CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-23 01:13:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,322 Commits 18 Branches 120 Tags
0a88c812e867b51d19eb643d47dab1f9f7c24df3
Commit Graph

80 Commits

Author SHA1 Message Date
weslambert
563a495725 Add Playbook 2023-08-21 11:24:07 -04:00
weslambert
9e18fe64cf Remove OSSEC configuration 2023-08-21 11:20:47 -04:00
bryant-treacle
036b81707b Update defaults.yaml 2023-08-08 16:10:54 -04:00
bryant-treacle
3d4fd08547 Update defaults.yaml 2023-08-08 15:28:06 -04:00
weslambert
527a6ba454 Use asterisk when searching 'msg' since it is now a keyword 2023-07-31 23:52:38 -04:00
Corey Ogburn
aa56085758 New Action "Add to Case" 2023-07-28 09:55:44 -06:00
Corey Ogburn
bb7a918a16 Added ReverseLookup Option 
Defaults to false, has metadata to show up in the config section of soc.
 2023-07-21 13:18:08 -06:00
Wes
1848a835f5 Remove keyword 2023-07-19 13:52:15 +00:00
Jason Ertel
951f04c265 remove use of pipe 2023-06-29 12:10:12 -04:00
Corey Ogburn
fb27e7c479 Also add to dashboard 
Duplicate new queryToggleFilter from hunt to dashboard.
 2023-06-23 11:30:26 -06:00
Corey Ogburn
261acee8a0 New Hunt queryToggleFilter 
New filter to exclude soc logs from hunt results.
 2023-06-23 11:30:26 -06:00
Corey Ogburn
6769386c86 Change upload path 2023-06-22 10:59:24 -06:00
Corey Ogburn
b5e5bd57ad Fix for Upload Import 
Needed to mount /nsm/soc/uploads into soc container.

Made the upload route configurable.

Added gpg logging to salt-relay.
 2023-06-21 15:41:16 -06:00
Josh Brower
6ba9e057a9 Merge pull request #10600 from Security-Onion-Solutions/fix/dataset_tags 
Change format of event dataset and assign dataset to tags
 2023-06-21 09:22:40 -04:00
Doug Burks
0e09d73aa0 Resolve conflicts with dataset PR 2023-06-20 07:40:10 -04:00
Doug Burks
fc824359ed Update default fields for kratos.audit 2023-06-20 07:30:56 -04:00
Doug Burks
7caa7cec6b Fix SOC Auth queries in Dashboards and Hunt 
Change `event.dataset:audit` to `event.dataset:kratos.audit`.
 2023-06-20 07:13:33 -04:00
Wes
b5bccc5e05 Use module in dataset name and add dataset tag 2023-06-15 13:06:57 +00:00
m0duspwnens
8e18986671 enabled/disable soc in ui 2023-05-11 15:33:16 -04:00
Doug Burks
5be5466efe fix GeoIP queries 2023-03-24 14:03:12 -04:00
Doug Burks
a9dc7a14cb fix GeoIP queries 2023-03-24 13:56:51 -04:00
Doug Burks
aa9d44ab09 Add four new GeoIP dashboards 2023-03-24 13:51:13 -04:00
Josh Brower
bad905f54c SOC Logs & Hunt Query 2023-03-23 16:22:59 -04:00
Josh Brower
2fe8668f1b Merge pull request #9891 from Security-Onion-Solutions/2.4/huntqueries 
Initial updates for 2.4 fieldnames
 2023-03-09 14:37:50 -05:00
Josh Brower
73abf8dbfd Generic host dashboard 2023-03-09 14:32:52 -05:00
Josh Brower
1493806040 Change host dashboard titles 2023-03-08 17:03:02 -05:00
Josh Brower
a5c89bfaa1 update sysmon dashboards 2023-03-08 16:49:34 -05:00
Doug Burks
a2bda07820 add VLAN dashboard 2023-03-05 15:24:11 -05:00
Josh Brower
9db6df0f14 Initial updates for 2.4 fieldnames 2023-03-04 15:19:19 -05:00
Doug Burks
e24296d536 add SOC Dashboards groupby for Zeek conn vlan field 2023-03-03 15:23:43 -05:00
Jason Ertel
d3c5d0569a Remove FleetDM tool instead of deactivating it 2023-02-24 10:20:02 -05:00
Jason Ertel
cd27ae89cc influx upgrade 2023-02-10 16:34:06 -05:00
Jason Ertel
ea0c3db8e1 upgrade influxdb 2023-02-08 13:23:45 -05:00
Doug Burks
a44d83d69b Improve Suricata DHCP parsing and dashboard 2023-01-31 08:33:38 -05:00
Jason Ertel
7b1f867ac3 Add defaults for auto extracted observables 2023-01-24 13:17:50 -05:00
Doug Burks
5754365c6d Improve default sysmon fields and add new network_connection fields 2023-01-04 07:42:24 -05:00
doug
4e5d1d587e update sysmon ingest parser and Sysmon File dashboard 2023-01-03 09:02:17 -05:00
Doug Burks
69415a0d8d Improve Strelka dashboard 2022-12-21 15:34:35 -05:00
Doug Burks
506556f0d2 Improve Firewall dashboard 2022-12-21 15:29:09 -05:00
Doug Burks
d7b2c88201 Improve Software dashboard 2022-12-21 15:24:58 -05:00
Doug Burks
4519c533a2 Improve Intel dashboard 2022-12-21 15:20:27 -05:00
Doug Burks
3a367d69f4 Improve FTP dashboard 2022-12-21 14:37:17 -05:00
Doug Burks
a4f1f75306 Improve NIDS Alerts dashboard 2022-12-21 14:33:01 -05:00
Doug Burks
3d1ce4ef10 Improve SOC dashboards 2022-12-21 13:26:04 -05:00
Jason Ertel
b37697e95d Switch license key to single line to avoid multiline/list conflicts 2022-12-16 12:50:22 -05:00
Jason Ertel
7853d972b6 Set default key to empty string to ensure new keys are type aligned correctly 2022-12-15 18:31:47 -05:00
Jason Ertel
f84ceca03e consolidate eventFields from hunt and dashbaords into a single setting 2022-12-15 14:22:23 -05:00
Doug Burks
e1d200e6ce Remove duplicate TDS dashboard from defaults.yaml 2022-12-11 14:39:08 -05:00
Doug Burks
72f71ba695 Fix TDS dashboard in defaults.yaml 2022-12-11 14:36:27 -05:00
Doug Burks
cb16bd36fb fix descriptions in defaults.yaml 2022-12-10 14:31:59 -05:00