acc9b8062e
Remove Strelka container infrastructure
...
Removes all Strelka container salt states and infrastructure references,
replaced by the native fileanalyze module in sensoroni.
Removed:
- salt/strelka/ directory (all container states, configs, tools)
- Docker container definitions for 6 Strelka containers
- Firewall rules for strelka_frontend
- Container references in containers.map.jinja
- top.sls and allowed_states references to strelka/strelka.manager
- so-minion add_strelka_to_minion() function and call sites
- so-deny strelka_frontend entry
- Logstash strelka bind mount
- Logrotate strelka config
- Telegraf strelka file monitoring
- so-sensor-clean strelka cleanup
- so-image-common strelka container images
Kept (still needed):
- Elasticsearch index/ingest pipeline (ingests fileanalyze output)
- Elastic agent/fleet log collection config
- SOC strelkaengine (YARA rule management)
- Kibana saved objects (dashboards)
2026-04-06 14:57:22 -04:00
74ad2990a7
Merge remote-tracking branch 'origin/3/dev' into delta
2026-03-18 13:05:02 -04:00
930985b770
update helpLink references for new documentation
2026-03-18 09:46:45 -04:00
4dc377c99f
DOCKER to DOCKERMERGED
2026-03-17 15:06:06 -04:00
afc14ec29d
Remove non-Oracle Linux 9 support from salt states
...
Simplifies salt states, map files, and modules to only support
Oracle Linux 9, removing all Debian/Ubuntu/CentOS/Rocky/AlmaLinux/RHEL
conditional branches.
2026-03-16 16:58:39 -04:00
62f04fa5dd
fix role check
2025-09-12 14:09:30 -04:00
4afc986f48
firewall and logstash pipeline for managerhype
2025-09-05 13:14:47 -04:00
baf0f7ba95
firewall allow hypervisor for managersearch and standalone
2025-08-12 14:08:15 -04:00
21bb325157
Merge remote-tracking branch 'origin/2.4/dev' into vlb2
2025-04-14 08:22:42 -04:00
96c56297ce
external access via user/pass
2025-04-09 22:08:13 -05:00
64f71143dc
fix docker fw rules managerhype
2025-03-31 15:51:32 -04:00
44a5b3b1e5
MANAGERHYPE setup is now complete!
2025-03-12 21:05:04 -04:00
b5276a6a1d
add hypervisor to firewall annotation
2025-02-25 04:41:59 -05:00
213df68d04
merge with 120 dev and fix conflicts
2025-01-23 10:56:48 -05:00
0197cdb33d
fix bridge forwarding on hypervisors bridge
2025-01-09 16:12:33 -05:00
feb700393e
merge with 2.4.120, fix merge conflicts
2024-10-25 15:09:38 -04:00
523ff66389
connect work
2024-10-16 13:44:01 -04:00
cac1539094
Add to firewall settings and annotations
2024-09-12 13:08:01 -04:00
9d2c5d54b0
hype changes
2024-08-07 10:43:53 -04:00
cfd6676583
update kafka firewall annotations config
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2024-08-06 14:40:53 -04:00
52e52f35f7
hyper setup init
2024-07-31 15:49:32 -04:00
ea771ed21b
update firewall
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2024-06-24 12:01:01 -04:00
824f852ed7
merge 2.4/dev
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2024-06-10 11:26:23 -04:00
4057238185
Update defaults.yaml
2024-06-07 15:33:49 -04:00
dbc56ffee7
Update defaults.yaml
2024-06-07 15:09:09 -04:00
876d860488
elastic agent should be able to communicate over 9092 for sending logs to kafka brokers
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2024-05-29 16:40:15 -04:00
e960ae66a3
Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka
2024-05-02 15:12:27 -04:00
84db82852c
annotation updates for custom settings
2024-04-30 15:14:56 -04:00
a6e8b25969
Add Kafka connectivity between manager - > receiver nodes.
...
Add connectivity to Kafka between other node types that may need to publish to Kafka.
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2024-04-29 15:48:57 -04:00
af53dcda1b
Remove references to kafkanode
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2024-04-11 15:32:00 -04:00
7a6b72ebac
add so-kafka to manager for firewall
2024-04-04 15:46:11 -04:00
1b8584d4bb
allow manager to manager on kafka ports
2024-04-03 15:36:35 -04:00
ed6137a76a
allow sensor and searchnode to connect to manager kafka ports
2024-04-03 10:24:10 -04:00
e25bc8efe4
Merge remote-tracking branch 'origin/reyesj2/kafka' into kaffytaffy
2024-04-02 13:36:47 -04:00
d7ecad4333
Initial cut to remove Playbook and deps
2024-03-25 19:42:31 -04:00
446f1ffdf5
merge 2.4/dev
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2024-03-25 13:55:48 -04:00
3eb6fe2df9
allow managersearch to receiver redis and 5644
2024-03-08 09:52:12 -05:00
2f03248612
use different nginx defaults for so-fleet node hosting artifacts
2024-01-31 16:25:09 -05:00
afa98fa147
update artifacts URL automatically
2024-01-28 14:20:52 -05:00
d203aec44a
Remove Curator
2023-12-08 19:37:06 +00:00
ab0e6f9bec
update broken help links in SOC Config
2023-12-06 14:35:51 -05:00
8cf29682bb
Update to merge in 2.4/dev
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2023-11-29 13:41:23 -05:00
86dc7cc804
Kafka init
...
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com >
2023-11-29 13:34:25 -05:00
4dc24b22c7
accept icmp on input chain
2023-10-10 10:51:59 -04:00
651393988a
Merge pull request #11255 from Security-Onion-Solutions/issue/10975
...
Issue/10975
2023-09-05 11:57:58 -04:00
07ed93de19
add elastic agent to desktop
2023-09-01 14:33:32 -04:00
765a22e6f0
Add so-elastic-agent
2023-09-01 11:31:23 -04:00
b010919099
add sensoroni, telegraf, common states to desktop. allow docker_registry connection to managers for desktop
2023-08-31 13:21:32 -04:00
60b0af5ab7
Allow external syslog
2023-08-30 13:05:30 +00:00
28dfdbf06d
securityonion_desktop is just desktop
2023-08-09 08:51:39 -04:00
Mike Reeves
Josh Patterson
Doug Burks
reyesj2
Jason Ertel
Mike Reeves
DefensiveDepth
Wes