acc9b8062e
Remove Strelka container infrastructure
...
Removes all Strelka container salt states and infrastructure references,
replaced by the native fileanalyze module in sensoroni.
Removed:
- salt/strelka/ directory (all container states, configs, tools)
- Docker container definitions for 6 Strelka containers
- Firewall rules for strelka_frontend
- Container references in containers.map.jinja
- top.sls and allowed_states references to strelka/strelka.manager
- so-minion add_strelka_to_minion() function and call sites
- so-deny strelka_frontend entry
- Logstash strelka bind mount
- Logrotate strelka config
- Telegraf strelka file monitoring
- so-sensor-clean strelka cleanup
- so-image-common strelka container images
Kept (still needed):
- Elasticsearch index/ingest pipeline (ingests fileanalyze output)
- Elastic agent/fleet log collection config
- SOC strelkaengine (YARA rule management)
- Kibana saved objects (dashboards)
2026-04-06 14:57:22 -04:00
c6c538363d
Add fileanalyze module salt configuration
...
Adds sensoroni agent configuration for the new fileanalyze module
that replaces the Strelka file analysis containers:
- defaults.yaml: default config values (watchDirs, concurrency, dedup, etc.)
- sensoroni.json: Jinja2 template to render module config when enabled
- soc_sensoroni.yaml: SOC config schema with descriptions for all settings
2026-04-06 14:12:48 -04:00
5b3ca98b80
Fix JA4+ license link in soc_zeek.yaml
...
Updated the license link in the JA4+ fingerprinting description.
2026-04-06 10:12:37 -04:00
c91deb97b1
Update SOUP_BRANCH to use 3/main instead of 2.4/main
2026-03-31 15:07:23 -04:00
c7e865aa1c
Remove hardcoded index
2026-03-30 12:42:48 -04:00
922c008b11
ensure bool sliders soc
2026-03-27 15:02:54 -04:00
0a55592d7e
Make AI adapter settings visible
...
Changed 'advanced' field from True to False for AI adapters and available models.
2026-03-26 09:37:39 -04:00
9e53bd3f2d
update yara template
2026-03-24 15:56:26 -04:00
1f9bf45b66
Lowercase network transport
2026-03-24 11:24:59 -04:00
d4ac352b5a
Enable clean option for Zeek configuration
2026-03-24 09:54:49 -04:00
afcef1d0e7
Merge pull request #15661 from Security-Onion-Solutions/reyesj2-361
...
update stig profile v1r3
2026-03-23 18:09:33 -05:00
91b164b728
Merge pull request #15665 from Security-Onion-Solutions/delta
...
allow negation in suricata address-group vars
2026-03-23 17:34:21 -04:00
6a4501241d
allow negation in suricata address-group vars
2026-03-23 17:24:12 -04:00
7300513636
Remove hardcoded path
2026-03-23 16:26:56 -04:00
67162357a3
update stig profile v1r3
2026-03-23 14:04:48 -05:00
8ea97e4af3
Merge pull request #15658 from Security-Onion-Solutions/jertel/wip
...
do not attempt to redirect to a source map after login
2026-03-23 09:55:31 -04:00
2f9a2e15b3
do not attempt to redirect to a source map after login
2026-03-23 09:48:06 -04:00
165e69cd11
Add support for websockets
2026-03-23 07:52:36 -04:00
f0f9de4b44
add status updates for pillar conversions
2026-03-20 16:12:10 -04:00
e857a8487a
convert suricata pillar data yes/no to true/false
2026-03-20 15:35:44 -04:00
2186872317
update telegraf lower true/false
2026-03-20 09:19:22 -04:00
6e3986b0b0
set community-id annotation to advanced
2026-03-19 17:37:40 -04:00
2585bdd23f
add more description to checksum-checks
2026-03-19 17:30:47 -04:00
ca588d2e78
new elastalert options advanced
2026-03-19 17:19:42 -04:00
f756ecb396
remove quotes from suricata af-packet config
2026-03-19 17:14:55 -04:00
82107f00a1
afpacket:checksum-checks yes/no options instead of true/false
2026-03-19 16:57:42 -04:00
5c53244b54
convert suricata config yes/no to true/false
2026-03-19 16:41:17 -04:00
3b269e8b82
Merge remote-tracking branch 'origin/3/dev' into delta
2026-03-19 15:14:06 -04:00
7ece93d7e0
ensure bool sliders telegraf
2026-03-19 15:12:47 -04:00
14d254e81b
ensure bool sliders suricata
2026-03-19 15:02:45 -04:00
7af6efda1e
ensure bool sliders strelka
2026-03-19 14:46:49 -04:00
ce972238fe
ensure bool sliders sensoroni
2026-03-19 14:41:49 -04:00
442bd1499d
ensure bool sliders for patch
2026-03-19 14:39:10 -04:00
30ea309dff
ensure bool sliders for manager
2026-03-19 14:36:36 -04:00
bfeefeea2f
ensure bool sliders for kratos
2026-03-19 14:36:05 -04:00
8251d56a96
ensure bool sliders for kibana
2026-03-19 14:24:13 -04:00
1b1e602716
ensure bool sliders for influxdb
2026-03-19 14:16:37 -04:00
034b1d045b
ensure bool sliders for idh
2026-03-19 14:00:20 -04:00
20bf88b338
ensure bool sliders for elasticsearch
2026-03-19 13:52:40 -04:00
d3f819017b
ensure bool sliders for elasticfleet config options
2026-03-19 13:13:26 -04:00
c92aedfff3
ensure bool sliders for elastalert config options
2026-03-19 13:06:32 -04:00
d3938b61d2
ja4plus nest enabled under ja4plus key for defaults
2026-03-19 12:39:37 -04:00
c2c5aea244
ensure bool sliders for each state:enabled annotation
2026-03-19 12:35:38 -04:00
83b7fecbbc
ja4plus cleanup
2026-03-19 11:12:24 -04:00
d227cf71c8
ja4plus cleanup
2026-03-19 11:01:40 -04:00
cceaebe350
remove restriction of mmap locked on suricata ulimits
2026-03-19 09:42:39 -04:00
a982056363
Merge remote-tracking branch 'origin/3/dev' into delta
2026-03-18 15:45:15 -04:00
db81834e06
fix indentation to match prior indentation
2026-03-18 15:44:49 -04:00
318e4ec54b
Merge pull request #15643 from Security-Onion-Solutions/jertel/wip
...
fix casing to match annotation docs
2026-03-18 15:36:47 -04:00
4254769e68
Merge remote-tracking branch 'origin/3/dev' into delta
2026-03-18 15:32:52 -04:00
Mike Reeves
Mike Reeves
Josh Brower
Josh Patterson
Jorge Reyes
Jason Ertel
Jason Ertel