CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,258 Commits 24 Branches 119 Tags
05c93e379693dfc17d5e09f231e7444073ac664c
Commit Graph

365 Commits

Author SHA1 Message Date
Jason Ertel
ad8f3dfde7 use specified role on new user add 2025-03-17 14:55:40 -04:00
defensivedepth
7237b8971e Refactor pipeline for hash changes 2024-12-23 15:41:13 -05:00
Jason Ertel
57a9992a3d Merge branch '2.4/dev' into jertel/wip 2024-11-11 10:06:44 -05:00
defensivedepth
f5bd8ab585 Rewrite docs 2024-11-07 15:33:47 -05:00
Jason Ertel
c9f6b5206a connect 2024-11-01 16:18:40 -04:00
Jason Ertel
825dbb36dd connect 2024-11-01 15:37:59 -04:00
Jason Ertel
cd2e5bf2d0 rename role 2024-10-31 17:20:44 -04:00
Jason Ertel
a146153ee9 switch to json 2024-10-30 12:44:01 -04:00
defensivedepth
5406a263d5 Add local custom template 2024-10-29 19:42:06 -04:00
Jason Ertel
3f3ac21f50 connect 2024-10-29 12:28:24 -04:00
Jason Ertel
11820a16f0 connect 2024-10-29 12:04:38 -04:00
Jason Ertel
1243c7588b connect 2024-10-28 19:42:01 -04:00
Jason Ertel
624c4855c8 connect 2024-10-28 19:25:20 -04:00
Jason Ertel
12a76a9d35 connect 2024-10-28 19:11:26 -04:00
defensivedepth
f3ca5b1c42 Remove OS-specific mappings 2024-10-28 09:19:51 -04:00
Jason Ertel
5e6dd2e8b3 connect 2024-10-23 16:49:02 -04:00
defensivedepth
dcdfaf66f4 Add process and file creation mappings 2024-10-16 15:20:52 -04:00
Doug Burks
dfd8ac3626 FIX: Update SOC MOTD #13320 2024-07-09 12:55:58 -04:00
Doug Burks
93ced0959c FEATURE: Add more links and descriptions to SOC MOTD #13216 2024-06-17 09:25:01 -04:00
Doug Burks
6f13fa50bf FEATURE: Add more links and descriptions to SOC MOTD #13216 2024-06-17 09:24:32 -04:00
Doug Burks
3bface12e0 FEATURE: Add more links and descriptions to SOC MOTD #13216 2024-06-17 09:23:14 -04:00
Doug Burks
b584c8e353 FEATURE: Add more links and descriptions to SOC MOTD #13216 2024-06-17 09:13:17 -04:00
Josh Brower
185fb38b2d Merge pull request #13079 from Security-Onion-Solutions/2.4/sigmapipelineupdates 
Add IDH mappings
 2024-05-24 14:48:22 -04:00
DefensiveDepth
550b3ee92d Add IDH mappings 2024-05-24 14:46:24 -04:00
DefensiveDepth
66725b11b3 Added unit tests 2024-05-24 09:55:10 -04:00
DefensiveDepth
d19c1a514b Detections backup script 2024-05-22 15:12:23 -04:00
DefensiveDepth
8cc4d2668e Move compile_yara 2024-04-16 12:52:14 -04:00
DefensiveDepth
376efab40c Ship Defender logs 2024-04-08 14:01:38 -04:00
Jason Ertel
3aea2dec85 analytics 2024-04-01 09:50:18 -04:00
Josh Brower
d832158cc5 Drop Hashes field 2024-03-01 15:26:02 -05:00
Josh Brower
b017157d21 Add antivirus mapping 2024-03-01 14:04:56 -05:00
Josh Brower
d04aa06455 Fix source.ip 2024-02-22 14:01:02 -05:00
Josh Brower
c886e72793 Imphash mappings 2024-02-22 08:59:33 -05:00
Josh Brower
0a9022ba6a Add hash mappings 2024-02-21 17:07:08 -05:00
Josh Brower
81a3e95914 Fixup sigma pipelines 2024-02-07 16:42:16 -05:00
Josh Brower
7e3187c0b8 Fixup sigma pipelines 2024-02-07 15:35:31 -05:00
Corey Ogburn
858166bcae WIP: Detections Changes 
Removed some strelka/yara rules from salt.

Removed yara scripts for downloading and updating rules. This will be managed by SOC.

Added a new compile_yara.py script.

Added the strelka repos folder.
 2024-01-30 15:43:51 -07:00
Jason Ertel
c09e8f0d71 improve timing of responses 2023-11-16 15:58:48 -05:00
Jason Ertel
de99cda766 improve timing of responses 2023-11-16 15:51:17 -05:00
m0duspwnens
99662c999f log operation and minion target 2023-10-20 13:41:24 -04:00
Doug Burks
da56a421e5 Update motd.md 2023-08-31 09:17:33 -04:00
Doug Burks
4426437ad3 Update motd.md 2023-08-10 15:04:31 -04:00
Jason Ertel
951f04c265 remove use of pipe 2023-06-29 12:10:12 -04:00
Jason Ertel
b21b545756 use cluster-unique password for import encryption 2023-06-23 09:37:41 -04:00
Corey Ogburn
2b323ab661 Fix salt cmd.run commands for importing 
Functional and easy to read.
 2023-06-22 17:30:56 -06:00
Jason Ertel
0d92a1594a fix quotations 2023-06-22 14:41:39 -04:00
Corey Ogburn
b5e5bd57ad Fix for Upload Import 
Needed to mount /nsm/soc/uploads into soc container.

Made the upload route configurable.

Added gpg logging to salt-relay.
 2023-06-21 15:41:16 -06:00
Corey Ogburn
ad28ea275f Better state management 
When salt-cp runs it's course and finds it can't send a file, it outputs a report saying as much but the exit code will be zero. Now we remove the filename and node from the response and look for `True` to know if it succeeded. Also, respect the cleanup flag on success or failure.

Check the status of the decryption process before importing.

No longer decrypt locally, issue salt command for the remote client to do the decrypting.
 2023-06-20 09:41:14 -06:00
Corey Ogburn
41951659ec Use importer's new --json flag. 
Using the new --json flag is not only more reliable than using a regex, the way the import script was written even re-imports will provide a url. This means that in more cases we can provide the results to the users (even if nothing changed).
 2023-06-20 09:41:14 -06:00
Corey Ogburn
451a4784a1 send-file and import-file security 
Encrypt the file with a passphrase before sending and decrypt the file with the same passphrase before importing.
 2023-06-20 09:41:14 -06:00