CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-15 21:52:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,927 Commits 28 Branches 119 Tags
0197cdb33d7aa9b11f99e5aa940c31faa322205d
Commit Graph

773 Commits

Author SHA1 Message Date
m0duspwnens
5649986834 Merge branch '2.4/dev' into vlb2 2024-12-09 15:35:57 -05:00
defensivedepth
dcbb0e48d4 make sure its owned by socore 2024-11-08 14:34:29 -05:00
defensivedepth
8b70aa9f0e Fix socore permissions 2024-11-08 09:19:41 -05:00
defensivedepth
f5bd8ab585 Rewrite docs 2024-11-07 15:33:47 -05:00
defensivedepth
28d468dd41 Merge remote-tracking branch 'origin/2.4/dev' into 2.4/templaterepos 2024-11-07 07:25:01 -05:00
Corey Ogburn
52a144c052 Added Help Link to Annotation for IgnoredSidRanges 2024-11-05 12:11:17 -07:00
Corey Ogburn
25d55feeef More Detailed Description 2024-11-05 11:41:14 -07:00
Corey Ogburn
5e48ccafce Update Default Value 2024-11-05 11:11:34 -07:00
Corey Ogburn
69dd35c30a Add Option for Ignoring Ranges of SIDs in Suricata Integrity Check 2024-11-04 14:31:53 -07:00
m0duspwnens
efbf62f56a adding beacon 2024-11-04 08:30:40 -05:00
defensivedepth
5406a263d5 Add local custom template 2024-10-29 19:42:06 -04:00
m0duspwnens
c64a05f2ff dynamic annotations 2024-10-29 10:20:31 -04:00
m0duspwnens
0c4426a55e Merge branch '2.4/dev' into vertlybimp 2024-10-29 08:32:39 -04:00
Josh Brower
6a3e5415cf Merge pull request #13832 from Security-Onion-Solutions/2.4/sigmapipelines 
Add process and file creation mappings
 2024-10-28 18:30:21 -04:00
defensivedepth
f3ca5b1c42 Remove OS-specific mappings 2024-10-28 09:19:51 -04:00
m0duspwnens
feb700393e merge with 2.4.120, fix merge conflicts 2024-10-25 15:09:38 -04:00
Corey Ogburn
6ce52bf9ab Specify Defaults for detectionEngineStatusQueries 
Specify the defaults as an example to the user.
 2024-10-24 13:11:49 -06:00
Corey Ogburn
f67fcecc6e Clean up StatusQueries String 2024-10-24 11:18:48 -06:00
Corey Ogburn
b7c392a244 Corrected a misspelling 2024-10-24 11:18:48 -06:00
Corey Ogburn
ad0b0a5e95 Refactor to String 
To accomodate the config screen, the annotation now specifies it as a multiline string with a yaml syntax. The user can edit the yaml to add or remove queries. The UI will parse the YAML before use.

Also updated the IntegrityFailure queries to specify table columns more relevant to a sync failure than the default ones.
 2024-10-24 11:18:47 -06:00
Corey Ogburn
c77b0afd8e Move to Client/Detections 
Added a basic annotation.
 2024-10-24 11:18:47 -06:00
Corey Ogburn
04ebe4efea Array to Dictionary 2024-10-24 11:18:46 -06:00
Corey Ogburn
cbb4d6846f Detection Engine Status Queries 
A few for testing
 2024-10-24 11:18:45 -06:00
m0duspwnens
0476585370 dynamic annotations 2024-10-22 09:03:02 -04:00
defensivedepth
dcdfaf66f4 Add process and file creation mappings 2024-10-16 15:20:52 -04:00
m0duspwnens
dcc1738978 dynamic annotations 2024-10-11 10:46:07 -04:00
Corey Ogburn
d2bd9c0e26 Changes to allow reviews to start showing 2024-10-10 09:48:59 -06:00
defensivedepth
778d5be407 Change summaries branch 2024-09-25 15:35:08 -04:00
Jason Ertel
cce9e162d4 remove colon to avoid yaml parsing problems 2024-09-16 15:30:14 -04:00
Jason Ertel
217bb388a0 Clarify enabled settings 2024-09-16 10:05:17 -04:00
Jason Ertel
8b8737221d mark specific settings as allowed to include Jinja 2024-09-11 09:28:17 -04:00
Jason Ertel
f19a35ff06 move custom alerters to subgroup; avoid false positives on log check 2024-08-28 09:32:25 -04:00
Jason Ertel
6043da4424 annotation updates 2024-08-27 13:04:43 -04:00
Jason Ertel
48f1e24bf5 notification updates 2024-08-22 09:04:43 -04:00
Jason Ertel
cf47508185 notification updates 2024-08-22 09:02:32 -04:00
Jason Ertel
caa8d9ecb0 fix repo path 2024-08-09 06:58:40 -04:00
Corey Ogburn
c71b9f6e8f Fix CopyPasta 
Strelka annotations referenced ElastAlert. Fixed.
 2024-08-08 13:31:08 -06:00
Corey Ogburn
8c1feccbe0 Tweak value 2024-08-08 12:53:51 -06:00
Corey Ogburn
5ee15c8b41 Tweak value 2024-08-08 12:00:07 -06:00
Corey Ogburn
5328f55322 Remove new config value 2024-08-08 11:43:15 -06:00
Corey Ogburn
712f904c43 Config for Repo Folder 
The folder we checkout the AI Summary repo into should definitely exist.
 2024-08-08 10:57:07 -06:00
Corey Ogburn
ccd7d86302 More AI Summaries Config/Annotations 
Added aiRepoBranch to all 3 detection engines.

Added showUnreviewedAiSummaries to client parameters.

Added annotations.
 2024-08-08 10:46:41 -06:00
Corey Ogburn
fc89604982 New Config Values/Annotations for Ai Summaries 
Each engine pulls the same repo into the same location and shows the summaries.

Which repo and where to keep them is advanced, but turning AI summaries on or off is not.
 2024-08-06 13:55:54 -06:00
Jason Ertel
3130b56d58 Provide new setting to require OTP 2024-07-30 10:39:57 -04:00
Corey Ogburn
45b2413175 Removed Allow/Deny Regexes, Added Enable/Disable Regex 
Update config and annotations for new regex support for suricata.
 2024-07-19 12:45:24 -06:00
Corey Ogburn
022df966c7 Remove Allow/Deny Regex, Add Suricata Enable/Disable Regex 2024-07-19 12:28:04 -06:00
Corey Ogburn
d0565baaa3 New Config Values for Detections Bulk Indexer 
`maxScrollSize` defines the "page size" of each scroll request.

`bulkIndexerWorkerCount` defines how many worker threads a bulk indexer should use. 0 or fewer indicates that 1 thread per CPU core should be used.
 2024-07-15 14:43:47 -06:00
Doug Burks
3991c7b5fe FEATURE: Add new action to SOC Actions list to allow users to more easily add their own actions #13346 2024-07-15 15:52:00 -04:00
Doug Burks
dfd8ac3626 FIX: Update SOC MOTD #13320 2024-07-09 12:55:58 -04:00
m0duspwnens
50f0c43212 merge dev 2024-06-26 12:33:32 -04:00