 weslambertandGitHub
|
5ae7e27ace
|
Merge pull request #12677 from Security-Onion-Solutions/fix/strelka_yara_ignore
Ignore more rules
|
2024-03-27 16:17:34 -04:00 |
|
 weslambertandGitHub
|
945d2abeed
|
Ignore more rules
|
2024-03-27 16:13:30 -04:00 |
|
 weslambertandGitHub
|
bc509a0aa9
|
Merge pull request #11772 from Security-Onion-Solutions/upgrade/elastic_8_10_4
Elastic 8.10.4
|
2023-11-13 09:36:49 -05:00 |
|
 weslambertandGitHub
|
18e319cbe3
|
Elastic 8.10.4
|
2023-11-13 09:17:33 -05:00 |
|
 weslambertandGitHub
|
b7cf44466c
|
Elastic 8.10.4
|
2023-11-13 09:16:23 -05:00 |
|
 weslambertandGitHub
|
43e402fad4
|
Merge pull request #11187 from Security-Onion-Solutions/fix/kibana_migration_version
Remove migration version
|
2023-08-28 11:48:58 -04:00 |
|
 weslambertandGitHub
|
170b408feb
|
Remove migration version
|
2023-08-28 11:26:35 -04:00 |
|
 weslambertandGitHub
|
e55725cca4
|
Merge pull request #11183 from Security-Onion-Solutions/feature/elastic_8_8_2
Elastic 8.8.2
|
2023-08-28 09:49:34 -04:00 |
|
 weslambertandGitHub
|
2b9f6b26d8
|
Elastic 8.8.2
|
2023-08-28 09:42:23 -04:00 |
|
 weslambertandGitHub
|
f10b67599e
|
Elastic 8.8.2
|
2023-08-28 09:41:36 -04:00 |
|
 weslambertandGitHub
|
e74c2fa1b0
|
Merge pull request #10605 from Security-Onion-Solutions/fix/analyzer_dependencies
Update dependencies
|
2023-06-16 07:51:50 -04:00 |
|
Wes
|
ffc91393e7
|
Update pulsedive dependencies
|
2023-06-15 22:14:41 +00:00 |
|
Wes
|
d0ab2db312
|
Update dependencies
|
2023-06-15 21:03:40 +00:00 |
|
 weslambertandGitHub
|
4906068c7f
|
Merge pull request #10495 from Security-Onion-Solutions/foxtrot
Update requests and whoisit
|
2023-06-05 10:53:49 -04:00 |
|
Wes
|
ef8eece53b
|
Update dependencies
|
2023-06-05 13:45:44 +00:00 |
|
 weslambertandGitHub
|
660a50c08d
|
Update whoisit to 2.7.0
|
2023-06-03 08:53:02 -04:00 |
|
Wes
|
5d326a3c32
|
Update dependencies
|
2023-06-01 16:26:04 +00:00 |
|
 weslambertandGitHub
|
2a907d3de3
|
Update version to 2.3.260
|
2023-06-01 12:04:35 -04:00 |
|
 weslambertandGitHub
|
33134b1814
|
Update requests and whist
|
2023-06-01 12:03:58 -04:00 |
|
 weslambertandGitHub
|
b0962da758
|
Update version to 2.3.0-foxtrot
|
2023-05-31 08:50:51 -04:00 |
|
 weslambertandGitHub
|
8148fd9e56
|
Merge pull request #10434 from Security-Onion-Solutions/foxtrot
Strelka 0.23.05.22 - Remove ScanRuby scanner
|
2023-05-26 12:45:03 -04:00 |
|
 weslambertandGitHub
|
1ee332b55b
|
Update version to 2.3.260
|
2023-05-26 08:31:11 -04:00 |
|
 weslambertandGitHub
|
873632ec4f
|
Remove ScanRuby scanner
|
2023-05-25 17:23:44 -04:00 |
|
 weslambertandGitHub
|
f8068d7975
|
Update version to 2.3.0-foxtrot
|
2023-05-25 16:14:29 -04:00 |
|
 weslambertandGitHub
|
a79ebea5c3
|
Update version value to 2.3.250-foxtrot
|
2023-05-25 15:29:07 -04:00 |
|
 weslambertandGitHub
|
2fdc3874ca
|
Update version to foxtrot
|
2023-05-25 14:35:52 -04:00 |
|
 weslambertandGitHub
|
834f45c0f2
|
Merge pull request #10286 from Security-Onion-Solutions/fix/strelka_ignore_yara_rules
Ignore "expl_outlook_cve_2023_23397.yar" and "gen_mal_3cx_compromise_mar23.yar" since they are causing problems with YARA compilation
|
2023-05-08 11:58:11 -04:00 |
|
 weslambertandGitHub
|
d4cf9efeca
|
Merge pull request #10303 from Security-Onion-Solutions/fix/kibana_pivot_to_pcap_url
Surround _id field in double quotes to prevent errors associated with values beginning with a hyphen
|
2023-05-08 11:55:22 -04:00 |
|
Wes
|
ed19c139ea
|
Surround _id field in double quotes to prevent errors associated with values beginning with a hyphen
|
2023-05-08 13:44:36 +00:00 |
|
 weslambertandGitHub
|
e9f58269cd
|
