CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 02:32:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,560 Commits 25 Branches 119 Tags
0a5725a62ee94ccc9ef0dddaf43cfd38e45fde5c
Commit Graph

15560 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mike Reeves
a655f8dc04 2.4.70 2024-05-29 14:52:47 -04:00
Mike Reeves
e98b8566c9 2.4.70 2024-05-29 14:50:22 -04:00
Josh Brower
ef10794e3b Merge pull request #13089 from Security-Onion-Solutions/2.4/realert 
fix rsync
 2024-05-29 11:12:45 -04:00
DefensiveDepth
0d034e7adc fix rsync 2024-05-29 10:55:56 -04:00
reyesj2
59097070ef Revert "Remove unneeded jolokia aggregate metrics to reduce data ingested to influx" 
This reverts commit 1c1a1a1d3f.
 2024-05-28 12:17:43 -04:00
reyesj2
77b5aa4369 Correct dashboard name 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-28 11:34:35 -04:00
reyesj2
0d7c331ff0 only show specific fields when hovering over Kafka influxdb panels 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-28 11:29:38 -04:00
reyesj2
1c1a1a1d3f Remove unneeded jolokia aggregate metrics to reduce data ingested to influx 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-28 11:14:19 -04:00
reyesj2
47efcfd6e2 Add basic Kafka metrics to 'Security Onion Performance' influxdb dashboard 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-28 10:55:11 -04:00
reyesj2
15a0b959aa Add jolokia metrics for influxdb dashboard 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-28 10:51:39 -04:00
Josh Brower
ca49943a7f Merge pull request #13085 from Security-Onion-Solutions/2.4/soupchange 
Check to see if local exists
 2024-05-28 10:25:46 -04:00
DefensiveDepth
ee4ca0d7a2 Check to see if local exists 2024-05-28 10:24:09 -04:00
Josh Brower
0d634f3b8e Merge pull request #13084 from Security-Onion-Solutions/2.4/soupchange 
Fix fi
 2024-05-28 10:05:33 -04:00
DefensiveDepth
f68ac23f0e Fix fi 
Signed-off-by: DefensiveDepth <Josh@defensivedepth.com>
 2024-05-28 10:03:31 -04:00
Josh Brower
825c4a9adb Merge pull request #13083 from Security-Onion-Solutions/2.4/soupchange 
Backup .yml files too
 2024-05-28 09:45:53 -04:00
DefensiveDepth
2a2b86ebe6 Dont overwrite 2024-05-28 09:43:45 -04:00
DefensiveDepth
74dfc25376 backup local rules 2024-05-28 09:29:10 -04:00
DefensiveDepth
81ee60e658 Backup .yml files too 2024-05-28 06:42:18 -04:00
reyesj2
fcb6a47e8c Remove redis.sh telegraf script when Kafka is global pipeline 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-26 21:10:41 -04:00
Josh Brower
49fd84a3a7 Merge pull request #13081 from Security-Onion-Solutions/2.4/soupchange 
Dont bail - just wait for enter
 2024-05-24 16:28:40 -04:00
DefensiveDepth
58b565558d Dont bail - just wait for enter 2024-05-24 16:21:59 -04:00
Josh Brower
185fb38b2d Merge pull request #13079 from Security-Onion-Solutions/2.4/sigmapipelineupdates 
Add IDH mappings
 2024-05-24 14:48:22 -04:00
DefensiveDepth
550b3ee92d Add IDH mappings 2024-05-24 14:46:24 -04:00
Josh Brower
29a87fd166 Merge pull request #13078 from Security-Onion-Solutions/2.4/socdefaultsdet 
Add instructions for sigma and yara repos
 2024-05-24 13:02:01 -04:00
DefensiveDepth
f90d40b471 Fix typo 2024-05-24 12:56:17 -04:00
DefensiveDepth
4344988abe Add instructions for sigma and yara repos 2024-05-24 12:54:36 -04:00
Josh Brower
