CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-17 10:12:05 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,050 Commits 31 Branches 125 Tags
bravo
Commit Graph

736 Commits

Author SHA1 Message Date
Mike Reeves
f7b80f5931 Merge branch '3/dev' into feature/postgres 2026-04-16 16:37:02 -04:00
Mike Reeves
f11d315fea Fix soup 2026-04-16 16:35:24 -04:00
Mike Reeves
2013bf9e30 Fix soup 2026-04-16 16:20:25 -04:00
Mike Reeves
a2ffb92b8d Fix soup 2026-04-16 16:19:53 -04:00
Jorge Reyes
7d22f7bd58 Merge pull request #15776 from Security-Onion-Solutions/foxtrot 
ES 9.3.3
 2026-04-15 16:29:34 -05:00
Mike Reeves
cefbe01333 Add telegraf_output selector for InfluxDB/Postgres dual-write 
Introduces global.telegraf_output (INFLUXDB|POSTGRES|BOTH, default BOTH)
so Telegraf can write metrics to Postgres alongside or instead of
InfluxDB. Each minion authenticates with its own so_telegraf_<minion>
role and writes to a matching schema inside a shared so_telegraf
database, keeping blast radius per-credential to that minion's data.

- Per-minion credentials auto-generated and persisted in postgres/auth.sls
- postgres/telegraf_users.sls reconciles roles/schemas on every apply
- Firewall opens 5432 only to minion hostgroups when Postgres output is active
- Reactor on salt/auth + orch/telegraf_postgres_sync.sls provision new
  minions automatically on key accept
- soup post_to_3.1.0 backfills users for existing minions on upgrade
- so-show-stats prints latest CPU/mem/disk/load per minion for sanity checks
- so-telegraf-trim + nightly cron prune rows older than
  postgres.telegraf.retention_days (default 14)
 2026-04-15 14:32:10 -04:00
reyesj2
d598e20fbb soup 3.1.0 2026-04-14 14:55:33 -05:00
Jason Ertel
5634aed679 support minion node descriptions containing spaces 2026-04-13 15:19:39 -04:00
Mike Reeves
c91deb97b1 Update SOUP_BRANCH to use 3/main instead of 2.4/main 2026-03-31 15:07:23 -04:00
Josh Patterson
f0f9de4b44 add status updates for pillar conversions 2026-03-20 16:12:10 -04:00
Josh Patterson
e857a8487a convert suricata pillar data yes/no to true/false 2026-03-20 15:35:44 -04:00
Jorge Reyes
20c4da50b1 Merge pull request #15632 from Security-Onion-Solutions/reyesj2-15601 
fix global override settings affecting non-data stream indices
 2026-03-18 10:51:17 -05:00
reyesj2
1a943aefc5 rollover datastreams to get latest index templates + remove existing ilm policies from so-case / so-detection indices 2026-03-17 13:49:20 -05:00
Josh Patterson
4224713cc6 Merge pull request #15624 from Security-Onion-Solutions/moreja 
Add SOC UI toggle for JA4+ fingerprinting
 2026-03-17 09:44:04 -04:00
Jason Ertel
a3b471c1d1 fix health check for new hydra version 2026-03-16 18:43:36 -04:00
Mike Reeves
64bb0dfb5b Merge pull request #15610 from Security-Onion-Solutions/moresoup 
Add -r flag to so-yaml get and migrate pcap pillar to suricata
 2026-03-16 17:36:32 -04:00
Mike Reeves
ddb26a9f42 Add test for raw dict output in so-yaml get to reach 100% coverage 
Covers the dict/list branch in raw mode (line 358) that was missing
test coverage.
 2026-03-16 17:19:14 -04:00
Mike Reeves
d2cee468a0 Remove support for non-Oracle Linux 9 operating systems 
Security Onion now exclusively supports Oracle Linux 9. This removes
detection, setup, and update logic for Ubuntu, Debian, CentOS, Rocky,
AlmaLinux, and RHEL.
 2026-03-16 16:44:07 -04:00
Jason Ertel
7dcd923ebf Merge pull request #15612 from Security-Onion-Solutions/jertel/wip 
API errors will no longer redirect
 2026-03-13 17:04:51 -04:00
Jason Ertel
1fcd8a7c1a API errors will no longer redirect 2026-03-13 16:53:38 -04:00
Mike Reeves
4a89f7f26b Add -r flag to so-yaml get for raw output without YAML formatting 
Preserve default get behavior with yaml.safe_dump output for backwards
compatibility. Add -r flag for clean scalar output used by soup pcap
