CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-22 17:03:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,715 Commits 18 Branches 120 Tags
073fb16e203b8f47a76b059a85cb19ca25e23b08
Commit Graph

745 Commits

Author SHA1 Message Date
Jason Ertel
cce9e162d4 remove colon to avoid yaml parsing problems 2024-09-16 15:30:14 -04:00
Jason Ertel
217bb388a0 Clarify enabled settings 2024-09-16 10:05:17 -04:00
Jason Ertel
8b8737221d mark specific settings as allowed to include Jinja 2024-09-11 09:28:17 -04:00
Jason Ertel
f19a35ff06 move custom alerters to subgroup; avoid false positives on log check 2024-08-28 09:32:25 -04:00
Jason Ertel
6043da4424 annotation updates 2024-08-27 13:04:43 -04:00
Jason Ertel
48f1e24bf5 notification updates 2024-08-22 09:04:43 -04:00
Jason Ertel
cf47508185 notification updates 2024-08-22 09:02:32 -04:00
Jason Ertel
caa8d9ecb0 fix repo path 2024-08-09 06:58:40 -04:00
Corey Ogburn
c71b9f6e8f Fix CopyPasta 
Strelka annotations referenced ElastAlert. Fixed.
 2024-08-08 13:31:08 -06:00
Corey Ogburn
8c1feccbe0 Tweak value 2024-08-08 12:53:51 -06:00
Corey Ogburn
5ee15c8b41 Tweak value 2024-08-08 12:00:07 -06:00
Corey Ogburn
5328f55322 Remove new config value 2024-08-08 11:43:15 -06:00
Corey Ogburn
712f904c43 Config for Repo Folder 
The folder we checkout the AI Summary repo into should definitely exist.
 2024-08-08 10:57:07 -06:00
Corey Ogburn
ccd7d86302 More AI Summaries Config/Annotations 
Added aiRepoBranch to all 3 detection engines.

Added showUnreviewedAiSummaries to client parameters.

Added annotations.
 2024-08-08 10:46:41 -06:00
Corey Ogburn
fc89604982 New Config Values/Annotations for Ai Summaries 
Each engine pulls the same repo into the same location and shows the summaries.

Which repo and where to keep them is advanced, but turning AI summaries on or off is not.
 2024-08-06 13:55:54 -06:00
Jason Ertel
3130b56d58 Provide new setting to require OTP 2024-07-30 10:39:57 -04:00
Corey Ogburn
45b2413175 Removed Allow/Deny Regexes, Added Enable/Disable Regex 
Update config and annotations for new regex support for suricata.
 2024-07-19 12:45:24 -06:00
Corey Ogburn
022df966c7 Remove Allow/Deny Regex, Add Suricata Enable/Disable Regex 2024-07-19 12:28:04 -06:00
Corey Ogburn
d0565baaa3 New Config Values for Detections Bulk Indexer 
`maxScrollSize` defines the "page size" of each scroll request.