979147a111 Merge pull request #13062 from Security-Onion-Solutions/2.4/backupscript 
Detections backup script
 2024-05-24 10:06:56 -04:00
DefensiveDepth
66725b11b3 Added unit tests 2024-05-24 09:55:10 -04:00
Jason Ertel
19f9c4e389 Merge pull request #13076 from Security-Onion-Solutions/jertel/eaconfig 
provide default columns when viewing SOC logs
 2024-05-24 08:39:17 -04:00
Jason Ertel
bd11d59c15 add event.dataset since there are other datasets in soc logs 2024-05-24 08:38:12 -04:00
Jason Ertel
15155613c3 provide default columns when viewing SOC logs 2024-05-24 08:23:45 -04:00
m0duspwnens
b5f656ae58 dont render pillar each time so-tcpreplay runs 2024-05-23 13:22:22 -04:00
Josh Patterson
7177392adc Merge pull request #13071 from Security-Onion-Solutions/telfinwip 
Telfinwip
 2024-05-23 10:46:54 -04:00
m0duspwnens
ea7715f729 use waitforstate var instead. 2024-05-23 10:41:10 -04:00
m0duspwnens
0b9ebefdb6 only show telem status in final whiptail if new deployment 2024-05-23 10:08:23 -04:00
Mike Reeves
19e66604d0 Merge pull request #13069 from Security-Onion-Solutions/TOoSmOotH-patch-8 
Update defaults.yaml
 2024-05-23 08:22:05 -04:00
Mike Reeves
1e6161f89c Update defaults.yaml 2024-05-23 08:19:43 -04:00
Josh Brower
a8c287c491 Merge pull request #13067 from Security-Onion-Solutions/2.4/fixpipeline 
Fix strelka rule.uuid
 2024-05-23 07:53:14 -04:00
Doug Burks
2c4f5f0a91 Merge pull request #13066 from Security-Onion-Solutions/dougburks-patch-1 
Update defaults.yaml to fix order of groupby tables and eliminate dup…
 2024-05-23 06:02:49 -04:00
DefensiveDepth
8e7c487cb0 Fix strelka rule.uuid 2024-05-23 05:59:31 -04:00
Doug Burks
3d4f3a04a3 Update defaults.yaml to fix order of groupby tables and eliminate duplicate 2024-05-23 05:56:18 -04:00
Josh Brower
ce063cf435 Merge pull request #13063 from Security-Onion-Solutions/2.4/yarafix 
Fix casing issue
 2024-05-22 18:51:54 -04:00
DefensiveDepth
a072e34cfe Fix casing issue 2024-05-22 17:12:41 -04:00
DefensiveDepth
d19c1a514b Detections backup script 2024-05-22 15:12:23 -04:00
weslambert
b415810485 Merge pull request #13061 from Security-Onion-Solutions/fix/tab_casing 
Change tab casing to be consistent with other whiptail prompts
 2024-05-22 13:44:09 -04:00
weslambert
3cfd710756 Change tab casing to be consistent with other whiptail prompts 2024-05-22 13:41:32 -04:00
reyesj2
382cd24a57 Small changes needed for using new Kafka docker image + added Kafka logging output to /opt/so/log/kafka/ 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-22 13:39:21 -04:00
reyesj2
b1beb617b3 Logstash should be disabled when Kafka is enabled except when a minion override exists OR node is a standalone 
- Standalone subscribes to Kafka topics via logstash for ingest

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-22 13:38:09 -04:00
reyesj2
91f8b1fef7 Set default replication factor back to Kafka default 
If replication factor is > 1 Kafka will fail to start until another broker is added
  - For internal automated testing purposes a Standalone will be utilized

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-22 13:35:09 -04:00
Jason Ertel
ca6e2b8e22 Merge pull request #13054 from Security-Onion-Solutions/jertel/eaconfig 
fix elastalert settings
 2024-05-21 18:38:03 -04:00