CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-03-24 13:32:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,894 Commits 39 Branches 123 Tags
quickfixes
Commit Graph

779 Commits

Author SHA1 Message Date
Jorge Reyes
20c4da50b1 Merge pull request #15632 from Security-Onion-Solutions/reyesj2-15601 
fix global override settings affecting non-data stream indices
 2026-03-18 10:51:17 -05:00
reyesj2
1a943aefc5 rollover datastreams to get latest index templates + remove existing ilm policies from so-case / so-detection indices 2026-03-17 13:49:20 -05:00
Josh Patterson
4224713cc6 Merge pull request #15624 from Security-Onion-Solutions/moreja 
Add SOC UI toggle for JA4+ fingerprinting
 2026-03-17 09:44:04 -04:00
Jason Ertel
a3b471c1d1 fix health check for new hydra version 2026-03-16 18:43:36 -04:00
Mike Reeves
64bb0dfb5b Merge pull request #15610 from Security-Onion-Solutions/moresoup 
Add -r flag to so-yaml get and migrate pcap pillar to suricata
 2026-03-16 17:36:32 -04:00
Mike Reeves
ddb26a9f42 Add test for raw dict output in so-yaml get to reach 100% coverage 
Covers the dict/list branch in raw mode (line 358) that was missing
test coverage.
 2026-03-16 17:19:14 -04:00
Mike Reeves
d2cee468a0 Remove support for non-Oracle Linux 9 operating systems 
Security Onion now exclusively supports Oracle Linux 9. This removes
detection, setup, and update logic for Ubuntu, Debian, CentOS, Rocky,
AlmaLinux, and RHEL.
 2026-03-16 16:44:07 -04:00
Jason Ertel
7dcd923ebf Merge pull request #15612 from Security-Onion-Solutions/jertel/wip 
API errors will no longer redirect
 2026-03-13 17:04:51 -04:00
Jason Ertel
1fcd8a7c1a API errors will no longer redirect 2026-03-13 16:53:38 -04:00
Mike Reeves
4a89f7f26b Add -r flag to so-yaml get for raw output without YAML formatting 
Preserve default get behavior with yaml.safe_dump output for backwards
compatibility. Add -r flag for clean scalar output used by soup pcap
migration.
 2026-03-13 16:24:41 -04:00
Mike Reeves
12dec366e0 Fix so-yaml get to output booleans in YAML format and add bool test 2026-03-13 15:58:47 -04:00
Mike Reeves
1713f6af76 Fix so-yaml tests to match scalar output without document end marker 2026-03-13 15:53:53 -04:00
Mike Reeves
7f4adb70bd Fix so-yaml get to print scalar values without YAML document end marker 2026-03-13 15:34:04 -04:00
Mike Reeves
e2483e4be0 Fix so-yaml addKey crash when intermediate key has None value 2026-03-13 15:22:29 -04:00
Mike Reeves
322c0b8d56 Move pcap.enabled under suricata.pcap.enabled in so-minion 2026-03-13 15:14:19 -04:00
Mike Reeves
81c1d8362d Fix pcap migration to strip yaml document end marker from so-yaml output 2026-03-13 15:09:37 -04:00
Mike Reeves
18f971954b Improve soup version checks and migrate pcap pillar to suricata 
Consolidate version checks to use regex patterns for 2.4.21X and 3.x
versions. Add migrate_pcap_to_suricata to move pcap.enabled to
suricata.pcap.enabled in minion and pcap pillar files during upgrade.
 2026-03-13 14:54:23 -04:00
Mike Reeves
89f144df75 Remove upgrade instructions for 2.4 branch 
Removed outdated instructions for upgrading to the latest 2.4 branch.
 2026-03-11 16:05:06 -04:00
Mike Reeves
cfccbe2bed Update version check to include 2.4.211 2026-03-11 15:59:23 -04:00
Mike Reeves
4539024280 Add minimum version check and fix function call syntax in soup 
Require at least Security Onion 2.4.210 before allowing upgrade.
Fix determine_elastic_agent_upgrade() call syntax (remove parens).
 2026-03-10 15:05:52 -04:00
Mike Reeves
91759587f5 Update version numbers for upgrade scripts 2026-03-10 14:58:43 -04:00
Mike Reeves
bc9841ea8c Refactor upgrade functions and remove unused code 
Removed deprecated functions and updated version checks for upgrades.
 2026-03-10 14:45:40 -04:00
Mike Reeves
685e22bd68 soup cleanup 2026-03-10 11:58:06 -04:00
Mike Reeves
d78a5867b8 Refactor upgrade functions and version checks 
Removed redundant upgrade functions and streamlined version checks.
