CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,720 Commits 24 Branches 119 Tags
0b209d69e56ff7d977d56c756fbadc04b11f4585
Commit Graph

149 Commits

Author SHA1 Message Date
Josh Brower
7d0251952c Filter out uneeded Logstash metadata 2023-05-17 11:06:16 -04:00
Josh Brower
24445cf36a Rename Fleet pipelines 2023-05-16 16:43:21 -04:00
m0duspwnens
082704ce1f logstash jinja for ui 2023-05-04 13:07:07 -04:00
Mike Reeves
3d10a60502 Fix annotations and defaults for logstash 2023-05-03 10:01:44 -04:00
Wes
d823d5dcc9 Rename @metadata to metadata to ensure it's not lost between Logstash pipelines 2023-04-19 20:17:10 +00:00
Josh Brower
1944d09978 Logstash certs fixup 2023-04-17 11:34:57 -04:00
Josh Brower
b8d8a5fd6b Remove default outputs 2023-01-31 17:02:41 -05:00
Josh Brower
18a54b86f4 More fixes 2023-01-31 14:57:39 -05:00
Wes
e4271043c6 Remove unnecessary Logstash pipelines 2023-01-26 18:05:14 +00:00
Wes
44d149b1c3 Allow imported data to use a tag of 'import' 2023-01-24 17:01:52 +00:00
Mike Reeves
66924b63a7 Update 9999_output_redis.conf.jinja 2023-01-11 14:53:16 -05:00
Mike Reeves
bdaed849ea Update 0900_input_redis.conf.jinja 2023-01-11 14:52:32 -05:00
Wes
5d86edeed4 Modify Logstash Elastic Agent output to accomodate for events with and without 'metadata.pipeline' 2023-01-11 13:57:32 +00:00
Mike Reeves
831300b540 Require password auth for redis access 2023-01-04 11:02:40 -05:00
m0duspwnens
b526532ab6 use global vars in states 2022-10-11 11:57:15 -04:00
Wes
1a90eeb1b1 Remove Osquery live query Logstash output configuration 2022-09-15 19:45:28 +00:00
Wes
926a1e0189 Remove Snort output configuration 2022-09-14 14:22:00 +00:00
Wes
ce3ea456b6 Remove flow output configuration 2022-09-14 14:21:21 +00:00
Wes
d1a8b88eb9 Remove postprocess configuration 2022-09-14 14:20:24 +00:00
Wes
e3cd8a9c6a Remove main pipeline configuration 2022-09-14 14:20:08 +00:00
Wes
43f89adbd4 Remove preprocess configuration 2022-09-14 14:19:07 +00:00
Mike Reeves
2bd9dd80e2 Move In Day 2022-09-07 09:06:25 -04:00
Wes Lambert
26698cfd07 Add Logstash output for dedicated Kratos index 2022-07-08 15:55:55 +00:00
Wes Lambert
f613d8ad86 Add RITA Logstash config 2022-03-22 17:36:18 +00:00
Wes Lambert
9db1510b0e Initial composable template configuration and base mappings 2022-02-02 02:08:31 +00:00
m0duspwnens
2e4ed8062e simplify wazuh agent ip logic 2021-12-16 11:11:01 -05:00
m0duspwnens
d0b0970353 Merge remote-tracking branch 'remotes/origin/dev' into issue/6469 2021-12-15 17:08:56 -05:00
m0duspwnens
0c6aba16ec fix redis input 2021-12-14 23:42:37 -05:00
m0duspwnens
15b8d80b71 fix host for input_redis 2021-12-14 18:51:43 -05:00
m0duspwnens
55b74abcc5 extra_hosts and redis_input for logstash 2021-12-14 18:49:30 -05:00
Josh Brower
656ea974dc Use id for doc id if it exists 2021-12-09 09:16:58 -05:00
m0duspwnens
96666ab307 add receiver node 2021-12-07 10:19:32 -05:00
weslambert
3be0d05eea Update field removal based on HTTP input changes 2021-10-25 13:16:30 -04:00
weslambert
7fa43a276a Rename default headers and host for HTTP input 2021-10-25 13:15:20 -04:00
Wes Lambert
e1629d7ec4 Initial EG stuff 2021-10-13 17:13:07 +00:00
William Wernert
33bd6aed20 Fix logscan pipeline on eval 
* Rename logscan pipeline to logscan.alert
* Add module to indices array in filebeat.yml
 2021-07-30 14:41:15 -04:00
William Wernert
b9980c9d30 Fix pipeline name 2021-07-30 13:09:09 -04:00
William Wernert
df6d1d72e2 Merge branch 'dev' into feature/logscan 2021-07-19 15:19:59 -04:00
weslambert
fea4f3f973 Check if Filebeat modules are being used for incoming Beats 2021-07-19 12:57:42 -04:00
William Wernert
9bf1d3e0c6 Misc fixes 2021-07-16 14:59:44 -04:00
William Wernert
3a12d28d20 Merge branch 'dev' into feature/logscan 2021-07-16 14:13:19 -04:00
William Wernert
e8ba4bdc6c Add quotes to string 2021-07-16 14:07:23 -04:00
weslambert
7cdb967810 Only route to FB module pipeline if filebeat in metadata 2021-07-13 11:36:18 -04:00
William Wernert
80525ee736 [wip] Add logscan pipeline 2021-07-08 12:29:50 -04:00
m0duspwnens
0627ca2fc2 use heavynode hostname for certs if heavynode. changes to logstash pipeline for redis if heavynode 2021-07-06 15:32:39 -04:00
weslambert
2e91f27336 Add conditional for heavynode 2021-07-06 14:17:49 -04:00
weslambert
10b1829830 Add conditional for heavynode 2021-07-06 14:16:34 -04:00
Jason Ertel
2d34208269 Elastic auth: Fun with Salt 2021-06-16 17:52:22 -04:00
Jason Ertel
09fbb045a1 If ES auth disabled ensure user/pass are blank 2021-06-16 09:59:57 -04:00
Jason Ertel
dd8eb29a18 Continue merge of ECS into Elastic Auth 2021-06-15 09:11:58 -04:00