migration.
 2026-03-13 16:24:41 -04:00
Mike Reeves
12dec366e0 Fix so-yaml get to output booleans in YAML format and add bool test 2026-03-13 15:58:47 -04:00
Mike Reeves
1713f6af76 Fix so-yaml tests to match scalar output without document end marker 2026-03-13 15:53:53 -04:00
Mike Reeves
7f4adb70bd Fix so-yaml get to print scalar values without YAML document end marker 2026-03-13 15:34:04 -04:00
Mike Reeves
e2483e4be0 Fix so-yaml addKey crash when intermediate key has None value 2026-03-13 15:22:29 -04:00
Mike Reeves
322c0b8d56 Move pcap.enabled under suricata.pcap.enabled in so-minion 2026-03-13 15:14:19 -04:00
Mike Reeves
81c1d8362d Fix pcap migration to strip yaml document end marker from so-yaml output 2026-03-13 15:09:37 -04:00
Mike Reeves
18f971954b Improve soup version checks and migrate pcap pillar to suricata 
Consolidate version checks to use regex patterns for 2.4.21X and 3.x
versions. Add migrate_pcap_to_suricata to move pcap.enabled to
suricata.pcap.enabled in minion and pcap pillar files during upgrade.
 2026-03-13 14:54:23 -04:00
Mike Reeves
89f144df75 Remove upgrade instructions for 2.4 branch 
Removed outdated instructions for upgrading to the latest 2.4 branch.
 2026-03-11 16:05:06 -04:00
Mike Reeves
cfccbe2bed Update version check to include 2.4.211 2026-03-11 15:59:23 -04:00
Mike Reeves
4539024280 Add minimum version check and fix function call syntax in soup 
Require at least Security Onion 2.4.210 before allowing upgrade.
Fix determine_elastic_agent_upgrade() call syntax (remove parens).
 2026-03-10 15:05:52 -04:00
Mike Reeves
91759587f5 Update version numbers for upgrade scripts 2026-03-10 14:58:43 -04:00
Mike Reeves
bc9841ea8c Refactor upgrade functions and remove unused code 
Removed deprecated functions and updated version checks for upgrades.
 2026-03-10 14:45:40 -04:00
Mike Reeves
685e22bd68 soup cleanup 2026-03-10 11:58:06 -04:00
Mike Reeves
d78a5867b8 Refactor upgrade functions and version checks 
Removed redundant upgrade functions and streamlined version checks.
 2026-03-09 17:10:18 -04:00
Jason Ertel
2c4d833a5b update 2.4 references to 3 2026-03-05 11:05:19 -05:00
Jason Ertel
863276e24f Merge pull request #15539 from Security-Onion-Solutions/jertel/wip 
prepare for nextgen docs
 2026-02-27 13:18:47 -05:00
Jason Ertel
9bd5e1897a prepare for nextgen docs 2026-02-27 13:09:55 -05:00
Josh Brower
17e3a4bf21 Merge pull request #15536 from Security-Onion-Solutions/idstools-cleanup 
Move rm to post
 2026-02-27 08:39:50 -05:00
DefensiveDepth
2284283b17 Move rm to post 2026-02-27 08:35:28 -05:00
Josh Patterson
972aa1f8a1 Merge pull request #15534 from Security-Onion-Solutions/bravo 
restart salt minion before failing if not ready
 2026-02-26 15:20:44 -05:00
Josh Patterson
79d9b6e0a4 restart salt minion before failing if not ready 2026-02-26 12:05:21 -05:00
DefensiveDepth
5e7b0cfe0e Cleanup idstools 2026-02-26 09:05:54 -05:00
Mike Reeves
fa479c4b89 Merge pull request #15517 from Security-Onion-Solutions/souppcap 
Add Support for upgrading to 3.0
 2026-02-24 10:11:24 -05:00
Mike Reeves
be35b59b8c Update echo messages for PCAP engine clarity 2026-02-24 10:04:26 -05:00
Josh Patterson
2375061cfa so-yaml.py tell which key not found 2026-02-23 13:19:03 -05:00
Josh Patterson
1a9a087af2 redirect not found if key isn't found 2026-02-23 13:17:38 -05:00
Josh Patterson
bf16de7bfd fix duplicate log lines in soup log 2026-02-23 12:07:04 -05:00
Josh Patterson
863c7abc8b fix soup failure if salt-relay isn't running 2026-02-23 11:36:20 -05:00
Mike Reeves
7170289a5e Continue upgrade after pcapengine is changed to SURICATA 
Instead of exiting and requiring the user to rerun the script after
changing pcapengine to SURICATA, let the script continue to the
version check and upgrade.
 2026-02-23 11:35:32 -05:00