Ignore "expl_outlook_cve_2023_23397.yar" and "gen_mal_3cx_compromise_mar23.yar" since they are causing problems with YARA compilation
|
2023-05-04 16:13:59 -04:00 |
|
 weslambertandGitHub
|
9fb315c99d
|
Merge pull request #9870 from Security-Onion-Solutions/fix/curator_configuration_update_8.0.x
Update Curator configuration to align with requirements for Curator 8.0.x
|
2023-03-01 10:19:32 -05:00 |
|
Wes
|
6e0891e586
|
Update Curator configuration to align with requirements for Curator 8.0.x
|
2023-03-01 15:16:52 +00:00 |
|
 weslambertandGitHub
|
d4d67b545d
|
Merge pull request #9699 from Security-Onion-Solutions/fix/strelka_yara_exclusion
Add 'configured_vulns_ext_vars.yar' to exclusion list
|
2023-02-01 14:38:29 -05:00 |
|
 weslambertandGitHub
|
2dced35800
|
Add 'configured_vulns_ext_vars.yar' to exclusion list
|
2023-02-01 14:24:20 -05:00 |
|
 weslambertandGitHub
|
20d6ce1ce9
|
Merge pull request #9501 from Security-Onion-Solutions/fix/elasticsearch_ingest_pipeline_rita_beacon
Update RITA beacon parsing
|
2023-01-03 11:13:55 -05:00 |
|
Wes
|
bd114eb1c4
|
Update RITA beacon parsing
|
2023-01-03 16:01:35 +00:00 |
|
 weslambertandGitHub
|
a8456a4d65
|
Merge pull request #9369 from Security-Onion-Solutions/fix/sensoroni_analyzers_configuration_check
Fix localfile analyzer 'file_path' check and add new list value verification function for helpers
|
2022-12-13 11:47:10 -05:00 |
|
Wes
|
98a1fb96c2
|
Add test coverage for empty list value
|
2022-12-13 16:23:16 +00:00 |
|
Wes
|
874bbd2580
|
Remove extra whitespace
|
2022-12-13 16:02:46 +00:00 |
|
Wes
|
90dedbb841
|
Update tests to account for change in 'file_path' value verification
|
2022-12-13 15:58:35 +00:00 |
|
Wes
|
df5dd5fe28
|
Use new list verification function for 'file_path'
|
2022-12-13 15:57:43 +00:00 |
|
Wes
|
d5ab455485
|
Add new test for list value verification function
|
2022-12-13 15:56:58 +00:00 |
|
Wes
|
20b79b7ab0
|
Add new function to verify list value
|
2022-12-13 15:56:26 +00:00 |
|
 weslambertandGitHub
|
3d431eaba9
|
Merge pull request #9341 from Security-Onion-Solutions/fix/analyzers_localfile_file_path
Remove double quotes to fix issue with file path sourcing from 'localfile.py'
|
2022-12-08 16:49:29 -05:00 |
|
 weslambertandGitHub
|
f85fb5ecf9
|
Remove double quotes to fix issue with file path sourcing from 'localfile.py'
|
2022-12-08 16:35:24 -05:00 |
|
 weslambertandGitHub
|
6c8c8a2d8e
|
Merge pull request #9292 from Security-Onion-Solutions/fix/strelka_disable_yara_rules_causing_errors
Disable additional YARA rules that are causing compilation errors
|
2022-12-05 11:31:23 -05:00 |
|
 weslambertandGitHub
|
8bb3b22993
|
Disable additional YARA rules there are causing compilation errors
|
2022-12-05 11:30:22 -05:00 |
|
 weslambertandGitHub
|
4311d5135b
|
Merge pull request #9269 from Security-Onion-Solutions/fix/zeek_scripts_bzar_remove_by_default
Don't load BZAR script(s) by default
|
2022-12-02 11:02:07 -05:00 |
|
 weslambertandGitHub
|
2b2d39c869
|
Don't load BZAR script(s) by default
|
2022-12-02 10:46:45 -05:00 |
|
 weslambertandGitHub
|
f1f611cede
|
Merge pull request #9256 from Security-Onion-Solutions/fix/ics_ingest_pipelines_bsap_node_status
Change 'bsap.node.status.byte' to 'bsap.node.status_byte'
|
2022-11-30 13:04:39 -05:00 |
|
 weslambertandGitHub
|
5988c12773
|
Change 'bsap.node.status.byte' to 'bsap.node.status_byte'
|
2022-11-30 13:01:30 -05:00 |
|
 weslambertandGitHub
|
93e0ec8696
|
Merge pull request #9249 from Security-Onion-Solutions/fix/ics_ingest_pipelines_additional_field_renames
More ICS Field Name Updates
|
2022-11-30 10:26:36 -05:00 |
|
Wes
|
8f0547beda
|
Change 'bsap.node.status_byte' to 'bsap.node_status_byte'.