 2026-03-09 17:10:18 -04:00
Jason Ertel
2c4d833a5b update 2.4 references to 3 2026-03-05 11:05:19 -05:00
Jason Ertel
863276e24f Merge pull request #15539 from Security-Onion-Solutions/jertel/wip 
prepare for nextgen docs
 2026-02-27 13:18:47 -05:00
Jason Ertel
9bd5e1897a prepare for nextgen docs 2026-02-27 13:09:55 -05:00
Josh Brower
17e3a4bf21 Merge pull request #15536 from Security-Onion-Solutions/idstools-cleanup 
Move rm to post
 2026-02-27 08:39:50 -05:00
DefensiveDepth
2284283b17 Move rm to post 2026-02-27 08:35:28 -05:00
Josh Patterson
972aa1f8a1 Merge pull request #15534 from Security-Onion-Solutions/bravo 
restart salt minion before failing if not ready
 2026-02-26 15:20:44 -05:00
Josh Patterson
79d9b6e0a4 restart salt minion before failing if not ready 2026-02-26 12:05:21 -05:00
DefensiveDepth
5e7b0cfe0e Cleanup idstools 2026-02-26 09:05:54 -05:00
Mike Reeves
fa479c4b89 Merge pull request #15517 from Security-Onion-Solutions/souppcap 
Add Support for upgrading to 3.0
 2026-02-24 10:11:24 -05:00
Mike Reeves
be35b59b8c Update echo messages for PCAP engine clarity 2026-02-24 10:04:26 -05:00
Josh Patterson
2375061cfa so-yaml.py tell which key not found 2026-02-23 13:19:03 -05:00
Josh Patterson
1a9a087af2 redirect not found if key isn't found 2026-02-23 13:17:38 -05:00
Josh Patterson
bf16de7bfd fix duplicate log lines in soup log 2026-02-23 12:07:04 -05:00
Josh Patterson
863c7abc8b fix soup failure if salt-relay isn't running 2026-02-23 11:36:20 -05:00
Mike Reeves
7170289a5e Continue upgrade after pcapengine is changed to SURICATA 
Instead of exiting and requiring the user to rerun the script after
changing pcapengine to SURICATA, let the script continue to the
version check and upgrade.
 2026-02-23 11:35:32 -05:00
Mike Reeves
ca040044bb Use so-yaml to update pcapengine pillar and fix file path 
Replace fragile sed with so-yaml.py replace for proper YAML handling.
Also correct the pillar file path from soc_soc.sls to soc_global.sls.
 2026-02-23 11:16:30 -05:00
Mike Reeves
f17e2961ed Add PCAP orphan warning and require SURICATA before upgrade 
- Warn users that undeleted Stenographer PCAP data will be inaccessible
  and never automatically cleaned up if they switch to SURICATA without
  deleting it first
- Require pcapengine to be set to SURICATA before allowing upgrade,
  with clear messaging when the user declines to change it
 2026-02-23 11:05:30 -05:00
Mike Reeves
bbc7668786 Add version check, PCAP cleanup prompts, and SOC config references to soupto3 
- Skip upgrade if already running Security Onion 3.x.x
- Add interactive prompts to delete Stenographer PCAP data (with double confirmation) and change pcapengine to SURICATA
- Direct users to SOC Configuration UI instead of editing pillar files directly
- Consolidate TRANSITION and STENO cases to reduce repeated code
 2026-02-23 10:49:54 -05:00
Mike Reeves
1888f9e757 Soup to 3 2026-02-23 10:07:16 -05:00
Jorge Reyes
cf6b5aeceb Merge pull request #15503 from Security-Onion-Solutions/reyesj2/mngdanno 
migrate managed_integrations pillar
 2026-02-20 13:28:23 -06:00
Matthew Wright
90eee49ab6 whitespace issue pt2 2026-02-19 16:35:35 -05:00
Matthew Wright
f025886b31 whitespace issue 2026-02-19 16:33:40 -05:00
Matthew Wright
7fa01f5fd5 added new funcs to so-yaml.py to support gemini tests 2026-02-19 16:20:44 -05:00
reyesj2
256c1122c3 remove old pillar 2026-02-19 11:08:23 -06:00
reyesj2
aa2a1a3d3c typo for so-yaml file input 2026-02-19 11:08:06 -06:00
Jorge Reyes
93f52453b4 Merge pull request #15499 from Security-Onion-Solutions/reyesj2-patch-15 
rework autosoup for intermediate upgrades
 2026-02-19 09:08:00 -06:00