CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-10 21:30:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,175 Commits 53 Branches 125 Tags
saltthangs
Commit Graph

307 Commits

Author SHA1 Message Date
Mike Reeves a0cf0489d6 reduce highstate frequency with active push for rules and pillars 
- schedule highstate every 2 hours (was 15 minutes); interval lives in
  global:push:highstate_interval_hours so the SOC admin UI can tune it and
  so-salt-minion-check derives its threshold as (interval + 1) * 3600
- add inotify beacon on the manager + master reactor + orch.push_batch that
  writes per-app intent files, with a so-push-drainer schedule on the manager
  that debounces, dedupes, and dispatches a single orchestration
- pillar_push_map.yaml allowlists the apps whose pillar changes trigger an
  immediate targeted state.apply (targets verified against salt/top.sls);
  edits under pillar/minions/ trigger a state.highstate on that one minion
- host-batch every push orchestration (batch: 25%, batch_wait: 15) so rule
  changes don't thundering-herd large fleets
- new global:push:enabled kill-switch tears down the beacon, reactor config,
  and drainer schedule on the next highstate for operators who want to keep
  highstate-only behavior
- set restart_policy: unless-stopped on 23 container states so docker
  recovers crashes without waiting for the next highstate; leave registry
  (always), strelka/backend (on-failure), kratos, and hydra alone with
  inline comments explaining why
 2026-04-10 15:43:16 -04:00
Josh Patterson 9ec4a26f97 define options in annotation files 2026-04-09 10:18:36 -04:00
Josh Patterson 2166bb749a ensure max-files is 1 at minimum 2026-04-08 14:59:05 -04:00
Josh Brower c7e865aa1c Remove hardcoded index 2026-03-30 12:42:48 -04:00
Josh Patterson 6a4501241d allow negation in suricata address-group vars 2026-03-23 17:24:12 -04:00
Josh Patterson 6e3986b0b0 set community-id annotation to advanced 2026-03-19 17:37:40 -04:00
Josh Patterson 2585bdd23f add more description to checksum-checks 2026-03-19 17:30:47 -04:00
Josh Patterson f756ecb396 remove quotes from suricata af-packet config 2026-03-19 17:14:55 -04:00
Josh Patterson 82107f00a1 afpacket:checksum-checks yes/no options instead of true/false 2026-03-19 16:57:42 -04:00
Josh Patterson 5c53244b54 convert suricata config yes/no to true/false 2026-03-19 16:41:17 -04:00
Josh Patterson 14d254e81b ensure bool sliders suricata 2026-03-19 15:02:45 -04:00
Josh Patterson c2c5aea244 ensure bool sliders for each state:enabled annotation 2026-03-19 12:35:38 -04:00
Josh Patterson cceaebe350 remove restriction of mmap locked on suricata ulimits 2026-03-19 09:42:39 -04:00
Josh Patterson 74ad2990a7 Merge remote-tracking branch 'origin/3/dev' into delta 2026-03-18 13:05:02 -04:00
Josh Patterson e19e83bebb allow user defined ulimits 2026-03-18 10:38:15 -04:00
Doug Burks 930985b770 update helpLink references for new documentation 2026-03-18 09:46:45 -04:00
Josh Patterson 4dc377c99f DOCKER to DOCKERMERGED 2026-03-17 15:06:06 -04:00
Josh Patterson 7bf63b822d replace placeholder files with .gitkeep to keep empty directories 2026-03-17 11:40:49 -04:00
Josh Patterson 9b6d29212d forcedType bool 2026-03-16 12:46:25 -04:00
Josh Patterson b00f113658 initialize pcap-log 2026-03-14 19:45:50 -04:00
Josh Patterson d452694c55 enable/disable suricata pcap 2026-03-10 11:30:24 -04:00
Josh Brower a3720219d8 add missing cp 2026-03-10 11:11:11 -04:00
Josh Brower 385726b87c update paths 2026-03-10 11:09:56 -04:00
Jason Ertel 7f07c96a2f pcapout still used for extracts 2026-03-09 14:58:27 -04:00
Jason Ertel 71839bc87f remove steno 2026-03-06 15:45:36 -05:00
DefensiveDepth 5ab6bda639 Fixup logic 2025-12-10 17:16:35 -05:00
DefensiveDepth 3f9a9b7019 tweak threshold 2025-12-05 10:23:24 -05:00
DefensiveDepth b7ad985c7a Add cron.abset 2025-12-05 09:48:46 -05:00
DefensiveDepth 9304513ce8 Add support for suricata rules load status 2025-12-04 12:26:13 -05:00
DefensiveDepth 999f83ce57 Create dir earlier 2025-12-01 14:21:58 -05:00
DefensiveDepth 1284150382 Move to manager init 2025-11-27 08:39:19 -05:00
DefensiveDepth 4bb0a7c9d9 Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor 2025-11-25 13:52:21 -05:00
DefensiveDepth ced3af818c Refactor for Airgap 2025-11-25 13:51:50 -05:00
DefensiveDepth 148ef7ef21 add default ruleset 2025-11-18 11:57:30 -05:00
DefensiveDepth 1b55642c86 Refactor rules location 2025-11-18 09:58:14 -05:00
DefensiveDepth af7f7d0728 Fix file paths 2025-11-17 12:00:08 -05:00
reyesj2 4314c79f85 bump suricata dns logging version 2025-11-14 08:24:31 -06:00
DefensiveDepth 81d7c313af remove dupe 2025-11-12 11:11:01 -05:00
DefensiveDepth 9a6ff75793 Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor 2025-11-12 08:51:51 -05:00
DefensiveDepth 11518f6eea idstools removal refactor 2025-11-11 13:41:32 -05:00
Josh Patterson 245ceb2d49 suricata defaults and annotation 2025-11-10 16:40:11 -05:00
Josh Patterson 18c0f197b2 suricata bpf 2025-11-10 13:28:19 -05:00
Josh Patterson 78c193f0a2 handle bpf for suricata 8 pcap 2025-11-07 17:40:24 -05:00
Josh Patterson 6c7ef622c1 spaces removed from expected output 2025-11-07 17:08:33 -05:00
Josh Patterson da1cac0d53 tls-log, http-log and syslog outputs deprecated https://github.com/Security-Onion-Solutions/securityonion/issues/15203 2025-11-06 16:32:55 -05:00
Josh Patterson b7e1989d45 resolve block-size not large enough for max fragmented IP packet size warning 2025-11-06 09:49:46 -05:00
DefensiveDepth a77157391c remove idstools 2025-09-17 10:42:05 -04:00
Doug Burks 27358137f2 FIX: so-suricata-testrule should disable pcap logging #14685 2025-05-30 09:24:41 -04:00
Jason Ertel 0566f46d5b Clarify enabled settings 2024-09-16 10:41:01 -04:00
Jason Ertel 217bb388a0 Clarify enabled settings 2024-09-16 10:05:17 -04:00