'origin/2.4/dev' into issue/10050	2023-04-18 11:31:00 -04:00
Mike Reeves	04eb73ac27	Update defaults.yaml	2023-04-12 10:06:23 -04:00
m0duspwnens	1be86cdf8e	issue 10050 and issue 10062	2023-03-29 17:21:40 -04:00
m0duspwnens	903ad530fe	move zeek bpf from zeek pillar to bpf pillar	2023-03-20 15:28:33 -04:00
Doug Burks	4a2e75dd8c	fix formatting	2023-03-03 17:16:45 -05:00
Doug Burks	adb925b4d6	enable zeek vlan script	2023-03-03 12:48:42 -05:00
Wes	c741fe6b4d	Ensure ICS/SCADA plugins/scripts are enabled	2022-12-06 16:23:26 +00:00
m0duspwnens	1685e0e6db	few more	2022-09-20 15:25:50 -04:00
m0duspwnens	75aa121b2d	fix some things	2022-09-20 13:19:15 -04:00
m0duspwnens	d1ee3a7d04	zeek 2.4	2022-09-20 11:11:29 -04:00
Mike Reeves	2254512a2a	Add more logging to setup process	2022-09-12 12:48:02 -04:00
Mike Reeves	2bd9dd80e2	Move In Day	2022-09-07 09:06:25 -04:00

34 Commits