CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,059 Commits 24 Branches 119 Tags
master
Commit Graph

408 Commits

Author SHA1 Message Date
Jason Ertel
3f35dc54d2 Disable actions on dashboards group-by tables 2022-05-09 11:44:39 -04:00
Jason Ertel
0786191fc9 Add dashboard ref to soc.json 2022-05-06 15:16:27 -04:00
Jason Ertel
105c95909c Dashboard queries 2022-05-04 19:32:06 -04:00
Jason Ertel
deb9b0e5ef Add analyze feature 2022-03-28 15:53:24 -04:00
Doug Burks
9bf0265cea Merge pull request #7566 from Security-Onion-Solutions/feature/hunt-soc-auth 
FEATURE: Add new Hunt query for SOC logins #7327
 2022-03-15 10:58:40 -04:00
Doug Burks
eec44a6b02 Add a SOC Auth query to hunt.queries.json 2022-03-15 10:38:46 -04:00
Doug Burks
d1e1887e36 Add support for Kratos audit logs in hunt.eventfields.json 2022-03-15 10:37:58 -04:00
Mike Reeves
9c80ff4f65 Remove hive from more files 2022-03-15 09:37:58 -04:00
Jason Ertel
5a28725def Add assignee to case list 2022-03-14 08:45:28 -04:00
weslambert
65f998d6f7 Remove process.name.keyword for future-proofing 2022-03-08 12:44:51 -05:00
weslambert
f71ccadb8a Change to label fields for Zeek syslog 2022-03-04 16:29:55 -05:00
Jason Ertel
14c587fca2 Add new abbreviated result limit param 2022-01-27 15:51:02 -05:00
Jason Ertel
eefcc929c2 Update copyright pattern to match other repos 2022-01-24 10:09:23 -05:00
Jason Ertel
a4d2807fbb Switch to httpcase for consistency 2022-01-24 09:45:07 -05:00
Jason Ertel
dc44a91398 Prefix all SO fields to avoid potential conflicts with future ECS changes 2022-01-19 14:26:22 -05:00
Jason Ertel
a63787daba Merge pull request #6864 from Security-Onion-Solutions/kilo 
Add default queries for cases to show user's assigned cases
 2022-01-13 17:15:02 -05:00
Jason Ertel
6b0b7245f0 Add default queries for cases to show user's assigned cases 2022-01-13 17:10:08 -05:00
m0duspwnens
06c0cebb26 merge with dev 2022-01-13 09:44:26 -05:00
Mike Reeves
1d94e3ac69 Fix some formatting 2022-01-12 09:38:22 -05:00
m0duspwnens
716c98ec61 requires and ordering for socusersroles state 2022-01-10 14:39:00 -05:00
Jason Ertel
66c9e20c6a Add wilcards for CCS compatibility 2022-01-07 15:57:08 -05:00
Jason Ertel
9ef83da23f Add case exclusion toggle to Hunt to avoid hunt results getting case data hits unintentionally 2022-01-07 12:58:35 -05:00
Jason Ertel
4f8524e0ac Prevent PCAP action from showing up outside of hunt/alerts 2022-01-05 11:13:12 -05:00
Jason Ertel
4bfdfffe21 Switch soc.json to use lowercase labels in default queries; Also enable the 'Add Case' feature 2022-01-05 09:54:13 -05:00
Jason Ertel
e6051cb653 Switch all presets to lowercase for uniformity 2021-12-29 16:42:34 -05:00
Jason Ertel
fb02d0d35c clarify case filters 2021-12-29 11:07:36 -05:00
Jason Ertel
e5110ac4e8 Use CCS compatible index 2021-12-29 09:08:10 -05:00
Jason Ertel
5a4473ecd6 fix indent 2021-12-28 08:33:31 -05:00
Jason Ertel
f335670b3f Add new client-side param for cases 2021-12-27 21:53:30 -05:00
Jason Ertel
194e4119f0 Correct missing json vars 2021-12-27 20:36:28 -05:00
Jason Ertel
09626deb05 Correct var names for jinja 2021-12-27 18:01:15 -05:00
Jason Ertel
ae7a4b6528 More syntax corrections 2021-12-27 16:18:12 -05:00
Jason Ertel
0a255e5765 Resolve syntax error 2021-12-27 15:15:33 -05:00
Jason Ertel
789719d25e Correct preset file syntax 2021-12-27 13:21:13 -05:00
Jason Ertel
7140255d95 Add missing presets file 2021-12-27 12:27:04 -05:00
Jason Ertel
ab3319b472 Add artifact support 2021-12-27 10:49:10 -05:00
Jason Ertel
d4f395b7f4 Fix query name for open cases 2021-12-15 20:02:35 -05:00
Jason Ertel
2761662eb9 Add status presets 2021-12-09 13:09:56 -05:00
Jason Ertel
a9b7b9ee92 Jinjafy case params 2021-12-08 17:41:48 -05:00
Jason Ertel
b73eb76c94 Make case module dynamic 2021-12-07 11:51:02 -05:00
m0duspwnens
cd1f0c0440 break kratos state out from soc state 2021-11-18 09:10:00 -05:00
weslambert
9ac1cb0e76 Fix spelling 2021-11-12 21:12:09 -05:00
weslambert
3cd1b5687e Make pivot condition independent for ENDGAMEHOST 2021-11-12 12:06:39 -05:00
m0duspwnens
6bf4d5a576 https://github.com/Security-Onion-Solutions/securityonion/issues/6206 2021-11-12 11:37:55 -05:00
m0duspwnens
928aed27c5 require files before starting soc or kratos 2021-10-20 17:04:02 -04:00
Wes Lambert
032373187c Allow setting ES index patterns for SOC in pillar 2021-10-15 16:02:53 +00:00
Wes Lambert
15049f44b9 Add EG pivot 2021-10-14 15:15:23 +00:00
Wes Lambert
5ee0ea3fe7 Allow SOC actions to use Jinja 2021-10-14 13:59:55 +00:00
Jason Ertel
d21dee162d Add Note field to user traits; Enforce max length restrictions on email, firstname, lastname, and note fields 2021-10-08 12:39:17 -04:00
Jason Ertel
30e781d076 Use user ID instead of email as role master 2021-09-17 17:54:38 -04:00