|
2022-11-30 15:24:53 +00:00 |
|
Wes
|
6cb4c02200
|
More field updates
|
2022-11-30 15:22:02 +00:00 |
|
 weslambertandGitHub
|
8c54c44690
|
Merge pull request #9248 from Security-Onion-Solutions/fix/ics_ingest_pipelines_additional_field_renames
Additional ICS field renames and updates
|
2022-11-30 10:09:44 -05:00 |
|
Wes
|
5d72f8d55a
|
Additional field renames and updates
|
2022-11-30 15:01:41 +00:00 |
|
 weslambertandGitHub
|
86cfac4983
|
Merge pull request #9241 from Security-Onion-Solutions/fix/ics_pipelines_field_renames
ICS Pipelines - Various Field Renames
|
2022-11-29 17:23:34 -05:00 |
|
Wes
|
e00a80feb4
|
Use native link_id naming scheme for now
|
2022-11-29 22:05:37 +00:00 |
|
Wes
|
e8e39a7105
|
Various field renames
|
2022-11-29 21:32:05 +00:00 |
|
Wes
|
13ea44db95
|
Use native 'is_orig' since we are already using that field name for other logs
|
2022-11-29 21:21:41 +00:00 |
|
 weslambertandGitHub
|
7f4f1397e7
|
Merge pull request #9240 from Security-Onion-Solutions/fix/add_s7comm_upload_download_ingest_pipeline
Add Zeek s7comm upload download ingest pipeline
|
2022-11-29 15:00:26 -05:00 |
|
Wes
|
5db3e22363
|
Add s7comm_upload_download references in various places
|
2022-11-29 19:58:18 +00:00 |
|
Wes
|
6fe2857ba5
|
Add Zeek s7comm_upload_download ingest pipeline
|
2022-11-29 19:45:56 +00:00 |
|
 weslambertandGitHub
|
56b0bae089
|
Merge pull request #9238 from Security-Onion-Solutions/fix/opcua_encoding_mask_format
Fix OP CUA Encoding Mask Format and Ensure Connection State Is Populated Before Assessing Its Value
|
2022-11-29 14:16:03 -05:00 |
|
 weslambertandGitHub
|
f947e501cb
|
Add space per request
|
2022-11-29 14:14:37 -05:00 |
|
 weslambertandGitHub
|
ff8bbc399f
|
Add space per request
|
2022-11-29 14:14:08 -05:00 |
|
 weslambertandGitHub
|
80226a27cc
|
Add space per request
|
2022-11-29 14:13:41 -05:00 |
|
 weslambertandGitHub
|
266207cc18
|
Add space per request
|
2022-11-29 14:12:52 -05:00 |
|
 weslambertandGitHub
|
5255c120c5
|
Add space per request
|
2022-11-29 14:11:20 -05:00 |
|
Wes
|
d44f8e495b
|
Check if connection.state is populated before trying to assess its value
|
2022-11-29 19:00:47 +00:00 |
|
Wes
|
13a8cbdabb
|
Add convert processor for opcua.encoding_mask
|
2022-11-29 18:59:30 +00:00 |
|
 weslambertandGitHub
|
82317656b1
|
Merge pull request #9235 from Security-Onion-Solutions/fix/mobus_read_write_multiple_registers_pipeline_failure_resolution
Change 'write' to 'read' to correct name and avoid pipeline failure
|
2022-11-29 12:56:05 -05:00 |
|
 weslambertandGitHub
|
1cc5961c07
|
Change 'write' to 'read' to correct name and avoid pipeline failure
|
2022-11-29 12:54:55 -05:00 |
|
 weslambertandGitHub
|
220e998b45
|
Merge pull request #9234 from Security-Onion-Solutions/fix/add_dnp3_control_ingest_pipeline
Add 'zeek.dnp3_control' ingest pipeline
|
2022-11-29 12:29:44 -05:00 |
|
Wes
|
16cd1080be
|
Add dnp3_control reference in various places
|
2022-11-29 17:23:37 +00:00 |
|
Wes
|
5db643e53b
|
Add Zeek dnp3_control ingest pipeline
|
2022-11-29 17:18:24 +00:00 |
|
 weslambertandGitHub
|
745cdef538
|
Merge pull request #9232 from Security-Onion-Solutions/fix/filebeat_ics_tag_bsap
Add 'ics' tag for 'bsap'-prefixed events/logs
|
2022-11-29 11:37:18 -05:00 |
|
 weslambertandGitHub
|
aa767b8dc1
|