`bulkIndexerWorkerCount` defines how many worker threads a bulk indexer should use. 0 or fewer indicates that 1 thread per CPU core should be used.
 2024-07-15 14:43:47 -06:00
Doug Burks
3991c7b5fe FEATURE: Add new action to SOC Actions list to allow users to more easily add their own actions #13346 2024-07-15 15:52:00 -04:00
Doug Burks
dfd8ac3626 FIX: Update SOC MOTD #13320 2024-07-09 12:55:58 -04:00
m0duspwnens
50f0c43212 merge dev 2024-06-26 12:33:32 -04:00
weslambert
bf91030204 Add option for detections without license 2024-06-21 15:33:11 -04:00
m0duspwnens
469ca44016 fix maps 2024-06-20 16:53:12 -04:00
m0duspwnens
81fcd68e9b create and use redis:nodes and elasticsearch:nodes pillars 2024-06-20 16:42:11 -04:00
Doug Burks
07b9011636 Update defaults.yaml to put Process actions in logical order 2024-06-20 10:09:27 -04:00
Matthew Wright
bc2b3b7f8f Merge pull request #13236 from Security-Onion-Solutions/mwright/licenseDropdown 
Added license presets to defaults.yaml file
 2024-06-18 18:05:15 -04:00
unknown
ea02a2b868 Added license presets to defaults.yaml file 2024-06-18 16:52:00 -04:00
Doug Burks
de18bf06c3 FEATURE: Add new Process actions #13226 2024-06-18 10:36:41 -04:00
DefensiveDepth
521cccaed6 Update defaults 2024-06-18 08:43:00 -04:00
Doug Burks
93ced0959c FEATURE: Add more links and descriptions to SOC MOTD #13216 2024-06-17 09:25:01 -04:00
Doug Burks
6f13fa50bf FEATURE: Add more links and descriptions to SOC MOTD #13216 2024-06-17 09:24:32 -04:00
Doug Burks
3bface12e0 FEATURE: Add more links and descriptions to SOC MOTD #13216 2024-06-17 09:23:14 -04:00
Doug Burks
b584c8e353 FEATURE: Add more links and descriptions to SOC MOTD #13216 2024-06-17 09:13:17 -04:00
DefensiveDepth
7af94c172f Change spelling 2024-06-14 16:00:22 -04:00
DefensiveDepth
7556587e35 Update rule templates 2024-06-14 15:47:57 -04:00
DefensiveDepth
c89f1c9d95 remove multiline 2024-06-14 13:48:55 -04:00
DefensiveDepth
b7ac599a42 set to empty 2024-06-14 13:21:36 -04:00
DefensiveDepth
68302e14b9 add to defaults and tweaks 2024-06-14 09:28:23 -04:00
DefensiveDepth
c1abc7a7f1 Update description 2024-06-14 08:51:34 -04:00
DefensiveDepth
484717d57d initial support for custom suricata urls and local rulesets 2024-06-14 08:42:10 -04:00
Corey Ogburn
d5ef0e5744 Fix unnecessary escaping 2024-06-11 12:34:32 -06:00
DefensiveDepth
08d2a6242d Add new bind - suricata all.rules 2024-06-11 10:03:33 -04:00
Corey Ogburn
ee696be51d Remove rootCA and insecureSkipVerify from SOC defaults 2024-06-07 13:07:04 -06:00
Corey Ogburn
5d3fd3d389 AdditionalCA and InsecureSkipVerify 
New fields have been added to manager and then duplicated over to SOC's config in the same vein as how proxy was updated earlier this week.

AdditionalCA holds the PEM formatted public keys that should be trusted when making requests. It has been implemented for both Sigma's zip downloads and Sigma and Suricata's repository clones and pulls.

InsecureSkipVerify has been added to help our users troubleshoot their configuration. Setting it to true will not verify the cert on outgoing requests. Self signed, missing, or invalid certs will not throw an error.
 2024-06-07 12:47:09 -06:00
Corey Ogburn
fa063722e1 RootCA and InsecureSkipVerify 
New empty settings and their annotations.
 2024-06-07 09:10:14 -06:00
Corey Ogburn
42818a9950 Remove proxy from SOC defaults 2024-06-06 13:28:07 -06:00
Corey Ogburn
e85c3e5b27 SOC Proxy Setting 
The so_proxy value we build during install is now copied to SOC's config.
 2024-06-06 11:55:27 -06:00
Corey Ogburn
85c269e697 Added TemplateDetections To Detection ClientParams 
The UI can now insert templates when you select a Detection language. These are those templates, annotated.
 2024-05-30 15:59:03 -06:00
Josh Brower
185fb38b2d Merge pull request #13079 from Security-Onion-Solutions/2.4/sigmapipelineupdates 
Add IDH mappings
 2024-05-24 14:48:22 -04:00