securityonion

Author	SHA1	Message	Date
Josh Brower	56aa24d874	Fix Wazuh WEL Parsing	2022-01-10 13:55:38 -05:00
Josh Brower	5d4ea2ba3a	Revert Wazuh parser update	2022-01-07 10:51:24 -05:00
Josh Brower	277c7f1ef8	Uppercase first char in Wazuh WEL	2022-01-06 14:58:50 -05:00
Wes Lambert	441cd3fc59	Move Wazuh-specific data to wazuh.data	2021-07-14 13:42:51 +00:00
Mike Reeves	693f455862	ECS hotfix	2021-07-02 08:55:49 -04:00
weslambert	db48c15f1d	Create event.kind field and rename dataset to be module[dot]dataset	2021-06-02 15:33:18 -04:00
Doug Burks	7a314b5935	Prevent Wazuh "last -n 20" logs from going to Alerts queue #2321	2020-12-12 11:35:29 -05:00
Doug Burks	61ae187d03	revert previous commit #2321	2020-12-12 10:12:23 -05:00
Doug Burks	85aac4ad75	Prevent Wazuh "last -n 20" logs from going to Alerts queue #2321	2020-12-12 09:22:08 -05:00
weslambert	bc31e19e37	Put back rule.category for Wazuh alerts	2020-10-05 11:34:29 -04:00
Wes Lambert	77d31cb289	Add event.severity and event.severity_label config for Wazuh alerts	2020-10-05 12:50:29 +00:00
Wes Lambert	869767d9d9	Add initial parsing for Wazuh WEL/Sysmon	2020-09-28 19:04:21 +00:00
Wes Lambert	93c3c86e2f	update wazuh fields and category	2020-03-30 14:24:01 +00:00
Wes Lambert	9ad16e8c71	upadte ingest config	2020-03-11 12:13:53 +00:00
doug	8472b24a67	parse Bro logs using Elasticsearch ingest node	2019-09-23 16:04:23 -04:00