acc9b8062e
Remove Strelka container infrastructure
...
Removes all Strelka container salt states and infrastructure references,
replaced by the native fileanalyze module in sensoroni.
Removed:
- salt/strelka/ directory (all container states, configs, tools)
- Docker container definitions for 6 Strelka containers
- Firewall rules for strelka_frontend
- Container references in containers.map.jinja
- top.sls and allowed_states references to strelka/strelka.manager
- so-minion add_strelka_to_minion() function and call sites
- so-deny strelka_frontend entry
- Logstash strelka bind mount
- Logrotate strelka config
- Telegraf strelka file monitoring
- so-sensor-clean strelka cleanup
- so-image-common strelka container images
Kept (still needed):
- Elasticsearch index/ingest pipeline (ingests fileanalyze output)
- Elastic agent/fleet log collection config
- SOC strelkaengine (YARA rule management)
- Kibana saved objects (dashboards)
2026-04-06 14:57:22 -04:00
74ad2990a7
Merge remote-tracking branch 'origin/3/dev' into delta
2026-03-18 13:05:02 -04:00
20c4da50b1
Merge pull request #15632 from Security-Onion-Solutions/reyesj2-15601
...
fix global override settings affecting non-data stream indices
2026-03-18 10:51:17 -05:00
83bd8a025c
ignore redis restart warning in logstash log
2026-03-18 10:59:20 -04:00
d6263812a6
move daemon.json to docker/files
2026-03-17 15:09:09 -04:00
1a943aefc5
rollover datastreams to get latest index templates + remove existing ilm policies from so-case / so-detection indices
2026-03-17 13:49:20 -05:00
744d8fdd5e
Merge pull request #15620 from Security-Onion-Solutions/mreeves/remove-non-oracle9-salt
...
Remove non-Oracle Linux 9 support from salt states
2026-03-16 17:10:24 -04:00
afc14ec29d
Remove non-Oracle Linux 9 support from salt states
...
Simplifies salt states, map files, and modules to only support
Oracle Linux 9, removing all Debian/Ubuntu/CentOS/Rocky/AlmaLinux/RHEL
conditional branches.
2026-03-16 16:58:39 -04:00
59134c65d0
Merge pull request #15619 from Security-Onion-Solutions/mreeves/remove-non-oracle9-support
...
Remove support for non-Oracle Linux 9 operating systems
2026-03-16 16:55:59 -04:00
d2cee468a0
Remove support for non-Oracle Linux 9 operating systems
...
Security Onion now exclusively supports Oracle Linux 9. This removes
detection, setup, and update logic for Ubuntu, Debian, CentOS, Rocky,
AlmaLinux, and RHEL.
2026-03-16 16:44:07 -04:00
94f454c311
cleanup file.absent
2026-03-16 15:57:15 -04:00
75cddbf444
set container ulimits to default
2026-03-11 14:46:29 -04:00
7f07c96a2f
pcapout still used for extracts
2026-03-09 14:58:27 -04:00
e8adea3022
restore pcapout since it's still used
2026-03-07 08:20:08 -05:00
71839bc87f
remove steno
2026-03-06 15:45:36 -05:00
2c4d833a5b
update 2.4 references to 3
2026-03-05 11:05:19 -05:00
863276e24f
Merge pull request #15539 from Security-Onion-Solutions/jertel/wip
...
prepare for nextgen docs
2026-02-27 13:18:47 -05:00
9bd5e1897a
prepare for nextgen docs
2026-02-27 13:09:55 -05:00
78ae6cd84c
upgrade docker
2026-02-20 12:29:23 -05:00
6ce6eb95d6
use existing retry
2026-01-29 15:54:36 -06:00
b3d1dd51a4
initialize specific indices as needed
2026-01-29 15:41:39 -06:00
6b1939b827
exclude known issues with 3 integrations
2026-01-27 12:59:17 -06:00
55b3fa389e
no dates
2026-01-23 16:33:22 -06:00
b3ae716929
ignore kratos file mapping error
2026-01-23 16:31:30 -06:00
f6bde3eb04
remove double logging
2026-01-20 11:56:31 -05:00
a192455fae
Merge remote-tracking branch 'origin/2.4/dev' into bravo
2026-01-19 17:17:58 -05:00
d430ed6727
false positive
2026-01-15 15:25:28 -06:00
349d77ffdf
exclude kafka restart error
2026-01-15 14:43:57 -06:00
152f2e03f1
Merge remote-tracking branch 'origin/2.4/dev' into bravo
2026-01-06 15:15:30 -05:00
2d705e7caa
exempt kratos online check
2026-01-06 09:47:35 -05:00
9878d9d37e
handle steno ca certs directory properly
2025-12-12 19:07:00 -05:00
1475f0fc2f
timestamp logging for wait_for_salt_minion
2025-12-12 16:30:42 -05:00
8158fee8fc
change how we determine if the salt-minion is ready
2025-12-12 15:24:47 -05:00
f15a39c153
Add historical hashes
2025-12-03 11:24:04 -05:00
9a6ff75793
Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor
2025-11-12 08:51:51 -05:00
e3972dc5af
Merge remote-tracking branch 'origin/2.4/dev' into bravo
2025-11-10 13:28:42 -05:00
274295bc97
return exit codes
2025-11-07 17:39:13 -05:00
a84df14137
rename forward node -> sensor node
2025-11-06 15:23:55 -06:00
2f6fb717c1
Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor
2025-11-06 10:38:37 -05:00
635545630b
strelka use single master image
2025-11-03 09:36:46 -06:00
1949be90c2
allow to preserve files
2025-10-29 16:49:59 -04:00
dca38c286a
Merge pull request #15137 from Security-Onion-Solutions/amv
...
allow user to create VMs that mount virtual disk for /nsm. new nsm_total grain
2025-10-14 11:25:57 -04:00
1c5a72ee85
Merge pull request #15124 from Security-Onion-Solutions/reyesj2/es-8188
...
ignore error for elastic-fleet agent
2025-10-08 14:13:46 -05:00
8a8ea04088
ignore error for elastic-fleet agent
2025-10-08 14:01:18 -05:00
4ab4264f77
merge
2025-10-07 12:26:58 -04:00
ac0d6c57e1
create common.grains state and nsm_total grain
2025-10-06 11:52:35 -04:00
030e4961d7
updates for wiretap lib
2025-10-01 12:13:56 -04:00
c92dc580a2
centralize MINION_ROLE lookup_role
2025-09-19 13:17:52 -05:00
d03dd7ac2d
check for oom kill only in the last 24 hours
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2025-09-19 11:32:13 -05:00
c9db52433f
add oom check to so-log-check
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2025-09-19 11:08:42 -05:00
Mike Reeves
Josh Patterson
Jorge Reyes
Jason Ertel
Jason Ertel
DefensiveDepth