5b3ca98b80
Fix JA4+ license link in soc_zeek.yaml
...
Updated the license link in the JA4+ fingerprinting description.
2026-04-06 10:12:37 -04:00
d4ac352b5a
Enable clean option for Zeek configuration
2026-03-24 09:54:49 -04:00
3b269e8b82
Merge remote-tracking branch 'origin/3/dev' into delta
2026-03-19 15:14:06 -04:00
d3938b61d2
ja4plus nest enabled under ja4plus key for defaults
2026-03-19 12:39:37 -04:00
c2c5aea244
ensure bool sliders for each state:enabled annotation
2026-03-19 12:35:38 -04:00
83b7fecbbc
ja4plus cleanup
2026-03-19 11:12:24 -04:00
d227cf71c8
ja4plus cleanup
2026-03-19 11:01:40 -04:00
74ad2990a7
Merge remote-tracking branch 'origin/3/dev' into delta
2026-03-18 13:05:02 -04:00
e19e83bebb
allow user defined ulimits
2026-03-18 10:38:15 -04:00
930985b770
update helpLink references for new documentation
2026-03-18 09:46:45 -04:00
2349750e13
DOCKER to DOCKERMERGED
2026-03-17 16:19:02 -04:00
00986dc2fd
Merge remote-tracking branch 'origin/delta' into customulimit
2026-03-17 16:04:09 -04:00
2d97dfc8a1
Add customizable ulimit settings for all Docker containers
...
Add ulimits as a configurable advanced setting for every container,
allowing customization through the web UI. Move hardcoded ulimits
from elasticsearch and zeek into defaults.yaml and fix elasticsearch
ulimits that were incorrectly nested under the environment key.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-17 15:10:42 -04:00
4dc377c99f
DOCKER to DOCKERMERGED
2026-03-17 15:06:06 -04:00
4bb61d999d
Merge pull request #15628 from Security-Onion-Solutions/zeekload
...
Add salt states for custom Zeek package loading
2026-03-17 13:40:14 -04:00
e0e0e3e97b
Exclude README from zkg sync
2026-03-17 13:36:56 -04:00
6b039b3f94
Consolidate zkg directory creation into file.recurse with makedirs
2026-03-17 13:36:03 -04:00
e6ee7dac7c
Add salt states for custom Zeek package loading
...
Create /opt/so/conf/zeek/zkg directory and sync custom packages
from the manager via file.recurse. Bind mount the directory into
the so-zeek container so the entrypoint can install packages on
startup.
2026-03-17 13:22:59 -04:00
b452e70419
Keep JA4S_raw and JA4H_raw hardcoded to disabled
2026-03-17 09:37:37 -04:00
6809497730
Add SOC UI toggle for JA4+ fingerprinting in Zeek
...
JA4 (BSD licensed) remains always enabled, but JA4+ variants (JA4S,
JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X) require a FoxIO license
and are now toggleable via the SOC UI. The toggle includes a license
agreement warning and defaults to disabled.
2026-03-17 09:35:31 -04:00
63bb44886e
Add JA4D option to config.zeek.ja4
2025-12-01 10:00:42 -05:00
136a829509
detect-sqli deprecated in favor of detect-sql-injection
2025-11-14 16:51:00 -06:00
18c0f197b2
suricata bpf
2025-11-10 13:28:19 -05:00
c16bf50493
Update files
2025-10-07 14:20:25 -04:00
6b8e2e2643
Add Filters
2025-10-01 19:58:07 -04:00
a19b99268d
don't create unused zeek home directory
2025-08-12 15:44:50 -05:00
2a166af524
UPGRADE: Zeek Ethercat plugin #14783
2025-07-22 16:10:44 -04:00
eabca5df18
Update defaults.yaml
2025-07-21 11:01:33 -04:00
5dac3ff2a6
Update enabled.sls
2025-07-21 10:58:25 -04:00
93024738d3
Update config.sls
2025-07-21 10:57:45 -04:00
05a368681a
Create config.zeek.ja4
2025-07-21 10:53:54 -04:00
b55cb257b6
Add parsing for Playbook
2025-05-19 13:25:27 -04:00
af6245f19d
add zeek file_extraction forcedType for instances where a single line is speciifed
2025-03-17 14:30:17 -05:00
14cb41ea87
Merge pull request #14001 from Security-Onion-Solutions/reyesj2/zeekvpn
...
add openvpn & ipsec support to Zeek
2024-12-06 12:06:02 -06:00
1de20e9d43
fix zeek file extract
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2024-12-06 09:55:56 -06:00
754d28e95d
add openvpn & ipsec support to Zeek
2024-12-05 09:52:55 -06:00
1113c3924f
zeek http2
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2024-11-14 09:09:23 -06:00
ba7a6dbbf0
Remove tuning/defaults "Remove in v7.1 The policy/tuning/defaults package is deprecated. The options set here are now the defaults for Zeek in general."
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2024-11-12 18:37:46 -06:00
0566f46d5b
Clarify enabled settings
2024-09-16 10:41:01 -04:00
217bb388a0
Clarify enabled settings
2024-09-16 10:05:17 -04:00
66563a4da0
zeek networks will only ever have one HOME_NETWORKS setting
2024-05-01 09:31:11 -04:00
d0e140cf7b
zeek networks will only ever have one HOME_NETWORKS setting
2024-05-01 09:30:52 -04:00
87c6d0a820
zeek networks will only ever have one HOME_NETWORKS setting
2024-05-01 09:29:36 -04:00
84db82852c
annotation updates for custom settings
2024-04-30 15:14:56 -04:00
d57f773072
Fix regex to allow ipv6 in bpfs
2024-03-27 09:36:42 -04:00
dfe707ab64
fix issue/11610
2023-10-24 17:26:39 -04:00
dd28dc6ddd
Add back plugin-tds/ plugin-profinet. Using patched versions for Zeek 6
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2023-10-18 15:30:32 -04:00
ed693a7ae6
Remove commented lines in defaults.yaml to avoid UI issues.
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2023-10-16 15:48:51 -04:00
e5c936e8cf
Replace external zeek-community-id with builtin community-id. Disable plugin-tds + plugin-profinet. Not updated for Zeek 6.x
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2023-10-16 15:18:26 -04:00
2427344dca
Update defaults.yaml
2023-09-27 15:58:58 -04:00
Mike Reeves
Josh Patterson
Mike Reeves
Doug Burks
reyesj2
Josh Brower
Jason Ertel