CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-14 22:28:43 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,968 Commits 33 Branches 127 Tags
feature/strelka-replacement
Commit Graph

98 Commits

Author SHA1 Message Date
Mike Reeves acc9b8062e Remove Strelka container infrastructure 
Removes all Strelka container salt states and infrastructure references,
replaced by the native fileanalyze module in sensoroni.

Removed:
- salt/strelka/ directory (all container states, configs, tools)
- Docker container definitions for 6 Strelka containers
- Firewall rules for strelka_frontend
- Container references in containers.map.jinja
- top.sls and allowed_states references to strelka/strelka.manager
- so-minion add_strelka_to_minion() function and call sites
- so-deny strelka_frontend entry
- Logstash strelka bind mount
- Logrotate strelka config
- Telegraf strelka file monitoring
- so-sensor-clean strelka cleanup
- so-image-common strelka container images

Kept (still needed):
- Elasticsearch index/ingest pipeline (ingests fileanalyze output)
- Elastic agent/fleet log collection config
- SOC strelkaengine (YARA rule management)
- Kibana saved objects (dashboards)
 2026-04-06 14:57:22 -04:00
Jason Ertel 71839bc87f remove steno 2026-03-06 15:45:36 -05:00
Josh Patterson 627f0c2bcc allow logstash.ssl state for so-import 2026-01-20 11:58:31 -05:00
Josh Patterson 1234cbd04b allow logstash.ssl on so-eval 2026-01-20 09:30:32 -05:00
Josh Patterson 9878d9d37e handle steno ca certs directory properly 2025-12-12 19:07:00 -05:00
Josh Patterson 38f38e2789 fix allowed states for ca 2025-12-12 18:23:29 -05:00
Josh Patterson 9960db200c Merge remote-tracking branch 'origin/2.4/dev' into bravo 2025-12-11 17:30:43 -05:00
Josh Patterson b9ff1704b0 the great ssl refactor 2025-12-11 17:30:06 -05:00
DefensiveDepth 1b55642c86 Refactor rules location 2025-11-18 09:58:14 -05:00
DefensiveDepth ded520c2c1 Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor 2025-09-17 10:42:43 -04:00
DefensiveDepth a77157391c remove idstools 2025-09-17 10:42:05 -04:00
reyesj2 24be2f869b enable stig on fleet nodes 2025-08-20 12:08:50 -05:00
Josh Patterson 5035ec2539 allow libvirt states 2025-06-30 11:21:45 -04:00
Josh Patterson b93c6c0270 allow standalone and managersearch to run salt.cloud state 2025-06-30 09:51:40 -04:00
Josh Patterson 05dfce62fb corrections to allowed_states 2025-05-28 13:34:17 -04:00
Josh Patterson 44a5b3b1e5 MANAGERHYPE setup is now complete! 2025-03-12 21:05:04 -04:00
m0duspwnens 213df68d04 merge with 120 dev and fix conflicts 2025-01-23 10:56:48 -05:00
m0duspwnens 24eadf2507 add libvirt state to highstate for hypervisor. update allowed_states for libvirt 2025-01-16 17:46:20 -05:00
m0duspwnens 01ac1cdcca check features and allowed/states 2025-01-15 14:13:12 -05:00
m0duspwnens feb700393e merge with 2.4.120, fix merge conflicts 2024-10-25 15:09:38 -04:00
Jason Ertel 523ff66389 connect work 2024-10-16 13:44:01 -04:00
reyesj2 385054b7b8 enable stig for so desktop 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-09-18 14:18:47 -04:00
m0duspwnens a28ac3bee6 virt 2024-08-09 11:53:07 -04:00
m0duspwnens 9d2c5d54b0 hype changes 2024-08-07 10:43:53 -04:00
reyesj2 cfe5c1d76a remove elasticsearch.ca from receiver allowed_states. Replaced by generated kafka trust 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-10 13:24:02 -04:00
reyesj2 d791b23838 Generate new Kafka truststore 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-10 11:29:09 -04:00
reyesj2 268dcbe00b update receiver node allowed states 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-18 15:44:51 -04:00
reyesj2 2ad87bf1fe merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-08 16:30:45 -04:00
Wes 5aa611302a Handle YARA rules for distributed deployments 2024-05-06 19:08:01 +00:00
m0duspwnens c014508519 need /opt/so/conf/ca/cacerts on receiver for kafka to run 2024-04-12 13:50:25 -04:00
m0duspwnens a54a72c269 move kafka_cluster_id to kafka:cluster_id 2024-04-12 11:19:20 -04:00
m0duspwnens 780ad9eb10 add kafka to manager nodes 2024-04-02 15:50:25 -04:00
m0duspwnens e25bc8efe4 Merge remote-tracking branch 'origin/reyesj2/kafka' into kaffytaffy 2024-04-02 13:36:47 -04:00
DefensiveDepth d7ecad4333 Initial cut to remove Playbook and deps 2024-03-25 19:42:31 -04:00
reyesj2 446f1ffdf5 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-03-25 13:55:48 -04:00
Josh Brower 1847e5c3c0 Enable nginx on Fleet Node 2024-01-28 11:37:18 -05:00
reyesj2 a73d78300a Add initial stig state 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-15 21:17:17 -05:00
Wes d203aec44a Remove Curator 2023-12-08 19:37:06 +00:00
reyesj2 8cf29682bb Update to merge in 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2023-11-29 13:41:23 -05:00
reyesj2 86dc7cc804 Kafka init 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2023-11-29 13:34:25 -05:00
m0duspwnens 490669d378 add ssl to desktop for allowed_states 2023-09-01 12:03:01 -04:00
m0duspwnens 0fb00d569e allow states for desktop. give all nodes docker_clean, order it last 2023-09-01 09:39:39 -04:00
Mike Reeves 6adef20a06 Fix the rest of the analyst entries 2023-06-26 16:26:55 -04:00
Mike Reeves cb8faf7c5f Fix the rest of the analyst entries 2023-06-26 16:14:04 -04:00
Josh Brower d0d7ab57ca Add Elastic Agent container for Heavy Nodes 2023-06-22 16:02:17 -04:00
m0duspwnens c74b440922 configure and enable/disable curator in ui 2023-05-11 10:17:28 -04:00
m0duspwnens 4e4034e054 cleanup strelka in top and allowed_states 2023-05-10 15:59:10 -04:00
m0duspwnens 02e1a29f0c configure redis in ui 2023-05-10 11:54:21 -04:00
m0duspwnens a0ce46e702 enable/disable logstash in ui 2023-05-10 11:16:03 -04:00
m0duspwnens ec7bcd9b0c enabled/disable kibana in ui 2023-05-09 16:46:48 -04:00