Add 'ics' tag for 'bsap'-prefixed events/logs
|
2022-11-29 11:27:41 -05:00 |
|
 weslambertandGitHub
|
13827f3be5
|
Merge pull request #9209 from Security-Onion-Solutions/fix/add_missing_opcua_activate_session_pipelines
Add Missing OPCUA Activate Session Pipelines
|
2022-11-22 16:01:33 -05:00 |
|
 weslambertandGitHub
|
3a64362887
|
Remove extra space used during testing
|
2022-11-22 15:47:16 -05:00 |
|
Wes
|
e77a60bcbf
|
Add missing OPCUA 'activate_session' pipelines
|
2022-11-22 20:44:48 +00:00 |
|
 weslambertandGitHub
|
e560edf493
|
Merge pull request #9206 from Security-Onion-Solutions/fix/ingest_typos
Fix spelling of 'wireguard.responses' field name
|
2022-11-22 15:35:55 -05:00 |
|
 weslambertandGitHub
|
3c054fd133
|
Fix spelling of 'wireguard.responses' field name
|
2022-11-22 13:02:43 -05:00 |
|
 weslambertandGitHub
|
0bbe642d20
|
Merge pull request #9203 from Security-Onion-Solutions/fix/ics_ingest_field_names
Fix ICS Ingest Field Names
|
2022-11-22 12:30:10 -05:00 |
|
 weslambertandGitHub
|
8e17c23659
|
Fix format/speliing for 'enip.status_code' field name
|
2022-11-22 12:05:03 -05:00 |
|
 weslambertandGitHub
|
92170941f0
|
Fix spelling for 'stun.class' field name
|
2022-11-22 12:04:07 -05:00 |
|
 weslambertandGitHub
|
2170d498c5
|
Merge pull request #9195 from Security-Onion-Solutions/fix/missing_ics_pipelines
Add COTP and TDS ingest pipelines
|
2022-11-22 08:44:02 -05:00 |
|
Wes
|
95a6f9aa7d
|
Add COTP and TDS ingest pipelines
|
2022-11-22 13:35:19 +00:00 |
|
 weslambertandGitHub
|
ba65b351a2
|
Merge pull request #9193 from Security-Onion-Solutions/fix/ics_tag_syntax_error
Fix syntax error for 'ics' tag logic
|
2022-11-22 07:32:40 -05:00 |
|
 weslambertandGitHub
|
4c09c8856b
|
Fix syntax error for 'ics' tag logic
|
2022-11-22 07:23:56 -05:00 |
|
 weslambertandGitHub
|
3afa8bd9da
|
Merge pull request #9188 from Security-Onion-Solutions/feature/filebeat_config_ics_event_tag
Add 'ics' tag to events generated from ICS protocol logs
|
2022-11-21 17:06:25 -05:00 |
|
 weslambertandGitHub
|
72eccd2649
|
Fix indentation
|
2022-11-21 17:01:16 -05:00 |
|
 weslambertandGitHub
|
310ea633b6
|
Add 'ics' tag to events generated from ICS protocol logs
|
2022-11-21 16:43:43 -05:00 |
|
 weslambertandGitHub
|
089b403a3b
|
Merge pull request #9166 from Security-Onion-Solutions/foxtrot
Merge final protocol analyzers into dev
|
2022-11-18 08:41:43 -05:00 |
|
 weslambertandGitHub
|
78bc2a95e5
|
Add icsnpp-bsap to enabled plugins
|
2022-11-17 11:20:24 -05:00 |
|
 weslambertandGitHub
|
5bb0e6e8c0
|
Merge pull request #9160 from Security-Onion-Solutions/feature/additional_ics_scada_ingest_node_pipelines
Add additional ICS/SCADA ingest node pipelines
|
2022-11-17 11:18:15 -05:00 |
|
Wes
|
a278194037
|
Add additional ICS/SCADA ingest node pipelines
|
2022-11-17 16:16:33 +00:00 |
|
 weslambertandGitHub
|
7319cb07e2
|
Merge pull request #9153 from Security-Onion-Solutions/fix/ics_scada_ingest_pipeline_updates_2_3
Update ingest node pipelines for ICS/SCADA protocols
|
2022-11-16 16:17:08 -05:00 |
|
Wes
|
35e131b888
|
Update ingest node pipelines for ICS/SCADA protocols
|
2022-11-16 21:09:30 +00:00 |
|
 weslambertandGitHub
|
8e4d0db738
|
Merge pull request #9002 from Security-Onion-Solutions/fix/remove_ja3er_references
Remove JA3er references
|
2022-10-26 10:21:54 -04:00 |
|