CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,534 Commits 40 Branches 125 Tags
0af2e85f91c76d811b69c648986d9953dc776790
Commit Graph

348 Commits

Author SHA1 Message Date
Doug Burks dfd8ac3626 FIX: Update SOC MOTD #13320 2024-07-09 12:55:58 -04:00
Doug Burks 93ced0959c FEATURE: Add more links and descriptions to SOC MOTD #13216 2024-06-17 09:25:01 -04:00
Doug Burks 6f13fa50bf FEATURE: Add more links and descriptions to SOC MOTD #13216 2024-06-17 09:24:32 -04:00
Doug Burks 3bface12e0 FEATURE: Add more links and descriptions to SOC MOTD #13216 2024-06-17 09:23:14 -04:00
Doug Burks b584c8e353 FEATURE: Add more links and descriptions to SOC MOTD #13216 2024-06-17 09:13:17 -04:00
Josh Brower 185fb38b2d Merge pull request #13079 from Security-Onion-Solutions/2.4/sigmapipelineupdates 
Add IDH mappings
 2024-05-24 14:48:22 -04:00
DefensiveDepth 550b3ee92d Add IDH mappings 2024-05-24 14:46:24 -04:00
DefensiveDepth 66725b11b3 Added unit tests 2024-05-24 09:55:10 -04:00
DefensiveDepth d19c1a514b Detections backup script 2024-05-22 15:12:23 -04:00
DefensiveDepth 8cc4d2668e Move compile_yara 2024-04-16 12:52:14 -04:00
DefensiveDepth 376efab40c Ship Defender logs 2024-04-08 14:01:38 -04:00
Jason Ertel 3aea2dec85 analytics 2024-04-01 09:50:18 -04:00
Josh Brower d832158cc5 Drop Hashes field 2024-03-01 15:26:02 -05:00
Josh Brower b017157d21 Add antivirus mapping 2024-03-01 14:04:56 -05:00
Josh Brower d04aa06455 Fix source.ip 2024-02-22 14:01:02 -05:00
Josh Brower c886e72793 Imphash mappings 2024-02-22 08:59:33 -05:00
Josh Brower 0a9022ba6a Add hash mappings 2024-02-21 17:07:08 -05:00
Josh Brower 81a3e95914 Fixup sigma pipelines 2024-02-07 16:42:16 -05:00
Josh Brower 7e3187c0b8 Fixup sigma pipelines 2024-02-07 15:35:31 -05:00
Corey Ogburn 858166bcae WIP: Detections Changes 
Removed some strelka/yara rules from salt.

Removed yara scripts for downloading and updating rules. This will be managed by SOC.

Added a new compile_yara.py script.

Added the strelka repos folder.
 2024-01-30 15:43:51 -07:00
Jason Ertel c09e8f0d71 improve timing of responses 2023-11-16 15:58:48 -05:00
Jason Ertel de99cda766 improve timing of responses 2023-11-16 15:51:17 -05:00
m0duspwnens 99662c999f log operation and minion target 2023-10-20 13:41:24 -04:00
Doug Burks da56a421e5 Update motd.md 2023-08-31 09:17:33 -04:00
Doug Burks 4426437ad3 Update motd.md 2023-08-10 15:04:31 -04:00
Jason Ertel 951f04c265 remove use of pipe 2023-06-29 12:10:12 -04:00
Jason Ertel b21b545756 use cluster-unique password for import encryption 2023-06-23 09:37:41 -04:00
Corey Ogburn 2b323ab661 Fix salt cmd.run commands for importing 
Functional and easy to read.
 2023-06-22 17:30:56 -06:00
Jason Ertel 0d92a1594a fix quotations 2023-06-22 14:41:39 -04:00
Corey Ogburn b5e5bd57ad Fix for Upload Import 
Needed to mount /nsm/soc/uploads into soc container.

Made the upload route configurable.

Added gpg logging to salt-relay.
 2023-06-21 15:41:16 -06:00
Corey Ogburn ad28ea275f Better state management 
When salt-cp runs it's course and finds it can't send a file, it outputs a report saying as much but the exit code will be zero. Now we remove the filename and node from the response and look for `True` to know if it succeeded. Also, respect the cleanup flag on success or failure.

Check the status of the decryption process before importing.

No longer decrypt locally, issue salt command for the remote client to do the decrypting.
 2023-06-20 09:41:14 -06:00
Corey Ogburn 41951659ec Use importer's new --json flag. 
Using the new --json flag is not only more reliable than using a regex, the way the import script was written even re-imports will provide a url. This means that in more cases we can provide the results to the users (even if nothing changed).
 2023-06-20 09:41:14 -06:00
Corey Ogburn 451a4784a1 send-file and import-file security 
Encrypt the file with a passphrase before sending and decrypt the file with the same passphrase before importing.
 2023-06-20 09:41:14 -06:00
Corey Ogburn 1b7095fa81 Improved import-file url regex 
sed doesn't remove ALL whitespace, only newlines. It's better to stop at the first whitespace than to stop at a particular, maybe-not-last query string parameter.
 2023-06-20 09:41:14 -06:00
Corey Ogburn 49055e260f salt-relay import-file reporting 
On successful import, return dashboard URL
 2023-06-20 09:41:14 -06:00
Corey Ogburn a465039887 2 new capabilities: send-file and import-file 2023-06-20 09:41:14 -06:00
Jason Ertel ba0ec18a33 Ignore Synchronize button clicks when an active salt job is running and another is already in queue 2023-05-22 14:52:07 -04:00
Jason Ertel 4930ae4ba6 add missing var for local dev 2023-05-17 18:14:21 -04:00
m0duspwnens 8e18986671 enabled/disable soc in ui 2023-05-11 15:33:16 -04:00
Doug Burks 4dcc79d245 FIX: Overview Customization link #10173 2023-04-20 16:26:51 -04:00
Jason Ertel 7f28cdd2a3 provide means for using salt-relay with local development against remove VMs 2023-04-10 14:04:03 -04:00
Jason Ertel 7f7e5474ed Add more logging for filecheck monitoring, and ensure scripts are accessible to salt-relay 2022-11-17 10:43:05 -05:00
Jason Ertel 0ffef75d7b Move background jobs to cron 2022-11-17 09:50:41 -05:00
Jason Ertel 35fab05bdd Retry so-user commands if another process is currently using so-user 2022-10-27 15:25:08 -04:00
Jason Ertel 981371c72f log salt-relay responses for troubleshooting assistance 2022-09-27 16:48:47 -04:00
Jason Ertel 53b4f01921 replace quotes on minion arg 2022-09-27 10:54:08 -04:00
Jason Ertel 7f7f2c15d0 add support for querying active salt jobs (future use) 2022-09-27 10:29:21 -04:00
Jason Ertel 556ddc2ee4 sync in background 2022-09-27 09:24:34 -04:00
Jason Ertel 8e175b2d3f add manual sync 2022-09-27 07:05:04 -04:00
Jason Ertel 0ad1a1a262 so-user and salt-relay updates for user management 2022-09-26 14:57:33 -04:00