CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 01:02:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,059 Commits 24 Branches 119 Tags
master
Commit Graph

6512 Commits

Author SHA1 Message Date
Wes
98a1fb96c2 Add test coverage for empty list value 2022-12-13 16:23:16 +00:00
Wes
874bbd2580 Remove extra whitespace 2022-12-13 16:02:46 +00:00
Wes
90dedbb841 Update tests to account for change in 'file_path' value verification 2022-12-13 15:58:35 +00:00
Wes
df5dd5fe28 Use new list verification function for 'file_path' 2022-12-13 15:57:43 +00:00
Wes
d5ab455485 Add new test for list value verification function 2022-12-13 15:56:58 +00:00
Wes
20b79b7ab0 Add new function to verify list value 2022-12-13 15:56:26 +00:00
Jason Ertel
d7dd2d2ef8 Upgrade ES to 8.5.3 2022-12-12 13:43:28 -05:00
weslambert
f85fb5ecf9 Remove double quotes to fix issue with file path sourcing from 'localfile.py' 2022-12-08 16:35:24 -05:00
Jason Ertel
d48d473f43 Switch back to older style redirect due to incompatibility with Ub 18 2022-12-07 14:06:24 -05:00
Jason Ertel
225b7e359c Use original style due to pgrep conflict with cron 2022-12-07 11:53:42 -05:00
Jason Ertel
7b05627d5c Suricata support for filecheck; reduce cron noise 2022-12-07 07:58:32 -05:00
Mike Reeves
f0c3b876a9 Update init.sls 2022-12-06 13:35:03 -05:00
Mike Reeves
531423f49a Update init.sls 2022-12-06 13:25:03 -05:00
Jason Ertel
0dd2e51e83 Ensure Suricata move events get picked up 2022-12-06 11:39:58 -05:00
weslambert
8bb3b22993 Disable additional YARA rules there are causing compilation errors 2022-12-05 11:30:22 -05:00
Jason Ertel
69c5a9dd90 ensure tmp files are not processed 2022-12-05 10:31:09 -05:00
Jason Ertel
86c31c129a add suricata to socore group 2022-12-05 10:27:42 -05:00
Jason Ertel
483a9d477f undo filecheck location move 2022-12-05 10:15:15 -05:00
Jason Ertel
d7f60a0e58 only check files on inotify 2022-12-05 10:01:40 -05:00
Jason Ertel
f06443f3dd add suricata to socore group 2022-12-05 09:57:24 -05:00
Jason Ertel
fe798138e3 add suricata to socore group 2022-12-05 09:50:35 -05:00
Jason Ertel
e9bb60dedb fix filecheck for suricata deployments 2022-12-05 09:28:25 -05:00
Jason Ertel
992ced685f fix filecheck for suricata deployments 2022-12-05 09:27:31 -05:00
Jason Ertel
592bbf4217 fix filecheck for suricata deployments 2022-12-05 09:21:08 -05:00
Ben Allen
a1b2c28a42 Check privileges much earlier 2022-12-02 14:08:22 -05:00
Mike Reeves
a3f9859fdb Update init.sls 2022-12-02 09:38:13 -05:00
Doug Burks
7184b9cb25 disable ecat_arp_info by default in so-zeek-logs 2022-12-01 07:18:05 -05:00
weslambert
5988c12773 Change 'bsap.node.status.byte' to 'bsap.node.status_byte' 2022-11-30 13:01:30 -05:00
Mike Reeves
dc5f4ef942 Merge pull request #9253 from Security-Onion-Solutions/TOoSmOotH-patch-2 
Use shutil in case there are multiple filesystems involved.
 2022-11-30 11:04:30 -05:00
Mike Reeves
42cde0b6f0 Use shutil in case there are multiple filesystems involved. 2022-11-30 10:59:09 -05:00
Doug Burks
1279997ca9 update stun, tunnel, and wireguard dashboards in dashboards.queries.json 2022-11-30 10:59:00 -05:00
Wes
8f0547beda Change 'bsap.node.status_byte' to 'bsap.node_status_byte'. 2022-11-30 15:24:53 +00:00
Wes
6cb4c02200 More field updates 2022-11-30 15:22:02 +00:00
Wes
5d72f8d55a Additional field renames and updates 2022-11-30 15:01:41 +00:00
Mike Reeves
571ac4edec Update soup 2022-11-29 18:36:47 -05:00
Wes
e00a80feb4 Use native link_id naming scheme for now 2022-11-29 22:05:37 +00:00
Wes
e8e39a7105 Various field renames 2022-11-29 21:32:05 +00:00
Wes
13ea44db95 Use native 'is_orig' since we are already using that field name for other logs 2022-11-29 21:21:41 +00:00
Wes
5db3e22363 Add s7comm_upload_download references in various places 2022-11-29 19:58:18 +00:00
Wes
6fe2857ba5 Add Zeek s7comm_upload_download ingest pipeline 2022-11-29 19:45:56 +00:00
weslambert
f947e501cb Add space per request 2022-11-29 14:14:37 -05:00
weslambert
ff8bbc399f Add space per request 2022-11-29 14:14:08 -05:00
weslambert
80226a27cc Add space per request 2022-11-29 14:13:41 -05:00
weslambert
266207cc18 Add space per request 2022-11-29 14:12:52 -05:00
weslambert
5255c120c5 Add space per request 2022-11-29 14:11:20 -05:00
Wes
d44f8e495b Check if connection.state is populated before trying to assess its value 2022-11-29 19:00:47 +00:00
Wes
13a8cbdabb Add convert processor for opcua.encoding_mask 2022-11-29 18:59:30 +00:00
Doug Burks
7ea0aa87e4 add ICS COTP dashboard to dashboards.queries.json 2022-11-29 13:38:19 -05:00
weslambert
1cc5961c07 Change 'write' to 'read' to correct name and avoid pipeline failure 2022-11-29 12:54:55 -05:00
Wes
16cd1080be Add dnp3_control reference in various places 2022-11-29 17:23:37 +00:00